tmp

devgianlu · Dec 24, 2024 · 4c8c94a · 4c8c94a
1 parent 255d991
commit 4c8c94a
Show file tree

Hide file tree

Showing 8 changed files with 639 additions and 44 deletions.
diff --git a/Libraries/LibCrypto/OpenSSL.h b/Libraries/LibCrypto/OpenSSL.h
@@ -14,29 +14,42 @@
 #include <openssl/evp.h>
 
 namespace Crypto {
-
-#define OPENSSL_TRY_PTR(...)                                                                 \
-    ({                                                                                       \
-        auto* _temporary_result = (__VA_ARGS__);                                             \
-        if (!_temporary_result) [[unlikely]] {                                               \
-            auto err = ERR_get_error();                                                      \
-            VERIFY(err);                                                                     \
-            auto* err_message = ERR_error_string(err, nullptr);                              \
-            return Error::from_string_view(StringView { err_message, strlen(err_message) }); \
-        }                                                                                    \
-        _temporary_result;                                                                   \
+#define OPENSSL_TRY_PTR(...)                                                    \
+    ({                                                                          \
+        auto* _temporary_result = (__VA_ARGS__);                                \
+        if (!_temporary_result) [[unlikely]] {                                  \
+            StringBuilder err_builder;                                          \
+            err_builder.append(#__VA_ARGS__ ": "_string);                       \
+            auto err = ERR_get_error();                                         \
+            while (err != 0) {                                                  \
+                auto err_str = ERR_error_string(err, nullptr);                  \
+                err_builder.append(err_str, strlen(err_str));                   \
+                err_builder.append(", "_string);                                \
+                err = ERR_get_error();                                          \
+            }                                                                   \
+            auto err_message = MUST(err_builder.to_string());                   \
+            return Error::from_string_view(err_message.bytes_as_string_view()); \
+        }                                                                       \
+        _temporary_result;                                                      \
     })
 
-#define OPENSSL_TRY(...)                                                                     \
-    ({                                                                                       \
-        auto _temporary_result = (__VA_ARGS__);                                              \
-        if (_temporary_result != 1) [[unlikely]] {                                           \
-            auto err = ERR_get_error();                                                      \
-            VERIFY(err);                                                                     \
-            auto* err_message = ERR_error_string(err, nullptr);                              \
-            return Error::from_string_view(StringView { err_message, strlen(err_message) }); \
-        }                                                                                    \
-        _temporary_result;                                                                   \
+#define OPENSSL_TRY(...)                                                        \
+    ({                                                                          \
+        auto _temporary_result = (__VA_ARGS__);                                 \
+        if (_temporary_result != 1) [[unlikely]] {                              \
+            StringBuilder err_builder;                                          \
+            err_builder.append(#__VA_ARGS__ ": "_string);                       \
+            auto err = ERR_get_error();                                         \
+            while (err != 0) {                                                  \
+                auto err_str = ERR_error_string(err, nullptr);                  \
+                err_builder.append(err_str, strlen(err_str));                   \
+                err_builder.append(", "_string);                                \
+                err = ERR_get_error();                                          \
+            }                                                                   \
+            auto err_message = MUST(err_builder.to_string());                   \
+            return Error::from_string_view(err_message.bytes_as_string_view()); \
+        }                                                                       \
+        _temporary_result;                                                      \
     })
 
 #define OPENSSL_WRAPPER_CLASS(class_name, openssl_type, openssl_prefix) \

diff --git a/Libraries/LibCrypto/PK/PK.h b/Libraries/LibCrypto/PK/PK.h
@@ -235,8 +235,8 @@ class PKSystem {
     virtual ErrorOr<void> encrypt(ReadonlyBytes in, Bytes& out) = 0;
     virtual ErrorOr<void> decrypt(ReadonlyBytes in, Bytes& out) = 0;
 
-    virtual ErrorOr<void> verify(ReadonlyBytes in, Bytes& out) = 0;
-    virtual ErrorOr<void> sign(ReadonlyBytes in, Bytes& out) = 0;
+    virtual ErrorOr<void> sign(ReadonlyBytes message, Bytes& signature) = 0;
+    virtual ErrorOr<bool> verify(ReadonlyBytes message, ReadonlyBytes signature) = 0;
 
     virtual ByteString class_name() const = 0;
 

diff --git a/Libraries/LibCrypto/PK/RSA.cpp b/Libraries/LibCrypto/PK/RSA.cpp
@@ -243,22 +243,37 @@ ErrorOr<void> RSA::decrypt(ReadonlyBytes in, Bytes& out)
     return {};
 }
 
-ErrorOr<void> RSA::sign(ReadonlyBytes in, Bytes& out)
+ErrorOr<void> RSA::sign(ReadonlyBytes message, Bytes& signature)
 {
-    auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size());
-    auto exp = NumberTheory::ModularPower(in_integer, m_private_key.private_exponent(), m_private_key.modulus());
-    auto size = exp.export_data(out);
-    out = out.slice(out.size() - size, size);
+    auto key = TRY(private_key_to_openssl_pkey(m_private_key));
+
+    auto ctx = TRY(OpenSSL_PKEY_CTX::wrap(EVP_PKEY_CTX_new_from_pkey(nullptr, key.ptr(), nullptr)));
+
+    OPENSSL_TRY(EVP_PKEY_sign_init(ctx.ptr()));
+    OPENSSL_TRY(EVP_PKEY_CTX_set_rsa_padding(ctx.ptr(), RSA_NO_PADDING));
+
+    size_t signature_size = signature.size();
+    OPENSSL_TRY(EVP_PKEY_sign(ctx.ptr(), signature.data(), &signature_size, message.data(), message.size()));
+    signature = signature.slice(0, signature_size);
     return {};
 }
 
-ErrorOr<void> RSA::verify(ReadonlyBytes in, Bytes& out)
+ErrorOr<bool> RSA::verify(ReadonlyBytes message, ReadonlyBytes signature)
 {
-    auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size());
-    auto exp = NumberTheory::ModularPower(in_integer, m_public_key.public_exponent(), m_public_key.modulus());
-    auto size = exp.export_data(out);
-    out = out.slice(out.size() - size, size);
-    return {};
+    auto key = TRY(public_key_to_openssl_pkey(m_public_key));
+
+    auto ctx = TRY(OpenSSL_PKEY_CTX::wrap(EVP_PKEY_CTX_new_from_pkey(nullptr, key.ptr(), nullptr)));
+
+    OPENSSL_TRY(EVP_PKEY_verify_init(ctx.ptr()));
+    OPENSSL_TRY(EVP_PKEY_CTX_set_rsa_padding(ctx.ptr(), RSA_NO_PADDING));
+
+    auto ret = EVP_PKEY_verify(ctx.ptr(), signature.data(), signature.size(), message.data(), message.size());
+    if (ret == 1)
+        return true;
+    if (ret == 0)
+        return false;
+    OPENSSL_TRY(ret);
+    VERIFY_NOT_REACHED();
 }
 
 void RSA::import_private_key(ReadonlyBytes bytes, bool pem)
@@ -394,7 +409,7 @@ ErrorOr<void> RSA_PKCS1_EME::sign(ReadonlyBytes, Bytes&)
     return Error::from_string_literal("FIXME: RSA_PKCS_EME::sign");
 }
 
-ErrorOr<void> RSA_PKCS1_EME::verify(ReadonlyBytes, Bytes&)
+ErrorOr<bool> RSA_PKCS1_EME::verify(ReadonlyBytes, ReadonlyBytes)
 {
     return Error::from_string_literal("FIXME: RSA_PKCS_EME::verify");
 }

diff --git a/Libraries/LibCrypto/PK/RSA.h b/Libraries/LibCrypto/PK/RSA.h
@@ -199,8 +199,8 @@ class RSA : public PKSystem<RSAPrivateKey<IntegerType>, RSAPublicKey<IntegerType
     virtual ErrorOr<void> encrypt(ReadonlyBytes in, Bytes& out) override;
     virtual ErrorOr<void> decrypt(ReadonlyBytes in, Bytes& out) override;
 
-    virtual ErrorOr<void> verify(ReadonlyBytes in, Bytes& out) override;
-    virtual ErrorOr<void> sign(ReadonlyBytes in, Bytes& out) override;
+    virtual ErrorOr<void> sign(ReadonlyBytes message, Bytes& signature) override;
+    virtual ErrorOr<bool> verify(ReadonlyBytes message, ReadonlyBytes signature) override;
 
     virtual ByteString class_name() const override
     {
@@ -240,8 +240,8 @@ class RSA_PKCS1_EME : public RSA {
     virtual ErrorOr<void> encrypt(ReadonlyBytes in, Bytes& out) override;
     virtual ErrorOr<void> decrypt(ReadonlyBytes in, Bytes& out) override;
 
-    virtual ErrorOr<void> verify(ReadonlyBytes in, Bytes& out) override;
-    virtual ErrorOr<void> sign(ReadonlyBytes in, Bytes& out) override;
+    virtual ErrorOr<void> sign(ReadonlyBytes message, Bytes& signature) override;
+    virtual ErrorOr<bool> verify(ReadonlyBytes message, ReadonlyBytes signature) override;
 
     virtual ByteString class_name() const override
     {

diff --git a/Libraries/LibCrypto/Padding/PSS.h b/Libraries/LibCrypto/Padding/PSS.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2024, stelar7 <[email protected]>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#include <AK/ByteBuffer.h>
+#include <AK/ByteReader.h>
+#include <AK/Endian.h>
+#include <AK/Function.h>
+#include <AK/Random.h>
+#include <LibCrypto/BigInt/UnsignedBigInteger.h>
+
+namespace Crypto::Padding {
+
+class PSS {
+public:
+    template<typename HashFunction, typename MaskGenerationFunction>
+    static ErrorOr<ByteBuffer> emsa_encode(ReadonlyBytes, size_t)
+    {
+        return Error::from_string_literal("Not implemented");
+    }
+};
+
+}