Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2018 Yubico AB. All rights reserved. |
3 | | * Use of this source code is governed by a BSD-style |
4 | | * license that can be found in the LICENSE file. |
5 | | */ |
6 | | |
7 | | #include <openssl/evp.h> |
8 | | #include <string.h> |
9 | | |
10 | | #include "fido.h" |
11 | | |
12 | | int |
13 | | aes256_cbc_enc(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out) |
14 | 2.93k | { |
15 | 2.93k | EVP_CIPHER_CTX *ctx = NULL; |
16 | 2.93k | unsigned char iv[32]; |
17 | 2.93k | int len; |
18 | 2.93k | int ok = -1; |
19 | 2.93k | |
20 | 2.93k | memset(iv, 0, sizeof(iv)); |
21 | 2.93k | out->ptr = NULL; |
22 | 2.93k | out->len = 0; |
23 | 2.93k | |
24 | 2.93k | /* sanity check */ |
25 | 2.93k | if (in->len > INT_MAX || (in->len % 16) != 0 || |
26 | 2.93k | (out->ptr = calloc(1, in->len)) == NULL) { |
27 | 9 | fido_log_debug("%s: in->len=%zu", __func__, in->len); |
28 | 9 | goto fail; |
29 | 9 | } |
30 | 2.92k | |
31 | 2.92k | if ((ctx = EVP_CIPHER_CTX_new()) == NULL || key->len != 32 || |
32 | 2.92k | !EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ptr, iv) || |
33 | 2.92k | !EVP_CIPHER_CTX_set_padding(ctx, 0) || |
34 | 2.92k | !EVP_EncryptUpdate(ctx, out->ptr, &len, in->ptr, (int)in->len) || |
35 | 2.92k | len < 0 || (size_t)len != in->len) { |
36 | 40 | fido_log_debug("%s: EVP_Encrypt", __func__); |
37 | 40 | goto fail; |
38 | 40 | } |
39 | 2.88k | |
40 | 2.88k | out->len = (size_t)len; |
41 | 2.88k | |
42 | 2.88k | ok = 0; |
43 | 2.93k | fail: |
44 | 2.93k | if (ctx != NULL) |
45 | 2.93k | EVP_CIPHER_CTX_free(ctx); |
46 | 2.93k | |
47 | 2.93k | if (ok < 0) { |
48 | 49 | free(out->ptr); |
49 | 49 | out->ptr = NULL; |
50 | 49 | out->len = 0; |
51 | 49 | } |
52 | 2.93k | |
53 | 2.93k | return (ok); |
54 | 2.88k | } |
55 | | |
56 | | int |
57 | | aes256_cbc_dec(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out) |
58 | 2.20k | { |
59 | 2.20k | EVP_CIPHER_CTX *ctx = NULL; |
60 | 2.20k | unsigned char iv[32]; |
61 | 2.20k | int len; |
62 | 2.20k | int ok = -1; |
63 | 2.20k | |
64 | 2.20k | memset(iv, 0, sizeof(iv)); |
65 | 2.20k | out->ptr = NULL; |
66 | 2.20k | out->len = 0; |
67 | 2.20k | |
68 | 2.20k | /* sanity check */ |
69 | 2.20k | if (in->len > INT_MAX || (in->len % 16) != 0 || |
70 | 2.20k | (out->ptr = calloc(1, in->len)) == NULL) { |
71 | 31 | fido_log_debug("%s: in->len=%zu", __func__, in->len); |
72 | 31 | goto fail; |
73 | 31 | } |
74 | 2.17k | |
75 | 2.17k | if ((ctx = EVP_CIPHER_CTX_new()) == NULL || key->len != 32 || |
76 | 2.17k | !EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ptr, iv) || |
77 | 2.17k | !EVP_CIPHER_CTX_set_padding(ctx, 0) || |
78 | 2.17k | !EVP_DecryptUpdate(ctx, out->ptr, &len, in->ptr, (int)in->len) || |
79 | 2.17k | len < 0 || (size_t)len > in->len + 32) { |
80 | 28 | fido_log_debug("%s: EVP_Decrypt", __func__); |
81 | 28 | goto fail; |
82 | 28 | } |
83 | 2.14k | |
84 | 2.14k | out->len = (size_t)len; |
85 | 2.14k | |
86 | 2.14k | ok = 0; |
87 | 2.20k | fail: |
88 | 2.20k | if (ctx != NULL) |
89 | 2.20k | EVP_CIPHER_CTX_free(ctx); |
90 | 2.20k | |
91 | 2.20k | if (ok < 0) { |
92 | 59 | free(out->ptr); |
93 | 59 | out->ptr = NULL; |
94 | 59 | out->len = 0; |
95 | 59 | } |
96 | 2.20k | |
97 | 2.20k | return (ok); |
98 | 2.14k | } |