Git-Mirrors/shufflecake
1
0
Fork 0
mirror of https://codeberg.org/shufflecake/shufflecake-c.git synced 2026-01-11 13:31:21 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix:Change from GCM to CTR in VMB

Browse source
This commit is contained in:
= 2023-07-23 18:28:37 +02:00
parent 0fe5fcde60
commit aeaca6ba65
2 changed files with 7 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

3
shufflecake-userland/include/utils/crypto.h
View file

@ -43,6 +43,9 @@
// Key length, for input into AES-CTR and AES-GCM, and for output from Argon
#define SFLC_CRYPTO_KEYLEN 32 /* bytes */
// IV length for AES-CTR
#define SFLC_AESCTR_IVLEN 16 /* bytes */
// IV length for AES-GCM
#define SFLC_AESGCM_IVLEN 12 /* bytes */

29
shufflecake-userland/src/header/volume_master_block.c
View file

@ -65,8 +65,7 @@ int sflc_vmb_seal(sflc_VolumeMasterBlock *vmb, char *vmb_key, char *disk_block)
{
// Pointers inside the block
char *iv = disk_block;
char *mac = iv + SFLC_AESGCM_PADDED_IVLEN;
char *enc_vmb = mac + SFLC_AESGCM_TAGLEN;
char *enc_vmb = iv + SFLC_AESCTR_IVLEN;
// Serialised VMB (dynamically allocated), to be encrypted
char *clear_vmb;
// Error code
@ -94,19 +93,13 @@ int sflc_vmb_seal(sflc_VolumeMasterBlock *vmb, char *vmb_key, char *disk_block)
sflc_log_debug("Successfully sampled VMB IV");
/* Encrypt the VMB */
err = sflc_aes256gcm_encrypt(vmb_key, clear_vmb, SFLC_CLEAR_VMB_LEN, iv, enc_vmb, mac);
err = sflc_aes256ctr_encrypt(vmb_key, clear_vmb, SFLC_CLEAR_VMB_LEN, iv, enc_vmb);
if (err) {
sflc_log_error("Could not encrypt VMB: error %d", err);
goto bad_encrypt;
}
sflc_log_debug("Successfully encrypted VMB");
sflc_log_debug("KEY: %s", sflc_toHex(vmb_key, SFLC_CRYPTO_KEYLEN));
sflc_log_debug("IV: %s", sflc_toHex(iv, SFLC_AESGCM_IVLEN));
sflc_log_debug("CT: %s", sflc_toHex(enc_vmb, SFLC_CLEAR_VMB_LEN));
sflc_log_debug("MAC: %s", sflc_toHex(mac, SFLC_AESGCM_TAGLEN));
// No prob
err = 0;
@ -134,12 +127,9 @@ int sflc_vmb_unseal(char *disk_block, char *vmb_key, sflc_VolumeMasterBlock *vmb
{
// Pointers inside the block
char *iv = disk_block;
char *mac = iv + SFLC_AESGCM_PADDED_IVLEN;
char *enc_vmb = mac + SFLC_AESGCM_TAGLEN;
char *enc_vmb = iv + SFLC_AESCTR_IVLEN;
// Decrypted VMB (dynamically allocated), to be deserialised
char *clear_vmb;
// Flag indicating MAC match
bool match;
// Error code
int err;
@ -152,22 +142,12 @@ int sflc_vmb_unseal(char *disk_block, char *vmb_key, sflc_VolumeMasterBlock *vmb
}
sflc_log_debug("Successfully allocated %d bytes for VMB cleartext", SFLC_CLEAR_VMB_LEN);
sflc_log_debug("KEY: %s", sflc_toHex(vmb_key, SFLC_CRYPTO_KEYLEN));
sflc_log_debug("IV: %s", sflc_toHex(iv, SFLC_AESGCM_IVLEN));
sflc_log_debug("CT: %s", sflc_toHex(enc_vmb, SFLC_CLEAR_VMB_LEN));
sflc_log_debug("MAC: %s", sflc_toHex(mac, SFLC_AESGCM_TAGLEN));
/* Decrypt the VMB */
err = sflc_aes256gcm_decrypt(vmb_key, enc_vmb, SFLC_CLEAR_VMB_LEN, mac, iv, clear_vmb, &match);
err = sflc_aes256ctr_decrypt(vmb_key, enc_vmb, SFLC_CLEAR_VMB_LEN, iv, clear_vmb);
if (err) {
sflc_log_error("Error while decrypting VMB: error %d", err);
goto bad_decrypt;
}
if (!match) { // Pointless to continue
sflc_log_error("Wrong VMB key supplied!");
err = EINVAL;
goto bad_key;
}
sflc_log_debug("Successfully decrypted VMB");
/* Deserialise the struct */
@ -183,7 +163,6 @@ int sflc_vmb_unseal(char *disk_block, char *vmb_key, sflc_VolumeMasterBlock *vmb
bad_deserialise:
bad_key:
bad_decrypt:
/* Always wipe and free the VMB cleartext, even on success */
memset(clear_vmb, 0, SFLC_CLEAR_VMB_LEN);