From 9e6141761738b54e9226f5640669b4c93bb638e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=A4rkl?= <info@florianmaerkl.de>
Date: Sat, 17 Nov 2018 16:27:31 +0100
Subject: [PATCH] Finish RPCrypt

---
 lib/include/chiaki/rpcrypt.h |   3 ++
 lib/src/rpcrypt.c            |  88 +++++++++++++++++++++++++++++-
 test/rpcrypt.c               | 101 +++++++++++++++++++++++++++++++++++
 3 files changed, 191 insertions(+), 1 deletion(-)

diff --git a/lib/include/chiaki/rpcrypt.h b/lib/include/chiaki/rpcrypt.h
index d0d3f1f..d71e620 100644
--- a/lib/include/chiaki/rpcrypt.h
+++ b/lib/include/chiaki/rpcrypt.h
@@ -21,6 +21,7 @@
 #include "common.h"
 
 #include <stdint.h>
+#include <stdlib.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -39,6 +40,8 @@ CHIAKI_EXPORT void chiaki_rpcrypt_bright_ambassador(uint8_t *bright, uint8_t *am
 
 CHIAKI_EXPORT void chiaki_rpcrypt_init(ChiakiRPCrypt *rpcrypt, const uint8_t *nonce, const uint8_t *morning);
 CHIAKI_EXPORT ChiakiErrorCode chiaki_rpcrypt_generate_iv(ChiakiRPCrypt *rpcrypt, uint8_t *iv, uint64_t counter);
+CHIAKI_EXPORT ChiakiErrorCode chiaki_rpcrypt_encrypt(ChiakiRPCrypt *rpcrypt, uint64_t counter, uint8_t *buf, size_t buf_size);
+CHIAKI_EXPORT ChiakiErrorCode chiaki_rpcrypt_decrypt(ChiakiRPCrypt *rpcrypt, uint64_t counter, uint8_t *buf, size_t buf_size);
 
 #ifdef __cplusplus
 }
diff --git a/lib/src/rpcrypt.c b/lib/src/rpcrypt.c
index 6b6c2b3..27e9401 100644
--- a/lib/src/rpcrypt.c
+++ b/lib/src/rpcrypt.c
@@ -21,6 +21,7 @@
 #include <openssl/evp.h>
 
 #include <string.h>
+#include <stdbool.h>
 
 
 CHIAKI_EXPORT void chiaki_rpcrypt_bright_ambassador(uint8_t *bright, uint8_t *ambassador, const uint8_t *nonce, const uint8_t *morning)
@@ -79,4 +80,89 @@ CHIAKI_EXPORT ChiakiErrorCode chiaki_rpcrypt_generate_iv(ChiakiRPCrypt *rpcrypt,
 
 	memcpy(iv, hmac, CHIAKI_KEY_BYTES);
 	return CHIAKI_ERR_SUCCESS;
-}
\ No newline at end of file
+}
+
+static ChiakiErrorCode chiaki_rpcrypt_crypt(ChiakiRPCrypt *rpcrypt, uint64_t counter, uint8_t *buf, size_t buf_size, bool encrypt)
+{
+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+	if(!ctx)
+		return CHIAKI_ERR_UNKNOWN;
+
+	uint8_t iv[CHIAKI_KEY_BYTES];
+	ChiakiErrorCode err = chiaki_rpcrypt_generate_iv(rpcrypt, iv, counter);
+	if(err != CHIAKI_ERR_SUCCESS)
+		return err;
+
+#define FAIL(err) do { EVP_CIPHER_CTX_free(ctx); return (err); } while(0);
+
+	if(encrypt)
+	{
+		if(!EVP_EncryptInit_ex(ctx, EVP_aes_128_cfb128(), NULL, rpcrypt->bright, iv))
+			FAIL(CHIAKI_ERR_UNKNOWN);
+	}
+	else
+	{
+		if(!EVP_DecryptInit_ex(ctx, EVP_aes_128_cfb128(), NULL, rpcrypt->bright, iv))
+			FAIL(CHIAKI_ERR_UNKNOWN);
+	}
+
+	if(!EVP_CIPHER_CTX_set_padding(ctx, 0))
+		FAIL(CHIAKI_ERR_UNKNOWN);
+
+	if(buf_size % CHIAKI_KEY_BYTES)
+	{
+		size_t padded_size = ((buf_size + CHIAKI_KEY_BYTES - 1) / CHIAKI_KEY_BYTES) * CHIAKI_KEY_BYTES;
+		uint8_t *tmp = malloc(padded_size);
+		if(!tmp)
+			FAIL(CHIAKI_ERR_MEMORY);
+		memcpy(tmp, buf, buf_size);
+		memset(tmp + buf_size, 0, padded_size - buf_size);
+		int outl = (int)padded_size;
+
+		int success;
+		if(encrypt)
+			success = EVP_EncryptUpdate(ctx, tmp, &outl, tmp, outl);
+		else
+			success = EVP_DecryptUpdate(ctx, tmp, &outl, tmp, outl);
+
+		if(!success || outl != (int)padded_size)
+		{
+			free(tmp);
+			FAIL(CHIAKI_ERR_UNKNOWN);
+		}
+
+		memcpy(buf, tmp, buf_size);
+		free(tmp);
+	}
+	else
+	{
+		int outl = (int)buf_size;
+		if(encrypt)
+		{
+			if(!EVP_EncryptUpdate(ctx, buf, &outl, buf, outl))
+				FAIL(CHIAKI_ERR_UNKNOWN);
+		}
+		else
+		{
+			if(!EVP_DecryptUpdate(ctx, buf, &outl, buf, outl))
+				FAIL(CHIAKI_ERR_UNKNOWN);
+		}
+
+		if(outl != (int)buf_size)
+			FAIL(CHIAKI_ERR_UNKNOWN);
+	}
+
+#undef FAIL
+	EVP_CIPHER_CTX_free(ctx);
+	return CHIAKI_ERR_SUCCESS;
+}
+
+CHIAKI_EXPORT ChiakiErrorCode chiaki_rpcrypt_encrypt(ChiakiRPCrypt *rpcrypt, uint64_t counter, uint8_t *buf, size_t buf_size)
+{
+	return chiaki_rpcrypt_crypt(rpcrypt, counter, buf, buf_size, true);
+}
+
+CHIAKI_EXPORT ChiakiErrorCode chiaki_rpcrypt_decrypt(ChiakiRPCrypt *rpcrypt, uint64_t counter, uint8_t *buf, size_t buf_size)
+{
+	return chiaki_rpcrypt_crypt(rpcrypt, counter, buf, buf_size, false);
+}
diff --git a/test/rpcrypt.c b/test/rpcrypt.c
index 6fdf2de..864eb02 100644
--- a/test/rpcrypt.c
+++ b/test/rpcrypt.c
@@ -74,6 +74,91 @@ static MunitResult test_iv(const MunitParameter params[], void *user)
 	return MUNIT_OK;
 }
 
+#include <stdio.h>
+
+static MunitResult test_encrypt(const MunitParameter params[], void *user)
+{
+	ChiakiRPCrypt rpcrypt;
+	ChiakiErrorCode err;
+
+	chiaki_rpcrypt_init(&rpcrypt, nonce, morning);
+
+	// less than block size
+	uint8_t buf_a[] = { 0x13, 0x37, 0xc0, 0xff, 0xee };
+	static const uint8_t cipher_expected_a[] = { 0x40, 0x48, 0x63, 0xeb, 0xb4 };
+	err = chiaki_rpcrypt_encrypt(&rpcrypt, 0x0102030405060708, buf_a, sizeof(buf_a));
+	if(err != CHIAKI_ERR_SUCCESS)
+		return MUNIT_ERROR;
+	munit_assert_memory_equal(sizeof(buf_a), buf_a, cipher_expected_a);
+
+	// 1x block size
+	uint8_t buf_b[] = { 0xdf, 0xa8, 0xa3, 0xd2, 0x6a, 0xd7, 0xf3, 0x4c, 0x4f, 0x87, 0x4c, 0xeb, 0x8c, 0x57, 0xfb, 0x3f };
+	static const uint8_t cipher_expected_b[] = { 0x8c, 0xd7, 0x0, 0xc6, 0x30, 0x25, 0x3a, 0x18, 0x15, 0x20, 0xeb, 0x26, 0xf7, 0xed, 0xab, 0x15 };
+	err = chiaki_rpcrypt_encrypt(&rpcrypt, 0x0102030405060708, buf_b, sizeof(buf_b));
+	if(err != CHIAKI_ERR_SUCCESS)
+		return MUNIT_ERROR;
+	munit_assert_memory_equal(sizeof(buf_b), buf_b, cipher_expected_b);
+
+	// more than block size, but not dividable by block size
+	uint8_t buf_c[] = { 0x8, 0xd, 0x80, 0xc7, 0xb2, 0x2b, 0x9f, 0xf3, 0xe2, 0xd7, 0xc8, 0xa5, 0xb0, 0x92, 0xd5, 0x0, 0x8d, 0xe6, 0xd7, 0x74 };
+	static const uint8_t cipher_expected_c[] = { 0x5b, 0x72, 0x23, 0xd3, 0xe8, 0xd9, 0x56, 0xa7, 0xb8, 0x70, 0x6f, 0x68, 0xcb, 0x28, 0x85, 0x2a, 0x6, 0xa5, 0xd2, 0xe0 };
+	err = chiaki_rpcrypt_encrypt(&rpcrypt, 0x0102030405060708, buf_c, sizeof(buf_c));
+	if(err != CHIAKI_ERR_SUCCESS)
+		return MUNIT_ERROR;
+	munit_assert_memory_equal(sizeof(buf_c), buf_c, cipher_expected_c);
+
+	// 2x block size
+	uint8_t buf_d[] = { 0xa1, 0x6, 0x91, 0x1b, 0x49, 0x74, 0xe0, 0x73, 0x3, 0xe8, 0x47, 0x42, 0x8, 0x4d, 0x83, 0x4e, 0xf3, 0x26, 0x14, 0x7b, 0xde, 0x2d, 0xf6, 0x7d, 0x47, 0x96, 0x8c, 0x3b, 0x66, 0x95, 0x7e, 0x5d };
+	static const uint8_t cipher_expected_d[] = { 0xf2, 0x79, 0x32, 0xf, 0x13, 0x86, 0x29, 0x27, 0x59, 0x4f, 0xe0, 0x8f, 0x73, 0xf7, 0xd3, 0x64, 0x9d, 0x80, 0x7e, 0x90, 0xd1, 0xf5, 0xd8, 0x18, 0xe7, 0xbe, 0x16, 0x29, 0xfb, 0x48, 0x2b, 0xf8 };
+	err = chiaki_rpcrypt_encrypt(&rpcrypt, 0x0102030405060708, buf_d, sizeof(buf_d));
+	if(err != CHIAKI_ERR_SUCCESS)
+		return MUNIT_ERROR;
+	munit_assert_memory_equal(sizeof(buf_d), buf_d, cipher_expected_d);
+
+	return MUNIT_OK;
+}
+
+static MunitResult test_decrypt(const MunitParameter params[], void *user)
+{
+	ChiakiRPCrypt rpcrypt;
+	ChiakiErrorCode err;
+
+	chiaki_rpcrypt_init(&rpcrypt, nonce, morning);
+
+	// less than block size
+	uint8_t buf_a[] = { 0x8d, 0xd2, 0x1d, 0xfb };
+	static const uint8_t expected_a[] = { 0xde, 0xad, 0xbe, 0xef };
+	err = chiaki_rpcrypt_decrypt(&rpcrypt, 0x0102030405060708, buf_a, sizeof(buf_a));
+	if(err != CHIAKI_ERR_SUCCESS)
+		return MUNIT_ERROR;
+	munit_assert_memory_equal(sizeof(buf_a), buf_a, expected_a);
+
+	// 1x block size
+	uint8_t buf_b[] = { 0xeb, 0x22, 0x4e, 0xb7, 0x73, 0x94, 0x6a, 0x31, 0x6e, 0xdd, 0xe5, 0x87, 0x29, 0xdc, 0xd5, 0x6b };
+	static const uint8_t expected_b[] = { 0xb8, 0x5d, 0xed, 0xa3, 0x29, 0x66, 0xa3, 0x65, 0x34, 0x7a, 0x42, 0x4a, 0x52, 0x66, 0x85, 0x41 };
+	err = chiaki_rpcrypt_decrypt(&rpcrypt, 0x0102030405060708, buf_b, sizeof(buf_b));
+	if(err != CHIAKI_ERR_SUCCESS)
+		return MUNIT_ERROR;
+	munit_assert_memory_equal(sizeof(buf_b), buf_b, expected_b);
+
+	// more than block size, but not dividable by block size
+	uint8_t buf_c[] = { 0x2b, 0xd8, 0x1d, 0x86, 0x39, 0xe, 0x2d, 0xd7, 0xde, 0x2d, 0xb5, 0xbc, 0xba, 0x5e, 0xe9, 0x78, 0xee, 0xc9, 0x3b, 0x18 };
+	static const uint8_t expected_c[] = { 0x78, 0xa7, 0xbe, 0x92, 0x63, 0xfc, 0xe4, 0x83, 0x84, 0x8a, 0x12, 0x71, 0xc1, 0xe4, 0xb9, 0x52, 0xf2, 0xbb, 0xcd, 0x39 };
+	err = chiaki_rpcrypt_decrypt(&rpcrypt, 0x0102030405060708, buf_c, sizeof(buf_c));
+	if(err != CHIAKI_ERR_SUCCESS)
+		return MUNIT_ERROR;
+	munit_assert_memory_equal(sizeof(buf_c), buf_c, expected_c);
+
+	// 2x block size
+	uint8_t buf_d[] = { 0x2b, 0x80, 0xda, 0xa0, 0x5e, 0x8d, 0x2e, 0x1d, 0xe1, 0x95, 0x16, 0xb1, 0xed, 0xd2, 0xc3, 0x8a, 0xb8, 0xcc, 0x6c, 0x42, 0x57, 0x8d, 0xc5, 0x7d, 0xf1, 0x5c, 0x4, 0x42, 0x97, 0x25, 0x3a, 0x91 };
+	static const uint8_t expected_d[] = { 0x78, 0xff, 0x79, 0xb4, 0x4, 0x7f, 0xe7, 0x49, 0xbb, 0x32, 0xb1, 0x7c, 0x96, 0x68, 0x93, 0xa0, 0x86, 0xa6, 0x56, 0x38, 0x79, 0x2a, 0xa8, 0x3, 0x67, 0x9b, 0xf2, 0x82, 0x2d, 0x1a, 0x8, 0x29 };
+	err = chiaki_rpcrypt_decrypt(&rpcrypt, 0x0102030405060708, buf_d, sizeof(buf_d));
+	if(err != CHIAKI_ERR_SUCCESS)
+		return MUNIT_ERROR;
+	munit_assert_memory_equal(sizeof(buf_d), buf_d, expected_d);
+
+	return MUNIT_OK;
+}
 
 
 MunitTest tests_rpcrypt[] = {
@@ -93,5 +178,21 @@ MunitTest tests_rpcrypt[] = {
 		MUNIT_TEST_OPTION_NONE,
 		NULL
 	},
+	{
+		"/encrypt",
+		test_encrypt,
+		NULL,
+		NULL,
+		MUNIT_TEST_OPTION_NONE,
+		NULL
+	},
+	{
+		"/decrypt",
+		test_decrypt,
+		NULL,
+		NULL,
+		MUNIT_TEST_OPTION_NONE,
+		NULL
+	},
 	{ NULL, NULL, NULL, NULL, MUNIT_TEST_OPTION_NONE, NULL }
 };
\ No newline at end of file