1 // Copyright 2021 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 #include "tink/internal/aes_util.h"
17
18 #include <cstdint>
19 #include <string>
20 #include <vector>
21
22 #include "absl/status/status.h"
23 #include "absl/strings/str_cat.h"
24 #include "absl/strings/string_view.h"
25 #include "absl/types/span.h"
26 #include "openssl/aes.h"
27 #include "openssl/evp.h"
28 #include "tink/util/statusor.h"
29 #ifndef OPENSSL_IS_BORINGSSL
30 // This is needed to use block128_f, which is necessary when OpenSSL is used.
31 #include "openssl/modes.h"
32 #endif
33 #include "tink/internal/util.h"
34 #include "tink/util/secret_data.h"
35 #include "tink/util/status.h"
36
37 namespace crypto {
38 namespace tink {
39 namespace internal {
40
AesCtr128Crypt(absl::string_view data,uint8_t iv[AesBlockSize ()],const AES_KEY * key,absl::Span<char> out)41 util::Status AesCtr128Crypt(absl::string_view data, uint8_t iv[AesBlockSize()],
42 const AES_KEY* key, absl::Span<char> out) {
43 if (out.size() < data.size()) {
44 return util::Status(
45 absl::StatusCode::kInvalidArgument,
46 absl::StrCat("Invalid size for output buffer; expected at least ",
47 data.size(), " got ", out.size()));
48 }
49
50 // Only full overlap or no overlap is allowed.
51 if (!BuffersAreIdentical(data, absl::string_view(out.data(), out.size())) &&
52 BuffersOverlap(data, absl::string_view(out.data(), out.size()))) {
53 return util::Status(absl::StatusCode::kInvalidArgument,
54 "Buffers must not partially overlap");
55 }
56
57 unsigned int num = 0;
58 std::vector<uint8_t> ecount_buf(AesBlockSize(), 0);
59 // OpenSSL >= v1.1.0 public APIs no longer exposes an AES_ctr128_encrypt
60 // function; as an alternative we use CRYPTO_ctr128_encrypt when OpenSSL is
61 // used as a backend. The latter is not part of the public API of BoringSSL,
62 // so we must selectively compile using either of them.
63 #ifdef OPENSSL_IS_BORINGSSL
64 AES_ctr128_encrypt(reinterpret_cast<const uint8_t*>(data.data()),
65 reinterpret_cast<uint8_t*>(out.data()), data.size(), key,
66 iv, ecount_buf.data(), &num);
67 #else
68 CRYPTO_ctr128_encrypt(reinterpret_cast<const uint8_t*>(data.data()),
69 reinterpret_cast<uint8_t*>(out.data()), data.size(),
70 key, iv, ecount_buf.data(), &num,
71 reinterpret_cast<block128_f>(AES_encrypt));
72 #endif
73 return util::OkStatus();
74 }
75
GetAesCtrCipherForKeySize(uint32_t key_size_in_bytes)76 util::StatusOr<const EVP_CIPHER*> GetAesCtrCipherForKeySize(
77 uint32_t key_size_in_bytes) {
78 switch (key_size_in_bytes) {
79 case 16:
80 return EVP_aes_128_ctr();
81 case 32:
82 return EVP_aes_256_ctr();
83 default:
84 return util::Status(absl::StatusCode::kInvalidArgument,
85 absl::StrCat("Invalid key size ", key_size_in_bytes));
86 }
87 }
88
GetAesCbcCipherForKeySize(uint32_t key_size_in_bytes)89 util::StatusOr<const EVP_CIPHER*> GetAesCbcCipherForKeySize(
90 uint32_t key_size_in_bytes) {
91 switch (key_size_in_bytes) {
92 case 16:
93 return EVP_aes_128_cbc();
94 case 32:
95 return EVP_aes_256_cbc();
96 }
97 return util::Status(absl::StatusCode::kInvalidArgument,
98 absl::StrCat("Invalid key size ", key_size_in_bytes));
99 }
100
101 } // namespace internal
102 } // namespace tink
103 } // namespace crypto
104