2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
29 #include <openssl/evp.h>
31 #include <yaca_crypto.h>
32 #include <yaca_encrypt.h>
33 #include <yaca_error.h>
38 static const size_t DEFAULT_GCM_TAG_LEN = 16;
39 static const size_t DEFAULT_CCM_TAG_LEN = 12;
42 yaca_encrypt_algorithm_e algo;
43 yaca_block_cipher_mode_e bcm;
45 const EVP_CIPHER *(*cipher)(void);
46 } ENCRYPTION_CIPHERS[] = {
47 {YACA_ENCRYPT_AES, YACA_BCM_CBC, 128, EVP_aes_128_cbc},
48 {YACA_ENCRYPT_AES, YACA_BCM_CCM, 128, EVP_aes_128_ccm},
49 {YACA_ENCRYPT_AES, YACA_BCM_CFB, 128, EVP_aes_128_cfb},
50 {YACA_ENCRYPT_AES, YACA_BCM_CFB1, 128, EVP_aes_128_cfb1},
51 {YACA_ENCRYPT_AES, YACA_BCM_CFB8, 128, EVP_aes_128_cfb8},
52 {YACA_ENCRYPT_AES, YACA_BCM_CTR, 128, EVP_aes_128_ctr},
53 {YACA_ENCRYPT_AES, YACA_BCM_ECB, 128, EVP_aes_128_ecb},
54 {YACA_ENCRYPT_AES, YACA_BCM_GCM, 128, EVP_aes_128_gcm},
55 {YACA_ENCRYPT_AES, YACA_BCM_OFB, 128, EVP_aes_128_ofb},
56 {YACA_ENCRYPT_AES, YACA_BCM_WRAP, 128, EVP_aes_128_wrap},
58 {YACA_ENCRYPT_AES, YACA_BCM_CBC, 192, EVP_aes_192_cbc},
59 {YACA_ENCRYPT_AES, YACA_BCM_CCM, 192, EVP_aes_192_ccm},
60 {YACA_ENCRYPT_AES, YACA_BCM_CFB, 192, EVP_aes_192_cfb},
61 {YACA_ENCRYPT_AES, YACA_BCM_CFB1, 192, EVP_aes_192_cfb1},
62 {YACA_ENCRYPT_AES, YACA_BCM_CFB8, 192, EVP_aes_192_cfb8},
63 {YACA_ENCRYPT_AES, YACA_BCM_CTR, 192, EVP_aes_192_ctr},
64 {YACA_ENCRYPT_AES, YACA_BCM_ECB, 192, EVP_aes_192_ecb},
65 {YACA_ENCRYPT_AES, YACA_BCM_GCM, 192, EVP_aes_192_gcm},
66 {YACA_ENCRYPT_AES, YACA_BCM_OFB, 192, EVP_aes_192_ofb},
67 {YACA_ENCRYPT_AES, YACA_BCM_WRAP, 192, EVP_aes_192_wrap},
69 {YACA_ENCRYPT_AES, YACA_BCM_CBC, 256, EVP_aes_256_cbc},
70 {YACA_ENCRYPT_AES, YACA_BCM_CCM, 256, EVP_aes_256_ccm},
71 {YACA_ENCRYPT_AES, YACA_BCM_CFB, 256, EVP_aes_256_cfb},
72 {YACA_ENCRYPT_AES, YACA_BCM_CFB1, 256, EVP_aes_256_cfb1},
73 {YACA_ENCRYPT_AES, YACA_BCM_CFB8, 256, EVP_aes_256_cfb8},
74 {YACA_ENCRYPT_AES, YACA_BCM_CTR, 256, EVP_aes_256_ctr},
75 {YACA_ENCRYPT_AES, YACA_BCM_ECB, 256, EVP_aes_256_ecb},
76 {YACA_ENCRYPT_AES, YACA_BCM_GCM, 256, EVP_aes_256_gcm},
77 {YACA_ENCRYPT_AES, YACA_BCM_OFB, 256, EVP_aes_256_ofb},
78 {YACA_ENCRYPT_AES, YACA_BCM_WRAP, 256, EVP_aes_256_wrap},
80 {YACA_ENCRYPT_UNSAFE_DES, YACA_BCM_CBC, -1, EVP_des_cbc},
81 {YACA_ENCRYPT_UNSAFE_DES, YACA_BCM_CFB, -1, EVP_des_cfb},
82 {YACA_ENCRYPT_UNSAFE_DES, YACA_BCM_CFB1, -1, EVP_des_cfb1},
83 {YACA_ENCRYPT_UNSAFE_DES, YACA_BCM_CFB8, -1, EVP_des_cfb8},
84 {YACA_ENCRYPT_UNSAFE_DES, YACA_BCM_ECB, -1, EVP_des_ecb},
85 {YACA_ENCRYPT_UNSAFE_DES, YACA_BCM_OFB, -1, EVP_des_ofb},
87 {YACA_ENCRYPT_UNSAFE_3DES_2TDEA, YACA_BCM_CBC, -1, EVP_des_ede_cbc},
88 {YACA_ENCRYPT_UNSAFE_3DES_2TDEA, YACA_BCM_CFB, -1, EVP_des_ede_cfb},
89 {YACA_ENCRYPT_UNSAFE_3DES_2TDEA, YACA_BCM_ECB, -1, EVP_des_ede_ecb},
90 {YACA_ENCRYPT_UNSAFE_3DES_2TDEA, YACA_BCM_OFB, -1, EVP_des_ede_ofb},
92 {YACA_ENCRYPT_3DES_3TDEA, YACA_BCM_CBC, -1, EVP_des_ede3_cbc},
93 {YACA_ENCRYPT_3DES_3TDEA, YACA_BCM_CFB, -1, EVP_des_ede3_cfb},
94 {YACA_ENCRYPT_3DES_3TDEA, YACA_BCM_CFB1, -1, EVP_des_ede3_cfb1},
95 {YACA_ENCRYPT_3DES_3TDEA, YACA_BCM_CFB8, -1, EVP_des_ede3_cfb8},
96 {YACA_ENCRYPT_3DES_3TDEA, YACA_BCM_ECB, -1, EVP_des_ede3_ecb},
97 {YACA_ENCRYPT_3DES_3TDEA, YACA_BCM_OFB, -1, EVP_des_ede3_ofb},
98 {YACA_ENCRYPT_3DES_3TDEA, YACA_BCM_WRAP, -1, EVP_des_ede3_wrap},
100 {YACA_ENCRYPT_UNSAFE_RC2, YACA_BCM_CBC, -1, EVP_rc2_cbc},
101 {YACA_ENCRYPT_UNSAFE_RC2, YACA_BCM_CFB, -1, EVP_rc2_cfb},
102 {YACA_ENCRYPT_UNSAFE_RC2, YACA_BCM_ECB, -1, EVP_rc2_ecb},
103 {YACA_ENCRYPT_UNSAFE_RC2, YACA_BCM_OFB, -1, EVP_rc2_ofb},
105 {YACA_ENCRYPT_UNSAFE_RC4, YACA_BCM_NONE, -1, EVP_rc4},
107 {YACA_ENCRYPT_CAST5, YACA_BCM_CBC, -1, EVP_cast5_cbc},
108 {YACA_ENCRYPT_CAST5, YACA_BCM_CFB, -1, EVP_cast5_cfb},
109 {YACA_ENCRYPT_CAST5, YACA_BCM_ECB, -1, EVP_cast5_ecb},
110 {YACA_ENCRYPT_CAST5, YACA_BCM_OFB, -1, EVP_cast5_ofb},
113 static const size_t ENCRYPTION_CIPHERS_SIZE = sizeof(ENCRYPTION_CIPHERS) / sizeof(ENCRYPTION_CIPHERS[0]);
115 static bool is_encryption_op(enum encrypt_op_type_e op_type)
117 return (op_type == OP_ENCRYPT || op_type == OP_SEAL);
120 static bool DEFAULT_STATES[STATE_COUNT][STATE_COUNT] = {
121 /* from \ to INIT, MLEN, AAD, MSG, TAG, TLEN, FIN */
122 /* INIT */ { 0, 0, 0, 1, 0, 0, 1 },
123 /* MLEN */ { 0, 0, 0, 0, 0, 0, 0 },
124 /* AAD */ { 0, 0, 0, 0, 0, 0, 0 },
125 /* MSG */ { 0, 0, 0, 1, 0, 0, 1 },
126 /* TAG */ { 0, 0, 0, 0, 0, 0, 0 },
127 /* TLEN */ { 0, 0, 0, 0, 0, 0, 0 },
128 /* FIN */ { 0, 0, 0, 0, 0, 0, 0 },
131 static bool GCM_STATES[2][STATE_COUNT][STATE_COUNT] = { {
133 /* from \ to INIT, MLEN, AAD, MSG, TAG, TLEN, FIN */
134 /* INIT */ { 0, 0, 1, 1, 0, 0, 1 },
135 /* MLEN */ { 0, 0, 0, 0, 0, 0, 0 },
136 /* AAD */ { 0, 0, 1, 1, 0, 0, 1 },
137 /* MSG */ { 0, 0, 0, 1, 0, 0, 1 },
138 /* TAG */ { 0, 0, 0, 0, 0, 0, 0 },
139 /* TLEN */ { 0, 0, 0, 0, 0, 0, 0 },
140 /* FIN */ { 0, 0, 0, 0, 0, 1, 0 },
143 /* from \ to INIT, MLEN, AAD, MSG, TAG, TLEN, FIN */
144 /* INIT */ { 0, 0, 1, 1, 1, 0, 0 },
145 /* MLEN */ { 0, 0, 0, 0, 0, 0, 0 },
146 /* AAD */ { 0, 0, 1, 1, 1, 0, 0 },
147 /* MSG */ { 0, 0, 0, 1, 1, 0, 0 },
148 /* TAG */ { 0, 0, 0, 0, 0, 0, 1 },
149 /* TLEN */ { 0, 0, 0, 0, 0, 0, 0 },
150 /* FIN */ { 0, 0, 0, 0, 0, 0, 0 },
153 static bool CCM_STATES[2][STATE_COUNT][STATE_COUNT] = { {
155 /* from \ to INIT, MLEN, AAD, MSG, TAG, TLEN, FIN */
156 /* INIT */ { 0, 1, 0, 1, 0, 1, 0 },
157 /* MLEN */ { 0, 0, 1, 0, 0, 0, 0 },
158 /* AAD */ { 0, 0, 0, 1, 0, 0, 0 },
159 /* MSG */ { 0, 0, 0, 0, 0, 0, 1 },
160 /* TAG */ { 0, 0, 0, 0, 0, 0, 0 },
161 /* TLEN */ { 0, 1, 0, 1, 0, 0, 0 },
162 /* FIN */ { 0, 0, 0, 0, 0, 0, 0 },
165 /* from \ to INIT, MLEN, AAD, MSG, TAG, TLEN, FIN */
166 /* INIT */ { 0, 0, 0, 0, 1, 0, 0 },
167 /* MLEN */ { 0, 0, 1, 0, 0, 0, 0 },
168 /* AAD */ { 0, 0, 0, 1, 0, 0, 0 },
169 /* MSG */ { 0, 0, 0, 0, 0, 0, 1 },
170 /* TAG */ { 0, 1, 0, 1, 0, 0, 0 },
171 /* TLEN */ { 0, 0, 0, 0, 0, 0, 0 },
172 /* FIN */ { 0, 0, 0, 0, 0, 0, 0 },
175 static bool WRAP_STATES[STATE_COUNT][STATE_COUNT] = {
176 /* from \ to INIT, MLEN, AAD, MSG, TAG, TLEN, FIN */
177 /* INIT */ { 0, 0, 0, 1, 0, 0, 0 },
178 /* MLEN */ { 0, 0, 0, 0, 0, 0, 0 },
179 /* AAD */ { 0, 0, 0, 0, 0, 0, 0 },
180 /* MSG */ { 0, 0, 0, 0, 0, 0, 1 },
181 /* TAG */ { 0, 0, 0, 0, 0, 0, 0 },
182 /* TLEN */ { 0, 0, 0, 0, 0, 0, 0 },
183 /* FIN */ { 0, 0, 0, 0, 0, 0, 0 },
186 static bool verify_state_change(struct yaca_encrypt_context_s *c, enum encrypt_context_state_e to)
188 int mode = EVP_CIPHER_CTX_mode(c->cipher_ctx);
189 bool encryption = is_encryption_op(c->op_type);
192 if (mode == EVP_CIPH_CCM_MODE)
193 return CCM_STATES[encryption ? 0 : 1][from][to];
194 else if (mode == EVP_CIPH_GCM_MODE)
195 return GCM_STATES[encryption ? 0 : 1][from][to];
196 else if (mode == EVP_CIPH_WRAP_MODE)
197 return WRAP_STATES[from][to];
199 return DEFAULT_STATES[from][to];
204 static const size_t VALID_GCM_TAG_LENGTHS[] = { 4, 8, 12, 13, 14, 15, 16 };
205 static const size_t VALID_GCM_TAG_LENGTHS_LENGTH =
206 sizeof(VALID_GCM_TAG_LENGTHS) / sizeof(VALID_GCM_TAG_LENGTHS[0]);
208 struct yaca_encrypt_context_s *get_encrypt_context(const yaca_context_h ctx)
210 if (ctx == YACA_CONTEXT_NULL)
214 case YACA_CONTEXT_ENCRYPT:
215 return (struct yaca_encrypt_context_s *)ctx;
221 void destroy_encrypt_context(const yaca_context_h ctx)
223 struct yaca_encrypt_context_s *c = get_encrypt_context(ctx);
228 if (c->backup_ctx != NULL) {
229 yaca_key_destroy(c->backup_ctx->iv);
230 yaca_key_destroy(c->backup_ctx->sym_key);
231 yaca_free(c->backup_ctx);
232 c->backup_ctx = NULL;
235 EVP_CIPHER_CTX_free(c->cipher_ctx);
236 c->cipher_ctx = NULL;
239 int get_encrypt_output_length(const yaca_context_h ctx, size_t input_len, size_t *output_len)
241 assert(output_len != NULL);
243 struct yaca_encrypt_context_s *c = get_encrypt_context(ctx);
247 return YACA_ERROR_INVALID_PARAMETER;
248 assert(c->cipher_ctx != NULL);
250 block_size = EVP_CIPHER_CTX_block_size(c->cipher_ctx);
251 if (block_size <= 0) {
252 ERROR_DUMP(YACA_ERROR_INTERNAL);
253 return YACA_ERROR_INTERNAL;
257 if ((size_t)block_size > SIZE_MAX - input_len + 1)
258 return YACA_ERROR_INVALID_PARAMETER;
260 *output_len = block_size + input_len - 1;
262 *output_len = block_size;
264 if (*output_len == 0)
265 return YACA_ERROR_INTERNAL;
267 return YACA_ERROR_NONE;
270 int get_wrap_output_length(const yaca_context_h ctx, size_t input_len, size_t *output_len)
272 assert(output_len != NULL);
274 struct yaca_encrypt_context_s *c = get_encrypt_context(ctx);
276 return YACA_ERROR_INVALID_PARAMETER;
277 assert(c->cipher_ctx != NULL);
279 bool encryption = is_encryption_op(c->op_type);
280 int type = EVP_CIPHER_CTX_type(c->cipher_ctx);
283 if (type == NID_id_aes128_wrap || type == NID_id_aes192_wrap || type == NID_id_aes256_wrap) {
284 *output_len = encryption ? input_len + 8 : input_len - 8;
285 } else if (type == NID_id_smime_alg_CMS3DESwrap) {
286 *output_len = encryption ? input_len + 16 : input_len - 16;
289 return YACA_ERROR_INTERNAL;
295 return YACA_ERROR_NONE;
298 static int encrypt_ctx_create(struct yaca_encrypt_context_s **c,
299 enum encrypt_op_type_e op_type,
300 const EVP_CIPHER *cipher)
304 struct yaca_encrypt_context_s *nc;
307 assert(cipher != NULL);
309 ret = yaca_zalloc(sizeof(struct yaca_encrypt_context_s), (void**)&nc);
310 if (ret != YACA_ERROR_NONE)
313 mode = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
315 nc->ctx.type = YACA_CONTEXT_ENCRYPT;
316 nc->backup_ctx = NULL;
317 nc->ctx.context_destroy = destroy_encrypt_context;
318 nc->ctx.get_output_length = (mode == EVP_CIPH_WRAP_MODE) ?
319 get_wrap_output_length :
320 get_encrypt_output_length;
321 nc->ctx.set_property = set_encrypt_property;
322 nc->ctx.get_property = get_encrypt_property;
323 nc->op_type = op_type;
326 /* set default tag length for GCM and CCM */
327 if (mode == EVP_CIPH_GCM_MODE)
328 nc->tag_len = DEFAULT_GCM_TAG_LEN;
329 else if (mode == EVP_CIPH_CCM_MODE)
330 nc->tag_len = DEFAULT_CCM_TAG_LEN;
332 nc->cipher_ctx = EVP_CIPHER_CTX_new();
333 if (nc->cipher_ctx == NULL) {
334 ret = YACA_ERROR_INTERNAL;
339 if (mode == EVP_CIPH_WRAP_MODE)
340 EVP_CIPHER_CTX_set_flags(nc->cipher_ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
345 ret = YACA_ERROR_NONE;
352 static int encrypt_ctx_init(struct yaca_encrypt_context_s *c,
353 const EVP_CIPHER *cipher,
359 assert(cipher != NULL);
361 if (key_bit_len / 8 > INT_MAX)
362 return YACA_ERROR_INVALID_PARAMETER;
364 ret = EVP_CipherInit_ex(c->cipher_ctx,
369 is_encryption_op(c->op_type) ? 1 : 0);
371 ret = YACA_ERROR_INTERNAL;
376 /* Handling of algorithms with variable key length */
377 ret = EVP_CIPHER_CTX_set_key_length(c->cipher_ctx, key_bit_len / 8);
379 ret = YACA_ERROR_INVALID_PARAMETER;
384 return YACA_ERROR_NONE;
387 static int encrypt_ctx_setup_iv(struct yaca_encrypt_context_s *c,
388 const EVP_CIPHER *cipher,
389 const struct yaca_key_simple_s *iv)
392 size_t default_iv_bit_len;
395 assert(cipher != NULL);
397 ret = EVP_CIPHER_iv_length(cipher);
399 ret = YACA_ERROR_INTERNAL;
404 default_iv_bit_len = ret * 8;
406 /* 0 -> cipher doesn't use iv, but it was provided */
407 if (default_iv_bit_len == 0 && iv != NULL)
408 return YACA_ERROR_INVALID_PARAMETER;
410 if (default_iv_bit_len != 0) { /* cipher requires iv */
411 /* iv was not provided */
412 if (iv == NULL || iv->key.type != YACA_KEY_TYPE_IV)
413 return YACA_ERROR_INVALID_PARAMETER;
415 if (iv->bit_len / 8 > INT_MAX)
416 return YACA_ERROR_INVALID_PARAMETER;
418 /* IV length doesn't match cipher (GCM & CCM supports variable IV length) */
419 if (default_iv_bit_len != iv->bit_len) {
420 int mode = EVP_CIPHER_CTX_mode(c->cipher_ctx);
422 if (mode == EVP_CIPH_GCM_MODE) {
423 ret = EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_GCM_SET_IVLEN,
424 iv->bit_len / 8, NULL);
425 } else if (mode == EVP_CIPH_CCM_MODE) {
426 ret = EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_CCM_SET_IVLEN,
427 iv->bit_len / 8, NULL);
429 return YACA_ERROR_INVALID_PARAMETER;
433 return YACA_ERROR_INVALID_PARAMETER;
437 return YACA_ERROR_NONE;
440 static int encrypt_ctx_setup(struct yaca_encrypt_context_s *c,
441 const yaca_key_h key,
445 unsigned char *iv_data = NULL;
446 const struct yaca_key_simple_s *lkey;
447 const struct yaca_key_simple_s *liv;
450 assert(key != YACA_KEY_NULL);
452 const EVP_CIPHER *cipher = EVP_CIPHER_CTX_cipher(c->cipher_ctx);
455 return YACA_ERROR_INTERNAL;
457 lkey = key_get_simple(key);
459 return YACA_ERROR_INVALID_PARAMETER;
461 liv = key_get_simple(iv);
463 ret = encrypt_ctx_setup_iv(c, cipher, liv);
464 if (ret != YACA_ERROR_NONE)
467 /* Fix for OpenSSL error in 3DES CFB1 */
468 int nid = EVP_CIPHER_CTX_nid(c->cipher_ctx);
469 if (nid == NID_des_ede3_cfb1)
470 EVP_CIPHER_CTX_set_flags(c->cipher_ctx, EVP_CIPH_FLAG_LENGTH_BITS);
473 iv_data = (unsigned char*)liv->d;
475 ret = EVP_CipherInit_ex(c->cipher_ctx,
478 (unsigned char*)lkey->d,
480 is_encryption_op(c->op_type) ? 1 : 0);
482 ret = YACA_ERROR_INTERNAL;
487 return YACA_ERROR_NONE;
490 static int encrypt_ctx_backup(struct yaca_encrypt_context_s *c,
491 const EVP_CIPHER *cipher,
492 const yaca_key_h sym_key,
496 struct yaca_backup_context_s *bc;
499 assert(cipher != NULL);
500 assert(sym_key != YACA_KEY_NULL);
501 assert(c->backup_ctx == NULL);
503 ret = yaca_zalloc(sizeof(struct yaca_backup_context_s), (void**)&bc);
504 if (ret != YACA_ERROR_NONE)
508 bc->sym_key = key_copy(sym_key);
509 bc->iv = key_copy(iv);
510 bc->padding = YACA_PADDING_PKCS7;
514 return YACA_ERROR_NONE;
517 static int encrypt_ctx_restore(struct yaca_encrypt_context_s *c)
520 struct yaca_key_simple_s *key;
523 assert(c->backup_ctx != NULL);
525 ret = EVP_CIPHER_CTX_cleanup(c->cipher_ctx);
527 ret = YACA_ERROR_INTERNAL;
532 key = key_get_simple(c->backup_ctx->sym_key);
534 return YACA_ERROR_INVALID_PARAMETER;
536 ret = encrypt_ctx_init(c, c->backup_ctx->cipher, key->bit_len);
537 assert(ret != YACA_ERROR_INVALID_PARAMETER);
539 if (c->backup_ctx->padding == YACA_PADDING_NONE &&
540 EVP_CIPHER_CTX_set_padding(c->cipher_ctx, 0) != 1) {
541 ret = YACA_ERROR_INTERNAL;
549 static int encrypt_ctx_set_ccm_tag_len(struct yaca_encrypt_context_s *c, size_t tag_len)
554 assert(c->backup_ctx != NULL);
555 assert(is_encryption_op(c->op_type));
557 if (tag_len == 0 || tag_len > INT_MAX)
558 return YACA_ERROR_INVALID_PARAMETER;
560 ret = encrypt_ctx_restore(c);
561 if (ret != YACA_ERROR_NONE)
564 c->tag_len = tag_len;
565 ret = EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_CCM_SET_TAG, tag_len, NULL);
567 ret = YACA_ERROR_INTERNAL;
572 ret = encrypt_ctx_setup(c, c->backup_ctx->sym_key, c->backup_ctx->iv);
573 assert(ret != YACA_ERROR_INVALID_PARAMETER);
577 static int encrypt_ctx_set_ccm_tag(struct yaca_encrypt_context_s *c, char *tag, size_t tag_len)
582 assert(c->backup_ctx != NULL);
583 assert(!is_encryption_op(c->op_type));
586 if (tag_len == 0 || tag_len > INT_MAX)
587 return YACA_ERROR_INVALID_PARAMETER;
589 ret = encrypt_ctx_restore(c);
590 if (ret != YACA_ERROR_NONE)
593 ret = EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_CCM_SET_TAG, tag_len, tag);
595 ret = YACA_ERROR_INTERNAL;
600 ret = encrypt_ctx_setup(c, c->backup_ctx->sym_key, c->backup_ctx->iv);
601 assert(ret != YACA_ERROR_INVALID_PARAMETER);
605 static int encrypt_ctx_set_rc2_effective_key_bits(struct yaca_encrypt_context_s *c, size_t key_bits)
610 assert(c->backup_ctx != NULL);
612 if (key_bits == 0 || key_bits > 1024)
613 return YACA_ERROR_INVALID_PARAMETER;
615 ret = encrypt_ctx_restore(c);
616 if (ret != YACA_ERROR_NONE)
619 ret = EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
621 ret = YACA_ERROR_INTERNAL;
626 ret = encrypt_ctx_setup(c, c->backup_ctx->sym_key, c->backup_ctx->iv);
627 assert(ret != YACA_ERROR_INVALID_PARAMETER);
631 int set_encrypt_property(yaca_context_h ctx,
632 yaca_property_e property,
636 struct yaca_encrypt_context_s *c = get_encrypt_context(ctx);
638 int ret = YACA_ERROR_NONE;
642 if (c == NULL || value == NULL || value_len == 0)
643 return YACA_ERROR_INVALID_PARAMETER;
644 assert(c->cipher_ctx != NULL);
646 mode = EVP_CIPHER_CTX_mode(c->cipher_ctx);
647 nid = EVP_CIPHER_CTX_nid(c->cipher_ctx);
650 case YACA_PROPERTY_GCM_AAD:
651 if (mode != EVP_CIPH_GCM_MODE)
652 return YACA_ERROR_INVALID_PARAMETER;
654 if (!verify_state_change(c, STATE_AAD_UPDATED))
655 return YACA_ERROR_INVALID_PARAMETER;
657 if (EVP_CipherUpdate(c->cipher_ctx, NULL, &len, value, value_len) != 1) {
658 ERROR_DUMP(YACA_ERROR_INTERNAL);
659 return YACA_ERROR_INTERNAL;
661 c->state = STATE_AAD_UPDATED;
663 case YACA_PROPERTY_CCM_AAD:
664 if (mode != EVP_CIPH_CCM_MODE)
665 return YACA_ERROR_INVALID_PARAMETER;
667 if (!verify_state_change(c, STATE_AAD_UPDATED))
668 return YACA_ERROR_INVALID_PARAMETER;
670 if (EVP_CipherUpdate(c->cipher_ctx, NULL, &len, value, value_len) != 1) {
671 ERROR_DUMP(YACA_ERROR_INTERNAL);
672 return YACA_ERROR_INTERNAL;
674 c->state = STATE_AAD_UPDATED;
676 case YACA_PROPERTY_GCM_TAG:
677 if (mode != EVP_CIPH_GCM_MODE || is_encryption_op(c->op_type) ||
678 value_len == 0 || value_len > INT_MAX)
679 return YACA_ERROR_INVALID_PARAMETER;
681 if (!verify_state_change(c, STATE_TAG_SET))
682 return YACA_ERROR_INVALID_PARAMETER;
684 if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx,
685 EVP_CTRL_GCM_SET_TAG,
687 (void*)value) != 1) {
688 ERROR_DUMP(YACA_ERROR_INTERNAL);
689 return YACA_ERROR_INTERNAL;
691 c->state = STATE_TAG_SET;
693 case YACA_PROPERTY_GCM_TAG_LEN:
694 if (value_len != sizeof(size_t) || mode != EVP_CIPH_GCM_MODE ||
695 !is_encryption_op(c->op_type) ||
696 *(size_t*)value == 0 || *(size_t*)value > INT_MAX)
697 return YACA_ERROR_INVALID_PARAMETER;
699 if (!verify_state_change(c, STATE_TAG_LENGTH_SET))
700 return YACA_ERROR_INVALID_PARAMETER;
702 /* check allowed tag lengths */
704 size_t tag_len = *(size_t*)value;
705 for (size_t i = 0; i < VALID_GCM_TAG_LENGTHS_LENGTH; i++) {
706 if (tag_len == VALID_GCM_TAG_LENGTHS[i]) {
707 c->tag_len = tag_len;
708 c->state = STATE_TAG_LENGTH_SET;
709 return YACA_ERROR_NONE;
712 return YACA_ERROR_INVALID_PARAMETER;
715 case YACA_PROPERTY_CCM_TAG:
716 if (mode != EVP_CIPH_CCM_MODE || is_encryption_op(c->op_type))
717 return YACA_ERROR_INVALID_PARAMETER;
719 if (!verify_state_change(c, STATE_TAG_SET))
720 return YACA_ERROR_INVALID_PARAMETER;
722 ret = encrypt_ctx_set_ccm_tag(c, (char*)value, value_len);
723 if (ret != YACA_ERROR_NONE)
726 c->state = STATE_TAG_SET;
728 case YACA_PROPERTY_CCM_TAG_LEN:
729 if (value_len != sizeof(size_t) || mode != EVP_CIPH_CCM_MODE ||
730 !is_encryption_op(c->op_type))
731 return YACA_ERROR_INVALID_PARAMETER;
733 if (!verify_state_change(c, STATE_TAG_LENGTH_SET))
734 return YACA_ERROR_INVALID_PARAMETER;
736 ret = encrypt_ctx_set_ccm_tag_len(c, *(size_t*)value);
737 if (ret != YACA_ERROR_NONE)
740 c->state = STATE_TAG_LENGTH_SET;
742 case YACA_PROPERTY_PADDING:
743 if ((mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE) ||
744 value_len != sizeof(yaca_padding_e) ||
745 (*(yaca_padding_e*)value != YACA_PADDING_NONE &&
746 *(yaca_padding_e*)value != YACA_PADDING_PKCS7) ||
747 c->state == STATE_FINALIZED)
748 return YACA_ERROR_INVALID_PARAMETER;
750 int padding = *(yaca_padding_e*)value == YACA_PADDING_NONE ? 0 : 1;
751 if (EVP_CIPHER_CTX_set_padding(c->cipher_ctx, padding) != 1) {
752 ERROR_DUMP(YACA_ERROR_INTERNAL);
753 return YACA_ERROR_INTERNAL;
755 if (c->backup_ctx != NULL)
756 c->backup_ctx->padding = padding;
758 case YACA_PROPERTY_RC2_EFFECTIVE_KEY_BITS:
759 if (value_len != sizeof(size_t) ||
760 (nid != NID_rc2_cbc && nid != NID_rc2_ecb && nid != NID_rc2_cfb64 && nid != NID_rc2_ofb64) ||
761 c->state != STATE_INITIALIZED)
762 return YACA_ERROR_INVALID_PARAMETER;
764 ret = encrypt_ctx_set_rc2_effective_key_bits(c, *(size_t*)value);
767 return YACA_ERROR_INVALID_PARAMETER;
773 int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property,
774 void **value, size_t *value_len)
776 struct yaca_encrypt_context_s *c = get_encrypt_context(ctx);
779 if (c == NULL || value == NULL)
780 return YACA_ERROR_INVALID_PARAMETER;
781 assert(c->cipher_ctx != NULL);
783 mode = EVP_CIPHER_CTX_mode(c->cipher_ctx);
786 case YACA_PROPERTY_GCM_TAG:
787 if (value_len == NULL ||
788 !is_encryption_op(c->op_type) ||
789 mode != EVP_CIPH_GCM_MODE ||
790 (c->state != STATE_TAG_LENGTH_SET && c->state != STATE_FINALIZED))
791 return YACA_ERROR_INVALID_PARAMETER;
793 assert(c->tag_len <= INT_MAX);
795 if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx,
796 EVP_CTRL_GCM_GET_TAG,
799 ERROR_DUMP(YACA_ERROR_INTERNAL);
800 return YACA_ERROR_INTERNAL;
802 *value_len = c->tag_len;
804 case YACA_PROPERTY_CCM_TAG:
805 if (value_len == NULL ||
806 !is_encryption_op(c->op_type) ||
807 mode != EVP_CIPH_CCM_MODE ||
808 c->state != STATE_FINALIZED)
809 return YACA_ERROR_INVALID_PARAMETER;
811 assert(c->tag_len <= INT_MAX);
813 if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx,
814 EVP_CTRL_CCM_GET_TAG,
817 ERROR_DUMP(YACA_ERROR_INTERNAL);
818 return YACA_ERROR_INTERNAL;
820 *value_len = c->tag_len;
823 return YACA_ERROR_INVALID_PARAMETER;
827 return YACA_ERROR_NONE;
830 static int check_key_bit_length_for_algo(yaca_encrypt_algorithm_e algo, size_t key_bit_len)
832 assert(key_bit_len % 8 == 0);
833 int ret = YACA_ERROR_NONE;
836 case YACA_ENCRYPT_AES:
837 if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT &&
838 key_bit_len != YACA_KEY_LENGTH_192BIT &&
839 key_bit_len != YACA_KEY_LENGTH_256BIT)
840 ret = YACA_ERROR_INVALID_PARAMETER;
842 case YACA_ENCRYPT_UNSAFE_DES:
843 if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_64BIT)
844 ret = YACA_ERROR_INVALID_PARAMETER;
846 case YACA_ENCRYPT_UNSAFE_3DES_2TDEA:
847 if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT)
848 ret = YACA_ERROR_INVALID_PARAMETER;
850 case YACA_ENCRYPT_3DES_3TDEA:
851 if (key_bit_len != YACA_KEY_LENGTH_192BIT)
852 ret = YACA_ERROR_INVALID_PARAMETER;
854 case YACA_ENCRYPT_UNSAFE_RC2:
855 if (key_bit_len < YACA_KEY_LENGTH_UNSAFE_8BIT || key_bit_len > YACA_KEY_LENGTH_1024BIT)
856 ret = YACA_ERROR_INVALID_PARAMETER;
858 case YACA_ENCRYPT_UNSAFE_RC4:
859 if (key_bit_len < YACA_KEY_LENGTH_UNSAFE_40BIT || key_bit_len > YACA_KEY_LENGTH_2048BIT)
860 ret = YACA_ERROR_INVALID_PARAMETER;
862 case YACA_ENCRYPT_CAST5:
863 if (key_bit_len < YACA_KEY_LENGTH_UNSAFE_40BIT || key_bit_len > YACA_KEY_LENGTH_UNSAFE_128BIT)
864 ret = YACA_ERROR_INVALID_PARAMETER;
867 ret = YACA_ERROR_INVALID_PARAMETER;
874 int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo,
875 yaca_block_cipher_mode_e bcm,
877 const EVP_CIPHER **cipher)
882 assert(cipher != NULL);
884 ret = check_key_bit_length_for_algo(algo, key_bit_len);
885 if (ret != YACA_ERROR_NONE)
889 ret = YACA_ERROR_INVALID_PARAMETER;
891 for (i = 0; i < ENCRYPTION_CIPHERS_SIZE; ++i)
892 if (ENCRYPTION_CIPHERS[i].algo == algo &&
893 ENCRYPTION_CIPHERS[i].bcm == bcm &&
894 (ENCRYPTION_CIPHERS[i].key_bit_len == key_bit_len ||
895 ENCRYPTION_CIPHERS[i].key_bit_len == (size_t)-1)) {
896 *cipher = ENCRYPTION_CIPHERS[i].cipher();
897 ret = YACA_ERROR_NONE;
901 if (ret == YACA_ERROR_NONE && *cipher == NULL) {
902 ret = YACA_ERROR_INTERNAL;
909 int encrypt_initialize(yaca_context_h *ctx,
910 const EVP_CIPHER *cipher,
911 const yaca_key_h sym_key,
913 enum encrypt_op_type_e op_type)
915 struct yaca_encrypt_context_s *nc;
916 struct yaca_key_simple_s *lsym_key;
921 if (ctx == NULL || sym_key == YACA_KEY_NULL)
922 return YACA_ERROR_INVALID_PARAMETER;
924 lsym_key = key_get_simple(sym_key);
925 if (lsym_key == NULL)
926 return YACA_ERROR_INVALID_PARAMETER;
928 if (lsym_key->key.type != YACA_KEY_TYPE_DES &&
929 lsym_key->key.type != YACA_KEY_TYPE_SYMMETRIC)
930 return YACA_ERROR_INVALID_PARAMETER;
932 ret = encrypt_ctx_create(&nc, op_type, cipher);
933 if (ret != YACA_ERROR_NONE)
936 ret = encrypt_ctx_init(nc, cipher, lsym_key->bit_len);
937 if (ret != YACA_ERROR_NONE)
940 ret = encrypt_ctx_setup(nc, sym_key, iv);
941 if (ret != YACA_ERROR_NONE)
944 mode = EVP_CIPHER_CTX_mode(nc->cipher_ctx);
945 nid = EVP_CIPHER_CTX_nid(nc->cipher_ctx);
946 if (mode == EVP_CIPH_CCM_MODE ||
947 nid == NID_rc2_cbc || nid == NID_rc2_ecb || nid == NID_rc2_cfb64 || nid == NID_rc2_ofb64) {
948 ret = encrypt_ctx_backup(nc, cipher, sym_key, iv);
949 if (ret != YACA_ERROR_NONE)
953 nc->state = STATE_INITIALIZED;
955 *ctx = (yaca_context_h)nc;
957 ret = YACA_ERROR_NONE;
960 yaca_context_destroy((yaca_context_h)nc);
965 int encrypt_update(yaca_context_h ctx,
966 const unsigned char *input, size_t input_len,
967 unsigned char *output, size_t *output_len,
968 enum encrypt_op_type_e op_type)
970 struct yaca_encrypt_context_s *c = get_encrypt_context(ctx);
976 if (c == NULL || input_len == 0 || output_len == NULL || op_type != c->op_type)
977 return YACA_ERROR_INVALID_PARAMETER;
979 mode = EVP_CIPHER_CTX_mode(c->cipher_ctx);
980 type = EVP_CIPHER_CTX_type(c->cipher_ctx);
982 enum encrypt_context_state_e target_state;
983 if (output == NULL && input == NULL)
984 target_state = STATE_MSG_LENGTH_UPDATED;
985 else if (output == NULL)
986 target_state = STATE_AAD_UPDATED;
987 else if (input == NULL)
988 return YACA_ERROR_INVALID_PARAMETER;
990 target_state = STATE_MSG_UPDATED;
992 if (!verify_state_change(c, target_state))
993 return YACA_ERROR_INVALID_PARAMETER;
995 if (mode == EVP_CIPH_WRAP_MODE) {
996 if (op_type == OP_ENCRYPT) {
997 if (type == NID_id_aes128_wrap || type == NID_id_aes192_wrap || type == NID_id_aes256_wrap) {
998 if (input_len % 8 != 0 || input_len < (YACA_KEY_LENGTH_UNSAFE_128BIT / 8))
999 return YACA_ERROR_INVALID_PARAMETER;
1000 } else if (type == NID_id_smime_alg_CMS3DESwrap) {
1001 if (input_len != (YACA_KEY_LENGTH_UNSAFE_128BIT / 8) &&
1002 input_len != (YACA_KEY_LENGTH_192BIT / 8))
1003 return YACA_ERROR_INVALID_PARAMETER;
1006 return YACA_ERROR_INTERNAL;
1008 } else if (op_type == OP_DECRYPT) {
1009 if (type == NID_id_aes128_wrap || type == NID_id_aes192_wrap || type == NID_id_aes256_wrap) {
1010 if (input_len % 8 != 0 || input_len < (YACA_KEY_LENGTH_UNSAFE_128BIT / 8 + 8))
1011 return YACA_ERROR_INVALID_PARAMETER;
1012 } else if (type == NID_id_smime_alg_CMS3DESwrap) {
1013 if (input_len != (YACA_KEY_LENGTH_UNSAFE_128BIT / 8 + 16) &&
1014 input_len != (YACA_KEY_LENGTH_192BIT / 8 + 16))
1015 return YACA_ERROR_INVALID_PARAMETER;
1018 return YACA_ERROR_INTERNAL;
1022 return YACA_ERROR_INTERNAL;
1026 /* Fix for OpenSSL error in 3DES CFB1 */
1027 if ((EVP_CIPHER_CTX_flags(c->cipher_ctx) & EVP_CIPH_FLAG_LENGTH_BITS) != 0) {
1028 if (input_len > INT_MAX / 8)
1029 return YACA_ERROR_INVALID_PARAMETER;
1033 ret = EVP_CipherUpdate(c->cipher_ctx, output, &loutput_len, input, input_len);
1034 if (ret != 1 || loutput_len < 0) {
1035 ret = YACA_ERROR_INTERNAL;
1040 *output_len = loutput_len;
1042 c->state = target_state;
1044 /* Fix for OpenSSL error in 3DES CFB1 */
1045 if ((EVP_CIPHER_CTX_flags(c->cipher_ctx) & EVP_CIPH_FLAG_LENGTH_BITS) != 0)
1048 return YACA_ERROR_NONE;
1051 int encrypt_finalize(yaca_context_h ctx,
1052 unsigned char *output, size_t *output_len,
1053 enum encrypt_op_type_e op_type)
1055 struct yaca_encrypt_context_s *c = get_encrypt_context(ctx);
1057 int loutput_len = 0;
1059 if (c == NULL || output == NULL || output_len == NULL || op_type != c->op_type)
1060 return YACA_ERROR_INVALID_PARAMETER;
1062 if (!verify_state_change(c, STATE_FINALIZED))
1063 return YACA_ERROR_INVALID_PARAMETER;
1065 if (EVP_CIPHER_CTX_mode(c->cipher_ctx) != EVP_CIPH_WRAP_MODE) {
1066 ret = EVP_CipherFinal(c->cipher_ctx, output, &loutput_len);
1067 if (ret != 1 || loutput_len < 0)
1068 return ERROR_HANDLE();
1071 *output_len = loutput_len;
1073 /* Fix for OpenSSL error in 3DES CFB1 */
1074 if ((EVP_CIPHER_CTX_flags(c->cipher_ctx) & EVP_CIPH_FLAG_LENGTH_BITS) != 0)
1077 c->state = STATE_FINALIZED;
1078 return YACA_ERROR_NONE;
1081 API int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo,
1082 yaca_block_cipher_mode_e bcm,
1086 const EVP_CIPHER *cipher;
1089 if (iv_bit_len == NULL)
1090 return YACA_ERROR_INVALID_PARAMETER;
1092 ret = encrypt_get_algorithm(algo, bcm, key_bit_len, &cipher);
1093 if (ret != YACA_ERROR_NONE)
1096 ret = EVP_CIPHER_iv_length(cipher);
1098 ERROR_DUMP(YACA_ERROR_INTERNAL);
1099 return YACA_ERROR_INTERNAL;
1102 *iv_bit_len = ret * 8;
1103 return YACA_ERROR_NONE;
1106 API int yaca_encrypt_initialize(yaca_context_h *ctx,
1107 yaca_encrypt_algorithm_e algo,
1108 yaca_block_cipher_mode_e bcm,
1109 const yaca_key_h sym_key,
1110 const yaca_key_h iv)
1113 const EVP_CIPHER *cipher;
1114 struct yaca_key_simple_s *key = key_get_simple(sym_key);
1117 return YACA_ERROR_INVALID_PARAMETER;
1119 ret = encrypt_get_algorithm(algo, bcm, key->bit_len, &cipher);
1120 if (ret != YACA_ERROR_NONE)
1123 return encrypt_initialize(ctx, cipher, sym_key, iv, OP_ENCRYPT);
1126 API int yaca_encrypt_update(yaca_context_h ctx,
1127 const char *plaintext,
1128 size_t plaintext_len,
1130 size_t *ciphertext_len)
1132 return encrypt_update(ctx, (const unsigned char*)plaintext, plaintext_len,
1133 (unsigned char*)ciphertext, ciphertext_len, OP_ENCRYPT);
1136 API int yaca_encrypt_finalize(yaca_context_h ctx,
1138 size_t *ciphertext_len)
1140 return encrypt_finalize(ctx, (unsigned char*)ciphertext, ciphertext_len, OP_ENCRYPT);
1143 API int yaca_decrypt_initialize(yaca_context_h *ctx,
1144 yaca_encrypt_algorithm_e algo,
1145 yaca_block_cipher_mode_e bcm,
1146 const yaca_key_h sym_key,
1147 const yaca_key_h iv)
1150 const EVP_CIPHER *cipher;
1151 struct yaca_key_simple_s *key = key_get_simple(sym_key);
1154 return YACA_ERROR_INVALID_PARAMETER;
1156 ret = encrypt_get_algorithm(algo, bcm, key->bit_len, &cipher);
1157 if (ret != YACA_ERROR_NONE)
1160 return encrypt_initialize(ctx, cipher, sym_key, iv, OP_DECRYPT);
1163 API int yaca_decrypt_update(yaca_context_h ctx,
1164 const char *ciphertext,
1165 size_t ciphertext_len,
1167 size_t *plaintext_len)
1169 return encrypt_update(ctx, (const unsigned char*)ciphertext, ciphertext_len,
1170 (unsigned char*)plaintext, plaintext_len, OP_DECRYPT);
1173 API int yaca_decrypt_finalize(yaca_context_h ctx,
1175 size_t *plaintext_len)
1177 return encrypt_finalize(ctx, (unsigned char*)plaintext, plaintext_len, OP_DECRYPT);
projects / platform / core / security / yaca.git / blob