static
void test_hmac_test_vectors(void)
{
test_begin("test_hmac_test_vectors");
buffer_t *pt, *ct, *key, *res;
pt = buffer_create_dynamic(pool_datastack_create(), 50);
key = buffer_create_dynamic(pool_datastack_create(), 20);
ct = buffer_create_dynamic(pool_datastack_create(), 32);
res = buffer_create_dynamic(pool_datastack_create(), 32);
hex_to_binary("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", key);
hex_to_binary("dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd", pt);
hex_to_binary("773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe", res);
struct dcrypt_context_hmac *hctx;
if (!dcrypt_ctx_hmac_create("sha256", &hctx, NULL)) {
test_assert_failed("dcrypt_ctx_hmac_create", __FILE__, __LINE__-1);
} else {
dcrypt_ctx_hmac_set_key(hctx, key->data, key->used);
test_assert(dcrypt_ctx_hmac_init(hctx, NULL));
test_assert(dcrypt_ctx_hmac_update(hctx, pt->data, pt->used, NULL));
test_assert(dcrypt_ctx_hmac_final(hctx, ct, NULL));
test_assert(buffer_cmp(ct, res));
dcrypt_ctx_hmac_destroy(&hctx);
}
test_end();
}
static
int i_stream_decrypt_header_contents(struct decrypt_istream *stream,
const unsigned char *data, size_t size)
{
const unsigned char *end = data + size;
bool failed = FALSE;
/* read cipher OID */
const char *calg;
if (!i_stream_decrypt_der(&data, end, &calg))
return 0;
if (calg == NULL || !dcrypt_ctx_sym_create(calg, DCRYPT_MODE_DECRYPT, &(stream->ctx_sym), NULL)) {
io_stream_set_error(&stream->istream.iostream, "Decryption error: unsupported/invalid cipher: %s", calg);
return -1;
}
/* read MAC oid (MAC is used for PBKDF2 and key data digest, too) */
const char *malg;
if (!i_stream_decrypt_der(&data, end, &malg))
return 0;
if (malg == NULL || !dcrypt_ctx_hmac_create(malg, &(stream->ctx_mac), NULL)) {
io_stream_set_error(&stream->istream.iostream, "Decryption error: unsupported/invalid MAC algorithm: %s", malg);
return -1;
}
/* read rounds (for PBKDF2) */
uint32_t rounds;
if (!get_msb32(&data, end, &rounds))
return 0;
/* read key data length */
uint32_t kdlen;
if (!get_msb32(&data, end, &kdlen))
return 0;
size_t tagsize;
if ((stream->flags & IO_STREAM_ENC_INTEGRITY_HMAC) == IO_STREAM_ENC_INTEGRITY_HMAC) {
tagsize = IOSTREAM_TAG_SIZE;
} else if ((stream->flags & IO_STREAM_ENC_INTEGRITY_AEAD) == IO_STREAM_ENC_INTEGRITY_AEAD) {
tagsize = IOSTREAM_TAG_SIZE;
} else {
tagsize = 0;
}
/* how much key data we should be getting */
size_t kl = dcrypt_ctx_sym_get_key_length(stream->ctx_sym) + dcrypt_ctx_sym_get_iv_length(stream->ctx_sym) + tagsize;
buffer_t *keydata = buffer_create_dynamic(pool_datastack_create(), kl);
/* try to decrypt the keydata with a private key */
int ret;
if ((ret = i_stream_decrypt_key(stream, malg, rounds, data, end, keydata, kl)) <= 0)
return ret;
/* oh, it worked! */
const unsigned char *ptr = keydata->data;
if (keydata->used != kl) {
/* but returned wrong amount of data */
io_stream_set_error(&stream->istream.iostream, "Key decryption error: Key data length mismatch");
return -1;
}
/* prime contexts */
dcrypt_ctx_sym_set_key(stream->ctx_sym, ptr, dcrypt_ctx_sym_get_key_length(stream->ctx_sym));
ptr += dcrypt_ctx_sym_get_key_length(stream->ctx_sym);
dcrypt_ctx_sym_set_iv(stream->ctx_sym, ptr, dcrypt_ctx_sym_get_iv_length(stream->ctx_sym));
stream->iv = i_malloc(dcrypt_ctx_sym_get_iv_length(stream->ctx_sym));
memcpy(stream->iv, ptr, dcrypt_ctx_sym_get_iv_length(stream->ctx_sym));
ptr += dcrypt_ctx_sym_get_iv_length(stream->ctx_sym);
/* based on the chosen MAC, initialize HMAC or AEAD */
if ((stream->flags & IO_STREAM_ENC_INTEGRITY_HMAC) == IO_STREAM_ENC_INTEGRITY_HMAC) {
const char *error;
dcrypt_ctx_hmac_set_key(stream->ctx_mac, ptr, tagsize);
if (!dcrypt_ctx_hmac_init(stream->ctx_mac, &error)) {
io_stream_set_error(&stream->istream.iostream, "MAC error: %s", error);
stream->istream.istream.stream_errno = EINVAL;
failed = TRUE;
}
stream->ftr = dcrypt_ctx_hmac_get_digest_length(stream->ctx_mac);
stream->use_mac = TRUE;
} else if ((stream->flags & IO_STREAM_ENC_INTEGRITY_AEAD) == IO_STREAM_ENC_INTEGRITY_AEAD) {
dcrypt_ctx_sym_set_aad(stream->ctx_sym, ptr, tagsize);
stream->ftr = tagsize;
stream->use_mac = TRUE;
} else {
stream->use_mac = FALSE;
}
/* destroy private key data */
safe_memset(buffer_get_modifiable_data(keydata, 0), 0, keydata->used);
buffer_set_used_size(keydata, 0);
return failed ? -1 : 1;
}
static
int o_stream_encrypt_keydata_create_v2(struct encrypt_ostream *stream, const char *malg)
{
const struct hash_method *hash = hash_method_lookup(malg);
const char *error;
size_t tagsize;
const unsigned char *ptr;
size_t kl;
unsigned int val;
buffer_t *keydata, *res;
if (hash == NULL) {
io_stream_set_error(&stream->ostream.iostream,
"Encryption init error: Hash algorithm '%s' not supported", malg);
return -1;
}
/* key data length for internal use */
if ((stream->flags & IO_STREAM_ENC_INTEGRITY_HMAC) == IO_STREAM_ENC_INTEGRITY_HMAC) {
tagsize = IOSTREAM_TAG_SIZE;
} else if ((stream->flags & IO_STREAM_ENC_INTEGRITY_AEAD) == IO_STREAM_ENC_INTEGRITY_AEAD) {
tagsize = IOSTREAM_TAG_SIZE;
} else {
/* do not include MAC */
tagsize = 0;
}
/* generate keydata length of random data for key/iv/mac */
kl = dcrypt_ctx_sym_get_key_length(stream->ctx_sym) + dcrypt_ctx_sym_get_iv_length(stream->ctx_sym) + tagsize;
keydata = buffer_create_dynamic(pool_datastack_create(), kl);
random_fill(buffer_append_space_unsafe(keydata, kl), kl);
buffer_set_used_size(keydata, kl);
ptr = keydata->data;
res = buffer_create_dynamic(default_pool, 256);
/* store number of public key(s) */
buffer_append(res, "\1", 1); /* one key for now */
/* we can do multiple keys at this point, but do it only once now */
if (o_stream_encrypt_key_for_pubkey_v2(stream, malg, ptr, kl, stream->pub, res) != 0) {
buffer_free(&res);
return -1;
}
/* create hash of the key data */
unsigned char hctx[hash->context_size];
unsigned char hres[hash->digest_size];
hash->init(hctx);
hash->loop(hctx, ptr, kl);
hash->result(hctx, hres);
for(int i = 1; i < 2049; i++) {
uint32_t i_msb = htonl(i);
hash->init(hctx);
hash->loop(hctx, hres, sizeof(hres));
hash->loop(hctx, &i_msb, sizeof(i_msb));
hash->result(hctx, hres);
}
/* store key data hash */
val = htonl(sizeof(hres));
buffer_append(res, &val, 4);
buffer_append(res, hres, sizeof(hres));
/* pick up key data that goes into stream */
stream->key_data_len = res->used;
stream->key_data = buffer_free_without_data(&res);
/* prime contexts */
dcrypt_ctx_sym_set_key(stream->ctx_sym, ptr, dcrypt_ctx_sym_get_key_length(stream->ctx_sym));
ptr += dcrypt_ctx_sym_get_key_length(stream->ctx_sym);
dcrypt_ctx_sym_set_iv(stream->ctx_sym, ptr, dcrypt_ctx_sym_get_iv_length(stream->ctx_sym));
ptr += dcrypt_ctx_sym_get_iv_length(stream->ctx_sym);
if ((stream->flags & IO_STREAM_ENC_INTEGRITY_HMAC) == IO_STREAM_ENC_INTEGRITY_HMAC) {
dcrypt_ctx_hmac_set_key(stream->ctx_mac, ptr, tagsize);
dcrypt_ctx_hmac_init(stream->ctx_mac, &error);
} else if ((stream->flags & IO_STREAM_ENC_INTEGRITY_AEAD) == IO_STREAM_ENC_INTEGRITY_AEAD) {
dcrypt_ctx_sym_set_aad(stream->ctx_sym, ptr, tagsize);
}
/* clear out private key data */
safe_memset(buffer_get_modifiable_data(keydata, 0), 0, keydata->used);
if (!dcrypt_ctx_sym_init(stream->ctx_sym, &error)) {
io_stream_set_error(&stream->ostream.iostream, "Encryption init error: %s", error);
return -1;
}
return 0;
}
