Commit graph

58 commits

Author SHA1 Message Date
Ali Mohammad Pur
def379ce3f LibCrypto: Move some data around earlier in GHash to make it go faster
This makes galois_multiply() about 10% faster.
2024-05-20 08:03:35 +02:00
Timothy Flynn
ec492a1a08 Everywhere: Run clang-format
The following command was used to clang-format these files:

    clang-format-18 -i $(find . \
        -not \( -path "./\.*" -prune \) \
        -not \( -path "./Base/*" -prune \) \
        -not \( -path "./Build/*" -prune \) \
        -not \( -path "./Toolchain/*" -prune \) \
        -not \( -path "./Ports/*" -prune \) \
        -type f -name "*.cpp" -o -name "*.mm" -o -name "*.h")

There are a couple of weird cases where clang-format now thinks that a
pointer access in an initializer list, e.g. `m_member(ptr->foo)`, is a
lambda return statement, and it puts spaces around the `->`.
2024-04-24 16:50:01 -04:00
stelar7
0e53b87261 LibCrypto: Add OAEP 2024-04-08 09:34:49 -06:00
stelar7
73a534494c LibCrypto: Add MGF1 2024-04-08 09:34:49 -06:00
Timothy Flynn
23b25333a5 LibCrypto: Avoid needless ByteString usage in unit tests 2024-04-04 11:23:21 +02:00
stelar7
0359e8848a LibCrypto: Add roundtrip test for parsing RSA private keys 2024-03-25 14:06:19 -06:00
Ali Mohammad Pur
0994aa91dc LibCrypto: Remove unused Crypto::PK::EMSA_PSS class
This is not used, and its implementation is not actually correct
regardless.
2024-03-16 01:17:02 -06:00
Ali Mohammad Pur
15836cc865 LibCrypto: Parse and store all RSA private key components 2024-03-16 01:17:02 -06:00
Ali Mohammad Pur
d451f84f31 LibCrypto: Add a minimal DER encoder
Progress towards #23562.
2024-03-16 01:17:02 -06:00
Timothy Flynn
928287b782 LibCrypto: Store ASN1 certificate timestamps as UnixDateTime
We are currently using Core::DateTime, which is meant to represent local
time. However, we are doing no conversion between the parsed time in UTC
and local time, so we end up comparing time stamps from different time
zones.

Instead, store the parsed times as UnixDateTime, which is UTC. Then we
can always compare the parsed times against the current UTC time.

This also lets us store parsed milliseconds.
2024-03-08 00:41:23 +01:00
Tim Ledbetter
4a7236cabf Everywhere: Prefer _string when constructing strings from literals 2024-02-08 11:01:10 -05:00
implicitfield
05ee5ffa36 LibCrypto: Add support for the POSIX cksum algorithm 2024-01-18 18:01:26 +03:30
Tim Ledbetter
d545fb2b60 LibCrypto: Parse negative input correctly in BigFraction::from_string()
Previously, when calling `BigFraction::from_string()`, the fractional
part of the number was always treated as positive. This led to an
incorrect result if the input string was negative.
2024-01-14 20:15:15 +01:00
Tim Ledbetter
48a3a02238 LibCrypto: Make constructing a BigInteger from string fallible
Previously, constructing a `UnsignedBigInteger::from_base()` could
produce an incorrect result if the input string contained a valid
Base36 digit that was out of range of the given base. The same method
would also crash if the input string contained an invalid Base36 digit.
An error is now returned in both these cases.

Constructing a BigFraction from string is now also fallible, so that we
can handle the case where we are given an input string with invalid
digits.
2024-01-13 19:01:35 -07:00
Ali Mohammad Pur
5e1499d104 Everywhere: Rename {Deprecated => Byte}String
This commit un-deprecates DeprecatedString, and repurposes it as a byte
string.
As the null state has already been removed, there are no other
particularly hairy blockers in repurposing this type as a byte string
(what it _really_ is).

This commit is auto-generated:
  $ xs=$(ack -l \bDeprecatedString\b\|deprecated_string AK Userland \
    Meta Ports Ladybird Tests Kernel)
  $ perl -pie 's/\bDeprecatedString\b/ByteString/g;
    s/deprecated_string/byte_string/g' $xs
  $ clang-format --style=file -i \
    $(git diff --name-only | grep \.cpp\|\.h)
  $ gn format $(git ls-files '*.gn' '*.gni')
2023-12-17 18:25:10 +03:30
Michiel Visser
bc9cdd4394 LibCrypto+LibTLS: Switch to the generic SECPxxxr1 implementation 2023-11-27 09:43:07 +03:30
Michiel Visser
59c22c0349 Tests/LibCrypto: Add tests for SECP384r1 curve 2023-11-27 09:43:07 +03:30
stelar7
73ef102b01 LibCrypto: Add Chacha20Poly1305 2023-09-26 13:22:04 +03:30
implicitfield
1b3ad1c721 LibCrypto: Add support for BLAKE2b 2023-09-17 16:49:35 +03:30
stelar7
371974ed4a LibCrypto: Add PBKDF2 2023-04-09 17:05:18 -06:00
Timothy Flynn
15532df83d AK+Everywhere: Change AK::fill_with_random to accept a Bytes object
Rather than the very C-like API we currently have, accepting a void* and
a length, let's take a Bytes object instead. In almost all existing
cases, the compiler figures out the length.
2023-04-03 15:53:49 +02:00
Jelle Raaijmakers
0606d371fe Tests/LibCrypto: Test block splitting logic for SHA1/SHA256
We were not testing this logic and I caused a regression while
modifying some of the hashing code, so let's add these. Note that I only
added two tests to test both 'families' of implementations for the SHA
hashes.
2023-03-24 15:28:10 +00:00
Timothy Flynn
3ad1f250e7 LibCrypto: Define *BigInteger::to_base to convert big integers to String 2023-01-15 01:00:20 +00:00
Timothy Flynn
0ddc2e1f50 LibCrypto+Everywhere: Rename *BigInteger::to_base to to_base_deprecated 2023-01-15 01:00:20 +00:00
Ben Wiederhake
0aed7f1c8e LibCrypto: Don't crash in ASN1::parse_generalized_time on missing 'Z' 2022-12-31 23:21:17 +01:00
Ben Wiederhake
0ca41d2813 LibCrypto: Don't crash in ASN1::parse_utc_time on missing 'Z'
The underlying reason is an unconditional call to consume(), even if
there is no reason to expect that the string continues.

This crash was discovered by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42354
This bug exists since the code was first written in April 2021:
13abbc5ea8
2022-12-31 23:21:17 +01:00
Ben Wiederhake
29261809ef LibCrypto+Tests: Test and demonstrate broken ASN1::parse_utc_time 2022-12-31 23:21:17 +01:00
Linus Groh
6e19ab2bbc AK+Everywhere: Rename String to DeprecatedString
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
2022-12-06 08:54:33 +01:00
Moustafa Raafat
54b8a2b094 LibCrypto: Add a way to compare UnsignedBigInteger with double
This patch also make SignedBigInteger::compare_to_double make use
of the new function.
2022-11-02 22:04:34 -06:00
davidot
528891bf69 LibCrypto: Add a constructor to (Un)SignedBigInteger taking a double
For now this will assume that the double given is exactly representable
as an integer, so no NaN, infinity or rounding.
2022-08-26 19:18:26 +01:00
davidot
c87d10365b LibCrypto: Make the constructors of (Un)SignedBigInteger templated
This means it can take any (un)signed word of size at most Word.
This means the constructor can be disambiguated if we were to add a
double constructor :^).

This requires a change in just one test.
2022-08-26 19:18:26 +01:00
davidot
77d71a5ffd LibCrypto: Add a rounding mode to UnsignedBigInteger::to_double
This allows using different options for rounding, like IEEE
roundTiesToEven, which is the mode that JS requires.

Also fix that the last word read from the bigint for the mantissa could
be shifted incorrectly leading to incorrect results.
2022-08-26 19:18:26 +01:00
davidot
8b8cee3172 LibCrypto: Implement a (mostly) proper to_double for UnsignedBigInteger
SignedBigInteger can immediately use this by just negating the double if
the sign bit is set.
For simple cases (below 2^53) we can just convert via an u64, however
above that we need to extract the top 53 bits and use those as the
mantissa.

This function currently does not behave exactly as the JS spec specifies
however it is much less naive than the previous implementation.
2022-08-24 23:27:17 +01:00
davidot
b5c00830c2 LibCrypto: Add a way to compare a SignedBigInteger with a double
This supports any double value (except for NaNs) instead of having to
cast the double to some smaller type which doesn't work for very large
values.
2022-08-24 23:27:17 +01:00
sin-ack
3f3f45580a Everywhere: Add sv suffix to strings relying on StringView(char const*)
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).

No functional changes.
2022-07-12 23:11:35 +02:00
stelar7
7d6b26e613 LibCrypto: Add Ed25519 2022-05-12 23:47:13 +04:30
stelar7
7bd0ebb1ab LibCrypto: Add ChaCha20 2022-04-13 09:13:17 +04:30
stelar7
c237991222 LibCrypto: Add Poly1305 2022-04-08 14:02:02 +04:30
Idan Horowitz
086969277e Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
Michiel Visser
37da5cb3b3 LibCrypto: Correctly add length to SHA384 and SHA512 hashes
The SHA384 and SHA512 hashes would produce incorrect results for data
where the length % 128 was in the range 112-119. This was because the
total number of bits in the hashed values was added at the end as a
64-bit number instead of a 128-bit number. In most cases this would not
cause any issues, as this space was padded with zeroes, however in the
case that the length % 128 was 112-119, some incorrect data ended up
where this 128-bit length value was expected.

This change fixes the problems in LibTLS where some websites would
result in a DecryptError on handshake.
2022-03-26 02:25:23 +04:30
Michiel Visser
596391a4ee LibCrypto: Add DH exchange for SECP256r1 to TestCurves 2022-03-20 00:51:50 +03:30
Michiel Visser
66d99c83d9 LibCrypto+LibTLS: Add SECP256r1 support to LibTLS
Add the required methods to SECP256r1 to conform to the EllipticCurve
virtual base class. Using this updated version of SECP256r1, support in
LibTLS is implemented.
2022-03-20 00:51:50 +03:30
Michiel Visser
c1b041e761 LibCrypto+LibTLS: Generalize the elliptic curve interface
These changes generalize the interface with an elliptic curve
implementation. This allows LibTLS to support elliptic curves generally
without needing the specifics of elliptic curve implementations.

This should allow for easier addition of other elliptic curves.
2022-03-20 00:51:50 +03:30
Michiel Visser
8f7219c6fa LibCrypto: Implement the SECP256r1 elliptic curve
This implementation of the secp256r1 elliptic curve uses two techniques
to improve the performance of the operations.

1. All coordinates are stored in Jacobian form, (X/Z^2, Y/Z^3, Z), which
   removes the need for division operations during point addition or
   doubling. The points are converted at the start of the computation,
   and converted back at the end.

2. All values are transformed to Montgomery form, to allow for faster
   modular multiplication using the Montgomery modular multiplication
   method. This means that all coordinates have to be converted into
   this form, and back out of this form before returning them.
2022-03-18 07:56:47 +03:30
stelar7
0df7ad7493 LibCrypto: Add curve X448 2022-03-09 13:04:48 +03:30
stelar7
4daa5622fe LibCrypto: Add curve x25519 2022-02-18 12:34:23 +02:00
Timothy Flynn
b0d6399f60 LibCrypto: Do not allow signed big integers to be negative zero
If a big integer were to become negative zero, set the sign to instead
be positive. This prevents odd scenarios where users of signed big ints
would falsely think the result of some big int arithmetic is negative.
2022-02-06 15:49:54 +00:00
Nico Weber
d9b6eb29bc LibCrypto+LibJS: Better bitwise binary_xor binop
We went through some trouble to make & and | work right. Reimplement ^
in terms of & and | to make ^ work right as well.

This is less fast than a direct implementation, but let's get things
working first.
2022-01-18 20:04:06 +03:30
Nico Weber
013799a4dd LibCrypto+LibJS: Better bigint bitwise_or binop
Similar to the bitwise_and change, but we have to be careful to
sign-extend two's complement numbers only up to the highest set bit
in the positive number.
2022-01-18 20:04:06 +03:30
Nico Weber
1f98639396 LibCrypto+LibJS: Better bigint bitwise_and binop
Bitwise and is defined in terms of two's complement, so some converting
needs to happen for SignedBigInteger's sign/magnitude representation to
work out.

UnsignedBigInteger::bitwise_not() is repurposed to convert all
high-order zero bits to ones up to a limit, for the two's complement
conversion to work.

Fixes test262/test/language/expressions/bitwise-and/bigint.js.
2022-01-18 20:04:06 +03:30