RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 18:17:44 +00:00
Code Issues Activity Actions

LibCrypto: Fix issues in the Crypto stack

Browse source 
This commit fixes up the following:
- HMAC should not reuse a single hasher when successively updating
- AES Key should not assume its user key is valid signed char*
- Mode should have a virtual destructor
And adds a RFC5246 padding mode, which is required for TLS
This commit is contained in:
AnotherTest 2020-04-29 19:17:47 +04:30 committed by Andreas Kling
parent 7adb93ede9
commit f1578d7e9e
10 changed files with 93 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

21
Libraries/LibCrypto/Cipher/Mode/Mode.h
View file

@ -35,6 +35,8 @@ namespace Cipher {
template <typename T>
class Mode {
public:
virtual ~Mode() {}
// FIXME: Somehow communicate that encrypt returns the last initialization vector (if the mode supports it)
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
@ -51,10 +53,9 @@ namespace Cipher {
}
virtual String class_name() const = 0;
protected:
T& cipher() { return m_cipher; }
protected:
virtual void prune_padding(ByteBuffer& data)
{
auto size = data.size();
@ -74,6 +75,22 @@ namespace Cipher {
data.trim(size - maybe_padding_length);
break;
}
case PaddingMode::RFC5246: {
auto maybe_padding_length = data[size - 1];
if (maybe_padding_length >= T::block_size() - 1) {
// cannot be padding (the entire block cannot be padding)
return;
}
// FIXME: If we want to constant-time operations, this loop should not stop
for (auto i = maybe_padding_length; i > 0; --i) {
if (data[size - i - 1] != maybe_padding_length) {
// note that this is likely invalid padding
return;
}
}
data.trim(size - maybe_padding_length - 1);
break;
}
case PaddingMode::Null: {
while (data[size - 1] == 0)
--size;