1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 18:17:44 +00:00

LibCrypto: Fix issues in the Crypto stack

This commit fixes up the following:
- HMAC should not reuse a single hasher when successively updating
- AES Key should not assume its user key is valid signed char*
- Mode should have a virtual destructor
And adds a RFC5246 padding mode, which is required for TLS
This commit is contained in:
AnotherTest 2020-04-29 19:17:47 +04:30 committed by Andreas Kling
parent 7adb93ede9
commit f1578d7e9e
10 changed files with 93 additions and 49 deletions

View file

@ -35,6 +35,8 @@ namespace Cipher {
template <typename T>
class Mode {
public:
virtual ~Mode() {}
// FIXME: Somehow communicate that encrypt returns the last initialization vector (if the mode supports it)
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
@ -51,10 +53,9 @@ namespace Cipher {
}
virtual String class_name() const = 0;
protected:
T& cipher() { return m_cipher; }
protected:
virtual void prune_padding(ByteBuffer& data)
{
auto size = data.size();
@ -74,6 +75,22 @@ namespace Cipher {
data.trim(size - maybe_padding_length);
break;
}
case PaddingMode::RFC5246: {
auto maybe_padding_length = data[size - 1];
if (maybe_padding_length >= T::block_size() - 1) {
// cannot be padding (the entire block cannot be padding)
return;
}
// FIXME: If we want to constant-time operations, this loop should not stop
for (auto i = maybe_padding_length; i > 0; --i) {
if (data[size - i - 1] != maybe_padding_length) {
// note that this is likely invalid padding
return;
}
}
data.trim(size - maybe_padding_length - 1);
break;
}
case PaddingMode::Null: {
while (data[size - 1] == 0)
--size;