From 1588e81b9e601b8f171ae92e10c042656eb05421 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=A4rkl?= Date: Wed, 28 Nov 2018 16:02:25 +0100 Subject: [PATCH] Fix GKCrypt and add tests --- lib/include/chiaki/gkcrypt.h | 3 +- lib/src/gkcrypt.c | 28 ++++++---- test/gkcrypt.c | 104 ++++++++++++++++++++++++++++++++++- 3 files changed, 122 insertions(+), 13 deletions(-) diff --git a/lib/include/chiaki/gkcrypt.h b/lib/include/chiaki/gkcrypt.h index 43ff4c8..5caacbc 100644 --- a/lib/include/chiaki/gkcrypt.h +++ b/lib/include/chiaki/gkcrypt.h @@ -40,8 +40,9 @@ typedef struct chiaki_gkcrypt_t { struct chiaki_session_t; -CHIAKI_EXPORT ChiakiErrorCode chiaki_gkcrypt_init(ChiakiGKCrypt *gkcrypt, struct chiaki_session_t *session, size_t key_buf_blocks, uint8_t index, uint8_t *handshake_key, uint8_t *ecdh_secret); +CHIAKI_EXPORT ChiakiErrorCode chiaki_gkcrypt_init(ChiakiGKCrypt *gkcrypt, ChiakiLog *log, size_t key_buf_blocks, uint8_t index, const uint8_t *handshake_key, const uint8_t *ecdh_secret); CHIAKI_EXPORT void chiaki_gkcrypt_fini(ChiakiGKCrypt *gkcrypt); +CHIAKI_EXPORT ChiakiErrorCode chiaki_gkcrypt_gen_key_stream(ChiakiGKCrypt *gkcrypt, size_t key_pos, uint8_t *buf, size_t buf_size); CHIAKI_EXPORT ChiakiErrorCode chiaki_gkcrypt_decrypt(ChiakiGKCrypt *gkcrypt, size_t key_pos, uint8_t *buf, size_t buf_size); static inline ChiakiErrorCode chiaki_gkcrypt_encrypt(ChiakiGKCrypt *gkcrypt, size_t key_pos, uint8_t *buf, size_t buf_size) { return chiaki_gkcrypt_decrypt(gkcrypt, key_pos, buf, buf_size); } diff --git a/lib/src/gkcrypt.c b/lib/src/gkcrypt.c index 25ce53e..4b3a954 100644 --- a/lib/src/gkcrypt.c +++ b/lib/src/gkcrypt.c @@ -27,12 +27,12 @@ #include "utils.h" -static ChiakiErrorCode gkcrypt_gen_key_iv(ChiakiGKCrypt *gkcrypt, uint8_t index, uint8_t *handshake_key, uint8_t *ecdh_secret); +static ChiakiErrorCode gkcrypt_gen_key_iv(ChiakiGKCrypt *gkcrypt, uint8_t index, const uint8_t *handshake_key, const uint8_t *ecdh_secret); -CHIAKI_EXPORT ChiakiErrorCode chiaki_gkcrypt_init(ChiakiGKCrypt *gkcrypt, ChiakiSession *session, size_t key_buf_blocks, uint8_t index, uint8_t *handshake_key, uint8_t *ecdh_secret) +CHIAKI_EXPORT ChiakiErrorCode chiaki_gkcrypt_init(ChiakiGKCrypt *gkcrypt, ChiakiLog *log, size_t key_buf_blocks, uint8_t index, const uint8_t *handshake_key, const uint8_t *ecdh_secret) { - gkcrypt->log = &session->log; + gkcrypt->log = log; gkcrypt->key_buf_size = key_buf_blocks * CHIAKI_GKCRYPT_BLOCK_SIZE; gkcrypt->key_buf = malloc(gkcrypt->key_buf_size); if(!gkcrypt->key_buf) @@ -42,6 +42,7 @@ CHIAKI_EXPORT ChiakiErrorCode chiaki_gkcrypt_init(ChiakiGKCrypt *gkcrypt, Chiaki if(err != CHIAKI_ERR_SUCCESS) { CHIAKI_LOGE(gkcrypt->log, "GKCrypt failed to generate key and IV\n"); + free(gkcrypt->key_buf); return CHIAKI_ERR_UNKNOWN; } @@ -54,7 +55,7 @@ CHIAKI_EXPORT void chiaki_gkcrypt_fini(ChiakiGKCrypt *gkcrypt) } -static ChiakiErrorCode gkcrypt_gen_key_iv(ChiakiGKCrypt *gkcrypt, uint8_t index, uint8_t *handshake_key, uint8_t *ecdh_secret) +static ChiakiErrorCode gkcrypt_gen_key_iv(ChiakiGKCrypt *gkcrypt, uint8_t index, const uint8_t *handshake_key, const uint8_t *ecdh_secret) { uint8_t data[3 + CHIAKI_HANDSHAKE_KEY_SIZE + 2]; data[0] = 1; @@ -66,7 +67,7 @@ static ChiakiErrorCode gkcrypt_gen_key_iv(ChiakiGKCrypt *gkcrypt, uint8_t index, uint8_t hmac[CHIAKI_GKCRYPT_BLOCK_SIZE*2]; size_t hmac_size = sizeof(hmac); - if(!HMAC(EVP_sha256(), handshake_key, CHIAKI_HANDSHAKE_KEY_SIZE, ecdh_secret, CHIAKI_ECDH_SECRET_SIZE, hmac, (unsigned int *)&hmac_size)) + if(!HMAC(EVP_sha256(), ecdh_secret, CHIAKI_ECDH_SECRET_SIZE, data, sizeof(data), hmac, (unsigned int *)&hmac_size)) return CHIAKI_ERR_UNKNOWN; assert(hmac_size == sizeof(hmac)); @@ -79,17 +80,20 @@ static ChiakiErrorCode gkcrypt_gen_key_iv(ChiakiGKCrypt *gkcrypt, uint8_t index, static inline void counter_add(uint8_t *out, const uint8_t *base, int v) { - size_t i=CHIAKI_GKCRYPT_BLOCK_SIZE; + size_t i=0; do { - i--; int r = (int)base[i] + v; out[i] = (uint8_t)(r & 0xff); v = r >> 8; - } while(i>0 && v); + i++; + } while(iiv, (int)key_pos++); + counter_add(cur, gkcrypt->iv, counter_offset++); int outl; EVP_EncryptUpdate(ctx, buf, &outl, buf, (int)buf_size); @@ -134,7 +140,7 @@ CHIAKI_EXPORT ChiakiErrorCode chiaki_gkcrypt_decrypt(ChiakiGKCrypt *gkcrypt, siz if(!key_stream) return CHIAKI_ERR_MEMORY; - ChiakiErrorCode err = gkcrypt_gen_key_stream(gkcrypt, key_pos - padding_pre, key_stream, full_size); + ChiakiErrorCode err = chiaki_gkcrypt_gen_key_stream(gkcrypt, key_pos - padding_pre, key_stream, full_size); if(err != CHIAKI_ERR_SUCCESS) { free(key_stream); diff --git a/test/gkcrypt.c b/test/gkcrypt.c index f738029..c06ddde 100644 --- a/test/gkcrypt.c +++ b/test/gkcrypt.c @@ -18,6 +18,7 @@ #include #include +#include static MunitResult test_ecdh(const MunitParameter params[], void *user) { @@ -65,13 +66,114 @@ static MunitResult test_ecdh(const MunitParameter params[], void *user) } +static MunitResult test_key_stream(const MunitParameter params[], void *user) +{ + static const uint8_t handshake_key[] = { 0x83, 0xcf, 0x93, 0x1a, 0x6a, 0xa7, 0x69, 0xa6, 0xc4, 0x48, 0x5d, 0x19, 0xc1, 0x5c, 0xcc, 0x52 }; + static const uint8_t ecdh_secret[] = { 0x73, 0xc8, 0xd5, 0x49, 0xc4, 0xd9, 0xdb, 0x50, 0x2e, 0xc0, 0x44, 0xea, 0x33, 0x64, 0x8c, 0x6a, 0xc9, 0xf3, 0x6c, 0x41, 0xb6, 0xa0, 0x50, 0x4f, 0xe0, 0x93, 0xde, 0xfb, 0x61, 0x9b, 0x9, 0x73 }; + static const uint8_t gkcrypt_key[] = { 0x8, 0x81, 0x6f, 0xa2, 0xe5, 0x55, 0x89, 0x61, 0xd5, 0xa2, 0x86, 0xd9, 0xe, 0xec, 0x5b, 0x8c }; + static const uint8_t gkcrypt_iv[] = { 0x2a, 0xe1, 0xbb, 0x3d, 0x84, 0xdc, 0x9a, 0xa9, 0xc3, 0x52, 0xa4, 0xcf, 0x3f, 0xfb, 0x8b, 0x72 }; + static const uint8_t key_stream[] = { 0xf, 0x6d, 0x89, 0x85, 0x5b, 0xa7, 0x86, 0x74, 0x5b, 0xa1, 0xfe, 0x5c, 0x81, 0x19, 0x6c, 0xd5, 0x54, 0xc4, 0x1c, 0xca, 0xf6, 0xe9, 0x34, 0xa4, 0x89, 0x26, 0x98, 0xb0, 0x62, 0x12, 0xb3, 0x1a }; + + ChiakiLog log; + + ChiakiGKCrypt gkcrypt; + ChiakiErrorCode err = chiaki_gkcrypt_init(&gkcrypt, &log, 0, 42, handshake_key, ecdh_secret); + if(err != CHIAKI_ERR_SUCCESS) + return MUNIT_ERROR; + + munit_assert_memory_equal(sizeof(gkcrypt_key), gkcrypt.key, gkcrypt_key); + munit_assert_memory_equal(sizeof(gkcrypt_iv), gkcrypt.iv, gkcrypt_iv); + + uint8_t key_stream_result[0x20]; + err = chiaki_gkcrypt_gen_key_stream(&gkcrypt, 0x30, key_stream_result, sizeof(key_stream_result)); + if(err != CHIAKI_ERR_SUCCESS) + { + chiaki_gkcrypt_fini(&gkcrypt); + return MUNIT_ERROR; + } + + munit_assert_memory_equal(sizeof(key_stream), key_stream_result, key_stream); + + chiaki_gkcrypt_fini(&gkcrypt); + return MUNIT_OK; +} + + +static MunitResult test_endecrypt(const MunitParameter params[], void *user) +{ + static const uint8_t handshake_key[] = { 0x14, 0xf1, 0xe6, 0x94, 0x6c, 0x5d, 0xce, 0xa8, 0xb7, 0xaa, 0x48, 0x50, 0xf6, 0x4d, 0x21, 0xac }; + static const uint8_t ecdh_secret[] = { 0xc, 0xeb, 0x77, 0x9, 0x83, 0x4d, 0x7a, 0xfc, 0x50, 0xb8, 0x46, 0x8c, 0xc6, 0x3c, 0x1e, 0x7c, 0x4e, 0x4a, 0x88, 0x93, 0x42, 0x80, 0xc1, 0x28, 0xe6, 0x1e, 0xe9, 0xd4, 0x1b, 0x8c, 0x69, 0x36 }; + static const uint8_t gkcrypt_key[] = { 0x27, 0x7a, 0xa5, 0x1d, 0xac, 0xd1, 0x5f, 0xe, 0x54, 0x12, 0xfa, 0xce, 0xd, 0xc4, 0x63, 0x6a }; + static const uint8_t gkcrypt_iv[] = { 0xef, 0x20, 0x40, 0xc2, 0x15, 0x3c, 0x2, 0x66, 0x32, 0x1f, 0x42, 0xbb, 0xf4, 0x50, 0x34, 0x4d }; + static const uint8_t clear_data[] = { 0x4e, 0x61, 0x9f, 0x94, 0x5d, 0x4b, 0x8e, 0xbd, 0x2a, 0x15, 0x4d, 0x3, 0x6a, 0xcd, 0x49, 0x56, 0x9c, 0xc7, 0x5c, 0xe3, 0xe7, 0x0, 0x17, 0x9a, 0x38, 0xd9, 0x69, 0x53, 0x45, 0xf9, 0xc, 0xb5, 0x8c, 0x5, 0x65, 0xf, 0x70 }; + static const uint8_t enc_data[] = { 0x23, 0xf4, 0x8d, 0xd8, 0xaa, 0xf9, 0x58, 0x9b, 0xb1, 0x94, 0x4f, 0xad, 0x2b, 0x8d, 0xaa, 0x8d, 0x25, 0x88, 0xfa, 0xf8, 0xb6, 0xd4, 0x17, 0xf4, 0x5f, 0x78, 0xec, 0xf5, 0x4e, 0x37, 0x20, 0xb0, 0x76, 0x81, 0x7, 0x67, 0x9a }; + + ChiakiLog log; + + ChiakiGKCrypt gkcrypt; + ChiakiErrorCode err = chiaki_gkcrypt_init(&gkcrypt, &log, 0, 42, handshake_key, ecdh_secret); + if(err != CHIAKI_ERR_SUCCESS) + return MUNIT_ERROR; + + munit_assert_memory_equal(sizeof(gkcrypt_key), gkcrypt.key, gkcrypt_key); + munit_assert_memory_equal(sizeof(gkcrypt_iv), gkcrypt.iv, gkcrypt_iv); + + uint8_t key_stream_result[0x20]; + err = chiaki_gkcrypt_gen_key_stream(&gkcrypt, 0x30, key_stream_result, sizeof(key_stream_result)); + if(err != CHIAKI_ERR_SUCCESS) + { + chiaki_gkcrypt_fini(&gkcrypt); + return MUNIT_ERROR; + } + + uint8_t buf[0x25]; + + memcpy(buf, clear_data, sizeof(buf)); + err = chiaki_gkcrypt_encrypt(&gkcrypt, 0x11, buf, sizeof(buf)); + if(err != CHIAKI_ERR_SUCCESS) + { + chiaki_gkcrypt_fini(&gkcrypt); + return MUNIT_ERROR; + } + munit_assert_memory_equal(sizeof(buf), buf, enc_data); + + memcpy(buf, clear_data, sizeof(buf)); + err = chiaki_gkcrypt_decrypt(&gkcrypt, 0x11, buf, sizeof(buf)); + if(err != CHIAKI_ERR_SUCCESS) + { + chiaki_gkcrypt_fini(&gkcrypt); + return MUNIT_ERROR; + } + munit_assert_memory_equal(sizeof(buf), buf, enc_data); + + chiaki_gkcrypt_fini(&gkcrypt); + return MUNIT_OK; +} + + MunitTest tests_gkcrypt[] = { { "/ecdh", test_ecdh, NULL, NULL, - MUNIT_TEST_OPTION_NONE, + MUNIT_TEST_OPTION_NONE, + NULL + }, + { + "/key_stream", + test_key_stream, + NULL, + NULL, + MUNIT_TEST_OPTION_NONE, + NULL + }, + { + "/en_decrypt", + test_key_stream, + NULL, + NULL, + MUNIT_TEST_OPTION_NONE, NULL }, { NULL, NULL, NULL, NULL, MUNIT_TEST_OPTION_NONE, NULL }