From 7ffbf41b3095a3f7725326ebde77664ca39d9776 Mon Sep 17 00:00:00 2001 From: Davide De Rosa Date: Tue, 6 Nov 2018 10:30:43 +0100 Subject: [PATCH] Expose internal tag length, 0 if none --- TunnelKit/Sources/Core/Crypto.h | 2 ++ TunnelKit/Sources/Core/CryptoAEAD.m | 5 +++++ TunnelKit/Sources/Core/CryptoBox.h | 1 + TunnelKit/Sources/Core/CryptoBox.m | 2 ++ TunnelKit/Sources/Core/CryptoCBC.m | 5 +++++ TunnelKit/Sources/Core/CryptoCTR.m | 5 +++++ 6 files changed, 20 insertions(+) diff --git a/TunnelKit/Sources/Core/Crypto.h b/TunnelKit/Sources/Core/Crypto.h index 109758c..4fb29a2 100644 --- a/TunnelKit/Sources/Core/Crypto.h +++ b/TunnelKit/Sources/Core/Crypto.h @@ -55,6 +55,7 @@ typedef struct { - (void)configureEncryptionWithCipherKey:(nullable ZeroingData *)cipherKey hmacKey:(nullable ZeroingData *)hmacKey; - (int)digestLength; +- (int)tagLength; - (NSInteger)encryptionCapacityWithLength:(NSInteger)length; - (BOOL)encryptBytes:(const uint8_t *)bytes length:(NSInteger)length dest:(uint8_t *)dest destLength:(NSInteger *)destLength flags:(const CryptoFlags *_Nullable)flags error:(NSError **)error; @@ -68,6 +69,7 @@ typedef struct { - (void)configureDecryptionWithCipherKey:(nullable ZeroingData *)cipherKey hmacKey:(nullable ZeroingData *)hmacKey; - (int)digestLength; +- (int)tagLength; - (NSInteger)encryptionCapacityWithLength:(NSInteger)length; - (BOOL)decryptBytes:(const uint8_t *)bytes length:(NSInteger)length dest:(uint8_t *)dest destLength:(NSInteger *)destLength flags:(const CryptoFlags *_Nullable)flags error:(NSError **)error; diff --git a/TunnelKit/Sources/Core/CryptoAEAD.m b/TunnelKit/Sources/Core/CryptoAEAD.m index 7fc9c2a..a2b77f5 100644 --- a/TunnelKit/Sources/Core/CryptoAEAD.m +++ b/TunnelKit/Sources/Core/CryptoAEAD.m @@ -97,6 +97,11 @@ static const NSInteger CryptoAEADTagLength = 16; return 0; } +- (int)tagLength +{ + return CryptoAEADTagLength; +} + - (NSInteger)encryptionCapacityWithLength:(NSInteger)length { return safe_crypto_capacity(length, CryptoAEADTagLength); diff --git a/TunnelKit/Sources/Core/CryptoBox.h b/TunnelKit/Sources/Core/CryptoBox.h index 037aa65..89dbf1f 100644 --- a/TunnelKit/Sources/Core/CryptoBox.h +++ b/TunnelKit/Sources/Core/CryptoBox.h @@ -73,6 +73,7 @@ NS_ASSUME_NONNULL_BEGIN - (id)decrypter; - (NSInteger)digestLength; +- (NSInteger)tagLength; @end diff --git a/TunnelKit/Sources/Core/CryptoBox.m b/TunnelKit/Sources/Core/CryptoBox.m index bbdd825..5a17557 100644 --- a/TunnelKit/Sources/Core/CryptoBox.m +++ b/TunnelKit/Sources/Core/CryptoBox.m @@ -52,6 +52,7 @@ @property (nonatomic, strong) NSString *cipherAlgorithm; @property (nonatomic, strong) NSString *digestAlgorithm; @property (nonatomic, assign) NSInteger digestLength; +@property (nonatomic, assign) NSInteger tagLength; @property (nonatomic, strong) id encrypter; @property (nonatomic, strong) id decrypter; @@ -147,6 +148,7 @@ NSAssert(self.encrypter.digestLength == self.decrypter.digestLength, @"Digest length mismatch in encrypter/decrypter"); self.digestLength = self.encrypter.digestLength; + self.tagLength = self.encrypter.tagLength; return YES; } diff --git a/TunnelKit/Sources/Core/CryptoCBC.m b/TunnelKit/Sources/Core/CryptoCBC.m index b9fc3b9..d6e5acb 100644 --- a/TunnelKit/Sources/Core/CryptoCBC.m +++ b/TunnelKit/Sources/Core/CryptoCBC.m @@ -113,6 +113,11 @@ const NSInteger CryptoCBCMaxHMACLength = 100; self.digest = NULL; } +- (int)tagLength +{ + return 0; +} + - (NSInteger)encryptionCapacityWithLength:(NSInteger)length { return safe_crypto_capacity(length, self.digestLength + self.cipherIVLength); diff --git a/TunnelKit/Sources/Core/CryptoCTR.m b/TunnelKit/Sources/Core/CryptoCTR.m index 5832fce..5181f63 100644 --- a/TunnelKit/Sources/Core/CryptoCTR.m +++ b/TunnelKit/Sources/Core/CryptoCTR.m @@ -95,6 +95,11 @@ static const NSInteger CryptoCTRTagLength = 32; self.digest = NULL; } +- (int)tagLength +{ + return CryptoCTRTagLength; +} + - (NSInteger)encryptionCapacityWithLength:(NSInteger)length { return safe_crypto_capacity(length, PacketOpcodeLength + PacketSessionIdLength + PacketReplayIdLength + PacketReplayTimestampLength + CryptoCTRTagLength);