Merge branch 'expose-tag-length'

This commit is contained in:
Davide De Rosa 2018-11-06 10:39:30 +01:00
commit fdb7829d64
8 changed files with 31 additions and 10 deletions

View File

@ -233,7 +233,7 @@ extension ControlChannel {
headerLength = PacketOpcodeLength + PacketSessionIdLength headerLength = PacketOpcodeLength + PacketSessionIdLength
adLength = headerLength + PacketReplayIdLength + PacketReplayTimestampLength adLength = headerLength + PacketReplayIdLength + PacketReplayTimestampLength
tagLength = 32 tagLength = crypto.tagLength()
currentReplayId = BidirectionalState(withResetValue: 1) currentReplayId = BidirectionalState(withResetValue: 1)
plain = PlainSerializer() plain = PlainSerializer()

View File

@ -55,6 +55,7 @@ typedef struct {
- (void)configureEncryptionWithCipherKey:(nullable ZeroingData *)cipherKey hmacKey:(nullable ZeroingData *)hmacKey; - (void)configureEncryptionWithCipherKey:(nullable ZeroingData *)cipherKey hmacKey:(nullable ZeroingData *)hmacKey;
- (int)digestLength; - (int)digestLength;
- (int)tagLength;
- (NSInteger)encryptionCapacityWithLength:(NSInteger)length; - (NSInteger)encryptionCapacityWithLength:(NSInteger)length;
- (BOOL)encryptBytes:(const uint8_t *)bytes length:(NSInteger)length dest:(uint8_t *)dest destLength:(NSInteger *)destLength flags:(const CryptoFlags *_Nullable)flags error:(NSError **)error; - (BOOL)encryptBytes:(const uint8_t *)bytes length:(NSInteger)length dest:(uint8_t *)dest destLength:(NSInteger *)destLength flags:(const CryptoFlags *_Nullable)flags error:(NSError **)error;
@ -68,6 +69,7 @@ typedef struct {
- (void)configureDecryptionWithCipherKey:(nullable ZeroingData *)cipherKey hmacKey:(nullable ZeroingData *)hmacKey; - (void)configureDecryptionWithCipherKey:(nullable ZeroingData *)cipherKey hmacKey:(nullable ZeroingData *)hmacKey;
- (int)digestLength; - (int)digestLength;
- (int)tagLength;
- (NSInteger)encryptionCapacityWithLength:(NSInteger)length; - (NSInteger)encryptionCapacityWithLength:(NSInteger)length;
- (BOOL)decryptBytes:(const uint8_t *)bytes length:(NSInteger)length dest:(uint8_t *)dest destLength:(NSInteger *)destLength flags:(const CryptoFlags *_Nullable)flags error:(NSError **)error; - (BOOL)decryptBytes:(const uint8_t *)bytes length:(NSInteger)length dest:(uint8_t *)dest destLength:(NSInteger *)destLength flags:(const CryptoFlags *_Nullable)flags error:(NSError **)error;

View File

@ -43,7 +43,7 @@
#import "Allocation.h" #import "Allocation.h"
#import "Errors.h" #import "Errors.h"
const NSInteger CryptoAEADTagLength = 16; static const NSInteger CryptoAEADTagLength = 16;
@interface CryptoAEAD () @interface CryptoAEAD ()
@ -97,6 +97,11 @@ const NSInteger CryptoAEADTagLength = 16;
return 0; return 0;
} }
- (int)tagLength
{
return CryptoAEADTagLength;
}
- (NSInteger)encryptionCapacityWithLength:(NSInteger)length - (NSInteger)encryptionCapacityWithLength:(NSInteger)length
{ {
return safe_crypto_capacity(length, CryptoAEADTagLength); return safe_crypto_capacity(length, CryptoAEADTagLength);

View File

@ -73,6 +73,7 @@ NS_ASSUME_NONNULL_BEGIN
- (id<Decrypter>)decrypter; - (id<Decrypter>)decrypter;
- (NSInteger)digestLength; - (NSInteger)digestLength;
- (NSInteger)tagLength;
@end @end

View File

@ -52,6 +52,7 @@
@property (nonatomic, strong) NSString *cipherAlgorithm; @property (nonatomic, strong) NSString *cipherAlgorithm;
@property (nonatomic, strong) NSString *digestAlgorithm; @property (nonatomic, strong) NSString *digestAlgorithm;
@property (nonatomic, assign) NSInteger digestLength; @property (nonatomic, assign) NSInteger digestLength;
@property (nonatomic, assign) NSInteger tagLength;
@property (nonatomic, strong) id<Encrypter> encrypter; @property (nonatomic, strong) id<Encrypter> encrypter;
@property (nonatomic, strong) id<Decrypter> decrypter; @property (nonatomic, strong) id<Decrypter> decrypter;
@ -147,6 +148,7 @@
NSAssert(self.encrypter.digestLength == self.decrypter.digestLength, @"Digest length mismatch in encrypter/decrypter"); NSAssert(self.encrypter.digestLength == self.decrypter.digestLength, @"Digest length mismatch in encrypter/decrypter");
self.digestLength = self.encrypter.digestLength; self.digestLength = self.encrypter.digestLength;
self.tagLength = self.encrypter.tagLength;
return YES; return YES;
} }

View File

@ -113,6 +113,11 @@ const NSInteger CryptoCBCMaxHMACLength = 100;
self.digest = NULL; self.digest = NULL;
} }
- (int)tagLength
{
return 0;
}
- (NSInteger)encryptionCapacityWithLength:(NSInteger)length - (NSInteger)encryptionCapacityWithLength:(NSInteger)length
{ {
return safe_crypto_capacity(length, self.digestLength + self.cipherIVLength); return safe_crypto_capacity(length, self.digestLength + self.cipherIVLength);

View File

@ -30,8 +30,6 @@
NS_ASSUME_NONNULL_BEGIN NS_ASSUME_NONNULL_BEGIN
extern const NSInteger CryptoCTRADLength;
@interface CryptoCTR : NSObject <Encrypter, Decrypter> @interface CryptoCTR : NSObject <Encrypter, Decrypter>
- (instancetype)initWithCipherName:(nullable NSString *)cipherName digestName:(NSString *)digestName; - (instancetype)initWithCipherName:(nullable NSString *)cipherName digestName:(NSString *)digestName;

View File

@ -33,7 +33,7 @@
#import "Allocation.h" #import "Allocation.h"
#import "Errors.h" #import "Errors.h"
const NSInteger CryptoCTRTagLength = 32; static const NSInteger CryptoCTRTagLength = 32;
@interface CryptoCTR () @interface CryptoCTR ()
@ -42,7 +42,6 @@ const NSInteger CryptoCTRTagLength = 32;
@property (nonatomic, assign) int cipherKeyLength; @property (nonatomic, assign) int cipherKeyLength;
@property (nonatomic, assign) int cipherIVLength; @property (nonatomic, assign) int cipherIVLength;
@property (nonatomic, assign) int hmacKeyLength; @property (nonatomic, assign) int hmacKeyLength;
@property (nonatomic, assign) int digestLength;
@property (nonatomic, unsafe_unretained) EVP_CIPHER_CTX *cipherCtxEnc; @property (nonatomic, unsafe_unretained) EVP_CIPHER_CTX *cipherCtxEnc;
@property (nonatomic, unsafe_unretained) EVP_CIPHER_CTX *cipherCtxDec; @property (nonatomic, unsafe_unretained) EVP_CIPHER_CTX *cipherCtxDec;
@ -70,14 +69,13 @@ const NSInteger CryptoCTRTagLength = 32;
self.cipherIVLength = EVP_CIPHER_iv_length(self.cipher); self.cipherIVLength = EVP_CIPHER_iv_length(self.cipher);
// as seen in OpenVPN's crypto_openssl.c:md_kt_size() // as seen in OpenVPN's crypto_openssl.c:md_kt_size()
self.hmacKeyLength = EVP_MD_size(self.digest); self.hmacKeyLength = EVP_MD_size(self.digest);
self.digestLength = EVP_MD_size(self.digest); NSAssert(EVP_MD_size(self.digest) == CryptoCTRTagLength, @"Expected digest size to be tag length (%ld)", CryptoCTRTagLength);
NSAssert(self.digestLength == CryptoCTRTagLength, @"Expected digest size to be tag length (%ld)", CryptoCTRTagLength);
self.cipherCtxEnc = EVP_CIPHER_CTX_new(); self.cipherCtxEnc = EVP_CIPHER_CTX_new();
self.cipherCtxDec = EVP_CIPHER_CTX_new(); self.cipherCtxDec = EVP_CIPHER_CTX_new();
self.hmacCtxEnc = HMAC_CTX_new(); self.hmacCtxEnc = HMAC_CTX_new();
self.hmacCtxDec = HMAC_CTX_new(); self.hmacCtxDec = HMAC_CTX_new();
self.bufferDecHMAC = allocate_safely(self.digestLength); self.bufferDecHMAC = allocate_safely(CryptoCTRTagLength);
} }
return self; return self;
} }
@ -88,13 +86,23 @@ const NSInteger CryptoCTRTagLength = 32;
EVP_CIPHER_CTX_free(self.cipherCtxDec); EVP_CIPHER_CTX_free(self.cipherCtxDec);
HMAC_CTX_free(self.hmacCtxEnc); HMAC_CTX_free(self.hmacCtxEnc);
HMAC_CTX_free(self.hmacCtxDec); HMAC_CTX_free(self.hmacCtxDec);
bzero(self.bufferDecHMAC, self.digestLength); bzero(self.bufferDecHMAC, CryptoCTRTagLength);
free(self.bufferDecHMAC); free(self.bufferDecHMAC);
self.cipher = NULL; self.cipher = NULL;
self.digest = NULL; self.digest = NULL;
} }
- (int)digestLength
{
return CryptoCTRTagLength;
}
- (int)tagLength
{
return CryptoCTRTagLength;
}
- (NSInteger)encryptionCapacityWithLength:(NSInteger)length - (NSInteger)encryptionCapacityWithLength:(NSInteger)length
{ {
return safe_crypto_capacity(length, PacketOpcodeLength + PacketSessionIdLength + PacketReplayIdLength + PacketReplayTimestampLength + CryptoCTRTagLength); return safe_crypto_capacity(length, PacketOpcodeLength + PacketSessionIdLength + PacketReplayIdLength + PacketReplayTimestampLength + CryptoCTRTagLength);