Branch data Line data Source code
1 : : /*
2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 : : *
4 : : * Licensed under the Apache License, Version 2.0 (the "License").
5 : : * You may not use this file except in compliance with the License.
6 : : * A copy of the License is located at
7 : : *
8 : : * http://aws.amazon.com/apache2.0
9 : : *
10 : : * or in the "license" file accompanying this file. This file is distributed
11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 : : * express or implied. See the License for the specific language governing
13 : : * permissions and limitations under the License.
14 : : */
15 : :
16 : : #include <openssl/evp.h>
17 : :
18 : : #include "crypto/s2n_cipher.h"
19 : : #include "crypto/s2n_openssl.h"
20 : : #include "error/s2n_errno.h"
21 : : #include "utils/s2n_blob.h"
22 : : #include "utils/s2n_safety.h"
23 : :
24 : : static bool s2n_cbc_cipher_3des_available(void)
25 : 3276 : {
26 [ + - ]: 3276 : return (EVP_des_ede3_cbc() ? true : false);
27 : 3276 : }
28 : :
29 : : static int s2n_cbc_cipher_3des_encrypt(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out)
30 : 8712 : {
31 [ # # ][ - + ]: 8712 : POSIX_ENSURE_GTE(out->size, in->size);
32 : :
33 [ - + ][ # # ]: 8712 : POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, NULL, NULL, NULL, iv->data), S2N_ERR_KEY_INIT);
34 : :
35 : : /* len is set by EVP_EncryptUpdate and checked post operation */
36 : 8712 : int len = 0;
37 [ # # ][ - + ]: 8712 : POSIX_GUARD_OSSL(EVP_EncryptUpdate(key->evp_cipher_ctx, out->data, &len, in->data, in->size), S2N_ERR_ENCRYPT);
38 [ - + ][ # # ]: 8712 : POSIX_ENSURE((int64_t) len == (int64_t) in->size, S2N_ERR_ENCRYPT);
39 : :
40 : 8712 : return 0;
41 : 8712 : }
42 : :
43 : : static int s2n_cbc_cipher_3des_decrypt(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out)
44 : 8711 : {
45 [ - + ][ # # ]: 8711 : POSIX_ENSURE_GTE(out->size, in->size);
46 : :
47 [ # # ][ - + ]: 8711 : POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, NULL, NULL, NULL, iv->data), S2N_ERR_KEY_INIT);
48 : :
49 : : /* len is set by EVP_DecryptUpdate. It is not checked here but padding is manually removed and therefore
50 : : * the decryption operation is validated. */
51 : 8711 : int len = 0;
52 [ - + ][ # # ]: 8711 : POSIX_GUARD_OSSL(EVP_DecryptUpdate(key->evp_cipher_ctx, out->data, &len, in->data, in->size), S2N_ERR_DECRYPT);
53 : :
54 : 8711 : return 0;
55 : 8711 : }
56 : :
57 : : static S2N_RESULT s2n_cbc_cipher_3des_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in)
58 : 194 : {
59 [ - + ][ # # ]: 194 : RESULT_ENSURE_EQ(in->size, 192 / 8);
60 : :
61 : 194 : EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0);
62 [ - + ][ # # ]: 194 : RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_des_ede3_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT);
63 : :
64 : 194 : return S2N_RESULT_OK;
65 : 194 : }
66 : :
67 : : static S2N_RESULT s2n_cbc_cipher_3des_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in)
68 : 194 : {
69 [ # # ][ - + ]: 194 : RESULT_ENSURE_EQ(in->size, 192 / 8);
70 : :
71 : 194 : EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0);
72 [ - + ][ # # ]: 194 : RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_des_ede3_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT);
73 : :
74 : 194 : return S2N_RESULT_OK;
75 : 194 : }
76 : :
77 : : static S2N_RESULT s2n_cbc_cipher_3des_init(struct s2n_session_key *key)
78 : 388 : {
79 [ - + ][ # # ]: 388 : RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);
80 : :
81 : 388 : return S2N_RESULT_OK;
82 : 388 : }
83 : :
84 : : static S2N_RESULT s2n_cbc_cipher_3des_destroy_key(struct s2n_session_key *key)
85 : 22 : {
86 : 22 : EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);
87 : :
88 : 22 : return S2N_RESULT_OK;
89 : 22 : }
90 : :
91 : : const struct s2n_cipher s2n_3des = {
92 : : .key_material_size = 24,
93 : : .type = S2N_CBC,
94 : : .io.cbc = {
95 : : .block_size = 8,
96 : : .record_iv_size = 8,
97 : : .decrypt = s2n_cbc_cipher_3des_decrypt,
98 : : .encrypt = s2n_cbc_cipher_3des_encrypt },
99 : : .is_available = s2n_cbc_cipher_3des_available,
100 : : .init = s2n_cbc_cipher_3des_init,
101 : : .set_decryption_key = s2n_cbc_cipher_3des_set_decryption_key,
102 : : .set_encryption_key = s2n_cbc_cipher_3des_set_encryption_key,
103 : : .destroy_key = s2n_cbc_cipher_3des_destroy_key,
104 : : };
|
