1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
From 2e18341d2d69f10dafd06fbeb3782d41e65fdf87 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Fri, 15 Nov 2019 21:47:49 -0800
Subject: [PATCH] Use BearSSL for HMAC-SHA256 and AES-CBC
---
fs_net.c | 4 ++--
fs_wget.c | 45 +++++++++++++++++++++++++++++++++++++--------
fs_wget.h | 5 ++---
3 files changed, 41 insertions(+), 13 deletions(-)
diff --git a/fs_net.c b/fs_net.c
index c7c7484..18c8407 100644
--- a/fs_net.c
+++ b/fs_net.c
@@ -2556,7 +2556,7 @@ static int fs_cmd_xhr(FSDevice *fs, FSFile *f,
s->fd = fd;
s->post_fd = post_fd;
if (aes_key_len != 0) {
- AES_set_decrypt_key(aes_key, FS_KEY_LEN * 8, &s->aes_state);
+ br_aes_big_cbcdec_init(&s->aes_state.c_big, aes_key, FS_KEY_LEN);
paes_state = &s->aes_state;
} else {
paes_state = NULL;
@@ -2646,7 +2646,7 @@ static int fs_cmd_set_base_url(FSDevice *fs, const char *p)
if (aes_key_len != 0) {
if (aes_key_len != FS_KEY_LEN)
goto fail;
- AES_set_decrypt_key(aes_key, FS_KEY_LEN * 8, &aes_state);
+ br_aes_big_cbcdec_init(&aes_state.c_big, aes_key, FS_KEY_LEN);
paes_state = &aes_state;
} else {
paes_state = NULL;
diff --git a/fs_wget.c b/fs_wget.c
index b4857b0..5a36dbc 100644
--- a/fs_wget.c
+++ b/fs_wget.c
@@ -327,6 +327,8 @@ XHRState *fs_wget(const char *url, const char *user, const char *password,
/***********************************************/
/* file decryption */
+#define AES_BLOCK_SIZE br_aes_big_BLOCK_SIZE
+
#define ENCRYPTED_FILE_HEADER_SIZE (4 + AES_BLOCK_SIZE)
#define DEC_BUF_SIZE (256 * AES_BLOCK_SIZE)
@@ -379,8 +381,7 @@ int decrypt_file(DecryptFileState *s, const uint8_t *data,
if (s->dec_buf_pos >= DEC_BUF_SIZE) {
/* keep one block in case it is the padding */
len = s->dec_buf_pos - AES_BLOCK_SIZE;
- AES_cbc_encrypt(s->dec_buf, s->dec_buf, len,
- s->aes_state, s->iv, FALSE);
+ br_aes_big_cbcdec_run(&s->aes_state->c_big, s->iv, s->dec_buf, len);
ret = s->write_cb(s->opaque, s->dec_buf, len);
if (ret < 0)
return ret;
@@ -409,8 +410,7 @@ int decrypt_file_flush(DecryptFileState *s)
if (len == 0 ||
(len % AES_BLOCK_SIZE) != 0)
return -1;
- AES_cbc_encrypt(s->dec_buf, s->dec_buf, len,
- s->aes_state, s->iv, FALSE);
+ br_aes_big_cbcdec_run(&s->aes_state->c_big, s->iv, s->dec_buf, len);
pad_len = s->dec_buf[s->dec_buf_pos - 1];
if (pad_len < 1 || pad_len > AES_BLOCK_SIZE)
return -1;
@@ -532,6 +532,8 @@ void fs_wget_file2(FSDevice *fs, FSFile *f, const char *url,
/***********************************************/
/* PBKDF2 */
+#define SALT_LEN_MAX 32
+
#ifdef USE_BUILTIN_CRYPTO
#define HMAC_BLOCK_SIZE 64
@@ -575,8 +577,6 @@ void hmac_sha256_final(HMAC_SHA256_CTX *s, uint8_t *out)
SHA256(s->K, HMAC_BLOCK_SIZE + SHA256_DIGEST_LENGTH, out);
}
-#define SALT_LEN_MAX 32
-
void pbkdf2_hmac_sha256(const uint8_t *pwd, int pwd_len,
const uint8_t *salt, int salt_len,
int iter, int key_len, uint8_t *out)
@@ -618,8 +618,37 @@ void pbkdf2_hmac_sha256(const uint8_t *pwd, int pwd_len,
const uint8_t *salt, int salt_len,
int iter, int key_len, uint8_t *out)
{
- PKCS5_PBKDF2_HMAC((const char *)pwd, pwd_len, salt, salt_len,
- iter, EVP_sha256(), key_len, out);
+ uint8_t F[br_sha256_SIZE], U[SALT_LEN_MAX + 4];
+ br_hmac_key_context kc;
+ br_hmac_context ctx;
+ int it, U_len, j, l;
+ uint32_t i;
+
+ assert(salt_len <= SALT_LEN_MAX);
+ i = 1;
+ br_hmac_key_init(&kc, &br_sha256_vtable, pwd, pwd_len);
+ while (key_len > 0) {
+ memset(F, 0, br_sha256_SIZE);
+ memcpy(U, salt, salt_len);
+ U[salt_len] = i >> 24;
+ U[salt_len + 1] = i >> 16;
+ U[salt_len + 2] = i >> 8;
+ U[salt_len + 3] = i;
+ U_len = salt_len + 4;
+ for(it = 0; it < iter; it++) {
+ br_hmac_init(&ctx, &kc, 0);
+ br_hmac_update(&ctx, U, U_len);
+ br_hmac_out(&ctx, U);
+ for(j = 0; j < br_sha256_SIZE; j++)
+ F[j] ^= U[j];
+ U_len = br_sha256_SIZE;
+ }
+ l = min_int(key_len, br_sha256_SIZE);
+ memcpy(out, F, l);
+ out += l;
+ key_len -= l;
+ i++;
+ }
}
#endif /* !USE_BUILTIN_CRYPTO */
diff --git a/fs_wget.h b/fs_wget.h
index 35b6a4b..952bb69 100644
--- a/fs_wget.h
+++ b/fs_wget.h
@@ -29,9 +29,8 @@
#include "aes.h"
#include "sha256.h"
#else
-#include <openssl/aes.h>
-#include <openssl/sha.h>
-#include <openssl/evp.h>
+#include <bearssl.h>
+typedef br_aes_gen_cbcdec_keys AES_KEY;
#endif
#ifdef _WIN32
#include <winsock2.h>
--
2.32.0
|
