diff --git a/src/crypto/base64.cc b/src/crypto/base64.cc index eacbadd..e3e1997 100644 --- a/src/crypto/base64.cc +++ b/src/crypto/base64.cc @@ -31,103 +31,78 @@ */ #include -#include -#include +#include #include "fatal_assert.h" #include "base64.h" -bool base64_decode( const char *b64, const size_t b64_len, - char *raw, size_t *raw_len ) -{ - bool ret = false; +static const char table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +/* Reverse maps from an ASCII char to a base64 sixbit value. Returns > 0x3f on failure. */ +static unsigned char base64_char_to_sixbit(char c) +{ + /* + * Yes, this is slow. But it's also very simple, and easy to verify. + * We don't need performance here. + */ + const char *match = strchr(table, c); + if (!match) { + return 0xff; + } + return match - table; +} + +bool base64_decode( const char *b64, const size_t b64_len, + uint8_t *raw, size_t *raw_len ) +{ fatal_assert( b64_len == 24 ); /* only useful for Mosh keys */ fatal_assert( *raw_len == 16 ); - /* initialize input/output */ - BIO_METHOD *b64_method = BIO_f_base64(); - fatal_assert( b64_method ); - - BIO *b64_bio = BIO_new( b64_method ); - fatal_assert( b64_bio ); - - BIO_set_flags( b64_bio, BIO_FLAGS_BASE64_NO_NL ); - - BIO *mem_bio = BIO_new_mem_buf( (void *) b64, b64_len ); - fatal_assert( mem_bio ); - - BIO *combined_bio = BIO_push( b64_bio, mem_bio ); - fatal_assert( combined_bio ); - - fatal_assert( 1 == BIO_flush( combined_bio ) ); - - /* read the string */ - int bytes_read = BIO_read( combined_bio, raw, *raw_len ); - if ( bytes_read <= 0 ) { - goto end; + uint32_t bytes = 0; + for (int i = 0; i < 22; i++) { + unsigned char sixbit = base64_char_to_sixbit(*(b64++)); + if (sixbit > 0x3f) { + return false; + } + bytes <<= 6; + bytes |= sixbit; + /* write groups of 3 */ + if (i % 4 == 3) { + raw[0] = bytes >> 16; + raw[1] = bytes >> 8; + raw[2] = bytes; + raw += 3; + bytes = 0; + } } - - if ( bytes_read != (int)*raw_len ) { - goto end; + /* last byte of output */ + *raw = bytes >> 4; + if (b64[0] != '=' || b64[1] != '=') { + return false; } - - fatal_assert( 1 == BIO_flush( combined_bio ) ); - - /* check if there is more to read */ - char extra[ 256 ]; - bytes_read = BIO_read( combined_bio, extra, 256 ); - if ( bytes_read > 0 ) { - goto end; - } - - /* check if mem buf is empty */ - if ( !BIO_eof( mem_bio ) ) { - goto end; - } - - ret = true; - end: - BIO_free_all( combined_bio ); - return ret; + return true; } -void base64_encode( const char *raw, const size_t raw_len, +void base64_encode( const uint8_t *raw, const size_t raw_len, char *b64, const size_t b64_len ) { fatal_assert( b64_len == 24 ); /* only useful for Mosh keys */ fatal_assert( raw_len == 16 ); - /* initialize input/output */ - BIO_METHOD *b64_method = BIO_f_base64(), *mem_method = BIO_s_mem(); - fatal_assert( b64_method ); - fatal_assert( mem_method ); - - BIO *b64_bio = BIO_new( b64_method ), *mem_bio = BIO_new( mem_method ); - fatal_assert( b64_bio ); - fatal_assert( mem_bio ); - - BIO_set_flags( b64_bio, BIO_FLAGS_BASE64_NO_NL ); - - BIO *combined_bio = BIO_push( b64_bio, mem_bio ); - fatal_assert( combined_bio ); + /* first 15 bytes of input */ + for (int i = 0; i < 5; i++) { + uint32_t bytes = (raw[0] << 16) | (raw[1] << 8) | raw[2]; + b64[0] = table[(bytes >> 18) & 0x3f]; + b64[1] = table[(bytes >> 12) & 0x3f]; + b64[2] = table[(bytes >> 6) & 0x3f]; + b64[3] = table[(bytes) & 0x3f]; + raw += 3; + b64 += 4; + } - /* write the string */ - int bytes_written = BIO_write( combined_bio, raw, raw_len ); - fatal_assert( bytes_written >= 0 ); - - fatal_assert( bytes_written == (int)raw_len ); - - fatal_assert( 1 == BIO_flush( combined_bio ) ); - - /* check if mem buf has desired length */ - fatal_assert( BIO_pending( mem_bio ) == (int)b64_len ); - - char *mem_ptr; - - BIO_get_mem_data( mem_bio, &mem_ptr ); - - memcpy( b64, mem_ptr, b64_len ); - - BIO_free_all( combined_bio ); + /* last byte of input, last 4 of output */ + b64[0] = table[*raw >> 2]; + b64[1] = table[(*raw << 4) & 0x3f]; + b64[2] = '='; + b64[3] = '='; } diff --git a/src/crypto/base64.h b/src/crypto/base64.h index 598be22..e216dc0 100644 --- a/src/crypto/base64.h +++ b/src/crypto/base64.h @@ -30,8 +30,10 @@ also delete it here. */ -bool base64_decode( const char *b64, const size_t b64_len, - char *raw, size_t *raw_len ); +#include -void base64_encode( const char *raw, const size_t raw_len, +bool base64_decode( const char *b64, const size_t b64_len, + uint8_t *raw, size_t *raw_len ); + +void base64_encode( const uint8_t *raw, const size_t raw_len, char *b64, const size_t b64_len ); diff --git a/src/crypto/crypto.cc b/src/crypto/crypto.cc index f7e9fb5..ddfde6b 100644 --- a/src/crypto/crypto.cc +++ b/src/crypto/crypto.cc @@ -105,7 +105,7 @@ Base64Key::Base64Key( string printable_key ) string base64 = printable_key + "=="; size_t len = 16; - if ( !base64_decode( base64.data(), 24, (char *)&key[ 0 ], &len ) ) { + if ( !base64_decode( base64.data(), 24, key, &len ) ) { throw CryptoException( "Key must be well-formed base64." ); } @@ -124,11 +124,16 @@ Base64Key::Base64Key() PRNG().fill( key, sizeof( key ) ); } +Base64Key::Base64Key(PRNG &prng) +{ + prng.fill( key, sizeof( key ) ); +} + string Base64Key::printable_key( void ) const { char base64[ 24 ]; - base64_encode( (char *)key, 16, base64, 24 ); + base64_encode( key, 16, base64, 24 ); if ( (base64[ 23 ] != '=') || (base64[ 22 ] != '=') ) { diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h index fdf3a2f..174070d 100644 --- a/src/crypto/crypto.h +++ b/src/crypto/crypto.h @@ -44,7 +44,10 @@ using std::string; long int myatoi( const char *str ); +class PRNG; + namespace Crypto { + class CryptoException : public std::exception { public: string text; @@ -84,6 +87,7 @@ namespace Crypto { public: Base64Key(); /* random key */ + Base64Key(PRNG &prng); Base64Key( string printable_key ); string printable_key( void ) const; unsigned char *data( void ) { return key; } diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am index 6c8ce15..db0ec60 100644 --- a/src/tests/Makefile.am +++ b/src/tests/Makefile.am @@ -16,12 +16,16 @@ displaytests = \ unicode-combine-fallback-assert.test \ unicode-later-combining.test -check_PROGRAMS = ocb-aes encrypt-decrypt -TESTS = ocb-aes encrypt-decrypt $(displaytests) +check_PROGRAMS = ocb-aes encrypt-decrypt base64 +TESTS = ocb-aes encrypt-decrypt base64 $(displaytests) XFAIL_TESTS = \ e2e-failure.test \ emulation-back-tab.test +base64_vector.cc: $(srcdir)/genbase64.pl + $(AM_V_GEN)echo '#include "base64_vector.h"' > base64_vector.cc || rm base64_vector.cc + $(AM_V_GEN)perl $(srcdir)/genbase64.pl >> base64_vector.cc || rm base64_vector.cc + ocb_aes_SOURCES = ocb-aes.cc test_utils.cc test_utils.h ocb_aes_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util ocb_aes_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(OPENSSL_LIBS) @@ -30,7 +34,13 @@ encrypt_decrypt_SOURCES = encrypt-decrypt.cc test_utils.cc test_utils.h encrypt_decrypt_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util encrypt_decrypt_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(OPENSSL_LIBS) +base64_SOURCES = base64.cc base64_vector.cc base64_vector.h genbase64.pl +base64_CPPFLAGS = $(ocb_aes_CPPFLAGS) +base64_LDADD = $(ocb_aes_LDADD) + clean-local: clean-local-check .PHONY: clean-local-check clean-local-check: -for i in $(displaytests); do rm -rf $$i.d/; done + +CLEANFILES = base64_vector.cc diff --git a/src/tests/base64.cc b/src/tests/base64.cc new file mode 100644 index 0000000..410bf04 --- /dev/null +++ b/src/tests/base64.cc @@ -0,0 +1,141 @@ +/* + Mosh: the mobile shell + Copyright 2012 Keith Winstein + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + In addition, as a special exception, the copyright holders give + permission to link the code of portions of this program with the + OpenSSL library under certain conditions as described in each + individual source file, and distribute linked combinations including + the two. + + You must obey the GNU General Public License in all respects for all + of the code used other than OpenSSL. If you modify file(s) with this + exception, you may extend this exception to your version of the + file(s), but you are not obligated to do so. If you do not wish to do + so, delete this exception statement from your version. If you delete + this exception statement from all source files in the program, then + also delete it here. +*/ + +/* Test suite for the OCB-AES reference implementation included with Mosh. + + This tests cryptographic primitives implemented by others. It uses the + same interfaces and indeed the same compiled object code as the Mosh + client and server. It does not particularly test any code written for + the Mosh project. */ + +#include +#include +#include + +#include "base64.h" +#include "base64_vector.h" +#include "crypto.h" +#include "prng.h" +#include "fatal_assert.h" +// #include "test_utils.h" + +#define KEY_LEN 16 +#define NONCE_LEN 12 +#define TAG_LEN 16 + +bool verbose = false; + +static void test_base64( void ) { + /* run through a test vector */ + char encoded[25]; + uint8_t decoded[16]; + size_t b64_len = 24; + size_t raw_len = 16; + for ( base64_test_row *row = static_base64_vector; *row->native != '\0'; row++ ) { + memset(encoded, '\0', sizeof encoded); + memset(decoded, '\0', sizeof decoded); + + base64_encode(static_cast(row->native), raw_len, encoded, b64_len); + fatal_assert( b64_len == 24 ); + fatal_assert( !memcmp(row->encoded, encoded, sizeof encoded)); + + fatal_assert( base64_decode(row->encoded, b64_len, decoded, &raw_len )); + fatal_assert( raw_len == 16 ); + fatal_assert( !memcmp(row->native, decoded, sizeof decoded)); + } + if ( verbose ) { + printf( "validation PASSED\n" ); + } + /* try 0..255 in the last byte; make sure the final two characters are output properly */ + uint8_t source[16]; + memset(source, '\0', sizeof source); + for ( int i = 0; i < 256; i++ ) { + source[15] = i; + base64_encode(source, raw_len, encoded, b64_len); + fatal_assert( b64_len == 24 ); + + fatal_assert( base64_decode(encoded, b64_len, decoded, &raw_len )); + fatal_assert( raw_len == 16 ); + fatal_assert( !memcmp(source, decoded, sizeof decoded)); + } + if ( verbose ) { + printf( "last-byte PASSED\n" ); + } + + /* randomly try keys */ + PRNG prng; + for ( int i = 0; i < ( 1<<17 ); i++ ) { + Base64Key key1(prng); + Base64Key key2(key1.printable_key()); + fatal_assert( key1.printable_key() == key2.printable_key() && !memcmp(key1.data(), key2.data(), 16 )); + } + if ( verbose ) { + printf( "random PASSED\n" ); + } + + /* test bad keys */ + const char *bad_keys[] = { + "", + "AAAAAAAAAAAAAAAAAAAAAA", + "AAAAAAAAAAAAAAAAAAAAAA=", + "AAAAAAAAAAAAAAAAAAAAA==", + "AAAAAAAAAAAAAAAAAAAAAAA==", + "AAAAAAAAAAAAAAAAAAAAAAAA==", + "AAAAAAAAAAAAAAAAAAAAAA~=", + "AAAAAAAAAAAAAAAAAAAAAA=~", + "~AAAAAAAAAAAAAAAAAAAAA==", + "AAAAAAAAAAAAAAAAAAAA~A==", + "AAAAAAAAAAAAAAAAAAAAA~==", + "AAAAAAAAAA~AAAAAAAAAAA==", + "AAAAAAAAAA==", + NULL, + }; + for ( const char **key = bad_keys; *key != NULL; key++ ) { + b64_len = 24; + raw_len = 16; + fatal_assert( !base64_decode(*key, b64_len, decoded, &raw_len )); + } + if ( verbose ) { + printf( "bad-keys PASSED\n" ); + } +} + +int main( int argc, char *argv[] ) +{ + if ( argc >= 2 && strcmp( argv[ 1 ], "-v" ) == 0 ) { + verbose = true; + } + + test_base64(); + + return 0; +} diff --git a/src/tests/base64_vector.h b/src/tests/base64_vector.h new file mode 100644 index 0000000..fac368e --- /dev/null +++ b/src/tests/base64_vector.h @@ -0,0 +1,3 @@ +struct base64_test_row { const unsigned char native[17]; const char encoded[25]; }; +typedef base64_test_row *base64_test_vector; +extern base64_test_row static_base64_vector[]; diff --git a/src/tests/genbase64.pl b/src/tests/genbase64.pl new file mode 100755 index 0000000..369a2e3 --- /dev/null +++ b/src/tests/genbase64.pl @@ -0,0 +1,28 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use MIME::Base64; + +my @vectors = ( + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff", + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x55\x55\x55\x55\x55\x55\x55\x55", + "\x55\x55\x55\x55\x55\x55\x55\x55\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + "\x01\x02\x04\x08\x10\x20\x40\x80\xfe\xfd\xfb\xf7\xef\xdf\xbf\x7f", + ); + +print 'base64_test_row static_base64_vector[] = {' . "\n"; +for my $v (@vectors) { + print ' { "'; + my @chars = split '', $v; + for my $c (@chars) { + printf "\\x%02x", ord($c); + } + print '", "' . encode_base64($v, "") . '" },' . "\n"; +} +print ' { "", "" }' . "\n"; +print "};\n";