nDPId decryption example

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2024-12-19 15:07:54 +0100
committer: Toni Uhlig <matzeton@googlemail.com> 2025-01-26 20:40:37 +0100
commit: 997b47be801fa8c02aab25ec600184625403634e (patch)
tree: b9af775d38c263e13d991a025500681600e7d597
parent: 5efda1e6a4d32d89bcc948193bb32648a5008d84 (diff)
4 files changed, 18 insertions, 7 deletions
diff --git a/examples/c-decrypt/c-decrypt.c b/examples/c-decrypt/c-decrypt.c
index 0a142caea..575e626e1 100644
--- a/examples/c-decrypt/c-decrypt.c
+++ b/examples/c-decrypt/c-decrypt.c
@@ -105,10 +105,11 @@ int udp_server(struct ncrypt * const nc)
         int bytes_read = ncrypt_decrypt_recv(nc, sock_fd, &read_buf);
         if (bytes_read <= 0)
         {
+            logger(1, "Crypto error: %d", bytes_read);
             break;
         }
 
-        printf("read %d bytes\n", bytes_read);
+        printf("read %d bytes: %.*s", bytes_read, (int)read_buf.data_used, read_buf.plaintext.data);
     }
 
     return 0;
@@ -142,7 +143,7 @@ int main(int argc, char ** argv)
         return 1;
     }
 
-    struct ncrypt nc;
+    struct ncrypt nc = {};
     {
         int ret;
         unsigned char priv_key[NCRYPT_X25519_KEYLEN];
@@ -173,6 +174,12 @@ int main(int argc, char ** argv)
             logger_early(1, "Crypto initialization failed: %d", ret);
             return 1;
         }
+        ret = ncrypt_init_decrypt(&nc);
+        if (ret != 0)
+        {
+            logger_early(1, "Crypto decrypt initialization failed: %d", ret);
+            return 1;
+        }
     }
 
     return udp_server(&nc);
diff --git a/nDPId-test.c b/nDPId-test.c
index 5210513f7..11db64fc7 100644
--- a/nDPId-test.c
+++ b/nDPId-test.c
@@ -1673,7 +1673,8 @@ static int ncrypt_selftest()
     {
         ret++;
     }
-    if (ncrypt_init_decrypt(&nc_peer2, nc_peer1.iv) != 0)
+    memcpy(&nc_peer2.iv, &nc_peer1.iv, sizeof(nc_peer1.iv));
+    if (ncrypt_init_decrypt(&nc_peer2) != 0)
     {
         ret++;
     }
diff --git a/ncrypt.c b/ncrypt.c
index 36277b8f6..36ebecbab 100644
--- a/ncrypt.c
+++ b/ncrypt.c
@@ -278,7 +278,7 @@ int ncrypt_init_encrypt(struct ncrypt * const nc)
     return 0;
 }
 
-int ncrypt_init_decrypt(struct ncrypt * const nc, unsigned char iv[NCRYPT_AES_IVLEN])
+int ncrypt_init_decrypt(struct ncrypt * const nc)
 {
     if (nc->aesctx == NULL)
     {
@@ -299,8 +299,6 @@ int ncrypt_init_decrypt(struct ncrypt * const nc, unsigned char iv[NCRYPT_AES_IV
         }
     }
 
-    memcpy(nc->iv, iv, NCRYPT_AES_IVLEN);
-
     if (EVP_DecryptInit_ex(nc->aesctx, NULL, NULL, nc->shared_secret, nc->iv) == 0)
     {
         return -4;
diff --git a/ncrypt.h b/ncrypt.h
index f31de8aee..917b1bf9b 100644
--- a/ncrypt.h
+++ b/ncrypt.h
@@ -56,6 +56,11 @@ struct ncrypt_buffer
     size_t write_offset; // partial write; offset to next bytes of data
 };
 
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+_Static_assert(sizeof(((struct ncrypt_buffer *)0)->encrypted) == sizeof(((struct ncrypt_buffer *)0)->encrypted.raw),
+               "Raw buffer and iv/tag/data sizes differ");
+#endif
+
 int ncrypt_keygen(unsigned char priv_key[NCRYPT_X25519_KEYLEN], unsigned char pub_key[NCRYPT_X25519_KEYLEN]);
 
 int ncrypt_load_privkey(char const * const private_key_file, unsigned char priv_key[NCRYPT_X25519_KEYLEN]);
@@ -68,7 +73,7 @@ int ncrypt_init(struct ncrypt * const nc,
 
 int ncrypt_init_encrypt(struct ncrypt * const nc);
 
-int ncrypt_init_decrypt(struct ncrypt * const nc, unsigned char iv[NCRYPT_AES_IVLEN]);
+int ncrypt_init_decrypt(struct ncrypt * const nc);
 
 void ncrypt_free(struct ncrypt * const nc);
author	Toni Uhlig <matzeton@googlemail.com>	2024-12-19 15:07:54 +0100
committer	Toni Uhlig <matzeton@googlemail.com>	2025-01-26 20:40:37 +0100
commit	997b47be801fa8c02aab25ec600184625403634e (patch)
tree	b9af775d38c263e13d991a025500681600e7d597
parent	5efda1e6a4d32d89bcc948193bb32648a5008d84 (diff)