libyal / libcaes Goto Github PK

Library to support cross-platform AES encryption

License: GNU Lesser General Public License v3.0

PowerShell 0.66% Shell 2.25% C 71.16% Makefile 0.32% C++ 0.27% Python 23.00% M4 2.23% Roff 0.12%

libcaes's Introduction

The name libyal was initially a pun on the naming theme of the various library 
projects. Now it serves the purpose of providing an overview of the available 
projects in a single location and as a home for scripts to help maintain the 
projects.

For more information see:

* Project documentation: https://github.com/libyal/libyal/wiki/Home
* Overiew of available projects: https://github.com/libyal/libyal/wiki/Overview

libcaes's People

Contributors

Stargazers

Watchers

Forkers

roox mysefs bogdanjsx ajunlonglive

libcaes's Issues

Add python support for mingw and cygwin tests or otherwise skip tests

https://ci.appveyor.com/project/joachimmetz/libcaes/build/job/oyk8iihi7xu55j37 one option is to check if pyconfig-exists in runtests.sh

Improve wincrypt support

Wincrypt usage is horribly slow at the moment; improve this.

Work around for now don't use wincrypt by setting WINVER to 0x0501

Fix asan tests failing on Python binding

Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.

libcrypto EVP XTS functions available but not used?

libcaes» ./autogen.sh && ./configure
[...]
configure:
Building:
   libcerror support:       yes
   AES-CBC support:         libcrypto
   AES-ECB support:         libcrypto
   AES-XTS support:         local

But my libcrypto.so does have the two functions for XTS:

» nm -D libcrypto.so.1.1
0000000000165370 T EVP_aes_128_xts
0000000000165390 T EVP_aes_256_xts

acinclude.m4 has this to say:

  AS_IF(
    [test "x$ac_cv_libcrypto" != xno],
    [AX_LIBCRYPTO_CHECK_AES
    AX_LIBCRYPTO_CHECK_AES_XTS])

This means it only ever checks for set(CBC, EBC) or set(XTS), but never both. Is this really intentional?

Fix Visual Studio tests failing to build Python module

Unable to build on Mac OS Mojave

I got this error when trying to build libfsapfs with "make." I decided to try to build and install libcaes separately, but I get the same error. My goal is to build libfsapfs.

Unable to override python interpreter

PYTHON_VERSION=3.9 PYTHON=python3.9 PYTHON_CONFIG=python3.9-config ./configure PYTHON_VERSION=3.9 PYTHON=python3.9 PYTHON_CONFIG=python3.9-config --enable-python3
[...]
Features:
   Python (pycaes) support: 3.8

It seems to be stuck with /usr/bin/python3-config and I cannot find a way to make it use a pythonX.Y-config of my choosing.

Print OpenSSL error information

Use ERR_error_string_N to get OpenSSL error information.

                char *error_string[ 512 ];
                unsigned long error_code = 0;

                error_code = ERR_get_error();
                ERR_error_string_n(error_code, error_string, 512);

Unable to build source outside of source tree

$ ./autogen.sh
$ mkdir o; cd o; ../configure
[...]
config.status: creating po/POTFILES
config.status: creating po/Makefile
configure:
Building:
   libcerror support:       local
   AES-CBC support:         libcrypto_evp
   AES-ECB support:         libcrypto_evp
   AES-XTS support:         local

Features:
   Python (pycaes) support: no

$ make
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../libcerror -I../common  -I../../include -I../../common    -g -O2 -Wall -MT libcerror_error.lo -MD -MP -MF .deps/libcerror_error.Tpo -c -o libcerror_error.lo ../../libcerror/libcerror_error.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../libcerror -I../common -I../../include -I../../common -g -O2 -Wall -MT libcerror_error.lo -MD -MP -MF .deps/libcerror_error.Tpo -c ../../libcerror/libcerror_error.c  -fPIC -DPIC -o .libs/libcerror_error.o
In file included from ../../common/narrow_string.h:27,
                 from ../../libcerror/libcerror_error.c:24:
../common/types.h:34:10: fatal error: libcaes/types.h: No such file or directory
   34 | #include <libcaes/types.h>
      |          ^~~~~~~~~~~~~~~~~
compilation terminated.

The following change addresses this and may need to be replicated across all libs:

--- libcaes/libcerror/Makefile.am        2022-01-13 12:19:06.735466052 +0100
+++ libcaes/libcerror/Makefile.am 2022-01-13 13:01:38.175288541 +0100
@@ -1,5 +1,5 @@
 if HAVE_LOCAL_LIBCERROR
-AM_CPPFLAGS = \
+AM_CPPFLAGS = -I../include -I../common \
        -I$(top_srcdir)/include \
        -I$(top_srcdir)/common

(Rationale: -I${srcdir}/include is nice, but since some headers are generated - types.h being one of them, -I${builddir}/include is also needed. Since make's cwd is always a builddir, -I${builddir}/include is equal to -I../include)

Remove WinCrypt support

WinCrypt is deprecated: https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-cryptacquirecontexta

Its replacement is https://docs.microsoft.com/en-us/windows/desktop/SecCNG/cng-portal which seems to be still work in progress

And so far has only caused additional complexity and issues:

The AES CCM decryption results generated by libcaes are different than that generated by PolarSSL, OpenSSL and SJCL. https://github.com/ARMmbed/mbedtls/blob/master/library/ccm.c has some AES CCM decryption test vectors which aren't handled correctly by libcaes.

Is this by design, perhaps to conform to some platform specific AES CCM implementations? Or am I doing something wrong?

Here is a test-case to demonstrate this,

$ cat ccm_tester.py 
#!/usr/bin/env python

import sys
import pycaes
from binascii import hexlify


def pycaes_test_crypt_ccm(mode, key, nonce, input_data, expected_output_data):
    caes_context = pycaes.context()
    caes_context.set_key(pycaes.crypt_modes.ENCRYPT, key)

    output_data = pycaes.crypt_ccm(caes_context, mode, nonce, input_data)

    print("")
    print("actual output", hexlify(output_data))
    print("expected", hexlify(expected_output_data))

    return output_data == expected_output_data


def main():
    # NIST SP800-38C compliant test vector borrowed from the following link,
    # https://github.com/ARMmbed/mbedtls/blob/master/library/ccm.c
    key = [0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a,
           0x4b, 0x4c, 0x4d, 0x4e, 0x4f]
    nonce = [0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16]
    cipher_text = [0x71, 0x62, 0x01, 0x5b]
    plain_text = [0x20, 0x21, 0x22, 0x23]

    print("Testing AES-CCM 128-bit decryption\t"),

    test_key = bytes(bytearray(key))
    test_nonce = bytes(bytearray(nonce))
    test_cipher_text = bytes(bytearray(cipher_text))
    test_plain_text = bytes(bytearray(plain_text))

    result = pycaes_test_crypt_ccm(pycaes.crypt_modes.DECRYPT, test_key,
                                   test_nonce, test_cipher_text,
                                   test_plain_text)

    if not result:
        print("(FAIL)")
    else:
        print("(PASS)")


if __name__ == "__main__":
    if not main():
        sys.exit(1)
    else:
        sys.exit(0)

Running this results in,

Testing AES-CCM 128-bit decryption
('actual output', '5c4a101d')
('expected', '20212223')
(FAIL)

wincrypt: Keyset does not exist

libcaes_context_initialize: unable to create AES crypt provider with error: Keyset does not exist
libbde_metadata_read_volume_master_key: unable initialize AES context.
libbde_volume_open_read_keys_from_metadata: unable to read volume master key from metadata.
libbde_volume_open_read: unable to read keys from primary metadata.
libbde_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.

Work around use WINVER=0x0501

Add openssl 3.0.0 support

make check currently failing with

libcaes_context_initialize: unable to set padding in context with error: error:00000000:lib(0)::reason(0).