Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement AES-GCM with CryptoKit on macOS #76490

Merged
merged 10 commits into from
Nov 8, 2022
Merged

Implement AES-GCM with CryptoKit on macOS #76490

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
7b4a0be
Implement AES-GCM with CryptoKit on macOS
vcsjones Oct 1, 2022
a2b397a
Merge remote-tracking branch 'ms/main' into aes-gcm-crypto-kit
vcsjones Oct 2, 2022
8bb6210
Fix typo
vcsjones Oct 2, 2022
50bc097
Merge remote-tracking branch 'ms/main' into aes-gcm-crypto-kit
vcsjones Nov 7, 2022
abc8c19
Revert OpenSSL work for macOS GCM
vcsjones Nov 7, 2022
253ba44
Fixup macOS
vcsjones Nov 7, 2022
2f7e5d0
Respond to code review feedback
vcsjones Nov 7, 2022
a6921ee
Remove conditional from tests since it's not needed anymore
vcsjones Nov 7, 2022
59de3e3
Code review feedback
vcsjones Nov 7, 2022
ef9b473
Restart CI
vcsjones Nov 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
106 changes: 106 additions & 0 deletions ...ibraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.Aead.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,82 @@ internal static partial class AppleCrypto
}
}

internal static unsafe void AesGcmEncrypt(
vcsjones marked this conversation as resolved.
Show resolved Hide resolved
ReadOnlySpan<byte> key,
ReadOnlySpan<byte> nonce,
ReadOnlySpan<byte> plaintext,
Span<byte> ciphertext,
Span<byte> tag,
ReadOnlySpan<byte> aad)
{
fixed (byte* keyPtr = key)
fixed (byte* noncePtr = nonce)
fixed (byte* plaintextPtr = plaintext)
fixed (byte* ciphertextPtr = ciphertext)
fixed (byte* tagPtr = tag)
fixed (byte* aadPtr = aad)
{
const int Success = 1;
int result = AppleCryptoNative_AesGcmEncrypt(
keyPtr, key.Length,
noncePtr, nonce.Length,
plaintextPtr, plaintext.Length,
ciphertextPtr, ciphertext.Length,
tagPtr, tag.Length,
aadPtr, aad.Length);

if (result != Success)
{
Debug.Assert(result == 0);
CryptographicOperations.ZeroMemory(ciphertext);
CryptographicOperations.ZeroMemory(tag);
throw new CryptographicException();
}
}
}

internal static unsafe void AesGcmDecrypt(
ReadOnlySpan<byte> key,
ReadOnlySpan<byte> nonce,
ReadOnlySpan<byte> ciphertext,
ReadOnlySpan<byte> tag,
Span<byte> plaintext,
ReadOnlySpan<byte> aad)
{
fixed (byte* keyPtr = key)
fixed (byte* noncePtr = nonce)
fixed (byte* ciphertextPtr = ciphertext)
fixed (byte* tagPtr = tag)
fixed (byte* plaintextPtr = plaintext)
fixed (byte* aadPtr = aad)
{
const int Success = 1;
const int AuthTagMismatch = -1;
int result = AppleCryptoNative_AesGcmDecrypt(
keyPtr, key.Length,
noncePtr, nonce.Length,
ciphertextPtr, ciphertext.Length,
tagPtr, tag.Length,
plaintextPtr, plaintext.Length,
aadPtr, aad.Length);

if (result != Success)
{
CryptographicOperations.ZeroMemory(plaintext);

if (result == AuthTagMismatch)
{
throw new AuthenticationTagMismatchException();
}
else
{
Debug.Assert(result == 0);
throw new CryptographicException();
}
}
}
}

[LibraryImport(Libraries.AppleCryptoNative)]
private static unsafe partial int AppleCryptoNative_ChaCha20Poly1305Encrypt(
byte* keyPtr,
Expand Down Expand Up @@ -116,5 +192,35 @@ internal static partial class AppleCrypto
int plaintextLength,
byte* aadPtr,
int aadLength);

[LibraryImport(Libraries.AppleCryptoNative)]
private static unsafe partial int AppleCryptoNative_AesGcmEncrypt(
byte* keyPtr,
int keyLength,
byte* noncePtr,
int nonceLength,
byte* plaintextPtr,
int plaintextLength,
byte* ciphertextPtr,
int ciphertextLength,
byte* tagPtr,
int tagLength,
byte* aadPtr,
int aadLength);

[LibraryImport(Libraries.AppleCryptoNative)]
private static unsafe partial int AppleCryptoNative_AesGcmDecrypt(
byte* keyPtr,
int keyLength,
byte* noncePtr,
int nonceLength,
byte* ciphertextPtr,
int ciphertextLength,
byte* tagPtr,
int tagLength,
byte* plaintextPtr,
int plaintextLength,
byte* aadPtr,
int aadLength);
}
}
3 changes: 2 additions & 1 deletion src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -783,6 +783,7 @@
Link="Common\System\Text\UrlBase64Encoding.cs" />
<Compile Include="$(CommonPath)System\Text\ValueUtf8Converter.cs"
Link="Common\System\Text\ValueUtf8Converter.cs" />
<Compile Include="System\Security\Cryptography\AesGcm.OpenSsl.cs" />
<Compile Include="System\Security\Cryptography\AesImplementation.OpenSsl.cs" />
<Compile Include="System\Security\Cryptography\AsnFormatter.OpenSsl.cs" />
<Compile Include="System\Security\Cryptography\CapiHelper.DSA.Shared.cs" />
Expand Down Expand Up @@ -870,7 +871,6 @@
<Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs"
Link="Common\Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs" />
<Compile Include="System\Security\Cryptography\AesCcm.OpenSsl.cs" />
<Compile Include="System\Security\Cryptography\AesGcm.OpenSsl.cs" />
</ItemGroup>
<ItemGroup Condition="'$(UseAndroidCrypto)' == 'true'">
<Compile Include="$(CommonPath)Interop\Android\Interop.JObjectLifetime.cs"
Expand Down Expand Up @@ -1292,6 +1292,7 @@
Link="Common\System\Security\Cryptography\RSASecurityTransforms.macOS.cs" />
<Compile Include="$(CommonPath)System\Security\Cryptography\RSAOpenSsl.cs"
Link="Common\System\Security\Cryptography\RSAOpenSsl.cs" />
<Compile Include="System\Security\Cryptography\AesGcm.macOS.cs" />
vcsjones marked this conversation as resolved.
Show resolved Hide resolved
<Compile Include="System\Security\Cryptography\ChaCha20Poly1305.macOS.cs" />
<Compile Include="System\Security\Cryptography\DSA.Create.SecurityTransforms.cs" />
<Compile Include="System\Security\Cryptography\DSACryptoServiceProvider.Unix.cs" />
Expand Down
1 change: 1 addition & 0 deletions ...libraries/System.Security.Cryptography/src/System/Security/Cryptography/AesGcm.Android.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ public sealed partial class AesGcm
private SafeEvpCipherCtxHandle _ctxHandle;

public static bool IsSupported => true;
public static KeySizes TagByteSizes { get; } = new KeySizes(12, 16, 1);

[MemberNotNull(nameof(_ctxHandle))]
private void ImportKey(ReadOnlySpan<byte> key)
Expand Down
1 change: 1 addition & 0 deletions ...ries/System.Security.Cryptography/src/System/Security/Cryptography/AesGcm.NotSupported.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ namespace System.Security.Cryptography
public partial class AesGcm
{
public static bool IsSupported => false;
public static KeySizes TagByteSizes { get; } = new KeySizes(12, 16, 1);
vcsjones marked this conversation as resolved.
Show resolved Hide resolved

#pragma warning disable CA1822
private void ImportKey(ReadOnlySpan<byte> key)
Expand Down
1 change: 1 addition & 0 deletions ...libraries/System.Security.Cryptography/src/System/Security/Cryptography/AesGcm.OpenSsl.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ public sealed partial class AesGcm
private SafeEvpCipherCtxHandle _ctxHandle;

public static bool IsSupported { get; } = Interop.OpenSslNoInit.OpenSslIsAvailable;
public static KeySizes TagByteSizes { get; } = new KeySizes(12, 16, 1);

[MemberNotNull(nameof(_ctxHandle))]
private void ImportKey(ReadOnlySpan<byte> key)
Expand Down
1 change: 1 addition & 0 deletions ...libraries/System.Security.Cryptography/src/System/Security/Cryptography/AesGcm.Windows.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ public partial class AesGcm
private SafeKeyHandle _keyHandle;

public static bool IsSupported => true;
public static KeySizes TagByteSizes { get; } = new KeySizes(12, 16, 1);

[MemberNotNull(nameof(_keyHandle))]
private void ImportKey(ReadOnlySpan<byte> key)
Expand Down
1 change: 0 additions & 1 deletion src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/AesGcm.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ public sealed partial class AesGcm : IDisposable
{
private const int NonceSize = 12;
public static KeySizes NonceByteSizes { get; } = new KeySizes(NonceSize, NonceSize, 1);
public static KeySizes TagByteSizes { get; } = new KeySizes(12, 16, 1);

public AesGcm(ReadOnlySpan<byte> key)
{
Expand Down
77 changes: 77 additions & 0 deletions src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/AesGcm.macOS.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using System.Diagnostics;
using System.Diagnostics.CodeAnalysis;
using Microsoft.Win32.SafeHandles;

namespace System.Security.Cryptography
{
public sealed partial class AesGcm
{
private byte[]? _key;

// CryptoKit added AES.GCM in macOS 10.15, which is our minimum target for macOS.
public static bool IsSupported => true;

// CryptoKit only supports 16 byte tags.
public static KeySizes TagByteSizes { get; } = new KeySizes(16, 16, 1);

[MemberNotNull(nameof(_key))]
private void ImportKey(ReadOnlySpan<byte> key)
{
// We should only be calling this in the constructor, so there shouldn't be a previous key.
Debug.Assert(_key is null);

// Pin the array on the POH so that the GC doesn't move it around to allow zeroing to be more effective.
_key = GC.AllocateArray<byte>(key.Length, pinned: true);
key.CopyTo(_key);
}

private void EncryptCore(
ReadOnlySpan<byte> nonce,
ReadOnlySpan<byte> plaintext,
Span<byte> ciphertext,
Span<byte> tag,
ReadOnlySpan<byte> associatedData)
{
CheckDisposed();
Interop.AppleCrypto.AesGcmEncrypt(
_key,
nonce,
plaintext,
ciphertext,
tag,
associatedData);
}

private void DecryptCore(
ReadOnlySpan<byte> nonce,
ReadOnlySpan<byte> ciphertext,
ReadOnlySpan<byte> tag,
Span<byte> plaintext,
ReadOnlySpan<byte> associatedData)
{
CheckDisposed();
Interop.AppleCrypto.AesGcmDecrypt(
_key,
nonce,
ciphertext,
tag,
plaintext,
associatedData);
}

public void Dispose()
{
CryptographicOperations.ZeroMemory(_key);
_key = null;
}

[MemberNotNull(nameof(_key))]
private void CheckDisposed()
{
ObjectDisposedException.ThrowIf(_key is null, this);
}
}
}