made file name encryption work with 256 bit keys

Author: overheadhunter

CryptoLib/AesSiv.swift

@@ -7,7 +7,6 @@
 //
 
 import Foundation
-import CryptoSwift
 import CommonCrypto
 
 enum AesSivError: Error {
@@ -53,16 +52,16 @@ public class AesSiv {
 		return plaintext
 	}
 
-	internal static func aesCtr(aesKey: [UInt8], iv: [UInt8], plaintext: [UInt8]) throws -> [UInt8] {
-		assert(aesKey.count == kCCKeySizeAES256 || aesKey.count == kCCKeySizeAES128, "aesKey expected to be 128 or 256 bit")
+	internal static func aesCtr(aesKey key: [UInt8], iv: [UInt8], plaintext: [UInt8]) throws -> [UInt8] {
+		assert(key.count == kCCKeySizeAES256 || key.count == kCCKeySizeAES128, "aesKey expected to be 128 or 256 bit")
 
 		// clear out the 31st and 63rd bit (see https://tools.ietf.org/html/rfc5297#section-2.5)
 		var ctr = iv
 		ctr[8] &= 0x7F
 		ctr[12] &= 0x7F
 
 		var cryptor: CCCryptorRef?
-		var status = CCCryptorCreateWithMode(CCOperation(kCCEncrypt), CCMode(kCCModeCTR), CCAlgorithm(kCCAlgorithmAES), CCPadding(ccNoPadding), ctr, aesKey, aesKey.count, nil, 0, 0, CCModeOptions(kCCModeOptionCTR_BE), &cryptor)
+		var status = CCCryptorCreateWithMode(CCOperation(kCCEncrypt), CCMode(kCCModeCTR), CCAlgorithm(kCCAlgorithmAES), CCPadding(ccNoPadding), ctr, key, key.count, nil, 0, 0, CCModeOptions(kCCModeOptionCTR_BE), &cryptor)
 		guard status == kCCSuccess, cryptor != nil else {
 			throw AesSivError.invalidParameter("failed to initialize cryptor")
 		}
@@ -93,16 +92,14 @@ public class AesSiv {
 			throw AesSivError.invalidParameter("too many ad")
 		}
 
-		let mac = try CMAC.init(key: macKey)
-		
 		// RFC 5297 defines a n == 0 case here. Where n is the length of the input vector:
 		// S1 = associatedData1, S2 = associatedData2, ... Sn = plaintext
 		// Since this method is invoked only by encrypt/decrypt, we always have a plaintext.
 		// Thus n > 0
 
-		var d = try mac.authenticate(zero)
+		var d = try cmac(macKey: macKey, data: zero)
 		for s in ad {
-			d = xor(dbl(d), try mac.authenticate(s))
+			d = xor(dbl(d), try cmac(macKey: macKey, data: s))
 		}
 
 		let t: [UInt8]
@@ -112,7 +109,61 @@ public class AesSiv {
 			t = xor(dbl(d), pad(plaintext))
 		}
 
-		return try mac.authenticate(t)
+		return try cmac(macKey: macKey, data: t)
+	}
+	
+	internal static func cmac(macKey key: [UInt8], data: [UInt8]) throws -> [UInt8] {
+		// subkey generation:
+		let l = try aes(key: key, plaintext: zero)
+		let k1 = l[0] & 0x80 == 0x00 ? shiftLeft(l) : dbl(l)
+		let k2 = k1[0] & 0x80 == 0x00 ? shiftLeft(k1) : dbl(k1)
+		
+		// determine number of blocks:
+		let n = (data.count + 15) / 16
+		let lastBlockIdx: Int
+		let lastBlockComplete: Bool
+		if n == 0 {
+			lastBlockIdx = 0
+			lastBlockComplete = false
+		} else {
+			lastBlockIdx = n - 1
+			lastBlockComplete = data.count % 16 == 0
+		}
+		
+		// blocks 0..<n:
+		var mac = [UInt8](repeating: 0x00, count: 16)
+		for i in 0..<lastBlockIdx {
+			let block = Array(data[(16*i)..<(16*(i+1))])
+			let y = xor(mac, block)
+			mac = try aes(key: key, plaintext: y)
+		}
+		
+		// block n:
+		var lastBlock = Array(data[(16*lastBlockIdx)...])
+		if lastBlockComplete {
+			lastBlock = xor(lastBlock, k1)
+		} else {
+			lastBlock = xor(pad(lastBlock), k2)
+		}
+		let y = xor(mac, lastBlock)
+		mac = try aes(key: key, plaintext: y)
+
+		return mac
+	}
+	
+	private static func aes(key: [UInt8], plaintext: [UInt8]) throws -> [UInt8] {
+		assert(key.count == kCCKeySizeAES128 || key.count == kCCKeySizeAES192 || key.count == kCCKeySizeAES256)
+		assert(plaintext.count == kCCBlockSizeAES128, "Attempt to run AES-ECB for plaintext != one single block")
+		
+		var ciphertext = [UInt8](repeating: 0x00, count: kCCBlockSizeAES128)
+		var ciphertextLen = 0
+		let status = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmAES), CCOptions(kCCOptionECBMode), key, key.count, nil, plaintext, plaintext.count, &ciphertext, kCCBlockSizeAES128, &ciphertextLen)
+		
+		guard status == kCCSuccess else {
+			throw AesSivError.invalidParameter("AES failed")
+		}
+		
+		return ciphertext
 	}
 
 	private static func shiftLeft(_ input: [UInt8]) -> [UInt8] {

CryptoLibTests/AesSivTests.swift

@@ -41,7 +41,7 @@ class AesSivTests: XCTestCase {
 		]
 
 		let result = try? AesSiv.encrypt(aesKey: aesKey, macKey: macKey, plaintext: plaintext, ad: ad)
-
+		
 		XCTAssertEqual(expected, result)
 	}
 
@@ -105,5 +105,83 @@ class AesSivTests: XCTestCase {
 
 		XCTAssertEqual(expected, result)
 	}
+	
+	func testCmac1() {
+		let macKey: [UInt8] = [
+			0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+			0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+		]
+		let message: [UInt8] = []
+		let expected: [UInt8] = [
+			0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
+			0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
+		]
+		let result = try? AesSiv.cmac(macKey: macKey, data: message)
+		
+		XCTAssertEqual(expected, result)
+	}
+	
+	func testCmac2() {
+		let macKey: [UInt8] = [
+			0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+			0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+		]
+		let message: [UInt8] = [
+			0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+			0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
+		]
+		let expected: [UInt8] = [
+			0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
+			0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
+		]
+		let result = try? AesSiv.cmac(macKey: macKey, data: message)
+		
+		XCTAssertEqual(expected, result)
+	}
+	
+	func testCmac3() {
+		let macKey: [UInt8] = [
+			0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+			0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+		]
+		let message: [UInt8] = [
+			0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+			0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+			0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+			0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+			0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
+		]
+		let expected: [UInt8] = [
+			0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
+			0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27,
+		]
+		let result = try? AesSiv.cmac(macKey: macKey, data: message)
+		
+		XCTAssertEqual(expected, result)
+	}
+	
+	func testCmac4() {
+		let macKey: [UInt8] = [
+			0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+			0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+		]
+		let message: [UInt8] = [
+			0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+			0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+			0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+			0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+			0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+			0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+			0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+			0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+		]
+		let expected: [UInt8] = [
+			0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
+			0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
+		]
+		let result = try? AesSiv.cmac(macKey: macKey, data: message)
+		
+		XCTAssertEqual(expected, result)
+	}
 
 }

CryptoLibTests/CryptorTests.swift

@@ -14,8 +14,8 @@ class CryptorTests: XCTestCase {
 	var masterkey: Masterkey!
 
     override func setUp() {
-		let aesKey: [UInt8] = Array(repeating: 0x55, count: 16)
-		let macKey: [UInt8] = Array(repeating: 0x77, count: 16)
+		let aesKey: [UInt8] = Array(repeating: 0x55, count: 32)
+		let macKey: [UInt8] = Array(repeating: 0x77, count: 32)
 		masterkey = Masterkey.createFromRaw(aesMasterKey: aesKey, macMasterKey: macKey)
 
 		XCTAssertNotNil(masterkey)