logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0002-Use-BearSSL-for-HMAC-SHA256-and-AES-CBC.patch (4933B)


  1. From 2e18341d2d69f10dafd06fbeb3782d41e65fdf87 Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Fri, 15 Nov 2019 21:47:49 -0800
  4. Subject: [PATCH] Use BearSSL for HMAC-SHA256 and AES-CBC
  5. ---
  6. fs_net.c | 4 ++--
  7. fs_wget.c | 45 +++++++++++++++++++++++++++++++++++++--------
  8. fs_wget.h | 5 ++---
  9. 3 files changed, 41 insertions(+), 13 deletions(-)
  10. diff --git a/fs_net.c b/fs_net.c
  11. index c7c7484..18c8407 100644
  12. --- a/fs_net.c
  13. +++ b/fs_net.c
  14. @@ -2556,7 +2556,7 @@ static int fs_cmd_xhr(FSDevice *fs, FSFile *f,
  15. s->fd = fd;
  16. s->post_fd = post_fd;
  17. if (aes_key_len != 0) {
  18. - AES_set_decrypt_key(aes_key, FS_KEY_LEN * 8, &s->aes_state);
  19. + br_aes_big_cbcdec_init(&s->aes_state.c_big, aes_key, FS_KEY_LEN);
  20. paes_state = &s->aes_state;
  21. } else {
  22. paes_state = NULL;
  23. @@ -2646,7 +2646,7 @@ static int fs_cmd_set_base_url(FSDevice *fs, const char *p)
  24. if (aes_key_len != 0) {
  25. if (aes_key_len != FS_KEY_LEN)
  26. goto fail;
  27. - AES_set_decrypt_key(aes_key, FS_KEY_LEN * 8, &aes_state);
  28. + br_aes_big_cbcdec_init(&aes_state.c_big, aes_key, FS_KEY_LEN);
  29. paes_state = &aes_state;
  30. } else {
  31. paes_state = NULL;
  32. diff --git a/fs_wget.c b/fs_wget.c
  33. index b4857b0..5a36dbc 100644
  34. --- a/fs_wget.c
  35. +++ b/fs_wget.c
  36. @@ -327,6 +327,8 @@ XHRState *fs_wget(const char *url, const char *user, const char *password,
  37. /***********************************************/
  38. /* file decryption */
  39. +#define AES_BLOCK_SIZE br_aes_big_BLOCK_SIZE
  40. +
  41. #define ENCRYPTED_FILE_HEADER_SIZE (4 + AES_BLOCK_SIZE)
  42. #define DEC_BUF_SIZE (256 * AES_BLOCK_SIZE)
  43. @@ -379,8 +381,7 @@ int decrypt_file(DecryptFileState *s, const uint8_t *data,
  44. if (s->dec_buf_pos >= DEC_BUF_SIZE) {
  45. /* keep one block in case it is the padding */
  46. len = s->dec_buf_pos - AES_BLOCK_SIZE;
  47. - AES_cbc_encrypt(s->dec_buf, s->dec_buf, len,
  48. - s->aes_state, s->iv, FALSE);
  49. + br_aes_big_cbcdec_run(&s->aes_state->c_big, s->iv, s->dec_buf, len);
  50. ret = s->write_cb(s->opaque, s->dec_buf, len);
  51. if (ret < 0)
  52. return ret;
  53. @@ -409,8 +410,7 @@ int decrypt_file_flush(DecryptFileState *s)
  54. if (len == 0 ||
  55. (len % AES_BLOCK_SIZE) != 0)
  56. return -1;
  57. - AES_cbc_encrypt(s->dec_buf, s->dec_buf, len,
  58. - s->aes_state, s->iv, FALSE);
  59. + br_aes_big_cbcdec_run(&s->aes_state->c_big, s->iv, s->dec_buf, len);
  60. pad_len = s->dec_buf[s->dec_buf_pos - 1];
  61. if (pad_len < 1 || pad_len > AES_BLOCK_SIZE)
  62. return -1;
  63. @@ -532,6 +532,8 @@ void fs_wget_file2(FSDevice *fs, FSFile *f, const char *url,
  64. /***********************************************/
  65. /* PBKDF2 */
  66. +#define SALT_LEN_MAX 32
  67. +
  68. #ifdef USE_BUILTIN_CRYPTO
  69. #define HMAC_BLOCK_SIZE 64
  70. @@ -575,8 +577,6 @@ void hmac_sha256_final(HMAC_SHA256_CTX *s, uint8_t *out)
  71. SHA256(s->K, HMAC_BLOCK_SIZE + SHA256_DIGEST_LENGTH, out);
  72. }
  73. -#define SALT_LEN_MAX 32
  74. -
  75. void pbkdf2_hmac_sha256(const uint8_t *pwd, int pwd_len,
  76. const uint8_t *salt, int salt_len,
  77. int iter, int key_len, uint8_t *out)
  78. @@ -618,8 +618,37 @@ void pbkdf2_hmac_sha256(const uint8_t *pwd, int pwd_len,
  79. const uint8_t *salt, int salt_len,
  80. int iter, int key_len, uint8_t *out)
  81. {
  82. - PKCS5_PBKDF2_HMAC((const char *)pwd, pwd_len, salt, salt_len,
  83. - iter, EVP_sha256(), key_len, out);
  84. + uint8_t F[br_sha256_SIZE], U[SALT_LEN_MAX + 4];
  85. + br_hmac_key_context kc;
  86. + br_hmac_context ctx;
  87. + int it, U_len, j, l;
  88. + uint32_t i;
  89. +
  90. + assert(salt_len <= SALT_LEN_MAX);
  91. + i = 1;
  92. + br_hmac_key_init(&kc, &br_sha256_vtable, pwd, pwd_len);
  93. + while (key_len > 0) {
  94. + memset(F, 0, br_sha256_SIZE);
  95. + memcpy(U, salt, salt_len);
  96. + U[salt_len] = i >> 24;
  97. + U[salt_len + 1] = i >> 16;
  98. + U[salt_len + 2] = i >> 8;
  99. + U[salt_len + 3] = i;
  100. + U_len = salt_len + 4;
  101. + for(it = 0; it < iter; it++) {
  102. + br_hmac_init(&ctx, &kc, 0);
  103. + br_hmac_update(&ctx, U, U_len);
  104. + br_hmac_out(&ctx, U);
  105. + for(j = 0; j < br_sha256_SIZE; j++)
  106. + F[j] ^= U[j];
  107. + U_len = br_sha256_SIZE;
  108. + }
  109. + l = min_int(key_len, br_sha256_SIZE);
  110. + memcpy(out, F, l);
  111. + out += l;
  112. + key_len -= l;
  113. + i++;
  114. + }
  115. }
  116. #endif /* !USE_BUILTIN_CRYPTO */
  117. diff --git a/fs_wget.h b/fs_wget.h
  118. index 35b6a4b..952bb69 100644
  119. --- a/fs_wget.h
  120. +++ b/fs_wget.h
  121. @@ -29,9 +29,8 @@
  122. #include "aes.h"
  123. #include "sha256.h"
  124. #else
  125. -#include <openssl/aes.h>
  126. -#include <openssl/sha.h>
  127. -#include <openssl/evp.h>
  128. +#include <bearssl.h>
  129. +typedef br_aes_gen_cbcdec_keys AES_KEY;
  130. #endif
  131. #ifdef _WIN32
  132. #include <winsock2.h>
  133. --
  134. 2.32.0