-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement ChaCha20Poly1305 with CryptoKit on macOS
Co-authored-by: Filip Navara <filip.navara@gmail.com>
- Loading branch information
1 parent
65a1578
commit 72ac50c
Showing
10 changed files
with
354 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
120 changes: 120 additions & 0 deletions
120
...ibraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.Aead.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
// Licensed to the .NET Foundation under one or more agreements. | ||
// The .NET Foundation licenses this file to you under the MIT license. | ||
|
||
using System; | ||
using System.Diagnostics; | ||
using System.Runtime.InteropServices; | ||
using System.Security.Cryptography; | ||
using System.Security.Cryptography.Apple; | ||
|
||
internal static partial class Interop | ||
{ | ||
internal static partial class AppleCrypto | ||
{ | ||
internal static unsafe void ChaCha20Poly1305Encrypt( | ||
ReadOnlySpan<byte> key, | ||
ReadOnlySpan<byte> nonce, | ||
ReadOnlySpan<byte> plaintext, | ||
Span<byte> ciphertext, | ||
Span<byte> tag, | ||
ReadOnlySpan<byte> aad) | ||
{ | ||
fixed (byte* keyPtr = key) | ||
fixed (byte* noncePtr = nonce) | ||
fixed (byte* plaintextPtr = plaintext) | ||
fixed (byte* ciphertextPtr = ciphertext) | ||
fixed (byte* tagPtr = tag) | ||
fixed (byte* aadPtr = aad) | ||
{ | ||
const int Success = 1; | ||
int result = AppleCryptoNative_ChaCha20Poly1305Encrypt( | ||
keyPtr, key.Length, | ||
noncePtr, nonce.Length, | ||
plaintextPtr, plaintext.Length, | ||
ciphertextPtr, ciphertext.Length, | ||
tagPtr, tag.Length, | ||
aadPtr, aad.Length); | ||
|
||
if (result != Success) | ||
{ | ||
Debug.Assert(result == 0); | ||
CryptographicOperations.ZeroMemory(ciphertext); | ||
CryptographicOperations.ZeroMemory(tag); | ||
throw new CryptographicException(); | ||
} | ||
} | ||
} | ||
|
||
internal static unsafe void ChaCha20Poly1305Decrypt( | ||
ReadOnlySpan<byte> key, | ||
ReadOnlySpan<byte> nonce, | ||
ReadOnlySpan<byte> ciphertext, | ||
ReadOnlySpan<byte> tag, | ||
Span<byte> plaintext, | ||
ReadOnlySpan<byte> aad) | ||
{ | ||
fixed (byte* keyPtr = key) | ||
fixed (byte* noncePtr = nonce) | ||
fixed (byte* ciphertextPtr = ciphertext) | ||
fixed (byte* tagPtr = tag) | ||
fixed (byte* plaintextPtr = plaintext) | ||
fixed (byte* aadPtr = aad) | ||
{ | ||
const int Success = 1; | ||
const int AuthTagMismatch = -1; | ||
int result = AppleCryptoNative_ChaCha20Poly1305Decrypt( | ||
keyPtr, key.Length, | ||
noncePtr, nonce.Length, | ||
ciphertextPtr, ciphertext.Length, | ||
tagPtr, tag.Length, | ||
plaintextPtr, plaintext.Length, | ||
aadPtr, aad.Length); | ||
|
||
if (result != Success) | ||
{ | ||
CryptographicOperations.ZeroMemory(plaintext); | ||
|
||
if (result == AuthTagMismatch) | ||
{ | ||
throw new AuthenticationTagMismatchException(); | ||
} | ||
else | ||
{ | ||
Debug.Assert(result == 0); | ||
throw new CryptographicException(); | ||
} | ||
} | ||
} | ||
} | ||
|
||
[LibraryImport(Libraries.AppleCryptoNative)] | ||
private static unsafe partial int AppleCryptoNative_ChaCha20Poly1305Encrypt( | ||
byte* keyPtr, | ||
int keyLength, | ||
byte* noncePtr, | ||
int nonceLength, | ||
byte* plaintextPtr, | ||
int plaintextLength, | ||
byte* ciphertextPtr, | ||
int ciphertextLength, | ||
byte* tagPtr, | ||
int tagLength, | ||
byte* aadPtr, | ||
int aadLength); | ||
|
||
[LibraryImport(Libraries.AppleCryptoNative)] | ||
private static unsafe partial int AppleCryptoNative_ChaCha20Poly1305Decrypt( | ||
byte* keyPtr, | ||
int keyLength, | ||
byte* noncePtr, | ||
int nonceLength, | ||
byte* ciphertextPtr, | ||
int ciphertextLength, | ||
byte* tagPtr, | ||
int tagLength, | ||
byte* plaintextPtr, | ||
int plaintextLength, | ||
byte* aadPtr, | ||
int aadLength); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
72 changes: 72 additions & 0 deletions
72
...s/System.Security.Cryptography/src/System/Security/Cryptography/ChaCha20Poly1305.macOS.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
// Licensed to the .NET Foundation under one or more agreements. | ||
// The .NET Foundation licenses this file to you under the MIT license. | ||
|
||
using System.Diagnostics; | ||
using System.Diagnostics.CodeAnalysis; | ||
|
||
namespace System.Security.Cryptography | ||
{ | ||
public sealed partial class ChaCha20Poly1305 | ||
{ | ||
// CryptoKit added ChaCha20Poly1305 in macOS 10.15, which is our minimum target for macOS. | ||
public static bool IsSupported => true; | ||
private byte[]? _key; | ||
|
||
[MemberNotNull(nameof(_key))] | ||
private void ImportKey(ReadOnlySpan<byte> key) | ||
{ | ||
// We should only be calling this in the constructor, so there shouldn't be a previous key. | ||
Debug.Assert(_key is null); | ||
|
||
// Pin the array on the POH so that the GC doesn't move it around to allow zeroing to be more effective. | ||
_key = GC.AllocateArray<byte>(key.Length, pinned: true); | ||
key.CopyTo(_key); | ||
} | ||
|
||
private void EncryptCore( | ||
ReadOnlySpan<byte> nonce, | ||
ReadOnlySpan<byte> plaintext, | ||
Span<byte> ciphertext, | ||
Span<byte> tag, | ||
ReadOnlySpan<byte> associatedData = default) | ||
{ | ||
CheckDisposed(); | ||
Interop.AppleCrypto.ChaCha20Poly1305Encrypt( | ||
_key, | ||
nonce, | ||
plaintext, | ||
ciphertext, | ||
tag, | ||
associatedData); | ||
} | ||
|
||
private void DecryptCore( | ||
ReadOnlySpan<byte> nonce, | ||
ReadOnlySpan<byte> ciphertext, | ||
ReadOnlySpan<byte> tag, | ||
Span<byte> plaintext, | ||
ReadOnlySpan<byte> associatedData = default) | ||
{ | ||
CheckDisposed(); | ||
Interop.AppleCrypto.ChaCha20Poly1305Decrypt( | ||
_key, | ||
nonce, | ||
ciphertext, | ||
tag, | ||
plaintext, | ||
associatedData); | ||
} | ||
|
||
public void Dispose() | ||
{ | ||
CryptographicOperations.ZeroMemory(_key); | ||
_key = null; | ||
} | ||
|
||
[MemberNotNull(nameof(_key))] | ||
private void CheckDisposed() | ||
{ | ||
ObjectDisposedException.ThrowIf(_key is null, this); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
35 changes: 35 additions & 0 deletions
35
src/native/libs/System.Security.Cryptography.Native.Apple/pal_swiftbindings.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
// Licensed to the .NET Foundation under one or more agreements. | ||
// The .NET Foundation licenses this file to you under the MIT license. | ||
|
||
#pragma once | ||
|
||
#include "pal_types.h" | ||
#include "pal_compiler.h" | ||
|
||
PALEXPORT int32_t AppleCryptoNative_ChaCha20Poly1305Encrypt( | ||
uint8_t* keyPtr, | ||
int32_t keyLength, | ||
uint8_t* noncePtr, | ||
int32_t nonceLength, | ||
uint8_t* plaintextPtr, | ||
int32_t plaintextLength, | ||
uint8_t* ciphertextBuffer, | ||
int32_t ciphertextBufferLength, | ||
uint8_t* tagBuffer, | ||
int32_t tagBufferLength, | ||
uint8_t* aadPtr, | ||
int32_t aadLength); | ||
|
||
PALEXPORT int32_t AppleCryptoNative_ChaCha20Poly1305Decrypt( | ||
uint8_t* keyPtr, | ||
int32_t keyLength, | ||
uint8_t* noncePtr, | ||
int32_t nonceLength, | ||
uint8_t* ciphertextPtr, | ||
int32_t ciphertextLength, | ||
uint8_t* tagPtr, | ||
int32_t tagLength, | ||
uint8_t* plaintextBuffer, | ||
int32_t plaintextBufferLength, | ||
uint8_t* aadPtr, | ||
int32_t aadLength); |
Oops, something went wrong.