mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-04-25 05:55:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibCrypto: Implement Cipher and AES_CBC

Browse source 
Also adds a test program to userland
This commit is contained in:
AnotherTest 2020-04-27 21:58:04 +04:30 committed by Andreas Kling
parent cf5941c972
commit 899ca245ae
Notes: sideshowbarker 2024-07-19 07:06:35 +09:00
7 changed files with 3487 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

422
Libraries/LibCrypto/Cipher/AES.cpp Normal file
View file

@ -0,0 +1,422 @@
/*
* Copyright (c) 2020, Ali Mohammad Pur <ali.mpfard@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <AK/StringBuilder.h>
#include <LibCrypto/Cipher/AES.h>
namespace Crypto {
template <typename T>
constexpr u32 get_key(T pt)
{
return ((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]);
}
constexpr void swap_keys(u32* keys, size_t i, size_t j)
{
u32 temp = keys[i];
keys[i] = keys[j];
keys[j] = temp;
}
String AESCipherBlock::to_string() const
{
StringBuilder builder;
for (size_t i = 0; i < BLOCK_SIZE / 8; ++i)
builder.appendf("%02x", m_data[i]);
return builder.build();
}
String AESCipherKey::to_string() const
{
StringBuilder builder;
for (size_t i = 0; i < (rounds() + 1) * 4; ++i)
builder.appendf("%02x", m_rd_keys[i]);
return builder.build();
}
void AESCipherKey::expand_encrypt_key(const StringView& user_key, size_t bits)
{
u32* round_key;
u32 temp;
size_t i { 0 };
ASSERT(!user_key.is_null());
ASSERT(is_valid_key_size(bits));
round_key = round_keys();
if (bits == 128) {
m_rounds = 10;
} else if (bits == 192) {
m_rounds = 12;
} else {
m_rounds = 14;
}
round_key[0] = get_key(user_key.substring_view(0, 4).characters_without_null_termination());
round_key[1] = get_key(user_key.substring_view(4, 4).characters_without_null_termination());
round_key[2] = get_key(user_key.substring_view(8, 4).characters_without_null_termination());
round_key[3] = get_key(user_key.substring_view(12, 4).characters_without_null_termination());
if (bits == 128) {
for (;;) {
temp = round_key[3];
// clang-format off
round_key[4] = round_key[0] ^
(Tables::Encode2[(temp >> 16) & 0xff] & 0xff000000) ^
(Tables::Encode3[(temp >> 8) & 0xff] & 0x00ff0000) ^
(Tables::Encode0[(temp ) & 0xff] & 0x0000ff00) ^
(Tables::Encode1[(temp >> 24) ] & 0x000000ff) ^ Tables::RCON[i];
// clang-format on
round_key[5] = round_key[1] ^ round_key[4];
round_key[6] = round_key[2] ^ round_key[5];
round_key[7] = round_key[3] ^ round_key[6];
++i;
if (i == 10)
break;
round_key += 4;
}
return;
}
round_key[4] = get_key(user_key.substring_view(16, 4).characters_without_null_termination());
round_key[5] = get_key(user_key.substring_view(20, 4).characters_without_null_termination());
if (bits == 192) {
for (;;) {
temp = round_key[5];
// clang-format off
round_key[6] = round_key[0] ^
(Tables::Encode2[(temp >> 16) & 0xff] & 0xff000000) ^
(Tables::Encode3[(temp >> 8) & 0xff] & 0x00ff0000) ^
(Tables::Encode0[(temp ) & 0xff] & 0x0000ff00) ^
(Tables::Encode1[(temp >> 24) ] & 0x000000ff) ^ Tables::RCON[i];
// clang-format on
round_key[7] = round_key[1] ^ round_key[6];
round_key[8] = round_key[2] ^ round_key[7];
round_key[9] = round_key[3] ^ round_key[8];
++i;
if (i == 8)
break;
round_key[10] = round_key[4] ^ round_key[9];
round_key[11] = round_key[5] ^ round_key[10];
round_key += 6;
}
return;
}
round_key[6] = get_key(user_key.substring_view(24, 4).characters_without_null_termination());
round_key[7] = get_key(user_key.substring_view(28, 4).characters_without_null_termination());
if (true) { // bits == 256
for (;;) {
temp = round_key[7];
// clang-format off
round_key[8] = round_key[0] ^
(Tables::Encode2[(temp >> 16) & 0xff] & 0xff000000) ^
(Tables::Encode3[(temp >> 8) & 0xff] & 0x00ff0000) ^
(Tables::Encode0[(temp ) & 0xff] & 0x0000ff00) ^
(Tables::Encode1[(temp >> 24) ] & 0x000000ff) ^ Tables::RCON[i];
// clang-format on
round_key[9] = round_key[1] ^ round_key[8];
round_key[10] = round_key[2] ^ round_key[9];
round_key[11] = round_key[3] ^ round_key[10];
++i;
if (i == 7)
break;
temp = round_key[11];
// clang-format off
round_key[12] = round_key[4] ^
(Tables::Encode2[(temp >> 24) ] & 0xff000000) ^
(Tables::Encode3[(temp >> 16) & 0xff] & 0x00ff0000) ^
(Tables::Encode0[(temp >> 8) & 0xff] & 0x0000ff00) ^
(Tables::Encode1[(temp ) & 0xff] & 0x000000ff) ;
// clang-format on
round_key[13] = round_key[5] ^ round_key[12];
round_key[14] = round_key[6] ^ round_key[13];
round_key[15] = round_key[7] ^ round_key[14];
round_key += 8;
}
return;
}
}
void AESCipherKey::expand_decrypt_key(const StringView& user_key, size_t bits)
{
u32* round_key;
expand_encrypt_key(user_key, bits);
round_key = round_keys();
// reorder round keys
for (size_t i = 0, j = 4 * rounds(); i < j; i += 4, j -= 4) {
swap_keys(round_key, i, j);
swap_keys(round_key, i + 1, j + 1);
swap_keys(round_key, i + 2, j + 2);
swap_keys(round_key, i + 3, j + 3);
}
// apply inverse mix-column to middle rounds
for (size_t i = 1; i < rounds(); ++i) {
round_key += 4;
// clang-format off
round_key[0] =
Tables::Decode0[Tables::Encode1[(round_key[0] >> 24) ] & 0xff] ^
Tables::Decode1[Tables::Encode1[(round_key[0] >> 16) & 0xff] & 0xff] ^
Tables::Decode2[Tables::Encode1[(round_key[0] >> 8) & 0xff] & 0xff] ^
Tables::Decode3[Tables::Encode1[(round_key[0] ) & 0xff] & 0xff] ;
round_key[1] =
Tables::Decode0[Tables::Encode1[(round_key[1] >> 24) ] & 0xff] ^
Tables::Decode1[Tables::Encode1[(round_key[1] >> 16) & 0xff] & 0xff] ^
Tables::Decode2[Tables::Encode1[(round_key[1] >> 8) & 0xff] & 0xff] ^
Tables::Decode3[Tables::Encode1[(round_key[1] ) & 0xff] & 0xff] ;
round_key[2] =
Tables::Decode0[Tables::Encode1[(round_key[2] >> 24) ] & 0xff] ^
Tables::Decode1[Tables::Encode1[(round_key[2] >> 16) & 0xff] & 0xff] ^
Tables::Decode2[Tables::Encode1[(round_key[2] >> 8) & 0xff] & 0xff] ^
Tables::Decode3[Tables::Encode1[(round_key[2] ) & 0xff] & 0xff] ;
round_key[3] =
Tables::Decode0[Tables::Encode1[(round_key[3] >> 24) ] & 0xff] ^
Tables::Decode1[Tables::Encode1[(round_key[3] >> 16) & 0xff] & 0xff] ^
Tables::Decode2[Tables::Encode1[(round_key[3] >> 8) & 0xff] & 0xff] ^
Tables::Decode3[Tables::Encode1[(round_key[3] ) & 0xff] & 0xff] ;
// clang-format on
}
}
void AESCipher::encrypt_block(const AESCipherBlock& in, AESCipherBlock& out)
{
u32 s0, s1, s2, s3, t0, t1, t2, t3;
size_t r { 0 };
const auto& dec_key = key();
const auto* round_keys = dec_key.round_keys();
s0 = get_key(in.data().offset_pointer(0)) ^ round_keys[0];
s1 = get_key(in.data().offset_pointer(4)) ^ round_keys[1];
s2 = get_key(in.data().offset_pointer(8)) ^ round_keys[2];
s3 = get_key(in.data().offset_pointer(12)) ^ round_keys[3];
r = dec_key.rounds() >> 1;
// apply the first |r - 1| rounds
auto i { 0 };
for (;;) {
++i;
// clang-format off
t0 = Tables::Encode0[(s0 >> 24) ] ^
Tables::Encode1[(s1 >> 16) & 0xff] ^
Tables::Encode2[(s2 >> 8) & 0xff] ^
Tables::Encode3[(s3 ) & 0xff] ^ round_keys[4];
t1 = Tables::Encode0[(s1 >> 24) ] ^
Tables::Encode1[(s2 >> 16) & 0xff] ^
Tables::Encode2[(s3 >> 8) & 0xff] ^
Tables::Encode3[(s0 ) & 0xff] ^ round_keys[5];
t2 = Tables::Encode0[(s2 >> 24) ] ^
Tables::Encode1[(s3 >> 16) & 0xff] ^
Tables::Encode2[(s0 >> 8) & 0xff] ^
Tables::Encode3[(s1 ) & 0xff] ^ round_keys[6];
t3 = Tables::Encode0[(s3 >> 24) ] ^
Tables::Encode1[(s0 >> 16) & 0xff] ^
Tables::Encode2[(s1 >> 8) & 0xff] ^
Tables::Encode3[(s2 ) & 0xff] ^ round_keys[7];
// clang-format on
round_keys += 8;
--r;
++i;
if (r == 0)
break;
// clang-format off
s0 = Tables::Encode0[(t0 >> 24) ] ^
Tables::Encode1[(t1 >> 16) & 0xff] ^
Tables::Encode2[(t2 >> 8) & 0xff] ^
Tables::Encode3[(t3 ) & 0xff] ^ round_keys[0];
s1 = Tables::Encode0[(t1 >> 24) ] ^
Tables::Encode1[(t2 >> 16) & 0xff] ^
Tables::Encode2[(t3 >> 8) & 0xff] ^
Tables::Encode3[(t0 ) & 0xff] ^ round_keys[1];
s2 = Tables::Encode0[(t2 >> 24) ] ^
Tables::Encode1[(t3 >> 16) & 0xff] ^
Tables::Encode2[(t0 >> 8) & 0xff] ^
Tables::Encode3[(t1 ) & 0xff] ^ round_keys[2];
s3 = Tables::Encode0[(t3 >> 24) ] ^
Tables::Encode1[(t0 >> 16) & 0xff] ^
Tables::Encode2[(t1 >> 8) & 0xff] ^
Tables::Encode3[(t2 ) & 0xff] ^ round_keys[3];
// clang-format on
}
// apply the last round and put the encrypted data into out
// clang-format off
s0 = (Tables::Encode2[(t0 >> 24) ] & 0xff000000) ^
(Tables::Encode3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
(Tables::Encode0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
(Tables::Encode1[(t3 ) & 0xff] & 0x000000ff) ^ round_keys[0];
out.put(0, s0);
s1 = (Tables::Encode2[(t1 >> 24) ] & 0xff000000) ^
(Tables::Encode3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
(Tables::Encode0[(t3 >> 8) & 0xff] & 0x0000ff00) ^
(Tables::Encode1[(t0 ) & 0xff] & 0x000000ff) ^ round_keys[1];
out.put(4, s1);
s2 = (Tables::Encode2[(t2 >> 24) ] & 0xff000000) ^
(Tables::Encode3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
(Tables::Encode0[(t0 >> 8) & 0xff] & 0x0000ff00) ^
(Tables::Encode1[(t1 ) & 0xff] & 0x000000ff) ^ round_keys[2];
out.put(8, s2);
s3 = (Tables::Encode2[(t3 >> 24) ] & 0xff000000) ^
(Tables::Encode3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
(Tables::Encode0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
(Tables::Encode1[(t2 ) & 0xff] & 0x000000ff) ^ round_keys[3];
out.put(12, s3);
// clang-format on
}
void AESCipher::decrypt_block(const AESCipherBlock& in, AESCipherBlock& out)
{
u32 s0, s1, s2, s3, t0, t1, t2, t3;
size_t r { 0 };
const auto& dec_key = key();
const auto* round_keys = dec_key.round_keys();
s0 = get_key(in.data().offset_pointer(0)) ^ round_keys[0];
s1 = get_key(in.data().offset_pointer(4)) ^ round_keys[1];
s2 = get_key(in.data().offset_pointer(8)) ^ round_keys[2];
s3 = get_key(in.data().offset_pointer(12)) ^ round_keys[3];
r = dec_key.rounds() >> 1;
// apply the first |r - 1| rounds
for (;;) {
// clang-format off
t0 = Tables::Decode0[(s0 >> 24) ] ^
Tables::Decode1[(s3 >> 16) & 0xff] ^
Tables::Decode2[(s2 >> 8) & 0xff] ^
Tables::Decode3[(s1 ) & 0xff] ^ round_keys[4];
t1 = Tables::Decode0[(s1 >> 24) ] ^
Tables::Decode1[(s0 >> 16) & 0xff] ^
Tables::Decode2[(s3 >> 8) & 0xff] ^
Tables::Decode3[(s2 ) & 0xff] ^ round_keys[5];
t2 = Tables::Decode0[(s2 >> 24) ] ^
Tables::Decode1[(s1 >> 16) & 0xff] ^
Tables::Decode2[(s0 >> 8) & 0xff] ^
Tables::Decode3[(s3 ) & 0xff] ^ round_keys[6];
t3 = Tables::Decode0[(s3 >> 24) ] ^
Tables::Decode1[(s2 >> 16) & 0xff] ^
Tables::Decode2[(s1 >> 8) & 0xff] ^
Tables::Decode3[(s0 ) & 0xff] ^ round_keys[7];
// clang-format on
round_keys += 8;
--r;
if (r == 0)
break;
// clang-format off
s0 = Tables::Decode0[(t0 >> 24) ] ^
Tables::Decode1[(t3 >> 16) & 0xff] ^
Tables::Decode2[(t2 >> 8) & 0xff] ^
Tables::Decode3[(t1 ) & 0xff] ^ round_keys[0];
s1 = Tables::Decode0[(t1 >> 24) ] ^
Tables::Decode1[(t0 >> 16) & 0xff] ^
Tables::Decode2[(t3 >> 8) & 0xff] ^
Tables::Decode3[(t2 ) & 0xff] ^ round_keys[1];
s2 = Tables::Decode0[(t2 >> 24) ] ^
Tables::Decode1[(t1 >> 16) & 0xff] ^
Tables::Decode2[(t0 >> 8) & 0xff] ^
Tables::Decode3[(t3 ) & 0xff] ^ round_keys[2];
s3 = Tables::Decode0[(t3 >> 24) ] ^
Tables::Decode1[(t2 >> 16) & 0xff] ^
Tables::Decode2[(t1 >> 8) & 0xff] ^
Tables::Decode3[(t0 ) & 0xff] ^ round_keys[3];
// clang-format on
}
// apply the last round and put the decrypted data into out
// clang-format off
s0 = ((u32)Tables::Decode4[(t0 >> 24) ] << 24) ^
((u32)Tables::Decode4[(t3 >> 16) & 0xff] << 16) ^
((u32)Tables::Decode4[(t2 >> 8) & 0xff] << 8) ^
((u32)Tables::Decode4[(t1 ) & 0xff] ) ^ round_keys[0];
out.put(0, s0);
s1 = ((u32)Tables::Decode4[(t1 >> 24) ] << 24) ^
((u32)Tables::Decode4[(t0 >> 16) & 0xff] << 16) ^
((u32)Tables::Decode4[(t3 >> 8) & 0xff] << 8) ^
((u32)Tables::Decode4[(t2 ) & 0xff] ) ^ round_keys[1];
out.put(4, s1);
s2 = ((u32)Tables::Decode4[(t2 >> 24) ] << 24) ^
((u32)Tables::Decode4[(t1 >> 16) & 0xff] << 16) ^
((u32)Tables::Decode4[(t0 >> 8) & 0xff] << 8) ^
((u32)Tables::Decode4[(t3 ) & 0xff] ) ^ round_keys[2];
out.put(8, s2);
s3 = ((u32)Tables::Decode4[(t3 >> 24) ] << 24) ^
((u32)Tables::Decode4[(t2 >> 16) & 0xff] << 16) ^
((u32)Tables::Decode4[(t1 >> 8) & 0xff] << 8) ^
((u32)Tables::Decode4[(t0 ) & 0xff] ) ^ round_keys[3];
out.put(12, s3);
// clang-format on
}
void AESCipherBlock::overwrite(const ByteBuffer& buffer)
{
overwrite(buffer.data(), buffer.size());
}
void AESCipherBlock::overwrite(const u8* data, size_t length)
{
ASSERT(length <= m_data.size());
m_data.overwrite(0, data, length);
if (length < m_data.size()) {
switch (padding_mode()) {
case PaddingMode::Null:
// fill with zeros
__builtin_memset(m_data.data() + length, 0, m_data.size() - length);
break;
case PaddingMode::CMS:
// fill with the length of the padding bytes
__builtin_memset(m_data.data() + length, m_data.size() - length, m_data.size() - length);
break;
default:
// FIXME: We should handle the rest of the common padding modes
ASSERT_NOT_REACHED();
}
}
}
}

2467
Libraries/LibCrypto/Cipher/AES.h Normal file
View file

File diff suppressed because it is too large Load diff

136
Libraries/LibCrypto/Cipher/Cipher.h Normal file
View file

@ -0,0 +1,136 @@
/*
* Copyright (c) 2020, Ali Mohammad Pur <ali.mpfard@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#pragma once
#include <AK/ByteBuffer.h>
#include <AK/Optional.h>
#include <AK/RefPtr.h>
#include <AK/Types.h>
namespace Crypto {
enum class Intent {
Encryption,
Decryption,
};
enum class PaddingMode {
CMS, // RFC 1423
Null,
// FIXME: We do not implement these yet
Bit,
Random,
Space,
ZeroLength,
};
template <typename B, typename T>
class Cipher;
struct CipherBlock {
public:
explicit CipherBlock(PaddingMode mode)
: m_padding_mode(mode)
{
}
static size_t block_size() { ASSERT_NOT_REACHED(); }
virtual ByteBuffer get() const = 0;
virtual const ByteBuffer& data() const = 0;
virtual void overwrite(const ByteBuffer&) = 0;
virtual void overwrite(const u8*, size_t) = 0;
virtual void apply_initialization_vector(const u8* ivec) = 0;
PaddingMode padding_mode() const { return m_padding_mode; }
template <typename T>
void put(size_t offset, T value)
{
ASSERT(offset + sizeof(T) <= data().size());
auto* ptr = data().data() + offset;
auto index { 0 };
ASSERT(sizeof(T) <= 4);
if constexpr (sizeof(T) > 3)
ptr[index++] = (u8)(value >> 24);
if constexpr (sizeof(T) > 2)
ptr[index++] = (u8)(value >> 16);
if constexpr (sizeof(T) > 1)
ptr[index++] = (u8)(value >> 8);
ptr[index] = (u8)value;
}
private:
virtual ByteBuffer& data() = 0;
PaddingMode m_padding_mode;
};
struct CipherKey {
virtual ByteBuffer data() const = 0;
static bool is_valid_key_size(size_t) { return false; };
virtual ~CipherKey() { }
protected:
virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
size_t bits { 0 };
};
template <typename KeyT = CipherKey, typename BlockT = CipherBlock>
class Cipher {
public:
using KeyType = KeyT;
using BlockType = BlockT;
explicit Cipher<KeyT, BlockT>(PaddingMode mode)
: m_padding_mode(mode)
{
}
virtual const KeyType& key() const = 0;
virtual KeyType& key() = 0;
static size_t block_size() { return BlockType::block_size(); }
PaddingMode padding_mode() const { return m_padding_mode; }
virtual void encrypt_block(const BlockType& in, BlockType& out) = 0;
virtual void decrypt_block(const BlockType& in, BlockType& out) = 0;
private:
PaddingMode m_padding_mode { PaddingMode::CMS };
};
}
}

114
Libraries/LibCrypto/Cipher/Mode/CBC.h Normal file
View file

@ -0,0 +1,114 @@
/*
* Copyright (c) 2020, Ali Mohammad Pur <ali.mpfard@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#pragma once
#include <LibCrypto/Cipher/Mode/Mode.h>
namespace Crypto {
template <typename T>
class CBC : public Mode<T> {
public:
template <typename... Args>
explicit constexpr CBC<T>(Args... args)
: Mode<T>(args...)
{
}
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
{
auto length = in.size();
if (length == 0)
return {};
auto& cipher = this->cipher();
// FIXME: We should have two of these encrypt/decrypt functions that
// we SFINAE out based on whether the Cipher mode needs an ivec
ASSERT(ivec.has_value());
const auto* iv = ivec.value().data();
typename T::BlockType block { cipher.padding_mode() };
size_t offset { 0 };
auto block_size = cipher.block_size();
while (length >= block_size) {
block.overwrite(in.slice_view(offset, block_size));
block.apply_initialization_vector(iv);
cipher.encrypt_block(block, block);
out.overwrite(offset, block.get().data(), block_size);
iv = out.offset_pointer(offset);
length -= block_size;
offset += block_size;
}
if (length > 0) {
block.overwrite(in.slice_view(offset, length));
block.apply_initialization_vector(iv);
cipher.encrypt_block(block, block);
out.overwrite(offset, block.get().data(), block_size);
iv = out.offset_pointer(offset);
}
return ByteBuffer::copy(iv, block_size);
}
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
{
auto length = in.size();
if (length == 0)
return;
auto& cipher = this->cipher();
ASSERT(ivec.has_value());
const auto* iv = ivec.value().data();
auto block_size = cipher.block_size();
// if the data is not aligned, it's not correct encrypted data
// FIXME (ponder): Should we simply decrypt as much as we can?
ASSERT(length % block_size == 0);
typename T::BlockType block { cipher.padding_mode() };
size_t offset { 0 };
while (length > 0) {
auto* slice = in.offset_pointer(offset);
block.overwrite(slice, block_size);
cipher.decrypt_block(block, block);
block.apply_initialization_vector(iv);
auto decrypted = block.get();
out.overwrite(offset, decrypted.data(), decrypted.size());
iv = slice;
length -= block_size;
offset += block_size;
}
this->prune_padding(out);
}
};
}

97
Libraries/LibCrypto/Cipher/Mode/Mode.h Normal file
View file

@ -0,0 +1,97 @@
/*
* Copyright (c) 2020, Ali Mohammad Pur <ali.mpfard@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#pragma once
#include <AK/ByteBuffer.h>
#include <LibCrypto/Cipher/Cipher.h>
namespace Crypto {
template <typename T>
class Mode {
public:
// FIXME: Somehow communicate that encrypt returns the last initialization vector (if the mode supports it)
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
const T& cipher() const { return m_cipher; }
ByteBuffer create_aligned_buffer(size_t input_size) const
{
size_t remainder = (input_size + T::block_size()) % T::block_size();
if (remainder == 0)
return ByteBuffer::create_uninitialized(input_size);
else
return ByteBuffer::create_uninitialized(input_size + T::block_size() - remainder);
}
protected:
T& cipher() { return m_cipher; }
virtual void prune_padding(ByteBuffer& data)
{
auto size = data.size();
switch (m_cipher.padding_mode()) {
case PaddingMode::CMS: {
auto maybe_padding_length = data[size - 1];
if (maybe_padding_length >= T::block_size()) {
// cannot be padding (the entire block cannot be padding)
return;
}
for (auto i = maybe_padding_length; i > 0; --i) {
if (data[size - i] != maybe_padding_length) {
// not padding, part of data
return;
}
}
data.trim(size - maybe_padding_length);
break;
}
case PaddingMode::Null: {
while (data[size - 1] == 0)
--size;
data.trim(size);
break;
}
default:
// FIXME: support other padding modes
ASSERT_NOT_REACHED();
break;
}
}
// FIXME: Somehow add a reference version of this
template <typename... Args>
Mode(Args... args)
: m_cipher(args...)
{
}
private:
T m_cipher;
};
}

17
Libraries/LibCrypto/Makefile Normal file
View file

@ -0,0 +1,17 @@
LIBCRYPTO_OBJS = \
Cipher/AES.o
OBJS = $(LIBCRYPTO_OBJS)
LIBRARY = libcrypto.a
install:
for dir in . Cipher Cipher/Mode; do \
mkdir -p $(SERENITY_BASE_DIR)/Root/usr/include/LibCrypto/$$dir; \
cp $$dir/*.h $(SERENITY_BASE_DIR)/Root/usr/include/LibCrypto/$$dir/; \
done
cp $(LIBRARY) $(SERENITY_BASE_DIR)/Root/usr/lib/
include ../../Makefile.common
include ../../Makefile.subdir

234
Userland/test-crypto.cpp Normal file
View file

@ -0,0 +1,234 @@
#include <LibCore/ArgsParser.h>
#include <LibCore/File.h>
#include <LibCrypto/Cipher/AES.h>
#include <LibLine/Editor.h>
#include <stdio.h>
static const char* secret_key = "WellHelloFreinds";
static const char* cipher = "AES_CBC";
static const char* filename = nullptr;
static int key_bits = 128;
static bool encrypting = false;
static bool binary = false;
static bool interactive = false;
static bool run_tests = false;
// listAllTests
int aes_cbc_tests();
// stop listing tests
void print_buffer(const ByteBuffer& buffer, size_t split)
{
for (size_t i = 0; i < buffer.size(); ++i) {
if (i % split == 0 && i)
puts("");
printf("%02x", buffer[i]);
}
puts("");
}
void aes_cbc(const char* message, size_t len)
{
auto buffer = ByteBuffer::wrap(message, len);
// FIXME: Take iv as an optional parameter
auto iv = ByteBuffer::create_zeroed(Crypto::AESCipher::block_size());
if (encrypting) {
Crypto::AESCipher::CBCMode cipher(secret_key, key_bits, Crypto::Intent::Encryption);
auto enc = cipher.create_aligned_buffer(buffer.size());
cipher.encrypt(buffer, enc, iv);
if (binary)
printf("%.*s", (int)enc.size(), enc.data());
else
print_buffer(enc, Crypto::AESCipher::block_size());
} else {
Crypto::AESCipher::CBCMode cipher(secret_key, key_bits, Crypto::Intent::Decryption);
auto dec = cipher.create_aligned_buffer(buffer.size());
cipher.decrypt(buffer, dec, iv);
printf("%.*s\n", (int)dec.size(), dec.data());
}
}
auto main(int argc, char** argv) -> int
{
Core::ArgsParser parser;
parser.add_option(secret_key, "Set the secret key (must be key-bits bits)", "secret-key", 'k', "secret key");
parser.add_option(key_bits, "Size of the key", "key-bits", 'b', "key-bits");
parser.add_option(filename, "Read from file", "file", 'f', "from file");
parser.add_option(encrypting, "Encrypt the message", "encrypt", 'e');
parser.add_option(binary, "Force binary output", "force-binary", 0);
parser.add_option(interactive, "Force binary output", "interactive", 'i');
parser.add_option(run_tests, "Run tests for the specified suite", "tests", 't');
parser.add_option(cipher, "Set the Cipher used", "cipher", 'c', "cipher name");
parser.parse(argc, argv);
if (StringView(cipher) == "AES_CBC") {
if (run_tests)
return aes_cbc_tests();
if (!Crypto::AESCipher::KeyType::is_valid_key_size(key_bits)) {
printf("Invalid key size for AES: %d\n", key_bits);
return 1;
}
if (strlen(secret_key) != (size_t)key_bits / 8) {
printf("Key must be exactly %d bytes long\n", key_bits / 8);
return 1;
}
if (interactive) {
Line::Editor editor;
editor.initialize();
for (;;) {
auto line = editor.get_line("> ");
aes_cbc(line.characters(), line.length());
}
} else {
if (filename == nullptr) {
puts("must specify a file name");
return 1;
}
if (!Core::File::exists(filename)) {
puts("File does not exist");
return 1;
}
auto file = Core::File::open(filename, Core::IODevice::OpenMode::ReadOnly);
auto buffer = file->read_all();
aes_cbc((const char*)buffer.data(), buffer.size());
}
} else {
printf("Unknown cipher suite '%s'", cipher);
return 1;
}
return 0;
}
#define I_TEST(thing) \
{ \
printf("Testing " #thing "... "); \
}
#define PASS printf("PASS\n")
#define FAIL(reason) printf("FAIL: " #reason "\n")
ByteBuffer operator""_b(const char* string, size_t length)
{
dbg() << "Create byte buffer of size " << length;
return ByteBuffer::copy(string, length);
}
// tests go after here
// please be reasonable with orders kthx
void aes_cbc_test_encrypt();
void aes_cbc_test_decrypt();
int aes_cbc_tests()
{
aes_cbc_test_encrypt();
aes_cbc_test_decrypt();
return 0;
}
void aes_cbc_test_encrypt()
{
auto test_it = [](auto& cipher, auto& result) {
auto in = "This is a test! This is another test!"_b;
auto out = cipher.create_aligned_buffer(in.size());
auto iv = ByteBuffer::create_zeroed(Crypto::AESCipher::block_size());
cipher.encrypt(in, out, iv);
if (out.size() != sizeof(result))
FAIL(size mismatch);
else if (memcmp(out.data(), result, out.size()) != 0) {
FAIL(invalid data);
print_buffer(out, Crypto::AESCipher::block_size());
} else
PASS;
};
{
I_TEST((AES CBC with 128 bit key | Encrypt))
u8 result[] {
0xb8, 0x06, 0x7c, 0xf2, 0xa9, 0x56, 0x63, 0x58, 0x2d, 0x5c, 0xa1, 0x4b, 0xc5, 0xe3, 0x08,
0xcf, 0xb5, 0x93, 0xfb, 0x67, 0xb6, 0xf7, 0xaf, 0x45, 0x34, 0x64, 0x70, 0x9e, 0xc9, 0x1a,
0x8b, 0xd3, 0x70, 0x45, 0xf0, 0x79, 0x65, 0xca, 0xb9, 0x03, 0x88, 0x72, 0x1c, 0xdd, 0xab,
0x45, 0x6b, 0x1c
};
Crypto::AESCipher::CBCMode cipher("WellHelloFriends", 128, Crypto::Intent::Encryption);
test_it(cipher, result);
}
{
I_TEST((AES CBC with 192 bit key | Encrypt))
u8 result[] {
0xae, 0xd2, 0x70, 0xc4, 0x9c, 0xaa, 0x83, 0x33, 0xd3, 0xd3, 0xac, 0x11, 0x65, 0x35, 0xf7,
0x19, 0x48, 0x7c, 0x7a, 0x8a, 0x95, 0x64, 0xe7, 0xc6, 0x0a, 0xdf, 0x10, 0x06, 0xdc, 0x90,
0x68, 0x51, 0x09, 0xd7, 0x3b, 0x48, 0x1b, 0x8a, 0xd3, 0x50, 0x09, 0xba, 0xfc, 0xde, 0x11,
0xe0, 0x3f, 0xcb
};
Crypto::AESCipher::CBCMode cipher("Well Hello Friends! whf!", 192, Crypto::Intent::Encryption);
test_it(cipher, result);
}
{
I_TEST((AES CBC with 256 bit key | Encrypt))
u8 result[] {
0x0a, 0x44, 0x4d, 0x62, 0x9e, 0x8b, 0xd8, 0x11, 0x80, 0x48, 0x2a, 0x32, 0x53, 0x61, 0xe7,
0x59, 0x62, 0x55, 0x9e, 0xf4, 0xe6, 0xad, 0xea, 0xc5, 0x0b, 0xf6, 0xbc, 0x6a, 0xcb, 0x9c,
0x47, 0x9f, 0xc2, 0x21, 0xe6, 0x19, 0x62, 0xc3, 0x75, 0xca, 0xab, 0x2d, 0x18, 0xa1, 0x54,
0xd1, 0x41, 0xe6
};
Crypto::AESCipher::CBCMode cipher("WellHelloFriendsWellHelloFriends", 256, Crypto::Intent::Encryption);
test_it(cipher, result);
}
// TODO: Test non-CMS padding options
}
void aes_cbc_test_decrypt()
{
auto test_it = [](auto& cipher, auto& result, auto result_len) {
auto true_value = "This is a test! This is another test!";
auto in = ByteBuffer::copy(result, result_len);
auto out = cipher.create_aligned_buffer(in.size());
auto iv = ByteBuffer::create_zeroed(Crypto::AESCipher::block_size());
cipher.decrypt(in, out, iv);
if (out.size() != strlen(true_value)) {
FAIL(size mismatch);
printf("Expected %zu bytes but got %zu\n", strlen(true_value), out.size());
} else if (memcmp(out.data(), true_value, strlen(true_value)) != 0) {
FAIL(invalid data);
print_buffer(out, Crypto::AESCipher::block_size());
} else
PASS;
};
{
I_TEST((AES CBC with 128 bit key | Decrypt))
u8 result[] {
0xb8, 0x06, 0x7c, 0xf2, 0xa9, 0x56, 0x63, 0x58, 0x2d, 0x5c, 0xa1, 0x4b, 0xc5, 0xe3, 0x08,
0xcf, 0xb5, 0x93, 0xfb, 0x67, 0xb6, 0xf7, 0xaf, 0x45, 0x34, 0x64, 0x70, 0x9e, 0xc9, 0x1a,
0x8b, 0xd3, 0x70, 0x45, 0xf0, 0x79, 0x65, 0xca, 0xb9, 0x03, 0x88, 0x72, 0x1c, 0xdd, 0xab,
0x45, 0x6b, 0x1c
};
Crypto::AESCipher::CBCMode cipher("WellHelloFriends", 128, Crypto::Intent::Decryption);
test_it(cipher, result, 48);
}
{
I_TEST((AES CBC with 192 bit key | Decrypt))
u8 result[] {
0xae, 0xd2, 0x70, 0xc4, 0x9c, 0xaa, 0x83, 0x33, 0xd3, 0xd3, 0xac, 0x11, 0x65, 0x35, 0xf7,
0x19, 0x48, 0x7c, 0x7a, 0x8a, 0x95, 0x64, 0xe7, 0xc6, 0x0a, 0xdf, 0x10, 0x06, 0xdc, 0x90,
0x68, 0x51, 0x09, 0xd7, 0x3b, 0x48, 0x1b, 0x8a, 0xd3, 0x50, 0x09, 0xba, 0xfc, 0xde, 0x11,
0xe0, 0x3f, 0xcb
};
Crypto::AESCipher::CBCMode cipher("Well Hello Friends! whf!", 192, Crypto::Intent::Decryption);
test_it(cipher, result, 48);
}
{
I_TEST((AES CBC with 256 bit key | Decrypt))
u8 result[] {
0x0a, 0x44, 0x4d, 0x62, 0x9e, 0x8b, 0xd8, 0x11, 0x80, 0x48, 0x2a, 0x32, 0x53, 0x61, 0xe7,
0x59, 0x62, 0x55, 0x9e, 0xf4, 0xe6, 0xad, 0xea, 0xc5, 0x0b, 0xf6, 0xbc, 0x6a, 0xcb, 0x9c,
0x47, 0x9f, 0xc2, 0x21, 0xe6, 0x19, 0x62, 0xc3, 0x75, 0xca, 0xab, 0x2d, 0x18, 0xa1, 0x54,
0xd1, 0x41, 0xe6
};
Crypto::AESCipher::CBCMode cipher("WellHelloFriendsWellHelloFriends", 256, Crypto::Intent::Decryption);
test_it(cipher, result, 48);
}
// TODO: Test non-CMS padding options
}