Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix up Aes CCM/GCM support #48728

Merged
merged 16 commits into from
Feb 26, 2021
Merged

Fix up Aes CCM/GCM support #48728

merged 16 commits into from
Feb 26, 2021

Conversation

jkoritzinsky
Copy link
Member

Fixes #48471

This gets all the tests passing in the AES/CCM and AES/GCM test suites.

This PR splits the managed implementation for AES/CCM and AES/GCM from OpenSSL for Android since the authentication tag handling required for Android is different enough from OpenSSL to make the code to correctly handle it with the OpenSSL shim surface area extremely confusing.

@jkoritzinsky
Fix up Aes CCM/GCM support partially. Re-enable the length assert.
0a0fcb4 
Fixes dotnet#48471

This gets 49 more tests passing (split between Ccm and Gcm tests and sadly no full test suites).
@jkoritzinsky
Merge branch 'master' of https://github.com/dotnet/runtime into aes-s…
4acdd23 
…imple-fixes
@jkoritzinsky
Use Android-specific classes for AesCcm and AesGcm since OpenSSL's im…
5509ffa 
…pl has a lot of special cases that we don't need to handle (and handling them makes the code significantly harder to read).
@jkoritzinsky
In progress work to refactor AES impls for clarity.
dc5d1f3
@jkoritzinsky
Get custom tag length tests to pass.
1f61301
@jkoritzinsky
Implement EvpCipherReset.
e4eebfd
@jkoritzinsky
Handle how Java appends the tag from the managed side instead of in t…
93d2f0e 
…he shim. This fixes cases where the ciphertext returned from doFinal is either part or all of the tag (and no ciphertext).
@jkoritzinsky
Fix AES/CCM
2011fef
@jkoritzinsky
Remove unused functions.
08449ed
@ghost
Copy link

ghost commented Feb 24, 2021

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

Fixes #48471

This gets all the tests passing in the AES/CCM and AES/GCM test suites.

This PR splits the managed implementation for AES/CCM and AES/GCM from OpenSSL for Android since the authentication tag handling required for Android is different enough from OpenSSL to make the code to correctly handle it with the OpenSSL shim surface area extremely confusing.

Author: jkoritzinsky
Assignees: -
Labels:

area-System.Security, os-android
Milestone: -

@jkoritzinsky jkoritzinsky changed the title Fix up Aes CCM/GCM support partially. Fix up Aes CCM/GCM support Feb 24, 2021
@runfoapp runfoapp bot mentioned this pull request Feb 25, 2021
Open
AaronRobinsonMSFT
AaronRobinsonMSFT reviewed Feb 25, 2021
View reviewed changes
src/libraries/Native/Unix/System.Security.Cryptography.Native.Android/pal_cipher.c Outdated Show resolved Hide resolved
src/libraries/Native/Unix/System.Security.Cryptography.Native.Android/pal_cipher.c Outdated Show resolved Hide resolved
src/libraries/Native/Unix/System.Security.Cryptography.Native.Android/pal_cipher.c
if(tagLength > TAG_MAX_LENGTH)
return FAIL;

ctx->tagLength = tagLength;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this permit resetting? Perhaps there is some invariant we should assert prior.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this can be reset when the cipher is reused.

bartonjs
bartonjs reviewed Feb 26, 2021
View reviewed changes
src/libraries/Native/Unix/System.Security.Cryptography.Native.Android/pal_cipher.c Outdated
return ReinitializeCipher(ctx);
}

CipherCtx* AndroidCryptoNative_CipherCreate2(CipherInfo* type, uint8_t* key, int32_t keyLength, int32_t effectiveKeyLength, uint8_t* iv, int32_t enc)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"CipherCreate2", already? 😄. If our OpenSSL shim has CIpherCreate2 it's because we created it during complex SxS upgrade time and didn't want to change CipherCreate.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’ll remove the 2 suffix.

bartonjs
bartonjs approved these changes Feb 26, 2021
View reviewed changes
Copy link
Member

@bartonjs bartonjs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some oddness around the exceptions/messages when CipherUpdate fails, and I'd always love to see less name reuse from the OpenSSL interop code, but otherwise LGTM.

@runfoapp runfoapp bot mentioned this pull request Feb 26, 2021
Closed
@ghost
Copy link

ghost commented Feb 26, 2021

Hello @jkoritzinsky!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

This was referenced Feb 26, 2021
Closed
Closed
@jkoritzinsky
Copy link
Member Author

Windows failure is #25979.

OSX test failure is #30056

OSX timeout looks like a build machine issue.

@jkoritzinsky jkoritzinsky merged commit 8468909 into dotnet:master Feb 26, 2021
@jkoritzinsky jkoritzinsky deleted the aes-simple-fixes branch February 26, 2021 22:10
@ghost ghost locked as resolved and limited conversation to collaborators Mar 28, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@AaronRobinsonMSFT AaronRobinsonMSFT AaronRobinsonMSFT approved these changes

@bartonjs bartonjs bartonjs approved these changes

@steveisok steveisok Awaiting requested review from steveisok

@elinor-fung elinor-fung Awaiting requested review from elinor-fung

@vcsjones vcsjones Awaiting requested review from vcsjones

Assignees
No one assigned
Labels
area-System.Security os-android
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Re-enable AES GCM assert for decrypted bytes
4 participants
@jkoritzinsky @vcsjones @bartonjs @AaronRobinsonMSFT