Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2018 Yubico AB. All rights reserved. |
3 | | * Use of this source code is governed by a BSD-style |
4 | | * license that can be found in the LICENSE file. |
5 | | */ |
6 | | |
7 | | #include <openssl/evp.h> |
8 | | #include <string.h> |
9 | | |
10 | | #include "fido.h" |
11 | | |
12 | | int |
13 | | aes256_cbc_enc(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out) |
14 | 4.48k | { |
15 | 4.48k | EVP_CIPHER_CTX *ctx = NULL; |
16 | 4.48k | unsigned char iv[32]; |
17 | 4.48k | int len; |
18 | 4.48k | int ok = -1; |
19 | 4.48k | |
20 | 4.48k | memset(iv, 0, sizeof(iv)); |
21 | 4.48k | out->ptr = NULL; |
22 | 4.48k | out->len = 0; |
23 | 4.48k | |
24 | 4.48k | /* sanity check */ |
25 | 4.48k | if (in->len > INT_MAX || (in->len % 16) != 0 || |
26 | 4.48k | (out->ptr = calloc(1, in->len)) == NULL) { |
27 | 12 | fido_log_debug("%s: in->len=%zu", __func__, in->len); |
28 | 12 | goto fail; |
29 | 12 | } |
30 | 4.47k | |
31 | 4.47k | if ((ctx = EVP_CIPHER_CTX_new()) == NULL || key->len != 32 || |
32 | 4.47k | !EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ptr, iv) || |
33 | 4.47k | !EVP_CIPHER_CTX_set_padding(ctx, 0) || |
34 | 4.47k | !EVP_EncryptUpdate(ctx, out->ptr, &len, in->ptr, (int)in->len) || |
35 | 4.47k | len < 0 || (size_t)len != in->len) { |
36 | 67 | fido_log_debug("%s: EVP_Encrypt", __func__); |
37 | 67 | goto fail; |
38 | 67 | } |
39 | 4.40k | |
40 | 4.40k | out->len = (size_t)len; |
41 | 4.40k | |
42 | 4.40k | ok = 0; |
43 | 4.48k | fail: |
44 | 4.48k | if (ctx != NULL) |
45 | 4.48k | EVP_CIPHER_CTX_free(ctx); |
46 | 4.48k | |
47 | 4.48k | if (ok < 0) { |
48 | 79 | free(out->ptr); |
49 | 79 | out->ptr = NULL; |
50 | 79 | out->len = 0; |
51 | 79 | } |
52 | 4.48k | |
53 | 4.48k | return (ok); |
54 | 4.40k | } |
55 | | |
56 | | int |
57 | | aes256_cbc_dec(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out) |
58 | 3.24k | { |
59 | 3.24k | EVP_CIPHER_CTX *ctx = NULL; |
60 | 3.24k | unsigned char iv[32]; |
61 | 3.24k | int len; |
62 | 3.24k | int ok = -1; |
63 | 3.24k | |
64 | 3.24k | memset(iv, 0, sizeof(iv)); |
65 | 3.24k | out->ptr = NULL; |
66 | 3.24k | out->len = 0; |
67 | 3.24k | |
68 | 3.24k | /* sanity check */ |
69 | 3.24k | if (in->len > INT_MAX || (in->len % 16) != 0 || |
70 | 3.24k | (out->ptr = calloc(1, in->len)) == NULL) { |
71 | 58 | fido_log_debug("%s: in->len=%zu", __func__, in->len); |
72 | 58 | goto fail; |
73 | 58 | } |
74 | 3.18k | |
75 | 3.18k | if ((ctx = EVP_CIPHER_CTX_new()) == NULL || key->len != 32 || |
76 | 3.18k | !EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ptr, iv) || |
77 | 3.18k | !EVP_CIPHER_CTX_set_padding(ctx, 0) || |
78 | 3.18k | !EVP_DecryptUpdate(ctx, out->ptr, &len, in->ptr, (int)in->len) || |
79 | 3.18k | len < 0 || (size_t)len > in->len + 32) { |
80 | 41 | fido_log_debug("%s: EVP_Decrypt", __func__); |
81 | 41 | goto fail; |
82 | 41 | } |
83 | 3.14k | |
84 | 3.14k | out->len = (size_t)len; |
85 | 3.14k | |
86 | 3.14k | ok = 0; |
87 | 3.24k | fail: |
88 | 3.24k | if (ctx != NULL) |
89 | 3.24k | EVP_CIPHER_CTX_free(ctx); |
90 | 3.24k | |
91 | 3.24k | if (ok < 0) { |
92 | 99 | free(out->ptr); |
93 | 99 | out->ptr = NULL; |
94 | 99 | out->len = 0; |
95 | 99 | } |
96 | 3.24k | |
97 | 3.24k | return (ok); |
98 | 3.14k | } |