1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-24 14:02:06 +00:00
Commit graph

128 commits

Author SHA1 Message Date
Michiel Visser
37da5cb3b3 LibCrypto: Correctly add length to SHA384 and SHA512 hashes
The SHA384 and SHA512 hashes would produce incorrect results for data
where the length % 128 was in the range 112-119. This was because the
total number of bits in the hashed values was added at the end as a
64-bit number instead of a 128-bit number. In most cases this would not
cause any issues, as this space was padded with zeroes, however in the
case that the length % 128 was 112-119, some incorrect data ended up
where this 128-bit length value was expected.

This change fixes the problems in LibTLS where some websites would
result in a DecryptError on handshake.
2022-03-26 02:25:23 +04:30
Linus Groh
f36f9c106b LibCrypto: Fix grammar in a couple of comments 2022-03-22 11:26:29 +00:00
Michiel Visser
e07ec02470 LibCrypto: Move all elliptic curve private methods into .cpp
All the elliptic curve implementations had a long list of private
methods which were all stored in a single .cpp file. Now we simply use
static methods instead.
2022-03-20 00:51:50 +03:30
Michiel Visser
66d99c83d9 LibCrypto+LibTLS: Add SECP256r1 support to LibTLS
Add the required methods to SECP256r1 to conform to the EllipticCurve
virtual base class. Using this updated version of SECP256r1, support in
LibTLS is implemented.
2022-03-20 00:51:50 +03:30
Michiel Visser
c1b041e761 LibCrypto+LibTLS: Generalize the elliptic curve interface
These changes generalize the interface with an elliptic curve
implementation. This allows LibTLS to support elliptic curves generally
without needing the specifics of elliptic curve implementations.

This should allow for easier addition of other elliptic curves.
2022-03-20 00:51:50 +03:30
Michiel Visser
8f7219c6fa LibCrypto: Implement the SECP256r1 elliptic curve
This implementation of the secp256r1 elliptic curve uses two techniques
to improve the performance of the operations.

1. All coordinates are stored in Jacobian form, (X/Z^2, Y/Z^3, Z), which
   removes the need for division operations during point addition or
   doubling. The points are converted at the start of the computation,
   and converted back at the end.

2. All values are transformed to Montgomery form, to allow for faster
   modular multiplication using the Montgomery modular multiplication
   method. This means that all coordinates have to be converted into
   this form, and back out of this form before returning them.
2022-03-18 07:56:47 +03:30
Brian Gianforcaro
0a5321b3f9 LibCrypto: Use AK::timing_safe_compare to validate sensitive data
Addresses one FIXME in GCM, and another similar issue in EMSA_PSS.
We should be using constant time memory comparisons in all of our
crypto code.
2022-03-13 19:08:58 -07:00
Lenny Maiorani
f1c452059c Libraries: Use default constructors/destructors in LibCrypto
https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#cother-other-default-operation-rules

"The compiler is more likely to get the default semantics right and
you cannot implement these functions better than the compiler."
2022-03-10 18:04:26 -08:00
stelar7
0df7ad7493 LibCrypto: Add curve X448 2022-03-09 13:04:48 +03:30
Lenny Maiorani
6bd880c404 LibCrypto: Simplify and move CRC32 table to cpp file
CRC32 table is generated at compile-time and put into a static
variable in the header file. This can be moved to be a function
instead of a class, be moved to the `.cpp` file` and generated as an
array instead of a class which only implements `operator[]`.
2022-02-26 17:49:47 +00:00
Michiel Visser
898be38517 LibTLS: Add signature verification for DHE and ECDHE key exchange
This will verify that the signature of the ephemeral key used in the
DHE and ECDHE key exchanges is actually generated by the server.

This verification is done using the first certificate provided by the
server, however the validity of this certificate is not checked here.
Instead this code expects the validity to be checked earlier by
`TLSv12::handle_certificate`.
2022-02-23 13:20:28 +03:30
Michiel Visser
be138474c5 LibCrypto: Add EMSA-PKCS1-V1_5 encoder and verification
This add an implementation for the EMSA-PKCS1-V1_5-ENCODE function from
RFC8017 section 9.2. The verification of this encoding is implemented by
simply encoding the message to be verified, and then comparing the two
encoded string.

The digest info for the different hash function is from RFC8017 section
9.2 notes 1. These byte sequences are actually ASN.1 encoded data,
however these are always constant for a specific hash function and can
be treated as opaque byte sequences.
2022-02-23 13:20:28 +03:30
stelar7
4daa5622fe LibCrypto: Add curve x25519 2022-02-18 12:34:23 +02:00
Idan Horowitz
c8db8d6152 LibCrypto: Exclude class_name() methods from the Kernel
These are only used by Userland and contain infallible String
allocations, so let's just ifdef them out of the Kernel.
2022-02-16 22:21:37 +01:00
Idan Horowitz
6959e7f778 LibCrypto: Exclude AESCipher{Block, Key}::to_string() from the Kernel
These use infallible Strings and are not actually used in the Kernel,
so let's just ifdef them out for now.
2022-02-16 22:21:37 +01:00
Timothy Flynn
b0d6399f60 LibCrypto: Do not allow signed big integers to be negative zero
If a big integer were to become negative zero, set the sign to instead
be positive. This prevents odd scenarios where users of signed big ints
would falsely think the result of some big int arithmetic is negative.
2022-02-06 15:49:54 +00:00
Timothy Flynn
0013227377 LibCrypto: Change UnsignedBigInteger parser to use a StringView
SignedBigInteger already accepts a StringView; let's avoid the heap
allocation in UnsignedBigInteger.
2022-01-31 17:50:54 +00:00
kleines Filmröllchen
145eeb57ab Userland: Remove a bunch of unnecessary Vector imports
How silly :^)
2022-01-28 23:40:25 +01:00
Sam Atkins
c388a879d7 AK+Userland: Make AK::decode_base64 return ErrorOr 2022-01-24 22:36:09 +01:00
Sam Atkins
45cf40653a Everywhere: Convert ByteBuffer factory methods from Optional -> ErrorOr
Apologies for the enormous commit, but I don't see a way to split this
up nicely. In the vast majority of cases it's a simple change. A few
extra places can use TRY instead of manual error checking though. :^)
2022-01-24 22:36:09 +01:00
Nico Weber
e09f74903e LibCrypo: Simplify mixed-sign bitwise_or
No behavior change.
2022-01-18 20:04:06 +03:30
Nico Weber
2392f65345 LibCrypto: Remove some now-unused (and incorrect) methods
Removes the UnsignedBigInteger overloads of
SignedBigInteger::binary_{and,or,xor}(). They're now unused, and they
also didn't work when *this was negative.
2022-01-18 20:04:06 +03:30
Nico Weber
d9b6eb29bc LibCrypto+LibJS: Better bitwise binary_xor binop
We went through some trouble to make & and | work right. Reimplement ^
in terms of & and | to make ^ work right as well.

This is less fast than a direct implementation, but let's get things
working first.
2022-01-18 20:04:06 +03:30
Nico Weber
013799a4dd LibCrypto+LibJS: Better bigint bitwise_or binop
Similar to the bitwise_and change, but we have to be careful to
sign-extend two's complement numbers only up to the highest set bit
in the positive number.
2022-01-18 20:04:06 +03:30
Nico Weber
1f98639396 LibCrypto+LibJS: Better bigint bitwise_and binop
Bitwise and is defined in terms of two's complement, so some converting
needs to happen for SignedBigInteger's sign/magnitude representation to
work out.

UnsignedBigInteger::bitwise_not() is repurposed to convert all
high-order zero bits to ones up to a limit, for the two's complement
conversion to work.

Fixes test262/test/language/expressions/bitwise-and/bigint.js.
2022-01-18 20:04:06 +03:30
Nico Weber
945d962322 LibJS+LibCrypto: Fix SignedBitInteger::bitwise_not and use it in LibJS
Bitwise operators are defined on two's complement, but SignedBitInteger
uses sign-magnitude. Correctly convert between the two.

Let LibJS delegate to SignedBitInteger for bitwise_not, like it does
for all other bitwise_ operations on bigints.

No behavior change (LibJS is now the only client of
SignedBitInteger::bitwise_not()).
2022-01-18 20:04:06 +03:30
Nico Weber
ec37eadb39 LibCrypto: Add Formatter<SignedBigInteger>
Useful for seeing SignedBigInteger values in test failure messages.
2022-01-18 20:04:06 +03:30
Daniel Bertalan
e1eefe2b52 LibCrypto: Link against LibCore
The ASN1 parser calls `LibCore::DateTime::create` and
`LibCore::DateTime::now`.
2022-01-09 20:40:22 +01:00
mjz19910
10ec98dd38 Everywhere: Fix spelling mistakes 2022-01-07 15:44:42 +01:00
mjz19910
3102d8e160 Everywhere: Fix many spelling errors 2022-01-07 10:56:59 +01:00
Michel Hermier
22efc34ec5 LibCrypto: Make Digests able to return bytes 2022-01-05 01:07:21 +03:30
Michel Hermier
3f0e425f1e LibCrypto: Mutualize Digests 2022-01-05 01:07:21 +03:30
Michel Hermier
4e851145ba LibCrypto: Make MultiHashDigestVariant getters const and nodiscard 2022-01-05 01:07:21 +03:30
Michel Hermier
1f4a27b80e LibCrypto: Remove spurious ; 2022-01-05 01:07:21 +03:30
Daniel Bertalan
a2aae6a582 LibCrypto: Remove redundant __builtin_memset() call
This call caused GCC 12's static analyzer to think that we perform an
out-of-bounds write to the v_key Vector. This is obviously incorrect,
and comes from the fact that GCC doesn't properly track whether we use
the inline storage, or the Vector is allocated on the heap.

While searching for a workaround, Sam pointed out that this call is
redundant as `Vector::resize()` already zeroes out the elements, so we
can completely remove it.

Co-authored-by: Sam Atkins <atkinssj@serenityos.org>
2021-12-24 14:35:33 -08:00
Linus Groh
0c424c4dab LibCrypto: Add the BigInteger concept
This makes it much easier to write (template) functions that accept
either a signed or unsigned bigint parameter.
2021-12-22 11:27:31 +01:00
Nick Johnson
08e4a1a4dc AK+Everywhere: Replace __builtin bit functions
In order to reduce our reliance on __builtin_{ffs, clz, ctz, popcount},
this commit removes all calls to these functions and replaces them with
the equivalent functions in AK/BuiltinWrappers.h.
2021-12-21 22:13:51 +01:00
Alexander Ulmer
42b06d5f7d LibCrypto: Declobber AES header from s-box tables 2021-12-17 19:17:12 +03:30
Daniel Bertalan
4a81b33c07 Everywhere: Fix -Winconsistent-missing-override warnings from Clang
This option is already enabled when building Lagom, so let's enable it
for the main build too. We will no longer be surprised by Lagom Clang
CI builds failing while everything compiles locally.

Furthermore, the stronger `-Wsuggest-override` warning is enabled in
this commit, which enforces the use of the `override` keyword in all
classes, not just those which already have some methods marked as
`override`. This works with both GCC and Clang.
2021-12-11 13:14:15 -08:00
Andreas Kling
216e21a1fa AK: Convert AK::Format formatting helpers to returning ErrorOr<void>
This isn't a complete conversion to ErrorOr<void>, but a good chunk.
The end goal here is to propagate buffer allocation failures to the
caller, and allow the use of TRY() with formatting functions.
2021-11-17 00:21:13 +01:00
Linus Groh
58c6a156bf LibCrypto: Fix subtracting two negative SignedBigIntegers
Currently, we get the following results

    -1 - -2 = -1
    -2 - -1 =  1

Correct would be:

    -1 - -2 =  1
    -2 - -1 = -1

This was already attempted to be fixed in 7ed8970, but that change was
incorrect. This directly translates to LibJS BigInts having the same
incorrect behavior - it even was tested.
2021-11-16 10:06:53 +00:00
Ali Mohammad Pur
bf59d9e824 Userland: Include Vector.h in a few places to make HeaderCheck happy
This header was being transitively pulled in, but that no longer happens
after 5f7d008791.
2021-11-11 20:36:36 +01:00
Andreas Kling
68b5e6c565 LibCrypto: Pass AK::Bytes by value 2021-11-11 01:27:46 +01:00
Andreas Kling
80d4e830a0 Everywhere: Pass AK::ReadonlyBytes by value 2021-11-11 01:27:46 +01:00
Andreas Kling
8b1108e485 Everywhere: Pass AK::StringView by value 2021-11-11 01:27:46 +01:00
Andreas Kling
a15ed8743d AK: Make ByteBuffer::try_* functions return ErrorOr<void>
Same as Vector, ByteBuffer now also signals allocation failure by
returning an ENOMEM Error instead of a bool, allowing us to use the
TRY() and MUST() patterns.
2021-11-10 21:58:58 +01:00
Ben Wiederhake
850db15d66 Everywhere: Remove unused AK/Bitmap includes 2021-11-10 14:39:42 +01:00
Ben Wiederhake
cb868cfa41 AK+Everywhere: Make Base64 decoding fallible 2021-10-23 19:16:40 +01:00
Ben Wiederhake
5f25182cd5 LibCrypto: Add missing header to EMSA_PSS.h 2021-10-06 23:52:40 +01:00
Ben Wiederhake
32e98d0924 Libraries: Use AK::Variant default initialization where appropriate 2021-09-21 04:22:52 +04:30