diff options
author | sergey.galtsev <sergey.galtsev@mongodb.com> | 2022-02-11 15:51:12 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2022-02-11 16:56:23 +0000 |
commit | aa94639dc75923ec9ae679c6bb8e79c051359b45 (patch) | |
tree | eae8827c4ea3555946cd6118d38f9ca205182a2f /src/mongo/crypto | |
parent | f67fd958c0b9c82e8ca14b004560502a98e71ddd (diff) | |
download | mongo-aa94639dc75923ec9ae679c6bb8e79c051359b45.tar.gz |
SERVER-63188 Add AES-CTR support for macOS
Diffstat (limited to 'src/mongo/crypto')
-rw-r--r-- | src/mongo/crypto/symmetric_crypto_apple.cpp | 54 | ||||
-rw-r--r-- | src/mongo/crypto/symmetric_crypto_test.cpp | 20 |
2 files changed, 45 insertions, 29 deletions
diff --git a/src/mongo/crypto/symmetric_crypto_apple.cpp b/src/mongo/crypto/symmetric_crypto_apple.cpp index e3864e84dbe..14c77e0650c 100644 --- a/src/mongo/crypto/symmetric_crypto_apple.cpp +++ b/src/mongo/crypto/symmetric_crypto_apple.cpp @@ -56,28 +56,44 @@ public: std::is_same<Parent, SymmetricDecryptor>::value, "SymmetricImplApple must inherit from SymmetricEncryptor or SymmetricDecryptor"); - uassert(ErrorCodes::UnsupportedFormat, - "Native crypto on this platform only supports AES256-CBC", - mode == aesMode::cbc); - - // Note: AES256 uses a 256byte keysize, - // but is still functionally a 128bit block algorithm. - // Therefore we expect a 128 bit block length. - uassert(ErrorCodes::BadValue, - str::stream() << "Invalid ivlen for selected algorithm, expected " - << kCCBlockSizeAES128 << ", got " << static_cast<int>(iv.length()), - iv.length() == kCCBlockSizeAES128); + CCMode ccMode; + if (mode == aesMode::cbc) { + ccMode = kCCModeCBC; + uassert(ErrorCodes::BadValue, + str::stream() << "Invalid ivlen for selected algorithm, expected " + << aesCBCIVSize << ", got " << static_cast<int>(iv.length()), + iv.length() == aesCBCIVSize); + } else if (mode == aesMode::ctr) { + ccMode = kCCModeCTR; + uassert(ErrorCodes::BadValue, + str::stream() << "Invalid ivlen for selected algorithm, expected " + << aesCTRIVSize << ", got " << static_cast<int>(iv.length()), + iv.length() == aesCTRIVSize); + } else { + uassert(ErrorCodes::UnsupportedFormat, + "Native crypto on this platform only supports AES256-CBC or AES256-CTR", + false); + } CCCryptorRef context = nullptr; constexpr auto op = std::is_same<Parent, SymmetricEncryptor>::value ? kCCEncrypt : kCCDecrypt; - const auto status = CCCryptorCreate(op, - kCCAlgorithmAES, - kCCOptionPKCS7Padding, - key.getKey(), - key.getKeySize(), - iv.data<std::uint8_t>(), - &context); + constexpr void* tweak = nullptr; + constexpr size_t tweakLength = 0; + constexpr int numRounds = 0; + constexpr CCModeOptions ccModeOptions = 0; + const auto status = CCCryptorCreateWithMode(op, + ccMode, + kCCAlgorithmAES, + kCCOptionPKCS7Padding, + iv.data<std::uint8_t>(), + key.getKey(), + key.getKeySize(), + tweak, + tweakLength, + numRounds, + ccModeOptions, + &context); uassert(ErrorCodes::UnknownError, str::stream() << "CCCryptorCreate failure: " << status, status == kCCSuccess); @@ -143,7 +159,7 @@ public: } // namespace std::set<std::string> getSupportedSymmetricAlgorithms() { - return {aes256CBCName}; + return {aes256CBCName, aes256CTRName}; } Status engineRandBytes(DataRange buffer) { diff --git a/src/mongo/crypto/symmetric_crypto_test.cpp b/src/mongo/crypto/symmetric_crypto_test.cpp index 704d4bf9fde..db1fb524b5f 100644 --- a/src/mongo/crypto/symmetric_crypto_test.cpp +++ b/src/mongo/crypto/symmetric_crypto_test.cpp @@ -465,7 +465,7 @@ TEST(AES, GCMAdditionalAuthenticatedData) { GCMAdditionalAuthenticatedDataHelper(false); } -class AESGCMTestVectors : public unittest::Test { +class AESTestVectors : public unittest::Test { public: class GCMTestVector { public: @@ -626,7 +626,7 @@ public: /** Test vectors drawn from * https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf */ -TEST_F(AESGCMTestVectors, TestCase13) { +TEST_F(AESTestVectors, GCMTestCase13) { evaluate( GCMTestVector("00000000000000000000000000000000" "00000000000000000000000000000000"_sd, @@ -637,7 +637,7 @@ TEST_F(AESGCMTestVectors, TestCase13) { "530f8afbc74536b9a963b4f1c4cb738b"_sd)); } -TEST_F(AESGCMTestVectors, TestCase14) { +TEST_F(AESTestVectors, GCMTestCase14) { evaluate( GCMTestVector("00000000000000000000000000000000" "00000000000000000000000000000000"_sd, @@ -648,7 +648,7 @@ TEST_F(AESGCMTestVectors, TestCase14) { "d0d1c8a799996bf0265b98b5d48ab919"_sd)); } -TEST_F(AESGCMTestVectors, TestCase15) { +TEST_F(AESTestVectors, GCMTestCase15) { evaluate( GCMTestVector("feffe9928665731c6d6a8f9467308308" "feffe9928665731c6d6a8f9467308308"_sd, @@ -665,7 +665,7 @@ TEST_F(AESGCMTestVectors, TestCase15) { "b094dac5d93471bdec1a502270e3cc6c"_sd)); } -TEST_F(AESGCMTestVectors, TestCase16) { +TEST_F(AESTestVectors, GCMTestCase16) { evaluate( GCMTestVector("feffe9928665731c6d6a8f9467308308" "feffe9928665731c6d6a8f9467308308"_sd, @@ -686,7 +686,7 @@ TEST_F(AESGCMTestVectors, TestCase16) { // AES-CTR test vectors are obtained here: // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf -TEST_F(AESGCMTestVectors, CTRTestCase1) { +TEST_F(AESTestVectors, CTRTestCase1) { evaluate( CTRTestVector("603deb1015ca71be2b73aef0857d7781" "1f352c073b6108d72d9810a30914dff4", @@ -695,7 +695,7 @@ TEST_F(AESGCMTestVectors, CTRTestCase1) { "601ec313775789a5b7a7f504bbf3d228")); } -TEST_F(AESGCMTestVectors, CTRTestCase2) { +TEST_F(AESTestVectors, CTRTestCase2) { evaluate( CTRTestVector("603deb1015ca71be2b73aef0857d7781" "1f352c073b6108d72d9810a30914dff4", @@ -704,7 +704,7 @@ TEST_F(AESGCMTestVectors, CTRTestCase2) { "f443e3ca4d62b59aca84e990cacaf5c5")); } -TEST_F(AESGCMTestVectors, CTRTestCase3) { +TEST_F(AESTestVectors, CTRTestCase3) { evaluate( CTRTestVector("603deb1015ca71be2b73aef0857d7781" "1f352c073b6108d72d9810a30914dff4", @@ -713,7 +713,7 @@ TEST_F(AESGCMTestVectors, CTRTestCase3) { "2b0930daa23de94ce87017ba2d84988d")); } -TEST_F(AESGCMTestVectors, CTRTestCase4) { +TEST_F(AESTestVectors, CTRTestCase4) { evaluate( CTRTestVector("603deb1015ca71be2b73aef0857d7781" "1f352c073b6108d72d9810a30914dff4", @@ -722,7 +722,7 @@ TEST_F(AESGCMTestVectors, CTRTestCase4) { "dfc9c58db67aada613c2dd08457941a6")); } -TEST_F(AESGCMTestVectors, CTRTestCase1234) { +TEST_F(AESTestVectors, CTRTestCase1234) { evaluate( CTRTestVector("603deb1015ca71be2b73aef0857d7781" "1f352c073b6108d72d9810a30914dff4", |