logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0002-Use-BearSSL-for-HMAC-SHA256-and-AES-CBC.patch (4933B)

    

  1. From 2e18341d2d69f10dafd06fbeb3782d41e65fdf87 Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Fri, 15 Nov 2019 21:47:49 -0800
  4. Subject: [PATCH] Use BearSSL for HMAC-SHA256 and AES-CBC
  6. ---
  7.  fs_net.c  |  4 ++--
  8.  fs_wget.c | 45 +++++++++++++++++++++++++++++++++++++--------
  9.  fs_wget.h |  5 ++---
  10.  3 files changed, 41 insertions(+), 13 deletions(-)
  12. diff --git a/fs_net.c b/fs_net.c
  13. index c7c7484..18c8407 100644
  14. --- a/fs_net.c
  15. +++ b/fs_net.c
  16. @@ -2556,7 +2556,7 @@ static int fs_cmd_xhr(FSDevice *fs, FSFile *f,
  17.      s->fd = fd;
  18.      s->post_fd = post_fd;
  19.      if (aes_key_len != 0) {
  20. -        AES_set_decrypt_key(aes_key, FS_KEY_LEN * 8, &s->aes_state);
  21. +        br_aes_big_cbcdec_init(&s->aes_state.c_big, aes_key, FS_KEY_LEN);
  22.          paes_state = &s->aes_state;
  23.      } else {
  24.          paes_state = NULL;
  25. @@ -2646,7 +2646,7 @@ static int fs_cmd_set_base_url(FSDevice *fs, const char *p)
  26.      if (aes_key_len != 0) {
  27.          if (aes_key_len != FS_KEY_LEN)
  28.              goto fail;
  29. -        AES_set_decrypt_key(aes_key, FS_KEY_LEN * 8, &aes_state);
  30. +        br_aes_big_cbcdec_init(&aes_state.c_big, aes_key, FS_KEY_LEN);
  31.          paes_state = &aes_state;
  32.      } else {
  33.          paes_state = NULL;
  34. diff --git a/fs_wget.c b/fs_wget.c
  35. index b4857b0..5a36dbc 100644
  36. --- a/fs_wget.c
  37. +++ b/fs_wget.c
  38. @@ -327,6 +327,8 @@ XHRState *fs_wget(const char *url, const char *user, const char *password,
  39.  /***********************************************/
  40.  /* file decryption */
  41.  
  42. +#define AES_BLOCK_SIZE br_aes_big_BLOCK_SIZE
  43. +
  44.  #define ENCRYPTED_FILE_HEADER_SIZE (4 + AES_BLOCK_SIZE)
  45.  
  46.  #define DEC_BUF_SIZE (256 * AES_BLOCK_SIZE)
  47. @@ -379,8 +381,7 @@ int decrypt_file(DecryptFileState *s, const uint8_t *data,
  48.              if (s->dec_buf_pos >= DEC_BUF_SIZE) {
  49.                  /* keep one block in case it is the padding */
  50.                  len = s->dec_buf_pos - AES_BLOCK_SIZE;
  51. -                AES_cbc_encrypt(s->dec_buf, s->dec_buf, len,
  52. -                                s->aes_state, s->iv, FALSE);
  53. +                br_aes_big_cbcdec_run(&s->aes_state->c_big, s->iv, s->dec_buf, len);
  54.                  ret = s->write_cb(s->opaque, s->dec_buf, len);
  55.                  if (ret < 0)
  56.                      return ret;
  57. @@ -409,8 +410,7 @@ int decrypt_file_flush(DecryptFileState *s)
  58.      if (len == 0 || 
  59.          (len % AES_BLOCK_SIZE) != 0)
  60.          return -1;
  61. -    AES_cbc_encrypt(s->dec_buf, s->dec_buf, len,
  62. -                    s->aes_state, s->iv, FALSE);
  63. +    br_aes_big_cbcdec_run(&s->aes_state->c_big, s->iv, s->dec_buf, len);
  64.      pad_len = s->dec_buf[s->dec_buf_pos - 1];
  65.      if (pad_len < 1 || pad_len > AES_BLOCK_SIZE)
  66.          return -1;
  67. @@ -532,6 +532,8 @@ void fs_wget_file2(FSDevice *fs, FSFile *f, const char *url,
  68.  /***********************************************/
  69.  /* PBKDF2 */
  70.  
  71. +#define SALT_LEN_MAX 32
  72. +
  73.  #ifdef USE_BUILTIN_CRYPTO
  74.  
  75.  #define HMAC_BLOCK_SIZE 64
  76. @@ -575,8 +577,6 @@ void hmac_sha256_final(HMAC_SHA256_CTX *s, uint8_t *out)
  77.      SHA256(s->K, HMAC_BLOCK_SIZE + SHA256_DIGEST_LENGTH, out);
  78.  }
  79.  
  80. -#define SALT_LEN_MAX 32
  81. -
  82.  void pbkdf2_hmac_sha256(const uint8_t *pwd, int pwd_len,
  83.                          const uint8_t *salt, int salt_len,
  84.                          int iter, int key_len, uint8_t *out)
  85. @@ -618,8 +618,37 @@ void pbkdf2_hmac_sha256(const uint8_t *pwd, int pwd_len,
  86.                          const uint8_t *salt, int salt_len,
  87.                          int iter, int key_len, uint8_t *out)
  88.  {
  89. -    PKCS5_PBKDF2_HMAC((const char *)pwd, pwd_len, salt, salt_len,
  90. -                      iter, EVP_sha256(), key_len, out);
  91. +    uint8_t F[br_sha256_SIZE], U[SALT_LEN_MAX + 4];
  92. +    br_hmac_key_context kc;
  93. +    br_hmac_context ctx;
  94. +    int it, U_len, j, l;
  95. +    uint32_t i;
  96. +
  97. +    assert(salt_len <= SALT_LEN_MAX);
  98. +    i = 1;
  99. +    br_hmac_key_init(&kc, &br_sha256_vtable, pwd, pwd_len);
  100. +    while (key_len > 0) {
  101. +        memset(F, 0, br_sha256_SIZE);
  102. +        memcpy(U, salt, salt_len);
  103. +        U[salt_len] = i >> 24;
  104. +        U[salt_len + 1] = i >> 16;
  105. +        U[salt_len + 2] = i >> 8;
  106. +        U[salt_len + 3] = i;
  107. +        U_len = salt_len + 4;
  108. +        for(it = 0; it < iter; it++) {
  109. +            br_hmac_init(&ctx, &kc, 0);
  110. +            br_hmac_update(&ctx, U, U_len);
  111. +            br_hmac_out(&ctx, U);
  112. +            for(j = 0; j < br_sha256_SIZE; j++)
  113. +                F[j] ^= U[j];
  114. +            U_len = br_sha256_SIZE;
  115. +        }
  116. +        l = min_int(key_len, br_sha256_SIZE);
  117. +        memcpy(out, F, l);
  118. +        out += l;
  119. +        key_len -= l;
  120. +        i++;
  121. +    }
  122.  }
  123.  
  124.  #endif /* !USE_BUILTIN_CRYPTO */
  125. diff --git a/fs_wget.h b/fs_wget.h
  126. index 35b6a4b..952bb69 100644
  127. --- a/fs_wget.h
  128. +++ b/fs_wget.h
  129. @@ -29,9 +29,8 @@
  130.  #include "aes.h"
  131.  #include "sha256.h"
  132.  #else
  133. -#include <openssl/aes.h>
  134. -#include <openssl/sha.h>
  135. -#include <openssl/evp.h>
  136. +#include <bearssl.h>
  137. +typedef br_aes_gen_cbcdec_keys AES_KEY;
  138.  #endif
  139.  #ifdef _WIN32
  140.  #include <winsock2.h>
  141. -- 
  142. 2.32.0