RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-18 17:05:06 +00:00
Code Issues Activity Actions

LibCrypto+LibTLS: Generalise the use of IV length

Browse source 
This is in preparation for the upcoming Galois/Counter mode, which
conventionally has 12 bytes of IV as opposed to CBC's 16 bytes.

...Also fixes a lot of style issues, since the author finally found the
project's clang config file in the repository root :^)
This commit is contained in:
AnotherTest 2020-04-23 02:53:11 +04:30 committed by Andreas Kling
parent 7384d58a0a
commit a1e1570552
7 changed files with 3110 additions and 3060 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Libraries/LibCrypto/Cipher/AES.cpp
View file

@ -46,7 +46,7 @@ namespace Cipher {
String AESCipherBlock::to_string() const
{
StringBuilder builder;
for (size_t i = 0; i < BLOCK_SIZE / 8; ++i)
for (size_t i = 0; i < BlockSizeInBits / 8; ++i)
builder.appendf("%02x", m_data[i]);
return builder.build();
}

10
Libraries/LibCrypto/Cipher/AES.h
View file

@ -35,10 +35,12 @@ namespace Crypto {
namespace Cipher {
struct AESCipherBlock : public CipherBlock {
public:
static constexpr size_t BlockSizeInBits = 128;
explicit AESCipherBlock(PaddingMode mode = PaddingMode::CMS)
: CipherBlock(mode)
{
m_data = ByteBuffer::create_zeroed(BLOCK_SIZE / 8);
m_data = ByteBuffer::create_zeroed(BlockSizeInBits / 8);
}
AESCipherBlock(const u8* data, size_t length, PaddingMode mode = PaddingMode::CMS)
: AESCipherBlock(mode)
@ -46,7 +48,7 @@ namespace Cipher {
overwrite(data, length);
}
static size_t block_size() { return BLOCK_SIZE / 8; };
static size_t block_size() { return BlockSizeInBits / 8; };
virtual ByteBuffer get() const override { return m_data; };
virtual const ByteBuffer& data() const override { return m_data; };
@ -64,8 +66,6 @@ namespace Cipher {
private:
virtual ByteBuffer& data() override { return m_data; };
static constexpr size_t BLOCK_SIZE = 128;
ByteBuffer m_data;
};
@ -111,6 +111,8 @@ namespace Cipher {
public:
using CBCMode = CBC<AESCipher>;
constexpr static size_t BlockSizeInBits = BlockType::BlockSizeInBits;
AESCipher(const ByteBuffer& user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
: Cipher<AESCipherKey, AESCipherBlock>(mode)
, m_key(user_key, key_bits, intent)

4
Libraries/LibCrypto/Cipher/Mode/CBC.h
View file

@ -36,6 +36,8 @@ namespace Cipher {
template <typename T>
class CBC : public Mode<T> {
public:
constexpr static size_t IVSizeInBits = 128;
virtual ~CBC() {}
template <typename... Args>
explicit constexpr CBC<T>(Args... args)
@ -51,6 +53,8 @@ namespace Cipher {
return builder.build();
}
virtual size_t IV_length() const { return IVSizeInBits / 8; }
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
{
auto length = in.size();

2
Libraries/LibCrypto/Cipher/Mode/Mode.h
View file

@ -41,6 +41,8 @@ namespace Cipher {
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
virtual size_t IV_length() const = 0;
const T& cipher() const { return m_cipher; }
ByteBuffer create_aligned_buffer(size_t input_size) const

25
Libraries/LibTLS/TLSv12.cpp
View file

@ -520,7 +520,7 @@ bool TLSv12::expand_key()
auto key_size = key_length();
auto mac_size = mac_length();
auto iv_size = 16;
auto iv_size = iv_length();
pseudorandom_function(
key_buffer,
@ -769,9 +769,10 @@ void TLSv12::update_packet(ByteBuffer& packet)
auto buffer = ByteBuffer::create_zeroed(length);
size_t buffer_position = 0;
u16 aligned_length = length + block_size - length % block_size;
auto iv_size = iv_length();
// we need enough space for a header, 16 bytes of IV and whatever the packet contains
auto ct = ByteBuffer::create_zeroed(aligned_length + header_size + 16);
// we need enough space for a header, iv_length bytes of IV and whatever the packet contains
auto ct = ByteBuffer::create_zeroed(aligned_length + header_size + iv_size);
// copy the header over
ct.overwrite(0, packet.data(), header_size - 2);
@ -798,18 +799,15 @@ void TLSv12::update_packet(ByteBuffer& packet)
// throws a wrench into our plans
buffer.trim(buffer_position);
// make a random seed IV for this message
u8 record_iv[16] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
// arc4random_buf(record_iv, 16);
auto iv = ByteBuffer::wrap(record_iv, 16);
// FIXME: REALLY Should be filled with random bytes
auto iv = ByteBuffer::create_zeroed(iv_size);
// write it into the ciphertext portion of the message
ct.overwrite(header_size, record_iv, 16);
ct.overwrite(header_size, iv.data(), iv.size());
ct.trim(length + block_size - length % block_size + header_size + block_size - padding);
// get a block to encrypt into
auto view = ct.slice_view(header_size + 16, length + block_size - length % block_size + block_size - padding - 16);
auto view = ct.slice_view(header_size + iv_size, length + block_size - length % block_size + block_size - padding - iv_size);
// encrypt the message
m_aes_local->encrypt(buffer, view, iv);
@ -1346,11 +1344,12 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
#endif
ASSERT(m_aes_remote);
auto iv_size = iv_length();
auto decrypted = m_aes_remote->create_aligned_buffer(length - 16);
auto iv = buffer.slice_view(header_size, 16);
auto decrypted = m_aes_remote->create_aligned_buffer(length - iv_size);
auto iv = buffer.slice_view(header_size, iv_size);
m_aes_remote->decrypt(buffer.slice_view(header_size + 16, length - 16), decrypted, iv);
m_aes_remote->decrypt(buffer.slice_view(header_size + iv_size, length - iv_size), decrypted, iv);
length = decrypted.size();

51
Libraries/LibTLS/TLSv12.h
View file

@ -92,8 +92,11 @@ enum class CipherSuite {
RSA_WITH_AES_128_CBC_SHA = 0x002F,
RSA_WITH_AES_256_CBC_SHA = 0x0035,
RSA_WITH_AES_128_CBC_SHA256 = 0x003C, // we support this
RSA_WITH_AES_256_CBC_SHA256 = 0x003D, //<- this is our guy
// We support these
RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
// TODO
RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
};
@ -360,8 +363,48 @@ private:
void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b);
size_t key_length() const { return m_aes_local ? m_aes_local->cipher().key().length() : 16; } // FIXME: generalize
size_t mac_length() const { return Crypto::Authentication::HMAC<Crypto::Hash::SHA256>::DigestSize; } // FIXME: generalize
size_t key_length() const
{
switch (m_context.cipher) {
case CipherSuite::AES_128_CCM_8_SHA256:
case CipherSuite::AES_128_CCM_SHA256:
case CipherSuite::AES_128_GCM_SHA256:
case CipherSuite::Invalid:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA:
case CipherSuite::RSA_WITH_AES_128_GCM_SHA256:
default:
return 128 / 8;
case CipherSuite::AES_256_GCM_SHA384:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_256_GCM_SHA384:
return 256 / 8;
}
}
size_t mac_length() const
{
return Crypto::Authentication::HMAC<Crypto::Hash::SHA256>::DigestSize;
} // FIXME: generalize
size_t iv_length() const
{
switch (m_context.cipher) {
case CipherSuite::AES_128_CCM_8_SHA256:
case CipherSuite::AES_128_CCM_SHA256:
case CipherSuite::Invalid:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA:
default:
return 16;
case CipherSuite::AES_128_GCM_SHA256:
case CipherSuite::AES_256_GCM_SHA384:
case CipherSuite::RSA_WITH_AES_128_GCM_SHA256:
case CipherSuite::RSA_WITH_AES_256_GCM_SHA384:
return 12;
}
}
bool expand_key();