From 529b4f193f8b6717960636b6869911b4d216f1d4 Mon Sep 17 00:00:00 2001 From: owent Date: Thu, 23 Apr 2026 22:05:32 +0800 Subject: [PATCH 1/2] Fixes enum class --- atframework/cmake-toolset | 2 +- include/algorithm/crypto_cipher.h | 73 ++- include/algorithm/crypto_dh.h | 234 +++----- include/algorithm/crypto_hmac.h | 133 ++--- src/algorithm/crypto_cipher.cpp | 312 +++++----- src/algorithm/crypto_dh.cpp | 958 ++++++++++++++++-------------- src/algorithm/crypto_hmac.cpp | 92 +-- test/case/crypto_cipher_test.cpp | 22 +- test/case/crypto_dh_test.cpp | 75 +-- test/case/crypto_hmac_test.cpp | 39 +- 10 files changed, 993 insertions(+), 947 deletions(-) diff --git a/atframework/cmake-toolset b/atframework/cmake-toolset index 2f05a008..75943f95 160000 --- a/atframework/cmake-toolset +++ b/atframework/cmake-toolset @@ -1 +1 @@ -Subproject commit 2f05a0084f6983424f9bd95e2f80efebd74576c4 +Subproject commit 75943f95f1b6a7ed5b4c53f5b832c996a2b66ae6 diff --git a/include/algorithm/crypto_cipher.h b/include/algorithm/crypto_cipher.h index ffc92697..83c202bb 100644 --- a/include/algorithm/crypto_cipher.h +++ b/include/algorithm/crypto_cipher.h @@ -51,10 +51,30 @@ struct cipher_interface_info_t; class cipher { public: - struct ATFRAMEWORK_UTILS_API mode_t { - enum type { EN_CMODE_ENCRYPT = 0x01, EN_CMODE_DECRYPT = 0x02 }; + enum class mode_t : int32_t { + kEncrypt = 0x01, + kDecrypt = 0x02, }; + // Allow `mode_t::kEncrypt | mode_t::kDecrypt` and similar bitmask usage; result is `int32_t` + // because callers (e.g., `init(int32_t mode)`) take a plain int32_t mask. + friend constexpr int32_t operator|(mode_t lhs, mode_t rhs) noexcept { + return static_cast(lhs) | static_cast(rhs); + } + friend constexpr int32_t operator|(int32_t lhs, mode_t rhs) noexcept { return lhs | static_cast(rhs); } + friend constexpr int32_t operator|(mode_t lhs, int32_t rhs) noexcept { return static_cast(lhs) | rhs; } + + friend constexpr int32_t operator&(mode_t lhs, mode_t rhs) noexcept { + return static_cast(lhs) & static_cast(rhs); + } + friend constexpr int32_t operator&(int32_t lhs, mode_t rhs) noexcept { return lhs & static_cast(rhs); } + friend constexpr int32_t operator&(mode_t lhs, int32_t rhs) noexcept { return static_cast(lhs) & rhs; } + + friend constexpr bool operator==(int32_t lhs, mode_t rhs) noexcept { return lhs == static_cast(rhs); } + friend constexpr bool operator==(mode_t lhs, int32_t rhs) noexcept { return static_cast(lhs) == rhs; } + friend constexpr bool operator!=(int32_t lhs, mode_t rhs) noexcept { return lhs != static_cast(rhs); } + friend constexpr bool operator!=(mode_t lhs, int32_t rhs) noexcept { return static_cast(lhs) != rhs; } + enum iv_roll_policy_t : uint8_t { IV_ROLL_NONE = 0, IV_ROLL_AEAD_INC1_BE, @@ -85,30 +105,41 @@ class cipher { }; # endif - struct ATFRAMEWORK_UTILS_API error_code_t { - enum type { - OK = 0, - INVALID_PARAM = -1, - NOT_INITED = -2, - ALREADY_INITED = -3, - MALLOC = -4, - CIPHER_DISABLED = -11, - CIPHER_NOT_SUPPORT = -12, - CIPHER_OPERATION = -13, - CIPHER_OPERATION_SET_IV = -14, - LIBSODIUM_OPERATION = -15, - LIBSODIUM_OPERATION_TAG_LEN = -16, - MUST_CALL_AEAD_API = -21, - MUST_NOT_CALL_AEAD_API = -22, - }; + enum class error_code_t : int32_t { + kOk = 0, + kInvalidParam = -1, + kNotInited = -2, + kAlreadyInited = -3, + kMalloc = -4, + kCipherDisabled = -11, + kCipherNotSupport = -12, + kCipherOperation = -13, + kCipherOperationSetIv = -14, + kLibsodiumOperation = -15, + kLibsodiumOperationTagLen = -16, + kMustCallAeadApi = -21, + kMustNotCallAeadApi = -22, }; + // Comparison operators with int32_t (legacy callers compare against 0). + friend constexpr bool operator==(error_code_t lhs, int32_t rhs) noexcept { return static_cast(lhs) == rhs; } + friend constexpr bool operator==(int32_t lhs, error_code_t rhs) noexcept { return lhs == static_cast(rhs); } + friend constexpr bool operator!=(error_code_t lhs, int32_t rhs) noexcept { return static_cast(lhs) != rhs; } + friend constexpr bool operator!=(int32_t lhs, error_code_t rhs) noexcept { return lhs != static_cast(rhs); } + friend constexpr bool operator<(error_code_t lhs, int32_t rhs) noexcept { return static_cast(lhs) < rhs; } + friend constexpr bool operator<(int32_t lhs, error_code_t rhs) noexcept { return lhs < static_cast(rhs); } + friend constexpr bool operator<=(error_code_t lhs, int32_t rhs) noexcept { return static_cast(lhs) <= rhs; } + friend constexpr bool operator<=(int32_t lhs, error_code_t rhs) noexcept { return lhs <= static_cast(rhs); } + friend constexpr bool operator>(error_code_t lhs, int32_t rhs) noexcept { return static_cast(lhs) > rhs; } + friend constexpr bool operator>(int32_t lhs, error_code_t rhs) noexcept { return lhs > static_cast(rhs); } + friend constexpr bool operator>=(error_code_t lhs, int32_t rhs) noexcept { return static_cast(lhs) >= rhs; } + friend constexpr bool operator>=(int32_t lhs, error_code_t rhs) noexcept { return lhs >= static_cast(rhs); } + public: ATFRAMEWORK_UTILS_API cipher(); ATFRAMEWORK_UTILS_API ~cipher(); - ATFRAMEWORK_UTILS_API int init(nostd::string_view name, - int mode = mode_t::EN_CMODE_ENCRYPT | mode_t::EN_CMODE_DECRYPT); + ATFRAMEWORK_UTILS_API int init(nostd::string_view name, int32_t mode = mode_t::kEncrypt | mode_t::kDecrypt); ATFRAMEWORK_UTILS_API int close(); /** @@ -263,7 +294,7 @@ class cipher { static ATFRAMEWORK_UTILS_API int cleanup_global_algorithm(); private: - int init_with_cipher(const cipher_interface_info_t *, int mode); + int init_with_cipher(const cipher_interface_info_t *, int32_t mode); int close_with_cipher(); private: diff --git a/include/algorithm/crypto_dh.h b/include/algorithm/crypto_dh.h index be5fe3d4..22348d49 100644 --- a/include/algorithm/crypto_dh.h +++ b/include/algorithm/crypto_dh.h @@ -15,42 +15,26 @@ #include #if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ - defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - -# include -# include -# include -# include -# include -# include - -# if (defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 30000) || \ - (!defined(LIBRESSL_VERSION_NUMBER) && defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L) -# define CRYPTO_USE_OPENSSL_WITH_OSSL_APIS 1 -# endif - + defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) # define CRYPTO_DH_ENABLED 1 - -#elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - -# include "mbedtls/platform.h" -// "mbedtls/platform.h" must be the first -# include "mbedtls/ctr_drbg.h" -# include "mbedtls/dhm.h" -# include "mbedtls/ecdh.h" -# include "mbedtls/ecp.h" -# include "mbedtls/entropy.h" - -# define CRYPTO_DH_ENABLED 1 - #endif #ifdef CRYPTO_DH_ENABLED +# include # include # include # include +# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ + defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) +// Forward declarations for OpenSSL/LibreSSL/BoringSSL types used in private helpers. +// Declaring these here lets us avoid pulling into the public header. +extern "C" { +struct bignum_st; +} +# endif + ATFRAMEWORK_UTILS_NAMESPACE_BEGIN namespace crypto { @@ -58,99 +42,70 @@ namespace crypto { * @brief DH and ECDH progress * @note TLS handshake: * server process: shared_context::init(curve name)->make_params->read_public->calc_secret - * client process: shared_context::init(EN_CDT_DH/EN_CDT_ECDH)->read_params->make_public->calc_secret + * client process: shared_context::init(method_t::kDh/method_t::kEcdh)->read_params->make_public->calc_secret * @note Static configure: * server1 process: shared_context::init(curve name)->make_params->make_public->read_public->calc_secret * server2 process: shared_context::init(curve name)->make_params->make_public->read_public->calc_secret */ class dh { public: - struct ATFRAMEWORK_UTILS_API method_t { - enum type { - EN_CDT_INVALID = 0, // inner - EN_CDT_DH = 1, // dh algorithm - EN_CDT_ECDH // ecdh algorithm - }; + enum class method_t : int32_t { + kInvalid = 0, // inner + kDh = 1, // dh algorithm + kEcdh = 2, // ecdh algorithm }; -# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ - defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - struct ATFRAMEWORK_UTILS_API dh_context_t { - EVP_PKEY_CTX *openssl_pkey_ctx_; - union { - EVP_PKEY *openssl_dh_pkey_; - EVP_PKEY *openssl_ecdh_pkey_; - }; - union { - // BIGNUM * peer_pubkey_; - EVP_PKEY *openssl_dh_peer_key_; - EVP_PKEY *openssl_ecdh_peer_key_; - }; + enum class error_code_t : int32_t { + kOk = 0, + kInvalidParam = -1, + kNotInited = -2, + kAlreadyInited = -3, + kMalloc = -4, + kDisabled = -11, + kNotSupport = -12, + kOperation = -13, + kInitRandomEngine = -14, + kNotClientMode = -15, + kNotServerMode = -16, + kAlgorithmMismatch = -17, + kReadDhparamFile = -21, + kInitDhparam = -22, + kInitDhReadParam = -23, + kInitDhGenerateKey = -24, + kInitDhReadKey = -25, + kInitDhGenerateSecret = -26, }; -# elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - struct ATFRAMEWORK_UTILS_API dh_context_t { - union { - mbedtls_dhm_context mbedtls_dh_ctx_; - mbedtls_ecdh_context mbedtls_ecdh_ctx_; - }; - }; -# endif - struct ATFRAMEWORK_UTILS_API error_code_t { - enum type { - OK = 0, - INVALID_PARAM = -1, - NOT_INITED = -2, - ALREADY_INITED = -3, - MALLOC = -4, - DISABLED = -11, - NOT_SUPPORT = -12, - OPERATION = -13, - INIT_RANDOM_ENGINE = -14, - NOT_CLIENT_MODE = -15, - NOT_SERVER_MODE = -16, - ALGORITHM_MISMATCH = -17, - READ_DHPARAM_FILE = -21, - INIT_DHPARAM = -22, - INIT_DH_READ_PARAM = -23, - INIT_DH_GENERATE_KEY = -24, - INIT_DH_READ_KEY = -25, - INIT_DH_GENERATE_SECRET = -26, - }; + // Comparison operators with int (legacy callers compare against 0). Allows + // `dh.init(...) != 0`, `dh.init(...) < 0`, etc. without sprinkling + // static_cast at every call site. + friend constexpr bool operator==(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) == rhs; } + friend constexpr bool operator==(int lhs, error_code_t rhs) noexcept { return lhs == static_cast(rhs); } + friend constexpr bool operator!=(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) != rhs; } + friend constexpr bool operator!=(int lhs, error_code_t rhs) noexcept { return lhs != static_cast(rhs); } + friend constexpr bool operator<(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) < rhs; } + friend constexpr bool operator<(int lhs, error_code_t rhs) noexcept { return lhs < static_cast(rhs); } + friend constexpr bool operator<=(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) <= rhs; } + friend constexpr bool operator<=(int lhs, error_code_t rhs) noexcept { return lhs <= static_cast(rhs); } + friend constexpr bool operator>(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) > rhs; } + friend constexpr bool operator>(int lhs, error_code_t rhs) noexcept { return lhs > static_cast(rhs); } + friend constexpr bool operator>=(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) >= rhs; } + friend constexpr bool operator>=(int lhs, error_code_t rhs) noexcept { return lhs >= static_cast(rhs); } + + enum class flags_t : uint32_t { + kNone = 0, + kServerMode = 0x01, + kClientMode = 0x02, }; + // Forward declarations: definitions live in crypto_dh.cpp so that this + // public header does not depend on OpenSSL/mbedtls headers. + struct dh_context_t; + class shared_context { public: - struct flags_t { - enum { - NONE = 0, - SERVER_MODE = 0x01, - CLIENT_MODE = 0x02, - }; - }; -# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ - defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - struct dh_param_t { - BIO *param; - std::vector param_buffer; - int group_id; - EVP_PKEY_CTX *keygen_ctx; - }; - - struct random_engine_t {}; - -# elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - struct dh_param_t { - std::string param; - mbedtls_ecp_group_id group_id; - }; - - // move mbedtls_ctr_drbg_context and mbedtls_entropy_context here - struct random_engine_t { - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - }; -# endif + struct dh_param_t; + struct random_engine_t; using ptr_t = std::shared_ptr; @@ -168,16 +123,16 @@ class dh { * @brief initialize a shared context for server mode * @param name algorithm name, ecdh:[ECDH algorithm name] or the path of dh parameter PEM file * @note using RFC 4492 for ECDH algorithm - * @return 0 or error code + * @return error_code_t::kOk or error code */ - ATFRAMEWORK_UTILS_API int init(nostd::string_view name); + ATFRAMEWORK_UTILS_API error_code_t init(nostd::string_view name); /** * @brief initialize a shared context for client mode * @param method algorithm method - * @return 0 or error code + * @return error_code_t::kOk or error code */ - ATFRAMEWORK_UTILS_API int init(method_t::type method); + ATFRAMEWORK_UTILS_API error_code_t init(method_t method); /** * @brief reset shared resource @@ -186,13 +141,16 @@ class dh { /** * @brief random buffer - * @return 0 or error code + * @return error_code_t::kOk or error code */ - ATFRAMEWORK_UTILS_API int random(void *output, size_t output_sz); + ATFRAMEWORK_UTILS_API error_code_t random(void *output, size_t output_sz); ATFRAMEWORK_UTILS_API bool is_client_mode() const; - ATFRAMEWORK_UTILS_API method_t::type get_method() const; + ATFRAMEWORK_UTILS_API method_t get_method() const; + + private: + friend class dh; ATFRAMEWORK_UTILS_API const dh_param_t &get_dh_parameter() const; ATFRAMEWORK_UTILS_API const random_engine_t &get_random_engine() const; @@ -200,22 +158,22 @@ class dh { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - ATFRAMEWORK_UTILS_API int try_reset_ecp_id(int group_id); + ATFRAMEWORK_UTILS_API error_code_t try_reset_ecp_id(int group_id); /** * @brief Try to reset DH Params of P,G * * @param DH_p INOUT new P * @param DH_g INOUT new G - * @return 0 or error code + * @return error_code_t::kOk or error code * @note DH_p and DH_g will be set to nullptr when moved in, user must free them if they are still not nullptr */ - ATFRAMEWORK_UTILS_API int try_reset_dh_params(BIGNUM *&DH_p, BIGNUM *&DH_g); + ATFRAMEWORK_UTILS_API error_code_t try_reset_dh_params(struct bignum_st *&DH_p, struct bignum_st *&DH_g); # endif - private: + uint32_t flags_; - method_t::type method_; - dh_param_t dh_param_; - random_engine_t random_engine_; + method_t method_; + std::unique_ptr dh_param_; + std::unique_ptr random_engine_; }; public: @@ -225,15 +183,15 @@ class dh { /** * @brief initialize * @param shared_context shared context - * @return 0 or error code + * @return error_code_t::kOk or error code */ - ATFRAMEWORK_UTILS_API int init(shared_context::ptr_t shared_context); + ATFRAMEWORK_UTILS_API error_code_t init(shared_context::ptr_t shared_context); /** * @brief release all resources - * @return 0 or error code + * @return error_code_t::kOk or error code */ - ATFRAMEWORK_UTILS_API int close(); + ATFRAMEWORK_UTILS_API error_code_t close(); /** * @brief set last error returned by crypto library @@ -256,9 +214,9 @@ class dh { * have already been properly set * * @note server process: make_params->read_public->calc_secret - * @return 0 if successful, or error code + * @return error_code_t::kOk if successful, or error code */ - ATFRAMEWORK_UTILS_API int make_params(std::vector ¶m); + ATFRAMEWORK_UTILS_API error_code_t make_params(std::vector ¶m); /** * @brief Parse the ServerKeyExchange parameters @@ -267,9 +225,9 @@ class dh { * @param ilen size of buffer * * @note client process: read_params->make_public->calc_secret - * @return 0 if successful, or error code + * @return error_code_t::kOk if successful, or error code */ - ATFRAMEWORK_UTILS_API int read_params(const unsigned char *input, size_t ilen); + ATFRAMEWORK_UTILS_API error_code_t read_params(const unsigned char *input, size_t ilen); /** * @brief Create own private value X and export G^X @@ -277,9 +235,9 @@ class dh { * @param param destination buffer * * @note client process: read_params->make_public->calc_secret - * @return 0 if successful, or error code + * @return error_code_t::kOk if successful, or error code */ - ATFRAMEWORK_UTILS_API int make_public(std::vector ¶m); + ATFRAMEWORK_UTILS_API error_code_t make_public(std::vector ¶m); /** * @brief Import the peer's public value G^Y @@ -288,33 +246,33 @@ class dh { * @param ilen size of buffer * * @note server process: make_params->read_public->calc_secret - * @return 0 if successful, or error code + * @return error_code_t::kOk if successful, or error code */ - ATFRAMEWORK_UTILS_API int read_public(const unsigned char *input, size_t ilen); + ATFRAMEWORK_UTILS_API error_code_t read_public(const unsigned char *input, size_t ilen); /** * @brief Derive and export the shared secret (G^Y)^X mod P * * @param output destination buffer * - * @return 0 if successful, or error code + * @return error_code_t::kOk if successful, or error code * */ - ATFRAMEWORK_UTILS_API int calc_secret(std::vector &output); + ATFRAMEWORK_UTILS_API error_code_t calc_secret(std::vector &output); public: static ATFRAMEWORK_UTILS_API const std::vector &get_all_curve_names(); + private: # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - int check_or_setup_ecp_id(int group_id); - int check_or_setup_dh_pg_gy(BIGNUM *&DH_p, BIGNUM *&DH_g, BIGNUM *&DH_gy); + error_code_t check_or_setup_ecp_id(int group_id); + error_code_t check_or_setup_dh_pg_gy(struct bignum_st *&DH_p, struct bignum_st *&DH_g, struct bignum_st *&DH_gy); # endif - private: int last_errorno_; shared_context::ptr_t shared_context_; - dh_context_t dh_context_; + std::unique_ptr dh_context_; }; } // namespace crypto ATFRAMEWORK_UTILS_NAMESPACE_END diff --git a/include/algorithm/crypto_hmac.h b/include/algorithm/crypto_hmac.h index c7140ac9..e5556749 100644 --- a/include/algorithm/crypto_hmac.h +++ b/include/algorithm/crypto_hmac.h @@ -15,20 +15,7 @@ #include #if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ - defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - -# include -# include -# include -# include -# include - -# define ATFW_UTIL_MACRO_CRYPTO_HMAC_ENABLED 1 - -#elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - -# include -# include + defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) # define ATFW_UTIL_MACRO_CRYPTO_HMAC_ENABLED 1 @@ -60,18 +47,16 @@ enum class digest_type_t : uint8_t { /** * @brief HMAC error codes */ -struct ATFRAMEWORK_UTILS_API hmac_error_code_t { - enum type { - kOk = 0, - kInvalidParam = -1, - kNotInitialized = -2, - kAlreadyInitialized = -3, - kDigestNotSupport = -4, - kMalloc = -5, - kOperation = -6, - kOutputBufferTooSmall = -7, - kDisabled = -8, - }; +enum class hmac_error_code_t : int32_t { + kOk = 0, + kInvalidParam = -1, + kNotInitialized = -2, + kAlreadyInitialized = -3, + kDigestNotSupport = -4, + kMalloc = -5, + kOperation = -6, + kOutputBufferTooSmall = -7, + kDisabled = -8, }; /** @@ -117,31 +102,31 @@ class hmac { * @param key_len Key length in bytes * @return 0 on success, or error code */ - ATFRAMEWORK_UTILS_API int init(digest_type_t type, const unsigned char* key, size_t key_len); - ATFRAMEWORK_UTILS_API int init(digest_type_t type, gsl::span key); + ATFRAMEWORK_UTILS_API hmac_error_code_t init(digest_type_t type, const unsigned char* key, size_t key_len); + ATFRAMEWORK_UTILS_API hmac_error_code_t init(digest_type_t type, gsl::span key); /** * @brief Close/reset the HMAC context - * @return 0 on success, or error code + * @return kOk on success, or error code */ - ATFRAMEWORK_UTILS_API int close(); + ATFRAMEWORK_UTILS_API hmac_error_code_t close(); /** * @brief Update HMAC with additional data * @param input Input data * @param input_len Input data length in bytes - * @return 0 on success, or error code + * @return kOk on success, or error code */ - ATFRAMEWORK_UTILS_API int update(const unsigned char* input, size_t input_len); - ATFRAMEWORK_UTILS_API int update(gsl::span input); + ATFRAMEWORK_UTILS_API hmac_error_code_t update(const unsigned char* input, size_t input_len); + ATFRAMEWORK_UTILS_API hmac_error_code_t update(gsl::span input); /** * @brief Finalize HMAC computation and get the result * @param output Output buffer for HMAC result * @param output_len On input: size of output buffer. On output: actual HMAC length - * @return 0 on success, or error code + * @return kOk on success, or error code */ - ATFRAMEWORK_UTILS_API int final(unsigned char* output, size_t* output_len); + ATFRAMEWORK_UTILS_API hmac_error_code_t final(unsigned char* output, size_t* output_len); /** * @brief Get the output length of the HMAC @@ -178,13 +163,13 @@ class hmac { * @param output_len On input: buffer size. On output: actual HMAC length * @return 0 on success, or error code */ - static ATFRAMEWORK_UTILS_API int compute(digest_type_t type, const unsigned char* key, size_t key_len, - const unsigned char* input, size_t input_len, unsigned char* output, - size_t* output_len); + static ATFRAMEWORK_UTILS_API hmac_error_code_t compute(digest_type_t type, const unsigned char* key, size_t key_len, + const unsigned char* input, size_t input_len, + unsigned char* output, size_t* output_len); - static ATFRAMEWORK_UTILS_API int compute(digest_type_t type, gsl::span key, - gsl::span input, unsigned char* output, - size_t* output_len); + static ATFRAMEWORK_UTILS_API hmac_error_code_t compute(digest_type_t type, gsl::span key, + gsl::span input, unsigned char* output, + size_t* output_len); /** * @brief One-shot HMAC computation returning result as vector @@ -241,17 +226,29 @@ class hkdf { /** * @brief HKDF error codes */ - struct ATFRAMEWORK_UTILS_API error_code_t { - enum type { - kOk = 0, - kInvalidParam = -1, - kDigestNotSupport = -2, - kOperation = -3, - kOutputLengthTooLarge = -4, - kDisabled = -5, - }; + enum class error_code_t : int32_t { + kOk = 0, + kInvalidParam = -1, + kDigestNotSupport = -2, + kOperation = -3, + kOutputLengthTooLarge = -4, + kDisabled = -5, }; + // Comparison operators with int (legacy callers compare against 0). + friend constexpr bool operator==(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) == rhs; } + friend constexpr bool operator==(int lhs, error_code_t rhs) noexcept { return lhs == static_cast(rhs); } + friend constexpr bool operator!=(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) != rhs; } + friend constexpr bool operator!=(int lhs, error_code_t rhs) noexcept { return lhs != static_cast(rhs); } + friend constexpr bool operator<(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) < rhs; } + friend constexpr bool operator<(int lhs, error_code_t rhs) noexcept { return lhs < static_cast(rhs); } + friend constexpr bool operator<=(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) <= rhs; } + friend constexpr bool operator<=(int lhs, error_code_t rhs) noexcept { return lhs <= static_cast(rhs); } + friend constexpr bool operator>(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) > rhs; } + friend constexpr bool operator>(int lhs, error_code_t rhs) noexcept { return lhs > static_cast(rhs); } + friend constexpr bool operator>=(error_code_t lhs, int rhs) noexcept { return static_cast(lhs) >= rhs; } + friend constexpr bool operator>=(int lhs, error_code_t rhs) noexcept { return lhs >= static_cast(rhs); } + /** * @brief Perform HKDF-Extract step * @@ -266,12 +263,13 @@ class hkdf { * @param prk_len On input: buffer size. On output: actual PRK length * @return 0 on success, or error code */ - static ATFRAMEWORK_UTILS_API int extract(digest_type_t type, const unsigned char* salt, size_t salt_len, - const unsigned char* ikm, size_t ikm_len, unsigned char* prk, - size_t* prk_len); + static ATFRAMEWORK_UTILS_API error_code_t extract(digest_type_t type, const unsigned char* salt, size_t salt_len, + const unsigned char* ikm, size_t ikm_len, unsigned char* prk, + size_t* prk_len); - static ATFRAMEWORK_UTILS_API int extract(digest_type_t type, gsl::span salt, - gsl::span ikm, unsigned char* prk, size_t* prk_len); + static ATFRAMEWORK_UTILS_API error_code_t extract(digest_type_t type, gsl::span salt, + gsl::span ikm, unsigned char* prk, + size_t* prk_len); /** * @brief Perform HKDF-Expand step @@ -287,12 +285,13 @@ class hkdf { * @param okm_len Desired output length in bytes * @return 0 on success, or error code */ - static ATFRAMEWORK_UTILS_API int expand(digest_type_t type, const unsigned char* prk, size_t prk_len, - const unsigned char* info, size_t info_len, unsigned char* okm, - size_t okm_len); + static ATFRAMEWORK_UTILS_API error_code_t expand(digest_type_t type, const unsigned char* prk, size_t prk_len, + const unsigned char* info, size_t info_len, unsigned char* okm, + size_t okm_len); - static ATFRAMEWORK_UTILS_API int expand(digest_type_t type, gsl::span prk, - gsl::span info, unsigned char* okm, size_t okm_len); + static ATFRAMEWORK_UTILS_API error_code_t expand(digest_type_t type, gsl::span prk, + gsl::span info, unsigned char* okm, + size_t okm_len); /** * @brief Perform full HKDF (Extract + Expand) @@ -308,13 +307,14 @@ class hkdf { * @param okm_len Desired output length in bytes * @return 0 on success, or error code */ - static ATFRAMEWORK_UTILS_API int derive(digest_type_t type, const unsigned char* salt, size_t salt_len, - const unsigned char* ikm, size_t ikm_len, const unsigned char* info, - size_t info_len, unsigned char* okm, size_t okm_len); + static ATFRAMEWORK_UTILS_API error_code_t derive(digest_type_t type, const unsigned char* salt, size_t salt_len, + const unsigned char* ikm, size_t ikm_len, const unsigned char* info, + size_t info_len, unsigned char* okm, size_t okm_len); - static ATFRAMEWORK_UTILS_API int derive(digest_type_t type, gsl::span salt, - gsl::span ikm, gsl::span info, - unsigned char* okm, size_t okm_len); + static ATFRAMEWORK_UTILS_API error_code_t derive(digest_type_t type, gsl::span salt, + gsl::span ikm, + gsl::span info, unsigned char* okm, + size_t okm_len); /** * @brief Perform full HKDF and return result as vector @@ -343,4 +343,3 @@ ATFRAMEWORK_UTILS_NAMESPACE_END #endif // ATFW_UTIL_MACRO_CRYPTO_HMAC_ENABLED #endif // UTIL_ALGORITHM_CRYPTO_HMAC_H - diff --git a/src/algorithm/crypto_cipher.cpp b/src/algorithm/crypto_cipher.cpp index fd238d10..112dfc16 100644 --- a/src/algorithm/crypto_cipher.cpp +++ b/src/algorithm/crypto_cipher.cpp @@ -133,9 +133,9 @@ namespace details { defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) ATFRAMEWORK_UTILS_NAMESPACE_ID::lock::atomic_int_type g_global_init_counter_(0); # endif -static inline cipher::error_code_t::type setup_errorno(cipher &ci, int64_t err, cipher::error_code_t::type ret) { +static inline int setup_errorno(cipher &ci, int64_t err, cipher::error_code_t ret) { ci.set_last_errno(err); - return ret; + return static_cast(ret); } static inline void iv_shift_append(std::vector &iv, const unsigned char *ciphertext, size_t clen) { @@ -388,21 +388,21 @@ ATFRAMEWORK_UTILS_API cipher::cipher() cipher_kt_(nullptr) {} ATFRAMEWORK_UTILS_API cipher::~cipher() { close(); } -ATFRAMEWORK_UTILS_API int cipher::init(nostd::string_view name, int mode) { +ATFRAMEWORK_UTILS_API int cipher::init(nostd::string_view name, int32_t mode) { if (nullptr != interface_ && interface_->method != EN_CIMT_INVALID) { - return details::setup_errorno(*this, -1, error_code_t::ALREADY_INITED); + return details::setup_errorno(*this, -1, error_code_t::kAlreadyInited); } if (name.empty()) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } const cipher_interface_info_t *interface = details::get_cipher_interface_by_name(name); if (nullptr == interface) { - return details::setup_errorno(*this, -1, error_code_t::CIPHER_NOT_SUPPORT); + return details::setup_errorno(*this, -1, error_code_t::kCipherNotSupport); } - int ret = error_code_t::OK; + int ret = static_cast(error_code_t::kOk); // reset per-init state last_errorno_ = 0; tag_length_ = 0; @@ -427,11 +427,11 @@ ATFRAMEWORK_UTILS_API int cipher::init(nostd::string_view name, int mode) { memset(libsodium_context_.key, 0, sizeof(libsodium_context_.key)); break; default: - ret = details::setup_errorno(*this, -1, error_code_t::CIPHER_NOT_SUPPORT); + ret = details::setup_errorno(*this, -1, error_code_t::kCipherNotSupport); break; } - if (error_code_t::OK == ret) { + if (static_cast(error_code_t::kOk) == ret) { interface_ = interface; if (0 != (interface_->flags & static_cast(cipher_interface_flags_t::EN_CIFT_AEAD))) { tag_length_ = 16; @@ -444,48 +444,48 @@ ATFRAMEWORK_UTILS_API int cipher::init(nostd::string_view name, int mode) { return ret; } -int cipher::init_with_cipher(const cipher_interface_info_t *interface, int mode) { +int cipher::init_with_cipher(const cipher_interface_info_t *interface, int32_t mode) { if (nullptr == interface) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } if (interface->method != EN_CIMT_CIPHER) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } cipher_kt_ = get_cipher_by_name(interface->name); if (nullptr == cipher_kt_) { - return details::setup_errorno(*this, -1, error_code_t::CIPHER_NOT_SUPPORT); + return details::setup_errorno(*this, -1, error_code_t::kCipherNotSupport); } - int ret = error_code_t::OK; + int ret = static_cast(error_code_t::kOk); # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) do { - if (mode & mode_t::EN_CMODE_ENCRYPT) { + if (mode & mode_t::kEncrypt) { cipher_context_.enc = EVP_CIPHER_CTX_new(); if (nullptr == cipher_context_.enc) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::MALLOC); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kMalloc); break; } if (!(EVP_CipherInit_ex(cipher_context_.enc, cipher_kt_, nullptr, nullptr, nullptr, 1))) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); break; } } else { cipher_context_.enc = nullptr; } - if (mode & mode_t::EN_CMODE_DECRYPT) { + if (mode & mode_t::kDecrypt) { cipher_context_.dec = EVP_CIPHER_CTX_new(); if (nullptr == cipher_context_.dec) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::MALLOC); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kMalloc); break; } if (!(EVP_CipherInit_ex(cipher_context_.dec, cipher_kt_, nullptr, nullptr, nullptr, 0))) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); break; } } else { @@ -494,13 +494,13 @@ int cipher::init_with_cipher(const cipher_interface_info_t *interface, int mode) } while (false); - if (error_code_t::OK != ret) { - if ((mode & mode_t::EN_CMODE_ENCRYPT) && nullptr != cipher_context_.enc) { + if (static_cast(error_code_t::kOk) != ret) { + if ((mode & mode_t::kEncrypt) && nullptr != cipher_context_.enc) { EVP_CIPHER_CTX_free(cipher_context_.enc); cipher_context_.enc = nullptr; } - if ((mode & mode_t::EN_CMODE_DECRYPT) && nullptr != cipher_context_.dec) { + if ((mode & mode_t::kDecrypt) && nullptr != cipher_context_.dec) { EVP_CIPHER_CTX_free(cipher_context_.dec); cipher_context_.dec = nullptr; } @@ -508,11 +508,11 @@ int cipher::init_with_cipher(const cipher_interface_info_t *interface, int mode) # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) do { - if (mode & mode_t::EN_CMODE_ENCRYPT) { + if (mode & mode_t::kEncrypt) { cipher_context_.enc = (cipher_evp_t *)malloc(sizeof(cipher_evp_t)); if (nullptr == cipher_context_.enc) { - ret = details::setup_errorno(*this, -1, error_code_t::MALLOC); + ret = details::setup_errorno(*this, -1, error_code_t::kMalloc); break; } @@ -520,18 +520,18 @@ int cipher::init_with_cipher(const cipher_interface_info_t *interface, int mode) mbedtls_cipher_init(cipher_context_.enc); int res; if ((res = mbedtls_cipher_setup(cipher_context_.enc, cipher_kt_)) != 0) { - ret = details::setup_errorno(*this, res, error_code_t::CIPHER_OPERATION); + ret = details::setup_errorno(*this, res, error_code_t::kCipherOperation); break; } } else { cipher_context_.enc = nullptr; } - if (mode & mode_t::EN_CMODE_DECRYPT) { + if (mode & mode_t::kDecrypt) { cipher_context_.dec = (cipher_evp_t *)malloc(sizeof(cipher_evp_t)); if (nullptr == cipher_context_.dec) { - ret = details::setup_errorno(*this, -1, error_code_t::MALLOC); + ret = details::setup_errorno(*this, -1, error_code_t::kMalloc); break; } @@ -539,7 +539,7 @@ int cipher::init_with_cipher(const cipher_interface_info_t *interface, int mode) mbedtls_cipher_init(cipher_context_.dec); int res; if ((res = mbedtls_cipher_setup(cipher_context_.dec, cipher_kt_)) != 0) { - ret = details::setup_errorno(*this, res, error_code_t::CIPHER_OPERATION); + ret = details::setup_errorno(*this, res, error_code_t::kCipherOperation); break; } } else { @@ -548,35 +548,35 @@ int cipher::init_with_cipher(const cipher_interface_info_t *interface, int mode) } while (false); - if (error_code_t::OK != ret) { - if ((mode & mode_t::EN_CMODE_ENCRYPT) && nullptr != cipher_context_.enc) { + if (static_cast(error_code_t::kOk) != ret) { + if ((mode & mode_t::kEncrypt) && nullptr != cipher_context_.enc) { mbedtls_cipher_free(cipher_context_.enc); free(cipher_context_.enc); cipher_context_.enc = nullptr; } - if ((mode & mode_t::EN_CMODE_DECRYPT) && nullptr != cipher_context_.dec) { + if ((mode & mode_t::kDecrypt) && nullptr != cipher_context_.dec) { mbedtls_cipher_free(cipher_context_.dec); free(cipher_context_.dec); cipher_context_.dec = nullptr; } } # else - return details::setup_errorno(*this, -1, error_code_t::CIPHER_NOT_SUPPORT); + return details::setup_errorno(*this, -1, error_code_t::kCipherNotSupport); # endif return ret; } ATFRAMEWORK_UTILS_API int cipher::close() { if (nullptr == interface_ || interface_->method == EN_CIMT_INVALID) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } - int ret = error_code_t::OK; + int ret = static_cast(error_code_t::kOk); switch (interface_->method) { case EN_CIMT_XXTEA: // just do nothing when using xxtea - ret = details::setup_errorno(*this, 0, error_code_t::OK); + ret = details::setup_errorno(*this, 0, error_code_t::kOk); break; case EN_CIMT_CIPHER: @@ -592,10 +592,10 @@ ATFRAMEWORK_UTILS_API int cipher::close() { case EN_CIMT_LIBSODIUM_CHACHA20_POLY1305_IETF: case EN_CIMT_LIBSODIUM_XCHACHA20_POLY1305_IETF: // just do nothing when using xxtea - ret = details::setup_errorno(*this, 0, error_code_t::OK); + ret = details::setup_errorno(*this, 0, error_code_t::kOk); break; default: - ret = details::setup_errorno(*this, 0, error_code_t::CIPHER_NOT_SUPPORT); + ret = details::setup_errorno(*this, 0, error_code_t::kCipherNotSupport); break; } @@ -612,11 +612,11 @@ ATFRAMEWORK_UTILS_API int64_t cipher::get_last_errno() const { return last_error int cipher::close_with_cipher() { if (nullptr == interface_) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } if (interface_->method != EN_CIMT_CIPHER) { - return details::setup_errorno(*this, 0, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, 0, error_code_t::kInvalidParam); } // cipher cleanup @@ -646,7 +646,7 @@ int cipher::close_with_cipher() { } # endif - return details::setup_errorno(*this, 0, error_code_t::OK); + return details::setup_errorno(*this, 0, error_code_t::kOk); } ATFRAMEWORK_UTILS_API bool cipher::is_aead() const { @@ -836,12 +836,12 @@ ATFRAMEWORK_UTILS_API void cipher::set_tag_size(uint32_t tag_size) { tag_length_ ATFRAMEWORK_UTILS_API int cipher::set_key(const unsigned char *key, uint32_t key_bitlen) { if (nullptr == interface_) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } switch (interface_->method) { case EN_CIMT_INVALID: - return details::setup_errorno(*this, -1, error_code_t::NOT_INITED); + return details::setup_errorno(*this, -1, error_code_t::kNotInited); case EN_CIMT_XXTEA: { unsigned char secret[4 * sizeof(uint32_t)] = {0}; if (key_bitlen >= sizeof(secret) * 8) { @@ -850,14 +850,14 @@ ATFRAMEWORK_UTILS_API int cipher::set_key(const unsigned char *key, uint32_t key memcpy(secret, key, key_bitlen / 8); } ATFRAMEWORK_UTILS_NAMESPACE_ID::xxtea_setup(&xxtea_context_.key, secret); - return details::setup_errorno(*this, 0, error_code_t::OK); + return details::setup_errorno(*this, 0, error_code_t::kOk); } case EN_CIMT_CIPHER: { int res = 0; # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) if (get_key_bits() > key_bitlen) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } if (nullptr != cipher_context_.enc) { @@ -882,9 +882,9 @@ ATFRAMEWORK_UTILS_API int cipher::set_key(const unsigned char *key, uint32_t key } # endif if (res != 0) { - return details::setup_errorno(*this, res, error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, res, error_code_t::kCipherOperation); } - return details::setup_errorno(*this, res, error_code_t::OK); + return details::setup_errorno(*this, res, error_code_t::kOk); } case EN_CIMT_LIBSODIUM_CHACHA20: @@ -900,10 +900,10 @@ ATFRAMEWORK_UTILS_API int cipher::set_key(const unsigned char *key, uint32_t key } else { memcpy(libsodium_context_.key, key, key_bitlen / 8); } - return details::setup_errorno(*this, 0, error_code_t::OK); + return details::setup_errorno(*this, 0, error_code_t::kOk); } default: - return details::setup_errorno(*this, -1, error_code_t::NOT_INITED); + return details::setup_errorno(*this, -1, error_code_t::kNotInited); } } @@ -913,30 +913,30 @@ ATFRAMEWORK_UTILS_API int cipher::set_key(gsl::span key) { ATFRAMEWORK_UTILS_API int cipher::set_iv(const unsigned char *iv, size_t iv_len) { if (nullptr == interface_ || interface_->method == EN_CIMT_INVALID) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } switch (interface_->method) { case EN_CIMT_INVALID: case EN_CIMT_XXTEA: - return error_code_t::OK; + return static_cast(error_code_t::kOk); case EN_CIMT_CIPHER: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) if (iv_len > MBEDTLS_MAX_IV_LENGTH) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } # endif int res = 0; if (0 == (interface_->flags & EN_CIFT_VARIABLE_IV_LEN)) { if (get_iv_size() != iv_len) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } } iv_.assign(iv, iv + iv_len); iv_is_set_ = true; - return details::setup_errorno(*this, res, error_code_t::OK); + return details::setup_errorno(*this, res, error_code_t::kOk); } case EN_CIMT_LIBSODIUM_CHACHA20: @@ -948,16 +948,16 @@ ATFRAMEWORK_UTILS_API int cipher::set_iv(const unsigned char *iv, size_t iv_len) case EN_CIMT_LIBSODIUM_CHACHA20_POLY1305_IETF: case EN_CIMT_LIBSODIUM_XCHACHA20_POLY1305_IETF: { if (get_iv_size() != iv_len) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } iv_.assign(iv, iv + iv_len); iv_is_set_ = true; - return details::setup_errorno(*this, 0, error_code_t::OK); + return details::setup_errorno(*this, 0, error_code_t::kOk); } default: - return error_code_t::OK; + return static_cast(error_code_t::kOk); } } @@ -975,16 +975,16 @@ ATFRAMEWORK_UTILS_API gsl::span cipher::get_iv() const noex ATFRAMEWORK_UTILS_API int cipher::encrypt(const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) { if (nullptr == interface_ || interface_->method == EN_CIMT_INVALID) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } if (is_aead()) { - return error_code_t::MUST_CALL_AEAD_API; + return static_cast(error_code_t::kMustCallAeadApi); } if (input == nullptr || ilen <= 0 || output == nullptr || nullptr == olen || *olen <= 0 || *olen < ilen + get_block_size()) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } if (interface_->method >= EN_CIMT_CIPHER && 0 == (interface_->flags & EN_CIFT_VARIABLE_IV_LEN) && @@ -996,15 +996,15 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt(const unsigned char *input, size_t ile switch (interface_->method) { case EN_CIMT_INVALID: - return details::setup_errorno(*this, -1, error_code_t::NOT_INITED); + return details::setup_errorno(*this, -1, error_code_t::kNotInited); case EN_CIMT_XXTEA: { ATFRAMEWORK_UTILS_NAMESPACE_ID::xxtea_encrypt(&xxtea_context_.key, reinterpret_cast(input), ilen, reinterpret_cast(output), olen); - return details::setup_errorno(*this, 0, error_code_t::OK); + return details::setup_errorno(*this, 0, error_code_t::kOk); } case EN_CIMT_CIPHER: { if (nullptr == cipher_context_.enc) { - return details::setup_errorno(*this, 0, error_code_t::CIPHER_DISABLED); + return details::setup_errorno(*this, 0, error_code_t::kCipherDisabled); } # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ @@ -1015,7 +1015,7 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt(const unsigned char *input, size_t ile if (!iv_.empty()) { if (!EVP_CipherInit_ex(cipher_context_.enc, nullptr, nullptr, nullptr, &iv_[0], -1)) { return details::setup_errorno(*this, static_cast(ERR_peek_error()), - error_code_t::CIPHER_OPERATION_SET_IV); + error_code_t::kCipherOperationSetIv); } } @@ -1024,14 +1024,14 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt(const unsigned char *input, size_t ile } if (!(EVP_CipherUpdate(cipher_context_.enc, output, &outl, input, static_cast(ilen)))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } if (0 != (interface_->flags & EN_CIFT_NO_FINISH)) { finish_olen = 0; } else { if (!(EVP_CipherFinal_ex(cipher_context_.enc, output + outl, &finish_olen))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } } @@ -1039,7 +1039,7 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt(const unsigned char *input, size_t ile if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) if (0 != (interface_->flags & EN_CIFT_ENCRYPT_NO_PADDING) && @@ -1051,19 +1051,19 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt(const unsigned char *input, size_t ile # endif ) { if ((last_errorno_ = mbedtls_cipher_set_padding_mode(cipher_context_.enc, MBEDTLS_PADDING_NONE)) != 0) { - return error_code_t::CIPHER_OPERATION; + return static_cast(error_code_t::kCipherOperation); } } unsigned char empty_iv[MBEDTLS_MAX_IV_LENGTH] = {0}; if ((last_errorno_ = mbedtls_cipher_crypt(cipher_context_.enc, iv_.empty() ? empty_iv : &iv_[0], iv_.size(), input, ilen, output, olen)) != 0) { - return error_code_t::CIPHER_OPERATION; + return static_cast(error_code_t::kCipherOperation); } if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # endif } @@ -1073,79 +1073,79 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt(const unsigned char *input, size_t ile if ((last_errorno_ = crypto_stream_chacha20_xor_ic(output, input, ilen, &iv_[LIBSODIUM_COUNTER_SIZE], static_cast(libsodium_get_counter(&iv_[0])), libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, ilen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); case EN_CIMT_LIBSODIUM_CHACHA20_IETF: if ((last_errorno_ = crypto_stream_chacha20_ietf_xor_ic(output, input, ilen, &iv_[LIBSODIUM_COUNTER_SIZE], static_cast(libsodium_get_counter(&iv_[0])), libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, ilen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # ifdef crypto_stream_xchacha20_KEYBYTES if ((last_errorno_ = crypto_stream_xchacha20_xor_ic(output, input, ilen, &iv_[LIBSODIUM_COUNTER_SIZE], static_cast(libsodium_get_counter(&iv_[0])), libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, ilen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # endif case EN_CIMT_LIBSODIUM_SALSA20: if ((last_errorno_ = crypto_stream_salsa20_xor_ic(output, input, ilen, &iv_[LIBSODIUM_COUNTER_SIZE], static_cast(libsodium_get_counter(&iv_[0])), libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, ilen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); case EN_CIMT_LIBSODIUM_XSALSA20: if ((last_errorno_ = crypto_stream_xsalsa20_xor_ic(output, input, ilen, &iv_[LIBSODIUM_COUNTER_SIZE], static_cast(libsodium_get_counter(&iv_[0])), libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, ilen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # endif default: - return details::setup_errorno(*this, -1, error_code_t::NOT_INITED); + return details::setup_errorno(*this, -1, error_code_t::kNotInited); } } ATFRAMEWORK_UTILS_API int cipher::decrypt(const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) { if (nullptr == interface_ || interface_->method == EN_CIMT_INVALID) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } if (is_aead()) { - return error_code_t::MUST_CALL_AEAD_API; + return static_cast(error_code_t::kMustCallAeadApi); } if (input == nullptr || ilen <= 0 || output == nullptr || nullptr == olen || *olen <= 0 || *olen < ilen + get_block_size()) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } if (interface_->method >= EN_CIMT_CIPHER && 0 == (interface_->flags & EN_CIFT_VARIABLE_IV_LEN) && @@ -1157,15 +1157,15 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt(const unsigned char *input, size_t ile switch (interface_->method) { case EN_CIMT_INVALID: - return details::setup_errorno(*this, -1, error_code_t::NOT_INITED); + return details::setup_errorno(*this, -1, error_code_t::kNotInited); case EN_CIMT_XXTEA: { ATFRAMEWORK_UTILS_NAMESPACE_ID::xxtea_decrypt(&xxtea_context_.key, reinterpret_cast(input), ilen, reinterpret_cast(output), olen); - return details::setup_errorno(*this, 0, error_code_t::OK); + return details::setup_errorno(*this, 0, error_code_t::kOk); } case EN_CIMT_CIPHER: { if (nullptr == cipher_context_.dec) { - return details::setup_errorno(*this, 0, error_code_t::CIPHER_DISABLED); + return details::setup_errorno(*this, 0, error_code_t::kCipherDisabled); } # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ @@ -1176,7 +1176,7 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt(const unsigned char *input, size_t ile if (!iv_.empty()) { if (!EVP_CipherInit_ex(cipher_context_.dec, nullptr, nullptr, nullptr, &iv_[0], -1)) { return details::setup_errorno(*this, static_cast(ERR_peek_error()), - error_code_t::CIPHER_OPERATION_SET_IV); + error_code_t::kCipherOperationSetIv); } } @@ -1185,14 +1185,14 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt(const unsigned char *input, size_t ile } if (!(EVP_CipherUpdate(cipher_context_.dec, output, &outl, input, static_cast(ilen)))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } if (0 != (interface_->flags & EN_CIFT_NO_FINISH)) { finish_olen = 0; } else { if (!(EVP_CipherFinal_ex(cipher_context_.dec, output + outl, &finish_olen))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } } @@ -1201,7 +1201,7 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt(const unsigned char *input, size_t ile details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) if (0 != (interface_->flags & EN_CIFT_DECRYPT_NO_PADDING) && MBEDTLS_MODE_CBC == @@ -1212,19 +1212,19 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt(const unsigned char *input, size_t ile # endif ) { if ((last_errorno_ = mbedtls_cipher_set_padding_mode(cipher_context_.dec, MBEDTLS_PADDING_NONE)) != 0) { - return error_code_t::CIPHER_OPERATION; + return static_cast(error_code_t::kCipherOperation); } } unsigned char empty_iv[MBEDTLS_MAX_IV_LENGTH] = {0}; if ((last_errorno_ = mbedtls_cipher_crypt(cipher_context_.dec, iv_.empty() ? empty_iv : &iv_[0], iv_.size(), input, ilen, output, olen)) != 0) { - return error_code_t::CIPHER_OPERATION; + return static_cast(error_code_t::kCipherOperation); } if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # endif } @@ -1234,80 +1234,80 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt(const unsigned char *input, size_t ile if ((last_errorno_ = crypto_stream_chacha20_xor_ic(output, input, ilen, &iv_[LIBSODIUM_COUNTER_SIZE], static_cast(libsodium_get_counter(&iv_[0])), libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, ilen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); case EN_CIMT_LIBSODIUM_CHACHA20_IETF: if ((last_errorno_ = crypto_stream_chacha20_ietf_xor_ic(output, input, ilen, &iv_[LIBSODIUM_COUNTER_SIZE], static_cast(libsodium_get_counter(&iv_[0])), libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, ilen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # ifdef crypto_stream_xchacha20_KEYBYTES if ((last_errorno_ = crypto_stream_xchacha20_xor_ic(output, input, ilen, &iv_[LIBSODIUM_COUNTER_SIZE], static_cast(libsodium_get_counter(&iv_[0])), libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, ilen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # endif case EN_CIMT_LIBSODIUM_SALSA20: if ((last_errorno_ = crypto_stream_salsa20_xor_ic(output, input, ilen, &iv_[LIBSODIUM_COUNTER_SIZE], static_cast(libsodium_get_counter(&iv_[0])), libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, ilen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); case EN_CIMT_LIBSODIUM_XSALSA20: if ((last_errorno_ = crypto_stream_xsalsa20_xor_ic(output, input, ilen, &iv_[LIBSODIUM_COUNTER_SIZE], static_cast(libsodium_get_counter(&iv_[0])), libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, ilen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # endif default: - return details::setup_errorno(*this, -1, error_code_t::NOT_INITED); + return details::setup_errorno(*this, -1, error_code_t::kNotInited); } } ATFRAMEWORK_UTILS_API int cipher::encrypt_aead(const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *ad, size_t ad_len) { if (nullptr == interface_ || interface_->method == EN_CIMT_INVALID) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } if (!is_aead()) { - return error_code_t::MUST_NOT_CALL_AEAD_API; + return static_cast(error_code_t::kMustNotCallAeadApi); } if (input == nullptr || ilen <= 0 || output == nullptr || nullptr == olen || *olen <= 0 || *olen < ilen + get_block_size() + tag_length_) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } if (interface_->method >= EN_CIMT_CIPHER && 0 == (interface_->flags & EN_CIFT_VARIABLE_IV_LEN) && @@ -1320,7 +1320,7 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt_aead(const unsigned char *input, size_ switch (interface_->method) { case EN_CIMT_CIPHER: { if (nullptr == cipher_context_.enc) { - return details::setup_errorno(*this, 0, error_code_t::CIPHER_DISABLED); + return details::setup_errorno(*this, 0, error_code_t::kCipherDisabled); } # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ @@ -1331,27 +1331,27 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt_aead(const unsigned char *input, size_ if (0 != (interface_->flags & EN_CIFT_VARIABLE_IV_LEN)) { if (!EVP_CIPHER_CTX_ctrl(cipher_context_.enc, EVP_CTRL_AEAD_SET_IVLEN, static_cast(iv_.size()), 0)) { return details::setup_errorno(*this, static_cast(ERR_peek_error()), - error_code_t::CIPHER_OPERATION_SET_IV); + error_code_t::kCipherOperationSetIv); } } if (!EVP_CipherInit_ex(cipher_context_.enc, nullptr, nullptr, nullptr, &iv_[0], -1)) { return details::setup_errorno(*this, static_cast(ERR_peek_error()), - error_code_t::CIPHER_OPERATION_SET_IV); + error_code_t::kCipherOperationSetIv); } } if (0 != (interface_->flags & EN_CIFT_AEAD_SET_LENGTH_BEFORE)) { int tmplen; if (!EVP_CipherUpdate(cipher_context_.enc, nullptr, &tmplen, nullptr, static_cast(ilen))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } } int chunklen = 0; if (nullptr != ad && ad_len > 0) { if (!EVP_CipherUpdate(cipher_context_.enc, nullptr, &chunklen, ad, static_cast(ad_len))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } } @@ -1360,14 +1360,14 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt_aead(const unsigned char *input, size_ } if (!(EVP_CipherUpdate(cipher_context_.enc, output, &outl, input, static_cast(ilen)))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } if (0 != (interface_->flags & EN_CIFT_NO_FINISH)) { finish_olen = 0; } else { if (!(EVP_CipherFinal_ex(cipher_context_.enc, output + outl, &finish_olen))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } } @@ -1376,7 +1376,7 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt_aead(const unsigned char *input, size_ if (tag_length_ > 0) { if (!EVP_CIPHER_CTX_ctrl(cipher_context_.enc, EVP_CTRL_AEAD_GET_TAG, static_cast(tag_length_), output + *olen)) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } *olen += tag_length_; @@ -1385,14 +1385,14 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt_aead(const unsigned char *input, size_ details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) // if (0 != (interface_->flags & EN_CIFT_ENCRYPT_NO_PADDING) && MBEDTLS_MODE_CBC == // cipher_context_.enc->cipher_info->mode) // { // if ((last_errorno_ = mbedtls_cipher_set_padding_mode(cipher_context_.enc, MBEDTLS_PADDING_NONE)) != 0) { - // return error_code_t::CIPHER_OPERATION; + // return static_cast(error_code_t::kCipherOperation); // } // } @@ -1407,7 +1407,7 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt_aead(const unsigned char *input, size_ ad_len, input, ilen, output, olen, output + ilen, tag_len) # endif ) != 0) { // NOLINT: whitespace/parens - return error_code_t::CIPHER_OPERATION; + return static_cast(error_code_t::kCipherOperation); } # if MBEDTLS_VERSION_MAJOR < 3 *olen += tag_len; @@ -1415,7 +1415,7 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt_aead(const unsigned char *input, size_ if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # endif } @@ -1424,81 +1424,81 @@ ATFRAMEWORK_UTILS_API int cipher::encrypt_aead(const unsigned char *input, size_ case EN_CIMT_LIBSODIUM_CHACHA20_POLY1305: { const size_t tag_len = static_cast(tag_length_); if (crypto_aead_chacha20poly1305_ABYTES > tag_len) { - return error_code_t::LIBSODIUM_OPERATION_TAG_LEN; + return static_cast(error_code_t::kLibsodiumOperationTagLen); } unsigned long long maclen = tag_len; // NOLINT: runtime/int if ((last_errorno_ = crypto_aead_chacha20poly1305_encrypt_detached( output, output + ilen, &maclen, input, ilen, ad, ad_len, nullptr, &iv_[0], libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen + tag_len; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); } case EN_CIMT_LIBSODIUM_CHACHA20_POLY1305_IETF: { const size_t tag_len = static_cast(tag_length_); if (crypto_aead_chacha20poly1305_IETF_ABYTES > tag_len) { - return error_code_t::LIBSODIUM_OPERATION_TAG_LEN; + return static_cast(error_code_t::kLibsodiumOperationTagLen); } unsigned long long maclen = tag_len; // NOLINT: runtime/int if ((last_errorno_ = crypto_aead_chacha20poly1305_ietf_encrypt_detached( output, output + ilen, &maclen, input, ilen, ad, ad_len, nullptr, &iv_[0], libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen + tag_len; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); } # ifdef crypto_aead_xchacha20poly1305_ietf_KEYBYTES case EN_CIMT_LIBSODIUM_XCHACHA20_POLY1305_IETF: { const size_t tag_len = static_cast(tag_length_); if (crypto_aead_xchacha20poly1305_ietf_ABYTES > tag_len) { - return error_code_t::LIBSODIUM_OPERATION_TAG_LEN; + return static_cast(error_code_t::kLibsodiumOperationTagLen); } unsigned long long maclen = tag_len; // NOLINT: runtime/int if ((last_errorno_ = crypto_aead_xchacha20poly1305_ietf_encrypt_detached( output, output + ilen, &maclen, input, ilen, ad, ad_len, nullptr, &iv_[0], libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen + tag_len; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, true, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); } # endif # endif default: - return details::setup_errorno(*this, -1, error_code_t::NOT_INITED); + return details::setup_errorno(*this, -1, error_code_t::kNotInited); } } ATFRAMEWORK_UTILS_API int cipher::decrypt_aead(const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *ad, size_t ad_len) { if (nullptr == interface_ || interface_->method == EN_CIMT_INVALID) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } if (!is_aead()) { - return error_code_t::MUST_NOT_CALL_AEAD_API; + return static_cast(error_code_t::kMustNotCallAeadApi); } if (input == nullptr || ilen <= 0 || ilen <= tag_length_ || output == nullptr || nullptr == olen || *olen <= 0 || *olen < ilen - tag_length_ + get_block_size()) { - return details::setup_errorno(*this, -1, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, -1, error_code_t::kInvalidParam); } if (interface_->method >= EN_CIMT_CIPHER && 0 == (interface_->flags & EN_CIFT_VARIABLE_IV_LEN) && @@ -1510,10 +1510,10 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt_aead(const unsigned char *input, size_ switch (interface_->method) { case EN_CIMT_INVALID: - return details::setup_errorno(*this, -1, error_code_t::NOT_INITED); + return details::setup_errorno(*this, -1, error_code_t::kNotInited); case EN_CIMT_CIPHER: { if (nullptr == cipher_context_.dec) { - return details::setup_errorno(*this, 0, error_code_t::CIPHER_DISABLED); + return details::setup_errorno(*this, 0, error_code_t::kCipherDisabled); } # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ @@ -1524,34 +1524,34 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt_aead(const unsigned char *input, size_ if (0 != (interface_->flags & EN_CIFT_VARIABLE_IV_LEN)) { if (!EVP_CIPHER_CTX_ctrl(cipher_context_.dec, EVP_CTRL_AEAD_SET_IVLEN, static_cast(iv_.size()), 0)) { return details::setup_errorno(*this, static_cast(ERR_peek_error()), - error_code_t::CIPHER_OPERATION_SET_IV); + error_code_t::kCipherOperationSetIv); } } if (!EVP_CipherInit_ex(cipher_context_.dec, nullptr, nullptr, nullptr, &iv_[0], -1)) { return details::setup_errorno(*this, static_cast(ERR_peek_error()), - error_code_t::CIPHER_OPERATION_SET_IV); + error_code_t::kCipherOperationSetIv); } } if (tag_length_ > 0) { if (!(EVP_CIPHER_CTX_ctrl(cipher_context_.dec, EVP_CTRL_AEAD_SET_TAG, static_cast(tag_length_), const_cast(input) + ilen - tag_length_))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } } if (0 != (interface_->flags & EN_CIFT_AEAD_SET_LENGTH_BEFORE)) { int tmplen; if (!EVP_CipherUpdate(cipher_context_.dec, nullptr, &tmplen, nullptr, static_cast(ilen - tag_length_))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } } int chunklen = 0; if (nullptr != ad && ad_len > 0) { if (!EVP_CipherUpdate(cipher_context_.dec, nullptr, &chunklen, ad, static_cast(ad_len))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } } @@ -1560,14 +1560,14 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt_aead(const unsigned char *input, size_ } if (!(EVP_CipherUpdate(cipher_context_.dec, output, &outl, input, static_cast(ilen - tag_length_)))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } if (0 != (interface_->flags & EN_CIFT_NO_FINISH)) { finish_olen = 0; } else { if (!(EVP_CipherFinal_ex(cipher_context_.dec, output + outl, &finish_olen))) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::CIPHER_OPERATION); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kCipherOperation); } } @@ -1576,13 +1576,13 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt_aead(const unsigned char *input, size_ details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) // if (0 != (interface_->flags & EN_CIFT_DECRYPT_NO_PADDING) && MBEDTLS_MODE_CBC == // cipher_context_.dec->cipher_info->mode) // { // if ((last_errorno_ = mbedtls_cipher_set_padding_mode(cipher_context_.dec, MBEDTLS_PADDING_NONE)) != 0) { - // return error_code_t::CIPHER_OPERATION; + // return static_cast(error_code_t::kCipherOperation); // } // } @@ -1597,13 +1597,13 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt_aead(const unsigned char *input, size_ ad_len, input, ilen, output, olen, input + ilen - tag_len, tag_len) # endif ) != 0) { // NOLINT: whitespace/parens - return error_code_t::CIPHER_OPERATION; + return static_cast(error_code_t::kCipherOperation); } if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); # endif } @@ -1612,61 +1612,61 @@ ATFRAMEWORK_UTILS_API int cipher::decrypt_aead(const unsigned char *input, size_ case EN_CIMT_LIBSODIUM_CHACHA20_POLY1305: { const size_t tag_len = static_cast(tag_length_); if (crypto_aead_chacha20poly1305_ABYTES > tag_len) { - return error_code_t::LIBSODIUM_OPERATION_TAG_LEN; + return static_cast(error_code_t::kLibsodiumOperationTagLen); } if ((last_errorno_ = crypto_aead_chacha20poly1305_decrypt_detached(output, nullptr, input, ilen - tag_len, input + ilen - tag_len, ad, ad_len, &iv_[0], libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen - tag_len; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); } case EN_CIMT_LIBSODIUM_CHACHA20_POLY1305_IETF: { const size_t tag_len = static_cast(tag_length_); if (crypto_aead_chacha20poly1305_IETF_ABYTES > tag_len) { - return error_code_t::LIBSODIUM_OPERATION_TAG_LEN; + return static_cast(error_code_t::kLibsodiumOperationTagLen); } if ((last_errorno_ = crypto_aead_chacha20poly1305_ietf_decrypt_detached(output, nullptr, input, ilen - tag_len, input + ilen - tag_len, ad, ad_len, &iv_[0], libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen - tag_len; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); } # ifdef crypto_aead_xchacha20poly1305_ietf_KEYBYTES case EN_CIMT_LIBSODIUM_XCHACHA20_POLY1305_IETF: { const size_t tag_len = static_cast(tag_length_); if (crypto_aead_xchacha20poly1305_ietf_ABYTES > tag_len) { - return error_code_t::LIBSODIUM_OPERATION_TAG_LEN; + return static_cast(error_code_t::kLibsodiumOperationTagLen); } if ((last_errorno_ = crypto_aead_xchacha20poly1305_ietf_decrypt_detached(output, nullptr, input, ilen - tag_len, input + ilen - tag_len, ad, ad_len, &iv_[0], libsodium_context_.key)) != 0) { - return error_code_t::LIBSODIUM_OPERATION; + return static_cast(error_code_t::kLibsodiumOperation); } *olen = ilen - tag_len; if (iv_is_set_) { details::roll_iv_after_success(iv_roll_policy_, iv_, false, input, ilen, output, *olen, get_block_size()); } - return error_code_t::OK; + return static_cast(error_code_t::kOk); } # endif # endif default: - return details::setup_errorno(*this, -1, error_code_t::NOT_INITED); + return details::setup_errorno(*this, -1, error_code_t::kNotInited); } } diff --git a/src/algorithm/crypto_dh.cpp b/src/algorithm/crypto_dh.cpp index 0565eb7b..3fdec9aa 100644 --- a/src/algorithm/crypto_dh.cpp +++ b/src/algorithm/crypto_dh.cpp @@ -4,6 +4,32 @@ #include "algorithm/crypto_dh.h" +#ifdef CRYPTO_DH_ENABLED +# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ + defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) +# include +# include +# include +# include +# include +# include + +# if (defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 30000) || \ + (!defined(LIBRESSL_VERSION_NUMBER) && defined(OPENSSL_VERSION_NUMBER) && \ + OPENSSL_VERSION_NUMBER >= 0x30000000L) +# define CRYPTO_USE_OPENSSL_WITH_OSSL_APIS 1 +# endif +# elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) +# include "mbedtls/platform.h" +// "mbedtls/platform.h" must be the first +# include "mbedtls/ctr_drbg.h" +# include "mbedtls/dhm.h" +# include "mbedtls/ecdh.h" +# include "mbedtls/ecp.h" +# include "mbedtls/entropy.h" +# endif +#endif + #include #include @@ -580,8 +606,60 @@ static size_t crypto_dh_EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, const uns ATFRAMEWORK_UTILS_NAMESPACE_BEGIN namespace crypto { + +# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ + defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) +struct dh::dh_context_t { + EVP_PKEY_CTX *openssl_pkey_ctx_; + union { + EVP_PKEY *openssl_dh_pkey_; + EVP_PKEY *openssl_ecdh_pkey_; + }; + union { + EVP_PKEY *openssl_dh_peer_key_; + EVP_PKEY *openssl_ecdh_peer_key_; + }; + + dh_context_t() : openssl_pkey_ctx_(nullptr), openssl_dh_pkey_(nullptr), openssl_dh_peer_key_(nullptr) {} +}; + +struct dh::shared_context::dh_param_t { + BIO *param; + std::vector param_buffer; + int group_id; + EVP_PKEY_CTX *keygen_ctx; + + dh_param_t() : param(nullptr), group_id(0), keygen_ctx(nullptr) {} +}; + +struct dh::shared_context::random_engine_t {}; + +# elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) +struct dh::dh_context_t { + union { + mbedtls_dhm_context mbedtls_dh_ctx_; + mbedtls_ecdh_context mbedtls_ecdh_ctx_; + }; + + dh_context_t() {} + ~dh_context_t() {} +}; + +struct dh::shared_context::dh_param_t { + std::string param; + mbedtls_ecp_group_id group_id; + + dh_param_t() : group_id(MBEDTLS_ECP_DP_NONE) {} +}; + +struct dh::shared_context::random_engine_t { + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_entropy_context entropy; +}; +# endif + namespace details { -static inline dh::error_code_t::type setup_errorno(dh &ci, int err, dh::error_code_t::type ret) { +static inline dh::error_code_t setup_errorno(dh &ci, int err, dh::error_code_t ret) { ci.set_last_errno(err); return ret; } @@ -891,56 +969,26 @@ static EVP_PKEY_CTX *initialize_pkey_ctx_by_pkey(EVP_PKEY *params_key, bool init } // namespace details // =============== shared context =============== -ATFRAMEWORK_UTILS_API dh::shared_context::shared_context() : flags_(flags_t::NONE), method_(method_t::EN_CDT_INVALID) { -# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ - defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - dh_param_.param = nullptr; - dh_param_.group_id = 0; - dh_param_.keygen_ctx = nullptr; -# elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - dh_param_.group_id = MBEDTLS_ECP_DP_NONE; +ATFRAMEWORK_UTILS_API dh::shared_context::shared_context() + : flags_(static_cast(flags_t::kNone)), + method_(method_t::kInvalid), + dh_param_(gsl::make_unique()), + random_engine_(gsl::make_unique()) { +# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) + std::memset(static_cast(random_engine_.get()), 0, sizeof(random_engine_t)); # endif - -# if defined(UTIL_CONFIG_COMPILER_CXX_STATIC_ASSERT) && UTIL_CONFIG_COMPILER_CXX_STATIC_ASSERT -# if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201402L)) || \ - (defined(__cplusplus) && __cplusplus >= 201402L && \ - !(!defined(__clang__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && \ - __GNUC__ * 100 + __GNUC_MINOR__ <= 409)) - UTIL_CONFIG_STATIC_ASSERT(std::is_trivially_copyable::value); -# elif (defined(__cplusplus) && __cplusplus >= 201103L) || ((defined(_MSVC_LANG) && _MSVC_LANG >= 201103L)) - UTIL_CONFIG_STATIC_ASSERT(std::is_trivial::value); -# else - UTIL_CONFIG_STATIC_ASSERT(std::is_pod::value); -# endif -# endif - - memset(&random_engine_, 0, sizeof(random_engine_)); } -ATFRAMEWORK_UTILS_API dh::shared_context::shared_context(creator_helper &) - : flags_(flags_t::NONE), method_(method_t::EN_CDT_INVALID) { -# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ - defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - dh_param_.param = nullptr; - dh_param_.group_id = 0; - dh_param_.keygen_ctx = nullptr; -# elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - dh_param_.group_id = MBEDTLS_ECP_DP_NONE; -# endif -# if defined(UTIL_CONFIG_COMPILER_CXX_STATIC_ASSERT) && UTIL_CONFIG_COMPILER_CXX_STATIC_ASSERT -# if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201402L)) || \ - (defined(__cplusplus) && __cplusplus >= 201402L && \ - !(!defined(__clang__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && \ - __GNUC__ * 100 + __GNUC_MINOR__ <= 409)) - UTIL_CONFIG_STATIC_ASSERT(std::is_trivially_copyable::value); -# elif (defined(__cplusplus) && __cplusplus >= 201103L) || ((defined(_MSVC_LANG) && _MSVC_LANG >= 201103L)) - UTIL_CONFIG_STATIC_ASSERT(std::is_trivial::value); -# else - UTIL_CONFIG_STATIC_ASSERT(std::is_pod::value); -# endif +ATFRAMEWORK_UTILS_API dh::shared_context::shared_context(creator_helper &) + : flags_(static_cast(flags_t::kNone)), + method_(method_t::kInvalid), + dh_param_(gsl::make_unique()), + random_engine_(gsl::make_unique()) { +# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) + std::memset(static_cast(random_engine_.get()), 0, sizeof(random_engine_t)); # endif - memset(&random_engine_, 0, sizeof(random_engine_)); } + ATFRAMEWORK_UTILS_API dh::shared_context::~shared_context() { reset(); } ATFRAMEWORK_UTILS_API dh::shared_context::ptr_t dh::shared_context::create() { @@ -948,15 +996,15 @@ ATFRAMEWORK_UTILS_API dh::shared_context::ptr_t dh::shared_context::create() { return std::make_shared(h); } -ATFRAMEWORK_UTILS_API int dh::shared_context::init(nostd::string_view name) { +ATFRAMEWORK_UTILS_API dh::error_code_t dh::shared_context::init(nostd::string_view name) { if (name.empty()) { - return error_code_t::INVALID_PARAM; + return error_code_t::kInvalidParam; } int ecp_idx = 1; - method_t::type method = method_t::EN_CDT_DH; + method_t method = method_t::kDh; if (name.size() > 5 && 0 == UTIL_STRFUNC_STRNCASE_CMP("ecdh:", name.data(), 5)) { - method = method_t::EN_CDT_ECDH; + method = method_t::kEcdh; while (nullptr != details::supported_dh_curves[ecp_idx][0]) { bool found = false; @@ -976,33 +1024,33 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::init(nostd::string_view name) { } if (nullptr == details::supported_dh_curves[ecp_idx][0]) { - return error_code_t::NOT_SUPPORT; + return error_code_t::kNotSupport; } // check if it's available # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) if (0 == details::supported_dh_curves_openssl[ecp_idx]) { - return error_code_t::NOT_SUPPORT; + return error_code_t::kNotSupport; } # endif } - int ret = init(method); + error_code_t ret = init(method); // init failed - if (ret < 0) { + if (static_cast(ret) < 0) { return ret; } switch (method) { # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - case method_t::EN_CDT_DH: { + case method_t::kDh: { // do nothing in client mode FILE *pem = nullptr; UTIL_FS_OPEN(pem_file_e, pem, std::string{name}.c_str(), "r"); COMPILER_UNUSED(pem_file_e); if (nullptr == pem) { - ret = error_code_t::READ_DHPARAM_FILE; + ret = error_code_t::kReadDhparamFile; break; } fseek(pem, 0, SEEK_END); @@ -1018,17 +1066,17 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::init(nostd::string_view name) { // Read from pem file # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) do { - dh_param_.param_buffer.resize(pem_sz); - if (pem_sz > 0 && 0 == fread(&dh_param_.param_buffer[0], sizeof(unsigned char), pem_sz, pem)) { - ret = error_code_t::READ_DHPARAM_FILE; + dh_param_->param_buffer.resize(pem_sz); + if (pem_sz > 0 && 0 == fread(&dh_param_->param_buffer[0], sizeof(unsigned char), pem_sz, pem)) { + ret = error_code_t::kReadDhparamFile; break; } - details::reset(dh_param_.param); - dh_param_.param = BIO_new_mem_buf(&dh_param_.param_buffer[0], static_cast(pem_sz)); + details::reset(dh_param_->param); + dh_param_->param = BIO_new_mem_buf(&dh_param_->param_buffer[0], static_cast(pem_sz)); details::openssl_raii params_key{EVP_PKEY_new()}; if (nullptr == params_key.get()) { - ret = error_code_t::MALLOC; + ret = error_code_t::kMalloc; break; } @@ -1037,18 +1085,18 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::init(nostd::string_view name) { details::openssl_raii test_decoder_ctx{OSSL_DECODER_CTX_new_for_pkey( ¶ms_key.ref(), nullptr, nullptr, "DH", OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, nullptr, nullptr)}; if (!test_decoder_ctx) { - ret = error_code_t::READ_DHPARAM_FILE; + ret = error_code_t::kReadDhparamFile; break; } - if (!OSSL_DECODER_from_bio(test_decoder_ctx.get(), dh_param_.param)) { - ret = error_code_t::READ_DHPARAM_FILE; + if (!OSSL_DECODER_from_bio(test_decoder_ctx.get(), dh_param_->param)) { + ret = error_code_t::kReadDhparamFile; break; } # else // check - details::openssl_raii test_dh_ctx(PEM_read_bio_DHparams(dh_param_.param, nullptr, nullptr, nullptr)); + details::openssl_raii test_dh_ctx(PEM_read_bio_DHparams(dh_param_->param, nullptr, nullptr, nullptr)); if (!test_dh_ctx) { - ret = error_code_t::READ_DHPARAM_FILE; + ret = error_code_t::kReadDhparamFile; break; } @@ -1056,7 +1104,7 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::init(nostd::string_view name) { // fixed in 1.1.1f // @see https://github.com/openssl/openssl/issues/10592 if (1 != EVP_PKEY_set1_DH(params_key.get(), test_dh_ctx.get())) { - ret = error_code_t::NOT_SUPPORT; + ret = error_code_t::kNotSupport; break; } # endif @@ -1064,7 +1112,7 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::init(nostd::string_view name) { details::openssl_raii paramgen_ctx{ details::initialize_pkey_ctx_by_pkey(params_key.get(), false, true)}; if (nullptr == paramgen_ctx.get()) { - ret = error_code_t::NOT_SUPPORT; + ret = error_code_t::kNotSupport; break; } @@ -1073,41 +1121,41 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::init(nostd::string_view name) { (!defined(LIBRESSL_VERSION_NUMBER) && defined(OPENSSL_VERSION_NUMBER) && \ OPENSSL_VERSION_NUMBER >= 0x10101000L) if (1 != EVP_PKEY_param_check(paramgen_ctx.get())) { - ret = error_code_t::NOT_SUPPORT; + ret = error_code_t::kNotSupport; break; } # endif - details::reset(dh_param_.keygen_ctx); - dh_param_.keygen_ctx = details::initialize_pkey_ctx_by_pkey(params_key.get(), true, false); + details::reset(dh_param_->keygen_ctx); + dh_param_->keygen_ctx = details::initialize_pkey_ctx_by_pkey(params_key.get(), true, false); } while (false); - if (error_code_t::OK != ret) { - details::reset(dh_param_.param); - dh_param_.param_buffer.clear(); + if (error_code_t::kOk != ret) { + details::reset(dh_param_->param); + dh_param_->param_buffer.clear(); } # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) // mbedtls_dhm_read_params must has last character to be zero, so add one zero to the end - dh_param_.param.resize(pem_sz * sizeof(unsigned char) + 1, 0); + dh_param_->param.resize(pem_sz * sizeof(unsigned char) + 1, 0); do { - if (0 == fread(&dh_param_.param[0], sizeof(unsigned char), pem_sz, pem)) { - ret = error_code_t::READ_DHPARAM_FILE; + if (0 == fread(&dh_param_->param[0], sizeof(unsigned char), pem_sz, pem)) { + ret = error_code_t::kReadDhparamFile; break; } // test mbedtls_dhm_context test_dh_ctx; mbedtls_dhm_init(&test_dh_ctx); - if (0 != mbedtls_dhm_parse_dhm(&test_dh_ctx, reinterpret_cast(dh_param_.param.data()), + if (0 != mbedtls_dhm_parse_dhm(&test_dh_ctx, reinterpret_cast(dh_param_->param.data()), pem_sz + 1)) { - ret = error_code_t::INIT_DHPARAM; + ret = error_code_t::kInitDhparam; } else { mbedtls_dhm_free(&test_dh_ctx); } - if (error_code_t::OK != ret) { - dh_param_.param.clear(); + if (error_code_t::kOk != ret) { + dh_param_->param.clear(); } } while (false); # endif @@ -1116,17 +1164,17 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::init(nostd::string_view name) { break; } # endif - case method_t::EN_CDT_ECDH: { + case method_t::kEcdh: { // check if it's available # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) // https://github.com/prithuadhikary/OPENSSL_EVP_ECDH_EXAMPLE/blob/master/main.c - dh_param_.group_id = tls1_nid2group_id(details::supported_dh_curves_openssl[ecp_idx]); + dh_param_->group_id = tls1_nid2group_id(details::supported_dh_curves_openssl[ecp_idx]); details::openssl_raii paramgen_ctx{ - details::initialize_pkey_ctx_by_group_id(dh_param_.group_id, false, true)}; + details::initialize_pkey_ctx_by_group_id(dh_param_->group_id, false, true)}; if (nullptr == paramgen_ctx.get()) { - dh_param_.group_id = 0; - ret = error_code_t::NOT_SUPPORT; + dh_param_->group_id = 0; + ret = error_code_t::kNotSupport; break; } @@ -1138,94 +1186,95 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::init(nostd::string_view name) { EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE != ERR_GET_REASON(ERR_peek_error())) { break; } - details::reset(dh_param_.keygen_ctx); + details::reset(dh_param_->keygen_ctx); if (nullptr == paramgen_ctx.get()) { - dh_param_.keygen_ctx = details::initialize_pkey_ctx_by_group_id(dh_param_.group_id, true, false); + dh_param_->keygen_ctx = details::initialize_pkey_ctx_by_group_id(dh_param_->group_id, true, false); } else { - dh_param_.keygen_ctx = details::initialize_pkey_ctx_by_pkey(params_key.get(), true, false); + dh_param_->keygen_ctx = details::initialize_pkey_ctx_by_pkey(params_key.get(), true, false); } } while (false); # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) const mbedtls_ecp_curve_info *curve = mbedtls_ecp_curve_info_from_name(details::supported_dh_curves[ecp_idx][0]); if (nullptr == curve) { - ret = error_code_t::NOT_SUPPORT; + ret = error_code_t::kNotSupport; break; } - dh_param_.group_id = curve->grp_id; + dh_param_->group_id = curve->grp_id; # endif break; } default: { - ret = error_code_t::NOT_SUPPORT; + ret = error_code_t::kNotSupport; break; } } - if (ret < 0) { + if (static_cast(ret) < 0) { reset(); } - flags_ |= flags_t::SERVER_MODE; - flags_ &= ~static_cast(flags_t::CLIENT_MODE); + flags_ |= static_cast(flags_t::kServerMode); + flags_ &= ~static_cast(flags_t::kClientMode); return ret; } -ATFRAMEWORK_UTILS_API int dh::shared_context::init(method_t::type method) { - if (method_t::EN_CDT_INVALID != method_) { - return error_code_t::ALREADY_INITED; +ATFRAMEWORK_UTILS_API dh::error_code_t dh::shared_context::init(method_t method) { + if (method_t::kInvalid != method_) { + return error_code_t::kAlreadyInited; } - if (method_t::EN_CDT_INVALID == method) { - return error_code_t::INVALID_PARAM; + if (method_t::kInvalid == method) { + return error_code_t::kInvalidParam; } // random engine # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - if (method_t::EN_CDT_DH == method) { - return error_code_t::NOT_SUPPORT; + if (method_t::kDh == method) { + return error_code_t::kNotSupport; } # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - mbedtls_ctr_drbg_init(&random_engine_.ctr_drbg); - mbedtls_entropy_init(&random_engine_.entropy); + mbedtls_ctr_drbg_init(&random_engine_->ctr_drbg); + mbedtls_entropy_init(&random_engine_->entropy); - int res = mbedtls_ctr_drbg_seed(&random_engine_.ctr_drbg, mbedtls_entropy_func, &random_engine_.entropy, nullptr, 0); + int res = + mbedtls_ctr_drbg_seed(&random_engine_->ctr_drbg, mbedtls_entropy_func, &random_engine_->entropy, nullptr, 0); if (0 != res) { // clear DH or ECDH data - dh_param_.param.clear(); - return error_code_t::INIT_RANDOM_ENGINE; + dh_param_->param.clear(); + return error_code_t::kInitRandomEngine; } # endif method_ = method; - flags_ |= flags_t::CLIENT_MODE; - return error_code_t::OK; + flags_ |= static_cast(flags_t::kClientMode); + return error_code_t::kOk; } ATFRAMEWORK_UTILS_API void dh::shared_context::reset() { - flags_ = flags_t::NONE; - if (method_t::EN_CDT_INVALID == method_) { + flags_ = static_cast(flags_t::kNone); + if (method_t::kInvalid == method_) { return; } switch (method_) { - case method_t::EN_CDT_DH: - case method_t::EN_CDT_ECDH: { + case method_t::kDh: + case method_t::kEcdh: { // clear pem file buffer # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) // clear dh pem buffer - if (nullptr != dh_param_.param) { - details::reset(dh_param_.param); - dh_param_.param_buffer.clear(); + if (nullptr != dh_param_->param) { + details::reset(dh_param_->param); + dh_param_->param_buffer.clear(); } // clear ecp - dh_param_.group_id = 0; + dh_param_->group_id = 0; # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) // clear dh pem buffer - dh_param_.param.clear(); + dh_param_->param.clear(); // clear ecp - dh_param_.group_id = MBEDTLS_ECP_DP_NONE; + dh_param_->group_id = MBEDTLS_ECP_DP_NONE; # endif break; } @@ -1235,28 +1284,28 @@ ATFRAMEWORK_UTILS_API void dh::shared_context::reset() { } } - method_ = method_t::EN_CDT_INVALID; + method_ = method_t::kInvalid; // random engine # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - details::reset(dh_param_.param); - details::reset(dh_param_.keygen_ctx); + details::reset(dh_param_->param); + details::reset(dh_param_->keygen_ctx); # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - mbedtls_ctr_drbg_free(&random_engine_.ctr_drbg); - mbedtls_entropy_free(&random_engine_.entropy); + mbedtls_ctr_drbg_free(&random_engine_->ctr_drbg); + mbedtls_entropy_free(&random_engine_->entropy); # endif } -ATFRAMEWORK_UTILS_API int dh::shared_context::random(void *output, size_t output_sz) { - if (method_t::EN_CDT_INVALID == method_) { - return error_code_t::NOT_INITED; +ATFRAMEWORK_UTILS_API dh::error_code_t dh::shared_context::random(void *output, size_t output_sz) { + if (method_t::kInvalid == method_) { + return error_code_t::kNotInited; } if (nullptr == output || output_sz <= 0) { - return error_code_t::INVALID_PARAM; + return error_code_t::kInvalidParam; } - int ret = error_code_t::OK; + error_code_t ret = error_code_t::kOk; # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) @@ -1264,41 +1313,45 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::random(void *output, size_t output # else if (!RAND_bytes(reinterpret_cast(output), static_cast(output_sz))) { # endif - ret = static_cast(ERR_peek_error()); + ret = error_code_t::kOperation; } # elif defined(LIBATFRAME_ATGATEWAY_ENABLE_MBEDTLS) - ret = mbedtls_ctr_drbg_random(&random_engine_.ctr_drbg, reinterpret_cast(output), output_sz); + if (0 != mbedtls_ctr_drbg_random(&random_engine_->ctr_drbg, reinterpret_cast(output), output_sz)) { + ret = error_code_t::kOperation; + } # endif return ret; } -ATFRAMEWORK_UTILS_API bool dh::shared_context::is_client_mode() const { return 0 != (flags_ & flags_t::CLIENT_MODE); } +ATFRAMEWORK_UTILS_API bool dh::shared_context::is_client_mode() const { + return 0 != (flags_ & static_cast(flags_t::kClientMode)); +} -ATFRAMEWORK_UTILS_API dh::method_t::type dh::shared_context::get_method() const { return method_; } +ATFRAMEWORK_UTILS_API dh::method_t dh::shared_context::get_method() const { return method_; } ATFRAMEWORK_UTILS_API const dh::shared_context::dh_param_t &dh::shared_context::get_dh_parameter() const { - return dh_param_; + return *dh_param_; } ATFRAMEWORK_UTILS_API const dh::shared_context::random_engine_t &dh::shared_context::get_random_engine() const { - return random_engine_; + return *random_engine_; } ATFRAMEWORK_UTILS_API dh::shared_context::random_engine_t &dh::shared_context::get_random_engine() { - return random_engine_; + return *random_engine_; } # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) -ATFRAMEWORK_UTILS_API int dh::shared_context::try_reset_ecp_id(int group_id) { - if (0 != dh_param_.group_id && dh_param_.group_id != group_id) { - return error_code_t::ALGORITHM_MISMATCH; +ATFRAMEWORK_UTILS_API dh::error_code_t dh::shared_context::try_reset_ecp_id(int group_id) { + if (0 != dh_param_->group_id && dh_param_->group_id != group_id) { + return error_code_t::kAlgorithmMismatch; } - dh_param_.group_id = group_id; + dh_param_->group_id = group_id; details::openssl_raii paramgen_ctx{ - details::initialize_pkey_ctx_by_group_id(dh_param_.group_id, false, true)}; + details::initialize_pkey_ctx_by_group_id(dh_param_->group_id, false, true)}; if (nullptr == paramgen_ctx.get()) { - dh_param_.group_id = 0; - return error_code_t::NOT_SUPPORT; + dh_param_->group_id = 0; + return error_code_t::kNotSupport; } details::openssl_raii params_key{nullptr}; @@ -1306,61 +1359,61 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::try_reset_ecp_id(int group_id) { // openssl 1.1.1 will report EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE for x25519 and x448 if (nullptr == params_key.get() && EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE != ERR_GET_REASON(ERR_peek_error())) { - return error_code_t::MALLOC; + return error_code_t::kMalloc; } - details::reset(dh_param_.keygen_ctx); + details::reset(dh_param_->keygen_ctx); if (nullptr == params_key.get()) { - dh_param_.keygen_ctx = details::initialize_pkey_ctx_by_group_id(dh_param_.group_id, true, false); + dh_param_->keygen_ctx = details::initialize_pkey_ctx_by_group_id(dh_param_->group_id, true, false); } else { - dh_param_.keygen_ctx = details::initialize_pkey_ctx_by_pkey(params_key.get(), true, false); + dh_param_->keygen_ctx = details::initialize_pkey_ctx_by_pkey(params_key.get(), true, false); } - return error_code_t::OK; + return error_code_t::kOk; } # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) -ATFRAMEWORK_UTILS_API int dh::shared_context::try_reset_dh_params(BIGNUM *&DH_p, BIGNUM *&DH_g) { +ATFRAMEWORK_UTILS_API dh::error_code_t dh::shared_context::try_reset_dh_params(BIGNUM *&DH_p, BIGNUM *&DH_g) { if (nullptr == DH_p || nullptr == DH_g) { - return error_code_t::INVALID_PARAM; + return error_code_t::kInvalidParam; } - int ret = error_code_t::OK; + error_code_t ret = error_code_t::kOk; # ifdef CRYPTO_USE_OPENSSL_WITH_OSSL_APIS details::openssl_raii params_key{nullptr}; details::openssl_raii ossl_param_bld{OSSL_PARAM_BLD_new()}; if (ossl_param_bld.get() == nullptr || !OSSL_PARAM_BLD_push_BN(ossl_param_bld.get(), OSSL_PKEY_PARAM_FFC_P, DH_p) || !OSSL_PARAM_BLD_push_BN(ossl_param_bld.get(), OSSL_PKEY_PARAM_FFC_G, DH_g)) { - return error_code_t::INIT_DH_READ_PARAM; + return error_code_t::kInitDhReadParam; } details::openssl_raii ossl_params{OSSL_PARAM_BLD_to_param(ossl_param_bld.get())}; if (ossl_params.get() == nullptr) { - return error_code_t::INIT_DH_READ_KEY; + return error_code_t::kInitDhReadKey; } details::openssl_raii paramgen_ctx{EVP_PKEY_CTX_new_from_name(nullptr, "DH", nullptr)}; if (nullptr == paramgen_ctx.get() || EVP_PKEY_fromdata_init(paramgen_ctx.get()) <= 0 || EVP_PKEY_fromdata(paramgen_ctx.get(), ¶ms_key.ref(), EVP_PKEY_KEYPAIR, ossl_params.get()) <= 0) { - return error_code_t::INIT_DH_READ_KEY; + return error_code_t::kInitDhReadKey; } - details::reset(dh_param_.keygen_ctx); - dh_param_.keygen_ctx = details::initialize_pkey_ctx_by_pkey(params_key.get(), true, false); - if (dh_param_.keygen_ctx == nullptr || EVP_PKEY_param_check_quick(dh_param_.keygen_ctx) != 1) { - return error_code_t::INIT_DH_READ_PARAM; + details::reset(dh_param_->keygen_ctx); + dh_param_->keygen_ctx = details::initialize_pkey_ctx_by_pkey(params_key.get(), true, false); + if (dh_param_->keygen_ctx == nullptr || EVP_PKEY_param_check_quick(dh_param_->keygen_ctx) != 1) { + return error_code_t::kInitDhReadParam; } # else details::openssl_raii params_key{EVP_PKEY_new()}; if (nullptr == params_key.get()) { - return error_code_t::MALLOC; + return error_code_t::kMalloc; } DH *dh = DH_new(); if (nullptr == dh) { - return error_code_t::MALLOC; + return error_code_t::kMalloc; } if (!DH_set0_pqg(dh, DH_p, nullptr, DH_g)) { details::reset(dh); - return error_code_t::INIT_DH_READ_PARAM; + return error_code_t::kInitDhReadParam; } // Move into DH object after call DH_set0_pqg successfully. DH_p = nullptr; @@ -1371,13 +1424,13 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::try_reset_dh_params(BIGNUM *&DH_p, // @see https://github.com/openssl/openssl/issues/10592 if (1 != EVP_PKEY_set1_DH(params_key.get(), dh)) { details::reset(dh); - return error_code_t::OPERATION; + return error_code_t::kOperation; } details::reset(dh); - details::reset(dh_param_.keygen_ctx); - dh_param_.keygen_ctx = details::initialize_pkey_ctx_by_pkey(params_key.get(), true, false); - if (dh_param_.keygen_ctx == nullptr) { - return error_code_t::INIT_DH_READ_PARAM; + details::reset(dh_param_->keygen_ctx); + dh_param_->keygen_ctx = details::initialize_pkey_ctx_by_pkey(params_key.get(), true, false); + if (dh_param_->keygen_ctx == nullptr) { + return error_code_t::kInitDhReadParam; } # endif return ret; @@ -1387,196 +1440,187 @@ ATFRAMEWORK_UTILS_API int dh::shared_context::try_reset_dh_params(BIGNUM *&DH_p, // --------------- shared context --------------- -ATFRAMEWORK_UTILS_API dh::dh() : last_errorno_(0) { - memset(&dh_context_, 0, sizeof(dh_context_)); -# if defined(UTIL_CONFIG_COMPILER_CXX_STATIC_ASSERT) && UTIL_CONFIG_COMPILER_CXX_STATIC_ASSERT -# if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201402L)) || \ - (defined(__cplusplus) && __cplusplus >= 201402L && \ - !(!defined(__clang__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && \ - __GNUC__ * 100 + __GNUC_MINOR__ <= 409)) - UTIL_CONFIG_STATIC_ASSERT(std::is_trivially_copyable::value); -# elif (defined(__cplusplus) && __cplusplus >= 201103L) || ((defined(_MSVC_LANG) && _MSVC_LANG >= 201103L)) - UTIL_CONFIG_STATIC_ASSERT(std::is_trivial::value); -# else - UTIL_CONFIG_STATIC_ASSERT(std::is_pod::value); -# endif +ATFRAMEWORK_UTILS_API dh::dh() : last_errorno_(0), dh_context_(gsl::make_unique()) { +# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) + std::memset(static_cast(dh_context_.get()), 0, sizeof(dh_context_t)); # endif } ATFRAMEWORK_UTILS_API dh::~dh() { close(); } -ATFRAMEWORK_UTILS_API int dh::init(shared_context::ptr_t shared_context_ptr) { +ATFRAMEWORK_UTILS_API dh::error_code_t dh::init(shared_context::ptr_t shared_context_ptr) { if (!shared_context_ptr) { - return details::setup_errorno(*this, 0, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, 0, error_code_t::kInvalidParam); } // shared_context_ptr must be initialized - if (method_t::EN_CDT_INVALID == shared_context_ptr->get_method()) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + if (method_t::kInvalid == shared_context_ptr->get_method()) { + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } - int ret = 0; + error_code_t ret = error_code_t::kOk; switch (shared_context_ptr->get_method()) { # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - case method_t::EN_CDT_DH: { + case method_t::kDh: { // init DH param file # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) if (false == shared_context_ptr->is_client_mode()) { if (nullptr == shared_context_ptr->get_dh_parameter().keygen_ctx) { - ret = error_code_t::NOT_SERVER_MODE; + ret = error_code_t::kNotServerMode; break; } } # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) // mbedtls_dhm_read_params do { - mbedtls_dhm_init(&dh_context_.mbedtls_dh_ctx_); + mbedtls_dhm_init(&dh_context_->mbedtls_dh_ctx_); // client mode, just init , do not read PEM file if (false == shared_context_ptr->is_client_mode()) { int res = mbedtls_dhm_parse_dhm( - &dh_context_.mbedtls_dh_ctx_, + &dh_context_->mbedtls_dh_ctx_, reinterpret_cast(shared_context_ptr->get_dh_parameter().param.data()), shared_context_ptr->get_dh_parameter().param.size()); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DHPARAM); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhparam); break; } } } while (false); - if (0 != ret) { - mbedtls_dhm_free(&dh_context_.mbedtls_dh_ctx_); + if (error_code_t::kOk != ret) { + mbedtls_dhm_free(&dh_context_->mbedtls_dh_ctx_); } # endif break; } # endif - case method_t::EN_CDT_ECDH: { + case method_t::kEcdh: { // init DH param file # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) if (false == shared_context_ptr->is_client_mode()) { if (nullptr == shared_context_ptr->get_dh_parameter().keygen_ctx) { - ret = error_code_t::NOT_SERVER_MODE; + ret = error_code_t::kNotServerMode; break; } } # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) // mbedtls_dhm_read_params do { - mbedtls_ecdh_init(&dh_context_.mbedtls_ecdh_ctx_); + mbedtls_ecdh_init(&dh_context_->mbedtls_ecdh_ctx_); if (false == shared_context_ptr->is_client_mode()) { - int res = mbedtls_ecdh_setup(&dh_context_.mbedtls_ecdh_ctx_, shared_context_ptr->get_dh_parameter().group_id); + int res = + mbedtls_ecdh_setup(&dh_context_->mbedtls_ecdh_ctx_, shared_context_ptr->get_dh_parameter().group_id); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DHPARAM); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhparam); break; } } } while (false); - if (0 != ret) { - mbedtls_ecdh_free(&dh_context_.mbedtls_ecdh_ctx_); + if (error_code_t::kOk != ret) { + mbedtls_ecdh_free(&dh_context_->mbedtls_ecdh_ctx_); } # endif break; } default: { - details::setup_errorno(*this, 0, error_code_t::NOT_SUPPORT); + details::setup_errorno(*this, 0, error_code_t::kNotSupport); } } - if (0 != ret) { + if (error_code_t::kOk != ret) { return ret; } shared_context_ = shared_context_ptr; - return details::setup_errorno(*this, 0, error_code_t::OK); + return details::setup_errorno(*this, 0, error_code_t::kOk); } -ATFRAMEWORK_UTILS_API int dh::close() { +ATFRAMEWORK_UTILS_API dh::error_code_t dh::close() { if (!shared_context_) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } shared_context::ptr_t shared_context_ptr; shared_context_ptr.swap(shared_context_); switch (shared_context_ptr->get_method()) { - case method_t::EN_CDT_DH: { + case method_t::kDh: { // clear DH param file and cache # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - details::reset(dh_context_.openssl_dh_peer_key_); - details::reset(dh_context_.openssl_dh_pkey_); + details::reset(dh_context_->openssl_dh_peer_key_); + details::reset(dh_context_->openssl_dh_pkey_); # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - mbedtls_dhm_free(&dh_context_.mbedtls_dh_ctx_); + mbedtls_dhm_free(&dh_context_->mbedtls_dh_ctx_); # endif break; } - case method_t::EN_CDT_ECDH: { + case method_t::kEcdh: { // clear ecdh key and cache # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - details::reset(dh_context_.openssl_ecdh_peer_key_); - details::reset(dh_context_.openssl_ecdh_pkey_); + details::reset(dh_context_->openssl_ecdh_peer_key_); + details::reset(dh_context_->openssl_ecdh_pkey_); # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - mbedtls_ecdh_free(&dh_context_.mbedtls_ecdh_ctx_); + mbedtls_ecdh_free(&dh_context_->mbedtls_ecdh_ctx_); # endif break; } default: { - details::setup_errorno(*this, 0, error_code_t::NOT_SUPPORT); + details::setup_errorno(*this, 0, error_code_t::kNotSupport); } } # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - details::reset(dh_context_.openssl_pkey_ctx_); + details::reset(dh_context_->openssl_pkey_ctx_); # endif - return details::setup_errorno(*this, 0, error_code_t::OK); + return details::setup_errorno(*this, 0, error_code_t::kOk); } ATFRAMEWORK_UTILS_API void dh::set_last_errno(int e) { last_errorno_ = e; } ATFRAMEWORK_UTILS_API int dh::get_last_errno() const { return last_errorno_; } -ATFRAMEWORK_UTILS_API int dh::make_params(std::vector ¶m) { +ATFRAMEWORK_UTILS_API dh::error_code_t dh::make_params(std::vector ¶m) { if (!shared_context_) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } - int ret = details::setup_errorno(*this, 0, error_code_t::OK); + error_code_t ret = details::setup_errorno(*this, 0, error_code_t::kOk); switch (shared_context_->get_method()) { # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - case method_t::EN_CDT_DH: { + case method_t::kDh: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) do { if (nullptr == shared_context_->get_dh_parameter().keygen_ctx) { - ret = details::setup_errorno(*this, 0, error_code_t::INIT_DHPARAM); + ret = details::setup_errorno(*this, 0, error_code_t::kInitDhparam); break; } - details::reset(dh_context_.openssl_dh_pkey_); - if (EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_.openssl_dh_pkey_) <= 0) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DHPARAM); + details::reset(dh_context_->openssl_dh_pkey_); + if (EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_->openssl_dh_pkey_) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhparam); } - if (nullptr == dh_context_.openssl_dh_pkey_) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DHPARAM); + if (nullptr == dh_context_->openssl_dh_pkey_) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhparam); break; } } while (false); - if (0 != ret) { - details::reset(dh_context_.openssl_dh_pkey_); + if (error_code_t::kOk != ret) { + details::reset(dh_context_->openssl_dh_pkey_); break; } - if (nullptr == dh_context_.openssl_dh_pkey_) { - ret = details::setup_errorno(*this, 0, error_code_t::NOT_SUPPORT); + if (nullptr == dh_context_->openssl_dh_pkey_) { + ret = details::setup_errorno(*this, 0, error_code_t::kNotSupport); break; } @@ -1587,10 +1631,10 @@ ATFRAMEWORK_UTILS_API int dh::make_params(std::vector ¶m) { // @see int tls_construct_server_key_exchange(SSL *s) in statem_srvr.c -- openssl 1.1.x/3.0.0 # ifdef CRYPTO_USE_OPENSSL_WITH_OSSL_APIS BIGNUM *r[4] = {nullptr, nullptr, nullptr, nullptr}; - if (!EVP_PKEY_get_bn_param(dh_context_.openssl_dh_pkey_, OSSL_PKEY_PARAM_FFC_P, &r[0]) || - !EVP_PKEY_get_bn_param(dh_context_.openssl_dh_pkey_, OSSL_PKEY_PARAM_FFC_G, &r[1]) || - !EVP_PKEY_get_bn_param(dh_context_.openssl_dh_pkey_, OSSL_PKEY_PARAM_PUB_KEY, &r[2])) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + if (!EVP_PKEY_get_bn_param(dh_context_->openssl_dh_pkey_, OSSL_PKEY_PARAM_FFC_P, &r[0]) || + !EVP_PKEY_get_bn_param(dh_context_->openssl_dh_pkey_, OSSL_PKEY_PARAM_FFC_G, &r[1]) || + !EVP_PKEY_get_bn_param(dh_context_->openssl_dh_pkey_, OSSL_PKEY_PARAM_PUB_KEY, &r[2])) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); for (auto &bn : r) { details::reset(bn); } @@ -1599,16 +1643,16 @@ ATFRAMEWORK_UTILS_API int dh::make_params(std::vector ¶m) { # else const BIGNUM *r[4] = {nullptr, nullptr, nullptr, nullptr}; - DH *dh_inst = EVP_PKEY_get0_DH(dh_context_.openssl_dh_pkey_); + DH *dh_inst = EVP_PKEY_get0_DH(dh_context_->openssl_dh_pkey_); if (nullptr == dh_inst) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); break; } const BIGNUM *self_pubkey = nullptr; DH_get0_key(dh_inst, &self_pubkey, nullptr); if (nullptr == self_pubkey) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); break; } @@ -1646,25 +1690,25 @@ ATFRAMEWORK_UTILS_API int dh::make_params(std::vector ¶m) { # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) // size is P,G,GX # if MBEDTLS_VERSION_MAJOR >= 3 - size_t psz = mbedtls_dhm_get_len(&dh_context_.mbedtls_dh_ctx_); + size_t psz = mbedtls_dhm_get_len(&dh_context_->mbedtls_dh_ctx_); mbedtls_mpi ctx_G; mbedtls_mpi_init(&ctx_G); - mbedtls_dhm_get_value(&dh_context_.mbedtls_dh_ctx_, MBEDTLS_DHM_PARAM_G, &ctx_G); + mbedtls_dhm_get_value(&dh_context_->mbedtls_dh_ctx_, MBEDTLS_DHM_PARAM_G, &ctx_G); size_t gsz = mbedtls_mpi_size(&ctx_G); mbedtls_mpi_free(&ctx_G); # else - size_t psz = mbedtls_mpi_size(&dh_context_.mbedtls_dh_ctx_.P); - size_t gsz = mbedtls_mpi_size(&dh_context_.mbedtls_dh_ctx_.G); + size_t psz = mbedtls_mpi_size(&dh_context_->mbedtls_dh_ctx_.P); + size_t gsz = mbedtls_mpi_size(&dh_context_->mbedtls_dh_ctx_.G); # endif size_t olen = 0; // @see mbedtls_dhm_make_params, output P,G,GX. GX is smaller than P // each big number has 2 byte length param.resize(psz + psz + gsz + 6, 0); - int res = mbedtls_dhm_make_params(&dh_context_.mbedtls_dh_ctx_, static_cast(psz), + int res = mbedtls_dhm_make_params(&dh_context_->mbedtls_dh_ctx_, static_cast(psz), reinterpret_cast(¶m[0]), &olen, mbedtls_ctr_drbg_random, &shared_context_->get_random_engine().ctr_drbg); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DH_GENERATE_KEY); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhGenerateKey); break; } @@ -1677,33 +1721,33 @@ ATFRAMEWORK_UTILS_API int dh::make_params(std::vector ¶m) { break; } # endif - case method_t::EN_CDT_ECDH: { + case method_t::kEcdh: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) do { if (nullptr == shared_context_->get_dh_parameter().keygen_ctx) { - ret = details::setup_errorno(*this, 0, error_code_t::INIT_DHPARAM); + ret = details::setup_errorno(*this, 0, error_code_t::kInitDhparam); break; } - details::reset(dh_context_.openssl_ecdh_pkey_); - if (EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_.openssl_ecdh_pkey_) <= 0) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DHPARAM); + details::reset(dh_context_->openssl_ecdh_pkey_); + if (EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_->openssl_ecdh_pkey_) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhparam); } - if (nullptr == dh_context_.openssl_ecdh_pkey_) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DHPARAM); + if (nullptr == dh_context_->openssl_ecdh_pkey_) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhparam); break; } } while (false); - if (0 != ret) { - details::reset(dh_context_.openssl_ecdh_pkey_); + if (error_code_t::kOk != ret) { + details::reset(dh_context_->openssl_ecdh_pkey_); break; } - if (nullptr == dh_context_.openssl_ecdh_pkey_) { - ret = details::setup_errorno(*this, 0, error_code_t::NOT_SUPPORT); + if (nullptr == dh_context_->openssl_ecdh_pkey_) { + ret = details::setup_errorno(*this, 0, error_code_t::kNotSupport); break; } @@ -1716,14 +1760,14 @@ ATFRAMEWORK_UTILS_API int dh::make_params(std::vector ¶m) { // EVP_PKEY_print_params() // EVP_PKEY_print_params() unsigned char *point_data = nullptr; - size_t encode_len = crypto_dh_EVP_PKEY_get1_tls_encodedpoint(dh_context_.openssl_ecdh_pkey_, &point_data); + size_t encode_len = crypto_dh_EVP_PKEY_get1_tls_encodedpoint(dh_context_->openssl_ecdh_pkey_, &point_data); if (nullptr == point_data) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); break; } int group_id = shared_context_->get_dh_parameter().group_id; // { - // int type_id = EVP_PKEY_id(dh_context_.openssl_ecdh_pkey_); + // int type_id = EVP_PKEY_id(dh_context_->openssl_ecdh_pkey_); // if (EVP_PKEY_EC == type_id) { // group_id = tls1_nid2group_id(...); // } else { @@ -1745,10 +1789,10 @@ ATFRAMEWORK_UTILS_API int dh::make_params(std::vector ¶m) { // size is ecp group(3byte) + point(unknown size) size_t olen = 0; // @see mbedtls_ecdh_make_params, output group and point - int res = mbedtls_ecdh_make_params(&dh_context_.mbedtls_ecdh_ctx_, &olen, buf, sizeof(buf), + int res = mbedtls_ecdh_make_params(&dh_context_->mbedtls_ecdh_ctx_, &olen, buf, sizeof(buf), mbedtls_ctr_drbg_random, &shared_context_->get_random_engine().ctr_drbg); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DH_GENERATE_KEY); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhGenerateKey); break; } param.assign(buf, buf + olen); @@ -1756,26 +1800,26 @@ ATFRAMEWORK_UTILS_API int dh::make_params(std::vector ¶m) { break; } default: { - details::setup_errorno(*this, 0, error_code_t::NOT_SUPPORT); + details::setup_errorno(*this, 0, error_code_t::kNotSupport); } } return ret; } -ATFRAMEWORK_UTILS_API int dh::read_params(const unsigned char *input, size_t ilen) { +ATFRAMEWORK_UTILS_API dh::error_code_t dh::read_params(const unsigned char *input, size_t ilen) { if (!shared_context_) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } if (nullptr == input || ilen == 0) { - return details::setup_errorno(*this, 0, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, 0, error_code_t::kInvalidParam); } - int ret = details::setup_errorno(*this, 0, error_code_t::OK); + error_code_t ret = details::setup_errorno(*this, 0, error_code_t::kOk); switch (shared_context_->get_method()) { # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - case method_t::EN_CDT_DH: { + case method_t::kDh: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) // @see int ssl3_get_key_exchange(SSL *s) in s3_clnt.c -- openssl 1.0.x // @see int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) in statem_clnt.c -- @@ -1784,26 +1828,26 @@ ATFRAMEWORK_UTILS_API int dh::read_params(const unsigned char *input, size_t ile details::openssl_raii DH_g{details::openssl_get_dh_point(input, ilen)}; details::openssl_raii DH_gy{details::openssl_get_dh_point(input, ilen)}; if (nullptr == DH_p.get() || nullptr == DH_g.get()) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_READ_PARAM); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhReadParam); break; } if (nullptr == DH_gy.get()) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_READ_KEY); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhReadKey); break; } ret = check_or_setup_dh_pg_gy(DH_p.ref(), DH_g.ref(), DH_gy.ref()); # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) unsigned char *dh_params_beg = const_cast(input); - int res = mbedtls_dhm_read_params(&dh_context_.mbedtls_dh_ctx_, &dh_params_beg, dh_params_beg + ilen); + int res = mbedtls_dhm_read_params(&dh_context_->mbedtls_dh_ctx_, &dh_params_beg, dh_params_beg + ilen); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DH_READ_PARAM); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhReadParam); break; } # endif break; } # endif - case method_t::EN_CDT_ECDH: { + case method_t::kEcdh: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) /* @@ -1814,106 +1858,106 @@ ATFRAMEWORK_UTILS_API int dh::read_params(const unsigned char *input, size_t ile */ size_t curve_grp_len = 4; if (ilen < curve_grp_len) { - ret = details::setup_errorno(*this, 0, error_code_t::INIT_DH_READ_PARAM); + ret = details::setup_errorno(*this, 0, error_code_t::kInitDhReadParam); break; } size_t encoded_pt_len = input[3]; if (encoded_pt_len > ilen - curve_grp_len) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_READ_PARAM); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhReadParam); break; } int group_id = static_cast(input[1] << 8) | static_cast(input[2]); ret = check_or_setup_ecp_id(group_id); - if (error_code_t::OK != ret) { - ret = details::setup_errorno(*this, 0, static_cast(ret)); + if (error_code_t::kOk != ret) { + ret = details::setup_errorno(*this, 0, ret); break; } if (nullptr == shared_context_->get_dh_parameter().keygen_ctx) { - ret = details::setup_errorno(*this, 0, error_code_t::NOT_CLIENT_MODE); + ret = details::setup_errorno(*this, 0, error_code_t::kNotClientMode); break; } - details::reset(dh_context_.openssl_ecdh_pkey_); - if (EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_.openssl_ecdh_pkey_) <= 0) { - details::reset(dh_context_.openssl_ecdh_pkey_); - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + details::reset(dh_context_->openssl_ecdh_pkey_); + if (EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_->openssl_ecdh_pkey_) <= 0) { + details::reset(dh_context_->openssl_ecdh_pkey_); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); break; } - if (nullptr == dh_context_.openssl_ecdh_pkey_) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + if (nullptr == dh_context_->openssl_ecdh_pkey_) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); break; } - if (nullptr == dh_context_.openssl_ecdh_peer_key_) { - EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_.openssl_ecdh_peer_key_); + if (nullptr == dh_context_->openssl_ecdh_peer_key_) { + EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_->openssl_ecdh_peer_key_); } - if (nullptr == dh_context_.openssl_ecdh_peer_key_) { - ret = details::setup_errorno(*this, 0, error_code_t::MALLOC); + if (nullptr == dh_context_->openssl_ecdh_peer_key_) { + ret = details::setup_errorno(*this, 0, error_code_t::kMalloc); break; } - // int type_id = EVP_PKEY_id(dh_context_.openssl_ecdh_pkey_); + // int type_id = EVP_PKEY_id(dh_context_->openssl_ecdh_pkey_); // Still missing nid information if type_id == EVP_PKEY_EC - // if (EVP_PKEY_set_type(dh_context_.openssl_ecdh_peer_key_, type_id) <= 0) { - // ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::NOT_SUPPORT); - // details::reset(dh_context_.openssl_ecdh_peer_key_); + // if (EVP_PKEY_set_type(dh_context_->openssl_ecdh_peer_key_, type_id) <= 0) { + // ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kNotSupport); + // details::reset(dh_context_->openssl_ecdh_peer_key_); // break; // } - if (crypto_dh_EVP_PKEY_set1_tls_encodedpoint(dh_context_.openssl_ecdh_peer_key_, &input[curve_grp_len], + if (crypto_dh_EVP_PKEY_set1_tls_encodedpoint(dh_context_->openssl_ecdh_peer_key_, &input[curve_grp_len], encoded_pt_len) <= 0) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::NOT_SUPPORT); - details::reset(dh_context_.openssl_ecdh_peer_key_); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kNotSupport); + details::reset(dh_context_->openssl_ecdh_peer_key_); break; } # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) const unsigned char *dh_params_beg = input; - int res = mbedtls_ecdh_read_params(&dh_context_.mbedtls_ecdh_ctx_, &dh_params_beg, dh_params_beg + ilen); + int res = mbedtls_ecdh_read_params(&dh_context_->mbedtls_ecdh_ctx_, &dh_params_beg, dh_params_beg + ilen); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DH_READ_PARAM); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhReadParam); break; } # endif break; } default: { - details::setup_errorno(*this, 0, error_code_t::NOT_SUPPORT); + details::setup_errorno(*this, 0, error_code_t::kNotSupport); } } return ret; } // namespace crypto -ATFRAMEWORK_UTILS_API int dh::make_public(std::vector ¶m) { +ATFRAMEWORK_UTILS_API dh::error_code_t dh::make_public(std::vector ¶m) { if (!shared_context_) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } - int ret = details::setup_errorno(*this, 0, error_code_t::OK); + error_code_t ret = details::setup_errorno(*this, 0, error_code_t::kOk); switch (shared_context_->get_method()) { # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - case method_t::EN_CDT_DH: { + case method_t::kDh: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) - if (nullptr == dh_context_.openssl_dh_pkey_) { - ret = details::setup_errorno(*this, 0, error_code_t::INIT_DH_READ_PARAM); + if (nullptr == dh_context_->openssl_dh_pkey_) { + ret = details::setup_errorno(*this, 0, error_code_t::kInitDhReadParam); break; } # ifdef CRYPTO_USE_OPENSSL_WITH_OSSL_APIS BIGNUM *self_pubkey = nullptr; - if (!EVP_PKEY_get_bn_param(dh_context_.openssl_dh_pkey_, OSSL_PKEY_PARAM_PUB_KEY, &self_pubkey)) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + if (!EVP_PKEY_get_bn_param(dh_context_->openssl_dh_pkey_, OSSL_PKEY_PARAM_PUB_KEY, &self_pubkey)) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); details::reset(self_pubkey); break; } # else - DH *dh_inst = EVP_PKEY_get0_DH(dh_context_.openssl_dh_pkey_); + DH *dh_inst = EVP_PKEY_get0_DH(dh_context_->openssl_dh_pkey_); if (nullptr == dh_inst) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_READ_PARAM); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhReadParam); break; } @@ -1921,7 +1965,7 @@ ATFRAMEWORK_UTILS_API int dh::make_public(std::vector ¶m) { const BIGNUM *self_pubkey = nullptr; DH_get0_key(dh_inst, &self_pubkey, nullptr); if (nullptr == self_pubkey) { - ret = details::setup_errorno(*this, errcode, error_code_t::INIT_DH_GENERATE_KEY); + ret = details::setup_errorno(*this, errcode, error_code_t::kInitDhGenerateKey); break; } # endif @@ -1935,34 +1979,34 @@ ATFRAMEWORK_UTILS_API int dh::make_public(std::vector ¶m) { # endif # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) # if MBEDTLS_VERSION_MAJOR >= 3 - size_t psz = mbedtls_dhm_get_len(&dh_context_.mbedtls_dh_ctx_); + size_t psz = mbedtls_dhm_get_len(&dh_context_->mbedtls_dh_ctx_); # else - size_t psz = mbedtls_mpi_size(&dh_context_.mbedtls_dh_ctx_.P); + size_t psz = mbedtls_mpi_size(&dh_context_->mbedtls_dh_ctx_.P); # endif param.resize(psz, 0); - int res = mbedtls_dhm_make_public(&dh_context_.mbedtls_dh_ctx_, static_cast(psz), ¶m[0], psz, + int res = mbedtls_dhm_make_public(&dh_context_->mbedtls_dh_ctx_, static_cast(psz), ¶m[0], psz, mbedtls_ctr_drbg_random, &shared_context_->get_random_engine().ctr_drbg); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DH_GENERATE_KEY); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhGenerateKey); break; } # endif break; } # endif - case method_t::EN_CDT_ECDH: { + case method_t::kEcdh: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - if (nullptr == dh_context_.openssl_ecdh_pkey_) { - ret = details::setup_errorno(*this, 0, error_code_t::INIT_DH_READ_PARAM); + if (nullptr == dh_context_->openssl_ecdh_pkey_) { + ret = details::setup_errorno(*this, 0, error_code_t::kInitDhReadParam); break; } unsigned char *point_data = nullptr; - size_t encode_len = crypto_dh_EVP_PKEY_get1_tls_encodedpoint(dh_context_.openssl_ecdh_pkey_, &point_data); + size_t encode_len = crypto_dh_EVP_PKEY_get1_tls_encodedpoint(dh_context_->openssl_ecdh_pkey_, &point_data); if (nullptr == point_data) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); break; } @@ -1976,11 +2020,11 @@ ATFRAMEWORK_UTILS_API int dh::make_public(std::vector ¶m) { // size is point(unknown size) size_t olen = 0; // @see mbedtls_ecdh_make_public, output group and point - int res = mbedtls_ecdh_make_public(&dh_context_.mbedtls_ecdh_ctx_, &olen, buf, sizeof(buf), + int res = mbedtls_ecdh_make_public(&dh_context_->mbedtls_ecdh_ctx_, &olen, buf, sizeof(buf), mbedtls_ctr_drbg_random, &shared_context_->get_random_engine().ctr_drbg); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DH_GENERATE_KEY); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhGenerateKey); break; } @@ -1989,55 +2033,55 @@ ATFRAMEWORK_UTILS_API int dh::make_public(std::vector ¶m) { break; } default: { - details::setup_errorno(*this, 0, error_code_t::NOT_SUPPORT); + details::setup_errorno(*this, 0, error_code_t::kNotSupport); } } return ret; } -ATFRAMEWORK_UTILS_API int dh::read_public(const unsigned char *input, size_t ilen) { +ATFRAMEWORK_UTILS_API dh::error_code_t dh::read_public(const unsigned char *input, size_t ilen) { if (!shared_context_) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) if (nullptr == shared_context_->get_dh_parameter().keygen_ctx) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } # endif if (nullptr == input || ilen == 0) { - return details::setup_errorno(*this, 0, error_code_t::INVALID_PARAM); + return details::setup_errorno(*this, 0, error_code_t::kInvalidParam); } - int ret = details::setup_errorno(*this, 0, error_code_t::OK); + error_code_t ret = details::setup_errorno(*this, 0, error_code_t::kOk); switch (shared_context_->get_method()) { # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - case method_t::EN_CDT_DH: { + case method_t::kDh: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) - if (nullptr == dh_context_.openssl_dh_pkey_) { - ret = details::setup_errorno(*this, 0, error_code_t::INIT_DH_READ_KEY); + if (nullptr == dh_context_->openssl_dh_pkey_) { + ret = details::setup_errorno(*this, 0, error_code_t::kInitDhReadKey); break; } details::openssl_raii pub_key{BN_bin2bn(input, static_cast(ilen), nullptr)}; if (nullptr == pub_key.get()) { - ret = details::setup_errorno(*this, 0, error_code_t::INIT_DH_READ_KEY); + ret = details::setup_errorno(*this, 0, error_code_t::kInitDhReadKey); break; } # ifdef CRYPTO_USE_OPENSSL_WITH_OSSL_APIS details::openssl_raii DH_p{nullptr}; details::openssl_raii DH_g{nullptr}; - if (!EVP_PKEY_get_bn_param(dh_context_.openssl_dh_pkey_, OSSL_PKEY_PARAM_FFC_P, &DH_p.ref()) || - !EVP_PKEY_get_bn_param(dh_context_.openssl_dh_pkey_, OSSL_PKEY_PARAM_FFC_G, &DH_g.ref())) { - ret = details::setup_errorno(*this, 0, error_code_t::INIT_DH_READ_PARAM); + if (!EVP_PKEY_get_bn_param(dh_context_->openssl_dh_pkey_, OSSL_PKEY_PARAM_FFC_P, &DH_p.ref()) || + !EVP_PKEY_get_bn_param(dh_context_->openssl_dh_pkey_, OSSL_PKEY_PARAM_FFC_G, &DH_g.ref())) { + ret = details::setup_errorno(*this, 0, error_code_t::kInitDhReadParam); break; } if (nullptr == DH_p.get() || nullptr == DH_g.get()) { - ret = details::setup_errorno(*this, 0, error_code_t::INIT_DH_READ_PARAM); + ret = details::setup_errorno(*this, 0, error_code_t::kInitDhReadParam); break; } @@ -2046,50 +2090,50 @@ ATFRAMEWORK_UTILS_API int dh::read_public(const unsigned char *input, size_t ile !OSSL_PARAM_BLD_push_BN(ossl_param_bld.get(), OSSL_PKEY_PARAM_FFC_P, DH_p.get()) || !OSSL_PARAM_BLD_push_BN(ossl_param_bld.get(), OSSL_PKEY_PARAM_FFC_G, DH_g.get()) || !OSSL_PARAM_BLD_push_BN(ossl_param_bld.get(), OSSL_PKEY_PARAM_PUB_KEY, pub_key.get())) { - ret = error_code_t::INIT_DH_READ_KEY; + ret = error_code_t::kInitDhReadKey; break; } details::openssl_raii ossl_params{OSSL_PARAM_BLD_to_param(ossl_param_bld.get())}; if (ossl_params.get() == nullptr) { - ret = error_code_t::INIT_DH_READ_KEY; + ret = error_code_t::kInitDhReadKey; break; } - details::reset(dh_context_.openssl_dh_peer_key_); + details::reset(dh_context_->openssl_dh_peer_key_); if (!EVP_PKEY_fromdata_init(shared_context_->get_dh_parameter().keygen_ctx) || - !EVP_PKEY_fromdata(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_.openssl_dh_peer_key_, + !EVP_PKEY_fromdata(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_->openssl_dh_peer_key_, EVP_PKEY_KEYPAIR, ossl_params.get())) { - ret = error_code_t::INIT_DH_READ_KEY; + ret = error_code_t::kInitDhReadKey; break; } // @see test_fromdata_dh_named_group in /test/evp_pkey_provided_test.c // printf("\nbefore pubkey: "); // BN_print_fp(stdout, pub_key.get()); - // if (!EVP_PKEY_set_bn_param(dh_context_.openssl_dh_peer_key_, OSSL_PKEY_PARAM_PUB_KEY, pub_key.get())) { - // ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + // if (!EVP_PKEY_set_bn_param(dh_context_->openssl_dh_peer_key_, OSSL_PKEY_PARAM_PUB_KEY, pub_key.get())) { + // ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); // break; // } // { // BIGNUM *debug_bn = nullptr; - // EVP_PKEY_get_bn_param(dh_context_.openssl_dh_peer_key_, OSSL_PKEY_PARAM_PUB_KEY, &debug_bn); + // EVP_PKEY_get_bn_param(dh_context_->openssl_dh_peer_key_, OSSL_PKEY_PARAM_PUB_KEY, &debug_bn); // printf("\nbefore pubkey: "); // BN_print_fp(stdout, debug_bn); // BN_free(debug_bn); // } # else - if (nullptr == dh_context_.openssl_dh_peer_key_) { - EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_.openssl_dh_peer_key_); + if (nullptr == dh_context_->openssl_dh_peer_key_) { + EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_->openssl_dh_peer_key_); } - if (nullptr == dh_context_.openssl_dh_peer_key_) { - ret = details::setup_errorno(*this, 0, error_code_t::MALLOC); + if (nullptr == dh_context_->openssl_dh_peer_key_) { + ret = details::setup_errorno(*this, 0, error_code_t::kMalloc); break; } - DH *dh_inst = EVP_PKEY_get0_DH(dh_context_.openssl_dh_peer_key_); + DH *dh_inst = EVP_PKEY_get0_DH(dh_context_->openssl_dh_peer_key_); if (nullptr == dh_inst) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); break; } @@ -2099,108 +2143,106 @@ ATFRAMEWORK_UTILS_API int dh::read_public(const unsigned char *input, size_t ile # endif # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - int res = mbedtls_dhm_read_public(&dh_context_.mbedtls_dh_ctx_, input, ilen); + int res = mbedtls_dhm_read_public(&dh_context_->mbedtls_dh_ctx_, input, ilen); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DH_READ_KEY); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhReadKey); break; } # endif break; } # endif - case method_t::EN_CDT_ECDH: { + case method_t::kEcdh: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - if (nullptr == dh_context_.openssl_ecdh_pkey_) { - ret = details::setup_errorno(*this, 0, error_code_t::INIT_DH_READ_KEY); + if (nullptr == dh_context_->openssl_ecdh_pkey_) { + ret = details::setup_errorno(*this, 0, error_code_t::kInitDhReadKey); break; } /* Get encoded point length */ size_t point_len = input[0]; if (point_len + 1 != ilen) { - ret = details::setup_errorno(*this, 0, error_code_t::INVALID_PARAM); + ret = details::setup_errorno(*this, 0, error_code_t::kInvalidParam); break; } - if (nullptr == dh_context_.openssl_ecdh_peer_key_) { - EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_.openssl_ecdh_peer_key_); + if (nullptr == dh_context_->openssl_ecdh_peer_key_) { + EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_->openssl_ecdh_peer_key_); } - if (nullptr == dh_context_.openssl_ecdh_peer_key_) { - ret = details::setup_errorno(*this, 0, error_code_t::MALLOC); + if (nullptr == dh_context_->openssl_ecdh_peer_key_) { + ret = details::setup_errorno(*this, 0, error_code_t::kMalloc); break; } - if (crypto_dh_EVP_PKEY_set1_tls_encodedpoint(dh_context_.openssl_ecdh_peer_key_, &input[1], point_len) <= 0) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::NOT_SUPPORT); - details::reset(dh_context_.openssl_ecdh_peer_key_); + if (crypto_dh_EVP_PKEY_set1_tls_encodedpoint(dh_context_->openssl_ecdh_peer_key_, &input[1], point_len) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kNotSupport); + details::reset(dh_context_->openssl_ecdh_peer_key_); break; } # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) - int res = mbedtls_ecdh_read_public(&dh_context_.mbedtls_ecdh_ctx_, input, ilen); + int res = mbedtls_ecdh_read_public(&dh_context_->mbedtls_ecdh_ctx_, input, ilen); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DH_READ_KEY); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhReadKey); break; } # endif break; } default: { - details::setup_errorno(*this, 0, error_code_t::NOT_SUPPORT); + details::setup_errorno(*this, 0, error_code_t::kNotSupport); } } return ret; } -ATFRAMEWORK_UTILS_API int dh::calc_secret(std::vector &output) { +ATFRAMEWORK_UTILS_API dh::error_code_t dh::calc_secret(std::vector &output) { if (!shared_context_) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } - int ret = details::setup_errorno(*this, 0, error_code_t::OK); + error_code_t ret = details::setup_errorno(*this, 0, error_code_t::kOk); switch (shared_context_->get_method()) { # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - case method_t::EN_CDT_DH: { + case method_t::kDh: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) - if (nullptr == dh_context_.openssl_dh_pkey_) { - ret = details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + if (nullptr == dh_context_->openssl_dh_pkey_) { + ret = details::setup_errorno(*this, 0, error_code_t::kNotInited); break; } - if (nullptr == dh_context_.openssl_dh_peer_key_) { - ret = details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + if (nullptr == dh_context_->openssl_dh_peer_key_) { + ret = details::setup_errorno(*this, 0, error_code_t::kNotInited); break; } - if (nullptr != dh_context_.openssl_pkey_ctx_) { - if (dh_context_.openssl_dh_pkey_ != EVP_PKEY_CTX_get0_pkey(dh_context_.openssl_pkey_ctx_)) { - details::reset(dh_context_.openssl_pkey_ctx_); + if (nullptr != dh_context_->openssl_pkey_ctx_) { + if (dh_context_->openssl_dh_pkey_ != EVP_PKEY_CTX_get0_pkey(dh_context_->openssl_pkey_ctx_)) { + details::reset(dh_context_->openssl_pkey_ctx_); } } - if (nullptr == dh_context_.openssl_pkey_ctx_) { - dh_context_.openssl_pkey_ctx_ = EVP_PKEY_CTX_new(dh_context_.openssl_dh_pkey_, nullptr); - if (nullptr != dh_context_.openssl_pkey_ctx_) { - if (EVP_PKEY_derive_init(dh_context_.openssl_pkey_ctx_) <= 0) { - ret = - details::setup_errorno(*this, static_cast(ERR_get_error()), error_code_t::INIT_DH_GENERATE_SECRET); - details::reset(dh_context_.openssl_pkey_ctx_); + if (nullptr == dh_context_->openssl_pkey_ctx_) { + dh_context_->openssl_pkey_ctx_ = EVP_PKEY_CTX_new(dh_context_->openssl_dh_pkey_, nullptr); + if (nullptr != dh_context_->openssl_pkey_ctx_) { + if (EVP_PKEY_derive_init(dh_context_->openssl_pkey_ctx_) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_get_error()), error_code_t::kInitDhGenerateSecret); + details::reset(dh_context_->openssl_pkey_ctx_); } } } - if (nullptr == dh_context_.openssl_pkey_ctx_) { - ret = details::setup_errorno(*this, static_cast(ERR_get_error()), error_code_t::INIT_DH_GENERATE_SECRET); + if (nullptr == dh_context_->openssl_pkey_ctx_) { + ret = details::setup_errorno(*this, static_cast(ERR_get_error()), error_code_t::kInitDhGenerateSecret); break; } # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - if (dh_context_.openssl_dh_peer_key_ != EVP_PKEY_CTX_get0_peerkey(dh_context_.openssl_pkey_ctx_)) { + if (dh_context_->openssl_dh_peer_key_ != EVP_PKEY_CTX_get0_peerkey(dh_context_->openssl_pkey_ctx_)) { # endif - if (EVP_PKEY_derive_set_peer(dh_context_.openssl_pkey_ctx_, dh_context_.openssl_dh_peer_key_) <= 0) { - ret = - details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_SECRET); + if (EVP_PKEY_derive_set_peer(dh_context_->openssl_pkey_ctx_, dh_context_->openssl_dh_peer_key_) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateSecret); break; } # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) @@ -2208,27 +2250,27 @@ ATFRAMEWORK_UTILS_API int dh::calc_secret(std::vector &output) { # endif // puts("pkey: params"); - // EVP_PKEY_print_params_fp(stdout, dh_context_.openssl_dh_pkey_, 2, nullptr); + // EVP_PKEY_print_params_fp(stdout, dh_context_->openssl_dh_pkey_, 2, nullptr); // puts("pkey: public"); - // EVP_PKEY_print_public_fp(stdout, dh_context_.openssl_dh_pkey_, 2, nullptr); + // EVP_PKEY_print_public_fp(stdout, dh_context_->openssl_dh_pkey_, 2, nullptr); // puts("pkey: private"); - // EVP_PKEY_print_private_fp(stdout, dh_context_.openssl_dh_pkey_, 2, nullptr); + // EVP_PKEY_print_private_fp(stdout, dh_context_->openssl_dh_pkey_, 2, nullptr); // puts("peer_key: params"); - // EVP_PKEY_print_params_fp(stdout, dh_context_.openssl_dh_peer_key_, 2, nullptr); + // EVP_PKEY_print_params_fp(stdout, dh_context_->openssl_dh_peer_key_, 2, nullptr); // puts("peer_key: public"); - // EVP_PKEY_print_public_fp(stdout, dh_context_.openssl_dh_peer_key_, 2, nullptr); + // EVP_PKEY_print_public_fp(stdout, dh_context_->openssl_dh_peer_key_, 2, nullptr); // puts("peer_key: private"); - // EVP_PKEY_print_private_fp(stdout, dh_context_.openssl_dh_peer_key_, 2, nullptr); + // EVP_PKEY_print_private_fp(stdout, dh_context_->openssl_dh_peer_key_, 2, nullptr); size_t secret_len = 0; - if (EVP_PKEY_derive(dh_context_.openssl_pkey_ctx_, nullptr, &secret_len) <= 0) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_SECRET); + if (EVP_PKEY_derive(dh_context_->openssl_pkey_ctx_, nullptr, &secret_len) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateSecret); break; } output.resize(static_cast((secret_len + 7) / 8) * 8, 0); - if ((EVP_PKEY_derive(dh_context_.openssl_pkey_ctx_, &output[0], &secret_len)) <= 0) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_SECRET); + if ((EVP_PKEY_derive(dh_context_->openssl_pkey_ctx_, &output[0], &secret_len)) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateSecret); break; } output.resize(static_cast(secret_len)); @@ -2238,10 +2280,10 @@ ATFRAMEWORK_UTILS_API int dh::calc_secret(std::vector &output) { // generate next_secret output.resize(psz, 0); int res; - res = mbedtls_dhm_calc_secret(&dh_context_.mbedtls_dh_ctx_, &output[0], psz, &psz, mbedtls_ctr_drbg_random, + res = mbedtls_dhm_calc_secret(&dh_context_->mbedtls_dh_ctx_, &output[0], psz, &psz, mbedtls_ctr_drbg_random, &shared_context_->get_random_engine().ctr_drbg); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DH_GENERATE_SECRET); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhGenerateSecret); break; } output.resize(psz); @@ -2250,47 +2292,45 @@ ATFRAMEWORK_UTILS_API int dh::calc_secret(std::vector &output) { break; } # endif - case method_t::EN_CDT_ECDH: { + case method_t::kEcdh: { # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - if (nullptr == dh_context_.openssl_ecdh_pkey_) { - ret = details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + if (nullptr == dh_context_->openssl_ecdh_pkey_) { + ret = details::setup_errorno(*this, 0, error_code_t::kNotInited); break; } - if (nullptr == dh_context_.openssl_ecdh_peer_key_) { - ret = details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + if (nullptr == dh_context_->openssl_ecdh_peer_key_) { + ret = details::setup_errorno(*this, 0, error_code_t::kNotInited); break; } - if (nullptr != dh_context_.openssl_pkey_ctx_) { - if (dh_context_.openssl_ecdh_pkey_ != EVP_PKEY_CTX_get0_pkey(dh_context_.openssl_pkey_ctx_)) { - details::reset(dh_context_.openssl_pkey_ctx_); + if (nullptr != dh_context_->openssl_pkey_ctx_) { + if (dh_context_->openssl_ecdh_pkey_ != EVP_PKEY_CTX_get0_pkey(dh_context_->openssl_pkey_ctx_)) { + details::reset(dh_context_->openssl_pkey_ctx_); } } - if (nullptr == dh_context_.openssl_pkey_ctx_) { - dh_context_.openssl_pkey_ctx_ = EVP_PKEY_CTX_new(dh_context_.openssl_ecdh_pkey_, nullptr); - if (nullptr != dh_context_.openssl_pkey_ctx_) { - if (EVP_PKEY_derive_init(dh_context_.openssl_pkey_ctx_) <= 0) { - ret = - details::setup_errorno(*this, static_cast(ERR_get_error()), error_code_t::INIT_DH_GENERATE_SECRET); - details::reset(dh_context_.openssl_pkey_ctx_); + if (nullptr == dh_context_->openssl_pkey_ctx_) { + dh_context_->openssl_pkey_ctx_ = EVP_PKEY_CTX_new(dh_context_->openssl_ecdh_pkey_, nullptr); + if (nullptr != dh_context_->openssl_pkey_ctx_) { + if (EVP_PKEY_derive_init(dh_context_->openssl_pkey_ctx_) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_get_error()), error_code_t::kInitDhGenerateSecret); + details::reset(dh_context_->openssl_pkey_ctx_); } } } - if (nullptr == dh_context_.openssl_pkey_ctx_) { - ret = details::setup_errorno(*this, static_cast(ERR_get_error()), error_code_t::INIT_DH_GENERATE_SECRET); + if (nullptr == dh_context_->openssl_pkey_ctx_) { + ret = details::setup_errorno(*this, static_cast(ERR_get_error()), error_code_t::kInitDhGenerateSecret); break; } # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) - if (dh_context_.openssl_ecdh_peer_key_ != EVP_PKEY_CTX_get0_peerkey(dh_context_.openssl_pkey_ctx_)) { + if (dh_context_->openssl_ecdh_peer_key_ != EVP_PKEY_CTX_get0_peerkey(dh_context_->openssl_pkey_ctx_)) { # endif - if (EVP_PKEY_derive_set_peer(dh_context_.openssl_pkey_ctx_, dh_context_.openssl_ecdh_peer_key_) <= 0) { - ret = - details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_SECRET); + if (EVP_PKEY_derive_set_peer(dh_context_->openssl_pkey_ctx_, dh_context_->openssl_ecdh_peer_key_) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateSecret); break; } # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) @@ -2298,14 +2338,14 @@ ATFRAMEWORK_UTILS_API int dh::calc_secret(std::vector &output) { # endif size_t secret_len = 0; - if (EVP_PKEY_derive(dh_context_.openssl_pkey_ctx_, nullptr, &secret_len) <= 0) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_SECRET); + if (EVP_PKEY_derive(dh_context_->openssl_pkey_ctx_, nullptr, &secret_len) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateSecret); break; } output.resize(static_cast((secret_len + 7) / 8) * 8, 0); - if ((EVP_PKEY_derive(dh_context_.openssl_pkey_ctx_, &output[0], &secret_len)) <= 0) { - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_SECRET); + if ((EVP_PKEY_derive(dh_context_->openssl_pkey_ctx_, &output[0], &secret_len)) <= 0) { + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateSecret); break; } output.resize(static_cast(secret_len)); @@ -2315,10 +2355,10 @@ ATFRAMEWORK_UTILS_API int dh::calc_secret(std::vector &output) { // usually is group size size_t olen = 0; int res; - res = mbedtls_ecdh_calc_secret(&dh_context_.mbedtls_ecdh_ctx_, &olen, buf, sizeof(buf), mbedtls_ctr_drbg_random, + res = mbedtls_ecdh_calc_secret(&dh_context_->mbedtls_ecdh_ctx_, &olen, buf, sizeof(buf), mbedtls_ctr_drbg_random, &shared_context_->get_random_engine().ctr_drbg); if (0 != res) { - ret = details::setup_errorno(*this, res, error_code_t::INIT_DH_GENERATE_SECRET); + ret = details::setup_errorno(*this, res, error_code_t::kInitDhGenerateSecret); break; } @@ -2327,7 +2367,7 @@ ATFRAMEWORK_UTILS_API int dh::calc_secret(std::vector &output) { break; } default: { - details::setup_errorno(*this, 0, error_code_t::NOT_SUPPORT); + details::setup_errorno(*this, 0, error_code_t::kNotSupport); } } @@ -2421,31 +2461,31 @@ ATFRAMEWORK_UTILS_API const std::vector &dh::get_all_curve_names() # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) -int dh::check_or_setup_ecp_id(int group_id) { +dh::error_code_t dh::check_or_setup_ecp_id(int group_id) { if (!shared_context_) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } - int ret = shared_context_->try_reset_ecp_id(group_id); - if (error_code_t::OK != ret) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), static_cast(ret)); + error_code_t ret = shared_context_->try_reset_ecp_id(group_id); + if (error_code_t::kOk != ret) { + return details::setup_errorno(*this, static_cast(ERR_peek_error()), ret); } if (nullptr == shared_context_->get_dh_parameter().keygen_ctx) { - return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); } return ret; } # if !defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) -int dh::check_or_setup_dh_pg_gy(BIGNUM *&DH_p, BIGNUM *&DH_g, BIGNUM *&DH_gy) { +dh::error_code_t dh::check_or_setup_dh_pg_gy(BIGNUM *&DH_p, BIGNUM *&DH_g, BIGNUM *&DH_gy) { if (!shared_context_) { - return details::setup_errorno(*this, 0, error_code_t::NOT_INITED); + return details::setup_errorno(*this, 0, error_code_t::kNotInited); } - if (nullptr != dh_context_.openssl_pkey_ctx_) { - return error_code_t::ALREADY_INITED; + if (nullptr != dh_context_->openssl_pkey_ctx_) { + return error_code_t::kAlreadyInited; } // import P,G,GY @@ -2458,22 +2498,22 @@ int dh::check_or_setup_dh_pg_gy(BIGNUM *&DH_p, BIGNUM *&DH_g, BIGNUM *&DH_gy) { // BN_print_fp(stdout, DH_g); // BN_print_fp(stdout, DH_gy); - int ret = error_code_t::OK; + error_code_t ret = error_code_t::kOk; do { ret = shared_context_->try_reset_dh_params(DH_p, DH_g); - if (error_code_t::OK != ret) { + if (error_code_t::kOk != ret) { break; } if (nullptr == shared_context_->get_dh_parameter().keygen_ctx) { - ret = error_code_t::INIT_DH_GENERATE_KEY; + ret = error_code_t::kInitDhGenerateKey; break; } - details::reset(dh_context_.openssl_dh_pkey_); - if (EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_.openssl_dh_pkey_) <= 0) { - details::reset(dh_context_.openssl_dh_pkey_); - ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::INIT_DH_GENERATE_KEY); + details::reset(dh_context_->openssl_dh_pkey_); + if (EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_->openssl_dh_pkey_) <= 0) { + details::reset(dh_context_->openssl_dh_pkey_); + ret = details::setup_errorno(*this, static_cast(ERR_peek_error()), error_code_t::kInitDhGenerateKey); break; } @@ -2489,26 +2529,26 @@ int dh::check_or_setup_dh_pg_gy(BIGNUM *&DH_p, BIGNUM *&DH_g, BIGNUM *&DH_gy) { !OSSL_PARAM_BLD_push_BN(ossl_param_bld.get(), OSSL_PKEY_PARAM_FFC_P, DH_p) || !OSSL_PARAM_BLD_push_BN(ossl_param_bld.get(), OSSL_PKEY_PARAM_FFC_G, DH_g) || !OSSL_PARAM_BLD_push_BN(ossl_param_bld.get(), OSSL_PKEY_PARAM_PUB_KEY, DH_gy)) { - ret = error_code_t::INIT_DH_READ_KEY; + ret = error_code_t::kInitDhReadKey; break; } details::openssl_raii ossl_params{OSSL_PARAM_BLD_to_param(ossl_param_bld.get())}; if (ossl_params.get() == nullptr) { - ret = error_code_t::INIT_DH_READ_KEY; + ret = error_code_t::kInitDhReadKey; break; } - details::reset(dh_context_.openssl_dh_peer_key_); + details::reset(dh_context_->openssl_dh_peer_key_); if (!EVP_PKEY_fromdata_init(shared_context_->get_dh_parameter().keygen_ctx) || - !EVP_PKEY_fromdata(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_.openssl_dh_peer_key_, + !EVP_PKEY_fromdata(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_->openssl_dh_peer_key_, EVP_PKEY_KEYPAIR, ossl_params.get())) { - ret = error_code_t::INIT_DH_READ_KEY; + ret = error_code_t::kInitDhReadKey; break; } - // if (!EVP_PKEY_set_bn_param(dh_context_.openssl_dh_peer_key_, OSSL_PKEY_PARAM_PUB_KEY, DH_gy)) { - // ret = error_code_t::INIT_DH_READ_KEY; + // if (!EVP_PKEY_set_bn_param(dh_context_->openssl_dh_peer_key_, OSSL_PKEY_PARAM_PUB_KEY, DH_gy)) { + // ret = error_code_t::kInitDhReadKey; // break; // } @@ -2521,9 +2561,9 @@ int dh::check_or_setup_dh_pg_gy(BIGNUM *&DH_p, BIGNUM *&DH_g, BIGNUM *&DH_gy) { // BN_print_fp(stdout, DH_gy); // { // BIGNUM *debug_bn[3] = {nullptr, nullptr, nullptr}; - // EVP_PKEY_get_bn_param(dh_context_.openssl_dh_peer_key_, OSSL_PKEY_PARAM_FFC_P, &debug_bn[0]); - // EVP_PKEY_get_bn_param(dh_context_.openssl_dh_peer_key_, OSSL_PKEY_PARAM_FFC_G, &debug_bn[1]); - // EVP_PKEY_get_bn_param(dh_context_.openssl_dh_peer_key_, OSSL_PKEY_PARAM_PUB_KEY, &debug_bn[2]); + // EVP_PKEY_get_bn_param(dh_context_->openssl_dh_peer_key_, OSSL_PKEY_PARAM_FFC_P, &debug_bn[0]); + // EVP_PKEY_get_bn_param(dh_context_->openssl_dh_peer_key_, OSSL_PKEY_PARAM_FFC_G, &debug_bn[1]); + // EVP_PKEY_get_bn_param(dh_context_->openssl_dh_peer_key_, OSSL_PKEY_PARAM_PUB_KEY, &debug_bn[2]); // printf("\n after P: "); // BN_print_fp(stdout, debug_bn[0]); // printf("\n after G: "); @@ -2536,22 +2576,22 @@ int dh::check_or_setup_dh_pg_gy(BIGNUM *&DH_p, BIGNUM *&DH_g, BIGNUM *&DH_gy) { // } # else - if (nullptr == dh_context_.openssl_dh_peer_key_) { - EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_.openssl_dh_peer_key_); + if (nullptr == dh_context_->openssl_dh_peer_key_) { + EVP_PKEY_keygen(shared_context_->get_dh_parameter().keygen_ctx, &dh_context_->openssl_dh_peer_key_); } - if (nullptr == dh_context_.openssl_dh_peer_key_) { - ret = error_code_t::INIT_DH_GENERATE_KEY; + if (nullptr == dh_context_->openssl_dh_peer_key_) { + ret = error_code_t::kInitDhGenerateKey; break; } - DH *peer_dh = EVP_PKEY_get0_DH(dh_context_.openssl_dh_peer_key_); + DH *peer_dh = EVP_PKEY_get0_DH(dh_context_->openssl_dh_peer_key_); if (nullptr == peer_dh) { - ret = error_code_t::INIT_DH_GENERATE_KEY; + ret = error_code_t::kInitDhGenerateKey; break; } if (!DH_set0_key(peer_dh, DH_gy, nullptr)) { - ret = error_code_t::INIT_DH_READ_KEY; + ret = error_code_t::kInitDhReadKey; break; } // Move out here @@ -2560,7 +2600,7 @@ int dh::check_or_setup_dh_pg_gy(BIGNUM *&DH_p, BIGNUM *&DH_g, BIGNUM *&DH_gy) { } while (false); } while (false); - return details::setup_errorno(*this, static_cast(ERR_peek_error()), static_cast(ret)); + return details::setup_errorno(*this, static_cast(ERR_peek_error()), ret); } # endif # endif diff --git a/src/algorithm/crypto_hmac.cpp b/src/algorithm/crypto_hmac.cpp index 3682e01c..38c25a30 100644 --- a/src/algorithm/crypto_hmac.cpp +++ b/src/algorithm/crypto_hmac.cpp @@ -25,6 +25,11 @@ # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) +# include +# include +# include +# include + // Check for OpenSSL 3.0+ which has EVP_MAC API # if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L && \ !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL) @@ -259,6 +264,10 @@ static void free_hmac_context(void* ctx) { # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) +# include +# include +# include + static const mbedtls_md_info_t* get_md_info_by_type(digest_type_t type) noexcept { switch (type) { case digest_type_t::kSha1: @@ -401,7 +410,7 @@ ATFRAMEWORK_UTILS_API hmac& hmac::operator=(hmac&& other) noexcept { return *this; } -ATFRAMEWORK_UTILS_API int hmac::init(digest_type_t type, const unsigned char* key, size_t key_len) { +ATFRAMEWORK_UTILS_API hmac_error_code_t hmac::init(digest_type_t type, const unsigned char* key, size_t key_len) { if (context_ != nullptr) { return hmac_error_code_t::kAlreadyInitialized; } @@ -439,11 +448,11 @@ ATFRAMEWORK_UTILS_API int hmac::init(digest_type_t type, const unsigned char* ke return hmac_error_code_t::kOk; } -ATFRAMEWORK_UTILS_API int hmac::init(digest_type_t type, gsl::span key) { +ATFRAMEWORK_UTILS_API hmac_error_code_t hmac::init(digest_type_t type, gsl::span key) { return init(type, key.data(), key.size()); } -ATFRAMEWORK_UTILS_API int hmac::close() { +ATFRAMEWORK_UTILS_API hmac_error_code_t hmac::close() { if (context_ != nullptr) { details::free_hmac_context(context_); context_ = nullptr; @@ -453,7 +462,7 @@ ATFRAMEWORK_UTILS_API int hmac::close() { return hmac_error_code_t::kOk; } -ATFRAMEWORK_UTILS_API int hmac::update(const unsigned char* input, size_t input_len) { +ATFRAMEWORK_UTILS_API hmac_error_code_t hmac::update(const unsigned char* input, size_t input_len) { if (context_ == nullptr) { return hmac_error_code_t::kNotInitialized; } @@ -499,11 +508,11 @@ ATFRAMEWORK_UTILS_API int hmac::update(const unsigned char* input, size_t input_ return hmac_error_code_t::kOk; } -ATFRAMEWORK_UTILS_API int hmac::update(gsl::span input) { +ATFRAMEWORK_UTILS_API hmac_error_code_t hmac::update(gsl::span input) { return update(input.data(), input.size()); } -ATFRAMEWORK_UTILS_API int hmac::final(unsigned char* output, size_t* output_len) { +ATFRAMEWORK_UTILS_API hmac_error_code_t hmac::final(unsigned char* output, size_t* output_len) { if (context_ == nullptr) { return hmac_error_code_t::kNotInitialized; } @@ -581,9 +590,9 @@ ATFRAMEWORK_UTILS_API int64_t hmac::get_last_errno() const noexcept { return las ATFRAMEWORK_UTILS_API void hmac::set_last_errno(int64_t e) noexcept { last_errno_ = e; } -ATFRAMEWORK_UTILS_API int hmac::compute(digest_type_t type, const unsigned char* key, size_t key_len, - const unsigned char* input, size_t input_len, unsigned char* output, - size_t* output_len) { +ATFRAMEWORK_UTILS_API hmac_error_code_t hmac::compute(digest_type_t type, const unsigned char* key, size_t key_len, + const unsigned char* input, size_t input_len, + unsigned char* output, size_t* output_len) { if (output == nullptr || output_len == nullptr) { return hmac_error_code_t::kInvalidParam; } @@ -624,7 +633,7 @@ ATFRAMEWORK_UTILS_API int hmac::compute(digest_type_t type, const unsigned char* params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, const_cast(digest_name), 0); params[1] = OSSL_PARAM_construct_end(); - int ret = hmac_error_code_t::kOk; + hmac_error_code_t ret = hmac_error_code_t::kOk; if (EVP_MAC_init(ctx, key, key_len, params) != 1) { ret = hmac_error_code_t::kOperation; } else if (EVP_MAC_update(ctx, input, input_len) != 1) { @@ -668,9 +677,9 @@ ATFRAMEWORK_UTILS_API int hmac::compute(digest_type_t type, const unsigned char* # endif } -ATFRAMEWORK_UTILS_API int hmac::compute(digest_type_t type, gsl::span key, - gsl::span input, unsigned char* output, - size_t* output_len) { +ATFRAMEWORK_UTILS_API hmac_error_code_t hmac::compute(digest_type_t type, gsl::span key, + gsl::span input, unsigned char* output, + size_t* output_len) { return compute(type, key.data(), key.size(), input.data(), input.size(), output, output_len); } @@ -718,8 +727,9 @@ ATFRAMEWORK_UTILS_API std::string hmac::compute_to_hex(digest_type_t type, gsl:: // HKDF class implementation // ============================================================================ -ATFRAMEWORK_UTILS_API int hkdf::extract(digest_type_t type, const unsigned char* salt, size_t salt_len, - const unsigned char* ikm, size_t ikm_len, unsigned char* prk, size_t* prk_len) { +ATFRAMEWORK_UTILS_API hkdf::error_code_t hkdf::extract(digest_type_t type, const unsigned char* salt, size_t salt_len, + const unsigned char* ikm, size_t ikm_len, unsigned char* prk, + size_t* prk_len) { if (ikm == nullptr && ikm_len > 0) { return error_code_t::kInvalidParam; } @@ -734,7 +744,7 @@ ATFRAMEWORK_UTILS_API int hkdf::extract(digest_type_t type, const unsigned char* if (*prk_len < hash_len) { *prk_len = hash_len; - return hmac_error_code_t::kOutputBufferTooSmall; + return error_code_t::kInvalidParam; } # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_OPENSSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || \ @@ -761,8 +771,8 @@ ATFRAMEWORK_UTILS_API int hkdf::extract(digest_type_t type, const unsigned char* salt_len = zero_salt.size(); } - int ret = hmac::compute(type, salt, salt_len, ikm, ikm_len, prk, prk_len); - if (ret != hmac_error_code_t::kOk) { + hmac_error_code_t hret = hmac::compute(type, salt, salt_len, ikm, ikm_len, prk, prk_len); + if (hret != hmac_error_code_t::kOk) { return error_code_t::kOperation; } @@ -784,13 +794,15 @@ ATFRAMEWORK_UTILS_API int hkdf::extract(digest_type_t type, const unsigned char* # endif } -ATFRAMEWORK_UTILS_API int hkdf::extract(digest_type_t type, gsl::span salt, - gsl::span ikm, unsigned char* prk, size_t* prk_len) { +ATFRAMEWORK_UTILS_API hkdf::error_code_t hkdf::extract(digest_type_t type, gsl::span salt, + gsl::span ikm, unsigned char* prk, + size_t* prk_len) { return extract(type, salt.data(), salt.size(), ikm.data(), ikm.size(), prk, prk_len); } -ATFRAMEWORK_UTILS_API int hkdf::expand(digest_type_t type, const unsigned char* prk, size_t prk_len, - const unsigned char* info, size_t info_len, unsigned char* okm, size_t okm_len) { +ATFRAMEWORK_UTILS_API hkdf::error_code_t hkdf::expand(digest_type_t type, const unsigned char* prk, size_t prk_len, + const unsigned char* info, size_t info_len, unsigned char* okm, + size_t okm_len) { if (prk == nullptr && prk_len > 0) { return error_code_t::kInvalidParam; } @@ -840,7 +852,7 @@ ATFRAMEWORK_UTILS_API int hkdf::expand(digest_type_t type, const unsigned char* } params[idx] = OSSL_PARAM_construct_end(); - int ret = error_code_t::kOk; + hkdf::error_code_t ret = error_code_t::kOk; if (EVP_KDF_derive(kctx, okm, okm_len, params) != 1) { ret = error_code_t::kOperation; } @@ -855,7 +867,7 @@ ATFRAMEWORK_UTILS_API int hkdf::expand(digest_type_t type, const unsigned char* return error_code_t::kOperation; } - int ret = error_code_t::kOk; + hkdf::error_code_t ret = error_code_t::kOk; const EVP_MD* md = details::get_evp_md_by_type(type); do { @@ -926,8 +938,8 @@ ATFRAMEWORK_UTILS_API int hkdf::expand(digest_type_t type, const unsigned char* // Compute T(i) = HMAC(PRK, T(i-1) | info | i) std::vector t_curr(hash_len); size_t t_len = hash_len; - int ret = hmac::compute(type, prk, prk_len, t_input.data(), t_input.size(), t_curr.data(), &t_len); - if (ret != hmac_error_code_t::kOk) { + hmac_error_code_t hret = hmac::compute(type, prk, prk_len, t_input.data(), t_input.size(), t_curr.data(), &t_len); + if (hret != hmac_error_code_t::kOk) { return error_code_t::kOperation; } @@ -956,14 +968,16 @@ ATFRAMEWORK_UTILS_API int hkdf::expand(digest_type_t type, const unsigned char* # endif } -ATFRAMEWORK_UTILS_API int hkdf::expand(digest_type_t type, gsl::span prk, - gsl::span info, unsigned char* okm, size_t okm_len) { +ATFRAMEWORK_UTILS_API hkdf::error_code_t hkdf::expand(digest_type_t type, gsl::span prk, + gsl::span info, unsigned char* okm, + size_t okm_len) { return expand(type, prk.data(), prk.size(), info.data(), info.size(), okm, okm_len); } -ATFRAMEWORK_UTILS_API int hkdf::derive(digest_type_t type, const unsigned char* salt, size_t salt_len, - const unsigned char* ikm, size_t ikm_len, const unsigned char* info, - size_t info_len, unsigned char* okm, size_t okm_len) { +ATFRAMEWORK_UTILS_API hkdf::error_code_t hkdf::derive(digest_type_t type, const unsigned char* salt, size_t salt_len, + const unsigned char* ikm, size_t ikm_len, + const unsigned char* info, size_t info_len, unsigned char* okm, + size_t okm_len) { size_t hash_len = get_digest_output_length(type); if (hash_len == 0) { return error_code_t::kDigestNotSupport; @@ -998,7 +1012,7 @@ ATFRAMEWORK_UTILS_API int hkdf::derive(digest_type_t type, const unsigned char* } params[idx] = OSSL_PARAM_construct_end(); - int ret = error_code_t::kOk; + hkdf::error_code_t ret = error_code_t::kOk; if (EVP_KDF_derive(kctx, okm, okm_len, params) != 1) { ret = error_code_t::kOperation; } @@ -1013,7 +1027,7 @@ ATFRAMEWORK_UTILS_API int hkdf::derive(digest_type_t type, const unsigned char* return error_code_t::kOperation; } - int ret = error_code_t::kOk; + hkdf::error_code_t ret = error_code_t::kOk; const EVP_MD* md = details::get_evp_md_by_type(type); do { @@ -1067,7 +1081,7 @@ ATFRAMEWORK_UTILS_API int hkdf::derive(digest_type_t type, const unsigned char* // Manual implementation: extract then expand std::vector prk(hash_len); size_t prk_len = hash_len; - int ret = extract(type, salt, salt_len, ikm, ikm_len, prk.data(), &prk_len); + hkdf::error_code_t ret = extract(type, salt, salt_len, ikm, ikm_len, prk.data(), &prk_len); if (ret != error_code_t::kOk) { return ret; } @@ -1089,9 +1103,10 @@ ATFRAMEWORK_UTILS_API int hkdf::derive(digest_type_t type, const unsigned char* # endif } -ATFRAMEWORK_UTILS_API int hkdf::derive(digest_type_t type, gsl::span salt, - gsl::span ikm, gsl::span info, - unsigned char* okm, size_t okm_len) { +ATFRAMEWORK_UTILS_API hkdf::error_code_t hkdf::derive(digest_type_t type, gsl::span salt, + gsl::span ikm, + gsl::span info, unsigned char* okm, + size_t okm_len) { return derive(type, salt.data(), salt.size(), ikm.data(), ikm.size(), info.data(), info.size(), okm, okm_len); } @@ -1105,7 +1120,7 @@ ATFRAMEWORK_UTILS_API std::vector hkdf::derive_to_binary(digest_t } std::vector result(okm_len); - int ret = derive(type, salt, ikm, info, result.data(), okm_len); + hkdf::error_code_t ret = derive(type, salt, ikm, info, result.data(), okm_len); if (ret != error_code_t::kOk) { return std::vector(); } @@ -1130,4 +1145,3 @@ ATFRAMEWORK_UTILS_NAMESPACE_END # endif #endif // ATFW_UTIL_MACRO_CRYPTO_HMAC_ENABLED - diff --git a/test/case/crypto_cipher_test.cpp b/test/case/crypto_cipher_test.cpp index f82e226a..b93133f2 100644 --- a/test/case/crypto_cipher_test.cpp +++ b/test/case/crypto_cipher_test.cpp @@ -128,8 +128,8 @@ CASE_TEST(crypto_cipher, aes_cfb) { int v = i & 1; atfw::util::crypto::cipher ci; - int mode = (0 == v) ? (atfw::util::crypto::cipher::mode_t::EN_CMODE_DECRYPT) - : (atfw::util::crypto::cipher::mode_t::EN_CMODE_ENCRYPT); + int32_t mode = (0 == v) ? static_cast(atfw::util::crypto::cipher::mode_t::kDecrypt) + : static_cast(atfw::util::crypto::cipher::mode_t::kEncrypt); if (0 == u) { CASE_EXPECT_EQ(0, ci.init("AES-128-CFB", mode)); } else if (1 == u) { @@ -145,7 +145,7 @@ CASE_TEST(crypto_cipher, aes_cfb) { unsigned char buf_in[64], buf_out[128]; size_t olen = sizeof(buf_out); - if (atfw::util::crypto::cipher::mode_t::EN_CMODE_DECRYPT == mode) { + if (atfw::util::crypto::cipher::mode_t::kDecrypt == mode) { memcpy(buf_in, aes_test_cfb128_ct[u], 64); CASE_EXPECT_EQ(0, ci.decrypt(buf_in, 64, buf_out, &olen)); @@ -185,7 +185,7 @@ CASE_TEST(crypto_cipher, aes_cfb_nopadding_encrypt) { { atfw::util::crypto::cipher ci; - CASE_EXPECT_EQ(0, ci.init("AES-256-CFB", atfw::util::crypto::cipher::mode_t::EN_CMODE_ENCRYPT)); + CASE_EXPECT_EQ(0, ci.init("AES-256-CFB", static_cast(atfw::util::crypto::cipher::mode_t::kEncrypt))); // CASE_EXPECT_EQ(16, ci.get_iv_size()); // CASE_EXPECT_EQ(0, ci.set_iv(aes_test_cfb128_iv, 16)); @@ -210,7 +210,7 @@ CASE_TEST(crypto_cipher, aes_cfb_nopadding_encrypt) { { atfw::util::crypto::cipher ci; - CASE_EXPECT_EQ(0, ci.init("AES-256-CFB", atfw::util::crypto::cipher::mode_t::EN_CMODE_DECRYPT)); + CASE_EXPECT_EQ(0, ci.init("AES-256-CFB", static_cast(atfw::util::crypto::cipher::mode_t::kDecrypt))); // CASE_EXPECT_EQ(16, ci.get_iv_size()); // CASE_EXPECT_EQ(0, ci.set_iv(aes_test_cfb128_iv, 16)); @@ -544,12 +544,11 @@ CASE_TEST(crypto_cipher, evp_test) { evp_test_info info; while (evp_test_parse_info(fin, info)) { - int mode = - atfw::util::crypto::cipher::mode_t::EN_CMODE_ENCRYPT | atfw::util::crypto::cipher::mode_t::EN_CMODE_DECRYPT; + int32_t mode = atfw::util::crypto::cipher::mode_t::kEncrypt | atfw::util::crypto::cipher::mode_t::kDecrypt; if (info.operation == EN_ETOT_ENCRYPT) { - mode = atfw::util::crypto::cipher::mode_t::EN_CMODE_ENCRYPT; + mode = static_cast(atfw::util::crypto::cipher::mode_t::kEncrypt); } else if (info.operation == EN_ETOT_DECRYPT) { - mode = atfw::util::crypto::cipher::mode_t::EN_CMODE_DECRYPT; + mode = static_cast(atfw::util::crypto::cipher::mode_t::kDecrypt); } # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) @@ -576,7 +575,7 @@ CASE_TEST(crypto_cipher, evp_test) { buffer.resize((info.plaintext.size() > info.ciphertext.size() ? info.plaintext.size() : info.ciphertext.size()) + ci.get_block_size() + 16); - if (mode & atfw::util::crypto::cipher::mode_t::EN_CMODE_ENCRYPT) { + if (mode & atfw::util::crypto::cipher::mode_t::kEncrypt) { std::chrono::system_clock::time_point begin = std::chrono::system_clock::now(); int enc_res = 0; const char *failed_step = "memory check"; @@ -672,7 +671,7 @@ CASE_TEST(crypto_cipher, evp_test) { } } - if (mode & atfw::util::crypto::cipher::mode_t::EN_CMODE_DECRYPT) { + if (mode & atfw::util::crypto::cipher::mode_t::kDecrypt) { std::chrono::system_clock::time_point begin = std::chrono::system_clock::now(); int dec_res = 0; const char *failed_step = "memory check"; @@ -763,4 +762,3 @@ CASE_TEST(crypto_cipher, evp_test) { } #endif - diff --git a/test/case/crypto_dh_test.cpp b/test/case/crypto_dh_test.cpp index 0d15ade8..0b8c18e2 100644 --- a/test/case/crypto_dh_test.cpp +++ b/test/case/crypto_dh_test.cpp @@ -82,15 +82,15 @@ CASE_TEST(crypto_dh, dh) { dir += "resource"; dir += atfw::util::file_system::DIRECTORY_SEPARATOR; dir += "test-dhparam.pem"; - CASE_EXPECT_EQ(0, svr_shctx->init(dir.c_str())); - CASE_EXPECT_EQ(0, svr_dh.init(svr_shctx)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_shctx->init(dir.c_str())); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh.init(svr_shctx)); } // client - init: read and setup client shared context { atfw::util::crypto::dh::shared_context::ptr_t cli_shctx = atfw::util::crypto::dh::shared_context::create(); - CASE_EXPECT_EQ(0, cli_shctx->init(atfw::util::crypto::dh::method_t::EN_CDT_DH)); - CASE_EXPECT_EQ(0, cli_dh.init(cli_shctx)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, cli_shctx->init(atfw::util::crypto::dh::method_t::kDh)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, cli_dh.init(cli_shctx)); } std::vector switch_params; @@ -99,22 +99,24 @@ CASE_TEST(crypto_dh, dh) { std::vector svr_secret; // step 1 - server: make private key and public key - CASE_EXPECT_EQ(0, svr_dh.make_params(switch_params)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh.make_params(switch_params)); // step 2 - client: read dhparam and public key of server - CASE_EXPECT_EQ(0, cli_dh.read_params(switch_params.data(), switch_params.size())); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, + cli_dh.read_params(switch_params.data(), switch_params.size())); // step 3 - client: make public key - CASE_EXPECT_EQ(0, cli_dh.make_public(switch_public)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, cli_dh.make_public(switch_public)); // step 4 - client: calculate secret - CASE_EXPECT_EQ(0, cli_dh.calc_secret(cli_secret)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, cli_dh.calc_secret(cli_secret)); // step 5 - server: read public key of client - CASE_EXPECT_EQ(0, svr_dh.read_public(switch_public.data(), switch_public.size())); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, + svr_dh.read_public(switch_public.data(), switch_public.size())); // step 6 - server: calculate secret - CASE_EXPECT_EQ(0, svr_dh.calc_secret(svr_secret)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh.calc_secret(svr_secret)); // DH process done CASE_EXPECT_EQ(cli_secret.size(), svr_secret.size()); @@ -162,15 +164,16 @@ CASE_TEST(crypto_dh, ecdh) { // server - init: read and setup server dh params { atfw::util::crypto::dh::shared_context::ptr_t svr_shctx = atfw::util::crypto::dh::shared_context::create(); - CASE_EXPECT_EQ(0, svr_shctx->init(all_curves[curve_idx].c_str())); - CASE_EXPECT_EQ(0, svr_dh.init(svr_shctx)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_shctx->init(all_curves[curve_idx].c_str())); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh.init(svr_shctx)); } // client - init: read and setup client shared context { atfw::util::crypto::dh::shared_context::ptr_t cli_shctx = atfw::util::crypto::dh::shared_context::create(); - CASE_EXPECT_EQ(0, cli_shctx->init(atfw::util::crypto::dh::method_t::EN_CDT_ECDH)); - CASE_EXPECT_EQ(0, cli_dh.init(cli_shctx)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, + cli_shctx->init(atfw::util::crypto::dh::method_t::kEcdh)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, cli_dh.init(cli_shctx)); } std::vector switch_params; @@ -179,22 +182,24 @@ CASE_TEST(crypto_dh, ecdh) { std::vector svr_secret; // step 1 - server: make private key and public key - CASE_EXPECT_EQ(0, svr_dh.make_params(switch_params)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh.make_params(switch_params)); // step 2 - client: read dhparam and public key of server - CASE_EXPECT_EQ(0, cli_dh.read_params(switch_params.data(), switch_params.size())); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, + cli_dh.read_params(switch_params.data(), switch_params.size())); // step 3 - client: make public key - CASE_EXPECT_EQ(0, cli_dh.make_public(switch_public)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, cli_dh.make_public(switch_public)); // step 4 - client: calculate secret - CASE_EXPECT_EQ(0, cli_dh.calc_secret(cli_secret)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, cli_dh.calc_secret(cli_secret)); // step 5 - server: read public key of client - CASE_EXPECT_EQ(0, svr_dh.read_public(switch_public.data(), switch_public.size())); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, + svr_dh.read_public(switch_public.data(), switch_public.size())); // step 6 - server: calculate secret - CASE_EXPECT_EQ(0, svr_dh.calc_secret(svr_secret)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh.calc_secret(svr_secret)); // DH process done CASE_EXPECT_EQ(cli_secret.size(), svr_secret.size()); @@ -273,19 +278,20 @@ CASE_TEST(crypto_dh, ecdh_alias_and_both_server) { // server - init: read and setup server dh params { atfw::util::crypto::dh::shared_context::ptr_t svr_shctx = atfw::util::crypto::dh::shared_context::create(); - CASE_EXPECT_EQ(0, svr_shctx->init(all_curves[curve_idx].c_str())); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_shctx->init(all_curves[curve_idx].c_str())); auto svr_dh1_init_result = svr_dh1.init(svr_shctx); - if (svr_dh1_init_result != 0 && all_curves[curve_idx] == "ecdh:X25519") { + if (svr_dh1_init_result != atfw::util::crypto::dh::error_code_t::kOk && + all_curves[curve_idx] == "ecdh:X25519") { break; } - CASE_EXPECT_EQ(0, svr_dh1_init_result); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh1_init_result); } // client - init: read and setup client shared context { atfw::util::crypto::dh::shared_context::ptr_t svr_shctx = atfw::util::crypto::dh::shared_context::create(); - CASE_EXPECT_EQ(0, svr_shctx->init(all_curves[curve_idx].c_str())); - CASE_EXPECT_EQ(0, svr_dh2.init(svr_shctx)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_shctx->init(all_curves[curve_idx].c_str())); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh2.init(svr_shctx)); } std::vector switch_params; @@ -295,20 +301,22 @@ CASE_TEST(crypto_dh, ecdh_alias_and_both_server) { std::vector svr2_secret; // step 1 - server: make private key and public key - CASE_EXPECT_EQ(0, svr_dh1.make_params(switch_params)); - CASE_EXPECT_EQ(0, svr_dh2.make_params(switch_params)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh1.make_params(switch_params)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh2.make_params(switch_params)); // step 2 - server: make and export public key - CASE_EXPECT_EQ(0, svr_dh1.make_public(switch_public_svr1)); - CASE_EXPECT_EQ(0, svr_dh2.make_public(switch_public_svr2)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh1.make_public(switch_public_svr1)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh2.make_public(switch_public_svr2)); // step 3 - server: read remote public - CASE_EXPECT_EQ(0, svr_dh1.read_public(switch_public_svr2.data(), switch_public_svr2.size())); - CASE_EXPECT_EQ(0, svr_dh2.read_public(switch_public_svr1.data(), switch_public_svr1.size())); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, + svr_dh1.read_public(switch_public_svr2.data(), switch_public_svr2.size())); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, + svr_dh2.read_public(switch_public_svr1.data(), switch_public_svr1.size())); // step 4 - client: calculate secret - CASE_EXPECT_EQ(0, svr_dh2.calc_secret(svr2_secret)); - CASE_EXPECT_EQ(0, svr_dh1.calc_secret(svr1_secret)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh2.calc_secret(svr2_secret)); + CASE_EXPECT_EQ(atfw::util::crypto::dh::error_code_t::kOk, svr_dh1.calc_secret(svr1_secret)); // DH process done CASE_EXPECT_EQ(svr2_secret.size(), svr1_secret.size()); @@ -355,4 +363,3 @@ CASE_TEST(crypto_dh, ecdh_alias_and_both_server) { } #endif - diff --git a/test/case/crypto_hmac_test.cpp b/test/case/crypto_hmac_test.cpp index ca6e92c8..aa1dbea6 100644 --- a/test/case/crypto_hmac_test.cpp +++ b/test/case/crypto_hmac_test.cpp @@ -110,9 +110,9 @@ CASE_TEST(crypto_hmac, hmac_sha256_rfc4231_test1) { std::vector output(32); size_t output_len = output.size(); - int ret = atfw::util::crypto::hmac::compute(atfw::util::crypto::digest_type_t::kSha256, key.data(), key.size(), - reinterpret_cast(data), data_len, output.data(), - &output_len); + auto ret = atfw::util::crypto::hmac::compute(atfw::util::crypto::digest_type_t::kSha256, key.data(), key.size(), + reinterpret_cast(data), data_len, output.data(), + &output_len); CASE_EXPECT_EQ(atfw::util::crypto::hmac_error_code_t::kOk, ret); CASE_EXPECT_EQ(32u, output_len); @@ -190,7 +190,7 @@ CASE_TEST(crypto_hmac, hmac_sha256_streaming) { atfw::util::crypto::hmac h; CASE_EXPECT_FALSE(h.is_valid()); - int ret = h.init(atfw::util::crypto::digest_type_t::kSha256, key.data(), key.size()); + auto ret = h.init(atfw::util::crypto::digest_type_t::kSha256, key.data(), key.size()); CASE_EXPECT_EQ(atfw::util::crypto::hmac_error_code_t::kOk, ret); CASE_EXPECT_TRUE(h.is_valid()); CASE_EXPECT_EQ(32u, h.get_output_length()); @@ -221,7 +221,7 @@ CASE_TEST(crypto_hmac, hmac_sha256_streaming_multiple_updates) { const char* data2 = "There"; atfw::util::crypto::hmac h; - int ret = h.init(atfw::util::crypto::digest_type_t::kSha256, key.data(), key.size()); + auto ret = h.init(atfw::util::crypto::digest_type_t::kSha256, key.data(), key.size()); CASE_EXPECT_EQ(atfw::util::crypto::hmac_error_code_t::kOk, ret); ret = h.update(reinterpret_cast(data1), strlen(data1)); @@ -287,7 +287,7 @@ CASE_TEST(crypto_hmac, hmac_move_semantics) { std::vector key(20, 0x0b); atfw::util::crypto::hmac h1; - int ret = h1.init(atfw::util::crypto::digest_type_t::kSha256, key.data(), key.size()); + auto ret = h1.init(atfw::util::crypto::digest_type_t::kSha256, key.data(), key.size()); CASE_EXPECT_EQ(atfw::util::crypto::hmac_error_code_t::kOk, ret); CASE_EXPECT_TRUE(h1.is_valid()); @@ -309,7 +309,7 @@ CASE_TEST(crypto_hmac, hmac_error_cases) { atfw::util::crypto::hmac h; // Update before init - int ret = h.update(nullptr, 0); + auto ret = h.update(nullptr, 0); CASE_EXPECT_EQ(atfw::util::crypto::hmac_error_code_t::kNotInitialized, ret); // Final before init @@ -378,8 +378,8 @@ CASE_TEST(crypto_hkdf, hkdf_sha256_rfc5869_test1) { // Test extract std::vector prk(32); size_t prk_len = prk.size(); - int ret = atfw::util::crypto::hkdf::extract(atfw::util::crypto::digest_type_t::kSha256, salt.data(), salt.size(), - ikm.data(), ikm.size(), prk.data(), &prk_len); + auto ret = atfw::util::crypto::hkdf::extract(atfw::util::crypto::digest_type_t::kSha256, salt.data(), salt.size(), + ikm.data(), ikm.size(), prk.data(), &prk_len); CASE_EXPECT_EQ(atfw::util::crypto::hkdf::error_code_t::kOk, ret); CASE_EXPECT_EQ(32u, prk_len); @@ -435,8 +435,8 @@ CASE_TEST(crypto_hkdf, hkdf_sha256_rfc5869_test2) { "e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"); std::vector okm(82); - int ret = atfw::util::crypto::hkdf::derive(atfw::util::crypto::digest_type_t::kSha256, salt.data(), salt.size(), - ikm.data(), ikm.size(), info.data(), info.size(), okm.data(), okm.size()); + auto ret = atfw::util::crypto::hkdf::derive(atfw::util::crypto::digest_type_t::kSha256, salt.data(), salt.size(), + ikm.data(), ikm.size(), info.data(), info.size(), okm.data(), okm.size()); CASE_EXPECT_EQ(atfw::util::crypto::hkdf::error_code_t::kOk, ret); std::string expected_okm = @@ -462,8 +462,8 @@ CASE_TEST(crypto_hkdf, hkdf_sha256_rfc5869_test3) { std::vector ikm(22, 0x0b); std::vector okm(42); - int ret = atfw::util::crypto::hkdf::derive(atfw::util::crypto::digest_type_t::kSha256, nullptr, 0, ikm.data(), - ikm.size(), nullptr, 0, okm.data(), okm.size()); + auto ret = atfw::util::crypto::hkdf::derive(atfw::util::crypto::digest_type_t::kSha256, nullptr, 0, ikm.data(), + ikm.size(), nullptr, 0, okm.data(), okm.size()); CASE_EXPECT_EQ(atfw::util::crypto::hkdf::error_code_t::kOk, ret); std::string expected_okm = "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8"; @@ -489,8 +489,8 @@ CASE_TEST(crypto_hkdf, hkdf_sha1_rfc5869_test4) { std::vector info = hex_to_bytes("f0f1f2f3f4f5f6f7f8f9"); std::vector okm(42); - int ret = atfw::util::crypto::hkdf::derive(atfw::util::crypto::digest_type_t::kSha1, salt.data(), salt.size(), - ikm.data(), ikm.size(), info.data(), info.size(), okm.data(), okm.size()); + auto ret = atfw::util::crypto::hkdf::derive(atfw::util::crypto::digest_type_t::kSha1, salt.data(), salt.size(), + ikm.data(), ikm.size(), info.data(), info.size(), okm.data(), okm.size()); CASE_EXPECT_EQ(atfw::util::crypto::hkdf::error_code_t::kOk, ret); std::string expected_okm = "085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896"; @@ -523,8 +523,8 @@ CASE_TEST(crypto_hkdf, hkdf_error_cases) { std::vector okm(42); // Invalid digest type - int ret = atfw::util::crypto::hkdf::derive(atfw::util::crypto::digest_type_t::kNone, nullptr, 0, ikm.data(), - ikm.size(), nullptr, 0, okm.data(), okm.size()); + auto ret = atfw::util::crypto::hkdf::derive(atfw::util::crypto::digest_type_t::kNone, nullptr, 0, ikm.data(), + ikm.size(), nullptr, 0, okm.data(), okm.size()); CASE_EXPECT_EQ(atfw::util::crypto::hkdf::error_code_t::kDigestNotSupport, ret); // Output length too large (> 255 * hash_len) @@ -546,8 +546,8 @@ CASE_TEST(crypto_hkdf, hkdf_span_api) { // Extract with span std::vector prk(32); size_t prk_len = prk.size(); - int ret = atfw::util::crypto::hkdf::extract(atfw::util::crypto::digest_type_t::kSha256, gsl::make_span(salt), - gsl::make_span(ikm), prk.data(), &prk_len); + auto ret = atfw::util::crypto::hkdf::extract(atfw::util::crypto::digest_type_t::kSha256, gsl::make_span(salt), + gsl::make_span(ikm), prk.data(), &prk_len); CASE_EXPECT_EQ(atfw::util::crypto::hkdf::error_code_t::kOk, ret); // Expand with span @@ -570,4 +570,3 @@ CASE_TEST(crypto_hkdf, hkdf_span_api) { } #endif // ATFW_UTIL_MACRO_CRYPTO_HMAC_ENABLED - From e40b56e09ac5b7a85424358fbae0ee5e7131590b Mon Sep 17 00:00:00 2001 From: owent Date: Fri, 24 Apr 2026 00:32:55 +0800 Subject: [PATCH 2/2] Fixes include --- atframework/cmake-toolset | 2 +- src/algorithm/crypto_hmac.cpp | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/atframework/cmake-toolset b/atframework/cmake-toolset index 75943f95..0d9385f4 160000 --- a/atframework/cmake-toolset +++ b/atframework/cmake-toolset @@ -1 +1 @@ -Subproject commit 75943f95f1b6a7ed5b4c53f5b832c996a2b66ae6 +Subproject commit 0d9385f4a3eb0b422e82053bbc65c62b51f8c299 diff --git a/src/algorithm/crypto_hmac.cpp b/src/algorithm/crypto_hmac.cpp index 38c25a30..9db0964c 100644 --- a/src/algorithm/crypto_hmac.cpp +++ b/src/algorithm/crypto_hmac.cpp @@ -79,6 +79,12 @@ # endif // OpenSSL/LibreSSL/BoringSSL +# if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) +# include +# include +# include +# endif + # if defined(ATFRAMEWORK_UTILS_CRYPTO_USE_LIBRESSL) || defined(ATFRAMEWORK_UTILS_CRYPTO_USE_BORINGSSL) # define ATFRAMEWORK_UTILS_CRYPTO_IGNORE_VERSION_WARNINGS 1 # endif @@ -264,10 +270,6 @@ static void free_hmac_context(void* ctx) { # elif defined(ATFRAMEWORK_UTILS_CRYPTO_USE_MBEDTLS) -# include -# include -# include - static const mbedtls_md_info_t* get_md_info_by_type(digest_type_t type) noexcept { switch (type) { case digest_type_t::kSha1: