mirror of
https://github.com/RGBCube/serenity
synced 2025-06-01 10:38:13 +00:00
LibCrypto: Fix issues in the Crypto stack
This commit fixes up the following: - HMAC should not reuse a single hasher when successively updating - AES Key should not assume its user key is valid signed char* - Mode should have a virtual destructor And adds a RFC5246 padding mode, which is required for TLS
This commit is contained in:
AnotherTest
Andreas Kling
parent
7adb93ede9
commit
f1578d7e9e
10 changed files with 93 additions and 49 deletions
|
|
@ -59,7 +59,7 @@ namespace Cipher {
|
|||
return builder.build();
|
||||
}
|
||||
|
||||
void AESCipherKey::expand_encrypt_key(const StringView& user_key, size_t bits)
|
||||
void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
|
||||
{
|
||||
u32* round_key;
|
||||
u32 temp;
|
||||
|
|
@ -78,10 +78,10 @@ namespace Cipher {
|
|||
m_rounds = 14;
|
||||
}
|
||||
|
||||
round_key[0] = get_key(user_key.substring_view(0, 4).characters_without_null_termination());
|
||||
round_key[1] = get_key(user_key.substring_view(4, 4).characters_without_null_termination());
|
||||
round_key[2] = get_key(user_key.substring_view(8, 4).characters_without_null_termination());
|
||||
round_key[3] = get_key(user_key.substring_view(12, 4).characters_without_null_termination());
|
||||
round_key[0] = get_key(user_key.slice_view(0, 4).data());
|
||||
round_key[1] = get_key(user_key.slice_view(4, 4).data());
|
||||
round_key[2] = get_key(user_key.slice_view(8, 4).data());
|
||||
round_key[3] = get_key(user_key.slice_view(12, 4).data());
|
||||
if (bits == 128) {
|
||||
for (;;) {
|
||||
temp = round_key[3];
|
||||
|
|
@ -103,8 +103,8 @@ namespace Cipher {
|
|||
return;
|
||||
}
|
||||
|
||||
round_key[4] = get_key(user_key.substring_view(16, 4).characters_without_null_termination());
|
||||
round_key[5] = get_key(user_key.substring_view(20, 4).characters_without_null_termination());
|
||||
round_key[4] = get_key(user_key.slice_view(16, 4).data());
|
||||
round_key[5] = get_key(user_key.slice_view(20, 4).data());
|
||||
if (bits == 192) {
|
||||
for (;;) {
|
||||
temp = round_key[5];
|
||||
|
|
@ -131,8 +131,8 @@ namespace Cipher {
|
|||
return;
|
||||
}
|
||||
|
||||
round_key[6] = get_key(user_key.substring_view(24, 4).characters_without_null_termination());
|
||||
round_key[7] = get_key(user_key.substring_view(28, 4).characters_without_null_termination());
|
||||
round_key[6] = get_key(user_key.slice_view(24, 4).data());
|
||||
round_key[7] = get_key(user_key.slice_view(28, 4).data());
|
||||
if (true) { // bits == 256
|
||||
for (;;) {
|
||||
temp = round_key[7];
|
||||
|
|
@ -169,7 +169,7 @@ namespace Cipher {
|
|||
}
|
||||
}
|
||||
|
||||
void AESCipherKey::expand_decrypt_key(const StringView& user_key, size_t bits)
|
||||
void AESCipherKey::expand_decrypt_key(const ByteBuffer& user_key, size_t bits)
|
||||
{
|
||||
u32* round_key;
|
||||
|
||||
|
|
@ -414,6 +414,10 @@ namespace Cipher {
|
|||
// fill with the length of the padding bytes
|
||||
__builtin_memset(m_data.data() + length, m_data.size() - length, m_data.size() - length);
|
||||
break;
|
||||
case PaddingMode::RFC5246:
|
||||
// fill with the length of the padding bytes minus one
|
||||
__builtin_memset(m_data.data() + length, m_data.size() - length - 1, m_data.size() - length);
|
||||
break;
|
||||
default:
|
||||
// FIXME: We should handle the rest of the common padding modes
|
||||
ASSERT_NOT_REACHED();
|
||||
|
|
|
|||
|
|
@ -71,8 +71,8 @@ namespace Cipher {
|
|||
|
||||
struct AESCipherKey : public CipherKey {
|
||||
virtual ByteBuffer data() const override { return ByteBuffer::copy(m_rd_keys, sizeof(m_rd_keys)); };
|
||||
virtual void expand_encrypt_key(const StringView& user_key, size_t bits) override;
|
||||
virtual void expand_decrypt_key(const StringView& user_key, size_t bits) override;
|
||||
virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) override;
|
||||
virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) override;
|
||||
static bool is_valid_key_size(size_t bits) { return bits == 128 || bits == 192 || bits == 256; };
|
||||
String to_string() const;
|
||||
const u32* round_keys() const
|
||||
|
|
@ -80,7 +80,8 @@ namespace Cipher {
|
|||
return (const u32*)m_rd_keys;
|
||||
}
|
||||
|
||||
AESCipherKey(const StringView& user_key, size_t key_bits, Intent intent)
|
||||
AESCipherKey(const ByteBuffer& user_key, size_t key_bits, Intent intent)
|
||||
: m_bits(key_bits)
|
||||
{
|
||||
if (intent == Intent::Encryption)
|
||||
expand_encrypt_key(user_key, key_bits);
|
||||
|
|
@ -91,6 +92,7 @@ namespace Cipher {
|
|||
virtual ~AESCipherKey() override {}
|
||||
|
||||
size_t rounds() const { return m_rounds; }
|
||||
size_t length() const { return m_bits / 8; }
|
||||
|
||||
protected:
|
||||
u32* round_keys()
|
||||
|
|
@ -102,13 +104,14 @@ namespace Cipher {
|
|||
static constexpr size_t MAX_ROUND_COUNT = 14;
|
||||
u32 m_rd_keys[(MAX_ROUND_COUNT + 1) * 4] { 0 };
|
||||
size_t m_rounds;
|
||||
size_t m_bits;
|
||||
};
|
||||
|
||||
class AESCipher final : public Cipher<AESCipherKey, AESCipherBlock> {
|
||||
public:
|
||||
using CBCMode = CBC<AESCipher>;
|
||||
|
||||
AESCipher(const StringView& user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
|
||||
AESCipher(const ByteBuffer& user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
|
||||
: Cipher<AESCipherKey, AESCipherBlock>(mode)
|
||||
, m_key(user_key, key_bits, intent)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ namespace Cipher {
|
|||
|
||||
enum class PaddingMode {
|
||||
CMS, // RFC 1423
|
||||
RFC5246, // very similar to CMS, but filled with |length - 1|, instead of |length|
|
||||
Null,
|
||||
// FIXME: We do not implement these yet
|
||||
Bit,
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ namespace Cipher {
|
|||
template <typename T>
|
||||
class CBC : public Mode<T> {
|
||||
public:
|
||||
virtual ~CBC() {}
|
||||
template <typename... Args>
|
||||
explicit constexpr CBC<T>(Args... args)
|
||||
: Mode<T>(args...)
|
||||
|
|
|
|||
|
|
@ -35,6 +35,8 @@ namespace Cipher {
|
|||
template <typename T>
|
||||
class Mode {
|
||||
public:
|
||||
virtual ~Mode() {}
|
||||
|
||||
// FIXME: Somehow communicate that encrypt returns the last initialization vector (if the mode supports it)
|
||||
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
|
||||
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
|
||||
|
|
@ -51,10 +53,9 @@ namespace Cipher {
|
|||
}
|
||||
|
||||
virtual String class_name() const = 0;
|
||||
|
||||
protected:
|
||||
T& cipher() { return m_cipher; }
|
||||
|
||||
protected:
|
||||
virtual void prune_padding(ByteBuffer& data)
|
||||
{
|
||||
auto size = data.size();
|
||||
|
|
@ -74,6 +75,22 @@ namespace Cipher {
|
|||
data.trim(size - maybe_padding_length);
|
||||
break;
|
||||
}
|
||||
case PaddingMode::RFC5246: {
|
||||
auto maybe_padding_length = data[size - 1];
|
||||
if (maybe_padding_length >= T::block_size() - 1) {
|
||||
// cannot be padding (the entire block cannot be padding)
|
||||
return;
|
||||
}
|
||||
// FIXME: If we want to constant-time operations, this loop should not stop
|
||||
for (auto i = maybe_padding_length; i > 0; --i) {
|
||||
if (data[size - i - 1] != maybe_padding_length) {
|
||||
// note that this is likely invalid padding
|
||||
return;
|
||||
}
|
||||
}
|
||||
data.trim(size - maybe_padding_length - 1);
|
||||
break;
|
||||
}
|
||||
case PaddingMode::Null: {
|
||||
while (data[size - 1] == 0)
|
||||
--size;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue