From 65c5c8fca030d041150e8dd0df69f9f4adab64dd Mon Sep 17 00:00:00 2001 From: Xavier Chapron Date: Thu, 18 Jan 2024 11:06:57 +0100 Subject: [PATCH] lib_cxng: Introduce cx_xyz_assert() for praticality --- lib_cxng/include/lcx_aead.h | 140 ++++++++++++++++++++++++++ lib_cxng/include/lcx_aes.h | 69 +++++++++++++ lib_cxng/include/lcx_aes_gcm.h | 117 ++++++++++++++++++++++ lib_cxng/include/lcx_aes_siv.h | 108 +++++++++++++++++++++ lib_cxng/include/lcx_blake2.h | 28 ++++++ lib_cxng/include/lcx_blake3.h | 50 ++++++++++ lib_cxng/include/lcx_chacha.h | 56 +++++++++++ lib_cxng/include/lcx_chacha_poly.h | 119 +++++++++++++++++++++++ lib_cxng/include/lcx_cipher.h | 102 +++++++++++++++++++ lib_cxng/include/lcx_cmac.h | 50 ++++++++++ lib_cxng/include/lcx_ecdh.h | 37 +++++++ lib_cxng/include/lcx_ecdsa.h | 20 ++++ lib_cxng/include/lcx_ecfp.h | 127 ++++++++++++++++++++++++ lib_cxng/include/lcx_eddsa.h | 17 ++++ lib_cxng/include/lcx_groestl.h | 36 +++++++ lib_cxng/include/lcx_hash.h | 56 +++++++++++ lib_cxng/include/lcx_hmac.h | 112 +++++++++++++++++++++ lib_cxng/include/lcx_math.h | 151 +++++++++++++++++++++++++++++ lib_cxng/include/lcx_ripemd160.h | 10 ++ lib_cxng/include/lcx_rng.h | 20 ++++ lib_cxng/include/lcx_rsa.h | 123 +++++++++++++++++++++++ lib_cxng/include/lcx_sha3.h | 52 ++++++++++ 22 files changed, 1600 insertions(+) diff --git a/lib_cxng/include/lcx_aead.h b/lib_cxng/include/lcx_aead.h index 806c24ea6..8a56b680e 100644 --- a/lib_cxng/include/lcx_aead.h +++ b/lib_cxng/include/lcx_aead.h @@ -37,6 +37,7 @@ #if defined(HAVE_AEAD) #include "cx_errors.h" +#include "ledger_assert.h" #include #if defined(HAVE_AES_GCM) #include "lcx_aes_gcm.h" @@ -143,6 +144,17 @@ typedef struct { */ WARN_UNUSED_RESULT cx_err_t cx_aead_init(cx_aead_context_t *ctx); +/** + * @brief cx_aead_init version which doesn't return in case of failure. + * + * See #cx_aead_init + */ +static inline void cx_aead_init_assert(cx_aead_context_t *ctx) +{ + LEDGER_ASSERT(cx_aead_init(ctx) == CX_OK, + "cx_aead_init"); +} + /** * @brief AEAD set up. * @@ -160,6 +172,17 @@ WARN_UNUSED_RESULT cx_err_t cx_aead_init(cx_aead_context_t *ctx); */ WARN_UNUSED_RESULT cx_err_t cx_aead_setup(cx_aead_context_t *ctx, cx_aead_type_t type); +/** + * @brief cx_aead_setup version which doesn't return in case of failure. + * + * See #cx_aead_setup + */ +static inline void cx_aead_setup_assert(cx_aead_context_t *ctx, cx_aead_type_t type) +{ + LEDGER_ASSERT(cx_aead_setup(ctx, type) == CX_OK, + "cx_aead_setup"); +} + /** * @brief Sets the cipher key. * @@ -181,6 +204,20 @@ WARN_UNUSED_RESULT cx_err_t cx_aead_set_key(cx_aead_context_t *ctx, size_t key_len, uint32_t mode); +/** + * @brief cx_aead_set_key version which doesn't return in case of failure. + * + * See #cx_aead_set_key + */ +static inline void cx_aead_set_key_assert(cx_aead_context_t *ctx, + const uint8_t *key, + size_t key_len, + uint32_t mode) +{ + LEDGER_ASSERT(cx_aead_set_key(ctx, key, key_len, mode) == CX_OK, + "cx_aead_set_key"); +} + /** * @brief Sets the initialization vector. * @@ -198,6 +235,19 @@ WARN_UNUSED_RESULT cx_err_t cx_aead_set_iv(cx_aead_context_t *ctx, const uint8_t *iv, size_t iv_len); +/** + * @brief cx_aead_set_iv version which doesn't return in case of failure. + * + * See #cx_aead_set_iv + */ +static inline void cx_aead_set_iv_assert(cx_aead_context_t *ctx, + const uint8_t *iv, + size_t iv_len) +{ + LEDGER_ASSERT(cx_aead_set_iv(ctx, iv, iv_len) == CX_OK, + "cx_aead_set_iv"); +} + /** * @brief Adds associated data to the context. * @@ -216,6 +266,19 @@ WARN_UNUSED_RESULT cx_err_t cx_aead_update_ad(cx_aead_context_t *ctx, const uint8_t *ad, size_t ad_len); +/** + * @brief cx_aead_update_ad version which doesn't return in case of failure. + * + * See #cx_aead_update_ad + */ +static inline void cx_aead_update_ad_assert(cx_aead_context_t *ctx, + const uint8_t *ad, + size_t ad_len) +{ + LEDGER_ASSERT(cx_aead_update_ad(ctx, ad, ad_len) == CX_OK, + "cx_aead_update_ad"); +} + /** * @brief Updates the data to encrypt or decrypt. * @@ -239,6 +302,17 @@ WARN_UNUSED_RESULT cx_err_t cx_aead_update_ad(cx_aead_context_t *ctx, WARN_UNUSED_RESULT cx_err_t cx_aead_update(cx_aead_context_t *ctx, uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len); +/** + * @brief cx_aead_update version which doesn't return in case of failure. + * + * See #cx_aead_update + */ +static inline void cx_aead_update_assert(cx_aead_context_t *ctx, uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len) +{ + LEDGER_ASSERT(cx_aead_update(ctx, in, in_len, out, out_len) == CX_OK, + "cx_aead_update"); +} + /** * @brief Writes the tag of the AEAD cipher. * @@ -254,6 +328,17 @@ cx_aead_update(cx_aead_context_t *ctx, uint8_t *in, size_t in_len, uint8_t *out, */ WARN_UNUSED_RESULT cx_err_t cx_aead_write_tag(cx_aead_context_t *ctx, uint8_t *tag, size_t tag_len); +/** + * @brief cx_aead_write_tag version which doesn't return in case of failure. + * + * See #cx_aead_write_tag + */ +static inline void cx_aead_write_tag_assert(cx_aead_context_t *ctx, uint8_t *tag, size_t tag_len) +{ + LEDGER_ASSERT(cx_aead_write_tag(ctx, tag, tag_len) == CX_OK, + "cx_aead_write_tag"); +} + /** * @brief Checks the tag of the AEAD cipher. * @@ -271,6 +356,19 @@ WARN_UNUSED_RESULT cx_err_t cx_aead_check_tag(cx_aead_context_t *ctx, const uint8_t *tag, size_t tag_len); +/** + * @brief cx_aead_check_tag version which doesn't return in case of failure. + * + * See #cx_aead_check_tag + */ +static inline void cx_aead_check_tag_assert(cx_aead_context_t *ctx, + const uint8_t *tag, + size_t tag_len) +{ + LEDGER_ASSERT(cx_aead_check_tag(ctx, tag, tag_len) == CX_OK, + "cx_aead_check_tag"); +} + /** * @brief All-in-one authenticated encryption. * @@ -313,6 +411,27 @@ WARN_UNUSED_RESULT cx_err_t cx_aead_encrypt(cx_aead_context_t *ctx, uint8_t *tag, size_t tag_len); +/** + * @brief cx_aead_encrypt version which doesn't return in case of failure. + * + * See #cx_aead_encrypt + */ +static inline void cx_aead_encrypt_assert(cx_aead_context_t *ctx, + const uint8_t *iv, + size_t iv_len, + const uint8_t *ad, + size_t ad_len, + uint8_t *in, + size_t in_len, + uint8_t *out, + size_t *out_len, + uint8_t *tag, + size_t tag_len) +{ + LEDGER_ASSERT(cx_aead_encrypt(ctx, iv, iv_len, ad, ad_len, in, in_len, out, out_len, tag, tag_len) == CX_OK, + "cx_aead_encrypt"); +} + /** * @brief All-in-one authenticated decryption. * @@ -356,6 +475,27 @@ WARN_UNUSED_RESULT cx_err_t cx_aead_decrypt(cx_aead_context_t *ctx, const uint8_t *tag, size_t tag_len); +/** + * @brief cx_aead_decrypt version which doesn't return in case of failure. + * + * See #cx_aead_decrypt + */ +static inline void cx_aead_decrypt_assert(cx_aead_context_t *ctx, + const uint8_t *iv, + size_t iv_len, + const uint8_t *ad, + size_t ad_len, + uint8_t *in, + size_t in_len, + uint8_t *out, + size_t *out_len, + const uint8_t *tag, + size_t tag_len) +{ + LEDGER_ASSERT(cx_aead_decrypt(ctx, iv, iv_len, ad, ad_len, in, in_len, out, out_len, tag, tag_len) == CX_OK, + "cx_aead_decrypt"); +} + #endif // HAVE_AEAD #endif // LCX_AED_H diff --git a/lib_cxng/include/lcx_aes.h b/lib_cxng/include/lcx_aes.h index 682a48157..3261e9a86 100644 --- a/lib_cxng/include/lcx_aes.h +++ b/lib_cxng/include/lcx_aes.h @@ -37,6 +37,7 @@ #include "lcx_wrappers.h" #include "lcx_common.h" #include "ox_aes.h" +#include "ledger_assert.h" /** * @brief Initializes an AES Key. @@ -58,6 +59,17 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_init_key_no_throw(const uint8_t *rawkey, size_t key_len, cx_aes_key_t *key); +/** + * @brief cx_aes_init_key_no_throw version which doesn't return in case of failure. + * + * See #cx_aes_init_key_no_throw + */ +static inline void cx_aes_init_key_assert(const uint8_t *rawkey, size_t key_len, cx_aes_key_t *key) +{ + LEDGER_ASSERT(cx_aes_init_key_no_throw(rawkey, key_len, key) == CX_OK, + "cx_aes_init_key_no_throw"); +} + /** * @deprecated * See #cx_aes_init_key_no_throw @@ -123,6 +135,24 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_iv_no_throw(const cx_aes_key_t *key, uint8_t *out, size_t *out_len); +/** + * @brief cx_aes_iv_no_throw version which doesn't return in case of failure. + * + * See #cx_aes_iv_no_throw + */ +static inline void cx_aes_iv_assert(const cx_aes_key_t *key, + uint32_t mode, + const uint8_t *iv, + size_t iv_len, + const uint8_t *in, + size_t in_len, + uint8_t *out, + size_t *out_len) +{ + LEDGER_ASSERT(cx_aes_iv_no_throw(key, mode, iv, iv_len, in, in_len, out, out_len) == CX_OK, + "cx_aes_iv_no_throw"); +} + /** * @deprecated * See #cx_aes_iv_no_throw @@ -188,6 +218,21 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_no_throw(const cx_aes_key_t *key, uint8_t *out, size_t *out_len); +/** + * @brief cx_aes_no_throw version which doesn't return in case of failure. + * + * See #cx_aes_no_throw + */ +static inline void cx_aes_assert(const cx_aes_key_t *key, + uint32_t mode, + const uint8_t *in, + size_t in_len, + uint8_t *out, + size_t *out_len) +{ + LEDGER_ASSERT(cx_aes_no_throw(key, mode, in, in_len, out, out_len) == CX_OK, "cx_aes_no_throw"); +} + /** * @deprecated * See #cx_aes_no_throw @@ -222,6 +267,18 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_enc_block(const cx_aes_key_t *key, const uint8_t *inblock, uint8_t *outblock); +/** + * @brief cx_aes_enc_block version which doesn't return in case of failure. + * + * See #cx_aes_enc_block + */ +static inline void cx_aes_enc_block_assert(const cx_aes_key_t *key, + const uint8_t *inblock, + uint8_t *outblock) +{ + LEDGER_ASSERT(cx_aes_enc_block(key, inblock, outblock) == CX_OK, "cx_aes_enc_block"); +} + /** * @brief Decrypts a 16-byte block using AES algorithm. * @@ -240,6 +297,18 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_dec_block(const cx_aes_key_t *key, const uint8_t *inblock, uint8_t *outblock); +/** + * @brief cx_aes_dec_block version which doesn't return in case of failure. + * + * See #cx_aes_dec_block + */ +static inline void cx_aes_dec_block_assert(const cx_aes_key_t *key, + const uint8_t *inblock, + uint8_t *outblock) +{ + LEDGER_ASSERT(cx_aes_dec_block(key, inblock, outblock) == CX_OK, "cx_aes_dec_block"); +} + #endif // HAVE_AES #endif // LCX_AES_H diff --git a/lib_cxng/include/lcx_aes_gcm.h b/lib_cxng/include/lcx_aes_gcm.h index 8ce2a145a..53aef87e4 100644 --- a/lib_cxng/include/lcx_aes_gcm.h +++ b/lib_cxng/include/lcx_aes_gcm.h @@ -36,6 +36,7 @@ #if defined(HAVE_AES) && defined(HAVE_AES_GCM) #include "ox.h" +#include "ledger_assert.h" #include /** @@ -57,20 +58,80 @@ void cx_aes_gcm_init(cx_aes_gcm_context_t *ctx); WARN_UNUSED_RESULT cx_err_t cx_aes_gcm_set_key(cx_aes_gcm_context_t *ctx, const uint8_t *raw_key, size_t key_len); + +/** + * @brief cx_aes_gcm_set_key version which doesn't return in case of failure. + * + * See #cx_aes_gcm_set_key + */ +static inline void cx_aes_gcm_set_key_assert(cx_aes_gcm_context_t *ctx, + const uint8_t *raw_key, + size_t key_len) +{ + LEDGER_ASSERT(cx_aes_gcm_set_key(ctx, raw_key, key_len) == CX_OK, "cx_aes_gcm_set_key"); +} WARN_UNUSED_RESULT cx_err_t cx_aes_gcm_start(cx_aes_gcm_context_t *ctx, uint32_t mode, const uint8_t *iv, size_t iv_len); + +/** + * @brief cx_aes_gcm_start version which doesn't return in case of failure. + * + * See #cx_aes_gcm_start + */ +static inline void cx_aes_gcm_start_assert(cx_aes_gcm_context_t *ctx, + uint32_t mode, + const uint8_t *iv, + size_t iv_len) +{ + LEDGER_ASSERT(cx_aes_gcm_start(ctx, mode, iv, iv_len) == CX_OK, "cx_aes_gcm_start"); +} WARN_UNUSED_RESULT cx_err_t cx_aes_gcm_update_aad(cx_aes_gcm_context_t *ctx, const uint8_t *aad, size_t aad_len); + +/** + * @brief cx_aes_gcm_update_aad version which doesn't return in case of failure. + * + * See #cx_aes_gcm_update_aad + */ +static inline void cx_aes_gcm_update_aad_assert(cx_aes_gcm_context_t *ctx, + const uint8_t *aad, + size_t aad_len) +{ + LEDGER_ASSERT(cx_aes_gcm_update_aad(ctx, aad, aad_len) == CX_OK, "cx_aes_gcm_update_aad"); +} WARN_UNUSED_RESULT cx_err_t cx_aes_gcm_update(cx_aes_gcm_context_t *ctx, const uint8_t *in, uint8_t *out, size_t len); + +/** + * @brief cx_aes_gcm_update version which doesn't return in case of failure. + * + * See #cx_aes_gcm_update + */ +static inline void cx_aes_gcm_update_assert(cx_aes_gcm_context_t *ctx, + const uint8_t *in, + uint8_t *out, + size_t len) +{ + LEDGER_ASSERT(cx_aes_gcm_update(ctx, in, out, len) == CX_OK, "cx_aes_gcm_update"); +} WARN_UNUSED_RESULT cx_err_t cx_aes_gcm_finish(cx_aes_gcm_context_t *ctx, uint8_t *tag, size_t tag_len); + +/** + * @brief cx_aes_gcm_finish version which doesn't return in case of failure. + * + * See #cx_aes_gcm_finish + */ +static inline void cx_aes_gcm_finish_assert(cx_aes_gcm_context_t *ctx, uint8_t *tag, size_t tag_len) +{ + LEDGER_ASSERT(cx_aes_gcm_finish(ctx, tag, tag_len) == CX_OK, "cx_aes_gcm_finish"); +} WARN_UNUSED_RESULT cx_err_t cx_aes_gcm_encrypt_and_tag(cx_aes_gcm_context_t *ctx, uint8_t *in, size_t len, @@ -81,6 +142,28 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_gcm_encrypt_and_tag(cx_aes_gcm_context_t *ctx uint8_t *out, uint8_t *tag, size_t tag_len); + +/** + * @brief cx_aes_gcm_encrypt_and_tag version which doesn't return in case of failure. + * + * See #cx_aes_gcm_encrypt_and_tag + */ +static inline void cx_aes_gcm_encrypt_and_tag_assert(cx_aes_gcm_context_t *ctx, + uint8_t *in, + size_t len, + const uint8_t *iv, + size_t iv_len, + const uint8_t *aad, + size_t aad_len, + uint8_t *out, + uint8_t *tag, + size_t tag_len) +{ + LEDGER_ASSERT( + cx_aes_gcm_encrypt_and_tag(ctx, in, len, iv, iv_len, aad, aad_len, out, tag, tag_len) + == CX_OK, + "cx_aes_gcm_encrypt_and_tag"); +} WARN_UNUSED_RESULT cx_err_t cx_aes_gcm_decrypt_and_auth(cx_aes_gcm_context_t *ctx, uint8_t *in, size_t len, @@ -91,10 +174,44 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_gcm_decrypt_and_auth(cx_aes_gcm_context_t *ct uint8_t *out, const uint8_t *tag, size_t tag_len); + +/** + * @brief cx_aes_gcm_decrypt_and_auth version which doesn't return in case of failure. + * + * See #cx_aes_gcm_decrypt_and_auth + */ +static inline void cx_aes_gcm_decrypt_and_auth_assert(cx_aes_gcm_context_t *ctx, + uint8_t *in, + size_t len, + const uint8_t *iv, + size_t iv_len, + const uint8_t *aad, + size_t aad_len, + uint8_t *out, + const uint8_t *tag, + size_t tag_len) +{ + LEDGER_ASSERT( + cx_aes_gcm_decrypt_and_auth(ctx, in, len, iv, iv_len, aad, aad_len, out, tag, tag_len) + == CX_OK, + "cx_aes_gcm_decrypt_and_auth"); +} WARN_UNUSED_RESULT cx_err_t cx_aes_gcm_check_tag(cx_aes_gcm_context_t *ctx, const uint8_t *tag, size_t tag_len); +/** + * @brief cx_aes_gcm_check_tag version which doesn't return in case of failure. + * + * See #cx_aes_gcm_check_tag + */ +static inline void cx_aes_gcm_check_tag_assert(cx_aes_gcm_context_t *ctx, + const uint8_t *tag, + size_t tag_len) +{ + LEDGER_ASSERT(cx_aes_gcm_check_tag(ctx, tag, tag_len) == CX_OK, "cx_aes_gcm_check_tag"); +} + #endif // HAVE_AES && HAVE_AES_GCM #endif // LCX_AES_GCM_H diff --git a/lib_cxng/include/lcx_aes_siv.h b/lib_cxng/include/lcx_aes_siv.h index 3b64340fd..3e5da7737 100644 --- a/lib_cxng/include/lcx_aes_siv.h +++ b/lib_cxng/include/lcx_aes_siv.h @@ -21,6 +21,7 @@ #define LCX_AES_SIV_H #include "lcx_cipher.h" +#include "ledger_assert.h" #define AES_SIV_MAX_KEY_LEN (32) #define AES_SIV_KEY_NUMBER (2) @@ -55,6 +56,16 @@ typedef struct _cx_aes_siv_context { */ WARN_UNUSED_RESULT cx_err_t cx_aes_siv_init(cx_aes_siv_context_t *ctx); +/** + * @brief cx_aes_siv_init version which doesn't return in case of failure. + * + * See #cx_aes_siv_init + */ +static inline void cx_aes_siv_init_assert(cx_aes_siv_context_t *ctx) +{ + LEDGER_ASSERT(cx_aes_siv_init(ctx) == CX_OK, "cx_aes_siv_init"); +} + /** * @brief Sets the key to compute AES-SIV. * @@ -75,6 +86,18 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_siv_set_key(cx_aes_siv_context_t *ctx, const uint8_t *key, size_t key_bitlen); +/** + * @brief cx_aes_siv_set_key version which doesn't return in case of failure. + * + * See #cx_aes_siv_set_key + */ +static inline void cx_aes_siv_set_key_assert(cx_aes_siv_context_t *ctx, + const uint8_t *key, + size_t key_bitlen) +{ + LEDGER_ASSERT(cx_aes_siv_set_key(ctx, key, key_bitlen) == CX_OK, "cx_aes_siv_set_key"); +} + /** * @brief Starts the S2V algorithm following RFC5297 specification. * @@ -92,6 +115,19 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_siv_start(cx_aes_siv_context_t *ctx, const uint8_t *iv, size_t iv_len); +/** + * @brief cx_aes_siv_start version which doesn't return in case of failure. + * + * See #cx_aes_siv_start + */ +static inline void cx_aes_siv_start_assert(cx_aes_siv_context_t *ctx, + uint32_t mode, + const uint8_t *iv, + size_t iv_len) +{ + LEDGER_ASSERT(cx_aes_siv_start(ctx, mode, iv, iv_len) == CX_OK, "cx_aes_siv_start"); +} + /** * @brief Processes additional data. * @@ -104,6 +140,18 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_siv_update_aad(cx_aes_siv_context_t *ctx, const uint8_t *aad, size_t aad_len); +/** + * @brief cx_aes_siv_update_aad version which doesn't return in case of failure. + * + * See #cx_aes_siv_update_aad + */ +static inline void cx_aes_siv_update_aad_assert(cx_aes_siv_context_t *ctx, + const uint8_t *aad, + size_t aad_len) +{ + LEDGER_ASSERT(cx_aes_siv_update_aad(ctx, aad, aad_len) == CX_OK, "cx_aes_siv_update_aad"); +} + /** * @brief Processes plaintext or ciphertext with AES-CTR. * @@ -119,6 +167,19 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_siv_update(cx_aes_siv_context_t *ctx, uint8_t *output, size_t len); +/** + * @brief cx_aes_siv_update version which doesn't return in case of failure. + * + * See #cx_aes_siv_update + */ +static inline void cx_aes_siv_update_assert(cx_aes_siv_context_t *ctx, + const uint8_t *input, + uint8_t *output, + size_t len) +{ + LEDGER_ASSERT(cx_aes_siv_update(ctx, input, output, len) == CX_OK, "cx_aes_siv_update"); +} + /** * @brief Finishes the S2V algorithm and prepares for the * AES-CTR computation. @@ -135,6 +196,19 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_siv_finish(cx_aes_siv_context_t *ctx, size_t in_len, uint8_t *tag); +/** + * @brief cx_aes_siv_finish version which doesn't return in case of failure. + * + * See #cx_aes_siv_finish + */ +static inline void cx_aes_siv_finish_assert(cx_aes_siv_context_t *ctx, + const uint8_t *input, + size_t in_len, + uint8_t *tag) +{ + LEDGER_ASSERT(cx_aes_siv_finish(ctx, input, in_len, tag) == CX_OK, "cx_aes_siv_finish"); +} + /** * @brief All-in-one encryption. * @@ -157,6 +231,23 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_siv_encrypt(cx_aes_siv_context_t *ctx, uint8_t *output, uint8_t *tag); +/** + * @brief cx_aes_siv_encrypt version which doesn't return in case of failure. + * + * See #cx_aes_siv_encrypt + */ +static inline void cx_aes_siv_encrypt_assert(cx_aes_siv_context_t *ctx, + const uint8_t *input, + size_t in_len, + const uint8_t *aad, + size_t aad_len, + uint8_t *output, + uint8_t *tag) +{ + LEDGER_ASSERT(cx_aes_siv_encrypt(ctx, input, in_len, aad, aad_len, output, tag) == CX_OK, + "cx_aes_siv_encrypt"); +} + /** * @brief All-in-one decryption. * @@ -179,6 +270,23 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_siv_decrypt(cx_aes_siv_context_t *ctx, uint8_t *output, uint8_t *tag); +/** + * @brief cx_aes_siv_decrypt version which doesn't return in case of failure. + * + * See #cx_aes_siv_decrypt + */ +static inline void cx_aes_siv_decrypt_assert(cx_aes_siv_context_t *ctx, + const uint8_t *input, + size_t in_len, + const uint8_t *aad, + size_t aad_len, + uint8_t *output, + uint8_t *tag) +{ + LEDGER_ASSERT(cx_aes_siv_decrypt(ctx, input, in_len, aad, aad_len, output, tag) == CX_OK, + "cx_aes_siv_decrypt"); +} + #endif /* LCX_AES_SIV_H */ #endif // HAVE_AES_SIV diff --git a/lib_cxng/include/lcx_blake2.h b/lib_cxng/include/lcx_blake2.h index 3acd3e6eb..87045afdf 100644 --- a/lib_cxng/include/lcx_blake2.h +++ b/lib_cxng/include/lcx_blake2.h @@ -31,6 +31,7 @@ #include "lcx_wrappers.h" #include "lcx_hash.h" +#include "ledger_assert.h" #include #include @@ -81,6 +82,16 @@ typedef struct cx_blake2b_s cx_blake2b_t; */ WARN_UNUSED_RESULT cx_err_t cx_blake2b_init_no_throw(cx_blake2b_t *hash, size_t out_len); +/** + * @brief cx_blake2b_init_no_throw version which doesn't return in case of failure. + * + * See #cx_blake2b_init_no_throw + */ +static inline void cx_blake2b_init_assert(cx_blake2b_t *hash, size_t out_len) +{ + LEDGER_ASSERT(cx_blake2b_init_no_throw(hash, out_len) == CX_OK, "cx_blake2b_init_no_throw"); +} + /** * @deprecated * See #cx_blake2b_init_no_throw @@ -119,6 +130,23 @@ WARN_UNUSED_RESULT cx_err_t cx_blake2b_init2_no_throw(cx_blake2b_t *hash, uint8_t *perso, size_t perso_len); +/** + * @brief cx_blake2b_init2_no_throw version which doesn't return in case of failure. + * + * See #cx_blake2b_init2_no_throw + */ +static inline void cx_blake2b_init2_assert(cx_blake2b_t *hash, + size_t out_len, + uint8_t *salt, + size_t salt_len, + uint8_t *perso, + size_t perso_len) +{ + LEDGER_ASSERT( + cx_blake2b_init2_no_throw(hash, out_len, salt, salt_len, perso, perso_len) == CX_OK, + "cx_blake2b_init2_no_throw"); +} + /** * @deprecated * See #cx_blake2b_init2_no_throw diff --git a/lib_cxng/include/lcx_blake3.h b/lib_cxng/include/lcx_blake3.h index 9d9bfd540..b24537c2f 100644 --- a/lib_cxng/include/lcx_blake3.h +++ b/lib_cxng/include/lcx_blake3.h @@ -36,6 +36,7 @@ #include "lcx_hash.h" #include "lcx_wrappers.h" +#include "ledger_assert.h" #include #include @@ -107,6 +108,20 @@ WARN_UNUSED_RESULT cx_err_t cx_blake3_init(cx_blake3_t *hash, const void *context, unsigned int context_len); +/** + * @brief cx_blake3_init version which doesn't return in case of failure. + * + * See #cx_blake3_init + */ +static inline void cx_blake3_init_assert(cx_blake3_t *hash, + uint8_t mode, + const unsigned char *key, + const void *context, + unsigned int context_len) +{ + LEDGER_ASSERT(cx_blake3_init(hash, mode, key, context, context_len) == CX_OK, "cx_blake3_init"); +} + /** * @brief Computes the digest of a message using blake3. * @@ -131,6 +146,21 @@ WARN_UNUSED_RESULT cx_err_t cx_blake3(cx_blake3_t *hash, uint8_t *out, size_t out_len); +/** + * @brief cx_blake3 version which doesn't return in case of failure. + * + * See #cx_blake3 + */ +static inline void cx_blake3_assert(cx_blake3_t *hash, + uint8_t mode, + const void *input, + size_t input_len, + uint8_t *out, + size_t out_len) +{ + LEDGER_ASSERT(cx_blake3(hash, mode, input, input_len, out, out_len) == CX_OK, "cx_blake3"); +} + /** * @brief Adds more data to process to the context. * @@ -146,6 +176,16 @@ WARN_UNUSED_RESULT cx_err_t cx_blake3_update(cx_blake3_t *hash, const void *input, size_t input_len); +/** + * @brief cx_blake3_update version which doesn't return in case of failure. + * + * See #cx_blake3_update + */ +static inline void cx_blake3_update_assert(cx_blake3_t *hash, const void *input, size_t input_len) +{ + LEDGER_ASSERT(cx_blake3_update(hash, input, input_len) == CX_OK, "cx_blake3_update"); +} + /** * @brief Finalizes the hash. * @@ -159,5 +199,15 @@ WARN_UNUSED_RESULT cx_err_t cx_blake3_update(cx_blake3_t *hash, */ WARN_UNUSED_RESULT cx_err_t cx_blake3_final(cx_blake3_t *hash, uint8_t *output, size_t out_len); +/** + * @brief cx_blake3_final version which doesn't return in case of failure. + * + * See #cx_blake3_final + */ +static inline void cx_blake3_final_assert(cx_blake3_t *hash, uint8_t *output, size_t out_len) +{ + LEDGER_ASSERT(cx_blake3_final(hash, output, out_len) == CX_OK, "cx_blake3_final"); +} + #endif // LCX_BLAKE3_H #endif // HAVE_BLAKE3 diff --git a/lib_cxng/include/lcx_chacha.h b/lib_cxng/include/lcx_chacha.h index 0589d083c..13c36c8b5 100644 --- a/lib_cxng/include/lcx_chacha.h +++ b/lib_cxng/include/lcx_chacha.h @@ -36,6 +36,7 @@ #if defined(HAVE_CHACHA) #include "ox.h" +#include "ledger_assert.h" #include /** @@ -84,6 +85,18 @@ WARN_UNUSED_RESULT cx_err_t cx_chacha_set_key(cx_chacha_context_t *ctx, const uint8_t *key, size_t key_len); +/** + * @brief cx_chacha_set_key version which doesn't return in case of failure. + * + * See #cx_chacha_set_key + */ +static inline void cx_chacha_set_key_assert(cx_chacha_context_t *ctx, + const uint8_t *key, + size_t key_len) +{ + LEDGER_ASSERT(cx_chacha_set_key(ctx, key, key_len) == CX_OK, "cx_chacha_set_key"); +} + /** * @brief Set the nonce and initial counter value. * @@ -108,6 +121,18 @@ WARN_UNUSED_RESULT cx_err_t cx_chacha_start(cx_chacha_context_t *ctx, const uint8_t *iv, size_t iv_len); +/** + * @brief cx_chacha_start version which doesn't return in case of failure. + * + * See #cx_chacha_start + */ +static inline void cx_chacha_start_assert(cx_chacha_context_t *ctx, + const uint8_t *iv, + size_t iv_len) +{ + LEDGER_ASSERT(cx_chacha_start(ctx, iv, iv_len) == CX_OK, "cx_chacha_start"); +} + /** * @brief Update the stream: encrypt or decrypt data. * @@ -132,6 +157,19 @@ WARN_UNUSED_RESULT cx_err_t cx_chacha_update(cx_chacha_context_t *ctx, uint8_t *output, size_t len); +/** + * @brief cx_chacha_update version which doesn't return in case of failure. + * + * See #cx_chacha_update + */ +static inline void cx_chacha_update_assert(cx_chacha_context_t *ctx, + const uint8_t *input, + uint8_t *output, + size_t len) +{ + LEDGER_ASSERT(cx_chacha_update(ctx, input, output, len) == CX_OK, "cx_chacha_update"); +} + /** * @brief Encrypt or decrypt data with Chacha and a given key and nonce. * @@ -164,6 +202,24 @@ WARN_UNUSED_RESULT cx_err_t cx_chacha_cipher(uint32_t nrounds, uint8_t *output, size_t len); +/** + * @brief cx_chacha_cipher version which doesn't return in case of failure. + * + * See #cx_chacha_cipher + */ +static inline void cx_chacha_cipher_assert(uint32_t nrounds, + const uint8_t *key, + size_t key_len, + const uint8_t *iv, + size_t iv_len, + const uint8_t *input, + uint8_t *output, + size_t len) +{ + LEDGER_ASSERT(cx_chacha_cipher(nrounds, key, key_len, iv, iv_len, input, output, len) == CX_OK, + "cx_chacha_cipher"); +} + #endif // HAVE_CHACHA #endif // LCX_CHACHA_H diff --git a/lib_cxng/include/lcx_chacha_poly.h b/lib_cxng/include/lcx_chacha_poly.h index efa3659a8..03ae8fefc 100644 --- a/lib_cxng/include/lcx_chacha_poly.h +++ b/lib_cxng/include/lcx_chacha_poly.h @@ -35,6 +35,7 @@ #include "lcx_chacha.h" #include "lcx_poly1305.h" #include "ox.h" +#include "ledger_assert.h" #include typedef struct { @@ -52,24 +53,86 @@ WARN_UNUSED_RESULT cx_err_t cx_chachapoly_set_key(cx_chachapoly_context_t *ctx, const uint8_t *key, size_t key_len); +/** + * @brief cx_chachapoly_set_key version which doesn't return in case of failure. + * + * See #cx_chachapoly_set_key + */ +static inline void cx_chachapoly_set_key_assert(cx_chachapoly_context_t *ctx, + const uint8_t *key, + size_t key_len) +{ + LEDGER_ASSERT(cx_chachapoly_set_key(ctx, key, key_len) == CX_OK, "cx_chachapoly_set_key"); +} + WARN_UNUSED_RESULT cx_err_t cx_chachapoly_start(cx_chachapoly_context_t *ctx, uint32_t mode, const uint8_t *iv, size_t iv_len); +/** + * @brief cx_chachapoly_start version which doesn't return in case of failure. + * + * See #cx_chachapoly_start + */ +static inline void cx_chachapoly_start_assert(cx_chachapoly_context_t *ctx, + uint32_t mode, + const uint8_t *iv, + size_t iv_len) +{ + LEDGER_ASSERT(cx_chachapoly_start(ctx, mode, iv, iv_len) == CX_OK, "cx_chachapoly_start"); +} + WARN_UNUSED_RESULT cx_err_t cx_chachapoly_update_aad(cx_chachapoly_context_t *ctx, const uint8_t *aad, size_t aad_len); +/** + * @brief cx_chachapoly_update_aad version which doesn't return in case of failure. + * + * See #cx_chachapoly_update_aad + */ +static inline void cx_chachapoly_update_aad_assert(cx_chachapoly_context_t *ctx, + const uint8_t *aad, + size_t aad_len) +{ + LEDGER_ASSERT(cx_chachapoly_update_aad(ctx, aad, aad_len) == CX_OK, "cx_chachapoly_update_aad"); +} + WARN_UNUSED_RESULT cx_err_t cx_chachapoly_update(cx_chachapoly_context_t *ctx, const uint8_t *input, uint8_t *output, size_t len); +/** + * @brief cx_chachapoly_update version which doesn't return in case of failure. + * + * See #cx_chachapoly_update + */ +static inline void cx_chachapoly_update_assert(cx_chachapoly_context_t *ctx, + const uint8_t *input, + uint8_t *output, + size_t len) +{ + LEDGER_ASSERT(cx_chachapoly_update(ctx, input, output, len) == CX_OK, "cx_chachapoly_update"); +} + WARN_UNUSED_RESULT cx_err_t cx_chachapoly_finish(cx_chachapoly_context_t *ctx, uint8_t *tag, size_t tag_len); +/** + * @brief cx_chachapoly_finish version which doesn't return in case of failure. + * + * See #cx_chachapoly_finish + */ +static inline void cx_chachapoly_finish_assert(cx_chachapoly_context_t *ctx, + uint8_t *tag, + size_t tag_len) +{ + LEDGER_ASSERT(cx_chachapoly_finish(ctx, tag, tag_len) == CX_OK, "cx_chachapoly_finish"); +} + WARN_UNUSED_RESULT cx_err_t cx_chachapoly_encrypt_and_tag(cx_chachapoly_context_t *ctx, const uint8_t *input, size_t len, @@ -81,6 +144,28 @@ WARN_UNUSED_RESULT cx_err_t cx_chachapoly_encrypt_and_tag(cx_chachapoly_context_ uint8_t *tag, size_t tag_len); +/** + * @brief cx_chachapoly_encrypt_and_tag version which doesn't return in case of failure. + * + * See #cx_chachapoly_encrypt_and_tag + */ +static inline void cx_chachapoly_encrypt_and_tag_assert(cx_chachapoly_context_t *ctx, + const uint8_t *input, + size_t len, + const uint8_t *iv, + size_t iv_len, + const uint8_t *aad, + size_t aad_len, + uint8_t *output, + uint8_t *tag, + size_t tag_len) +{ + LEDGER_ASSERT(cx_chachapoly_encrypt_and_tag( + ctx, input, len, iv, iv_len, aad, aad_len, output, tag, tag_len) + == CX_OK, + "cx_chachapoly_encrypt_and_tag"); +} + WARN_UNUSED_RESULT cx_err_t cx_chachapoly_decrypt_and_auth(cx_chachapoly_context_t *ctx, const uint8_t *input, size_t len, @@ -92,10 +177,44 @@ WARN_UNUSED_RESULT cx_err_t cx_chachapoly_decrypt_and_auth(cx_chachapoly_context const uint8_t *tag, size_t tag_len); +/** + * @brief cx_chachapoly_decrypt_and_auth version which doesn't return in case of failure. + * + * See #cx_chachapoly_decrypt_and_auth + */ +static inline void cx_chachapoly_decrypt_and_auth_assert(cx_chachapoly_context_t *ctx, + const uint8_t *input, + size_t len, + const uint8_t *iv, + size_t iv_len, + const uint8_t *aad, + size_t aad_len, + uint8_t *output, + const uint8_t *tag, + size_t tag_len) +{ + LEDGER_ASSERT(cx_chachapoly_decrypt_and_auth( + ctx, input, len, iv, iv_len, aad, aad_len, output, tag, tag_len) + == CX_OK, + "cx_chachapoly_decrypt_and_auth"); +} + WARN_UNUSED_RESULT cx_err_t cx_chachapoly_check_tag(cx_chachapoly_context_t *ctx, const uint8_t *tag, size_t tag_len); +/** + * @brief cx_chachapoly_check_tag version which doesn't return in case of failure. + * + * See #cx_chachapoly_check_tag + */ +static inline void cx_chachapoly_check_tag_assert(cx_chachapoly_context_t *ctx, + const uint8_t *tag, + size_t tag_len) +{ + LEDGER_ASSERT(cx_chachapoly_check_tag(ctx, tag, tag_len) == CX_OK, "cx_chachapoly_check_tag"); +} + #endif // HAVE_POLY1305 && HAVE_CHACHA #endif // HAVE_CHACHA_POLY #endif /* LCX_CHACHA_POLY_H */ diff --git a/lib_cxng/include/lcx_cipher.h b/lib_cxng/include/lcx_cipher.h index e007031e1..392505fa8 100644 --- a/lib_cxng/include/lcx_cipher.h +++ b/lib_cxng/include/lcx_cipher.h @@ -13,6 +13,7 @@ #include "lcx_wrappers.h" #include "lcx_common.h" #include "lcx_aes.h" +#include "ledger_assert.h" #include /** Maximum length of the initialization vector in bytes */ @@ -111,6 +112,16 @@ typedef struct { */ WARN_UNUSED_RESULT cx_err_t cx_cipher_init(cx_cipher_context_t *ctx); +/** + * @brief cx_cipher_init version which doesn't return in case of failure. + * + * See #cx_cipher_init + */ +static inline void cx_cipher_init_assert(cx_cipher_context_t *ctx) +{ + LEDGER_ASSERT(cx_cipher_init(ctx) == CX_OK, "cx_cipher_init"); +} + /** * @brief Initialize and fill the context structure given the cipher info. * @@ -135,6 +146,18 @@ WARN_UNUSED_RESULT cx_err_t cx_cipher_setup(cx_cipher_context_t *ctx, const cx_cipher_id_t type, uint32_t mode); +/** + * @brief cx_cipher_setup version which doesn't return in case of failure. + * + * See #cx_cipher_setup + */ +static inline void cx_cipher_setup_assert(cx_cipher_context_t *ctx, + const cx_cipher_id_t type, + uint32_t mode) +{ + LEDGER_ASSERT(cx_cipher_setup(ctx, type, mode) == CX_OK, "cx_cipher_setup"); +} + /** * @brief Set the key to use. * @@ -160,6 +183,19 @@ WARN_UNUSED_RESULT cx_err_t cx_cipher_setkey(cx_cipher_context_t *ctx, uint32_t key_bitlen, uint32_t operation); +/** + * @brief cx_cipher_setkey version which doesn't return in case of failure. + * + * See #cx_cipher_setkey + */ +static inline void cx_cipher_setkey_assert(cx_cipher_context_t *ctx, + const uint8_t *key, + uint32_t key_bitlen, + uint32_t operation) +{ + LEDGER_ASSERT(cx_cipher_setkey(ctx, key, key_bitlen, operation) == CX_OK, "cx_cipher_setkey"); +} + /** * @brief Set the initialization vector. * @@ -181,6 +217,18 @@ WARN_UNUSED_RESULT cx_err_t cx_cipher_setiv(cx_cipher_context_t *ctx, const uint8_t *iv, size_t iv_len); +/** + * @brief cx_cipher_setiv version which doesn't return in case of failure. + * + * See #cx_cipher_setiv + */ +static inline void cx_cipher_setiv_assert(cx_cipher_context_t *ctx, + const uint8_t *iv, + size_t iv_len) +{ + LEDGER_ASSERT(cx_cipher_setiv(ctx, iv, iv_len) == CX_OK, "cx_cipher_setiv"); +} + /** * @brief Set the padding type. * @@ -201,6 +249,16 @@ WARN_UNUSED_RESULT cx_err_t cx_cipher_setiv(cx_cipher_context_t *ctx, */ WARN_UNUSED_RESULT cx_err_t cx_cipher_set_padding(cx_cipher_context_t *ctx, uint32_t padding); +/** + * @brief cx_cipher_set_padding version which doesn't return in case of failure. + * + * See #cx_cipher_set_padding + */ +static inline void cx_cipher_set_padding_assert(cx_cipher_context_t *ctx, uint32_t padding) +{ + LEDGER_ASSERT(cx_cipher_set_padding(ctx, padding) == CX_OK, "cx_cipher_set_padding"); +} + /** * @brief Encrypt or decrypt with the given context. * @@ -234,6 +292,21 @@ WARN_UNUSED_RESULT cx_err_t cx_cipher_update(cx_cipher_context_t *ctx, uint8_t *output, size_t *out_len); +/** + * @brief cx_cipher_update version which doesn't return in case of failure. + * + * See #cx_cipher_update + */ +static inline void cx_cipher_update_assert(cx_cipher_context_t *ctx, + const uint8_t *input, + size_t in_len, + uint8_t *output, + size_t *out_len) +{ + LEDGER_ASSERT(cx_cipher_update(ctx, input, in_len, output, out_len) == CX_OK, + "cx_cipher_update"); +} + /** * @brief Finalize the operation. * @@ -260,6 +333,18 @@ WARN_UNUSED_RESULT cx_err_t cx_cipher_finish(cx_cipher_context_t *ctx, uint8_t *output, size_t *out_len); +/** + * @brief cx_cipher_finish version which doesn't return in case of failure. + * + * See #cx_cipher_finish + */ +static inline void cx_cipher_finish_assert(cx_cipher_context_t *ctx, + uint8_t *output, + size_t *out_len) +{ + LEDGER_ASSERT(cx_cipher_finish(ctx, output, out_len) == CX_OK, "cx_cipher_finish"); +} + /** * @brief All-in-one encryption or decryption. * @@ -296,6 +381,23 @@ WARN_UNUSED_RESULT cx_err_t cx_cipher_enc_dec(cx_cipher_context_t *ctx, uint8_t *output, size_t *out_len); +/** + * @brief cx_cipher_enc_dec version which doesn't return in case of failure. + * + * See #cx_cipher_enc_dec + */ +static inline void cx_cipher_enc_dec_assert(cx_cipher_context_t *ctx, + const uint8_t *iv, + size_t iv_len, + const uint8_t *input, + size_t in_len, + uint8_t *output, + size_t *out_len) +{ + LEDGER_ASSERT(cx_cipher_enc_dec(ctx, iv, iv_len, input, in_len, output, out_len) == CX_OK, + "cx_cipher_enc_dec"); +} + void cx_cipher_reset(cx_cipher_context_t *ctx); void add_one_and_zeros_padding(uint8_t *output, size_t out_len, size_t data_len); diff --git a/lib_cxng/include/lcx_cmac.h b/lib_cxng/include/lcx_cmac.h index c298f95a4..326c8bf33 100644 --- a/lib_cxng/include/lcx_cmac.h +++ b/lib_cxng/include/lcx_cmac.h @@ -12,17 +12,52 @@ #include "lcx_cipher.h" #include "cx_errors.h" +#include "ledger_assert.h" WARN_UNUSED_RESULT cx_err_t cx_cmac_start(cx_cipher_context_t *ctx, const uint8_t *key, size_t key_bitlen); +/** + * @brief cx_cmac_start version which doesn't return in case of failure. + * + * See #cx_cmac_start + */ +static inline void cx_cmac_start_assert(cx_cipher_context_t *ctx, + const uint8_t *key, + size_t key_bitlen) +{ + LEDGER_ASSERT(cx_cmac_start(ctx, key, key_bitlen) == CX_OK, "cx_cmac_start"); +} + WARN_UNUSED_RESULT cx_err_t cx_cmac_update(cx_cipher_context_t *ctx, const uint8_t *input, size_t in_len); +/** + * @brief cx_cmac_update version which doesn't return in case of failure. + * + * See #cx_cmac_update + */ +static inline void cx_cmac_update_assert(cx_cipher_context_t *ctx, + const uint8_t *input, + size_t in_len) +{ + LEDGER_ASSERT(cx_cmac_update(ctx, input, in_len) == CX_OK, "cx_cmac_update"); +} + WARN_UNUSED_RESULT cx_err_t cx_cmac_finish(cx_cipher_context_t *ctx, uint8_t *output); +/** + * @brief cx_cmac_finish version which doesn't return in case of failure. + * + * See #cx_cmac_finish + */ +static inline void cx_cmac_finish_assert(cx_cipher_context_t *ctx, uint8_t *output) +{ + LEDGER_ASSERT(cx_cmac_finish(ctx, output) == CX_OK, "cx_cmac_finish"); +} + WARN_UNUSED_RESULT cx_err_t cx_cmac(const cx_cipher_id_t type, const uint8_t *key, size_t key_bitlen, @@ -30,6 +65,21 @@ WARN_UNUSED_RESULT cx_err_t cx_cmac(const cx_cipher_id_t type, size_t in_len, uint8_t *output); +/** + * @brief cx_cmac version which doesn't return in case of failure. + * + * See #cx_cmac + */ +static inline void cx_cmac_assert(const cx_cipher_id_t type, + const uint8_t *key, + size_t key_bitlen, + const uint8_t *input, + size_t in_len, + uint8_t *output) +{ + LEDGER_ASSERT(cx_cmac(type, key, key_bitlen, input, in_len, output) == CX_OK, "cx_cmac"); +} + #endif /* LCX_CMAC_H */ #endif // HAVE_CMAC diff --git a/lib_cxng/include/lcx_ecdh.h b/lib_cxng/include/lcx_ecdh.h index 33eb89ca8..e4da1f84b 100644 --- a/lib_cxng/include/lcx_ecdh.h +++ b/lib_cxng/include/lcx_ecdh.h @@ -34,6 +34,7 @@ #include "lcx_wrappers.h" #include "lcx_ecfp.h" +#include "ledger_assert.h" #include #if defined(HAVE_ECDH) @@ -79,6 +80,22 @@ WARN_UNUSED_RESULT cx_err_t cx_ecdh_no_throw(const cx_ecfp_private_key_t *pvkey, uint8_t *secret, size_t secret_len); +/** + * @brief cx_ecdh_no_throw version which doesn't return in case of failure. + * + * See #cx_ecdh_no_throw + */ +static inline void cx_ecdh_assert(const cx_ecfp_private_key_t *pvkey, + uint32_t mode, + const uint8_t *P, + size_t P_len, + uint8_t *secret, + size_t secret_len) +{ + LEDGER_ASSERT(cx_ecdh_no_throw(pvkey, mode, P, P_len, secret, secret_len) == CX_OK, + "cx_ecdh_no_throw"); +} + /** * @deprecated * See #cx_ecdh_no_throw @@ -133,6 +150,16 @@ DEPRECATED static inline size_t cx_ecdh(const cx_ecfp_private_key_t *pvkey, * - CX_INVALID_PARAMETER_VALUE */ WARN_UNUSED_RESULT cx_err_t cx_x25519(uint8_t *u, const uint8_t *k, size_t k_len); + +/** + * @brief cx_x25519 version which doesn't return in case of failure. + * + * See #cx_x25519 + */ +static inline void cx_x25519_assert(uint8_t *u, const uint8_t *k, size_t k_len) +{ + LEDGER_ASSERT(cx_x25519(u, k, k_len) == CX_OK, "cx_x25519"); +} #endif // HAVE_X25519 #if defined(HAVE_X448) @@ -163,6 +190,16 @@ WARN_UNUSED_RESULT cx_err_t cx_x25519(uint8_t *u, const uint8_t *k, size_t k_len * - CX_INVALID_PARAMETER_VALUE */ WARN_UNUSED_RESULT cx_err_t cx_x448(uint8_t *u, const uint8_t *k, size_t k_len); + +/** + * @brief cx_x448 version which doesn't return in case of failure. + * + * See #cx_x448 + */ +static inline void cx_x448_assert(uint8_t *u, const uint8_t *k, size_t k_len) +{ + LEDGER_ASSERT(cx_x448(u, k, k_len) == CX_OK, "cx_x448"); +} #endif // HAVE_X448 #endif // HAVE_ECDH || HAVE_X25519 || HAVE_X448 diff --git a/lib_cxng/include/lcx_ecdsa.h b/lib_cxng/include/lcx_ecdsa.h index 0b7f6fd27..eaea3ed9b 100644 --- a/lib_cxng/include/lcx_ecdsa.h +++ b/lib_cxng/include/lcx_ecdsa.h @@ -32,6 +32,7 @@ #include "lcx_wrappers.h" #include "lcx_ecfp.h" +#include "ledger_assert.h" /** @internal Backward compatibility */ #define cx_ecdsa_init_public_key cx_ecfp_init_public_key_no_throw @@ -89,6 +90,25 @@ WARN_UNUSED_RESULT cx_err_t cx_ecdsa_sign_no_throw(const cx_ecfp_private_key_t * size_t *sig_len, uint32_t *info); +/** + * @brief cx_ecdsa_sign_no_throw version which doesn't return in case of failure. + * + * See #cx_ecdsa_sign_no_throw + */ +static inline void cx_ecdsa_sign_assert(const cx_ecfp_private_key_t *pvkey, + uint32_t mode, + cx_md_t hashID, + const uint8_t *hash, + size_t hash_len, + uint8_t *sig, + size_t *sig_len, + uint32_t *info) +{ + LEDGER_ASSERT( + cx_ecdsa_sign_no_throw(pvkey, mode, hashID, hash, hash_len, sig, sig_len, info) == CX_OK, + "cx_ecdsa_sign_no_throw"); +} + /** * @deprecated * See #cx_ecdsa_sign_no_throw diff --git a/lib_cxng/include/lcx_ecfp.h b/lib_cxng/include/lcx_ecfp.h index c1c10e7c1..b50c61b94 100644 --- a/lib_cxng/include/lcx_ecfp.h +++ b/lib_cxng/include/lcx_ecfp.h @@ -31,6 +31,7 @@ #include "lcx_wrappers.h" #include "lcx_hash.h" #include "ox_ec.h" +#include "ledger_assert.h" #include /** Elliptic Curve public key */ @@ -165,6 +166,20 @@ WARN_UNUSED_RESULT cx_err_t cx_ecfp_add_point_no_throw(cx_curve_t curve, const uint8_t *P, const uint8_t *Q); +/** + * @brief cx_ecfp_add_point_no_throw version which doesn't return in case of failure. + * + * See #cx_ecfp_add_point_no_throw + */ +static inline void cx_ecfp_add_point_assert(cx_curve_t curve, + uint8_t *R, + const uint8_t *P, + const uint8_t *Q) +{ + LEDGER_ASSERT(cx_ecfp_add_point_no_throw(curve, R, P, Q) == CX_OK, + "cx_ecfp_add_point_no_throw"); +} + /** * @deprecated * See #cx_ecfp_add_point_no_throw @@ -215,6 +230,20 @@ WARN_UNUSED_RESULT cx_err_t cx_ecfp_scalar_mult_no_throw(cx_curve_t curve, const uint8_t *k, size_t k_len); +/** + * @brief cx_ecfp_scalar_mult_no_throw version which doesn't return in case of failure. + * + * See #cx_ecfp_scalar_mult_no_throw + */ +static inline void cx_ecfp_scalar_mult_assert(cx_curve_t curve, + uint8_t *P, + const uint8_t *k, + size_t k_len) +{ + LEDGER_ASSERT(cx_ecfp_scalar_mult_no_throw(curve, P, k, k_len) == CX_OK, + "cx_ecfp_scalar_mult_no_throw"); +} + /** * @deprecated * See #cx_ecfp_scalar_mult_no_throw @@ -263,6 +292,20 @@ WARN_UNUSED_RESULT cx_err_t cx_ecfp_init_public_key_no_throw(cx_curve_t size_t key_len, cx_ecfp_public_key_t *key); +/** + * @brief cx_ecfp_init_public_key_no_throw version which doesn't return in case of failure. + * + * See #cx_ecfp_init_public_key_no_throw + */ +static inline void cx_ecfp_init_public_key_assert(cx_curve_t curve, + const uint8_t *rawkey, + size_t key_len, + cx_ecfp_public_key_t *key) +{ + LEDGER_ASSERT(cx_ecfp_init_public_key_no_throw(curve, rawkey, key_len, key) == CX_OK, + "cx_ecfp_init_public_key_no_throw"); +} + /** * @deprecated * See #cx_ecfp_init_public_key_no_throw @@ -301,6 +344,20 @@ WARN_UNUSED_RESULT cx_err_t cx_ecfp_init_private_key_no_throw(cx_curve_t size_t key_len, cx_ecfp_private_key_t *pvkey); +/** + * @brief cx_ecfp_init_private_key_no_throw version which doesn't return in case of failure. + * + * See #cx_ecfp_init_private_key_no_throw + */ +static inline void cx_ecfp_init_private_key_assert(cx_curve_t curve, + const uint8_t *rawkey, + size_t key_len, + cx_ecfp_private_key_t *pvkey) +{ + LEDGER_ASSERT(cx_ecfp_init_private_key_no_throw(curve, rawkey, key_len, pvkey) == CX_OK, + "cx_ecfp_init_private_key_no_throw"); +} + /** * @deprecated * See #cx_ecfp_init_private_key_no_throw @@ -344,6 +401,20 @@ WARN_UNUSED_RESULT cx_err_t cx_ecfp_generate_pair_no_throw(cx_curve_t cx_ecfp_private_key_t *privkey, bool keepprivate); +/** + * @brief cx_ecfp_generate_pair_no_throw version which doesn't return in case of failure. + * + * See #cx_ecfp_generate_pair_no_throw + */ +static inline void cx_ecfp_generate_pair_assert(cx_curve_t curve, + cx_ecfp_public_key_t *pubkey, + cx_ecfp_private_key_t *privkey, + bool keepprivate) +{ + LEDGER_ASSERT(cx_ecfp_generate_pair_no_throw(curve, pubkey, privkey, keepprivate) == CX_OK, + "cx_ecfp_generate_pair_no_throw"); +} + /** * @deprecated * See #cx_ecfp_generate_pair_no_throw @@ -390,6 +461,22 @@ WARN_UNUSED_RESULT cx_err_t cx_ecfp_generate_pair2_no_throw(cx_curve_t bool keepprivate, cx_md_t hashID); +/** + * @brief cx_ecfp_generate_pair2_no_throw version which doesn't return in case of failure. + * + * See #cx_ecfp_generate_pair2_no_throw + */ +static inline void cx_ecfp_generate_pair2_assert(cx_curve_t curve, + cx_ecfp_public_key_t *pubkey, + cx_ecfp_private_key_t *privkey, + bool keepprivate, + cx_md_t hashID) +{ + LEDGER_ASSERT( + cx_ecfp_generate_pair2_no_throw(curve, pubkey, privkey, keepprivate, hashID) == CX_OK, + "cx_ecfp_generate_pair2_no_throw"); +} + /** * @deprecated * See #cx_ecfp_generate_pair2_no_throw @@ -448,6 +535,24 @@ WARN_UNUSED_RESULT cx_err_t cx_eddsa_get_public_key_no_throw(const cx_ecfp_priva uint8_t *h, size_t h_len); +/** + * @brief cx_eddsa_get_public_key_no_throw version which doesn't return in case of failure. + * + * See #cx_eddsa_get_public_key_no_throw + */ +static inline void cx_eddsa_get_public_key_assert(const cx_ecfp_private_key_t *pvkey, + cx_md_t hashID, + cx_ecfp_public_key_t *pukey, + uint8_t *a, + size_t a_len, + uint8_t *h, + size_t h_len) +{ + LEDGER_ASSERT( + cx_eddsa_get_public_key_no_throw(pvkey, hashID, pukey, a, a_len, h, h_len) == CX_OK, + "cx_eddsa_get_public_key_no_throw"); +} + /** * @deprecated * See #cx_eddsa_get_public_key_no_throw @@ -489,6 +594,17 @@ WARN_UNUSED_RESULT cx_err_t cx_edwards_compress_point_no_throw(cx_curve_t curve, uint8_t *p, size_t p_len); +/** + * @brief cx_edwards_compress_point_no_throw version which doesn't return in case of failure. + * + * See #cx_edwards_compress_point_no_throw + */ +static inline void cx_edwards_compress_point_assert(cx_curve_t curve, uint8_t *p, size_t p_len) +{ + LEDGER_ASSERT(cx_edwards_compress_point_no_throw(curve, p, p_len) == CX_OK, + "cx_edwards_compress_point_no_throw"); +} + /** * @deprecated * See #cx_edwards_compress_point_no_throw @@ -526,6 +642,17 @@ WARN_UNUSED_RESULT cx_err_t cx_edwards_decompress_point_no_throw(cx_curve_t curv uint8_t *p, size_t p_len); +/** + * @brief cx_edwards_decompress_point_no_throw version which doesn't return in case of failure. + * + * See #cx_edwards_decompress_point_no_throw + */ +static inline void cx_edwards_decompress_point_assert(cx_curve_t curve, uint8_t *p, size_t p_len) +{ + LEDGER_ASSERT(cx_edwards_decompress_point_no_throw(curve, p, p_len) == CX_OK, + "cx_edwards_decompress_point_no_throw"); +} + /** * @deprecated * See #cx_edwards_decompress_point_no_throw diff --git a/lib_cxng/include/lcx_eddsa.h b/lib_cxng/include/lcx_eddsa.h index 54f88686c..7dffdb285 100644 --- a/lib_cxng/include/lcx_eddsa.h +++ b/lib_cxng/include/lcx_eddsa.h @@ -30,6 +30,7 @@ #include "lcx_ecfp.h" #include "lcx_wrappers.h" +#include "ledger_assert.h" #ifdef HAVE_EDDSA @@ -78,6 +79,22 @@ WARN_UNUSED_RESULT cx_err_t cx_eddsa_sign_no_throw(const cx_ecfp_private_key_t * uint8_t *sig, size_t sig_len); +/** + * @brief cx_eddsa_sign_no_throw version which doesn't return in case of failure. + * + * See #cx_eddsa_sign_no_throw + */ +static inline void cx_eddsa_sign_assert(const cx_ecfp_private_key_t *pvkey, + cx_md_t hashID, + const uint8_t *hash, + size_t hash_len, + uint8_t *sig, + size_t sig_len) +{ + LEDGER_ASSERT(cx_eddsa_sign_no_throw(pvkey, hashID, hash, hash_len, sig, sig_len) == CX_OK, + "cx_eddsa_sign_no_throw"); +} + /** * @deprecated * See #cx_eddsa_sign_no_throw diff --git a/lib_cxng/include/lcx_groestl.h b/lib_cxng/include/lcx_groestl.h index 6fbed8b7f..0d233bf25 100644 --- a/lib_cxng/include/lcx_groestl.h +++ b/lib_cxng/include/lcx_groestl.h @@ -31,6 +31,7 @@ #include #include "lcx_wrappers.h" +#include "ledger_assert.h" #define ROWS 8 #define COLS1024 16 @@ -75,6 +76,16 @@ size_t cx_groestl_get_output_size(const cx_groestl_t *ctx); */ WARN_UNUSED_RESULT cx_err_t cx_groestl_init_no_throw(cx_groestl_t *hash, size_t size); +/** + * @brief cx_groestl_init_no_throw version which doesn't return in case of failure. + * + * See #cx_groestl_init_no_throw + */ +static inline void cx_groestl_init_assert(cx_groestl_t *hash, size_t size) +{ + LEDGER_ASSERT(cx_groestl_init_no_throw(hash, size) == CX_OK, "cx_groestl_init_no_throw"); +} + /** * @deprecated * See #cx_groestl_init_no_throw @@ -118,6 +129,21 @@ WARN_UNUSED_RESULT cx_err_t cx_groestl(cx_groestl_t *hash, uint8_t *out, size_t out_len); +/** + * @brief cx_groestl version which doesn't return in case of failure. + * + * See #cx_groestl + */ +static inline void cx_groestl_assert(cx_groestl_t *hash, + uint32_t mode, + const uint8_t *in, + size_t len, + uint8_t *out, + size_t out_len) +{ + LEDGER_ASSERT(cx_groestl(hash, mode, in, len, out, out_len) == CX_OK, "cx_groestl"); +} + /** * @brief Adds more data to hash. * @@ -136,6 +162,16 @@ WARN_UNUSED_RESULT cx_err_t cx_groestl(cx_groestl_t *hash, */ WARN_UNUSED_RESULT cx_err_t cx_groestl_update(cx_groestl_t *ctx, const uint8_t *data, size_t len); +/** + * @brief cx_groestl_update version which doesn't return in case of failure. + * + * See #cx_groestl_update + */ +static inline void cx_groestl_update_assert(cx_groestl_t *ctx, const uint8_t *data, size_t len) +{ + LEDGER_ASSERT(cx_groestl_update(ctx, data, len) == CX_OK, "cx_groestl_update"); +} + /** * @brief Finalizes the hash. * diff --git a/lib_cxng/include/lcx_hash.h b/lib_cxng/include/lcx_hash.h index 3320a3995..afc854237 100644 --- a/lib_cxng/include/lcx_hash.h +++ b/lib_cxng/include/lcx_hash.h @@ -44,6 +44,7 @@ #include "cx_errors.h" #include "lcx_wrappers.h" #include "lcx_common.h" +#include "ledger_assert.h" #include #include #include @@ -150,6 +151,21 @@ WARN_UNUSED_RESULT cx_err_t cx_hash_no_throw(cx_hash_t *hash, uint8_t *out, size_t out_len); +/** + * @brief cx_hash_no_throw version which doesn't return in case of failure. + * + * See #cx_hash_no_throw + */ +static inline void cx_hash_assert(cx_hash_t *hash, + uint32_t mode, + const uint8_t *in, + size_t len, + uint8_t *out, + size_t out_len) +{ + LEDGER_ASSERT(cx_hash_no_throw(hash, mode, in, len, out, out_len) == CX_OK, "cx_hash_no_throw"); +} + /** * @deprecated * See #cx_hash_no_throw @@ -179,6 +195,16 @@ DEPRECATED static inline size_t cx_hash(cx_hash_t *hash, */ WARN_UNUSED_RESULT cx_err_t cx_hash_init(cx_hash_t *hash, cx_md_t hash_id); +/** + * @brief cx_hash_init version which doesn't return in case of failure. + * + * See #cx_hash_init + */ +static inline void cx_hash_init_assert(cx_hash_t *hash, cx_md_t hash_id) +{ + LEDGER_ASSERT(cx_hash_init(hash, hash_id) == CX_OK, "cx_hash_init"); +} + /** * @brief Initializes a hash context. * @@ -201,6 +227,16 @@ WARN_UNUSED_RESULT cx_err_t cx_hash_init(cx_hash_t *hash, cx_md_t hash_id); */ WARN_UNUSED_RESULT cx_err_t cx_hash_init_ex(cx_hash_t *hash, cx_md_t hash_id, size_t output_size); +/** + * @brief cx_hash_init_ex version which doesn't return in case of failure. + * + * See #cx_hash_init_ex + */ +static inline void cx_hash_init_ex_assert(cx_hash_t *hash, cx_md_t hash_id, size_t output_size) +{ + LEDGER_ASSERT(cx_hash_init_ex(hash, hash_id, output_size) == CX_OK, "cx_hash_init_ex"); +} + /** * @brief Adds more data to hash. * @@ -220,6 +256,16 @@ WARN_UNUSED_RESULT cx_err_t cx_hash_init_ex(cx_hash_t *hash, cx_md_t hash_id, si */ WARN_UNUSED_RESULT cx_err_t cx_hash_update(cx_hash_t *hash, const uint8_t *in, size_t in_len); +/** + * @brief cx_hash_update version which doesn't return in case of failure. + * + * See #cx_hash_update + */ +static inline void cx_hash_update_assert(cx_hash_t *hash, const uint8_t *in, size_t in_len) +{ + LEDGER_ASSERT(cx_hash_update(hash, in, in_len) == CX_OK, "cx_hash_update"); +} + /** * @brief Finalizes the hash. * @@ -235,6 +281,16 @@ WARN_UNUSED_RESULT cx_err_t cx_hash_update(cx_hash_t *hash, const uint8_t *in, s */ WARN_UNUSED_RESULT cx_err_t cx_hash_final(cx_hash_t *hash, uint8_t *digest); +/** + * @brief cx_hash_final version which doesn't return in case of failure. + * + * See #cx_hash_final + */ +static inline void cx_hash_final_assert(cx_hash_t *hash, uint8_t *digest) +{ + LEDGER_ASSERT(cx_hash_final(hash, digest) == CX_OK, "cx_hash_final"); +} + #endif // HAVE_HASH #endif // LCX_HASH_H diff --git a/lib_cxng/include/lcx_hmac.h b/lib_cxng/include/lcx_hmac.h index 564388651..5c58bb8fa 100644 --- a/lib_cxng/include/lcx_hmac.h +++ b/lib_cxng/include/lcx_hmac.h @@ -35,6 +35,7 @@ #include "lcx_ripemd160.h" #include "lcx_sha256.h" #include "lcx_sha512.h" +#include "ledger_assert.h" #include #include @@ -78,6 +79,19 @@ WARN_UNUSED_RESULT cx_err_t cx_hmac_ripemd160_init_no_throw(cx_hmac_ripemd160_t const uint8_t *key, size_t key_len); +/** + * @brief cx_hmac_ripemd160_init_no_throw version which doesn't return in case of failure. + * + * See #cx_hmac_ripemd160_init_no_throw + */ +static inline void cx_hmac_ripemd160_init_assert(cx_hmac_ripemd160_t *hmac, + const uint8_t *key, + size_t key_len) +{ + LEDGER_ASSERT(cx_hmac_ripemd160_init_no_throw(hmac, key, key_len) == CX_OK, + "cx_hmac_ripemd160_init_no_throw"); +} + /** * @deprecated * See #cx_hmac_ripemd160_init_no_throw @@ -124,6 +138,18 @@ typedef struct { WARN_UNUSED_RESULT cx_err_t cx_hmac_sha224_init(cx_hmac_sha256_t *hmac, const uint8_t *key, unsigned int key_len); + +/** + * @brief cx_hmac_sha224_init version which doesn't return in case of failure. + * + * See #cx_hmac_sha224_init + */ +static inline void cx_hmac_sha224_init_assert(cx_hmac_sha256_t *hmac, + const uint8_t *key, + unsigned int key_len) +{ + LEDGER_ASSERT(cx_hmac_sha224_init(hmac, key, key_len) == CX_OK, "cx_hmac_sha224_init"); +} #endif #ifdef HAVE_SHA256 @@ -150,6 +176,19 @@ WARN_UNUSED_RESULT cx_err_t cx_hmac_sha256_init_no_throw(cx_hmac_sha256_t *hmac, const uint8_t *key, size_t key_len); +/** + * @brief cx_hmac_sha256_init_no_throw version which doesn't return in case of failure. + * + * See #cx_hmac_sha256_init_no_throw + */ +static inline void cx_hmac_sha256_init_assert(cx_hmac_sha256_t *hmac, + const uint8_t *key, + size_t key_len) +{ + LEDGER_ASSERT(cx_hmac_sha256_init_no_throw(hmac, key, key_len) == CX_OK, + "cx_hmac_sha256_init_no_throw"); +} + /** * @deprecated * See #cx_hmac_sha256_init_no_throw @@ -223,6 +262,18 @@ typedef struct { WARN_UNUSED_RESULT cx_err_t cx_hmac_sha384_init(cx_hmac_sha512_t *hmac, const uint8_t *key, unsigned int key_len); + +/** + * @brief cx_hmac_sha384_init version which doesn't return in case of failure. + * + * See #cx_hmac_sha384_init + */ +static inline void cx_hmac_sha384_init_assert(cx_hmac_sha512_t *hmac, + const uint8_t *key, + unsigned int key_len) +{ + LEDGER_ASSERT(cx_hmac_sha384_init(hmac, key, key_len) == CX_OK, "cx_hmac_sha384_init"); +} #endif #ifdef HAVE_SHA512 @@ -249,6 +300,19 @@ WARN_UNUSED_RESULT cx_err_t cx_hmac_sha512_init_no_throw(cx_hmac_sha512_t *hmac, const uint8_t *key, size_t key_len); +/** + * @brief cx_hmac_sha512_init_no_throw version which doesn't return in case of failure. + * + * See #cx_hmac_sha512_init_no_throw + */ +static inline void cx_hmac_sha512_init_assert(cx_hmac_sha512_t *hmac, + const uint8_t *key, + size_t key_len) +{ + LEDGER_ASSERT(cx_hmac_sha512_init_no_throw(hmac, key, key_len) == CX_OK, + "cx_hmac_sha512_init_no_throw"); +} + /** * @deprecated * See #cx_hmac_sha512_init_no_throw @@ -327,6 +391,21 @@ WARN_UNUSED_RESULT cx_err_t cx_hmac_no_throw(cx_hmac_t *hmac, uint8_t *mac, size_t mac_len); +/** + * @brief cx_hmac_no_throw version which doesn't return in case of failure. + * + * See #cx_hmac_no_throw + */ +static inline void cx_hmac_assert(cx_hmac_t *hmac, + uint32_t mode, + const uint8_t *in, + size_t len, + uint8_t *mac, + size_t mac_len) +{ + LEDGER_ASSERT(cx_hmac_no_throw(hmac, mode, in, len, mac, mac_len) == CX_OK, "cx_hmac_no_throw"); +} + /** * @deprecated * See #cx_hmac_no_throw @@ -392,6 +471,19 @@ WARN_UNUSED_RESULT cx_err_t cx_hmac_init(cx_hmac_t *hmac, const uint8_t *key, size_t key_len); +/** + * @brief cx_hmac_init version which doesn't return in case of failure. + * + * See #cx_hmac_init + */ +static inline void cx_hmac_init_assert(cx_hmac_t *hmac, + cx_md_t hash_id, + const uint8_t *key, + size_t key_len) +{ + LEDGER_ASSERT(cx_hmac_init(hmac, hash_id, key, key_len) == CX_OK, "cx_hmac_init"); +} + /** * @brief Adds more data to compute the HMAC. * @@ -411,6 +503,16 @@ WARN_UNUSED_RESULT cx_err_t cx_hmac_init(cx_hmac_t *hmac, */ WARN_UNUSED_RESULT cx_err_t cx_hmac_update(cx_hmac_t *hmac, const uint8_t *in, size_t in_len); +/** + * @brief cx_hmac_update version which doesn't return in case of failure. + * + * See #cx_hmac_update + */ +static inline void cx_hmac_update_assert(cx_hmac_t *hmac, const uint8_t *in, size_t in_len) +{ + LEDGER_ASSERT(cx_hmac_update(hmac, in, in_len) == CX_OK, "cx_hmac_update"); +} + /** * @brief Finalizes the HMAC algorithm. * @@ -428,6 +530,16 @@ WARN_UNUSED_RESULT cx_err_t cx_hmac_update(cx_hmac_t *hmac, const uint8_t *in, s */ WARN_UNUSED_RESULT cx_err_t cx_hmac_final(cx_hmac_t *ctx, uint8_t *out, size_t *out_len); +/** + * @brief cx_hmac_final version which doesn't return in case of failure. + * + * See #cx_hmac_final + */ +static inline void cx_hmac_final_assert(cx_hmac_t *ctx, uint8_t *out, size_t *out_len) +{ + LEDGER_ASSERT(cx_hmac_final(ctx, out, out_len) == CX_OK, "cx_hmac_final"); +} + #endif // HAVE_HMAC #endif // LCX_HMAC_H diff --git a/lib_cxng/include/lcx_math.h b/lib_cxng/include/lcx_math.h index 40b9a90d3..adaa55121 100644 --- a/lib_cxng/include/lcx_math.h +++ b/lib_cxng/include/lcx_math.h @@ -28,6 +28,7 @@ #include "lcx_wrappers.h" #include "ox_bn.h" +#include "ledger_assert.h" /** * @brief Compares two integers represented as byte arrays. @@ -56,6 +57,16 @@ WARN_UNUSED_RESULT cx_err_t cx_math_cmp_no_throw(const uint8_t *a, size_t length, int *diff); +/** + * @brief cx_math_cmp_no_throw version which doesn't return in case of failure. + * + * See #cx_math_cmp_no_throw + */ +static inline void cx_math_cmp_assert(const uint8_t *a, const uint8_t *b, size_t length, int *diff) +{ + LEDGER_ASSERT(cx_math_cmp_no_throw(a, b, length, diff) == CX_OK, "cx_math_cmp_no_throw"); +} + /** * @deprecated * See #cx_math_cmp_no_throw @@ -91,6 +102,16 @@ WARN_UNUSED_RESULT cx_err_t cx_math_add_no_throw(uint8_t *r, const uint8_t *b, size_t len); +/** + * @brief cx_math_add_no_throw version which doesn't return in case of failure. + * + * See #cx_math_add_no_throw + */ +static inline void cx_math_add_assert(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len) +{ + LEDGER_ASSERT(cx_math_add_no_throw(r, a, b, len) == CX_OK, "cx_math_add_no_throw"); +} + /** * @brief Adds two integers represented as byte arrays. * @@ -149,6 +170,16 @@ WARN_UNUSED_RESULT cx_err_t cx_math_sub_no_throw(uint8_t *r, const uint8_t *b, size_t len); +/** + * @brief cx_math_sub_no_throw version which doesn't return in case of failure. + * + * See #cx_math_sub_no_throw + */ +static inline void cx_math_sub_assert(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len) +{ + LEDGER_ASSERT(cx_math_sub_no_throw(r, a, b, len) == CX_OK, "cx_math_sub_no_throw"); +} + /** * @brief Subtracts two integers represented as byte arrays. * @@ -207,6 +238,16 @@ WARN_UNUSED_RESULT cx_err_t cx_math_mult_no_throw(uint8_t *r, const uint8_t *b, size_t len); +/** + * @brief cx_math_mult_no_throw version which doesn't return in case of failure. + * + * See #cx_math_mult_no_throw + */ +static inline void cx_math_mult_assert(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len) +{ + LEDGER_ASSERT(cx_math_mult_no_throw(r, a, b, len) == CX_OK, "cx_math_mult_no_throw"); +} + /** * @deprecated * See #cx_math_mult_no_throw @@ -246,6 +287,20 @@ DEPRECATED static inline void cx_math_mult(uint8_t *r, WARN_UNUSED_RESULT cx_err_t cx_math_addm_no_throw(uint8_t *r, const uint8_t *a, const uint8_t *b, const uint8_t *m, size_t len); +/** + * @brief cx_math_addm_no_throw version which doesn't return in case of failure. + * + * See #cx_math_addm_no_throw + */ +static inline void cx_math_addm_assert(uint8_t *r, + const uint8_t *a, + const uint8_t *b, + const uint8_t *m, + size_t len) +{ + LEDGER_ASSERT(cx_math_addm_no_throw(r, a, b, m, len) == CX_OK, "cx_math_addm_no_throw"); +} + /** * @deprecated * See #cx_math_addm_no_throw @@ -286,6 +341,20 @@ DEPRECATED static inline void cx_math_addm(uint8_t *r, WARN_UNUSED_RESULT cx_err_t cx_math_subm_no_throw(uint8_t *r, const uint8_t *a, const uint8_t *b, const uint8_t *m, size_t len); +/** + * @brief cx_math_subm_no_throw version which doesn't return in case of failure. + * + * See #cx_math_subm_no_throw + */ +static inline void cx_math_subm_assert(uint8_t *r, + const uint8_t *a, + const uint8_t *b, + const uint8_t *m, + size_t len) +{ + LEDGER_ASSERT(cx_math_subm_no_throw(r, a, b, m, len) == CX_OK, "cx_math_subm_no_throw"); +} + /** * @deprecated * See #cx_math_subm_no_throw @@ -329,6 +398,20 @@ WARN_UNUSED_RESULT cx_err_t cx_math_multm_no_throw(uint8_t *r, const uint8_t *m, size_t len); +/** + * @brief cx_math_multm_no_throw version which doesn't return in case of failure. + * + * See #cx_math_multm_no_throw + */ +static inline void cx_math_multm_assert(uint8_t *r, + const uint8_t *a, + const uint8_t *b, + const uint8_t *m, + size_t len) +{ + LEDGER_ASSERT(cx_math_multm_no_throw(r, a, b, m, len) == CX_OK, "cx_math_multm_no_throw"); +} + /** * @deprecated * See #cx_math_multm_no_throw @@ -368,6 +451,16 @@ WARN_UNUSED_RESULT cx_err_t cx_math_modm_no_throw(uint8_t *v, const uint8_t *m, size_t len_m); +/** + * @brief cx_math_modm_no_throw version which doesn't return in case of failure. + * + * See #cx_math_modm_no_throw + */ +static inline void cx_math_modm_assert(uint8_t *v, size_t len_v, const uint8_t *m, size_t len_m) +{ + LEDGER_ASSERT(cx_math_modm_no_throw(v, len_v, m, len_m) == CX_OK, "cx_math_modm_no_throw"); +} + /** * @deprecated * See #cx_math_modm_no_throw @@ -409,6 +502,21 @@ WARN_UNUSED_RESULT cx_err_t cx_math_powm_no_throw(uint8_t *r, const uint8_t *m, size_t len); +/** + * @brief cx_math_powm_no_throw version which doesn't return in case of failure. + * + * See #cx_math_powm_no_throw + */ +static inline void cx_math_powm_assert(uint8_t *r, + const uint8_t *a, + const uint8_t *e, + size_t len_e, + const uint8_t *m, + size_t len) +{ + LEDGER_ASSERT(cx_math_powm_no_throw(r, a, e, len_e, m, len) == CX_OK, "cx_math_powm_no_throw"); +} + /** * @deprecated * See #cx_math_powm_no_throw @@ -449,6 +557,19 @@ WARN_UNUSED_RESULT cx_err_t cx_math_invprimem_no_throw(uint8_t *r, const uint8_t *m, size_t len); +/** + * @brief cx_math_invprimem_no_throw version which doesn't return in case of failure. + * + * See #cx_math_invprimem_no_throw + */ +static inline void cx_math_invprimem_assert(uint8_t *r, + const uint8_t *a, + const uint8_t *m, + size_t len) +{ + LEDGER_ASSERT(cx_math_invprimem_no_throw(r, a, m, len) == CX_OK, "cx_math_invprimem_no_throw"); +} + /** * @deprecated * See #cx_math_invprimem_no_throw @@ -488,6 +609,16 @@ WARN_UNUSED_RESULT cx_err_t cx_math_invintm_no_throw(uint8_t *r, const uint8_t *m, size_t len); +/** + * @brief cx_math_invintm_no_throw version which doesn't return in case of failure. + * + * See #cx_math_invintm_no_throw + */ +static inline void cx_math_invintm_assert(uint8_t *r, uint32_t a, const uint8_t *m, size_t len) +{ + LEDGER_ASSERT(cx_math_invintm_no_throw(r, a, m, len) == CX_OK, "cx_math_invintm_no_throw"); +} + /** * @deprecated * See #cx_math_invintm_no_throw @@ -518,6 +649,16 @@ DEPRECATED static inline void cx_math_invintm(uint8_t *r, uint32_t a, const uint */ WARN_UNUSED_RESULT cx_err_t cx_math_is_prime_no_throw(const uint8_t *r, size_t len, bool *prime); +/** + * @brief cx_math_is_prime_no_throw version which doesn't return in case of failure. + * + * See #cx_math_is_prime_no_throw + */ +static inline void cx_math_is_prime_assert(const uint8_t *r, size_t len, bool *prime) +{ + LEDGER_ASSERT(cx_math_is_prime_no_throw(r, len, prime) == CX_OK, "cx_math_is_prime_no_throw"); +} + /** * @deprecated * See #cx_math_is_prime_no_throw @@ -548,6 +689,16 @@ DEPRECATED static inline bool cx_math_is_prime(const uint8_t *r, size_t len) */ WARN_UNUSED_RESULT cx_err_t cx_math_next_prime_no_throw(uint8_t *r, uint32_t len); +/** + * @brief cx_math_next_prime_no_throw version which doesn't return in case of failure. + * + * See #cx_math_next_prime_no_throw + */ +static inline void cx_math_next_prime_assert(uint8_t *r, uint32_t len) +{ + LEDGER_ASSERT(cx_math_next_prime_no_throw(r, len) == CX_OK, "cx_math_next_prime_no_throw"); +} + /** * @deprecated * See #cx_math_next_prime_no_throw diff --git a/lib_cxng/include/lcx_ripemd160.h b/lib_cxng/include/lcx_ripemd160.h index 83914fc92..206702e0f 100644 --- a/lib_cxng/include/lcx_ripemd160.h +++ b/lib_cxng/include/lcx_ripemd160.h @@ -61,6 +61,16 @@ typedef struct cx_ripemd160_s cx_ripemd160_t; */ WARN_UNUSED_RESULT cx_err_t cx_ripemd160_init_no_throw(cx_ripemd160_t *hash); +/** + * @brief cx_ripemd160_init_no_throw version which doesn't return in case of failure. + * + * See #cx_ripemd160_init_no_throw + */ +static inline void cx_ripemd160_init_assert(cx_ripemd160_t *hash) +{ + LEDGER_ASSERT(cx_ripemd160_init_no_throw(hash) == CX_OK, "cx_ripemd160_init_no_throw"); +} + /** * @brief Initializes a RIPEMD-160 context. * diff --git a/lib_cxng/include/lcx_rng.h b/lib_cxng/include/lcx_rng.h index c76973dbf..0ff9eb87c 100644 --- a/lib_cxng/include/lcx_rng.h +++ b/lib_cxng/include/lcx_rng.h @@ -32,6 +32,7 @@ #include "lcx_wrappers.h" #include "lcx_hash.h" +#include "ledger_assert.h" /** * @brief Generates a random buffer such that @@ -157,6 +158,25 @@ WARN_UNUSED_RESULT cx_err_t cx_rng_rfc6979(cx_md_t hash_id, uint8_t *out, size_t out_len); +/** + * @brief cx_rng_rfc6979 version which doesn't return in case of failure. + * + * See #cx_rng_rfc6979 + */ +static inline void cx_rng_rfc6979_assert(cx_md_t hash_id, + const uint8_t *x, + size_t x_len, + const uint8_t *h1, + size_t h1_len, + const uint8_t *q, + size_t q_len, + uint8_t *out, + size_t out_len) +{ + LEDGER_ASSERT(cx_rng_rfc6979(hash_id, x, x_len, h1, h1_len, q, q_len, out, out_len) == CX_OK, + "cx_rng_rfc6979"); +} + #endif // HAVE_RNG #endif // LCX_RNG_H diff --git a/lib_cxng/include/lcx_rsa.h b/lib_cxng/include/lcx_rsa.h index a267c8330..edcf247d2 100644 --- a/lib_cxng/include/lcx_rsa.h +++ b/lib_cxng/include/lcx_rsa.h @@ -32,6 +32,7 @@ #include "lcx_hash.h" #include "lcx_sha256.h" #include "lcx_sha512.h" +#include "ledger_assert.h" #include #include @@ -158,6 +159,22 @@ WARN_UNUSED_RESULT cx_err_t cx_rsa_init_public_key_no_throw(const uint8_t size_t modulus_len, cx_rsa_public_key_t *key); +/** + * @brief cx_rsa_init_public_key_no_throw version which doesn't return in case of failure. + * + * See #cx_rsa_init_public_key_no_throw + */ +static inline void cx_rsa_init_public_key_assert(const uint8_t *exponent, + size_t exponent_len, + const uint8_t *modulus, + size_t modulus_len, + cx_rsa_public_key_t *key) +{ + LEDGER_ASSERT( + cx_rsa_init_public_key_no_throw(exponent, exponent_len, modulus, modulus_len, key) == CX_OK, + "cx_rsa_init_public_key_no_throw"); +} + /** * @deprecated * See #cx_rsa_init_public_key_no_throw @@ -201,6 +218,23 @@ WARN_UNUSED_RESULT cx_err_t cx_rsa_init_private_key_no_throw(const uint8_t size_t modulus_len, cx_rsa_private_key_t *key); +/** + * @brief cx_rsa_init_private_key_no_throw version which doesn't return in case of failure. + * + * See #cx_rsa_init_private_key_no_throw + */ +static inline void cx_rsa_init_private_key_assert(const uint8_t *exponent, + size_t exponent_len, + const uint8_t *modulus, + size_t modulus_len, + cx_rsa_private_key_t *key) +{ + LEDGER_ASSERT( + cx_rsa_init_private_key_no_throw(exponent, exponent_len, modulus, modulus_len, key) + == CX_OK, + "cx_rsa_init_private_key_no_throw"); +} + /** * @deprecated * See #cx_rsa_init_private_key_no_throw @@ -256,6 +290,24 @@ WARN_UNUSED_RESULT cx_err_t cx_rsa_generate_pair_no_throw(size_t size_t exponent_len, const uint8_t *externalPQ); +/** + * @brief cx_rsa_generate_pair_no_throw version which doesn't return in case of failure. + * + * See #cx_rsa_generate_pair_no_throw + */ +static inline void cx_rsa_generate_pair_assert(size_t modulus_len, + cx_rsa_public_key_t *public_key, + cx_rsa_private_key_t *private_key, + const uint8_t *pub_exponent, + size_t exponent_len, + const uint8_t *externalPQ) +{ + LEDGER_ASSERT(cx_rsa_generate_pair_no_throw( + modulus_len, public_key, private_key, pub_exponent, exponent_len, externalPQ) + == CX_OK, + "cx_rsa_generate_pair_no_throw"); +} + /** * @deprecated * See #cx_rsa_generate_pair_no_throw @@ -320,6 +372,26 @@ WARN_UNUSED_RESULT cx_err_t cx_rsa_sign_with_salt_len(const cx_rsa_private_key_t size_t sig_len, size_t salt_len); +/** + * @brief cx_rsa_sign_with_salt_len version which doesn't return in case of failure. + * + * See #cx_rsa_sign_with_salt_len + */ +static inline void cx_rsa_sign_with_salt_len_assert(const cx_rsa_private_key_t *key, + uint32_t mode, + cx_md_t hashID, + const uint8_t *hash, + size_t hash_len, + uint8_t *sig, + size_t sig_len, + size_t salt_len) +{ + LEDGER_ASSERT( + cx_rsa_sign_with_salt_len(key, mode, hashID, hash, hash_len, sig, sig_len, salt_len) + == CX_OK, + "cx_rsa_sign_with_salt_len"); +} + /** * @brief Computes a message digest signature according to RSA specification. * @@ -366,6 +438,23 @@ WARN_UNUSED_RESULT cx_err_t cx_rsa_sign_no_throw(const cx_rsa_private_key_t *key uint8_t *sig, size_t sig_len); +/** + * @brief cx_rsa_sign_no_throw version which doesn't return in case of failure. + * + * See #cx_rsa_sign_no_throw + */ +static inline void cx_rsa_sign_assert(const cx_rsa_private_key_t *key, + uint32_t mode, + cx_md_t hashID, + const uint8_t *hash, + size_t hash_len, + uint8_t *sig, + size_t sig_len) +{ + LEDGER_ASSERT(cx_rsa_sign_no_throw(key, mode, hashID, hash, hash_len, sig, sig_len) == CX_OK, + "cx_rsa_sign_no_throw"); +} + /** * @deprecated * See #cx_rsa_sign_no_throw @@ -507,6 +596,23 @@ WARN_UNUSED_RESULT cx_err_t cx_rsa_encrypt_no_throw(const cx_rsa_public_key_t *k uint8_t *enc, size_t enc_len); +/** + * @brief cx_rsa_encrypt_no_throw version which doesn't return in case of failure. + * + * See #cx_rsa_encrypt_no_throw + */ +static inline void cx_rsa_encrypt_assert(const cx_rsa_public_key_t *key, + uint32_t mode, + cx_md_t hashID, + const uint8_t *mesg, + size_t mesg_len, + uint8_t *enc, + size_t enc_len) +{ + LEDGER_ASSERT(cx_rsa_encrypt_no_throw(key, mode, hashID, mesg, mesg_len, enc, enc_len) == CX_OK, + "cx_rsa_encrypt_no_throw"); +} + /** * @deprecated * See #cx_rsa_encrypt_no_throw @@ -563,6 +669,23 @@ WARN_UNUSED_RESULT cx_err_t cx_rsa_decrypt_no_throw(const cx_rsa_private_key_t * uint8_t *dec, size_t *dec_len); +/** + * @brief cx_rsa_decrypt_no_throw version which doesn't return in case of failure. + * + * See #cx_rsa_decrypt_no_throw + */ +static inline void cx_rsa_decrypt_assert(const cx_rsa_private_key_t *key, + uint32_t mode, + cx_md_t hashID, + const uint8_t *mesg, + size_t mesg_len, + uint8_t *dec, + size_t *dec_len) +{ + LEDGER_ASSERT(cx_rsa_decrypt_no_throw(key, mode, hashID, mesg, mesg_len, dec, dec_len) == CX_OK, + "cx_rsa_decrypt_no_throw"); +} + /** * @deprecated * See #cx_rsa_decrypt_no_throw diff --git a/lib_cxng/include/lcx_sha3.h b/lib_cxng/include/lcx_sha3.h index 0c8874c1e..ae529d1b7 100644 --- a/lib_cxng/include/lcx_sha3.h +++ b/lib_cxng/include/lcx_sha3.h @@ -33,6 +33,7 @@ #include "lcx_common.h" #include "lcx_hash.h" +#include "ledger_assert.h" #include /** @@ -69,6 +70,16 @@ typedef struct cx_sha3_s cx_sha3_t; */ WARN_UNUSED_RESULT cx_err_t cx_sha3_init_no_throw(cx_sha3_t *hash, size_t size); +/** + * @brief cx_sha3_init_no_throw version which doesn't return in case of failure. + * + * See #cx_sha3_init_no_throw + */ +static inline void cx_sha3_init_assert(cx_sha3_t *hash, size_t size) +{ + LEDGER_ASSERT(cx_sha3_init_no_throw(hash, size) == CX_OK, "cx_sha3_init_no_throw"); +} + /** * @deprecated * See #cx_sha3_init_no_throw @@ -100,6 +111,16 @@ DEPRECATED static inline int cx_sha3_init(cx_sha3_t *hash, size_t size) */ WARN_UNUSED_RESULT cx_err_t cx_keccak_init_no_throw(cx_sha3_t *hash, size_t size); +/** + * @brief cx_keccak_init_no_throw version which doesn't return in case of failure. + * + * See #cx_keccak_init_no_throw + */ +static inline void cx_keccak_init_assert(cx_sha3_t *hash, size_t size) +{ + LEDGER_ASSERT(cx_keccak_init_no_throw(hash, size) == CX_OK, "cx_keccak_init_no_throw"); +} + /** * @deprecated * See #cx_keccak_init_no_throw @@ -130,6 +151,16 @@ DEPRECATED static inline int cx_keccak_init(cx_sha3_t *hash, size_t size) */ WARN_UNUSED_RESULT cx_err_t cx_shake128_init_no_throw(cx_sha3_t *hash, size_t out_size); +/** + * @brief cx_shake128_init_no_throw version which doesn't return in case of failure. + * + * See #cx_shake128_init_no_throw + */ +static inline void cx_shake128_init_assert(cx_sha3_t *hash, size_t out_size) +{ + LEDGER_ASSERT(cx_shake128_init_no_throw(hash, out_size) == CX_OK, "cx_shake128_init_no_throw"); +} + /** * @deprecated * See #cx_shake128_init_no_throw @@ -160,6 +191,16 @@ DEPRECATED static inline int cx_shake128_init(cx_sha3_t *hash, unsigned int out_ */ WARN_UNUSED_RESULT cx_err_t cx_shake256_init_no_throw(cx_sha3_t *hash, size_t out_size); +/** + * @brief cx_shake256_init_no_throw version which doesn't return in case of failure. + * + * See #cx_shake256_init_no_throw + */ +static inline void cx_shake256_init_assert(cx_sha3_t *hash, size_t out_size) +{ + LEDGER_ASSERT(cx_shake256_init_no_throw(hash, out_size) == CX_OK, "cx_shake256_init_no_throw"); +} + /** * @deprecated * See #cx_shake256_init_no_throw @@ -194,6 +235,17 @@ WARN_UNUSED_RESULT cx_err_t cx_sha3_xof_init_no_throw(cx_sha3_t *hash, size_t size, size_t out_length); +/** + * @brief cx_sha3_xof_init_no_throw version which doesn't return in case of failure. + * + * See #cx_sha3_xof_init_no_throw + */ +static inline void cx_sha3_xof_init_assert(cx_sha3_t *hash, size_t size, size_t out_length) +{ + LEDGER_ASSERT(cx_sha3_xof_init_no_throw(hash, size, out_length) == CX_OK, + "cx_sha3_xof_init_no_throw"); +} + /** * @deprecated * See #cx_sha3_xof_init_no_throw