LibCrypto: Add MGF1

Author: https://github.com/stelar7 Commit: 73a534494c Pull-request: https://github.com/SerenityOS/serenity/pull/23879 Reviewed-by: https://github.com/ADKaster ✅ Reviewed-by: https://github.com/nico Reviewed-by: https://github.com/tcl3
2025-09-08 02:26:10 +00:00 · 2024-04-06 20:52:11 +02:00 · 2024-04-06 20:52:11 +02:00 · 73a534494c · 2024-07-17 14:36:19 +09:00
commit 73a534494c
parent 7f7119c78d
3 changed files with 120 additions and 1 deletions
--- a/Tests/LibCrypto/CMakeLists.txt
+++ b/Tests/LibCrypto/CMakeLists.txt
@ -3,13 +3,14 @@ set(TEST_SOURCES
    TestASN1.cpp
    TestBigFraction.cpp
    TestBigInteger.cpp
    TestChecksum.cpp
    TestChaCha20.cpp
    TestChacha20Poly1305.cpp
    TestChecksum.cpp
    TestCurves.cpp
    TestEd25519.cpp
    TestHash.cpp
    TestHMAC.cpp
    TestMGF.cpp
    TestPBKDF2.cpp
    TestPoly1305.cpp
    TestRSA.cpp
--- a/Tests/LibCrypto/TestMGF.cpp
+++ b/Tests/LibCrypto/TestMGF.cpp
@ -0,0 +1,63 @@
 /*
 * Copyright (c) 2024, stelar7  <dudedbz@gmail.com>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */
 #include <LibCrypto/Hash/MGF.h>
 #include <LibCrypto/Hash/SHA1.h>
 #include <LibCrypto/Hash/SHA2.h>
 #include <LibTest/TestCase.h>
 static ByteBuffer operator""_b(char const* string, size_t length)
 {
    return ByteBuffer::copy(string, length).release_value();
 }
 TEST_CASE(test_mgf1_short)
 {
    u8 expected_result[3] {
        0x1a, 0xc9, 0x07
    };
    auto expected = ReadonlyBytes { expected_result, 3 };
    ByteBuffer seed = { "foo"_b };
    auto length = 3;
    ByteBuffer result = MUST(Crypto::Hash::MGF::mgf1<Crypto::Hash::SHA1>(seed, length));
    EXPECT_EQ(expected, result);
 }
 TEST_CASE(test_mgf1_long)
 {
    u8 expected_result[50] {
        0xbc, 0x0c, 0x65, 0x5e, 0x01, 0x6b, 0xc2, 0x93, 0x1d, 0x85, 0xa2, 0xe6, 0x75, 0x18, 0x1a, 0xdc,
        0xef, 0x7f, 0x58, 0x1f, 0x76, 0xdf, 0x27, 0x39, 0xda, 0x74, 0xfa, 0xac, 0x41, 0x62, 0x7b, 0xe2,
        0xf7, 0xf4, 0x15, 0xc8, 0x9e, 0x98, 0x3f, 0xd0, 0xce, 0x80, 0xce, 0xd9, 0x87, 0x86, 0x41, 0xcb,
        0x48, 0x76
    };
    auto expected = ReadonlyBytes { expected_result, 50 };
    ByteBuffer seed = { "bar"_b };
    auto length = 50;
    ByteBuffer result = MUST(Crypto::Hash::MGF::mgf1<Crypto::Hash::SHA1>(seed, length));
    EXPECT_EQ(expected, result);
 }
 TEST_CASE(test_mgf1_long_sha256)
 {
    u8 expected_result[50] {
        0x38, 0x25, 0x76, 0xa7, 0x84, 0x10, 0x21, 0xcc, 0x28, 0xfc, 0x4c, 0x09, 0x48, 0x75, 0x3f, 0xb8,
        0x31, 0x20, 0x90, 0xce, 0xa9, 0x42, 0xea, 0x4c, 0x4e, 0x73, 0x5d, 0x10, 0xdc, 0x72, 0x4b, 0x15,
        0x5f, 0x9f, 0x60, 0x69, 0xf2, 0x89, 0xd6, 0x1d, 0xac, 0xa0, 0xcb, 0x81, 0x45, 0x02, 0xef, 0x04,
        0xea, 0xe1
    };
    auto expected = ReadonlyBytes { expected_result, 50 };
    ByteBuffer seed = { "bar"_b };
    auto length = 50;
    ByteBuffer result = MUST(Crypto::Hash::MGF::mgf1<Crypto::Hash::SHA256>(seed, length));
    EXPECT_EQ(expected, result);
 }
--- a/Userland/Libraries/LibCrypto/Hash/MGF.h
+++ b/Userland/Libraries/LibCrypto/Hash/MGF.h
@ -0,0 +1,55 @@
 /*
 * Copyright (c) 2024, stelar7 <dudedbz@gmail.com>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */
 #pragma once
 #include <AK/ByteBuffer.h>
 #include <AK/ByteReader.h>
 #include <AK/Endian.h>
 namespace Crypto::Hash {
 class MGF {
 public:
    // https://datatracker.ietf.org/doc/html/rfc2437#section-10.2.1
    template<typename HashFunction>
    static ErrorOr<ByteBuffer> mgf1(ReadonlyBytes seed, size_t length)
    requires requires { HashFunction::digest_size(); }
    {
        HashFunction hash;
        size_t h_len = hash.digest_size();
        // 1. If length > 2^32(hLen), output "mask too long" and stop.
        if (length > (h_len << 32))
            return Error::from_string_view("mask too long"sv);
        // 2. Let T be the empty octet string.
        auto t = TRY(ByteBuffer::create_uninitialized(0));
        // 3. For counter from 0 to ceil(length / hLen) - 1, do the following:
        auto counter = 0u;
        auto iterations = AK::ceil_div(length, h_len) - 1;
        auto c = TRY(ByteBuffer::create_uninitialized(4));
        for (; counter <= iterations; ++counter) {
            // a. Convert counter to an octet string C of length 4 with the primitive I2OSP: C = I2OSP(counter, 4)
            ByteReader::store(static_cast<u8*>(c.data()), AK::convert_between_host_and_big_endian(static_cast<u32>(counter)));
            // b. Concatenate the hash of the seed Z and C to the octet string T: T = T || Hash (Z || C)
            hash.update(seed);
            hash.update(c);
            auto digest = hash.digest();
            TRY(t.try_append(digest.bytes()));
        }
        // 4. Output the leading l octets of T as the octet string mask.
        return t.slice(0, length);
    }
 };
 }