blob: c51465f1144b932fb6a314ad80c81a38f9298c78 [file] [log] [blame]
Vernon Mauery9e801a22018-10-12 13:20:49 -07001#include "crypt_algo.hpp"
2
3#include "message_parsers.hpp"
4
Tom Josephd08b5232017-01-24 18:15:39 +05305#include <openssl/evp.h>
6#include <openssl/hmac.h>
7#include <openssl/rand.h>
Vernon Mauery9e801a22018-10-12 13:20:49 -07008
Tom Joseph518ecce2017-01-25 14:34:19 +05309#include <algorithm>
Tom Josephd08b5232017-01-24 18:15:39 +053010#include <numeric>
Tom Josephd08b5232017-01-24 18:15:39 +053011
12namespace cipher
13{
14
15namespace crypt
16{
17
Tom Joseph518ecce2017-01-25 14:34:19 +053018constexpr std::array<uint8_t, AlgoAES128::AESCBC128BlockSize - 1>
Vernon Mauery9e801a22018-10-12 13:20:49 -070019 AlgoAES128::confPadBytes;
Tom Joseph518ecce2017-01-25 14:34:19 +053020
Vernon Mauery9e801a22018-10-12 13:20:49 -070021std::vector<uint8_t>
22 AlgoAES128::decryptPayload(const std::vector<uint8_t>& packet,
23 const size_t sessHeaderLen,
24 const size_t payloadLen) const
Tom Joseph518ecce2017-01-25 14:34:19 +053025{
Zhikui Ren2b1edef2020-07-24 14:32:13 -070026 // verify packet size minimal: sessHeaderLen + payloadLen
27 // and payloadLen is more than AESCBC128ConfHeader
28 if (packet.size() < (sessHeaderLen + payloadLen) ||
29 payloadLen < AESCBC128ConfHeader)
30 {
31 throw std::runtime_error("Invalid data length");
32 }
33
Vernon Mauery9e801a22018-10-12 13:20:49 -070034 auto plainPayload =
35 decryptData(packet.data() + sessHeaderLen,
36 packet.data() + sessHeaderLen + AESCBC128ConfHeader,
37 payloadLen - AESCBC128ConfHeader);
Tom Joseph518ecce2017-01-25 14:34:19 +053038
39 /*
40 * The confidentiality pad length is the last byte in the payload, it would
41 * tell the number of pad bytes in the payload. We added a condition, so
Gunnar Mills62ec6222018-04-08 16:28:23 -050042 * that buffer overrun doesn't happen.
Tom Joseph518ecce2017-01-25 14:34:19 +053043 */
44 size_t confPadLength = plainPayload.back();
Vernon Mauery9e801a22018-10-12 13:20:49 -070045 auto padLength = std::min(plainPayload.size() - 1, confPadLength);
Tom Joseph518ecce2017-01-25 14:34:19 +053046
47 auto plainPayloadLen = plainPayload.size() - padLength - 1;
48
49 // Additional check if the confidentiality pad bytes are as expected
Vernon Mauery9e801a22018-10-12 13:20:49 -070050 if (!std::equal(plainPayload.begin() + plainPayloadLen,
51 plainPayload.begin() + plainPayloadLen + padLength,
52 confPadBytes.begin()))
Tom Joseph518ecce2017-01-25 14:34:19 +053053 {
54 throw std::runtime_error("Confidentiality pad bytes check failed");
55 }
56
57 plainPayload.resize(plainPayloadLen);
58
59 return plainPayload;
60}
61
Vernon Mauery9e801a22018-10-12 13:20:49 -070062std::vector<uint8_t>
63 AlgoAES128::encryptPayload(std::vector<uint8_t>& payload) const
Tom Joseph518ecce2017-01-25 14:34:19 +053064{
65 auto payloadLen = payload.size();
66
67 /*
68 * The following logic calculates the number of padding bytes to be added to
69 * the payload data. This would ensure that the length is a multiple of the
70 * block size of algorithm being used. For the AES algorithm, the block size
71 * is 16 bytes.
72 */
73 auto paddingLen = AESCBC128BlockSize - ((payloadLen + 1) & 0xF);
74
75 /*
76 * The additional field is for the Confidentiality Pad Length field. For the
77 * AES algorithm, this number will range from 0 to 15 bytes. This field is
78 * mandatory.
79 */
80 payload.resize(payloadLen + paddingLen + 1);
81
82 /*
83 * If no Confidentiality Pad bytes are required, the Confidentiality Pad
84 * Length field is set to 00h. If present, the value of the first byte of
85 * Confidentiality Pad shall be one (01h) and all subsequent bytes shall
86 * have a monotonically increasing value (e.g., 02h, 03h, 04h, etc).
87 */
88 if (0 != paddingLen)
89 {
90 std::iota(payload.begin() + payloadLen,
Vernon Mauery9e801a22018-10-12 13:20:49 -070091 payload.begin() + payloadLen + paddingLen, 1);
Tom Joseph518ecce2017-01-25 14:34:19 +053092 }
93
94 payload.back() = paddingLen;
95
96 return encryptData(payload.data(), payload.size());
97}
98
Vernon Mauery70fd29c2017-11-30 13:11:43 -080099std::vector<uint8_t> AlgoAES128::decryptData(const uint8_t* iv,
Vernon Mauery9e801a22018-10-12 13:20:49 -0700100 const uint8_t* input,
101 const int inputLen) const
Tom Joseph518ecce2017-01-25 14:34:19 +0530102{
Tom Joseph518ecce2017-01-25 14:34:19 +0530103 // Initializes Cipher context
Adriana Kobylak584fa882018-09-06 15:52:05 -0500104 EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
Tom Joseph518ecce2017-01-25 14:34:19 +0530105
Vernon Mauery9e801a22018-10-12 13:20:49 -0700106 auto cleanupFunc = [](EVP_CIPHER_CTX* ctx) { EVP_CIPHER_CTX_free(ctx); };
Tom Josephf6c97e12017-08-03 00:23:57 +0530107
Vernon Mauery9e801a22018-10-12 13:20:49 -0700108 std::unique_ptr<EVP_CIPHER_CTX, decltype(cleanupFunc)> ctxPtr(ctx,
109 cleanupFunc);
Tom Josephf6c97e12017-08-03 00:23:57 +0530110
Tom Joseph518ecce2017-01-25 14:34:19 +0530111 /*
112 * EVP_DecryptInit_ex sets up cipher context ctx for encryption with type
113 * AES-CBC-128. ctx must be initialized before calling this function. K2 is
114 * the symmetric key used and iv is the initialization vector used.
115 */
Tom Josephf6c97e12017-08-03 00:23:57 +0530116 if (!EVP_DecryptInit_ex(ctxPtr.get(), EVP_aes_128_cbc(), NULL, k2.data(),
117 iv))
Tom Joseph518ecce2017-01-25 14:34:19 +0530118 {
Tom Joseph518ecce2017-01-25 14:34:19 +0530119 throw std::runtime_error("EVP_DecryptInit_ex failed for type "
120 "AES-CBC-128");
121 }
122
123 /*
124 * EVP_CIPHER_CTX_set_padding() enables or disables padding. If the pad
125 * parameter is zero then no padding is performed. This function always
126 * returns 1.
127 */
Tom Josephf6c97e12017-08-03 00:23:57 +0530128 EVP_CIPHER_CTX_set_padding(ctxPtr.get(), 0);
Tom Joseph518ecce2017-01-25 14:34:19 +0530129
Vernon Mauery70fd29c2017-11-30 13:11:43 -0800130 std::vector<uint8_t> output(inputLen + AESCBC128BlockSize);
Tom Joseph518ecce2017-01-25 14:34:19 +0530131
132 int outputLen = 0;
133
134 /*
135 * If padding is disabled then EVP_DecryptFinal_ex() will not encrypt any
136 * more data and it will return an error if any data remains in a partial
137 * block: that is if the total data length is not a multiple of the block
138 * size. Since AES-CBC-128 encrypted payload format adds padding bytes and
139 * ensures that payload is a multiple of block size, we are not making the
140 * call to EVP_DecryptFinal_ex().
141 */
Tom Josephf6c97e12017-08-03 00:23:57 +0530142 if (!EVP_DecryptUpdate(ctxPtr.get(), output.data(), &outputLen, input,
143 inputLen))
Tom Joseph518ecce2017-01-25 14:34:19 +0530144 {
Tom Joseph518ecce2017-01-25 14:34:19 +0530145 throw std::runtime_error("EVP_DecryptUpdate failed");
146 }
147
148 output.resize(outputLen);
Tom Joseph518ecce2017-01-25 14:34:19 +0530149
150 return output;
151}
152
Vernon Mauery70fd29c2017-11-30 13:11:43 -0800153std::vector<uint8_t> AlgoAES128::encryptData(const uint8_t* input,
Vernon Mauery9e801a22018-10-12 13:20:49 -0700154 const int inputLen) const
Tom Joseph518ecce2017-01-25 14:34:19 +0530155{
Vernon Mauery70fd29c2017-11-30 13:11:43 -0800156 std::vector<uint8_t> output(inputLen + AESCBC128BlockSize);
Tom Joseph518ecce2017-01-25 14:34:19 +0530157
158 // Generate the initialization vector
159 if (!RAND_bytes(output.data(), AESCBC128ConfHeader))
160 {
161 throw std::runtime_error("RAND_bytes failed");
162 }
163
Tom Joseph518ecce2017-01-25 14:34:19 +0530164 // Initializes Cipher context
Adriana Kobylak584fa882018-09-06 15:52:05 -0500165 EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
Tom Joseph518ecce2017-01-25 14:34:19 +0530166
Vernon Mauery9e801a22018-10-12 13:20:49 -0700167 auto cleanupFunc = [](EVP_CIPHER_CTX* ctx) { EVP_CIPHER_CTX_free(ctx); };
Tom Josephf6c97e12017-08-03 00:23:57 +0530168
Vernon Mauery9e801a22018-10-12 13:20:49 -0700169 std::unique_ptr<EVP_CIPHER_CTX, decltype(cleanupFunc)> ctxPtr(ctx,
170 cleanupFunc);
Tom Josephf6c97e12017-08-03 00:23:57 +0530171
Tom Joseph518ecce2017-01-25 14:34:19 +0530172 /*
173 * EVP_EncryptInit_ex sets up cipher context ctx for encryption with type
174 * AES-CBC-128. ctx must be initialized before calling this function. K2 is
175 * the symmetric key used and iv is the initialization vector used.
176 */
Tom Josephf6c97e12017-08-03 00:23:57 +0530177 if (!EVP_EncryptInit_ex(ctxPtr.get(), EVP_aes_128_cbc(), NULL, k2.data(),
Tom Joseph518ecce2017-01-25 14:34:19 +0530178 output.data()))
179 {
Tom Joseph518ecce2017-01-25 14:34:19 +0530180 throw std::runtime_error("EVP_EncryptInit_ex failed for type "
181 "AES-CBC-128");
182 }
183
184 /*
185 * EVP_CIPHER_CTX_set_padding() enables or disables padding. If the pad
186 * parameter is zero then no padding is performed. This function always
187 * returns 1.
188 */
Tom Josephf6c97e12017-08-03 00:23:57 +0530189 EVP_CIPHER_CTX_set_padding(ctxPtr.get(), 0);
Tom Joseph518ecce2017-01-25 14:34:19 +0530190
191 int outputLen = 0;
192
193 /*
194 * If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any
195 * more data and it will return an error if any data remains in a partial
196 * block: that is if the total data length is not a multiple of the block
197 * size. Since we are adding padding bytes and ensures that payload is a
198 * multiple of block size, we are not making the call to
199 * EVP_DecryptFinal_ex()
200 */
Vernon Mauery9e801a22018-10-12 13:20:49 -0700201 if (!EVP_EncryptUpdate(ctxPtr.get(), output.data() + AESCBC128ConfHeader,
202 &outputLen, input, inputLen))
Tom Joseph518ecce2017-01-25 14:34:19 +0530203 {
Tom Joseph518ecce2017-01-25 14:34:19 +0530204 throw std::runtime_error("EVP_EncryptUpdate failed for type "
205 "AES-CBC-128");
206 }
207
208 output.resize(AESCBC128ConfHeader + outputLen);
Tom Joseph518ecce2017-01-25 14:34:19 +0530209
210 return output;
211}
212
Vernon Mauery9e801a22018-10-12 13:20:49 -0700213} // namespace crypt
Tom Josephd08b5232017-01-24 18:15:39 +0530214
Vernon Mauery9e801a22018-10-12 13:20:49 -0700215} // namespace cipher