Add Encryption/Message Digest to Mbed TLS gem #168

sylph01 · 2024-04-26T10:06:31Z

This pull request:

Separates MbedTLS::CMAC module code into a separate file
Introduces MbedTLS::Cipher, a module for encryption/decryption of messages
- AES-128/192/256-CBC, AES-128/192/256-GCM is supported
Introduces MbedTLS::Digest, a module for getting message digests
- SHA-256 is supported

Examples

AES-128-CBC

require 'mbedtls'
require 'base64'
key = Base64.decode64 "aGB7hvLWxE60PsxbPS9wsA=="
iv  = Base64.decode64 "J4b4xJuIHry/aUpVeyRIJw=="
cipher = MbedTLS::Cipher.new(:aes_128_cbc, key, :encrypt)
cipher.set_iv(iv)
s = cipher.update('asdfasdfasdfasdfasdf')
s << cipher.finish
Base64.encode64 s

AES-128-GCM

require 'mbedtls'
require 'base64'
key = Base64.decode64 "aGB7hvLWxE60PsxbPS9wsA=="
iv  = Base64.decode64 "J4b4xJuIHry/aUpVeyRIJw=="
cipher = MbedTLS::Cipher.new(:aes_128_gcm, key, :encrypt)
cipher.set_iv(iv)
cipher.update_ad('adadad')
s = cipher.update('asdfasdfasdfasdfasdf')
s << cipher.finish
Base64.encode64 s
t = cipher.write_tag
Base64.encode64 t

decipher = MbedTLS::Cipher.new(:aes_128_gcm, key, :decrypt)
cipher.set_iv(iv)
cipher.update_ad('adadad')
pt = cipher.update s
pt << cipher.finish
pt
decipher.check_tag t

SHA-256

require 'mbedtls'
require 'base16'
digest = MbedTLS::Digest.new(:sha256)
digest.update('asdf')
s = digest.finish
Base16.encode16 s

non-self-replacing calls will result in segfault???

mrbc_incref did it

has only SHA256 for now

This was due to Reference Counting

sylph01 · 2024-04-27T01:12:40Z

On 1602eee: calling set_iv twice resulted in a segfault, possibly due to the inner workings of mbedtls_cipher_set_iv. As there is no need to set IV twice, I decided to guard it by adding an instance variable to check if it has been called or not.

(the following is an example at commit 8cdcf63)

$> irb
irb> require 'mbedtls'
=> true
irb> require 'base64'
=> true
irb> key = Base64.decode64 "aGB7hvLWxE60PsxbPS9wsA=="
=> "h`{\x86\xF2\xD6\xC4N\xB4>\xCC[=/p\xB0"
irb> iv  = Base64.decode64 "J4b4xJuIHry/aUpVeyRIJw=="
=> "'\x86\xF8\xC4\x9B\x88\x1E\xBC\xBFiJU{$H'"
irb> cipher = MbedTLS::Cipher.new(:aes_128_cbc, key, :encrypt)
=> #<MbedTLS::Cipher:1c338e68>
irb> cipher.set_iv(iv)
=> #<MbedTLS::Cipher:1c338e68>
irb> cipher.set_iv(iv)
=> #<MbedTLS::Cipher:1c338e68>
irb> s = cipher.update('asdfasdfasdfasdfasdf')
=> "\x87\x82\x0C*\xCC\xFB\x8F\xD6\x07j\x89\xC5\x96t\x1B\xF8"
irb> s = cipher.update('asdfasdfasdfasdfasdf')
Segmentation fault (core dumped)

sylph01 added 11 commits April 26, 2024 18:51

[mbedtls] Separate CMAC source

967e5f0

[mbedtls][WIP] cipher

439659a

non-self-replacing calls will result in segfault???

[mbedtls] cipher

6e03585

mrbc_incref did it

[mbedtls] AES-GCM

af5c9e5

[mbedtls] note which defines are needed for AES

d5a1e5a

[mbedtls] Digest

743ee4f

has only SHA256 for now

[mbedtls] Fix wrong error message

b696dfa

[mbedtls] types...

b2496c7

[mbedtls] More types

0b8f500

[mbedtls] Remove comment

8cdcf63

This was due to Reference Counting

[mbedtls] Guard against setting IV twice

1602eee

hasumikin merged commit cc33ea2 into picoruby:master Apr 27, 2024
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Encryption/Message Digest to Mbed TLS gem #168

Add Encryption/Message Digest to Mbed TLS gem #168

sylph01 commented Apr 26, 2024

sylph01 commented Apr 27, 2024

Add Encryption/Message Digest to Mbed TLS gem #168

Add Encryption/Message Digest to Mbed TLS gem #168

Conversation

sylph01 commented Apr 26, 2024

Examples

AES-128-CBC

AES-128-GCM

SHA-256

sylph01 commented Apr 27, 2024