libyal / libcaes Goto Github PK

View Code? Open in Web Editor NEW

10.0 10.0 4.0 928 KB

Library to support cross-platform AES encryption

License: GNU Lesser General Public License v3.0

PowerShell 0.66% Shell 2.27% C 71.12% Makefile 0.31% C++ 0.27% Python 22.99% M4 2.26% Roff 0.12%

libcaes's People

Contributors

Stargazers

Watchers

Forkers

roox mysefs bogdanjsx ajunlonglive

libcaes's Issues

test script for "types" is missing

AES CCM implementation seems to different / non-compliant than others

The AES CCM decryption results generated by libcaes are different than that generated by PolarSSL, OpenSSL and SJCL. https://github.com/ARMmbed/mbedtls/blob/master/library/ccm.c has some AES CCM decryption test vectors which aren't handled correctly by libcaes.

Is this by design, perhaps to conform to some platform specific AES CCM implementations? Or am I doing something wrong?

Here is a test-case to demonstrate this,

$ cat ccm_tester.py 
#!/usr/bin/env python

import sys
import pycaes
from binascii import hexlify


def pycaes_test_crypt_ccm(mode, key, nonce, input_data, expected_output_data):
    caes_context = pycaes.context()
    caes_context.set_key(pycaes.crypt_modes.ENCRYPT, key)

    output_data = pycaes.crypt_ccm(caes_context, mode, nonce, input_data)

    print("")
    print("actual output", hexlify(output_data))
    print("expected", hexlify(expected_output_data))

    return output_data == expected_output_data


def main():
    # NIST SP800-38C compliant test vector borrowed from the following link,
    # https://github.com/ARMmbed/mbedtls/blob/master/library/ccm.c
    key = [0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a,
           0x4b, 0x4c, 0x4d, 0x4e, 0x4f]
    nonce = [0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16]
    cipher_text = [0x71, 0x62, 0x01, 0x5b]
    plain_text = [0x20, 0x21, 0x22, 0x23]

    print("Testing AES-CCM 128-bit decryption\t"),

    test_key = bytes(bytearray(key))
    test_nonce = bytes(bytearray(nonce))
    test_cipher_text = bytes(bytearray(cipher_text))
    test_plain_text = bytes(bytearray(plain_text))

    result = pycaes_test_crypt_ccm(pycaes.crypt_modes.DECRYPT, test_key,
                                   test_nonce, test_cipher_text,
                                   test_plain_text)

    if not result:
        print("(FAIL)")
    else:
        print("(PASS)")


if __name__ == "__main__":
    if not main():
        sys.exit(1)
    else:
        sys.exit(0)

Running this results in,

Testing AES-CCM 128-bit decryption
('actual output', '5c4a101d')
('expected', '20212223')
(FAIL)

Print OpenSSL error information

Use ERR_error_string_N to get OpenSSL error information.

                char *error_string[ 512 ];
                unsigned long error_code = 0;

                error_code = ERR_get_error();
                ERR_error_string_n(error_code, error_string, 512);

libcrypto EVP XTS functions available but not used?

libcaes» ./autogen.sh && ./configure
[...]
configure:
Building:
   libcerror support:       yes
   AES-CBC support:         libcrypto
   AES-ECB support:         libcrypto
   AES-XTS support:         local

But my libcrypto.so does have the two functions for XTS:

» nm -D libcrypto.so.1.1
0000000000165370 T EVP_aes_128_xts
0000000000165390 T EVP_aes_256_xts

acinclude.m4 has this to say:

  AS_IF(
    [test "x$ac_cv_libcrypto" != xno],
    [AX_LIBCRYPTO_CHECK_AES
    AX_LIBCRYPTO_CHECK_AES_XTS])

This means it only ever checks for set(CBC, EBC) or set(XTS), but never both. Is this really intentional?

Add python support for mingw and cygwin tests or otherwise skip tests

https://ci.appveyor.com/project/joachimmetz/libcaes/build/job/oyk8iihi7xu55j37 one option is to check if pyconfig-exists in runtests.sh

wincrypt: Keyset does not exist

libcaes_context_initialize: unable to create AES crypt provider with error: Keyset does not exist
libbde_metadata_read_volume_master_key: unable initialize AES context.
libbde_volume_open_read_keys_from_metadata: unable to read volume master key from metadata.
libbde_volume_open_read: unable to read keys from primary metadata.
libbde_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.

Work around use WINVER=0x0501

Unable to build on Mac OS Mojave

I got this error when trying to build libfsapfs with "make." I decided to try to build and install libcaes separately, but I get the same error. My goal is to build libfsapfs.

Remove WinCrypt support

WinCrypt is deprecated: https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-cryptacquirecontexta

Its replacement is https://docs.microsoft.com/en-us/windows/desktop/SecCNG/cng-portal which seems to be still work in progress

And so far has only caused additional complexity and issues:

Add openssl 3.0.0 support

make check currently failing with

libcaes_context_initialize: unable to set padding in context with error: error:00000000:lib(0)::reason(0).

Improve wincrypt support

Wincrypt usage is horribly slow at the moment; improve this.

Work around for now don't use wincrypt by setting WINVER to 0x0501

Unable to override python interpreter

PYTHON_VERSION=3.9 PYTHON=python3.9 PYTHON_CONFIG=python3.9-config ./configure PYTHON_VERSION=3.9 PYTHON=python3.9 PYTHON_CONFIG=python3.9-config --enable-python3
[...]
Features:
   Python (pycaes) support: 3.8

It seems to be stuck with /usr/bin/python3-config and I cannot find a way to make it use a pythonX.Y-config of my choosing.

Fix asan tests failing on Python binding

Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.