finished ClientCredential_create
This commit is contained in:
@@ -3,11 +3,12 @@
|
||||
|
||||
//TODO: use AES CTR encryption instead of my own padding algorithm
|
||||
|
||||
void EncryptorAES_init(EncryptorAES* ptr, Array(u8) key){
|
||||
void EncryptorAES_construct(EncryptorAES* ptr, Array(u8) key){
|
||||
assert(key.size == 16 || key.size == 24 || key.size == 32);
|
||||
|
||||
br_aes_ct64_cbcenc_init(&ptr->enc_ctx, key.data, key.size);
|
||||
rng_init_sha256_seedFromTime(&br_hmac_drbg_vtable, &ptr->rng_ctx.vtable);
|
||||
ptr->rng_ctx.vtable = &br_hmac_drbg_vtable;
|
||||
rng_init_sha256_seedFromTime(&ptr->rng_ctx.vtable);
|
||||
|
||||
memset(ptr->buf, 0, __AES_BUFFER_SIZE);
|
||||
memset(ptr->iv, 0, sizeof(ptr->iv));
|
||||
@@ -49,7 +50,7 @@ void EncryptorAES_encrypt(EncryptorAES* ptr, Array(u8) src, Array(u8) dst){
|
||||
}
|
||||
|
||||
|
||||
void DecryptorAES_init(DecryptorAES* ptr, Array(u8) key){
|
||||
void DecryptorAES_construct(DecryptorAES* ptr, Array(u8) key){
|
||||
assert(key.size == 16 || key.size == 24 || key.size == 32);
|
||||
|
||||
br_aes_ct64_cbcdec_init(&ptr->dec_ctx, key.data, key.size);
|
||||
|
||||
@@ -6,14 +6,32 @@
|
||||
// https://crypto.stackexchange.com/questions/3110/impacts-of-not-using-rsa-exponent-of-65537
|
||||
#define DEFAULT_PUBLIC_EXPONENT 65537
|
||||
|
||||
bool RSA_generateKeyPair(u32 key_size, br_rsa_private_key* sk, br_rsa_public_key* pk){
|
||||
br_hmac_drbg_context rng_ctx;
|
||||
const br_prng_class** rng_class_ptr = &rng_ctx.vtable;
|
||||
rng_init_sha256_seedFromTime(&br_hmac_drbg_vtable, rng_class_ptr);
|
||||
Result(void) RSA_generateKeyPair(u32 key_size,
|
||||
br_rsa_private_key* sk, br_rsa_public_key* pk,
|
||||
const br_prng_class** rng_vtable_ptr)
|
||||
{
|
||||
Deferral(16);
|
||||
bool success = false;
|
||||
rng_init_sha256_seedFromTime(rng_vtable_ptr);
|
||||
|
||||
void* sk_buf = malloc(BR_RSA_KBUF_PRIV_SIZE(key_size));
|
||||
Defer(
|
||||
if(!success)
|
||||
free(sk_buf)
|
||||
);
|
||||
|
||||
void* pk_buf = malloc(BR_RSA_KBUF_PUB_SIZE(key_size));
|
||||
u32 r = br_rsa_i31_keygen(rng_class_ptr, sk, sk_buf, pk, pk_buf, key_size, DEFAULT_PUBLIC_EXPONENT);
|
||||
return r;
|
||||
Defer(
|
||||
if(!success)
|
||||
free(pk_buf)
|
||||
);
|
||||
|
||||
success = br_rsa_i31_keygen(rng_vtable_ptr, sk, sk_buf, pk, pk_buf, key_size, DEFAULT_PUBLIC_EXPONENT);
|
||||
if(!success){
|
||||
Return RESULT_ERROR("br_rsa_i31_keygen() failed", false);
|
||||
}
|
||||
|
||||
Return RESULT_VOID;
|
||||
}
|
||||
|
||||
Result(void) RSA_computePublicKey(const br_rsa_private_key* sk, br_rsa_public_key* pk){
|
||||
@@ -162,7 +180,8 @@ Result(void) RSA_parsePrivateKey_DER(Array(u8) _src, br_rsa_private_key* sk){
|
||||
|
||||
void EncryptorRSA_construct(EncryptorRSA* ptr, const br_rsa_public_key* pk){
|
||||
ptr->pk = pk;
|
||||
rng_init_sha256_seedFromTime(&br_hmac_drbg_vtable, &ptr->rng.vtable);
|
||||
ptr->rng.vtable = &br_hmac_drbg_vtable;
|
||||
rng_init_sha256_seedFromTime(&ptr->rng.vtable);
|
||||
}
|
||||
|
||||
void EncryptorRSA_encrypt(EncryptorRSA* ptr, Array(u8) src, Array(u8) dst, u32* encrypted_size){
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
/// @param password some byte array
|
||||
/// @param out_buffer u8[password_hash_size]
|
||||
/// @param iterations number of iterations
|
||||
void hash_password(str password, u8* out_buffer, i32 iterations);
|
||||
void hash_password(Array(u8) password, u8* out_buffer, i32 iterations);
|
||||
#define password_hash_size 32
|
||||
|
||||
|
||||
@@ -24,14 +24,13 @@ void hash_password(str password, u8* out_buffer, i32 iterations);
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
/// @brief Initialize prng context with sha256 hashing algorithm and seed from CLOCK_REALTIME.
|
||||
/// @param rng_class pointer to static vtable variable
|
||||
/// @param rng_ctx pointer to vtable field in prng context
|
||||
/// @param rng_vtable_ptr pointer to vtable field in prng context. The field must be initialized.
|
||||
/// EXAMPLE:
|
||||
/// ```
|
||||
/// br_hmac_drbg_context rng_ctx;
|
||||
/// rng_init_sha256_seedFromTime(&br_hmac_drbg_vtable, &rng_ctx.vtable);
|
||||
/// br_hmac_drbg_context rng_ctx = { .vtable = &br_hmac_drbg_vtable };
|
||||
/// rng_init_sha256_seedFromTime(&rng_ctx.vtable);
|
||||
/// ```
|
||||
void rng_init_sha256_seedFromTime(const br_prng_class* rng_class, const br_prng_class** rng_ctx);
|
||||
void rng_init_sha256_seedFromTime(const br_prng_class** rng_vtable_ptr);
|
||||
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
@@ -57,7 +56,7 @@ typedef struct EncryptorAES {
|
||||
} EncryptorAES;
|
||||
|
||||
/// @param key Array<u8, 16 | 24 | 32>
|
||||
void EncryptorAES_init(EncryptorAES* ptr, Array(u8) key);
|
||||
void EncryptorAES_construct(EncryptorAES* ptr, Array(u8) key);
|
||||
|
||||
/// @brief Encrypts `src` and writes output to `dst`.
|
||||
/// @param src array of any size
|
||||
@@ -74,7 +73,7 @@ typedef struct DecryptorAES {
|
||||
} DecryptorAES;
|
||||
|
||||
/// @param key Array<u8, 16 | 24 | 32>
|
||||
void DecryptorAES_init(DecryptorAES* ptr, Array(u8) key);
|
||||
void DecryptorAES_construct(DecryptorAES* ptr, Array(u8) key);
|
||||
|
||||
/// @brief Decrypts `src` and writes output to `dst`.
|
||||
/// @param src array of any size
|
||||
@@ -91,8 +90,10 @@ void DecryptorAES_decrypt(DecryptorAES* ptr, Array(u8) src, Array(u8) dst, u32*
|
||||
/// @param key_size size of public key in bits (2048/3072/4096)
|
||||
/// @param sk key for decryption
|
||||
/// @param pk key for encryption
|
||||
/// @return true on success
|
||||
bool RSA_generateKeyPair(u32 key_size, br_rsa_private_key* sk, br_rsa_public_key* pk);
|
||||
/// @param rng_vtable_ptr pointer to vtable field in prng context. The context must be initialized
|
||||
Result(void) RSA_generateKeyPair(u32 key_size,
|
||||
br_rsa_private_key* sk, br_rsa_public_key* pk,
|
||||
const br_prng_class** rng_vtable_ptr);
|
||||
|
||||
static inline void RSA_destroyPrivateKey(br_rsa_private_key* sk){
|
||||
free(sk->p);
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
#include "bearssl_hash.h"
|
||||
#include "assert.h"
|
||||
|
||||
void hash_password(str password, u8* out_buffer, i32 iterations){
|
||||
void hash_password(Array(u8) password, u8* out_buffer, i32 iterations){
|
||||
assert(password_hash_size == br_sha256_SIZE);;
|
||||
memset(out_buffer, 0, br_sha256_SIZE);
|
||||
br_sha256_context sha256_ctx;
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
#include "cryptography.h"
|
||||
#include "tlibc/time.h"
|
||||
|
||||
void rng_init_sha256_seedFromTime(const br_prng_class* rng_class, const br_prng_class** rng_ctx){
|
||||
void rng_init_sha256_seedFromTime(const br_prng_class** rng_vtable_ptr){
|
||||
nsec_t time_now = getTimeNsec();
|
||||
rng_class->init(rng_ctx, &br_sha256_vtable, &time_now, sizeof(time_now));
|
||||
const br_prng_class* rng_vtable = *rng_vtable_ptr;
|
||||
rng_vtable->init(rng_vtable_ptr, &br_sha256_vtable, &time_now, sizeof(time_now));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user