passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'expose-tag-length'

This commit is contained in:
Davide De Rosa 2018-11-06 10:39:30 +01:00
parent caea6624fc 36e93651ba
commit fdb7829d64
8 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TunnelKit/Sources/Core/ControlChannelSerializer.swift
View File

@ -233,7 +233,7 @@ extension ControlChannel {
headerLength = PacketOpcodeLength + PacketSessionIdLength
adLength = headerLength + PacketReplayIdLength + PacketReplayTimestampLength
tagLength = 32
tagLength = crypto.tagLength()
currentReplayId = BidirectionalState(withResetValue: 1)
plain = PlainSerializer()

2
TunnelKit/Sources/Core/Crypto.h
View File

@ -55,6 +55,7 @@ typedef struct {
- (void)configureEncryptionWithCipherKey:(nullable ZeroingData *)cipherKey hmacKey:(nullable ZeroingData *)hmacKey;
- (int)digestLength;
- (int)tagLength;
- (NSInteger)encryptionCapacityWithLength:(NSInteger)length;
- (BOOL)encryptBytes:(const uint8_t *)bytes length:(NSInteger)length dest:(uint8_t *)dest destLength:(NSInteger *)destLength flags:(const CryptoFlags *_Nullable)flags error:(NSError **)error;
@ -68,6 +69,7 @@ typedef struct {
- (void)configureDecryptionWithCipherKey:(nullable ZeroingData *)cipherKey hmacKey:(nullable ZeroingData *)hmacKey;
- (int)digestLength;
- (int)tagLength;
- (NSInteger)encryptionCapacityWithLength:(NSInteger)length;
- (BOOL)decryptBytes:(const uint8_t *)bytes length:(NSInteger)length dest:(uint8_t *)dest destLength:(NSInteger *)destLength flags:(const CryptoFlags *_Nullable)flags error:(NSError **)error;

7
TunnelKit/Sources/Core/CryptoAEAD.m
View File

@ -43,7 +43,7 @@
#import "Allocation.h"
#import "Errors.h"
const NSInteger CryptoAEADTagLength = 16;
static const NSInteger CryptoAEADTagLength = 16;
@interface CryptoAEAD ()
@ -97,6 +97,11 @@ const NSInteger CryptoAEADTagLength = 16;
return 0;
}
- (int)tagLength
{
return CryptoAEADTagLength;
}
- (NSInteger)encryptionCapacityWithLength:(NSInteger)length
{
return safe_crypto_capacity(length, CryptoAEADTagLength);

1
TunnelKit/Sources/Core/CryptoBox.h
View File

@ -73,6 +73,7 @@ NS_ASSUME_NONNULL_BEGIN
- (id<Decrypter>)decrypter;
- (NSInteger)digestLength;
- (NSInteger)tagLength;
@end

2
TunnelKit/Sources/Core/CryptoBox.m
View File

@ -52,6 +52,7 @@
@property (nonatomic, strong) NSString *cipherAlgorithm;
@property (nonatomic, strong) NSString *digestAlgorithm;
@property (nonatomic, assign) NSInteger digestLength;
@property (nonatomic, assign) NSInteger tagLength;
@property (nonatomic, strong) id<Encrypter> encrypter;
@property (nonatomic, strong) id<Decrypter> decrypter;
@ -147,6 +148,7 @@
NSAssert(self.encrypter.digestLength == self.decrypter.digestLength, @"Digest length mismatch in encrypter/decrypter");
self.digestLength = self.encrypter.digestLength;
self.tagLength = self.encrypter.tagLength;
return YES;
}

5
TunnelKit/Sources/Core/CryptoCBC.m
View File

@ -113,6 +113,11 @@ const NSInteger CryptoCBCMaxHMACLength = 100;
self.digest = NULL;
}
- (int)tagLength
{
return 0;
}
- (NSInteger)encryptionCapacityWithLength:(NSInteger)length
{
return safe_crypto_capacity(length, self.digestLength + self.cipherIVLength);

2
TunnelKit/Sources/Core/CryptoCTR.h
View File

@ -30,8 +30,6 @@
NS_ASSUME_NONNULL_BEGIN
extern const NSInteger CryptoCTRADLength;
@interface CryptoCTR : NSObject <Encrypter, Decrypter>
- (instancetype)initWithCipherName:(nullable NSString *)cipherName digestName:(NSString *)digestName;

20
TunnelKit/Sources/Core/CryptoCTR.m
View File

@ -33,7 +33,7 @@
#import "Allocation.h"
#import "Errors.h"
const NSInteger CryptoCTRTagLength = 32;
static const NSInteger CryptoCTRTagLength = 32;
@interface CryptoCTR ()
@ -42,7 +42,6 @@ const NSInteger CryptoCTRTagLength = 32;
@property (nonatomic, assign) int cipherKeyLength;
@property (nonatomic, assign) int cipherIVLength;
@property (nonatomic, assign) int hmacKeyLength;
@property (nonatomic, assign) int digestLength;
@property (nonatomic, unsafe_unretained) EVP_CIPHER_CTX *cipherCtxEnc;
@property (nonatomic, unsafe_unretained) EVP_CIPHER_CTX *cipherCtxDec;
@ -70,14 +69,13 @@ const NSInteger CryptoCTRTagLength = 32;
self.cipherIVLength = EVP_CIPHER_iv_length(self.cipher);
// as seen in OpenVPN's crypto_openssl.c:md_kt_size()
self.hmacKeyLength = EVP_MD_size(self.digest);
self.digestLength = EVP_MD_size(self.digest);
NSAssert(self.digestLength == CryptoCTRTagLength, @"Expected digest size to be tag length (%ld)", CryptoCTRTagLength);
NSAssert(EVP_MD_size(self.digest) == CryptoCTRTagLength, @"Expected digest size to be tag length (%ld)", CryptoCTRTagLength);
self.cipherCtxEnc = EVP_CIPHER_CTX_new();
self.cipherCtxDec = EVP_CIPHER_CTX_new();
self.hmacCtxEnc = HMAC_CTX_new();
self.hmacCtxDec = HMAC_CTX_new();
self.bufferDecHMAC = allocate_safely(self.digestLength);
self.bufferDecHMAC = allocate_safely(CryptoCTRTagLength);
}
return self;
}
@ -88,13 +86,23 @@ const NSInteger CryptoCTRTagLength = 32;
EVP_CIPHER_CTX_free(self.cipherCtxDec);
HMAC_CTX_free(self.hmacCtxEnc);
HMAC_CTX_free(self.hmacCtxDec);
bzero(self.bufferDecHMAC, self.digestLength);
bzero(self.bufferDecHMAC, CryptoCTRTagLength);
free(self.bufferDecHMAC);
self.cipher = NULL;
self.digest = NULL;
}
- (int)digestLength
{
return CryptoCTRTagLength;
}
- (int)tagLength
{
return CryptoCTRTagLength;
}
- (NSInteger)encryptionCapacityWithLength:(NSInteger)length
{
return safe_crypto_capacity(length, PacketOpcodeLength + PacketSessionIdLength + PacketReplayIdLength + PacketReplayTimestampLength + CryptoCTRTagLength);