format update
Change-Id: I8e15451d7229cad5fb4c6d5cf7464fcde9d6c56c
diff --git a/src/crypto-support/crypto-helper.cpp b/src/crypto-support/crypto-helper.cpp
index 76ae679..6cff255 100644
--- a/src/crypto-support/crypto-helper.cpp
+++ b/src/crypto-support/crypto-helper.cpp
@@ -191,7 +191,7 @@
}
int
-ndn_compute_hmac_sha256(const uint8_t* data, const unsigned data_length,
+hmac_sha256(const uint8_t* data, const unsigned data_length,
const uint8_t* key, const unsigned key_length,
uint8_t* result)
{
@@ -203,28 +203,28 @@
// avoid dependency on OpenSSL >= 1.1
int
-hkdf(const uint8_t* secret, int secretLen, const uint8_t* salt,
- int saltLen, uint8_t* okm, int okm_len,
+hkdf(const uint8_t* secret, int secret_len, const uint8_t* salt,
+ int salt_len, uint8_t* output, int output_len,
const uint8_t* info, int info_len)
{
namespace t = ndn::security::transform;
// hkdf generate prk
uint8_t prk[HASH_SIZE];
- if (saltLen == 0) {
+ if (salt_len == 0) {
uint8_t realSalt[HASH_SIZE] = {0};
- ndn_compute_hmac_sha256(secret, secretLen, realSalt, HASH_SIZE, prk);
+ hmac_sha256(secret, secret_len, realSalt, HASH_SIZE, prk);
}
else {
- ndn_compute_hmac_sha256(secret, secretLen, salt, saltLen, prk);
+ hmac_sha256(secret, secret_len, salt, salt_len, prk);
}
// hkdf expand
uint8_t prev[HASH_SIZE] = {0};
- int done_len = 0, dig_len = HASH_SIZE, n = okm_len / dig_len;
- if (okm_len % dig_len)
+ int done_len = 0, dig_len = HASH_SIZE, n = output_len / dig_len;
+ if (output_len % dig_len)
n++;
- if (n > 255 || okm == nullptr)
+ if (n > 255 || output == nullptr)
return 0;
for (int i = 1; i <= n; i++) {
@@ -246,8 +246,8 @@
auto result = os.buf();
memcpy(prev, result->data(), dig_len);
- copy_len = (done_len + dig_len > okm_len) ? okm_len - done_len : dig_len;
- memcpy(okm + done_len, prev, copy_len);
+ copy_len = (done_len + dig_len > output_len) ? output_len - done_len : dig_len;
+ memcpy(output + done_len, prev, copy_len);
done_len += copy_len;
}
return done_len;
diff --git a/src/crypto-support/crypto-helper.hpp b/src/crypto-support/crypto-helper.hpp
index 6b5f277..9ce7ce7 100644
--- a/src/crypto-support/crypto-helper.hpp
+++ b/src/crypto-support/crypto-helper.hpp
@@ -32,6 +32,11 @@
static const uint8_t INFO[] = {0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9};
static const int AES_128_KEY_LEN = 16;
+class CryptoError : public std::runtime_error {
+public:
+ using std::runtime_error::runtime_error;
+};
+
struct ECDH_CTX {
int EC_NID;
EVP_PKEY_CTX* ctx_params;
@@ -57,42 +62,54 @@
deriveSecret(const std::string& peerKeyStr);
unique_ptr<ECDH_CTX> context;
- PUBLIC_WITH_TESTS_ELSE_PRIVATE :
- uint8_t*
- deriveSecret(const uint8_t* peerkey, int peerKeySize);
+ PUBLIC_WITH_TESTS_ELSE_PRIVATE : uint8_t*
+ deriveSecret(const uint8_t* peerkey, int peerKeySize);
uint8_t*
getRawSelfPubKey();
};
+/**
+ * HMAC based key derivation function (HKDF)
+ * @p secret, intput, the input to the HKDF
+ * @p secretLen, intput, the length of the secret
+ * @p salt, intput, the salt used in HKDF
+ * @p saltLen, intput, the length of the salt
+ * @p output, output, the output of the HKDF
+ * @p output_len, intput, the length of expected output
+ * @p info, intput, the additional information used in HKDF
+ * @p info_len, intput, the additional information used in HKDF
+ * @return the length of the derived key if successful, -1 if failed
+ */
int
-hkdf(const uint8_t* secret, int secretLen, const uint8_t* salt,
- int saltLen, uint8_t* okm, int okm_len,
+hkdf(const uint8_t* secret, int secret_len,
+ const uint8_t* salt, int salt_len,
+ uint8_t* output, int output_len,
const uint8_t* info = INFO, int info_len = INFO_LEN);
/**
- * HMAC SHA 256 keyed hash function
- * @param key the key for the function
- * @param key_len the length of the key
- * @param data the array to hmac
- * @param data_length the length of the array
- * @param result result. Enough memory (32 Bytes) must be allocated beforehand
+ * HMAC based on SHA-256
+ * @p data, intput, the array to hmac
+ * @p data_length, intput, the length of the array
+ * @p key, intput, the key for the function
+ * @p key_len, intput, the length of the key
+ * @p result, output, result of the HMAC. Enough memory (32 Bytes) must be allocated beforehands
* @return 0 if successful, -1 if failed
*/
int
-ndn_compute_hmac_sha256(const uint8_t* data, const unsigned data_length,
- const uint8_t* key, const unsigned key_length,
- uint8_t* result);
+hmac_sha256(const uint8_t* data, const unsigned data_length,
+ const uint8_t* key, const unsigned key_length,
+ uint8_t* result);
/**
- * Authentication GCM 128 Encryption
+ * Authenticated GCM 128 Encryption with associated data
* @p plaintext, input, plaintext
* @p plaintext_len, input, size of plaintext
* @p associated, input, associated authentication data
* @p associated_len, input, size of associated authentication data
* @p key, input, 16 bytes AES key
* @p iv, input, 12 bytes IV
- * @p ciphertext, output
+ * @p ciphertext, output, enough memory must be allocated beforehands
* @p tag, output, 16 bytes tag
* @return the size of ciphertext
* @throw CryptoError when there is an error in the process of encryption
@@ -102,7 +119,7 @@
const uint8_t* key, const uint8_t* iv, uint8_t* ciphertext, uint8_t* tag);
/**
- * Authentication GCM 128 Decryption
+ * Authenticated GCM 128 Decryption with associated data
* @p ciphertext, input, ciphertext
* @p ciphertext_len, input, size of ciphertext
* @p associated, input, associated authentication data
@@ -110,7 +127,7 @@
* @p tag, input, 16 bytes tag
* @p key, input, 16 bytes AES key
* @p iv, input, 12 bytes IV
- * @p plaintext, output
+ * @p plaintext, output, enough memory must be allocated beforehands
* @return the size of plaintext or -1 if the verification fails
* @throw CryptoError when there is an error in the process of encryption
*/
@@ -118,29 +135,9 @@
aes_gcm_128_decrypt(const uint8_t* ciphertext, size_t ciphertext_len, const uint8_t* associated, size_t associated_len,
const uint8_t* tag, const uint8_t* key, const uint8_t* iv, uint8_t* plaintext);
-/**
- * HMAC SHA 256 keyed hash function
- * @param key the key for the function
- * @param key_len the length of the key
- * @param cleartext the cleartext array to be hashed
- * @param cleartext_len the length of the array
- * @param output the output array
- * @param output_len the longest output len possible (changed to actual on return).
- * @return 0 if successful, -1 if failed
- */
-int
-hmac_sha_256(const uint8_t* key, size_t key_len,
- const uint8_t* cleartext, size_t cleartext_len,
- uint8_t* output, size_t* output_len);
-
void
handleErrors(const std::string& errorInfo);
-class CryptoError : public std::runtime_error {
-public:
- using std::runtime_error::runtime_error;
-};
-
} // namespace ndncert
} // namespace ndn
diff --git a/src/crypto-support/enc-tlv.cpp b/src/crypto-support/enc-tlv.cpp
index 4213129..aead782 100644
--- a/src/crypto-support/enc-tlv.cpp
+++ b/src/crypto-support/enc-tlv.cpp
@@ -20,7 +20,6 @@
#include "enc-tlv.hpp"
#include "crypto-helper.hpp"
-#include <ndn-cxx/encoding/block-helpers.hpp>
#include <ndn-cxx/encoding/buffer-stream.hpp>
#include <ndn-cxx/security/transform/block-cipher.hpp>
#include <ndn-cxx/security/transform/buffer-source.hpp>
diff --git a/src/crypto-support/enc-tlv.hpp b/src/crypto-support/enc-tlv.hpp
index 030be07..9e207c0 100644
--- a/src/crypto-support/enc-tlv.hpp
+++ b/src/crypto-support/enc-tlv.hpp
@@ -26,12 +26,31 @@
namespace ndn {
namespace ndncert {
+/**
+ * Encode the payload into TLV block with Authenticated GCM 128 Encryption
+ * @p tlv_type, intput, the TLV TYPE of the encoded block, either ApplicationParameters or Content
+ * @p key, intput, 16 Bytes, the AES key used for encryption
+ * @p payload, input, the plaintext payload
+ * @p payloadSize, input, the size of the plaintext payload
+ * @p associatedData, input, associated data used for authentication
+ * @p associatedDataSize, input, the size of associated data
+ * @return the TLV block with @p tlv_type TLV TYPE
+ */
Block
encodeBlockWithAesGcm128(uint32_t tlv_type, const uint8_t* key, const uint8_t* payload, size_t payloadSize,
const uint8_t* associatedData, size_t associatedDataSize);
+/**
+ * Decode the payload from TLV block with Authenticated GCM 128 Encryption
+ * @p block, intput, the TLV block in the format of NDNCERT protocol
+ * @p key, intput, 16 Bytes, the AES key used for encryption
+ * @p associatedData, input, associated data used for authentication
+ * @p associatedDataSize, input, the size of associated data
+ * @return the plaintext buffer
+ */
Buffer
-decodeBlockWithAesGcm128(const Block& block, const uint8_t* key, const uint8_t* associatedData, size_t associatedDataSize);
+decodeBlockWithAesGcm128(const Block& block, const uint8_t* key,
+ const uint8_t* associatedData, size_t associatedDataSize);
} // namespace ndncert
} // namespace ndn