system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-10-17 05:12:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibCrypto: Implement HMAC

Browse source
This commit is contained in:
AnotherTest 2020-04-08 01:54:50 +04:30 committed by Andreas Kling
parent 4f89a377a4
commit f2cd004d11
8 changed files with 249 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
Libraries/LibCrypto/Authentication/HMAC.h Normal file
View file

@ -0,0 +1,134 @@
/*
* Copyright (c) 2020, Ali Mohammad Pur <ali.mpfard@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#pragma once
#include <AK/ByteBuffer.h>
#include <AK/String.h>
#include <AK/StringBuilder.h>
#include <AK/StringView.h>
#include <AK/Types.h>
#include <AK/Vector.h>
constexpr static auto IPAD = 0x36;
constexpr static auto OPAD = 0x5c;
namespace Crypto {
namespace Authentication {
template <typename HashT>
class HMAC {
public:
using HashType = HashT;
using TagType = typename HashType::DigestType;
static constexpr size_t BlockSize = HashType::BlockSize;
static constexpr size_t DigestSize = HashType::DigestSize;
template <typename KeyBufferType, typename... Args>
HMAC(KeyBufferType key, Args... args)
: m_inner_hasher(args...)
, m_outer_hasher(args...)
{
derive_key(key);
reset();
}
TagType process(const u8* message, size_t length)
{
reset();
update(message, length);
return digest();
}
void update(const u8* message, size_t length)
{
m_inner_hasher.update(message, length);
}
TagType process(const ByteBuffer& buffer) { return process(buffer.data(), buffer.size()); }
TagType process(const StringView& string) { return process((const u8*)string.characters_without_null_termination(), string.length()); }
void update(const ByteBuffer& buffer) { return update(buffer.data(), buffer.size()); }
void update(const StringView& string) { return update((const u8*)string.characters_without_null_termination(), string.length()); }
TagType digest()
{
m_outer_hasher.update(m_inner_hasher.digest().data, m_inner_hasher.DigestSize);
auto result = m_outer_hasher.digest();
reset();
return result;
}
void reset()
{
m_inner_hasher.reset();
m_outer_hasher.reset();
m_inner_hasher.update(m_key_data, BlockSize);
m_outer_hasher.update(m_key_data + BlockSize, BlockSize);
}
String class_name() const
{
StringBuilder builder;
builder.append("HMAC-");
builder.append(m_inner_hasher.class_name());
return builder.build();
}
private:
void derive_key(const u8* key, size_t length)
{
u8 v_key[BlockSize];
__builtin_memset(v_key, 0, BlockSize);
ByteBuffer key_buffer = ByteBuffer::wrap(v_key, BlockSize);
// m_key_data is zero'd, so copying the data in
// the first few bytes leaves the rest zero, which
// is exactly what we want (zero padding)
if (length > BlockSize) {
m_inner_hasher.update(key, length);
auto digest = m_inner_hasher.digest();
// FIXME: should we check if the hash function creates more data than its block size?
key_buffer.overwrite(0, digest.data, sizeof(TagType));
} else {
key_buffer.overwrite(0, key, length);
}
// fill out the inner and outer padded keys
auto* i_key = m_key_data;
auto* o_key = m_key_data + BlockSize;
for (size_t i = 0; i < BlockSize; ++i) {
auto key_byte = key_buffer[i];
i_key[i] = key_byte ^ IPAD;
o_key[i] = key_byte ^ OPAD;
}
}
void derive_key(const ByteBuffer& key) { derive_key(key.data(), key.size()); }
void derive_key(const StringView& key) { derive_key((const u8*)key.characters_without_null_termination(), key.length()); }
HashType m_inner_hasher, m_outer_hasher;
u8 m_key_data[BlockSize * 2];
};
}
}

2
Libraries/LibCrypto/Cipher/AES.h
View file

@ -120,6 +120,8 @@ namespace Cipher {
virtual void encrypt_block(const BlockType& in, BlockType& out) override;
virtual void decrypt_block(const BlockType& in, BlockType& out) override;
virtual String class_name() const override { return "AES"; }
protected:
AESCipherKey m_key;
};

2
Libraries/LibCrypto/Cipher/Cipher.h
View file

@ -129,6 +129,8 @@ namespace Cipher {
virtual void encrypt_block(const BlockType& in, BlockType& out) = 0;
virtual void decrypt_block(const BlockType& in, BlockType& out) = 0;
virtual String class_name() const = 0;
private:
PaddingMode m_padding_mode;
};

10
Libraries/LibCrypto/Cipher/Mode/CBC.h
View file

@ -26,6 +26,8 @@
#pragma once
#include <AK/String.h>
#include <AK/StringBuilder.h>
#include <LibCrypto/Cipher/Mode/Mode.h>
namespace Crypto {
@ -40,6 +42,14 @@ namespace Cipher {
{
}
virtual String class_name() const override
{
StringBuilder builder;
builder.append(this->cipher().class_name());
builder.append("_CBC");
return builder.build();
}
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
{
auto length = in.size();

2
Libraries/LibCrypto/Cipher/Mode/Mode.h
View file

@ -50,6 +50,8 @@ namespace Cipher {
return ByteBuffer::create_uninitialized(input_size + T::block_size() - remainder);
}
virtual String class_name() const = 0;
protected:
T& cipher() { return m_cipher; }

1
Libraries/LibCrypto/Hash/HashFunction.h
View file

@ -49,6 +49,7 @@ namespace Hash {
virtual void update(const StringView& string) = 0;
virtual DigestType digest() = 0;
virtual String class_name() const = 0;
};
}
}

3
Libraries/LibCrypto/Hash/MD5.h
View file

@ -26,6 +26,7 @@
#pragma once
#include <AK/String.h>
#include <AK/Types.h>
#include <LibCrypto/Hash/HashFunction.h>
@ -79,6 +80,8 @@ namespace Hash {
virtual void update(const StringView& string) override { update((const u8*)string.characters_without_null_termination(), string.length()); };
virtual DigestType digest() override;
virtual String class_name() const override { return "MD5"; }
inline static DigestType hash(const u8* data, size_t length)
{
MD5 md5;

98
Userland/test-crypto.cpp
View file

@ -1,5 +1,6 @@
#include <LibCore/ArgsParser.h>
#include <LibCore/File.h>
#include <LibCrypto/Authentication/HMAC.h>
#include <LibCrypto/Cipher/AES.h>
#include <LibCrypto/Hash/MD5.h>
#include <LibLine/Editor.h>
@ -15,6 +16,7 @@ static bool run_tests = false;
static bool encrypting = true;
constexpr const char* DEFAULT_DIGEST_SUITE { "HMAC-MD5" };
constexpr const char* DEFAULT_HASH_SUITE { "MD5" };
constexpr const char* DEFAULT_CIPHER_SUITE { "AES_CBC" };
@ -25,6 +27,9 @@ int aes_cbc_tests();
// Hash
int md5_tests();
// Authentication
int hmac_md5_tests();
// stop listing tests
void print_buffer(const ByteBuffer& buffer, int split)
@ -113,7 +118,7 @@ auto main(int argc, char** argv) -> int
Core::ArgsParser parser;
parser.add_positional_argument(mode, "mode to operate in ('list' to see modes and descriptions)", "mode");
parser.add_option(secret_key, "Set the secret key", "secret-key", 'k', "secret key");
parser.add_option(secret_key, "Set the secret key (default key is 'WellHelloFriends')", "secret-key", 'k', "secret key");
parser.add_option(key_bits, "Size of the key", "key-bits", 'b', "key-bits");
parser.add_option(filename, "Read from file", "file", 'f', "from file");
parser.add_option(binary, "Force binary output", "force-binary", 0);
@ -124,7 +129,8 @@ auto main(int argc, char** argv) -> int
StringView mode_sv { mode };
if (mode_sv == "list") {
puts("Crypt modes");
puts("test-crypto modes");
puts("\tdigest - Access digest (authentication) functions");
puts("\thash - Access hash functions");
puts("\tencrypt -- Access encryption functions");
puts("\tdecrypt -- Access decryption functions");
@ -144,6 +150,19 @@ auto main(int argc, char** argv) -> int
return 1;
}
}
if (mode_sv == "digest") {
if (suite == nullptr)
suite = DEFAULT_DIGEST_SUITE;
if (StringView(suite) == "HMAC-MD5") {
if (run_tests)
return hmac_md5_tests();
return run(hmac_md5);
} else {
printf("unknown hash function '%s'\n", suite);
return 1;
}
}
encrypting = mode_sv == "encrypt";
if (encrypting || mode_sv == "decrypt") {
if (suite == nullptr)
@ -187,14 +206,20 @@ ByteBuffer operator""_b(const char* string, size_t length)
// tests go after here
// please be reasonable with orders kthx
void aes_cbc_test_name();
void aes_cbc_test_encrypt();
void aes_cbc_test_decrypt();
void md5_test_name();
void md5_test_hash();
void md5_test_consecutive_updates();
void hmac_md5_test_name();
void hmac_md5_test_process();
int aes_cbc_tests()
{
aes_cbc_test_name();
if (encrypting) {
aes_cbc_test_encrypt();
} else {
@ -204,6 +229,16 @@ int aes_cbc_tests()
return 0;
}
void aes_cbc_test_name()
{
I_TEST((AES CBC class name));
Crypto::Cipher::AESCipher::CBCMode cipher("WellHelloFriends", 128, Crypto::Cipher::Intent::Encryption);
if (cipher.class_name() != "AES_CBC")
FAIL(Invalid class name);
else
PASS;
}
void aes_cbc_test_encrypt()
{
auto test_it = [](auto& cipher, auto& result) {
@ -309,11 +344,22 @@ void aes_cbc_test_decrypt()
int md5_tests()
{
md5_test_name();
md5_test_hash();
md5_test_consecutive_updates();
return 0;
}
void md5_test_name()
{
I_TEST((MD5 class name));
Crypto::Hash::MD5 md5;
if (md5.class_name() != "MD5")
FAIL(Invalid class name);
else
PASS;
}
void md5_test_hash()
{
{
@ -422,9 +468,55 @@ void md5_test_consecutive_updates()
md5.update("friends");
auto digest1 = md5.digest();
if (memcmp(digest0.data, digest1.data, Crypto::Hash::MD5::block_size()) != 0)
if (memcmp(digest0.data, digest1.data, Crypto::Hash::MD5::digest_size()) != 0)
FAIL(Cannot reuse);
else
PASS;
}
}
int hmac_md5_tests()
{
hmac_md5_test_name();
hmac_md5_test_process();
return 0;
}
void hmac_md5_test_name()
{
I_TEST((HMAC - MD5 | Class name));
Crypto::Authentication::HMAC<Crypto::Hash::MD5> hmac("Well Hello Friends");
if (hmac.class_name() != "HMAC-MD5")
FAIL(Invalid class name);
else
PASS;
}
void hmac_md5_test_process()
{
{
I_TEST((HMAC - MD5 | Basic));
Crypto::Authentication::HMAC<Crypto::Hash::MD5> hmac("Well Hello Friends");
u8 result[] {
0x3b, 0x5b, 0xde, 0x30, 0x3a, 0x54, 0x7b, 0xbb, 0x09, 0xfe, 0x78, 0x89, 0xbc, 0x9f, 0x22, 0xa3
};
auto mac = hmac.process("Some bogus data");
if (memcmp(result, mac.data, hmac.DigestSize) != 0) {
FAIL(Invalid mac);
print_buffer(ByteBuffer::wrap(mac.data, hmac.DigestSize), -1);
} else
PASS;
}
{
I_TEST((HMAC - MD5 | Reuse));
Crypto::Authentication::HMAC<Crypto::Hash::MD5> hmac("Well Hello Friends");
auto mac_0 = hmac.process("Some bogus data");
auto mac_1 = hmac.process("Some bogus data");
if (memcmp(mac_0.data, mac_1.data, hmac.DigestSize) != 0) {
FAIL(Cannot reuse);
} else
PASS;
}
}