LibCrypto+LibTLS: Generalise the use of IV length

This is in preparation for the upcoming Galois/Counter mode, which
conventionally has 12 bytes of IV as opposed to CBC's 16 bytes.

...Also fixes a lot of style issues, since the author finally found the
project's clang config file in the repository root :^)

Libraries/LibCrypto/Cipher/AES.cpp

@@ -46,7 +46,7 @@ namespace Cipher {
 String AESCipherBlock::to_string() const
 {
     StringBuilder builder;
-        for (size_t i = 0; i < BLOCK_SIZE / 8; ++i)
+    for (size_t i = 0; i < BlockSizeInBits / 8; ++i)
         builder.appendf("%02x", m_data[i]);
     return builder.build();
 }

Libraries/LibCrypto/Cipher/AES.h

@@ -35,10 +35,12 @@ namespace Crypto {
 namespace Cipher {
 struct AESCipherBlock : public CipherBlock {
 public:
+    static constexpr size_t BlockSizeInBits = 128;
+
     explicit AESCipherBlock(PaddingMode mode = PaddingMode::CMS)
         : CipherBlock(mode)
     {
-            m_data = ByteBuffer::create_zeroed(BLOCK_SIZE / 8);
+        m_data = ByteBuffer::create_zeroed(BlockSizeInBits / 8);
     }
     AESCipherBlock(const u8* data, size_t length, PaddingMode mode = PaddingMode::CMS)
         : AESCipherBlock(mode)
@@ -46,7 +48,7 @@ namespace Cipher {
         overwrite(data, length);
     }
 
-        static size_t block_size() { return BLOCK_SIZE / 8; };
+    static size_t block_size() { return BlockSizeInBits / 8; };
 
     virtual ByteBuffer get() const override { return m_data; };
     virtual const ByteBuffer& data() const override { return m_data; };
@@ -64,8 +66,6 @@ namespace Cipher {
 
 private:
     virtual ByteBuffer& data() override { return m_data; };
-
-        static constexpr size_t BLOCK_SIZE = 128;
     ByteBuffer m_data;
 };
 
@@ -111,6 +111,8 @@ namespace Cipher {
 public:
     using CBCMode = CBC<AESCipher>;
 
+    constexpr static size_t BlockSizeInBits = BlockType::BlockSizeInBits;
+
     AESCipher(const ByteBuffer& user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
         : Cipher<AESCipherKey, AESCipherBlock>(mode)
         , m_key(user_key, key_bits, intent)

Libraries/LibCrypto/Cipher/Mode/CBC.h

@@ -36,6 +36,8 @@ namespace Cipher {
     template <typename T>
     class CBC : public Mode<T> {
     public:
+        constexpr static size_t IVSizeInBits = 128;
+
         virtual ~CBC() {}
         template <typename... Args>
         explicit constexpr CBC<T>(Args... args)
@@ -51,6 +53,8 @@ namespace Cipher {
             return builder.build();
         }
 
+        virtual size_t IV_length() const { return IVSizeInBits / 8; }
+
         virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
         {
             auto length = in.size();

Libraries/LibCrypto/Cipher/Mode/Mode.h

@@ -41,6 +41,8 @@ namespace Cipher {
     virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
     virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
 
+    virtual size_t IV_length() const = 0;
+
     const T& cipher() const { return m_cipher; }
 
     ByteBuffer create_aligned_buffer(size_t input_size) const

Libraries/LibTLS/TLSv12.cpp

@@ -520,7 +520,7 @@ bool TLSv12::expand_key()
 
     auto key_size = key_length();
     auto mac_size = mac_length();
-    auto iv_size = 16;
+    auto iv_size = iv_length();
 
     pseudorandom_function(
         key_buffer,
@@ -769,9 +769,10 @@ void TLSv12::update_packet(ByteBuffer& packet)
                 auto buffer = ByteBuffer::create_zeroed(length);
                 size_t buffer_position = 0;
                 u16 aligned_length = length + block_size - length % block_size;
+                auto iv_size = iv_length();
 
-                // we need enough space for a header, 16 bytes of IV and whatever the packet contains
+                // we need enough space for a header, iv_length bytes of IV and whatever the packet contains
-                auto ct = ByteBuffer::create_zeroed(aligned_length + header_size + 16);
+                auto ct = ByteBuffer::create_zeroed(aligned_length + header_size + iv_size);
 
                 // copy the header over
                 ct.overwrite(0, packet.data(), header_size - 2);
@@ -798,18 +799,15 @@ void TLSv12::update_packet(ByteBuffer& packet)
                 // throws a wrench into our plans
                 buffer.trim(buffer_position);
 
-                // make a random seed IV for this message
+                // FIXME: REALLY Should be filled with random bytes
-                u8 record_iv[16] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+                auto iv = ByteBuffer::create_zeroed(iv_size);
-                // arc4random_buf(record_iv, 16);
-
-                auto iv = ByteBuffer::wrap(record_iv, 16);
 
                 // write it into the ciphertext portion of the message
-                ct.overwrite(header_size, record_iv, 16);
+                ct.overwrite(header_size, iv.data(), iv.size());
                 ct.trim(length + block_size - length % block_size + header_size + block_size - padding);
 
                 // get a block to encrypt into
-                auto view = ct.slice_view(header_size + 16, length + block_size - length % block_size + block_size - padding - 16);
+                auto view = ct.slice_view(header_size + iv_size, length + block_size - length % block_size + block_size - padding - iv_size);
 
                 // encrypt the message
                 m_aes_local->encrypt(buffer, view, iv);
@@ -1346,11 +1344,12 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
 #endif
 
         ASSERT(m_aes_remote);
+        auto iv_size = iv_length();
 
-        auto decrypted = m_aes_remote->create_aligned_buffer(length - 16);
+        auto decrypted = m_aes_remote->create_aligned_buffer(length - iv_size);
-        auto iv = buffer.slice_view(header_size, 16);
+        auto iv = buffer.slice_view(header_size, iv_size);
 
-        m_aes_remote->decrypt(buffer.slice_view(header_size + 16, length - 16), decrypted, iv);
+        m_aes_remote->decrypt(buffer.slice_view(header_size + iv_size, length - iv_size), decrypted, iv);
 
         length = decrypted.size();
 

Libraries/LibTLS/TLSv12.h

@@ -92,8 +92,11 @@ enum class CipherSuite {
 
     RSA_WITH_AES_128_CBC_SHA = 0x002F,
     RSA_WITH_AES_256_CBC_SHA = 0x0035,
-    RSA_WITH_AES_128_CBC_SHA256 = 0x003C, // we support this
+
-    RSA_WITH_AES_256_CBC_SHA256 = 0x003D, //<- this is our guy
+    // We support these
+    RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
+    RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
+    // TODO
     RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
     RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
 };
@@ -360,8 +363,48 @@ private:
 
     void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b);
 
-    size_t key_length() const { return m_aes_local ? m_aes_local->cipher().key().length() : 16; } // FIXME: generalize
+    size_t key_length() const
-    size_t mac_length() const { return Crypto::Authentication::HMAC<Crypto::Hash::SHA256>::DigestSize; } // FIXME: generalize
+    {
+        switch (m_context.cipher) {
+        case CipherSuite::AES_128_CCM_8_SHA256:
+        case CipherSuite::AES_128_CCM_SHA256:
+        case CipherSuite::AES_128_GCM_SHA256:
+        case CipherSuite::Invalid:
+        case CipherSuite::RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite::RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite::RSA_WITH_AES_128_GCM_SHA256:
+        default:
+            return 128 / 8;
+        case CipherSuite::AES_256_GCM_SHA384:
+        case CipherSuite::RSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite::RSA_WITH_AES_256_CBC_SHA256:
+        case CipherSuite::RSA_WITH_AES_256_GCM_SHA384:
+            return 256 / 8;
+        }
+    }
+    size_t mac_length() const
+    {
+        return Crypto::Authentication::HMAC<Crypto::Hash::SHA256>::DigestSize;
+    } // FIXME: generalize
+    size_t iv_length() const
+    {
+        switch (m_context.cipher) {
+        case CipherSuite::AES_128_CCM_8_SHA256:
+        case CipherSuite::AES_128_CCM_SHA256:
+        case CipherSuite::Invalid:
+        case CipherSuite::RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite::RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite::RSA_WITH_AES_256_CBC_SHA256:
+        case CipherSuite::RSA_WITH_AES_256_CBC_SHA:
+        default:
+            return 16;
+        case CipherSuite::AES_128_GCM_SHA256:
+        case CipherSuite::AES_256_GCM_SHA384:
+        case CipherSuite::RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite::RSA_WITH_AES_256_GCM_SHA384:
+            return 12;
+        }
+    }
 
     bool expand_key();