Branch data Line data Source code
1 : : /*
2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 : : *
4 : : * Licensed under the Apache License, Version 2.0 (the "License").
5 : : * You may not use this file except in compliance with the License.
6 : : * A copy of the License is located at
7 : : *
8 : : * http://aws.amazon.com/apache2.0
9 : : *
10 : : * or in the "license" file accompanying this file. This file is distributed
11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 : : * express or implied. See the License for the specific language governing
13 : : * permissions and limitations under the License.
14 : : */
15 : :
16 : : #include <openssl/rc4.h>
17 : :
18 : : #include "crypto/s2n_cipher.h"
19 : : #include "crypto/s2n_fips.h"
20 : : #include "crypto/s2n_openssl.h"
21 : : #include "utils/s2n_blob.h"
22 : : #include "utils/s2n_safety.h"
23 : :
24 : : static const EVP_CIPHER *s2n_evp_rc4()
25 : 2 : {
26 : 2 : #ifdef S2N_LIBCRYPTO_SUPPORTS_EVP_RC4
27 : 2 : return EVP_rc4();
28 : : #else
29 : : return NULL;
30 : : #endif
31 : 2 : }
32 : :
33 : : static bool s2n_stream_cipher_rc4_available(void)
34 : 3275 : {
35 : : /* RC4 MIGHT be available in Openssl-3.0, depending on whether or not the
36 : : * "legacy" provider is loaded. However, for simplicity, assume that RC4
37 : : * is unavailable.
38 : : */
39 : 3275 : if (S2N_OPENSSL_VERSION_AT_LEAST(3, 0, 0)) {
40 : 3275 : return false;
41 : 3275 : }
42 [ # # ]: 0 : return (s2n_evp_rc4() ? true : false);
43 : 3275 : }
44 : :
45 : : static int s2n_stream_cipher_rc4_encrypt(struct s2n_session_key *key, struct s2n_blob *in, struct s2n_blob *out)
46 : 0 : {
47 [ # # ][ # # ]: 0 : POSIX_ENSURE_GTE(out->size, in->size);
48 : :
49 : : /* len is set by EVP_EncryptUpdate and checked post operation */
50 : 0 : int len = 0;
51 [ # # ][ # # ]: 0 : POSIX_GUARD_OSSL(EVP_EncryptUpdate(key->evp_cipher_ctx, out->data, &len, in->data, in->size), S2N_ERR_ENCRYPT);
52 : :
53 [ # # ][ # # ]: 0 : POSIX_ENSURE((int64_t) len == (int64_t) in->size, S2N_ERR_DECRYPT);
54 : :
55 : 0 : return 0;
56 : 0 : }
57 : :
58 : : static int s2n_stream_cipher_rc4_decrypt(struct s2n_session_key *key, struct s2n_blob *in, struct s2n_blob *out)
59 : 0 : {
60 [ # # ][ # # ]: 0 : POSIX_ENSURE_GTE(out->size, in->size);
61 : :
62 : : /* len is set by EVP_DecryptUpdate and checked post operation */
63 : 0 : int len = 0;
64 [ # # ][ # # ]: 0 : POSIX_GUARD_OSSL(EVP_DecryptUpdate(key->evp_cipher_ctx, out->data, &len, in->data, in->size), S2N_ERR_DECRYPT);
65 : :
66 [ # # ][ # # ]: 0 : POSIX_ENSURE((int64_t) len == (int64_t) in->size, S2N_ERR_DECRYPT);
67 : :
68 : 0 : return 0;
69 : 0 : }
70 : :
71 : : static S2N_RESULT s2n_stream_cipher_rc4_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in)
72 : 1 : {
73 [ - + ][ # # ]: 1 : RESULT_ENSURE_EQ(in->size, 16);
74 [ + - ][ + - ]: 1 : RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, s2n_evp_rc4(), NULL, in->data, NULL), S2N_ERR_KEY_INIT);
75 : :
76 : 0 : return S2N_RESULT_OK;
77 : 1 : }
78 : :
79 : : static S2N_RESULT s2n_stream_cipher_rc4_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in)
80 : 1 : {
81 [ - + ][ # # ]: 1 : RESULT_ENSURE_EQ(in->size, 16);
82 [ + - ][ + - ]: 1 : RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, s2n_evp_rc4(), NULL, in->data, NULL), S2N_ERR_KEY_INIT);
83 : :
84 : 0 : return S2N_RESULT_OK;
85 : 1 : }
86 : :
87 : : static S2N_RESULT s2n_stream_cipher_rc4_init(struct s2n_session_key *key)
88 : 2 : {
89 [ # # ][ - + ]: 2 : RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);
90 : :
91 : 2 : return S2N_RESULT_OK;
92 : 2 : }
93 : :
94 : : static S2N_RESULT s2n_stream_cipher_rc4_destroy_key(struct s2n_session_key *key)
95 : 0 : {
96 : 0 : EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);
97 : :
98 : 0 : return S2N_RESULT_OK;
99 : 0 : }
100 : :
101 : : const struct s2n_cipher s2n_rc4 = {
102 : : .type = S2N_STREAM,
103 : : .key_material_size = 16,
104 : : .io.stream = {
105 : : .decrypt = s2n_stream_cipher_rc4_decrypt,
106 : : .encrypt = s2n_stream_cipher_rc4_encrypt },
107 : : .is_available = s2n_stream_cipher_rc4_available,
108 : : .init = s2n_stream_cipher_rc4_init,
109 : : .set_decryption_key = s2n_stream_cipher_rc4_set_decryption_key,
110 : : .set_encryption_key = s2n_stream_cipher_rc4_set_encryption_key,
111 : : .destroy_key = s2n_stream_cipher_rc4_destroy_key,
112 : : };
|
