From 2f0f8ab7e92f780f4da098d0484d448b7256efea Mon Sep 17 00:00:00 2001 From: Nicklas Boman Date: Wed, 8 Jan 2025 18:53:35 +0100 Subject: [PATCH] c backend rewrite, aes replaces cipher --- lotordb/src/Makefile | 9 +- lotordb/src/ciphers.c | 310 ------------------------------------- lotordb/src/ciphers.h | 95 ------------ lotordb/src/db_tables.c | 9 +- lotordb/src/tests/Makefile | 2 +- lotordb/src/tests/tests.c | 26 ---- 6 files changed, 10 insertions(+), 441 deletions(-) delete mode 100644 lotordb/src/ciphers.c delete mode 100644 lotordb/src/ciphers.h diff --git a/lotordb/src/Makefile b/lotordb/src/Makefile index 4cd1148..6e83197 100644 --- a/lotordb/src/Makefile +++ b/lotordb/src/Makefile @@ -1,8 +1,8 @@ CC := gcc -O3 -Wall -pedantic -std=c99 BUILD:=.build -all: mkbuilddir hash aes ciphers keys db_keystore db_tables crypto crypto_server crypto_client test -local: mkbuilddir hash aes ciphers keys db_keystore db_tables crypto crypto_server crypto_client test_local +all: mkbuilddir hash aes keys db_keystore db_tables crypto crypto_server crypto_client test +local: mkbuilddir hash aes keys db_keystore db_tables crypto crypto_server crypto_client test_local mkbuilddir: mkdir -p ${BUILD} @@ -30,9 +30,6 @@ hash: db_tables: ${CC} -c db_tables.c -o ${BUILD}/db_tables.o -ciphers: - ${CC} -c ciphers.c -o ${BUILD}/ciphers.o - keys: ${CC} -c keys.c -o ${BUILD}/keys.o @@ -48,4 +45,4 @@ test_local: clean: rm ${BUILD}/crypto.o ${BUILD}/keys_client.o ${BUILD}/tables_client.o ${BUILD}/tests ${BUILD}/ciphers_aes_gcm.o \ ${BUILD}/crypto_client.o ${BUILD}/tables_server.o ${BUILD}/keys_server.o ${BUILD}/crypto_server.o ${BUILD}/db_keystore.o \ -${BUILD}/hash.o ${BUILD}/hash_tooling.o ${BUILD}/db_tables.o ${BUILD}/ciphers.o ${BUILD}/keys.o ${BUILD}/aes.o ${BUILD}/*bin.b +${BUILD}/hash.o ${BUILD}/hash_tooling.o ${BUILD}/db_tables.o ${BUILD}/keys.o ${BUILD}/aes.o ${BUILD}/*bin.b diff --git a/lotordb/src/ciphers.c b/lotordb/src/ciphers.c deleted file mode 100644 index 246a8ad..0000000 --- a/lotordb/src/ciphers.c +++ /dev/null @@ -1,310 +0,0 @@ -// Auth: smurfd 2024 https://github.com/mko-x/SharedAES-GCM // ----------------- taken from this, and massaged; 2 spacs indent; 150 width // -#include -#include -#include -#include -#include -#include "ciphers.h" - -static box fsb; -static box rsb; -static uint32_t RCON[10]; // AES round constants - -// AES -static uint8_t aes_set_encryption_key(aes_context *c, const uint8_t *key, uint8_t kz) { - uint32_t *RK = c->rk, tmp = 0; - for (uint32_t i = 0; i < (kz >> 2); i++) GET_UINT32_LE(RK[i], key, i << 2); - for(uint32_t i = 0; i < 7; i++, RK += 8) { - ROUND(tmp, fsb.b, RK[7] >> 8, RK[7] >> 16, RK[7] >> 24, RK[7] >> 0, 0, 8, 16, 24); - RK[8] = RK[0] ^ RCON[i] ^ tmp; - RK[9] = RK[1] ^ RK[8]; - RK[10] = RK[2] ^ RK[9]; - RK[11] = RK[3] ^ RK[10]; - ROUND(tmp, fsb.b, RK[11] >> 0, RK[11] >> 8, RK[11] >> 16, RK[11] >> 24, 0, 8, 16, 24); - RK[12] = RK[4] ^ tmp; - RK[13] = RK[5] ^ RK[12]; - RK[14] = RK[6] ^ RK[13]; - RK[15] = RK[7] ^ RK[14]; - } - return 0; -} - -static uint8_t aes_set_decryption_key(aes_context *c, const uint8_t *key, uint8_t keysize) { - uint32_t *SK = NULL, *RK = c->rk, i = 0, St = 0; - aes_context cc; - memset(&cc, 0, sizeof(aes_context)); - cc.rounds = c->rounds; - cc.rk = cc.buf; - if (aes_set_encryption_key(&cc, key, keysize) != 0) return 1; - SK = cc.rk + cc.rounds * 4; - CPY128(RK, SK); - for (i = c->rounds - 1, SK -= 8; i > 0; i--, SK -= 8) { - St = *SK; - *RK++ = rsb.T0[fsb.b[(St) & 0xFF]] ^ rsb.T1[fsb.b[(St >> 8) & 0xFF]] ^ rsb.T2[fsb.b[(St >> 16) & 0xFF]] ^ rsb.T3[fsb.b[(St >> 24) & 0xFF]]; St++; - *RK++ = rsb.T0[fsb.b[(St) & 0xFF]] ^ rsb.T1[fsb.b[(St >> 8) & 0xFF]] ^ rsb.T2[fsb.b[(St >> 16) & 0xFF]] ^ rsb.T3[fsb.b[(St >> 24) & 0xFF]]; St++; - *RK++ = rsb.T0[fsb.b[(St) & 0xFF]] ^ rsb.T1[fsb.b[(St >> 8) & 0xFF]] ^ rsb.T2[fsb.b[(St >> 16) & 0xFF]] ^ rsb.T3[fsb.b[(St >> 24) & 0xFF]]; St++; - *RK++ = rsb.T0[fsb.b[(St) & 0xFF]] ^ rsb.T1[fsb.b[(St >> 8) & 0xFF]] ^ rsb.T2[fsb.b[(St >> 16) & 0xFF]] ^ rsb.T3[fsb.b[(St >> 24) & 0xFF]]; St++; - } - CPY128(RK, SK); - memset(&cc, 0, sizeof(aes_context)); - return 0; -} - -int aes_setkey(aes_context *c, uint8_t mode, const uint8_t *key, uint8_t keysize) { - c->mode = mode; - c->rk = c->buf; - c->rounds = 14; - if (mode == 0) return aes_set_decryption_key(c, key, keysize); - else return aes_set_encryption_key(c, key, keysize); -} - -int aes_cipher_encrypt(aes_context *c, const uint8_t in[16], uint8_t out[16]) { - uint32_t *RK = NULL, X0 = 0, X1 = 0, X2 = 0, X3 = 0, Y0 = 0, Y1 = 0, Y2 = 0, Y3 = 0, tmp0 = 0, tmp1 = 0, tmp2 = 0, tmp3 = 0; - RK = c->rk; - GET_UINT32_LE(X0, in, 0); X0 ^= *RK++; - GET_UINT32_LE(X1, in, 4); X1 ^= *RK++; - GET_UINT32_LE(X2, in, 8); X2 ^= *RK++; - GET_UINT32_LE(X3, in, 12); X3 ^= *RK++; - for (int i = (c->rounds >> 1) - 1; i > 0; i--) { - AES_FROUND(Y0, Y1, Y2, Y3, X0, X1, X2, X3); - AES_FROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3); - } - AES_FROUND(Y0, Y1, Y2, Y3, X0, X1, X2, X3); - ROUND(tmp0, fsb.b, Y0 >> 0, Y1 >> 8, Y2 >> 16, Y3 >> 24, 0, 8, 16, 24); - ROUND(tmp1, fsb.b, Y1 >> 0, Y2 >> 8, Y3 >> 16, Y0 >> 24, 0, 8, 16, 24); - ROUND(tmp2, fsb.b, Y2 >> 0, Y3 >> 8, Y0 >> 16, Y1 >> 24, 0, 8, 16, 24); - ROUND(tmp3, fsb.b, Y3 >> 0, Y0 >> 8, Y1 >> 16, Y2 >> 24, 0, 8, 16, 24); - X0 = *RK++ ^ tmp0; - X1 = *RK++ ^ tmp1; - X2 = *RK++ ^ tmp2; - X3 = *RK++ ^ tmp3; - PUT_UINT32_LE(X0, out, 0); - PUT_UINT32_LE(X1, out, 4); - PUT_UINT32_LE(X2, out, 8); - PUT_UINT32_LE(X3, out, 12); - return 0; -} - -int aes_cipher_decrypt(aes_context *c, const uint8_t in[16], uint8_t out[16]) { - uint32_t *RK = NULL, X0 = 0, X1 = 0, X2 = 0, X3 = 0, Y0 = 0, Y1 = 0, Y2 = 0, Y3 = 0, tmp0 = 0, tmp1 = 0, tmp2 = 0, tmp3 = 0; - RK = c->rk; - GET_UINT32_LE(X0, in, 0); X0 ^= *RK++; - GET_UINT32_LE(X1, in, 4); X1 ^= *RK++; - GET_UINT32_LE(X2, in, 8); X2 ^= *RK++; - GET_UINT32_LE(X3, in, 12); X3 ^= *RK++; - for (int i = (c->rounds >> 1) - 1; i > 0; i--) { - AES_RROUND(Y0, Y1, Y2, Y3, X0, X1, X2, X3); - AES_RROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3); - } - AES_RROUND(Y0, Y1, Y2, Y3, X0, X1, X2, X3); - ROUND(tmp0, rsb.b, Y0 >> 0, Y3 >> 8, Y2 >> 16, Y1 >> 24, 0, 8, 16, 24); - ROUND(tmp1, rsb.b, Y1 >> 0, Y0 >> 8, Y3 >> 16, Y2 >> 24, 0, 8, 16, 24); - ROUND(tmp2, rsb.b, Y2 >> 0, Y1 >> 8, Y0 >> 16, Y3 >> 24, 0, 8, 16, 24); - ROUND(tmp3, rsb.b, Y3 >> 0, Y2 >> 8, Y1 >> 16, Y0 >> 24, 0, 8, 16, 24); - X0 = *RK++ ^ tmp0; - X1 = *RK++ ^ tmp1; - X2 = *RK++ ^ tmp2; - X3 = *RK++ ^ tmp3; - PUT_UINT32_LE(X0, out, 0); - PUT_UINT32_LE(X1, out, 4); - PUT_UINT32_LE(X2, out, 8); - PUT_UINT32_LE(X3, out, 12); - return 0; -} - -// GCM -static void gcm_mult(gcm_context *ctx, const uint8_t x[16], uint8_t out[16]) { - u64 zh = ctx->HH[(uint8_t)(x[15] & 0x0F)], zl = ctx->HL[(uint8_t)(x[15] & 0x0F)]; // lo, lo - uint8_t r = (uint8_t)(zl & 0x0F); - zl = (zh << 60) | (zl >> 4); - zh = (zh >> 4); - zh ^= (u64)last4[r] << 48; - zh ^= ctx->HH[(uint8_t)(x[15] >> 4)]; // hi - zl ^= ctx->HL[(uint8_t)(x[15] >> 4)]; // hi - for (int i = 14; i >= 0; i--) { - r = (uint8_t)(zl & 0x0F); - zl = (zh << 60) | (zl >> 4); - zh = (zh >> 4); - zh ^= (u64)last4[r] << 48; - zh ^= ctx->HH[(uint8_t)(x[i] & 0x0F)]; // lo - zl ^= ctx->HL[(uint8_t)(x[i] & 0x0F)]; // lo - - r = (uint8_t)(zl & 0x0F); - zl = (zh << 60) | (zl >> 4); - zh = (zh >> 4); - zh ^= (u64)last4[r] << 48; - zh ^= ctx->HH[(uint8_t)(x[i] >> 4)]; // hi - zl ^= ctx->HL[(uint8_t)(x[i] >> 4)]; // hi - } - PUT_UINT32_BE(zh >> 32, out, 0); - PUT_UINT32_BE(zh, out, 4); - PUT_UINT32_BE(zl >> 32, out, 8); - PUT_UINT32_BE(zl, out, 12); -} - -// keysize in bytes (must be 16, 24, 32 for 128, 192 or 256-bit keys respectively) -int gcm_setkey(gcm_context *ctx, const uint8_t *key, const uint32_t keysize) { - u64 hi = 0, lo = 0; - uint8_t h[16] = {0}; - memset(ctx, 0, sizeof(gcm_context)); - memset(h, 0, 16); - if (aes_setkey(&ctx->aes_ctx, 1, key, keysize) != 0) return 1; - if (aes_cipher_encrypt(&ctx->aes_ctx, h, h) != 0) return 1; - GET_UINT32_BE(hi, h, 0); // pack h as two 64-bit ints, big-endian - GET_UINT32_BE(lo, h, 4); - u64 vh = (u64)hi << 32 | lo; - GET_UINT32_BE(hi, h, 8); - GET_UINT32_BE(lo, h, 12); - u64 vl = (u64)hi << 32 | lo; - ctx->HL[8] = vl; // 8 = 1000 corresponds to 1 in GF(2^128) - ctx->HH[8] = vh; - ctx->HH[0] = 0; // 0 corresponds to 0 in GF(2^128) - ctx->HL[0] = 0; - for(int i = 4; i > 0; i >>= 1) { - uint32_t T = (uint32_t)(vl & 1) * 0xe1000000U; - vl = (vh << 63) | (vl >> 1); - vh = (vh >> 1) ^ ((u64)T << 32); - ctx->HL[i] = vl; - ctx->HH[i] = vh; - } - for (int i = 2; i < 16; i <<= 1) { - u64 *HiL = ctx->HL + i, *HiH = ctx->HH + i; - vh = *HiH; - vl = *HiL; - for(int j = 1; j < i; j++) { - HiH[j] = vh ^ ctx->HH[j]; - HiL[j] = vl ^ ctx->HL[j]; - } - } - return 0; -} - -int gcm_start(gcm_context *ctx, int mode, const uint8_t *iv, size_t iv_len, const uint8_t *add, size_t add_len) { - uint8_t work_buf[16] = {0}, ret = 0; - const uint8_t *p = iv; - memset(ctx->y, 0, sizeof(ctx->y)); - memset(ctx->buf, 0, sizeof(ctx->buf)); - ctx->len = 0; - ctx->add_len = 0; - ctx->mode = mode; - ctx->aes_ctx.mode = 1; // encrypt - memset(work_buf, 0, 16); - PUT_UINT32_BE(iv_len * 8, work_buf, 12); // place the IV into buffer - XORARR(ctx->y, p, 16); - gcm_mult(ctx, ctx->y, ctx->y); - p += 16; - XORARR(ctx->y, p, 16); - gcm_mult(ctx, ctx->y, ctx->y); - XORARR(ctx->y, work_buf, 16); - gcm_mult(ctx, ctx->y, ctx->y); - if ((ret = aes_cipher_encrypt(&ctx->aes_ctx, ctx->y, ctx->ectr)) != 0) return ret; - ctx->add_len = add_len; - p = add; - return 0; -} - -int gcm_update_encrypt(gcm_context *ctx, size_t length, const uint8_t *input, uint8_t *output) { - uint8_t ectr[16] = {0}, ret = 0; - size_t use_len = 16; - ctx->len = length; - while(length > 0) { - for (size_t i = 16; i > 12; i--) if (++ctx->y[i - 1] != 0) break; - if ((ret = aes_cipher_encrypt(&ctx->aes_ctx, ctx->y, ectr)) != 0) return ret; - for (size_t i = 0; i < use_len; i++) { - output[i] = (uint8_t)(ectr[i] ^ input[i]); - ctx->buf[i] = (uint8_t)(ectr[i] ^ output[i]); - } - gcm_mult(ctx, ctx->buf, ctx->buf); // perform a GHASH operation - length -= use_len; // drop the remaining byte count to process - input += use_len; // bump our input pointer forward - output += use_len; // bump our output pointer forward - } - return 0; -} - -int gcm_update_decrypt(gcm_context *ctx, size_t length, const uint8_t *input, uint8_t *output) { - uint8_t ectr[16] = {0}, ret = 0; - size_t use_len = 16; - ctx->len = length; - while(length > 0) { - for (size_t i = 16; i > 12; i--) if (++ctx->y[i - 1] != 0) break; - if ((ret = aes_cipher_decrypt(&ctx->aes_ctx, ctx->y, ectr)) != 0) return ret; - for (size_t i = 0; i < use_len; i++) { - ctx->buf[i] = (uint8_t)(ctx->buf[i] ^ input[i]); - output[i] = (uint8_t)(ectr[i] ^ input[i]); - } - gcm_mult(ctx, ctx->buf, ctx->buf); // perform a GHASH operation - length -= use_len; // drop the remaining byte count to process - input += use_len; // bump our input pointer forward - output += use_len; // bump our output pointer forward - } - return 0; -} - -int gcm_crypt_and_tag(gcm_context *ctx, int mode, const uint8_t *iv, size_t iv_len, const uint8_t *add, size_t add_len, const uint8_t *input, - uint8_t *output, size_t length, uint8_t *tag, size_t tag_len) { - gcm_start(ctx, mode, iv, iv_len, add, add_len); - if (mode == 0) gcm_update_decrypt(ctx, length, input, output); - else if (mode == 1) gcm_update_encrypt(ctx, length, input, output); - gcm_finish(ctx, tag, tag_len); - return 0; -} - -int gcm_finish(gcm_context *ctx, uint8_t *tag, size_t tag_len) { - u64 orig_len = ctx->len * 8, orig_add_len = ctx->add_len * 8; - uint8_t work_buf[16] = {0}; - if(tag_len != 0) memcpy(tag, ctx->ectr, tag_len); - if(orig_len || orig_add_len) { - memset(work_buf, 0, 16); - PUT_UINT32_BE((orig_add_len >> 32), work_buf, 0); - PUT_UINT32_BE((orig_add_len), work_buf, 4); - PUT_UINT32_BE((orig_len >> 32), work_buf, 8); - PUT_UINT32_BE((orig_len), work_buf, 12); - for(size_t i = 0; i < 16; i++) ctx->buf[i] = (uint8_t)(ctx->buf[i] ^ work_buf[i]); - gcm_mult(ctx, ctx->buf, ctx->buf); - for(size_t i = 0; i < tag_len; i++) tag[i] = (uint8_t)(tag[i] ^ ctx->buf[i]); - } - return 0; -} - -void gcm_zero_ctx(gcm_context *ctx) { - memset(ctx, 0, sizeof(gcm_context)); -} - -// AES GCM -int aes_gcm_encrypt(uint8_t *out, const uint8_t *in, int in_len, const uint8_t *key, const size_t key_len, const uint8_t *iv, const size_t iv_len) { - uint8_t tag_buf[16] = {0}; - size_t tl = 0; - gcm_context c; - gcm_zero_ctx(&c); - gcm_setkey(&c, key, (const uint32_t)key_len); - gcm_crypt_and_tag(&c, ENCRYPT, iv, iv_len, NULL, 0, in, out, in_len, tag_buf, tl); - gcm_zero_ctx(&c); - return 0; -} - -int aes_gcm_decrypt(uint8_t *out, const uint8_t *in, int in_len, const uint8_t *key, const size_t key_len, const uint8_t *iv, const size_t iv_len) { - uint8_t tag_buf[16] = {0}; - size_t tl = 0; - gcm_context c; - gcm_zero_ctx(&c); - gcm_setkey(&c, key, (const uint32_t)key_len); - gcm_crypt_and_tag(&c, DECRYPT, iv, iv_len, NULL, 0, in, out, in_len, tag_buf, tl); - gcm_zero_ctx(&c); - return 0; -} - -// AES -// https://en.wikipedia.org/wiki/Advanced_Encryption_Standard -// https://www.rfc-editor.org/rfc/rfc3565 -// https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf - -// AES GCM -// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf -// https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf -// http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip - -// https://en.wikipedia.org/wiki/AES-GCM-SIV -// https://www.rfc-editor.org/rfc/rfc8452.html - -// https://github.com/mko-x/SharedAES-GCM // ----------------- taken from this, and massaged diff --git a/lotordb/src/ciphers.h b/lotordb/src/ciphers.h deleted file mode 100644 index 241e5db..0000000 --- a/lotordb/src/ciphers.h +++ /dev/null @@ -1,95 +0,0 @@ -// Auth: smurfd 2024 -#ifndef CIPHERS_AES_GCM_H -#define CIPHERS_AES_GCM_H 1 -#include -#include -#include - -#define u64 unsigned long long int // because linux uint64_t is not same as on mac -typedef struct { - int mode; // 1 for Encryption, 0 for Decryption - int rounds; // keysize-based rounds count - uint32_t *rk; // pointer to current round key - uint32_t buf[68]; // key expansion buffer -} aes_context; - -typedef struct { - int mode; // cipher direction: encrypt/decrypt - u64 len; // cipher data length processed so far - u64 add_len; // total add data length - u64 HL[16]; // precalculated lo-half HTable - u64 HH[16]; // precalculated hi-half HTable - uint8_t ectr[16]; // first counter-mode cipher output for tag - uint8_t y[16]; // the current cipher-input IV|Counter value - uint8_t buf[16]; // buf working value - aes_context aes_ctx;// cipher context used -} gcm_context; - -typedef struct { - uint8_t b[256]; // substitution box - uint32_t T0[256], T1[256], T2[256], T3[256]; // key schedule assembly tables -} box; - -typedef struct { - uint8_t *key, *iv, *aad, *pt, *ct, *tag, *input, *output; - size_t key_len, iv_len, aad_len, pt_len, ct_len, tag_len, length; -} ctx_param; - -static const u64 last4[16] = {0x0000,0x1c20,0x3840,0x2460,0x7080,0x6ca0,0x48c0,0x54e0,0xe100,0xfd20,0xd940,0xc560,0x9180,0x8da0,0xa9c0,0xb5e0}; - -#define ENCRYPT 1 -#define DECRYPT 0 -#define GCM_AUTH_FAILURE 0x55555555 -#define GET_UINT32_LE(n,b,i) {n = ((uint32_t)b[(i)]) | ((uint32_t)b[(i) + 1] << 8) | ((uint32_t)b[(i) + 2] << 16) | ((uint32_t)b[(i) + 3] << 24);} -#define PUT_UINT32_LE(n,b,i) {b[(i)]=(uint8_t)((n)); b[(i) + 1]=(uint8_t)((n) >> 8);b[(i) + 2]=(uint8_t)((n) >> 16); b[(i) + 3]=(uint8_t)((n) >> 24);} -#define GET_UINT32_BE(n,b,i) {n = ((uint32_t)b[(i)] << 24) | ((uint32_t)b[(i) + 1] << 16) | ((uint32_t)b[(i) + 2] << 8) | ((uint32_t)b[(i) + 3]);} -#define PUT_UINT32_BE(n,b,i) {b[(i)]=(uint8_t)((n) >> 24);b[(i) + 1]=(uint8_t)((n) >> 16);b[(i) + 2]=(uint8_t)((n) >> 8);b[(i) + 3] = (uint8_t)((n));} - -#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) { \ - X0 = *RK++ ^ fsb.T0[(Y0) & 0xFF] ^ fsb.T1[(Y1 >> 8) & 0xFF] ^ fsb.T2[(Y2 >> 16) & 0xFF] ^ fsb.T3[(Y3 >> 24) & 0xFF]; \ - X1 = *RK++ ^ fsb.T0[(Y1) & 0xFF] ^ fsb.T1[(Y2 >> 8) & 0xFF] ^ fsb.T2[(Y3 >> 16) & 0xFF] ^ fsb.T3[(Y0 >> 24) & 0xFF]; \ - X2 = *RK++ ^ fsb.T0[(Y2) & 0xFF] ^ fsb.T1[(Y3 >> 8) & 0xFF] ^ fsb.T2[(Y0 >> 16) & 0xFF] ^ fsb.T3[(Y1 >> 24) & 0xFF]; \ - X3 = *RK++ ^ fsb.T0[(Y3) & 0xFF] ^ fsb.T1[(Y0 >> 8) & 0xFF] ^ fsb.T2[(Y1 >> 16) & 0xFF] ^ fsb.T3[(Y2 >> 24) & 0xFF]; \ -} - -#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) { \ - X0 = *RK++ ^ rsb.T0[(Y0) & 0xFF] ^ rsb.T1[(Y3 >> 8) & 0xFF] ^ rsb.T2[(Y2 >> 16) & 0xFF] ^ rsb.T3[(Y1 >> 24) & 0xFF]; \ - X1 = *RK++ ^ rsb.T0[(Y1) & 0xFF] ^ rsb.T1[(Y0 >> 8) & 0xFF] ^ rsb.T2[(Y3 >> 16) & 0xFF] ^ rsb.T3[(Y2 >> 24) & 0xFF]; \ - X2 = *RK++ ^ rsb.T0[(Y2) & 0xFF] ^ rsb.T1[(Y1 >> 8) & 0xFF] ^ rsb.T2[(Y0 >> 16) & 0xFF] ^ rsb.T3[(Y3 >> 24) & 0xFF]; \ - X3 = *RK++ ^ rsb.T0[(Y3) & 0xFF] ^ rsb.T1[(Y2 >> 8) & 0xFF] ^ rsb.T2[(Y1 >> 16) & 0xFF] ^ rsb.T3[(Y0 >> 24) & 0xFF]; \ -} - -#define ROTL8(x) ((x << 8) & 0xFFFFFFFF) | (x >> 24) -#define XTIME(x) ((x << 1) ^ ((x & 0x80) ? 0x1B : 0x00)) -#define MUL(x,y) ((x && y) ? pow[(log[x]+log[y]) % 255] : 0) -#define MIX(x,y) {y = ((y << 1) | (y >> 7)) & 0xFF; x ^= y;} -#define MIX4(x, y) {MIX(x, y); MIX(x, y); MIX(x, y); MIX(x, y);} -#define CPY128(RK,SK) {*RK++ = *SK++; *RK++ = *SK++; *RK++ = *SK++; *RK++ = *SK++;} -#define ROUND(r, S, A0, A1, A2, A3, B0, B1, B2, B3) {\ - r = ((uint32_t)S[A0 & 0xFF] << B0) ^ \ - ((uint32_t)S[A1 & 0xFF] << B1) ^ \ - ((uint32_t)S[A2 & 0xFF] << B2) ^ \ - ((uint32_t)S[A3 & 0xFF] << B3);} -#define XORARR(x, y, z){\ -for(size_t i = 0; i < z; i++) x[i] ^= y[i];} -// AES -void aes_init_keygen_tables(void); -int aes_setkey(aes_context *c, uint8_t mode, const uint8_t *key, uint8_t kz); -int aes_cipher(aes_context *ctx, const uint8_t input[16], uint8_t output[16]); // 128-bit in/out block - -// GCM -int gcm_initialize(void); -int gcm_setkey(gcm_context *ctx, const uint8_t *key, const uint32_t keysize); // keysize in bytes (must be 16, 24, 32 for 128, 192 or 256-bit keys) -int gcm_crypt_and_tag(gcm_context *ctx, int mode, const uint8_t *iv, size_t iv_len, const uint8_t *add, size_t add_len, const uint8_t *input, - uint8_t *output, size_t length, uint8_t *tag, size_t tag_len); -int gcm_auth_decrypt(gcm_context *ctx, const uint8_t *iv, size_t iv_len, const uint8_t *add, size_t add_len, const uint8_t *input, uint8_t *output, - size_t length, const uint8_t *tag, size_t tag_len); -int gcm_start(gcm_context *ctx, int mode, const uint8_t *iv, size_t iv_len, const uint8_t *add, size_t add_len); -int gcm_update(gcm_context *ctx, size_t length, const uint8_t *input, uint8_t *output); -int gcm_finish(gcm_context *ctx, uint8_t *tag, size_t tag_len); -void gcm_zero_ctx(gcm_context *ctx); - -// AES GCM -int aes_gcm_encrypt(uint8_t* out, const uint8_t* in, int in_len, const uint8_t* key, const size_t key_len, const uint8_t * iv, const size_t iv_len); -int aes_gcm_decrypt(uint8_t* out, const uint8_t* in, int in_len, const uint8_t* key, const size_t key_len, const uint8_t * iv, const size_t iv_len); -#endif diff --git a/lotordb/src/db_tables.c b/lotordb/src/db_tables.c index e36579d..6497827 100644 --- a/lotordb/src/db_tables.c +++ b/lotordb/src/db_tables.c @@ -4,7 +4,7 @@ #include #include #include "db_tables.h" -#include "ciphers.h" +#include "aes.h" // TODO: Randomize these to file for program to use static uint8_t iv1[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,\ @@ -36,8 +36,10 @@ void table_readctx(binary *dataall, FILE *read_ptr, u64 j) { } void table_getctx(ctx *c, u64 *header, binary *bin, binary *dataall, u64 len) { + uint8_t tag[512] = {0}, aad[512] = {0}; memcpy(bin, dataall, sizeof(binary)); - aes_gcm_decrypt(bin->encrypted, bin->encrypted, 512, key1, 32, iv1, 32); + gcm_inv_ciphertag(bin->encrypted, tag, key1, iv1, bin->encrypted, aad, tag); + table_getheaders(header, dataall); table_getctxfrombin(c, bin, len); } @@ -63,11 +65,12 @@ void table_addctx(ctx *c, u64 index, u64 pkhdr, void *p, u64 ctxstructlen) { void table_writectx(ctx *c, binary *bin, FILE *write_ptr) { // "convert" ctx to "binary" + uint8_t tag[512] = {0}, aad[512] = {0}; memset(bin->encrypted, (uint8_t)' ', 512); // "PAD" the ctx memcpy(bin->encrypted, (uint8_t*)c, sizeof(u64) + sizeof(u64)); memcpy(bin->encrypted + sizeof(u64) + sizeof(u64), (uint8_t*)c->structure, c->structurelen); memcpy(bin->encrypted + sizeof(u64) + sizeof(u64) + c->structurelen, &c->structurelen, sizeof(u64)); - aes_gcm_encrypt(bin->encrypted, bin->encrypted, 512, key1, 32, iv1, 32); + gcm_ciphertag(bin->encrypted, tag, key1, iv1, bin->encrypted, aad, 512); fwrite(bin->encrypted, sizeof(binary), 1, write_ptr); } diff --git a/lotordb/src/tests/Makefile b/lotordb/src/tests/Makefile index af78304..68fa966 100644 --- a/lotordb/src/tests/Makefile +++ b/lotordb/src/tests/Makefile @@ -7,7 +7,7 @@ local: build runner_local build: ${CC} -o ${BUILD}/tests tests.c ${BUILD}/crypto.o ${BUILD}/keys_client.o ${BUILD}/tables_client.o \ ${BUILD}/crypto_client.o ${BUILD}/tables_server.o ${BUILD}/keys_server.o ${BUILD}/crypto_server.o ${BUILD}/db_keystore.o \ -${BUILD}/hash.o ${BUILD}/hash_tooling.o ${BUILD}/db_tables.o ${BUILD}/ciphers.o ${BUILD}/keys.o ${BUILD}/aes.o -lpthread -lm +${BUILD}/hash.o ${BUILD}/hash_tooling.o ${BUILD}/db_tables.o ${BUILD}/keys.o ${BUILD}/aes.o -lpthread -lm runner: ${BUILD}/tests diff --git a/lotordb/src/tests/tests.c b/lotordb/src/tests/tests.c index a52c062..24f6034 100644 --- a/lotordb/src/tests/tests.c +++ b/lotordb/src/tests/tests.c @@ -4,7 +4,6 @@ #include #include #include -#include "../ciphers.h" #include "../crypto_server.h" #include "../crypto_client.h" #include "../aes.h" @@ -15,10 +14,6 @@ #include "../db_keystore.h" #include "../examples/tables_example_struct.h" -static uint8_t iv1[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; -static uint8_t key1[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}; -static uint8_t outdec[256] = {0}, outenc[256] = {0}, lain[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}; - uint8_t test_hash(void) { uint8_t hash[256]; hash_new((char*)hash, (uint8_t*)"some string to hash"); @@ -33,24 +28,6 @@ uint8_t test_hashshake(void) { return 1; } -uint8_t test_ciphers_aes_gcm_text32loop(void) { - clock_t start = clock(); - for (int i = 0; i < 1000000; i++) { - aes_gcm_encrypt(outenc, lain, 32, key1, 32, iv1, 32); - aes_gcm_decrypt(outdec, outenc, sizeof(outenc), key1, 32, iv1, 32); - for (int i = 0; i < 32; i++) assert(lain[i] == outdec[i]); - } - printf("gcmloop: Time %us %ums\n", (uint32_t)((clock() - start) * 1000 / CLOCKS_PER_SEC) / 1000, (uint32_t)((clock() - start) * 1000 / CLOCKS_PER_SEC) % 1000); - return 1; -} - -uint8_t test_ciphers_aes_gcm_text32(void) { - aes_gcm_encrypt(outenc, lain, 32, key1, 32, iv1, 32); - aes_gcm_decrypt(outdec, outenc, sizeof(outenc), key1, 32, iv1, 32); - for (int i = 0; i < 32; i++) assert(lain[i] == outdec[i]); - return 1; -} - // // Generate a keypair & shared key then print it (test / demo) uint8_t test_genkeys(void) { @@ -217,7 +194,6 @@ int main(int argc, char** argv) { ret &= test_aesgcm32bit(); ret &= test_genkeys(); ret &= test_keys_verify(); - ret &= test_ciphers_aes_gcm_text32(); ret &= test_db_table(); if (ret) printf("\nOK\n"); else printf("\nNot OK\n"); @@ -245,8 +221,6 @@ int main(int argc, char** argv) { ret &= test_aesgcm32bitloop(); ret &= test_genkeys(); ret &= test_keys_verify(); - ret &= test_ciphers_aes_gcm_text32(); - ret &= test_ciphers_aes_gcm_text32loop(); ret &= test_db_table(); if (ret) printf("\nOK\n"); else printf("\nNot OK\n");