RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-18 16:55:07 +00:00
Code Issues Activity Actions

LibCrypto+LibTLS: Generalise the use of IV length

Browse source 
This is in preparation for the upcoming Galois/Counter mode, which
conventionally has 12 bytes of IV as opposed to CBC's 16 bytes.

...Also fixes a lot of style issues, since the author finally found the
project's clang config file in the repository root :^)
This commit is contained in:
AnotherTest 2020-04-23 02:53:11 +04:30 committed by Andreas Kling
parent 7384d58a0a
commit a1e1570552
7 changed files with 3110 additions and 3060 deletions
Download patch file Download diff file Expand all files Collapse all files

416
Libraries/LibCrypto/Cipher/AES.cpp
View file

@ -30,165 +30,165 @@
namespace Crypto { namespace Crypto {
namespace Cipher { namespace Cipher {
template <typename T> template<typename T>
constexpr u32 get_key(T pt) constexpr u32 get_key(T pt)
{ {
return ((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]); return ((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]);
}
constexpr void swap_keys(u32* keys, size_t i, size_t j)
{
u32 temp = keys[i];
keys[i] = keys[j];
keys[j] = temp;
}
String AESCipherBlock::to_string() const
{
StringBuilder builder;
for (size_t i = 0; i < BlockSizeInBits / 8; ++i)
builder.appendf("%02x", m_data[i]);
return builder.build();
}
String AESCipherKey::to_string() const
{
StringBuilder builder;
for (size_t i = 0; i < (rounds() + 1) * 4; ++i)
builder.appendf("%02x", m_rd_keys[i]);
return builder.build();
}
void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
{
u32* round_key;
u32 temp;
size_t i { 0 };
ASSERT(!user_key.is_null());
ASSERT(is_valid_key_size(bits));
round_key = round_keys();
if (bits == 128) {
m_rounds = 10;
} else if (bits == 192) {
m_rounds = 12;
} else {
m_rounds = 14;
} }
constexpr void swap_keys(u32* keys, size_t i, size_t j) round_key[0] = get_key(user_key.slice_view(0, 4).data());
{ round_key[1] = get_key(user_key.slice_view(4, 4).data());
u32 temp = keys[i]; round_key[2] = get_key(user_key.slice_view(8, 4).data());
keys[i] = keys[j]; round_key[3] = get_key(user_key.slice_view(12, 4).data());
keys[j] = temp; if (bits == 128) {
} for (;;) {
temp = round_key[3];
String AESCipherBlock::to_string() const // clang-format off
{
StringBuilder builder;
for (size_t i = 0; i < BLOCK_SIZE / 8; ++i)
builder.appendf("%02x", m_data[i]);
return builder.build();
}
String AESCipherKey::to_string() const
{
StringBuilder builder;
for (size_t i = 0; i < (rounds() + 1) * 4; ++i)
builder.appendf("%02x", m_rd_keys[i]);
return builder.build();
}
void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
{
u32* round_key;
u32 temp;
size_t i { 0 };
ASSERT(!user_key.is_null());
ASSERT(is_valid_key_size(bits));
round_key = round_keys();
if (bits == 128) {
m_rounds = 10;
} else if (bits == 192) {
m_rounds = 12;
} else {
m_rounds = 14;
}
round_key[0] = get_key(user_key.slice_view(0, 4).data());
round_key[1] = get_key(user_key.slice_view(4, 4).data());
round_key[2] = get_key(user_key.slice_view(8, 4).data());
round_key[3] = get_key(user_key.slice_view(12, 4).data());
if (bits == 128) {
for (;;) {
temp = round_key[3];
// clang-format off
round_key[4] = round_key[0] ^ round_key[4] = round_key[0] ^
(AESTables::Encode2[(temp >> 16) & 0xff] & 0xff000000) ^ (AESTables::Encode2[(temp >> 16) & 0xff] & 0xff000000) ^
(AESTables::Encode3[(temp >> 8) & 0xff] & 0x00ff0000) ^ (AESTables::Encode3[(temp >> 8) & 0xff] & 0x00ff0000) ^
(AESTables::Encode0[(temp ) & 0xff] & 0x0000ff00) ^ (AESTables::Encode0[(temp ) & 0xff] & 0x0000ff00) ^
(AESTables::Encode1[(temp >> 24) ] & 0x000000ff) ^ AESTables::RCON[i]; (AESTables::Encode1[(temp >> 24) ] & 0x000000ff) ^ AESTables::RCON[i];
// clang-format on // clang-format on
round_key[5] = round_key[1] ^ round_key[4]; round_key[5] = round_key[1] ^ round_key[4];
round_key[6] = round_key[2] ^ round_key[5]; round_key[6] = round_key[2] ^ round_key[5];
round_key[7] = round_key[3] ^ round_key[6]; round_key[7] = round_key[3] ^ round_key[6];
++i; ++i;
if (i == 10) if (i == 10)
break; break;
round_key += 4; round_key += 4;
}
return;
} }
return;
}
round_key[4] = get_key(user_key.slice_view(16, 4).data()); round_key[4] = get_key(user_key.slice_view(16, 4).data());
round_key[5] = get_key(user_key.slice_view(20, 4).data()); round_key[5] = get_key(user_key.slice_view(20, 4).data());
if (bits == 192) { if (bits == 192) {
for (;;) { for (;;) {
temp = round_key[5]; temp = round_key[5];
// clang-format off // clang-format off
round_key[6] = round_key[0] ^ round_key[6] = round_key[0] ^
(AESTables::Encode2[(temp >> 16) & 0xff] & 0xff000000) ^ (AESTables::Encode2[(temp >> 16) & 0xff] & 0xff000000) ^
(AESTables::Encode3[(temp >> 8) & 0xff] & 0x00ff0000) ^ (AESTables::Encode3[(temp >> 8) & 0xff] & 0x00ff0000) ^
(AESTables::Encode0[(temp ) & 0xff] & 0x0000ff00) ^ (AESTables::Encode0[(temp ) & 0xff] & 0x0000ff00) ^
(AESTables::Encode1[(temp >> 24) ] & 0x000000ff) ^ AESTables::RCON[i]; (AESTables::Encode1[(temp >> 24) ] & 0x000000ff) ^ AESTables::RCON[i];
// clang-format on // clang-format on
round_key[7] = round_key[1] ^ round_key[6]; round_key[7] = round_key[1] ^ round_key[6];
round_key[8] = round_key[2] ^ round_key[7]; round_key[8] = round_key[2] ^ round_key[7];
round_key[9] = round_key[3] ^ round_key[8]; round_key[9] = round_key[3] ^ round_key[8];
++i; ++i;
if (i == 8) if (i == 8)
break; break;
round_key[10] = round_key[4] ^ round_key[9]; round_key[10] = round_key[4] ^ round_key[9];
round_key[11] = round_key[5] ^ round_key[10]; round_key[11] = round_key[5] ^ round_key[10];
round_key += 6; round_key += 6;
}
return;
} }
return;
}
round_key[6] = get_key(user_key.slice_view(24, 4).data()); round_key[6] = get_key(user_key.slice_view(24, 4).data());
round_key[7] = get_key(user_key.slice_view(28, 4).data()); round_key[7] = get_key(user_key.slice_view(28, 4).data());
if (true) { // bits == 256 if (true) { // bits == 256
for (;;) { for (;;) {
temp = round_key[7]; temp = round_key[7];
// clang-format off // clang-format off
round_key[8] = round_key[0] ^ round_key[8] = round_key[0] ^
(AESTables::Encode2[(temp >> 16) & 0xff] & 0xff000000) ^ (AESTables::Encode2[(temp >> 16) & 0xff] & 0xff000000) ^
(AESTables::Encode3[(temp >> 8) & 0xff] & 0x00ff0000) ^ (AESTables::Encode3[(temp >> 8) & 0xff] & 0x00ff0000) ^
(AESTables::Encode0[(temp ) & 0xff] & 0x0000ff00) ^ (AESTables::Encode0[(temp ) & 0xff] & 0x0000ff00) ^
(AESTables::Encode1[(temp >> 24) ] & 0x000000ff) ^ AESTables::RCON[i]; (AESTables::Encode1[(temp >> 24) ] & 0x000000ff) ^ AESTables::RCON[i];
// clang-format on // clang-format on
round_key[9] = round_key[1] ^ round_key[8]; round_key[9] = round_key[1] ^ round_key[8];
round_key[10] = round_key[2] ^ round_key[9]; round_key[10] = round_key[2] ^ round_key[9];
round_key[11] = round_key[3] ^ round_key[10]; round_key[11] = round_key[3] ^ round_key[10];
++i; ++i;
if (i == 7) if (i == 7)
break; break;
temp = round_key[11]; temp = round_key[11];
// clang-format off // clang-format off
round_key[12] = round_key[4] ^ round_key[12] = round_key[4] ^
(AESTables::Encode2[(temp >> 24) ] & 0xff000000) ^ (AESTables::Encode2[(temp >> 24) ] & 0xff000000) ^
(AESTables::Encode3[(temp >> 16) & 0xff] & 0x00ff0000) ^ (AESTables::Encode3[(temp >> 16) & 0xff] & 0x00ff0000) ^
(AESTables::Encode0[(temp >> 8) & 0xff] & 0x0000ff00) ^ (AESTables::Encode0[(temp >> 8) & 0xff] & 0x0000ff00) ^
(AESTables::Encode1[(temp ) & 0xff] & 0x000000ff) ; (AESTables::Encode1[(temp ) & 0xff] & 0x000000ff) ;
// clang-format on // clang-format on
round_key[13] = round_key[5] ^ round_key[12]; round_key[13] = round_key[5] ^ round_key[12];
round_key[14] = round_key[6] ^ round_key[13]; round_key[14] = round_key[6] ^ round_key[13];
round_key[15] = round_key[7] ^ round_key[14]; round_key[15] = round_key[7] ^ round_key[14];
round_key += 8; round_key += 8;
}
return;
} }
return;
}
}
void AESCipherKey::expand_decrypt_key(const ByteBuffer& user_key, size_t bits)
{
u32* round_key;
expand_encrypt_key(user_key, bits);
round_key = round_keys();
// reorder round keys
for (size_t i = 0, j = 4 * rounds(); i < j; i += 4, j -= 4) {
swap_keys(round_key, i, j);
swap_keys(round_key, i + 1, j + 1);
swap_keys(round_key, i + 2, j + 2);
swap_keys(round_key, i + 3, j + 3);
} }
void AESCipherKey::expand_decrypt_key(const ByteBuffer& user_key, size_t bits) // apply inverse mix-column to middle rounds
{ for (size_t i = 1; i < rounds(); ++i) {
u32* round_key; round_key += 4;
// clang-format off
expand_encrypt_key(user_key, bits);
round_key = round_keys();
// reorder round keys
for (size_t i = 0, j = 4 * rounds(); i < j; i += 4, j -= 4) {
swap_keys(round_key, i, j);
swap_keys(round_key, i + 1, j + 1);
swap_keys(round_key, i + 2, j + 2);
swap_keys(round_key, i + 3, j + 3);
}
// apply inverse mix-column to middle rounds
for (size_t i = 1; i < rounds(); ++i) {
round_key += 4;
// clang-format off
round_key[0] = round_key[0] =
AESTables::Decode0[AESTables::Encode1[(round_key[0] >> 24) ] & 0xff] ^ AESTables::Decode0[AESTables::Encode1[(round_key[0] >> 24) ] & 0xff] ^
AESTables::Decode1[AESTables::Encode1[(round_key[0] >> 16) & 0xff] & 0xff] ^ AESTables::Decode1[AESTables::Encode1[(round_key[0] >> 16) & 0xff] & 0xff] ^
@ -209,30 +209,30 @@ namespace Cipher {
AESTables::Decode1[AESTables::Encode1[(round_key[3] >> 16) & 0xff] & 0xff] ^ AESTables::Decode1[AESTables::Encode1[(round_key[3] >> 16) & 0xff] & 0xff] ^
AESTables::Decode2[AESTables::Encode1[(round_key[3] >> 8) & 0xff] & 0xff] ^ AESTables::Decode2[AESTables::Encode1[(round_key[3] >> 8) & 0xff] & 0xff] ^
AESTables::Decode3[AESTables::Encode1[(round_key[3] ) & 0xff] & 0xff] ; AESTables::Decode3[AESTables::Encode1[(round_key[3] ) & 0xff] & 0xff] ;
// clang-format on // clang-format on
}
} }
}
void AESCipher::encrypt_block(const AESCipherBlock& in, AESCipherBlock& out) void AESCipher::encrypt_block(const AESCipherBlock& in, AESCipherBlock& out)
{ {
u32 s0, s1, s2, s3, t0, t1, t2, t3; u32 s0, s1, s2, s3, t0, t1, t2, t3;
size_t r { 0 }; size_t r { 0 };
const auto& dec_key = key(); const auto& dec_key = key();
const auto* round_keys = dec_key.round_keys(); const auto* round_keys = dec_key.round_keys();
s0 = get_key(in.data().offset_pointer(0)) ^ round_keys[0]; s0 = get_key(in.data().offset_pointer(0)) ^ round_keys[0];
s1 = get_key(in.data().offset_pointer(4)) ^ round_keys[1]; s1 = get_key(in.data().offset_pointer(4)) ^ round_keys[1];
s2 = get_key(in.data().offset_pointer(8)) ^ round_keys[2]; s2 = get_key(in.data().offset_pointer(8)) ^ round_keys[2];
s3 = get_key(in.data().offset_pointer(12)) ^ round_keys[3]; s3 = get_key(in.data().offset_pointer(12)) ^ round_keys[3];
r = dec_key.rounds() >> 1; r = dec_key.rounds() >> 1;
// apply the first |r - 1| rounds // apply the first |r - 1| rounds
auto i { 0 }; auto i { 0 };
for (;;) { for (;;) {
++i; ++i;
// clang-format off // clang-format off
t0 = AESTables::Encode0[(s0 >> 24) ] ^ t0 = AESTables::Encode0[(s0 >> 24) ] ^
AESTables::Encode1[(s1 >> 16) & 0xff] ^ AESTables::Encode1[(s1 >> 16) & 0xff] ^
AESTables::Encode2[(s2 >> 8) & 0xff] ^ AESTables::Encode2[(s2 >> 8) & 0xff] ^
@ -249,15 +249,15 @@ namespace Cipher {
AESTables::Encode1[(s0 >> 16) & 0xff] ^ AESTables::Encode1[(s0 >> 16) & 0xff] ^
AESTables::Encode2[(s1 >> 8) & 0xff] ^ AESTables::Encode2[(s1 >> 8) & 0xff] ^
AESTables::Encode3[(s2 ) & 0xff] ^ round_keys[7]; AESTables::Encode3[(s2 ) & 0xff] ^ round_keys[7];
// clang-format on // clang-format on
round_keys += 8; round_keys += 8;
--r; --r;
++i; ++i;
if (r == 0) if (r == 0)
break; break;
// clang-format off // clang-format off
s0 = AESTables::Encode0[(t0 >> 24) ] ^ s0 = AESTables::Encode0[(t0 >> 24) ] ^
AESTables::Encode1[(t1 >> 16) & 0xff] ^ AESTables::Encode1[(t1 >> 16) & 0xff] ^
AESTables::Encode2[(t2 >> 8) & 0xff] ^ AESTables::Encode2[(t2 >> 8) & 0xff] ^
@ -274,11 +274,11 @@ namespace Cipher {
AESTables::Encode1[(t0 >> 16) & 0xff] ^ AESTables::Encode1[(t0 >> 16) & 0xff] ^
AESTables::Encode2[(t1 >> 8) & 0xff] ^ AESTables::Encode2[(t1 >> 8) & 0xff] ^
AESTables::Encode3[(t2 ) & 0xff] ^ round_keys[3]; AESTables::Encode3[(t2 ) & 0xff] ^ round_keys[3];
// clang-format on // clang-format on
} }
// apply the last round and put the encrypted data into out // apply the last round and put the encrypted data into out
// clang-format off // clang-format off
s0 = (AESTables::Encode2[(t0 >> 24) ] & 0xff000000) ^ s0 = (AESTables::Encode2[(t0 >> 24) ] & 0xff000000) ^
(AESTables::Encode3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ (AESTables::Encode3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
(AESTables::Encode0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ (AESTables::Encode0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
@ -302,28 +302,28 @@ namespace Cipher {
(AESTables::Encode0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ (AESTables::Encode0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
(AESTables::Encode1[(t2 ) & 0xff] & 0x000000ff) ^ round_keys[3]; (AESTables::Encode1[(t2 ) & 0xff] & 0x000000ff) ^ round_keys[3];
out.put(12, s3); out.put(12, s3);
// clang-format on // clang-format on
} }
void AESCipher::decrypt_block(const AESCipherBlock& in, AESCipherBlock& out) void AESCipher::decrypt_block(const AESCipherBlock& in, AESCipherBlock& out)
{ {
u32 s0, s1, s2, s3, t0, t1, t2, t3; u32 s0, s1, s2, s3, t0, t1, t2, t3;
size_t r { 0 }; size_t r { 0 };
const auto& dec_key = key(); const auto& dec_key = key();
const auto* round_keys = dec_key.round_keys(); const auto* round_keys = dec_key.round_keys();
s0 = get_key(in.data().offset_pointer(0)) ^ round_keys[0]; s0 = get_key(in.data().offset_pointer(0)) ^ round_keys[0];
s1 = get_key(in.data().offset_pointer(4)) ^ round_keys[1]; s1 = get_key(in.data().offset_pointer(4)) ^ round_keys[1];
s2 = get_key(in.data().offset_pointer(8)) ^ round_keys[2]; s2 = get_key(in.data().offset_pointer(8)) ^ round_keys[2];
s3 = get_key(in.data().offset_pointer(12)) ^ round_keys[3]; s3 = get_key(in.data().offset_pointer(12)) ^ round_keys[3];
r = dec_key.rounds() >> 1; r = dec_key.rounds() >> 1;
// apply the first |r - 1| rounds // apply the first |r - 1| rounds
for (;;) { for (;;) {
// clang-format off // clang-format off
t0 = AESTables::Decode0[(s0 >> 24) ] ^ t0 = AESTables::Decode0[(s0 >> 24) ] ^
AESTables::Decode1[(s3 >> 16) & 0xff] ^ AESTables::Decode1[(s3 >> 16) & 0xff] ^
AESTables::Decode2[(s2 >> 8) & 0xff] ^ AESTables::Decode2[(s2 >> 8) & 0xff] ^
@ -340,14 +340,14 @@ namespace Cipher {
AESTables::Decode1[(s2 >> 16) & 0xff] ^ AESTables::Decode1[(s2 >> 16) & 0xff] ^
AESTables::Decode2[(s1 >> 8) & 0xff] ^ AESTables::Decode2[(s1 >> 8) & 0xff] ^
AESTables::Decode3[(s0 ) & 0xff] ^ round_keys[7]; AESTables::Decode3[(s0 ) & 0xff] ^ round_keys[7];
// clang-format on // clang-format on
round_keys += 8; round_keys += 8;
--r; --r;
if (r == 0) if (r == 0)
break; break;
// clang-format off // clang-format off
s0 = AESTables::Decode0[(t0 >> 24) ] ^ s0 = AESTables::Decode0[(t0 >> 24) ] ^
AESTables::Decode1[(t3 >> 16) & 0xff] ^ AESTables::Decode1[(t3 >> 16) & 0xff] ^
AESTables::Decode2[(t2 >> 8) & 0xff] ^ AESTables::Decode2[(t2 >> 8) & 0xff] ^
@ -364,11 +364,11 @@ namespace Cipher {
AESTables::Decode1[(t2 >> 16) & 0xff] ^ AESTables::Decode1[(t2 >> 16) & 0xff] ^
AESTables::Decode2[(t1 >> 8) & 0xff] ^ AESTables::Decode2[(t1 >> 8) & 0xff] ^
AESTables::Decode3[(t0 ) & 0xff] ^ round_keys[3]; AESTables::Decode3[(t0 ) & 0xff] ^ round_keys[3];
// clang-format on // clang-format on
} }
// apply the last round and put the decrypted data into out // apply the last round and put the decrypted data into out
// clang-format off // clang-format off
s0 = ((u32)AESTables::Decode4[(t0 >> 24) ] << 24) ^ s0 = ((u32)AESTables::Decode4[(t0 >> 24) ] << 24) ^
((u32)AESTables::Decode4[(t3 >> 16) & 0xff] << 16) ^ ((u32)AESTables::Decode4[(t3 >> 16) & 0xff] << 16) ^
((u32)AESTables::Decode4[(t2 >> 8) & 0xff] << 8) ^ ((u32)AESTables::Decode4[(t2 >> 8) & 0xff] << 8) ^
@ -392,39 +392,39 @@ namespace Cipher {
((u32)AESTables::Decode4[(t1 >> 8) & 0xff] << 8) ^ ((u32)AESTables::Decode4[(t1 >> 8) & 0xff] << 8) ^
((u32)AESTables::Decode4[(t0 ) & 0xff] ) ^ round_keys[3]; ((u32)AESTables::Decode4[(t0 ) & 0xff] ) ^ round_keys[3];
out.put(12, s3); out.put(12, s3);
// clang-format on // clang-format on
} }
void AESCipherBlock::overwrite(const ByteBuffer& buffer) void AESCipherBlock::overwrite(const ByteBuffer& buffer)
{ {
overwrite(buffer.data(), buffer.size()); overwrite(buffer.data(), buffer.size());
} }
void AESCipherBlock::overwrite(const u8* data, size_t length) void AESCipherBlock::overwrite(const u8* data, size_t length)
{ {
ASSERT(length <= m_data.size()); ASSERT(length <= m_data.size());
m_data.overwrite(0, data, length); m_data.overwrite(0, data, length);
if (length < m_data.size()) { if (length < m_data.size()) {
switch (padding_mode()) { switch (padding_mode()) {
case PaddingMode::Null: case PaddingMode::Null:
// fill with zeros // fill with zeros
__builtin_memset(m_data.data() + length, 0, m_data.size() - length); __builtin_memset(m_data.data() + length, 0, m_data.size() - length);
break; break;
case PaddingMode::CMS: case PaddingMode::CMS:
// fill with the length of the padding bytes // fill with the length of the padding bytes
__builtin_memset(m_data.data() + length, m_data.size() - length, m_data.size() - length); __builtin_memset(m_data.data() + length, m_data.size() - length, m_data.size() - length);
break; break;
case PaddingMode::RFC5246: case PaddingMode::RFC5246:
// fill with the length of the padding bytes minus one // fill with the length of the padding bytes minus one
__builtin_memset(m_data.data() + length, m_data.size() - length - 1, m_data.size() - length); __builtin_memset(m_data.data() + length, m_data.size() - length - 1, m_data.size() - length);
break; break;
default: default:
// FIXME: We should handle the rest of the common padding modes // FIXME: We should handle the rest of the common padding modes
ASSERT_NOT_REACHED(); ASSERT_NOT_REACHED();
break; break;
}
} }
} }
} }
}
} }

4872
Libraries/LibCrypto/Cipher/AES.h
View file

File diff suppressed because it is too large Load diff

152
Libraries/LibCrypto/Cipher/Cipher.h
View file

@ -33,108 +33,108 @@
namespace Crypto { namespace Crypto {
namespace Cipher { namespace Cipher {
enum class Intent { enum class Intent {
Encryption, Encryption,
Decryption, Decryption,
}; };
enum class PaddingMode { enum class PaddingMode {
CMS, // RFC 1423 CMS, // RFC 1423
RFC5246, // very similar to CMS, but filled with |length - 1|, instead of |length| RFC5246, // very similar to CMS, but filled with |length - 1|, instead of |length|
Null, Null,
// FIXME: We do not implement these yet // FIXME: We do not implement these yet
Bit, Bit,
Random, Random,
Space, Space,
ZeroLength, ZeroLength,
}; };
template <typename B, typename T> template<typename B, typename T>
class Cipher; class Cipher;
struct CipherBlock { struct CipherBlock {
public: public:
explicit CipherBlock(PaddingMode mode) explicit CipherBlock(PaddingMode mode)
: m_padding_mode(mode) : m_padding_mode(mode)
{ {
} }
static size_t block_size() { ASSERT_NOT_REACHED(); } static size_t block_size() { ASSERT_NOT_REACHED(); }
virtual ByteBuffer get() const = 0; virtual ByteBuffer get() const = 0;
virtual const ByteBuffer& data() const = 0; virtual const ByteBuffer& data() const = 0;
virtual void overwrite(const ByteBuffer&) = 0; virtual void overwrite(const ByteBuffer&) = 0;
virtual void overwrite(const u8*, size_t) = 0; virtual void overwrite(const u8*, size_t) = 0;
virtual void apply_initialization_vector(const u8* ivec) = 0; virtual void apply_initialization_vector(const u8* ivec) = 0;
PaddingMode padding_mode() const { return m_padding_mode; } PaddingMode padding_mode() const { return m_padding_mode; }
template <typename T> template<typename T>
void put(size_t offset, T value) void put(size_t offset, T value)
{ {
ASSERT(offset + sizeof(T) <= data().size()); ASSERT(offset + sizeof(T) <= data().size());
auto* ptr = data().data() + offset; auto* ptr = data().data() + offset;
auto index { 0 }; auto index { 0 };
ASSERT(sizeof(T) <= 4); ASSERT(sizeof(T) <= 4);
if constexpr (sizeof(T) > 3) if constexpr (sizeof(T) > 3)
ptr[index++] = (u8)(value >> 24); ptr[index++] = (u8)(value >> 24);
if constexpr (sizeof(T) > 2) if constexpr (sizeof(T) > 2)
ptr[index++] = (u8)(value >> 16); ptr[index++] = (u8)(value >> 16);
if constexpr (sizeof(T) > 1) if constexpr (sizeof(T) > 1)
ptr[index++] = (u8)(value >> 8); ptr[index++] = (u8)(value >> 8);
ptr[index] = (u8)value; ptr[index] = (u8)value;
} }
private: private:
virtual ByteBuffer& data() = 0; virtual ByteBuffer& data() = 0;
PaddingMode m_padding_mode; PaddingMode m_padding_mode;
}; };
struct CipherKey { struct CipherKey {
virtual ByteBuffer data() const = 0; virtual ByteBuffer data() const = 0;
static bool is_valid_key_size(size_t) { return false; }; static bool is_valid_key_size(size_t) { return false; };
virtual ~CipherKey() { } virtual ~CipherKey() { }
protected: protected:
virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) = 0; virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) = 0; virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
size_t bits { 0 }; size_t bits { 0 };
}; };
template <typename KeyT = CipherKey, typename BlockT = CipherBlock> template<typename KeyT = CipherKey, typename BlockT = CipherBlock>
class Cipher { class Cipher {
public: public:
using KeyType = KeyT; using KeyType = KeyT;
using BlockType = BlockT; using BlockType = BlockT;
explicit Cipher<KeyT, BlockT>(PaddingMode mode) explicit Cipher<KeyT, BlockT>(PaddingMode mode)
: m_padding_mode(mode) : m_padding_mode(mode)
{ {
} }
virtual const KeyType& key() const = 0; virtual const KeyType& key() const = 0;
virtual KeyType& key() = 0; virtual KeyType& key() = 0;
static size_t block_size() { return BlockType::block_size(); } static size_t block_size() { return BlockType::block_size(); }
PaddingMode padding_mode() const { return m_padding_mode; } PaddingMode padding_mode() const { return m_padding_mode; }
virtual void encrypt_block(const BlockType& in, BlockType& out) = 0; virtual void encrypt_block(const BlockType& in, BlockType& out) = 0;
virtual void decrypt_block(const BlockType& in, BlockType& out) = 0; virtual void decrypt_block(const BlockType& in, BlockType& out) = 0;
virtual String class_name() const = 0; virtual String class_name() const = 0;
private: private:
PaddingMode m_padding_mode; PaddingMode m_padding_mode;
}; };
} }
} }

4
Libraries/LibCrypto/Cipher/Mode/CBC.h
View file

@ -36,6 +36,8 @@ namespace Cipher {
template <typename T> template <typename T>
class CBC : public Mode<T> { class CBC : public Mode<T> {
public: public:
constexpr static size_t IVSizeInBits = 128;
virtual ~CBC() {} virtual ~CBC() {}
template <typename... Args> template <typename... Args>
explicit constexpr CBC<T>(Args... args) explicit constexpr CBC<T>(Args... args)
@ -51,6 +53,8 @@ namespace Cipher {
return builder.build(); return builder.build();
} }
virtual size_t IV_length() const { return IVSizeInBits / 8; }
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
{ {
auto length = in.size(); auto length = in.size();

138
Libraries/LibCrypto/Cipher/Mode/Mode.h
View file

@ -32,88 +32,90 @@
namespace Crypto { namespace Crypto {
namespace Cipher { namespace Cipher {
template <typename T> template<typename T>
class Mode { class Mode {
public: public:
virtual ~Mode() {} virtual ~Mode() { }
// FIXME: Somehow communicate that encrypt returns the last initialization vector (if the mode supports it) // FIXME: Somehow communicate that encrypt returns the last initialization vector (if the mode supports it)
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0; virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0; virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
const T& cipher() const { return m_cipher; } virtual size_t IV_length() const = 0;
ByteBuffer create_aligned_buffer(size_t input_size) const const T& cipher() const { return m_cipher; }
{
size_t remainder = (input_size + T::block_size()) % T::block_size();
if (remainder == 0)
return ByteBuffer::create_uninitialized(input_size);
else
return ByteBuffer::create_uninitialized(input_size + T::block_size() - remainder);
}
virtual String class_name() const = 0; ByteBuffer create_aligned_buffer(size_t input_size) const
T& cipher() { return m_cipher; } {
size_t remainder = (input_size + T::block_size()) % T::block_size();
if (remainder == 0)
return ByteBuffer::create_uninitialized(input_size);
else
return ByteBuffer::create_uninitialized(input_size + T::block_size() - remainder);
}
protected: virtual String class_name() const = 0;
virtual void prune_padding(ByteBuffer& data) T& cipher() { return m_cipher; }
{
auto size = data.size(); protected:
switch (m_cipher.padding_mode()) { virtual void prune_padding(ByteBuffer& data)
case PaddingMode::CMS: { {
auto maybe_padding_length = data[size - 1]; auto size = data.size();
if (maybe_padding_length >= T::block_size()) { switch (m_cipher.padding_mode()) {
// cannot be padding (the entire block cannot be padding) case PaddingMode::CMS: {
auto maybe_padding_length = data[size - 1];
if (maybe_padding_length >= T::block_size()) {
// cannot be padding (the entire block cannot be padding)
return;
}
for (auto i = maybe_padding_length; i > 0; --i) {
if (data[size - i] != maybe_padding_length) {
// not padding, part of data
return; return;
} }
for (auto i = maybe_padding_length; i > 0; --i) {
if (data[size - i] != maybe_padding_length) {
// not padding, part of data
return;
}
}
data.trim(size - maybe_padding_length);
break;
} }
case PaddingMode::RFC5246: { data.trim(size - maybe_padding_length);
auto maybe_padding_length = data[size - 1]; break;
if (maybe_padding_length >= T::block_size() - 1) { }
// cannot be padding (the entire block cannot be padding) case PaddingMode::RFC5246: {
auto maybe_padding_length = data[size - 1];
if (maybe_padding_length >= T::block_size() - 1) {
// cannot be padding (the entire block cannot be padding)
return;
}
// FIXME: If we want to constant-time operations, this loop should not stop
for (auto i = maybe_padding_length; i > 0; --i) {
if (data[size - i - 1] != maybe_padding_length) {
// note that this is likely invalid padding
return; return;
} }
// FIXME: If we want to constant-time operations, this loop should not stop
for (auto i = maybe_padding_length; i > 0; --i) {
if (data[size - i - 1] != maybe_padding_length) {
// note that this is likely invalid padding
return;
}
}
data.trim(size - maybe_padding_length - 1);
break;
}
case PaddingMode::Null: {
while (data[size - 1] == 0)
--size;
data.trim(size);
break;
}
default:
// FIXME: support other padding modes
ASSERT_NOT_REACHED();
break;
} }
data.trim(size - maybe_padding_length - 1);
break;
} }
case PaddingMode::Null: {
// FIXME: Somehow add a reference version of this while (data[size - 1] == 0)
template <typename... Args> --size;
Mode(Args... args) data.trim(size);
: m_cipher(args...) break;
{
} }
default:
// FIXME: support other padding modes
ASSERT_NOT_REACHED();
break;
}
}
private: // FIXME: Somehow add a reference version of this
T m_cipher; template<typename... Args>
}; Mode(Args... args)
: m_cipher(args...)
{
}
private:
T m_cipher;
};
} }
} }

499
Libraries/LibTLS/TLSv12.cpp
View file

@ -60,137 +60,121 @@ namespace TLS {
// "for now" q&d implementation of ASN1 // "for now" q&d implementation of ASN1
namespace { namespace {
static bool _asn1_is_field_present(const u32* fields, const u32* prefix) static bool _asn1_is_field_present(const u32* fields, const u32* prefix)
{ {
size_t i = 0; size_t i = 0;
while (prefix[i]) { while (prefix[i]) {
if (fields[i] != prefix[i]) if (fields[i] != prefix[i])
return false; return false;
++i; ++i;
} }
return true; return true;
}
static bool _asn1_is_oid(const u8* oid, const u8* compare, size_t length = 3)
{
size_t i = 0;
while (oid[i] && i < length) {
if (oid[i] != compare[i])
return false;
++i;
}
return true;
}
static void _set_algorithm(u32&, const u8* value, size_t length)
{
if (length != 9) {
dbg() << "unsupported algorithm " << value;
} }
static bool _asn1_is_oid(const u8* oid, const u8* compare, size_t length = 3) dbg() << "FIXME: Set algorithm";
{ }
size_t i = 0;
while (oid[i] && i < length) {
if (oid[i] != compare[i])
return false;
++i;
}
return true;
}
static void _set_algorithm(u32&, const u8* value, size_t length) static size_t _get_asn1_length(const u8* buffer, size_t length, size_t& octets)
{ {
if (length != 9) { octets = 0;
dbg() << "unsupported algorithm " << value; if (length < 1)
} return 0;
dbg() << "FIXME: Set algorithm"; u8 size = buffer[0];
} if (size & 0x80) {
octets = size & 0x7f;
static size_t _get_asn1_length(const u8* buffer, size_t length, size_t& octets) if (octets > length - 1) {
{
octets = 0;
if (length < 1)
return 0; return 0;
}
u8 size = buffer[0]; auto reference_octets = octets;
if (size & 0x80) { if (octets > 4)
octets = size & 0x7f; reference_octets = 4;
if (octets > length - 1) { size_t long_size = 0, coeff = 1;
return 0; for (auto i = reference_octets; i > 0; --i) {
} long_size += buffer[i] * coeff;
auto reference_octets = octets; coeff *= 0x100;
if (octets > 4)
reference_octets = 4;
size_t long_size = 0, coeff = 1;
for (auto i = reference_octets; i > 0; --i) {
long_size += buffer[i] * coeff;
coeff *= 0x100;
}
++octets;
return long_size;
} }
++octets; ++octets;
return size; return long_size;
} }
++octets;
return size;
}
static ssize_t _parse_asn1(Context& context, Certificate& cert, const u8* buffer, size_t size, int level, u32* fields, u8* has_key, int client_cert, u8* root_oid, OIDChain* chain) static ssize_t _parse_asn1(Context& context, Certificate& cert, const u8* buffer, size_t size, int level, u32* fields, u8* has_key, int client_cert, u8* root_oid, OIDChain* chain)
{ {
OIDChain local_chain; OIDChain local_chain;
local_chain.root = chain; local_chain.root = chain;
size_t position = 0; size_t position = 0;
// parse DER...again // parse DER...again
size_t index = 0; size_t index = 0;
u8 oid[16] { 0 }; u8 oid[16] { 0 };
local_chain.oid = oid; local_chain.oid = oid;
if (has_key) if (has_key)
*has_key = 0; *has_key = 0;
u8 local_has_key = 0; u8 local_has_key = 0;
const u8* cert_data = nullptr; const u8* cert_data = nullptr;
size_t cert_length = 0; size_t cert_length = 0;
while (position < size) { while (position < size) {
size_t start_position = position; size_t start_position = position;
if (size - position < 2) { if (size - position < 2) {
dbg() << "not enough data for certificate size"; dbg() << "not enough data for certificate size";
return (i8)Error::NeedMoreData; return (i8)Error::NeedMoreData;
} }
u8 first = buffer[position++]; u8 first = buffer[position++];
u8 type = first & 0x1f; u8 type = first & 0x1f;
u8 constructed = first & 0x20; u8 constructed = first & 0x20;
size_t octets = 0; size_t octets = 0;
u32 temp; u32 temp;
index++; index++;
if (level <= 0xff) if (level <= 0xff)
fields[level - 1] = index; fields[level - 1] = index;
size_t length = _get_asn1_length((const u8*)&buffer[position], size - position, octets); size_t length = _get_asn1_length((const u8*)&buffer[position], size - position, octets);
if (octets > 4 || octets > size - position) { if (octets > 4 || octets > size - position) {
dbg() << "could not read the certificate"; dbg() << "could not read the certificate";
return position; return position;
} }
position += octets; position += octets;
if (size - position < length) { if (size - position < length) {
dbg() << "not enough data for sequence"; dbg() << "not enough data for sequence";
return (i8)Error::NeedMoreData; return (i8)Error::NeedMoreData;
} }
if (length && constructed) { if (length && constructed) {
switch (type) { switch (type) {
case 0x03: case 0x03:
break; break;
case 0x10: case 0x10:
if (level == 2 && index == 1) { if (level == 2 && index == 1) {
cert_length = length + position - start_position; cert_length = length + position - start_position;
cert_data = buffer + start_position; cert_data = buffer + start_position;
}
// public key data
if (!cert.version && _asn1_is_field_present(fields, Constants::priv_der_id)) {
temp = length + position - start_position;
if (cert.der.size() < temp) {
cert.der.grow(temp);
} else {
cert.der.trim(temp);
}
cert.der.overwrite(0, buffer + start_position, temp);
}
break;
default:
break;
} }
local_has_key = false; // public key data
_parse_asn1(context, cert, buffer + position, length, level + 1, fields, &local_has_key, client_cert, root_oid, &local_chain); if (!cert.version && _asn1_is_field_present(fields, Constants::priv_der_id)) {
if ((local_has_key && (!context.is_server || client_cert)) || (client_cert || _asn1_is_field_present(fields, Constants::pk_id))) {
temp = length + position - start_position; temp = length + position - start_position;
if (cert.der.size() < temp) { if (cert.der.size() < temp) {
cert.der.grow(temp); cert.der.grow(temp);
@ -199,134 +183,150 @@ namespace {
} }
cert.der.overwrite(0, buffer + start_position, temp); cert.der.overwrite(0, buffer + start_position, temp);
} }
} else { break;
switch (type) {
case 0x00:
return position;
break;
case 0x01:
temp = buffer[position];
break;
case 0x02:
if (_asn1_is_field_present(fields, Constants::pk_id)) {
if (has_key)
*has_key = true;
if (index == 1) default:
cert.public_key.set( break;
Crypto::UnsignedBigInteger::import_data(buffer + position, length), }
cert.public_key.public_exponent()); local_has_key = false;
else if (index == 2) _parse_asn1(context, cert, buffer + position, length, level + 1, fields, &local_has_key, client_cert, root_oid, &local_chain);
cert.public_key.set( if ((local_has_key && (!context.is_server || client_cert)) || (client_cert || _asn1_is_field_present(fields, Constants::pk_id))) {
cert.public_key.modulus(), temp = length + position - start_position;
Crypto::UnsignedBigInteger::import_data(buffer + position, length)); if (cert.der.size() < temp) {
} else if (_asn1_is_field_present(fields, Constants::serial_id)) { cert.der.grow(temp);
cert.serial_number = Crypto::UnsignedBigInteger::import_data(buffer + position, length); } else {
} cert.der.trim(temp);
if (_asn1_is_field_present(fields, Constants::version_id)) { }
if (length == 1) cert.der.overwrite(0, buffer + start_position, temp);
cert.version = buffer[position]; }
} } else {
// print_buffer(ByteBuffer::wrap(buffer + position, length)); switch (type) {
break; case 0x00:
case 0x03: return position;
if (_asn1_is_field_present(fields, Constants::pk_id)) { break;
if (has_key) case 0x01:
*has_key = true; temp = buffer[position];
} break;
if (_asn1_is_field_present(fields, Constants::sign_id)) { case 0x02:
auto* value = buffer + position; if (_asn1_is_field_present(fields, Constants::pk_id)) {
auto len = length; if (has_key)
if (!value[0] && len % 2) { *has_key = true;
++value;
--len; if (index == 1)
} cert.public_key.set(
cert.sign_key = ByteBuffer::copy(value, len); Crypto::UnsignedBigInteger::import_data(buffer + position, length),
} else { cert.public_key.public_exponent());
if (buffer[position] == 0 && length > 256) { else if (index == 2)
_parse_asn1(context, cert, buffer + position + 1, length - 1, level + 1, fields, &local_has_key, client_cert, root_oid, &local_chain); cert.public_key.set(
} else { cert.public_key.modulus(),
_parse_asn1(context, cert, buffer + position, length, level + 1, fields, &local_has_key, client_cert, root_oid, &local_chain); Crypto::UnsignedBigInteger::import_data(buffer + position, length));
} } else if (_asn1_is_field_present(fields, Constants::serial_id)) {
} cert.serial_number = Crypto::UnsignedBigInteger::import_data(buffer + position, length);
break; }
case 0x04: if (_asn1_is_field_present(fields, Constants::version_id)) {
_parse_asn1(context, cert, buffer + position, length, level + 1, fields, &local_has_key, client_cert, root_oid, &local_chain); if (length == 1)
break; cert.version = buffer[position];
case 0x05: }
break; // print_buffer(ByteBuffer::wrap(buffer + position, length));
case 0x06: break;
if (_asn1_is_field_present(fields, Constants::pk_id)) { case 0x03:
_set_algorithm(cert.key_algorithm, buffer + position, length); if (_asn1_is_field_present(fields, Constants::pk_id)) {
} if (has_key)
if (_asn1_is_field_present(fields, Constants::algorithm_id)) { *has_key = true;
_set_algorithm(cert.algorithm, buffer + position, length); }
} if (_asn1_is_field_present(fields, Constants::sign_id)) {
auto* value = buffer + position;
if (length < 16) auto len = length;
memcpy(oid, buffer + position, length); if (!value[0] && len % 2) {
else ++value;
memcpy(oid, buffer + position, 16); --len;
if (root_oid) }
memcpy(root_oid, oid, 16); cert.sign_key = ByteBuffer::copy(value, len);
break; } else {
case 0x09: if (buffer[position] == 0 && length > 256) {
break; _parse_asn1(context, cert, buffer + position + 1, length - 1, level + 1, fields, &local_has_key, client_cert, root_oid, &local_chain);
case 0x17: } else {
case 0x018: _parse_asn1(context, cert, buffer + position, length, level + 1, fields, &local_has_key, client_cert, root_oid, &local_chain);
// time }
// ignore }
break; break;
case 0x013: case 0x04:
case 0x0c: _parse_asn1(context, cert, buffer + position, length, level + 1, fields, &local_has_key, client_cert, root_oid, &local_chain);
case 0x14: break;
case 0x15: case 0x05:
case 0x16: break;
case 0x19: case 0x06:
case 0x1a: if (_asn1_is_field_present(fields, Constants::pk_id)) {
case 0x1b: _set_algorithm(cert.key_algorithm, buffer + position, length);
case 0x1c: }
case 0x1d: if (_asn1_is_field_present(fields, Constants::algorithm_id)) {
case 0x1e: _set_algorithm(cert.algorithm, buffer + position, length);
// printable string and such }
if (_asn1_is_field_present(fields, Constants::issurer_id)) {
if (_asn1_is_oid(oid, Constants::country_oid)) { if (length < 16)
cert.issuer_country = String { (const char*)buffer + position, length }; memcpy(oid, buffer + position, length);
} else if (_asn1_is_oid(oid, Constants::state_oid)) { else
cert.issuer_state = String { (const char*)buffer + position, length }; memcpy(oid, buffer + position, 16);
} else if (_asn1_is_oid(oid, Constants::location_oid)) { if (root_oid)
cert.issuer_location = String { (const char*)buffer + position, length }; memcpy(root_oid, oid, 16);
} else if (_asn1_is_oid(oid, Constants::entity_oid)) { break;
cert.issuer_entity = String { (const char*)buffer + position, length }; case 0x09:
} else if (_asn1_is_oid(oid, Constants::subject_oid)) { break;
cert.issuer_subject = String { (const char*)buffer + position, length }; case 0x17:
} case 0x018:
} else if (_asn1_is_field_present(fields, Constants::owner_id)) { // time
if (_asn1_is_oid(oid, Constants::country_oid)) { // ignore
cert.country = String { (const char*)buffer + position, length }; break;
} else if (_asn1_is_oid(oid, Constants::state_oid)) { case 0x013:
cert.state = String { (const char*)buffer + position, length }; case 0x0c:
} else if (_asn1_is_oid(oid, Constants::location_oid)) { case 0x14:
cert.location = String { (const char*)buffer + position, length }; case 0x15:
} else if (_asn1_is_oid(oid, Constants::entity_oid)) { case 0x16:
cert.entity = String { (const char*)buffer + position, length }; case 0x19:
} else if (_asn1_is_oid(oid, Constants::subject_oid)) { case 0x1a:
cert.subject = String { (const char*)buffer + position, length }; case 0x1b:
} case 0x1c:
} case 0x1d:
break; case 0x1e:
default: // printable string and such
// dbg() << "unused field " << type; if (_asn1_is_field_present(fields, Constants::issurer_id)) {
break; if (_asn1_is_oid(oid, Constants::country_oid)) {
} cert.issuer_country = String { (const char*)buffer + position, length };
} else if (_asn1_is_oid(oid, Constants::state_oid)) {
cert.issuer_state = String { (const char*)buffer + position, length };
} else if (_asn1_is_oid(oid, Constants::location_oid)) {
cert.issuer_location = String { (const char*)buffer + position, length };
} else if (_asn1_is_oid(oid, Constants::entity_oid)) {
cert.issuer_entity = String { (const char*)buffer + position, length };
} else if (_asn1_is_oid(oid, Constants::subject_oid)) {
cert.issuer_subject = String { (const char*)buffer + position, length };
}
} else if (_asn1_is_field_present(fields, Constants::owner_id)) {
if (_asn1_is_oid(oid, Constants::country_oid)) {
cert.country = String { (const char*)buffer + position, length };
} else if (_asn1_is_oid(oid, Constants::state_oid)) {
cert.state = String { (const char*)buffer + position, length };
} else if (_asn1_is_oid(oid, Constants::location_oid)) {
cert.location = String { (const char*)buffer + position, length };
} else if (_asn1_is_oid(oid, Constants::entity_oid)) {
cert.entity = String { (const char*)buffer + position, length };
} else if (_asn1_is_oid(oid, Constants::subject_oid)) {
cert.subject = String { (const char*)buffer + position, length };
}
}
break;
default:
// dbg() << "unused field " << type;
break;
} }
position += length;
} }
if (level == 2 && cert.sign_key.size() && cert_length && cert_data) { position += length;
dbg() << "FIXME: Cert.fingerprint";
}
return position;
} }
if (level == 2 && cert.sign_key.size() && cert_length && cert_data) {
dbg() << "FIXME: Cert.fingerprint";
}
return position;
}
} }
Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool)
@ -520,7 +520,7 @@ bool TLSv12::expand_key()
auto key_size = key_length(); auto key_size = key_length();
auto mac_size = mac_length(); auto mac_size = mac_length();
auto iv_size = 16; auto iv_size = iv_length();
pseudorandom_function( pseudorandom_function(
key_buffer, key_buffer,
@ -769,9 +769,10 @@ void TLSv12::update_packet(ByteBuffer& packet)
auto buffer = ByteBuffer::create_zeroed(length); auto buffer = ByteBuffer::create_zeroed(length);
size_t buffer_position = 0; size_t buffer_position = 0;
u16 aligned_length = length + block_size - length % block_size; u16 aligned_length = length + block_size - length % block_size;
auto iv_size = iv_length();
// we need enough space for a header, 16 bytes of IV and whatever the packet contains // we need enough space for a header, iv_length bytes of IV and whatever the packet contains
auto ct = ByteBuffer::create_zeroed(aligned_length + header_size + 16); auto ct = ByteBuffer::create_zeroed(aligned_length + header_size + iv_size);
// copy the header over // copy the header over
ct.overwrite(0, packet.data(), header_size - 2); ct.overwrite(0, packet.data(), header_size - 2);
@ -798,18 +799,15 @@ void TLSv12::update_packet(ByteBuffer& packet)
// throws a wrench into our plans // throws a wrench into our plans
buffer.trim(buffer_position); buffer.trim(buffer_position);
// make a random seed IV for this message // FIXME: REALLY Should be filled with random bytes
u8 record_iv[16] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; auto iv = ByteBuffer::create_zeroed(iv_size);
// arc4random_buf(record_iv, 16);
auto iv = ByteBuffer::wrap(record_iv, 16);
// write it into the ciphertext portion of the message // write it into the ciphertext portion of the message
ct.overwrite(header_size, record_iv, 16); ct.overwrite(header_size, iv.data(), iv.size());
ct.trim(length + block_size - length % block_size + header_size + block_size - padding); ct.trim(length + block_size - length % block_size + header_size + block_size - padding);
// get a block to encrypt into // get a block to encrypt into
auto view = ct.slice_view(header_size + 16, length + block_size - length % block_size + block_size - padding - 16); auto view = ct.slice_view(header_size + iv_size, length + block_size - length % block_size + block_size - padding - iv_size);
// encrypt the message // encrypt the message
m_aes_local->encrypt(buffer, view, iv); m_aes_local->encrypt(buffer, view, iv);
@ -1346,11 +1344,12 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
#endif #endif
ASSERT(m_aes_remote); ASSERT(m_aes_remote);
auto iv_size = iv_length();
auto decrypted = m_aes_remote->create_aligned_buffer(length - 16); auto decrypted = m_aes_remote->create_aligned_buffer(length - iv_size);
auto iv = buffer.slice_view(header_size, 16); auto iv = buffer.slice_view(header_size, iv_size);
m_aes_remote->decrypt(buffer.slice_view(header_size + 16, length - 16), decrypted, iv); m_aes_remote->decrypt(buffer.slice_view(header_size + iv_size, length - iv_size), decrypted, iv);
length = decrypted.size(); length = decrypted.size();

89
Libraries/LibTLS/TLSv12.h
View file

@ -92,8 +92,11 @@ enum class CipherSuite {
RSA_WITH_AES_128_CBC_SHA = 0x002F, RSA_WITH_AES_128_CBC_SHA = 0x002F,
RSA_WITH_AES_256_CBC_SHA = 0x0035, RSA_WITH_AES_256_CBC_SHA = 0x0035,
RSA_WITH_AES_128_CBC_SHA256 = 0x003C, // we support this
RSA_WITH_AES_256_CBC_SHA256 = 0x003D, //<- this is our guy // We support these
RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
// TODO
RSA_WITH_AES_128_GCM_SHA256 = 0x009C, RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
RSA_WITH_AES_256_GCM_SHA384 = 0x009D, RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
}; };
@ -360,8 +363,48 @@ private:
void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b); void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b);
size_t key_length() const { return m_aes_local ? m_aes_local->cipher().key().length() : 16; } // FIXME: generalize size_t key_length() const
size_t mac_length() const { return Crypto::Authentication::HMAC<Crypto::Hash::SHA256>::DigestSize; } // FIXME: generalize {
switch (m_context.cipher) {
case CipherSuite::AES_128_CCM_8_SHA256:
case CipherSuite::AES_128_CCM_SHA256:
case CipherSuite::AES_128_GCM_SHA256:
case CipherSuite::Invalid:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA:
case CipherSuite::RSA_WITH_AES_128_GCM_SHA256:
default:
return 128 / 8;
case CipherSuite::AES_256_GCM_SHA384:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_256_GCM_SHA384:
return 256 / 8;
}
}
size_t mac_length() const
{
return Crypto::Authentication::HMAC<Crypto::Hash::SHA256>::DigestSize;
} // FIXME: generalize
size_t iv_length() const
{
switch (m_context.cipher) {
case CipherSuite::AES_128_CCM_8_SHA256:
case CipherSuite::AES_128_CCM_SHA256:
case CipherSuite::Invalid:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA:
default:
return 16;
case CipherSuite::AES_128_GCM_SHA256:
case CipherSuite::AES_256_GCM_SHA384:
case CipherSuite::RSA_WITH_AES_128_GCM_SHA256:
case CipherSuite::RSA_WITH_AES_256_GCM_SHA384:
return 12;
}
}
bool expand_key(); bool expand_key();
@ -375,27 +418,27 @@ private:
}; };
namespace Constants { namespace Constants {
constexpr static const u32 version_id[] { 1, 1, 1, 0 }; constexpr static const u32 version_id[] { 1, 1, 1, 0 };
constexpr static const u32 pk_id[] { 1, 1, 7, 0 }; constexpr static const u32 pk_id[] { 1, 1, 7, 0 };
constexpr static const u32 serial_id[] { 1, 1, 2, 1, 0 }; constexpr static const u32 serial_id[] { 1, 1, 2, 1, 0 };
constexpr static const u32 issurer_id[] { 1, 1, 4, 0 }; constexpr static const u32 issurer_id[] { 1, 1, 4, 0 };
constexpr static const u32 owner_id[] { 1, 1, 6, 0 }; constexpr static const u32 owner_id[] { 1, 1, 6, 0 };
constexpr static const u32 validity_id[] { 1, 1, 5, 0 }; constexpr static const u32 validity_id[] { 1, 1, 5, 0 };
constexpr static const u32 algorithm_id[] { 1, 1, 3, 0 }; constexpr static const u32 algorithm_id[] { 1, 1, 3, 0 };
constexpr static const u32 sign_id[] { 1, 3, 2, 1, 0 }; constexpr static const u32 sign_id[] { 1, 3, 2, 1, 0 };
constexpr static const u32 priv_id[] { 1, 4, 0 }; constexpr static const u32 priv_id[] { 1, 4, 0 };
constexpr static const u32 priv_der_id[] { 1, 3, 1, 0 }; constexpr static const u32 priv_der_id[] { 1, 3, 1, 0 };
constexpr static const u32 ecc_priv_id[] { 1, 2, 0 }; constexpr static const u32 ecc_priv_id[] { 1, 2, 0 };
constexpr static const u8 country_oid[] { 0x55, 0x04, 0x06, 0x00 }; constexpr static const u8 country_oid[] { 0x55, 0x04, 0x06, 0x00 };
constexpr static const u8 state_oid[] { 0x55, 0x04, 0x08, 0x00 }; constexpr static const u8 state_oid[] { 0x55, 0x04, 0x08, 0x00 };
constexpr static const u8 location_oid[] { 0x55, 0x04, 0x07, 0x00 }; constexpr static const u8 location_oid[] { 0x55, 0x04, 0x07, 0x00 };
constexpr static const u8 entity_oid[] { 0x55, 0x04, 0x0A, 0x00 }; constexpr static const u8 entity_oid[] { 0x55, 0x04, 0x0A, 0x00 };
constexpr static const u8 subject_oid[] { 0x55, 0x04, 0x03, 0x00 }; constexpr static const u8 subject_oid[] { 0x55, 0x04, 0x03, 0x00 };
constexpr static const u8 san_oid[] { 0x55, 0x1D, 0x11, 0x00 }; constexpr static const u8 san_oid[] { 0x55, 0x1D, 0x11, 0x00 };
constexpr static const u8 ocsp_oid[] { 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x00 }; constexpr static const u8 ocsp_oid[] { 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x00 };
constexpr static const u8 TLS_RSA_SIGN_SHA256_OID[] { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x00 }; constexpr static const u8 TLS_RSA_SIGN_SHA256_OID[] { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x00 };
} }