From d88e2a9cc43929289f85b86ea1481ba3f2cefd19 Mon Sep 17 00:00:00 2001 From: Alex Black Date: Wed, 11 Dec 2024 01:03:27 +0300 Subject: [PATCH 01/23] Add MbedTLS v3 version support --- src/crypto/mbedtls.c | 88 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index b1c0cc1..5b099dc 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -10,6 +10,7 @@ #include #include #include +#include static const mbedtls_cipher_type_t get_mbedtls_cipher(pgs_cryptor_type_t cipher); @@ -194,6 +195,7 @@ void sha224(const uint8_t *input, uint64_t input_len, uint8_t *res, *res_len = 0; } +#if MBEDTLS_VERSION_NUMBER < 0x03000000 void md5(const uint8_t *input, uint64_t input_len, uint8_t *res) { mbedtls_md5_ret(input, input_len, res); @@ -204,6 +206,21 @@ void sha1(const uint8_t *input, uint64_t input_len, uint8_t *res) mbedtls_sha1_ret(input, input_len, res); } +#else + +void md5(const uint8_t *input, uint64_t input_len, uint8_t *res) +{ + mbedtls_md5(input, input_len, res); +} + +void sha1(const uint8_t *input, uint64_t input_len, uint8_t *res) +{ + mbedtls_sha1(input, input_len, res); +} + +#endif + + void hmac_md5(const uint8_t *key, uint64_t key_len, const uint8_t *data, uint64_t data_len, uint8_t *out, uint64_t *out_len) { @@ -419,6 +436,8 @@ static bool pgs_cryptor_decrypt_aes(pgs_cryptor_t *ptr, return true; } +#if MBEDTLS_VERSION_NUMBER < 0x03000000 + static bool pgs_cryptor_encrypt_gcm(pgs_cryptor_t *ptr, const uint8_t *plaintext, size_t plaintext_len, uint8_t *tag, @@ -457,6 +476,75 @@ static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, return true; } +#else + +static bool pgs_cryptor_encrypt_gcm(pgs_cryptor_t *ptr, + const uint8_t *plaintext, + size_t plaintext_len, uint8_t *tag, + uint8_t *ciphertext, size_t *ciphertext_len) +{ + size_t out_len = 0, tmp_len = 0; + unsigned char last_block[16] = {0}; + + if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_ENCRYPT, ptr->iv, + ptr->iv_len)) { + return false; + } + + if (mbedtls_gcm_update(ptr->ctx, plaintext, plaintext_len, ciphertext, + *ciphertext_len, &out_len)) { + return false; + } + if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, + tag, ptr->tag_len)) { + return false; + } + if (tmp_len > 0) { + if (out_len + tmp_len > *ciphertext_len) { + return false; + } + memcpy(ciphertext + out_len, last_block, tmp_len); + out_len += tmp_len; + } + + *ciphertext_len = out_len; + return true; +} + +static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, + const uint8_t *ciphertext, + size_t ciphertext_len, const uint8_t *tag, + uint8_t *plaintext, size_t *plaintext_len) +{ + size_t out_len = 0, tmp_len = 0; + unsigned char last_block[16] = {0}; + + if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv,ptr->iv_len) + && mbedtls_gcm_update_ad(ptr->ctx, tag, ptr->tag_len)) { + return false; + } + if (mbedtls_gcm_update(ptr->ctx, ciphertext, ciphertext_len, plaintext, + *plaintext_len, &out_len)) { + return false; + } + if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, + tag, ptr->tag_len)) { + return false; + } + if (tmp_len > 0) { + if (out_len + tmp_len > *plaintext_len) { + return false; + } + memcpy(plaintext + out_len, last_block, tmp_len); + out_len += tmp_len; + } + + *plaintext_len = out_len; + return true; +} + +#endif + static bool pgs_cryptor_encrypt_chachapoly(pgs_cryptor_t *ptr, const uint8_t *plaintext, size_t plaintext_len, uint8_t *tag, From 84e68b057f78bbae55273077e45f08ef722e590d Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 00:00:40 +0300 Subject: [PATCH 02/23] Update mbedtls.c correct type --- src/crypto/mbedtls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index 5b099dc..2ea2f6e 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -496,7 +496,7 @@ static bool pgs_cryptor_encrypt_gcm(pgs_cryptor_t *ptr, return false; } if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, - tag, ptr->tag_len)) { + (unsigned char *)tag, ptr->tag_len)) { return false; } if (tmp_len > 0) { @@ -528,7 +528,7 @@ static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, return false; } if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, - tag, ptr->tag_len)) { + (unsigned char *)tag, ptr->tag_len)) { return false; } if (tmp_len > 0) { From f8732a16024d45e3b4077a537167d63cadec4668 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 02:50:20 +0300 Subject: [PATCH 03/23] Update FindLibevent2.cmake --- cmake/FindLibevent2.cmake | 92 ++++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 44 deletions(-) diff --git a/cmake/FindLibevent2.cmake b/cmake/FindLibevent2.cmake index d107c2d..185a6e2 100644 --- a/cmake/FindLibevent2.cmake +++ b/cmake/FindLibevent2.cmake @@ -1,51 +1,55 @@ # -# https://github.com/sipwise/sems/blob/master/cmake/FindLibevent2.cmake -# -if ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "MSVC") - FIND_PATH(LIBEVENT2_INCLUDE_DIR event2/event.h) +# found in on openssl site and made some changes GPL 2.0 licenced + +IF(NOT WITH_LIBEVENT) + SET(WITH_LIBEVENT system) +ENDIF() - list(INSERT CMAKE_FIND_LIBRARY_SUFFIXES 0 .imp) - list(INSERT CMAKE_FIND_LIBRARY_SUFFIXES 0 .imp.lib) +IF(WITH_LIBEVENT STREQUAL "system" OR WITH_LIBEVENT STREQUAL "yes") + IF(NOT WIN32) + SET(LIBEVENT2_INCLUDE_PATH /usr/local/include /opt/local/include) + SET(LIBEVENT2_LIB_PATHS /usr/local/lib /opt/local/lib) + ENDIF() - if(CMAKE_CL_64) - FIND_LIBRARY(LIBEVENT2_LIBRARIES NAMES libevent-x64-v120-mt-2_1_4_0 event libevent ) - else() - FIND_LIBRARY(LIBEVENT2_LIBRARIES NAMES libevent-x86-v120-mt-2_1_4_0 event libevent ) - endif() -else() - set(LIBEVENT2_INCLUDE_DIR_SEARCH_PATHS /usr/local/include /usr/include) - set(LIBEVENT2_LIB_SEARCH_PATHS /usr/local/lib /usr/lib) -if(DEFINED Libevent2_ROOT) - set(LIBEVENT2_INCLUDE_DIR_SEARCH_PATHS ${Libevent2_ROOT}/include ${LIBEVENT2_INCLUDE_DIR_SEARCH_PATHS}) - set(LIBEVENT2_LIB_SEARCH_PATHS ${Libevent2_ROOT}/lib ${LIBEVENT2_LIB_SEARCH_PATHS}) -endif() - # -levent -levent_core -levent_extra -levent_openssl - FIND_PATH(LIBEVENT2_INCLUDE_DIR event2/event.h PATHS ${LIBEVENT2_INCLUDE_DIR_SEARCH_PATHS} NO_CMAKE_SYSTEM_PATH) - # OpenBSD issue, lookup from /usr/local/lib to avoid lib mismatch - FIND_LIBRARY(LIBEVENT2_LIBRARIES NAMES event libevent PATHS ${LIBEVENT2_LIB_SEARCH_PATHS} NO_CMAKE_SYSTEM_PATH) - FIND_LIBRARY(LIBEVENT2_CORE_LIBRARIES NAMES event_core libevent_core PATHS ${LIBEVENT2_LIB_SEARCH_PATHS} NO_CMAKE_SYSTEM_PATH) - FIND_LIBRARY(LIBEVENT2_EXTRA_LIBRARIES NAMES event_extra libevent_extra PATHS ${LIBEVENT2_LIB_SEARCH_PATHS} NO_CMAKE_SYSTEM_PATH) - FIND_LIBRARY(LIBEVENT2_SSL_LIBRARIES NAMES event_openssl libevent_openssl PATHS ${LIBEVENT2_LIB_SEARCH_PATHS} NO_CMAKE_SYSTEM_PATH) - FIND_LIBRARY(LIBEVENT2_MBEDTLS_LIBRARIES NAMES event_mbedtls libevent_mbedtls PATHS ${LIBEVENT2_LIB_SEARCH_PATHS}b NO_CMAKE_SYSTEM_PATH) -endif() + # use default paths + SET(HOW_TO_FIND) +ELSEIF(WITH_LIBEVENT STREQUAL "bundled") + MESSAGE(FATAL_ERROR "bundled libevent isn't support") +ELSE() + # make the users path for libevent absolute + GET_FILENAME_COMPONENT(LIBEVENT_ABS_DIR "${WITH_LIBEVENT}" ABSOLUTE) + SET(LIBEVENT2_INCLUDE_PATH ${LIBEVENT_ABS_DIR}/include) + SET(LIBEVENT2_LIB_PATHS ${LIBEVENT_ABS_DIR}/lib) + # if path specified, use that path only + SET(HOW_TO_FIND NO_DEFAULT_PATH) +ENDIF() -IF(LIBEVENT2_INCLUDE_DIR AND LIBEVENT2_LIBRARIES) - SET(LIBEVENT2_FOUND TRUE) -ENDIF(LIBEVENT2_INCLUDE_DIR AND LIBEVENT2_LIBRARIES) +FIND_PATH(LIBEVENT2_INCLUDE_DIR event2/event.h PATHS ${LIBEVENT2_INCLUDE_PATH} ${HOW_TO_FIND}) +IF(WIN32) + ## libevent-2.0.22 on windows is only 'event.lib' and 'event.dll' + FIND_LIBRARY(LIBEVENT2_CORE NAMES event PATHS ${LIBEVENT2_LIB_PATHS} ${HOW_TO_FIND}) + SET(LIBEVENT2_EXTRA) +ELSE() + FIND_LIBRARY(LIBEVENT2_CORE NAMES event_core libevent_core PATHS ${LIBEVENT2_LIB_PATHS} ${HOW_TO_FIND}) + FIND_LIBRARY(LIBEVENT2_EXTRA NAMES event_extra libevent_extra PATHS ${LIBEVENT2_LIB_PATHS} ${HOW_TO_FIND}) + FIND_LIBRARY(LIBEVENT2_SSL_LIBRARIES NAMES event_openssl libevent_openssl PATHS ${LIBEVENT2_LIB_PATHS} ${HOW_TO_FIND}) + FIND_LIBRARY(LIBEVENT2_MBEDTLS_LIBRARIES NAMES event_mbedtls libevent_mbedtls PATHS ${LIBEVENT2_LIB_PATHS} ${HOW_TO_FIND}) + FIND_LIBRARY(LIBEVENT2_PTHREADS_LIBRARIES NAMES event_pthreads libevent_pthreads PATHS ${LIBEVENT2_LIB_PATHS} ${HOW_TO_FIND}) +ENDIF() -IF(LIBEVENT2_FOUND) - IF (NOT Libevent2_FIND_QUIETLY) - MESSAGE(STATUS "Found libevent2 includes: ${LIBEVENT2_INCLUDE_DIR}/event2/event.h") - MESSAGE(STATUS "Found libevent2 library: ${LIBEVENT2_LIBRARIES}") - MESSAGE(STATUS "Found libevent2 core library: ${LIBEVENT2_CORE_LIBRARIES}") - MESSAGE(STATUS "Found libevent2 extra library: ${LIBEVENT2_EXTRA_LIBRARIES}") - MESSAGE(STATUS "Found libevent2 openssl library: ${LIBEVENT2_SSL_LIBRARIES}") - MESSAGE(STATUS "Found libevent2 mbedtls library: ${LIBEVENT2_MBEDTLS_LIBRARIES}") - ENDIF (NOT Libevent2_FIND_QUIETLY) -ELSE(LIBEVENT2_FOUND) - IF (Libevent2_FIND_REQUIRED) - MESSAGE(FATAL_ERROR "Could NOT find libevent2 development files: ${LIBEVENT2_INCLUDE_DIR} :: ${LIBEVENT2_LIBRARIES}") - ENDIF (Libevent2_FIND_REQUIRED) -ENDIF(LIBEVENT2_FOUND) +IF (LIBEVENT2_INCLUDE_DIR AND LIBEVENT2_CORE) + SET(LibEvent2_FOUND TRUE) +ELSE() + SET(LibEvent2_FOUND FALSE) +ENDIF() +# don't expose them in the cmake UI +MARK_AS_ADVANCED( + LIBEVENT2_INCLUDE_DIR + LIBEVENT2_CORE + LIBEVENT2_EXTRA + LIBEVENT2_SSL_LIBRARIES + LIBEVENT2_MBEDTLS_LIBRARIES + LIBEVENT2_PTHREADS_LIBRARIES +) From d0692a28ea8bd165f6baa70596768fdd3daefa96 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 02:51:29 +0300 Subject: [PATCH 04/23] Update CMakeLists.txt --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b9fcc72..c732682 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -117,8 +117,8 @@ endif() find_package(Libevent2 REQUIRED) include_directories(${LIBEVENT2_INCLUDE_DIR}) -list(APPEND THIRDPARTY_LIBS ${LIBEVENT2_LIBRARIES}) - +list(APPEND THIRDPARTY_LIBS ${LIBEVENT2_LIBRARIES} ${LIBEVENT2_CORE} ${LIBEVENT2_EXTRA} ${LIBEVENT2_PTHREADS_LIBRARIES}) + if(USE_MBEDTLS) find_package(MbedTLS REQUIRED) From 190ea505a49e6c6fb4fbdc90300e03d8f048a497 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 03:24:50 +0300 Subject: [PATCH 05/23] Update FindMbedTLS.cmake --- cmake/FindMbedTLS.cmake | 225 ++++++++++++++-------------------------- 1 file changed, 76 insertions(+), 149 deletions(-) diff --git a/cmake/FindMbedTLS.cmake b/cmake/FindMbedTLS.cmake index 7052143..f116916 100644 --- a/cmake/FindMbedTLS.cmake +++ b/cmake/FindMbedTLS.cmake @@ -1,159 +1,86 @@ -# Copyright 2017-2019 AVSystem +# Find the mbedTLS library # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Input variables: # -# http://www.apache.org/licenses/LICENSE-2.0 +# - `MBEDTLS_INCLUDE_DIR`: The mbedTLS include directory. +# - `MBEDTLS_LIBRARY`: Path to `mbedtls` library. +# - `MBEDX509_LIBRARY`: Path to `mbedx509` library. +# - `MBEDCRYPTO_LIBRARY`: Path to `mbedcrypto` library. # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#.rst: -# FindMbedTLS -# ----------- -# -# Find the mbedTLS encryption library. -# -# Imported Targets -# ^^^^^^^^^^^^^^^^ -# -# This module defines the following :prop_tgt:`IMPORTED` targets: -# -# ``mbedtls`` -# The mbedTLS ``mbedtls`` library, if found. -# ``mbedcrypto`` -# The mbedtls ``crypto`` library, if found. -# ``mbedx509`` -# The mbedtls ``x509`` library, if found. -# -# Result Variables -# ^^^^^^^^^^^^^^^^ -# -# This module will set the following variables in your project: +# Result variables: # -# ``MBEDTLS_FOUND`` -# System has the mbedTLS library. -# ``MBEDTLS_INCLUDE_DIR`` -# The mbedTLS include directory. -# ``MBEDTLS_LIBRARY`` -# The mbedTLS SSL library. -# ``MBEDTLS_CRYPTO_LIBRARY`` -# The mbedTLS crypto library. -# ``MBEDTLS_X509_LIBRARY`` -# The mbedTLS x509 library. -# ``MBEDTLS_LIBRARIES`` -# All mbedTLS libraries. -# ``MBEDTLS_VERSION`` -# This is set to ``$major.$minor.$patch``. -# ``MBEDTLS_VERSION_MAJOR`` -# Set to major mbedTLS version number. -# ``MBEDTLS_VERSION_MINOR`` -# Set to minor mbedTLS version number. -# ``MBEDTLS_VERSION_PATCH`` -# Set to patch mbedTLS version number. -# -# Hints -# ^^^^^ -# -# Set ``MBEDTLS_ROOT_DIR`` to the root directory of an mbedTLS installation. -# Set ``MBEDTLS_USE_STATIC_LIBS`` to ``TRUE`` to look for static libraries. - -if(MBEDTLS_ROOT_DIR) - # Disable re-rooting paths in find_path/find_library. - # This assumes MBEDTLS_ROOT_DIR is an absolute path. - set(_EXTRA_FIND_ARGS "NO_CMAKE_FIND_ROOT_PATH") +# - `MBEDTLS_FOUND`: System has mbedTLS. +# - `MBEDTLS_INCLUDE_DIRS`: The mbedTLS include directories. +# - `MBEDTLS_LIBRARIES`: The mbedTLS library names. +# - `MBEDTLS_LIBRARY_DIRS`: The mbedTLS library directories. +# - `MBEDTLS_PC_REQUIRES`: The mbedTLS pkg-config packages. +# - `MBEDTLS_CFLAGS`: Required compiler flags. +# - `MBEDTLS_VERSION`: Version of mbedTLS. + +if(DEFINED MBEDTLS_INCLUDE_DIRS AND NOT DEFINED MBEDTLS_INCLUDE_DIR) + message(WARNING "MBEDTLS_INCLUDE_DIRS is deprecated, use MBEDTLS_INCLUDE_DIR instead.") + set(MBEDTLS_INCLUDE_DIR "${MBEDTLS_INCLUDE_DIRS}") + unset(MBEDTLS_INCLUDE_DIRS) endif() -find_path(MBEDTLS_INCLUDE_DIR - NAMES mbedtls/ssl.h - PATH_SUFFIXES include - HINTS ${MBEDTLS_ROOT_DIR} - ${_EXTRA_FIND_ARGS}) - -# based on https://github.com/ARMmbed/mbedtls/issues/298 -if(MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") - file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_STRING_LINE REGEX "^#define MBEDTLS_VERSION_STRING[ \\t\\n\\r]+\"[^\"]*\"$") - file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_MAJOR_LINE REGEX "^#define MBEDTLS_VERSION_MAJOR[ \\t\\n\\r]+[0-9]+$") - file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_MINOR_LINE REGEX "^#define MBEDTLS_VERSION_MINOR[ \\t\\n\\r]+[0-9]+$") - file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_PATCH_LINE REGEX "^#define MBEDTLS_VERSION_PATCH[ \\t\\n\\r]+[0-9]+$") - - string(REGEX REPLACE "^#define MBEDTLS_VERSION_STRING[ \\t\\n\\r]+\"([^\"]*)\"$" "\\1" MBEDTLS_VERSION "${VERSION_STRING_LINE}") - string(REGEX REPLACE "^#define MBEDTLS_VERSION_MAJOR[ \\t\\n\\r]+([0-9]+)$" "\\1" MBEDTLS_VERSION_MAJOR "${VERSION_MAJOR_LINE}") - string(REGEX REPLACE "^#define MBEDTLS_VERSION_MINOR[ \\t\\n\\r]+([0-9]+)$" "\\1" MBEDTLS_VERSION_MINOR "${VERSION_MINOR_LINE}") - string(REGEX REPLACE "^#define MBEDTLS_VERSION_PATCH[ \\t\\n\\r]+([0-9]+)$" "\\1" MBEDTLS_VERSION_PATCH "${VERSION_PATCH_LINE}") +if(CURL_USE_PKGCONFIG AND + NOT DEFINED MBEDTLS_INCLUDE_DIR AND + NOT DEFINED MBEDTLS_LIBRARY AND + NOT DEFINED MBEDX509_LIBRARY AND + NOT DEFINED MBEDCRYPTO_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(MBEDTLS "mbedtls") + pkg_check_modules(MBEDX509 "mbedx509") + pkg_check_modules(MBEDCRYPTO "mbedcrypto") endif() - -if(MBEDTLS_USE_STATIC_LIBS) - set(_MBEDTLS_LIB_NAME libmbedtls.a) - set(_MBEDTLS_CRYPTO_LIB_NAME libmbedcrypto.a) - set(_MBEDTLS_X509_LIB_NAME libmbedx509.a) +if(MBEDTLS_FOUND AND MBEDX509_FOUND AND MBEDCRYPTO_FOUND) + list(APPEND MBEDTLS_LIBRARIES ${MBEDX509_LIBRARIES} ${MBEDCRYPTO_LIBRARIES}) + list(REMOVE_DUPLICATES MBEDTLS_LIBRARIES) + set(MBEDTLS_PC_REQUIRES "mbedtls") + string(REPLACE ";" " " MBEDTLS_CFLAGS "${MBEDTLS_CFLAGS}") + message(STATUS "Found MbedTLS (via pkg-config): ${MBEDTLS_INCLUDE_DIRS} (found version \"${MBEDTLS_VERSION}\")") else() - set(_MBEDTLS_LIB_NAME mbedtls) - set(_MBEDTLS_CRYPTO_LIB_NAME mbedcrypto) - set(_MBEDTLS_X509_LIB_NAME mbedx509) -endif() - -find_library(MBEDTLS_LIBRARY - NAMES ${_MBEDTLS_LIB_NAME} - PATH_SUFFIXES lib - HINTS ${MBEDTLS_ROOT_DIR} - ${_EXTRA_FIND_ARGS}) - -find_library(MBEDTLS_CRYPTO_LIBRARY - NAMES ${_MBEDTLS_CRYPTO_LIB_NAME} - PATH_SUFFIXES lib - HINTS ${MBEDTLS_ROOT_DIR} - ${_EXTRA_FIND_ARGS}) - -find_library(MBEDTLS_X509_LIBRARY - NAMES ${_MBEDTLS_X509_LIB_NAME} - PATH_SUFFIXES lib - HINTS ${MBEDTLS_ROOT_DIR} - ${_EXTRA_FIND_ARGS}) - -set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDTLS_X509_LIBRARY} ${MBEDTLS_CRYPTO_LIBRARY}) - -if(MBEDTLS_INCLUDE_DIR) - set(MBEDTLS_FOUND TRUE) -endif() - - -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(MbedTLS - FOUND_VAR MBEDTLS_FOUND - REQUIRED_VARS - MBEDTLS_INCLUDE_DIR - MBEDTLS_LIBRARY - MBEDTLS_CRYPTO_LIBRARY - MBEDTLS_X509_LIBRARY - MBEDTLS_LIBRARIES - MBEDTLS_VERSION - VERSION_VAR MBEDTLS_VERSION) - - -if(NOT TARGET mbedtls) - add_library(mbedtls UNKNOWN IMPORTED) - set_target_properties(mbedtls PROPERTIES - INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INCLUDE_DIR}" - IMPORTED_LINK_INTERFACE_LANGUAGES "C" - IMPORTED_LOCATION "${MBEDTLS_LIBRARY}") -endif() - -if(NOT TARGET mbedcrypto) - add_library(mbedcrypto UNKNOWN IMPORTED) - set_target_properties(mbedcrypto PROPERTIES - IMPORTED_LINK_INTERFACE_LANGUAGES "C" - IMPORTED_LOCATION "${MBEDTLS_CRYPTO_LIBRARY}") -endif() - -if(NOT TARGET mbedx509) - add_library(mbedx509 UNKNOWN IMPORTED) - set_target_properties(mbedx509 PROPERTIES - IMPORTED_LINK_INTERFACE_LANGUAGES "C" - IMPORTED_LOCATION "${MBEDTLS_X509_LIBRARY}") + find_path(MBEDTLS_INCLUDE_DIR NAMES "mbedtls/ssl.h") + find_library(MBEDTLS_LIBRARY NAMES "mbedtls" "libmbedtls") + find_library(MBEDX509_LIBRARY NAMES "mbedx509" "libmbedx509") + find_library(MBEDCRYPTO_LIBRARY NAMES "mbedcrypto" "libmbedcrypto") + + unset(MBEDTLS_VERSION CACHE) + if(MBEDTLS_INCLUDE_DIR) + if(EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h") # 3.x + set(_version_header "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h") + elseif(EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") # 2.x + set(_version_header "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") + else() + unset(_version_header) + endif() + if(_version_header) + set(_version_regex "#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"([0-9.]+)\"") + file(STRINGS "${_version_header}" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(MBEDTLS_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + unset(_version_header) + endif() + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(MbedTLS + REQUIRED_VARS + MBEDTLS_INCLUDE_DIR + MBEDTLS_LIBRARY + MBEDX509_LIBRARY + MBEDCRYPTO_LIBRARY + VERSION_VAR + MBEDTLS_VERSION + ) + + if(MBEDTLS_FOUND) + set(MBEDTLS_INCLUDE_DIRS ${MBEDTLS_INCLUDE_DIR}) + set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRARY}) + endif() + + mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) endif() From a3655de2f71148d0f765911c9dbce8f19693ba92 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 03:38:22 +0300 Subject: [PATCH 06/23] Update .cirrus.yml update till actual versions --- .cirrus.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 9f78ff9..e912a68 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -35,8 +35,8 @@ freebsd_task: linux_mbedtls_task: # use master branch of libevent to support mbedtls container: matrix: - - image: ubuntu:18.04 - - image: ubuntu:20.04 + - image: ubuntu:24.04 + - image: ubuntu:22.04 install_script: - apt update && apt upgrade -y From 09eac1b698358dda22d2c0a5adef2e4371bba2ec Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 03:41:40 +0300 Subject: [PATCH 07/23] Update .cirrus.yml update to new cmake version --- .cirrus.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index e912a68..72d4b86 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -65,8 +65,8 @@ linux_mbedtls_task: # use master branch of libevent to support mbedtls linux_openssl_task: container: matrix: - - image: ubuntu:18.04 - - image: ubuntu:20.04 + - image: ubuntu:22.04 + - image: ubuntu:24.04 install_script: - apt update && apt upgrade -y From 857a8e1a86b3981f1afe6fd35e1a2bde7bede316 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 03:53:03 +0300 Subject: [PATCH 08/23] Update .cirrus.yml Update to supported versions. --- .cirrus.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 72d4b86..d5581a8 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,11 +1,11 @@ freebsd_task: matrix: - - name: FreeBSD 11.4 + - name: FreeBSD 13.3 freebsd_instance: - image: freebsd-11-4-release-amd64 - - name: FreeBSD 12.2 + image: freebsd-13-3-release-amd64 + - name: FreeBSD 14.2 freebsd_instance: - image: freebsd-12-2-release-amd64 + image: freebsd-14-2-release-amd64 env: HOME: /home/testuser From 44cc5fcc0b2274552d4cac14c2f6f142fec5e8b0 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 03:56:18 +0300 Subject: [PATCH 09/23] Update .cirrus.yml update to cirrus available VMs --- .cirrus.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index d5581a8..7ce1d61 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -3,9 +3,9 @@ freebsd_task: - name: FreeBSD 13.3 freebsd_instance: image: freebsd-13-3-release-amd64 - - name: FreeBSD 14.2 + - name: FreeBSD 14.1 freebsd_instance: - image: freebsd-14-2-release-amd64 + image: freebsd-14-1-release-amd64 env: HOME: /home/testuser From 67b27d6f9c61f8234d0a43f23ecae96836f26edd Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 04:04:16 +0300 Subject: [PATCH 10/23] Update .cirrus.yml update for freebsd v14 --- .cirrus.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 7ce1d61..8437848 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -5,7 +5,8 @@ freebsd_task: image: freebsd-13-3-release-amd64 - name: FreeBSD 14.1 freebsd_instance: - image: freebsd-14-1-release-amd64 + image_family: freebsd-14-1 + env: HOME: /home/testuser From ce5ca974ddc9645415a4822b3408677516f39c69 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 04:37:45 +0300 Subject: [PATCH 11/23] Update .cirrus.yml Add mbedtls v3 check on Ubuntu 24.04 --- .cirrus.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.cirrus.yml b/.cirrus.yml index 8437848..bebac9c 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -63,6 +63,35 @@ linux_mbedtls_task: # use master branch of libevent to support mbedtls - make - make test +linux_mbedtls_v3_task: # use master branch of libevent to support mbedtls + container: + matrix: + - image: ubuntu:24.04 + + install_script: + - apt update && apt upgrade -y + - DEBIAN_FRONTEND=noninteractive apt install -y unzip git cmake build-essential curl libssl-dev libmbedtls-dev libpcre3-dev + prepare_script: + - git submodule update --init + - curl -L https://github.com/libevent/libevent/archive/refs/heads/master.zip -o libevent.zip + - unzip libevent.zip + - cd libevent-master && cmake -DCMAKE_BUILD_TYPE=Release . && make install && cd .. + - curl -L https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v3.6.2.zip -o mbedtls.zip + - unzip mbedtls.zip + - cd mbedtls-3.6.2 && cmake -DCMAKE_BUILD_TYPE=Release -DENABLE_TESTING=OFF -DENABLE_PROGRAMS=OFF . && make install && cd .. + build_default_test_script: + - mkdir -p build/default + - cd build/default + - cmake -DUSE_MBEDTLS=ON ../.. + - make + - make test + build_acl_test_script: + - mkdir -p build/acl + - cd build/acl + - cmake -DUSE_MBEDTLS=ON -DWITH_ACL=ON ../.. + - make + - make test + linux_openssl_task: container: matrix: From c4b83df7982d58c9846bfd9269467abddb526a3a Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 04:44:57 +0300 Subject: [PATCH 12/23] Update .cirrus.yml Add python to build new mbedtls version --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index bebac9c..013e984 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -70,7 +70,7 @@ linux_mbedtls_v3_task: # use master branch of libevent to support mbedtls install_script: - apt update && apt upgrade -y - - DEBIAN_FRONTEND=noninteractive apt install -y unzip git cmake build-essential curl libssl-dev libmbedtls-dev libpcre3-dev + - DEBIAN_FRONTEND=noninteractive apt install -y unzip git cmake build-essential curl libssl-dev libmbedtls-dev libpcre3-dev python3-dev prepare_script: - git submodule update --init - curl -L https://github.com/libevent/libevent/archive/refs/heads/master.zip -o libevent.zip From c9697dd777a8b60e7b8fbf77ea9fcb8ec4ff0d71 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 05:03:36 +0300 Subject: [PATCH 13/23] Update .cirrus.yml changed mbedtls version to 3.5.2 --- .cirrus.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 013e984..fd3a34c 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -76,9 +76,9 @@ linux_mbedtls_v3_task: # use master branch of libevent to support mbedtls - curl -L https://github.com/libevent/libevent/archive/refs/heads/master.zip -o libevent.zip - unzip libevent.zip - cd libevent-master && cmake -DCMAKE_BUILD_TYPE=Release . && make install && cd .. - - curl -L https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v3.6.2.zip -o mbedtls.zip + - curl -L https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v3.5.2.zip -o mbedtls.zip - unzip mbedtls.zip - - cd mbedtls-3.6.2 && cmake -DCMAKE_BUILD_TYPE=Release -DENABLE_TESTING=OFF -DENABLE_PROGRAMS=OFF . && make install && cd .. + - cd mbedtls-3.5.2 && cmake -DCMAKE_BUILD_TYPE=Release -DENABLE_TESTING=OFF -DENABLE_PROGRAMS=OFF . && make install && cd .. build_default_test_script: - mkdir -p build/default - cd build/default From 89b96624e040ce443c40821c6b83a94028a25540 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 14:06:17 +0300 Subject: [PATCH 14/23] Update CMakeLists.txt add verbose output on test failure --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index c732682..d1605ef 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -332,6 +332,7 @@ if(NOT ${A2X_EXECUTABLE} STREQUAL A2X_EXECUTABLE-NOTFOUND) endif() # tests +list(APPEND CMAKE_CTEST_ARGUMENTS "--output-on-failure") enable_testing() add_subdirectory(test) From 008da80050e479c3d36a4248d591a3e17633e3c5 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 14:57:52 +0300 Subject: [PATCH 15/23] Update mbedtls.c Try to fit old tests --- src/crypto/mbedtls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index 2ea2f6e..9231fff 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -484,7 +484,7 @@ static bool pgs_cryptor_encrypt_gcm(pgs_cryptor_t *ptr, uint8_t *ciphertext, size_t *ciphertext_len) { size_t out_len = 0, tmp_len = 0; - unsigned char last_block[16] = {0}; + unsigned char last_block[8] = {0}; if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_ENCRYPT, ptr->iv, ptr->iv_len)) { @@ -517,7 +517,7 @@ static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, uint8_t *plaintext, size_t *plaintext_len) { size_t out_len = 0, tmp_len = 0; - unsigned char last_block[16] = {0}; + unsigned char last_block[8] = {0}; if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv,ptr->iv_len) && mbedtls_gcm_update_ad(ptr->ctx, tag, ptr->tag_len)) { From 4e6a0cd3b073e65d958d2c2846e3653ba5f01743 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 15:06:35 +0300 Subject: [PATCH 16/23] Update mbedtls.c revert last commit --- src/crypto/mbedtls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index 9231fff..2ea2f6e 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -484,7 +484,7 @@ static bool pgs_cryptor_encrypt_gcm(pgs_cryptor_t *ptr, uint8_t *ciphertext, size_t *ciphertext_len) { size_t out_len = 0, tmp_len = 0; - unsigned char last_block[8] = {0}; + unsigned char last_block[16] = {0}; if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_ENCRYPT, ptr->iv, ptr->iv_len)) { @@ -517,7 +517,7 @@ static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, uint8_t *plaintext, size_t *plaintext_len) { size_t out_len = 0, tmp_len = 0; - unsigned char last_block[8] = {0}; + unsigned char last_block[16] = {0}; if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv,ptr->iv_len) && mbedtls_gcm_update_ad(ptr->ctx, tag, ptr->tag_len)) { From d2a3effe944575671c77857018e208632fdfcaa0 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 18:22:55 +0300 Subject: [PATCH 17/23] Update mbedtls.c Fix AES implementation --- src/crypto/mbedtls.c | 139 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index 2ea2f6e..a659499 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -238,6 +238,8 @@ void hmac_md5(const uint8_t *key, uint64_t key_len, const uint8_t *data, assert(*out_len == 16); } +#if MBEDTLS_VERSION_NUMBER < 0x03000000 + int aes_128_cfb_encrypt(const uint8_t *plaintext, int plaintext_len, const uint8_t *key, const uint8_t *iv, uint8_t *ciphertext) @@ -314,6 +316,143 @@ int aes_128_cfb_decrypt(const uint8_t *ciphertext, int ciphertext_len, return -1; } +#else + +int aes_128_cfb_encrypt(const uint8_t *plaintext, int plaintext_len, + const uint8_t *key, const uint8_t *iv, + uint8_t *ciphertext) +{ + int ciphertext_len = 0; + size_t len = 0; + size_t total_len = 0; + mbedtls_cipher_context_t ctx; + + // Initialize cipher context + mbedtls_cipher_init(&ctx); + + // Get cipher information for AES-128-CFB128 + const mbedtls_cipher_info_t *info = + mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CFB128); + if (info == NULL) { + fprintf(stderr, "Failed to get cipher info\n"); + goto error; + } + + // Setup the cipher context + if (mbedtls_cipher_setup(&ctx, info)) { + fprintf(stderr, "Failed to setup cipher\n"); + goto error; + } + + // Set the IV + if (mbedtls_cipher_set_iv(&ctx, iv, mbedtls_cipher_get_iv_size(&ctx))) { + fprintf(stderr, "Failed to set IV\n"); + goto error; + } + + // Set the key for encryption + if (mbedtls_cipher_setkey(&ctx, key, + mbedtls_cipher_get_key_bitlen(&ctx), + MBEDTLS_ENCRYPT)) { + fprintf(stderr, "Failed to set key\n"); + goto error; + } + + // Perform encryption + if (mbedtls_cipher_update(&ctx, plaintext, plaintext_len, ciphertext, &len)) { + fprintf(stderr, "Failed to update cipher\n"); + goto error; + } + total_len += len; + + // Finalize encryption + if (mbedtls_cipher_finish(&ctx, ciphertext + total_len, &len)) { + fprintf(stderr, "Failed to finish cipher\n"); + goto error; + } + total_len += len; + + ciphertext_len = (int)total_len; + + // Free the cipher context + mbedtls_cipher_free(&ctx); + + return ciphertext_len; + +error: + mbedtls_cipher_free(&ctx); + perror("aes_128_cfb_encrypt"); + return -1; +} + +int aes_128_cfb_decrypt(const uint8_t *ciphertext, int ciphertext_len, + const uint8_t *key, const uint8_t *iv, + uint8_t *plaintext) +{ + int plaintext_len = 0; + size_t len = 0; + size_t total_len = 0; + mbedtls_cipher_context_t ctx; + + mbedtls_cipher_init(&ctx); + + // Get cipher information for AES-128-CFB128 + const mbedtls_cipher_info_t *info = + mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CFB128); + if (info == NULL) { + fprintf(stderr, "Failed to get cipher info\n"); + goto error; + } + + // Initialize cipher context + if (mbedtls_cipher_setup(&ctx, info)) { + fprintf(stderr, "Failed to setup cipher\n"); + goto error; + } + + // Set the IV + if (mbedtls_cipher_set_iv(&ctx, iv, mbedtls_cipher_get_iv_size(&ctx))) { + fprintf(stderr, "Failed to set IV\n"); + goto error; + } + + // Set the key for decryption + if (mbedtls_cipher_setkey(&ctx, key, + mbedtls_cipher_get_key_bitlen(&ctx), + MBEDTLS_DECRYPT)) { + fprintf(stderr, "Failed to set key\n"); + goto error; + } + + // Perform decryption + if (mbedtls_cipher_update(&ctx, ciphertext, ciphertext_len, plaintext, &len)) { + fprintf(stderr, "Failed to update cipher\n"); + goto error; + } + total_len += len; + + // Finalize decryption + if (mbedtls_cipher_finish(&ctx, plaintext + total_len, &len)) { + fprintf(stderr, "Failed to finish cipher\n"); + goto error; + } + total_len += len; + + plaintext_len = (int)total_len; + + // Free the cipher context + mbedtls_cipher_free(&ctx); + + return plaintext_len; + +error: + mbedtls_cipher_free(&ctx); + perror("aes_128_cfb_decrypt"); + return -1; +} + +#endif + bool hkdf_sha1(const uint8_t *salt, size_t salt_len, const uint8_t *ikm, size_t ikm_len, const uint8_t *info, size_t info_len, uint8_t *okm, size_t okm_len) From be58615ce1219ae7d9820cd969a96d2e0475cde0 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 18:42:10 +0300 Subject: [PATCH 18/23] Update mbedtls.c revert previous changes and update pgs_cryptor_decrypt_gcm function --- src/crypto/mbedtls.c | 198 ++++++++----------------------------------- 1 file changed, 33 insertions(+), 165 deletions(-) diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index a659499..79e8de7 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -238,8 +238,6 @@ void hmac_md5(const uint8_t *key, uint64_t key_len, const uint8_t *data, assert(*out_len == 16); } -#if MBEDTLS_VERSION_NUMBER < 0x03000000 - int aes_128_cfb_encrypt(const uint8_t *plaintext, int plaintext_len, const uint8_t *key, const uint8_t *iv, uint8_t *ciphertext) @@ -316,143 +314,6 @@ int aes_128_cfb_decrypt(const uint8_t *ciphertext, int ciphertext_len, return -1; } -#else - -int aes_128_cfb_encrypt(const uint8_t *plaintext, int plaintext_len, - const uint8_t *key, const uint8_t *iv, - uint8_t *ciphertext) -{ - int ciphertext_len = 0; - size_t len = 0; - size_t total_len = 0; - mbedtls_cipher_context_t ctx; - - // Initialize cipher context - mbedtls_cipher_init(&ctx); - - // Get cipher information for AES-128-CFB128 - const mbedtls_cipher_info_t *info = - mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CFB128); - if (info == NULL) { - fprintf(stderr, "Failed to get cipher info\n"); - goto error; - } - - // Setup the cipher context - if (mbedtls_cipher_setup(&ctx, info)) { - fprintf(stderr, "Failed to setup cipher\n"); - goto error; - } - - // Set the IV - if (mbedtls_cipher_set_iv(&ctx, iv, mbedtls_cipher_get_iv_size(&ctx))) { - fprintf(stderr, "Failed to set IV\n"); - goto error; - } - - // Set the key for encryption - if (mbedtls_cipher_setkey(&ctx, key, - mbedtls_cipher_get_key_bitlen(&ctx), - MBEDTLS_ENCRYPT)) { - fprintf(stderr, "Failed to set key\n"); - goto error; - } - - // Perform encryption - if (mbedtls_cipher_update(&ctx, plaintext, plaintext_len, ciphertext, &len)) { - fprintf(stderr, "Failed to update cipher\n"); - goto error; - } - total_len += len; - - // Finalize encryption - if (mbedtls_cipher_finish(&ctx, ciphertext + total_len, &len)) { - fprintf(stderr, "Failed to finish cipher\n"); - goto error; - } - total_len += len; - - ciphertext_len = (int)total_len; - - // Free the cipher context - mbedtls_cipher_free(&ctx); - - return ciphertext_len; - -error: - mbedtls_cipher_free(&ctx); - perror("aes_128_cfb_encrypt"); - return -1; -} - -int aes_128_cfb_decrypt(const uint8_t *ciphertext, int ciphertext_len, - const uint8_t *key, const uint8_t *iv, - uint8_t *plaintext) -{ - int plaintext_len = 0; - size_t len = 0; - size_t total_len = 0; - mbedtls_cipher_context_t ctx; - - mbedtls_cipher_init(&ctx); - - // Get cipher information for AES-128-CFB128 - const mbedtls_cipher_info_t *info = - mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CFB128); - if (info == NULL) { - fprintf(stderr, "Failed to get cipher info\n"); - goto error; - } - - // Initialize cipher context - if (mbedtls_cipher_setup(&ctx, info)) { - fprintf(stderr, "Failed to setup cipher\n"); - goto error; - } - - // Set the IV - if (mbedtls_cipher_set_iv(&ctx, iv, mbedtls_cipher_get_iv_size(&ctx))) { - fprintf(stderr, "Failed to set IV\n"); - goto error; - } - - // Set the key for decryption - if (mbedtls_cipher_setkey(&ctx, key, - mbedtls_cipher_get_key_bitlen(&ctx), - MBEDTLS_DECRYPT)) { - fprintf(stderr, "Failed to set key\n"); - goto error; - } - - // Perform decryption - if (mbedtls_cipher_update(&ctx, ciphertext, ciphertext_len, plaintext, &len)) { - fprintf(stderr, "Failed to update cipher\n"); - goto error; - } - total_len += len; - - // Finalize decryption - if (mbedtls_cipher_finish(&ctx, plaintext + total_len, &len)) { - fprintf(stderr, "Failed to finish cipher\n"); - goto error; - } - total_len += len; - - plaintext_len = (int)total_len; - - // Free the cipher context - mbedtls_cipher_free(&ctx); - - return plaintext_len; - -error: - mbedtls_cipher_free(&ctx); - perror("aes_128_cfb_decrypt"); - return -1; -} - -#endif - bool hkdf_sha1(const uint8_t *salt, size_t salt_len, const uint8_t *ikm, size_t ikm_len, const uint8_t *info, size_t info_len, uint8_t *okm, size_t okm_len) @@ -651,35 +512,42 @@ static bool pgs_cryptor_encrypt_gcm(pgs_cryptor_t *ptr, } static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, - const uint8_t *ciphertext, - size_t ciphertext_len, const uint8_t *tag, - uint8_t *plaintext, size_t *plaintext_len) + const uint8_t *ciphertext, + size_t ciphertext_len, const uint8_t *tag, + uint8_t *plaintext, size_t *plaintext_len) { - size_t out_len = 0, tmp_len = 0; - unsigned char last_block[16] = {0}; + size_t out_len = 0, tmp_len = 0; + unsigned char last_block[16] = {0}; - if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv,ptr->iv_len) - && mbedtls_gcm_update_ad(ptr->ctx, tag, ptr->tag_len)) { - return false; - } - if (mbedtls_gcm_update(ptr->ctx, ciphertext, ciphertext_len, plaintext, - *plaintext_len, &out_len)) { - return false; - } - if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, - (unsigned char *)tag, ptr->tag_len)) { - return false; - } - if (tmp_len > 0) { - if (out_len + tmp_len > *plaintext_len) { - return false; - } - memcpy(plaintext + out_len, last_block, tmp_len); - out_len += tmp_len; - } + // Start GCM decryption + if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv, ptr->iv_len) != 0 || + mbedtls_gcm_update_ad(ptr->ctx, tag, ptr->tag_len) != 0) { + return false; + } - *plaintext_len = out_len; - return true; + // Decrypt the ciphertext + if (mbedtls_gcm_update(ptr->ctx, ciphertext, ciphertext_len, plaintext, + &out_len) != 0) { + return false; + } + + // Finalize decryption and verify tag + if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, + (unsigned char *)tag, ptr->tag_len) != 0) { + return false; + } + + // Add any residual data from last_block to plaintext + if (tmp_len > 0) { + if (out_len + tmp_len > *plaintext_len) { + return false; // Insufficient buffer + } + memcpy(plaintext + out_len, last_block, tmp_len); + out_len += tmp_len; + } + + *plaintext_len = out_len; + return true; } #endif From 6e79e1f843a01eb2a8d83396e4508fc281f68e26 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 18:47:00 +0300 Subject: [PATCH 19/23] Update mbedtls.c update pgs_cryptor_encrypt_gcm function for correct error handeling --- src/crypto/mbedtls.c | 58 +++++++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index 79e8de7..7de5f10 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -479,36 +479,40 @@ static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, #else static bool pgs_cryptor_encrypt_gcm(pgs_cryptor_t *ptr, - const uint8_t *plaintext, - size_t plaintext_len, uint8_t *tag, - uint8_t *ciphertext, size_t *ciphertext_len) + const uint8_t *plaintext, + size_t plaintext_len, uint8_t *tag, + uint8_t *ciphertext, size_t *ciphertext_len) { - size_t out_len = 0, tmp_len = 0; - unsigned char last_block[16] = {0}; - - if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_ENCRYPT, ptr->iv, - ptr->iv_len)) { - return false; - } + size_t out_len = 0, tmp_len = 0; + unsigned char last_block[16] = {0}; - if (mbedtls_gcm_update(ptr->ctx, plaintext, plaintext_len, ciphertext, - *ciphertext_len, &out_len)) { - return false; - } - if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, - (unsigned char *)tag, ptr->tag_len)) { - return false; - } - if (tmp_len > 0) { - if (out_len + tmp_len > *ciphertext_len) { - return false; - } - memcpy(ciphertext + out_len, last_block, tmp_len); - out_len += tmp_len; - } + // Start GCM encryption + if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_ENCRYPT, ptr->iv, ptr->iv_len) != 0) { + return false; + } - *ciphertext_len = out_len; - return true; + // Encrypt the plaintext + if (mbedtls_gcm_update(ptr->ctx, plaintext, plaintext_len, ciphertext, &out_len) != 0) { + return false; + } + + // Finalize encryption and generate the authentication tag + if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, + tag, ptr->tag_len) != 0) { + return false; + } + + // Add any residual data from last_block to ciphertext + if (tmp_len > 0) { + if (out_len + tmp_len > *ciphertext_len) { + return false; // Insufficient buffer + } + memcpy(ciphertext + out_len, last_block, tmp_len); + out_len += tmp_len; + } + + *ciphertext_len = out_len; + return true; } static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, From 009266759b0c1658a0268210fae96a446622ad24 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 18:57:42 +0300 Subject: [PATCH 20/23] Update mbedtls.c update enc and dec gcm functions for version 3 --- src/crypto/mbedtls.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index 7de5f10..a051fe1 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -491,8 +491,8 @@ static bool pgs_cryptor_encrypt_gcm(pgs_cryptor_t *ptr, return false; } - // Encrypt the plaintext - if (mbedtls_gcm_update(ptr->ctx, plaintext, plaintext_len, ciphertext, &out_len) != 0) { + // Encrypt the plaintext (updated signature for mbedTLS v3) + if (mbedtls_gcm_update(ptr->ctx, plaintext_len, plaintext, ciphertext, plaintext_len, &out_len) != 0) { return false; } @@ -524,20 +524,18 @@ static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, unsigned char last_block[16] = {0}; // Start GCM decryption - if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv, ptr->iv_len) != 0 || - mbedtls_gcm_update_ad(ptr->ctx, tag, ptr->tag_len) != 0) { + if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv, ptr->iv_len) != 0) { return false; } - // Decrypt the ciphertext - if (mbedtls_gcm_update(ptr->ctx, ciphertext, ciphertext_len, plaintext, - &out_len) != 0) { + // Decrypt the ciphertext (updated signature for mbedTLS v3) + if (mbedtls_gcm_update(ptr->ctx, ciphertext_len, ciphertext, plaintext, ciphertext_len, &out_len) != 0) { return false; } - // Finalize decryption and verify tag + // Finalize decryption and validate the authentication tag if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, - (unsigned char *)tag, ptr->tag_len) != 0) { + tag, ptr->tag_len) != 0) { return false; } From 80da567eb214ac4de238bcb41e0db414956e8911 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sat, 14 Dec 2024 19:06:59 +0300 Subject: [PATCH 21/23] Update mbedtls.c revert all changes to 1st version --- src/crypto/mbedtls.c | 123 ++++++++++++++++++++----------------------- 1 file changed, 57 insertions(+), 66 deletions(-) diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index a051fe1..2ea2f6e 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -479,77 +479,68 @@ static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, #else static bool pgs_cryptor_encrypt_gcm(pgs_cryptor_t *ptr, - const uint8_t *plaintext, - size_t plaintext_len, uint8_t *tag, - uint8_t *ciphertext, size_t *ciphertext_len) + const uint8_t *plaintext, + size_t plaintext_len, uint8_t *tag, + uint8_t *ciphertext, size_t *ciphertext_len) { - size_t out_len = 0, tmp_len = 0; - unsigned char last_block[16] = {0}; - - // Start GCM encryption - if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_ENCRYPT, ptr->iv, ptr->iv_len) != 0) { - return false; - } - - // Encrypt the plaintext (updated signature for mbedTLS v3) - if (mbedtls_gcm_update(ptr->ctx, plaintext_len, plaintext, ciphertext, plaintext_len, &out_len) != 0) { - return false; - } - - // Finalize encryption and generate the authentication tag - if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, - tag, ptr->tag_len) != 0) { - return false; - } - - // Add any residual data from last_block to ciphertext - if (tmp_len > 0) { - if (out_len + tmp_len > *ciphertext_len) { - return false; // Insufficient buffer - } - memcpy(ciphertext + out_len, last_block, tmp_len); - out_len += tmp_len; - } - - *ciphertext_len = out_len; - return true; + size_t out_len = 0, tmp_len = 0; + unsigned char last_block[16] = {0}; + + if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_ENCRYPT, ptr->iv, + ptr->iv_len)) { + return false; + } + + if (mbedtls_gcm_update(ptr->ctx, plaintext, plaintext_len, ciphertext, + *ciphertext_len, &out_len)) { + return false; + } + if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, + (unsigned char *)tag, ptr->tag_len)) { + return false; + } + if (tmp_len > 0) { + if (out_len + tmp_len > *ciphertext_len) { + return false; + } + memcpy(ciphertext + out_len, last_block, tmp_len); + out_len += tmp_len; + } + + *ciphertext_len = out_len; + return true; } static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, - const uint8_t *ciphertext, - size_t ciphertext_len, const uint8_t *tag, - uint8_t *plaintext, size_t *plaintext_len) + const uint8_t *ciphertext, + size_t ciphertext_len, const uint8_t *tag, + uint8_t *plaintext, size_t *plaintext_len) { - size_t out_len = 0, tmp_len = 0; - unsigned char last_block[16] = {0}; - - // Start GCM decryption - if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv, ptr->iv_len) != 0) { - return false; - } - - // Decrypt the ciphertext (updated signature for mbedTLS v3) - if (mbedtls_gcm_update(ptr->ctx, ciphertext_len, ciphertext, plaintext, ciphertext_len, &out_len) != 0) { - return false; - } - - // Finalize decryption and validate the authentication tag - if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, - tag, ptr->tag_len) != 0) { - return false; - } - - // Add any residual data from last_block to plaintext - if (tmp_len > 0) { - if (out_len + tmp_len > *plaintext_len) { - return false; // Insufficient buffer - } - memcpy(plaintext + out_len, last_block, tmp_len); - out_len += tmp_len; - } - - *plaintext_len = out_len; - return true; + size_t out_len = 0, tmp_len = 0; + unsigned char last_block[16] = {0}; + + if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv,ptr->iv_len) + && mbedtls_gcm_update_ad(ptr->ctx, tag, ptr->tag_len)) { + return false; + } + if (mbedtls_gcm_update(ptr->ctx, ciphertext, ciphertext_len, plaintext, + *plaintext_len, &out_len)) { + return false; + } + if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, + (unsigned char *)tag, ptr->tag_len)) { + return false; + } + if (tmp_len > 0) { + if (out_len + tmp_len > *plaintext_len) { + return false; + } + memcpy(plaintext + out_len, last_block, tmp_len); + out_len += tmp_len; + } + + *plaintext_len = out_len; + return true; } #endif From 33723f3960d668f90396bbea12b06ee1805ff119 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sun, 15 Dec 2024 22:24:18 +0300 Subject: [PATCH 22/23] Update mbedtls.c Fixed gcm for mbedtls v3 implementation. From 5b8245ab3f712f2ac5d4c1a4ba161cf607a0c212 Mon Sep 17 00:00:00 2001 From: NewUse <7342068+NewUse@users.noreply.github.com> Date: Sun, 15 Dec 2024 22:37:59 +0300 Subject: [PATCH 23/23] Update mbedtls.c Fixed mbedtls version 3 implementation. --- src/crypto/mbedtls.c | 57 ++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 29 deletions(-) diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index 2ea2f6e..0be9661 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -483,31 +483,30 @@ static bool pgs_cryptor_encrypt_gcm(pgs_cryptor_t *ptr, size_t plaintext_len, uint8_t *tag, uint8_t *ciphertext, size_t *ciphertext_len) { - size_t out_len = 0, tmp_len = 0; - unsigned char last_block[16] = {0}; - + size_t out_len = 0; + + // Start the GCM operation if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_ENCRYPT, ptr->iv, ptr->iv_len)) { return false; } - if (mbedtls_gcm_update(ptr->ctx, plaintext, plaintext_len, ciphertext, - *ciphertext_len, &out_len)) { + // Pass associated data if any (in this case, NULL and 0 since not used here) + if (mbedtls_gcm_update_ad(ptr->ctx, NULL, 0)) { return false; } - if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, - (unsigned char *)tag, ptr->tag_len)) { + + // Encrypt the plaintext + if (mbedtls_gcm_update(ptr->ctx, plaintext, plaintext_len, ciphertext, plaintext_len, &out_len)) { return false; } - if (tmp_len > 0) { - if (out_len + tmp_len > *ciphertext_len) { - return false; - } - memcpy(ciphertext + out_len, last_block, tmp_len); - out_len += tmp_len; + + // Finalize the operation and generate the tag + if (mbedtls_gcm_finish(ptr->ctx, NULL, 0, &out_len, tag, ptr->tag_len)) { + return false; } - *ciphertext_len = out_len; + *ciphertext_len = plaintext_len; // The ciphertext length matches the plaintext length return true; } @@ -516,30 +515,30 @@ static bool pgs_cryptor_decrypt_gcm(pgs_cryptor_t *ptr, size_t ciphertext_len, const uint8_t *tag, uint8_t *plaintext, size_t *plaintext_len) { - size_t out_len = 0, tmp_len = 0; - unsigned char last_block[16] = {0}; + size_t out_len = 0; - if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv,ptr->iv_len) - && mbedtls_gcm_update_ad(ptr->ctx, tag, ptr->tag_len)) { + // Start the GCM operation + if (mbedtls_gcm_starts(ptr->ctx, MBEDTLS_GCM_DECRYPT, ptr->iv, + ptr->iv_len)) { return false; } - if (mbedtls_gcm_update(ptr->ctx, ciphertext, ciphertext_len, plaintext, - *plaintext_len, &out_len)) { + + // Pass associated data if any (in this case, NULL and 0 since not used here) + if (mbedtls_gcm_update_ad(ptr->ctx, NULL, 0)) { return false; } - if (mbedtls_gcm_finish(ptr->ctx, last_block, sizeof(last_block), &tmp_len, - (unsigned char *)tag, ptr->tag_len)) { + + // Decrypt the ciphertext + if (mbedtls_gcm_update(ptr->ctx, ciphertext, ciphertext_len, plaintext, ciphertext_len, &out_len)) { return false; } - if (tmp_len > 0) { - if (out_len + tmp_len > *plaintext_len) { - return false; - } - memcpy(plaintext + out_len, last_block, tmp_len); - out_len += tmp_len; + + // Finalize the operation + if (mbedtls_gcm_finish(ptr->ctx, NULL, 0, &out_len, (unsigned char *)tag, ptr->tag_len)) { + return false; } - *plaintext_len = out_len; + *plaintext_len = ciphertext_len; // The plaintext length matches the ciphertext length return true; }