Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2018 Yubico AB. All rights reserved. |
3 | | * Use of this source code is governed by a BSD-style |
4 | | * license that can be found in the LICENSE file. |
5 | | */ |
6 | | |
7 | | #include <openssl/evp.h> |
8 | | #include <string.h> |
9 | | |
10 | | #include "fido.h" |
11 | | |
12 | | int |
13 | | aes256_cbc_enc(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out) |
14 | 2.75k | { |
15 | 2.75k | EVP_CIPHER_CTX *ctx = NULL; |
16 | 2.75k | unsigned char iv[32]; |
17 | 2.75k | int len; |
18 | 2.75k | int ok = -1; |
19 | 2.75k | |
20 | 2.75k | memset(iv, 0, sizeof(iv)); |
21 | 2.75k | out->ptr = NULL; |
22 | 2.75k | out->len = 0; |
23 | 2.75k | |
24 | 2.75k | /* sanity check */ |
25 | 2.75k | if (in->len > INT_MAX || (in->len % 16) != 0 || |
26 | 2.75k | (out->ptr = calloc(1, in->len)) == NULL) { |
27 | 7 | fido_log_debug("%s: in->len=%zu", __func__, in->len); |
28 | 7 | goto fail; |
29 | 7 | } |
30 | 2.74k | |
31 | 2.74k | if ((ctx = EVP_CIPHER_CTX_new()) == NULL || key->len != 32 || |
32 | 2.74k | !EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ptr, iv) || |
33 | 2.74k | !EVP_CIPHER_CTX_set_padding(ctx, 0) || |
34 | 2.74k | !EVP_EncryptUpdate(ctx, out->ptr, &len, in->ptr, (int)in->len) || |
35 | 2.74k | len < 0 || (size_t)len != in->len) { |
36 | 32 | fido_log_debug("%s: EVP_Encrypt", __func__); |
37 | 32 | goto fail; |
38 | 32 | } |
39 | 2.71k | |
40 | 2.71k | out->len = (size_t)len; |
41 | 2.71k | |
42 | 2.71k | ok = 0; |
43 | 2.75k | fail: |
44 | 2.75k | if (ctx != NULL) |
45 | 2.75k | EVP_CIPHER_CTX_free(ctx); |
46 | 2.75k | |
47 | 2.75k | if (ok < 0) { |
48 | 39 | free(out->ptr); |
49 | 39 | out->ptr = NULL; |
50 | 39 | out->len = 0; |
51 | 39 | } |
52 | 2.75k | |
53 | 2.75k | return (ok); |
54 | 2.71k | } |
55 | | |
56 | | int |
57 | | aes256_cbc_dec(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out) |
58 | 2.08k | { |
59 | 2.08k | EVP_CIPHER_CTX *ctx = NULL; |
60 | 2.08k | unsigned char iv[32]; |
61 | 2.08k | int len; |
62 | 2.08k | int ok = -1; |
63 | 2.08k | |
64 | 2.08k | memset(iv, 0, sizeof(iv)); |
65 | 2.08k | out->ptr = NULL; |
66 | 2.08k | out->len = 0; |
67 | 2.08k | |
68 | 2.08k | /* sanity check */ |
69 | 2.08k | if (in->len > INT_MAX || (in->len % 16) != 0 || |
70 | 2.08k | (out->ptr = calloc(1, in->len)) == NULL) { |
71 | 31 | fido_log_debug("%s: in->len=%zu", __func__, in->len); |
72 | 31 | goto fail; |
73 | 31 | } |
74 | 2.05k | |
75 | 2.05k | if ((ctx = EVP_CIPHER_CTX_new()) == NULL || key->len != 32 || |
76 | 2.05k | !EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ptr, iv) || |
77 | 2.05k | !EVP_CIPHER_CTX_set_padding(ctx, 0) || |
78 | 2.05k | !EVP_DecryptUpdate(ctx, out->ptr, &len, in->ptr, (int)in->len) || |
79 | 2.05k | len < 0 || (size_t)len > in->len + 32) { |
80 | 23 | fido_log_debug("%s: EVP_Decrypt", __func__); |
81 | 23 | goto fail; |
82 | 23 | } |
83 | 2.03k | |
84 | 2.03k | out->len = (size_t)len; |
85 | 2.03k | |
86 | 2.03k | ok = 0; |
87 | 2.08k | fail: |
88 | 2.08k | if (ctx != NULL) |
89 | 2.08k | EVP_CIPHER_CTX_free(ctx); |
90 | 2.08k | |
91 | 2.08k | if (ok < 0) { |
92 | 54 | free(out->ptr); |
93 | 54 | out->ptr = NULL; |
94 | 54 | out->len = 0; |
95 | 54 | } |
96 | 2.08k | |
97 | 2.08k | return (ok); |
98 | 2.03k | } |