[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5761 [TorBrowserButton]: using Dooble Web Browser for the Torbrowser
#5761: using Dooble Web Browser for the Torbrowser
---------------------------------+------------------------------------------
Reporter: mike123 | Owner: mike123
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: invalid | Keywords:
Parent: | Points:
Actualpoints: |
---------------------------------+------------------------------------------
Comment(by mike123):
Unable to reproduce the wild claim. If the encryption fails, it fails
gracefully and an error is reported.
outbuflen = 16
blocksize = 16
inbuflen = 16
Under those conditions do_cbc_encrypt() does not return a failure.
My manual states that the size of the buffer must be a multiple of the
cipher's block size, including a multiple of 1.
---
static gcry_err_code_t
do_cbc_encrypt (gcry_cipher_hd_t c,
unsigned char *outbuf, unsigned int outbuflen,
const unsigned char *inbuf, unsigned int inbuflen)
{
unsigned int n;
unsigned char *ivp;
int i;
size_t blocksize = c->cipher->blocksize;
unsigned nblocks = inbuflen / blocksize;
if (outbuflen < ((c->flags & GCRY_CIPHER_CBC_MAC)? blocksize :
inbuflen))
return GPG_ERR_BUFFER_TOO_SHORT;
if ((inbuflen % c->cipher->blocksize)
&& !(inbuflen > c->cipher->blocksize
&& (c->flags & GCRY_CIPHER_CBC_CTS)))
return GPG_ERR_INV_LENGTH;
if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize)
{
if ((inbuflen % blocksize) == 0)
nblocks--;
}
if (c->bulk.cbc_enc)
{
c->bulk.cbc_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks,
(c->flags & GCRY_CIPHER_CBC_MAC));
inbuf += nblocks * blocksize;
if (!(c->flags & GCRY_CIPHER_CBC_MAC))
outbuf += nblocks * blocksize;
}
else
{
for (n=0; n < nblocks; n++ )
{
for (ivp=c->u_iv.iv,i=0; i < blocksize; i++ )
outbuf[i] = inbuf[i] ^ *ivp++;
c->cipher->encrypt ( &c->context.c, outbuf, outbuf );
memcpy (c->u_iv.iv, outbuf, blocksize );
inbuf += blocksize;
if (!(c->flags & GCRY_CIPHER_CBC_MAC))
outbuf += blocksize;
}
}
if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize)
{
/* We have to be careful here, since outbuf might be equal to
inbuf. */
int restbytes;
unsigned char b;
if ((inbuflen % blocksize) == 0)
restbytes = blocksize;
else
restbytes = inbuflen % blocksize;
outbuf -= blocksize;
for (ivp = c->u_iv.iv, i = 0; i < restbytes; i++)
{
b = inbuf[i];
outbuf[blocksize + i] = outbuf[i];
outbuf[i] = b ^ *ivp++;
}
for (; i < blocksize; i++)
outbuf[i] = 0 ^ *ivp++;
c->cipher->encrypt (&c->context.c, outbuf, outbuf);
memcpy (c->u_iv.iv, outbuf, blocksize);
}
return 0;
>>>>>>>>>>>><
Do you expect the method to create magical content if it can't? Of course
it returns the original buffer if something failed. It returns the
original buffer or the encoded buffer. It doesn't "garble" the original
buffer if an error occurs.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Testcase:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Simple.
#include <gcrypt.h>
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
int rc = EXIT_SUCCESS;
gcry_error_t err = 0;
gcry_cipher_hd_t cipherCtx;
if(!gcry_check_version(GCRYPT_VERSION))
{
rc = EXIT_FAILURE;
printf("gcry_check_version() failure.\n");
}
gcry_control(GCRYCTL_ENABLE_M_GUARD);
gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN);
if((err = gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0)) != 0)
{
rc = EXIT_FAILURE;
printf("gcry_control() failure (%s).\n", gcry_strerror(err));
}
gcry_control(GCRYCTL_RESUME_SECMEM_WARN);
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
int algo = gcry_cipher_map_name("aes256");
if((err = gcry_cipher_open(&cipherCtx, algo,
GCRY_CIPHER_MODE_CBC,
GCRY_CIPHER_SECURE |
GCRY_CIPHER_CBC_CTS)) != 0)
{
rc = EXIT_FAILURE;
printf("gcry_cipher_open() failure (%s).\n",
gcry_strerror(err));
}
char *buffer = 0;
char *cipherPassphrase = (char *) gcry_calloc_secure
(256, sizeof(char));
if(cipherPassphrase)
{
size_t blockLength = gcry_cipher_get_algo_blklen(algo);
buffer = (char *) gcry_calloc_secure(blockLength, sizeof(char));
if(buffer)
{
size_t ivLength = 0;
if((ivLength = gcry_cipher_get_algo_blklen(algo)) != 0)
{
printf("aes256 has a block size of %d.\n", (int) blockLength);
char *iv = (char *) gcry_calloc_secure(ivLength, sizeof(char));
if(iv)
{
gcry_cipher_reset(cipherCtx);
memcpy((void *) iv, (const void *) cipherPassphrase,
ivLength);
err = gcry_cipher_setiv(cipherCtx, (const void *) iv,
ivLength);
if(err)
{
rc = EXIT_FAILURE;
printf("gcry_cipher_setiv() failure (%s).\n",
gcry_strerror(err));
}
memset(buffer, 0, blockLength);
memcpy(buffer, "Hello!", 6);
printf("Some buffer: %s.\n", buffer);
if((err = gcry_cipher_encrypt(cipherCtx,
(void *) buffer,
blockLength,
(const void *) 0,
(size_t) 0)) != 0)
{
rc = EXIT_FAILURE;
printf("gcry_cipher_encrypt() failure (%s).\n",
gcry_strerror(err));
}
printf("Some buffer after encoding: %s.\n", buffer);
gcry_cipher_reset(cipherCtx);
memcpy((void *) iv, (const void *) cipherPassphrase,
ivLength);
err = gcry_cipher_setiv(cipherCtx, (const void *) iv,
ivLength);
if(err)
{
rc = EXIT_FAILURE;
printf("gcry_cipher_setiv() failure (%s).\n",
gcry_strerror(err));
}
if((err = gcry_cipher_decrypt(cipherCtx,
(void *) buffer,
blockLength,
(const void *) 0,
(size_t) 0)) != 0)
{
rc = EXIT_FAILURE;
printf("gcry_cipher_decrypt() failure (%s).\n",
gcry_strerror(err));
}
printf("Some buffer after decoding: %s.\n", buffer);
gcry_free(iv);
}
}
}
gcry_free(buffer);
}
gcry_free(cipherPassphrase);
gcry_cipher_close(cipherCtx);
return rc;
}
And the results.
aes256 has a block size of 16.
Some buffer: Hello!.
Some buffer after encoding: lkïïïïSuKâïïTSï.
Some buffer after decoding: Hello!.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5761#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs