1 /* $OpenBSD: evp_aead.c,v 1.11 2024/04/09 13:52:41 beck Exp $ */
2 /*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include <limits.h>
19 #include <string.h>
20
21 #include <openssl/evp.h>
22 #include <openssl/err.h>
23
24 #include "evp_local.h"
25
26 size_t
EVP_AEAD_key_length(const EVP_AEAD * aead)27 EVP_AEAD_key_length(const EVP_AEAD *aead)
28 {
29 return aead->key_len;
30 }
31 LCRYPTO_ALIAS(EVP_AEAD_key_length);
32
33 size_t
EVP_AEAD_nonce_length(const EVP_AEAD * aead)34 EVP_AEAD_nonce_length(const EVP_AEAD *aead)
35 {
36 return aead->nonce_len;
37 }
38 LCRYPTO_ALIAS(EVP_AEAD_nonce_length);
39
40 size_t
EVP_AEAD_max_overhead(const EVP_AEAD * aead)41 EVP_AEAD_max_overhead(const EVP_AEAD *aead)
42 {
43 return aead->overhead;
44 }
45 LCRYPTO_ALIAS(EVP_AEAD_max_overhead);
46
47 size_t
EVP_AEAD_max_tag_len(const EVP_AEAD * aead)48 EVP_AEAD_max_tag_len(const EVP_AEAD *aead)
49 {
50 return aead->max_tag_len;
51 }
52 LCRYPTO_ALIAS(EVP_AEAD_max_tag_len);
53
54 int
EVP_AEAD_CTX_init(EVP_AEAD_CTX * ctx,const EVP_AEAD * aead,const unsigned char * key,size_t key_len,size_t tag_len,ENGINE * impl)55 EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
56 const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl)
57 {
58 ctx->aead = aead;
59 if (key_len != aead->key_len) {
60 EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE);
61 return 0;
62 }
63 return aead->init(ctx, key, key_len, tag_len);
64 }
65 LCRYPTO_ALIAS(EVP_AEAD_CTX_init);
66
67 void
EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX * ctx)68 EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx)
69 {
70 if (ctx->aead == NULL)
71 return;
72 ctx->aead->cleanup(ctx);
73 ctx->aead = NULL;
74 }
75 LCRYPTO_ALIAS(EVP_AEAD_CTX_cleanup);
76
77 EVP_AEAD_CTX *
EVP_AEAD_CTX_new(void)78 EVP_AEAD_CTX_new(void)
79 {
80 return calloc(1, sizeof(EVP_AEAD_CTX));
81 }
82 LCRYPTO_ALIAS(EVP_AEAD_CTX_new);
83
84 void
EVP_AEAD_CTX_free(EVP_AEAD_CTX * ctx)85 EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx)
86 {
87 if (ctx == NULL)
88 return;
89
90 EVP_AEAD_CTX_cleanup(ctx);
91 free(ctx);
92 }
93 LCRYPTO_ALIAS(EVP_AEAD_CTX_free);
94
95 /* check_alias returns 0 if out points within the buffer determined by in
96 * and in_len and 1 otherwise.
97 *
98 * When processing, there's only an issue if out points within in[:in_len]
99 * and isn't equal to in. If that's the case then writing the output will
100 * stomp input that hasn't been read yet.
101 *
102 * This function checks for that case. */
103 static int
check_alias(const unsigned char * in,size_t in_len,const unsigned char * out)104 check_alias(const unsigned char *in, size_t in_len, const unsigned char *out)
105 {
106 if (out <= in)
107 return 1;
108 if (in + in_len <= out)
109 return 1;
110 return 0;
111 }
112
113 int
EVP_AEAD_CTX_seal(const EVP_AEAD_CTX * ctx,unsigned char * out,size_t * out_len,size_t max_out_len,const unsigned char * nonce,size_t nonce_len,const unsigned char * in,size_t in_len,const unsigned char * ad,size_t ad_len)114 EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
115 size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
116 const unsigned char *in, size_t in_len, const unsigned char *ad,
117 size_t ad_len)
118 {
119 size_t possible_out_len = in_len + ctx->aead->overhead;
120
121 /* Overflow. */
122 if (possible_out_len < in_len) {
123 EVPerror(EVP_R_TOO_LARGE);
124 goto error;
125 }
126
127 if (!check_alias(in, in_len, out)) {
128 EVPerror(EVP_R_OUTPUT_ALIASES_INPUT);
129 goto error;
130 }
131
132 if (ctx->aead->seal(ctx, out, out_len, max_out_len, nonce, nonce_len,
133 in, in_len, ad, ad_len)) {
134 return 1;
135 }
136
137 error:
138 /* In the event of an error, clear the output buffer so that a caller
139 * that doesn't check the return value doesn't send raw data. */
140 memset(out, 0, max_out_len);
141 *out_len = 0;
142 return 0;
143 }
144 LCRYPTO_ALIAS(EVP_AEAD_CTX_seal);
145
146 int
EVP_AEAD_CTX_open(const EVP_AEAD_CTX * ctx,unsigned char * out,size_t * out_len,size_t max_out_len,const unsigned char * nonce,size_t nonce_len,const unsigned char * in,size_t in_len,const unsigned char * ad,size_t ad_len)147 EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
148 size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
149 const unsigned char *in, size_t in_len, const unsigned char *ad,
150 size_t ad_len)
151 {
152 if (!check_alias(in, in_len, out)) {
153 EVPerror(EVP_R_OUTPUT_ALIASES_INPUT);
154 goto error;
155 }
156
157 if (ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len,
158 in, in_len, ad, ad_len)) {
159 return 1;
160 }
161
162 error:
163 /* In the event of an error, clear the output buffer so that a caller
164 * that doesn't check the return value doesn't try and process bad
165 * data. */
166 memset(out, 0, max_out_len);
167 *out_len = 0;
168 return 0;
169 }
170 LCRYPTO_ALIAS(EVP_AEAD_CTX_open);
171