/* * %CopyrightBegin% * * Copyright Ericsson AB 2010-2018. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * %CopyrightEnd% */ #include "aes.h" #include "cipher.h" ERL_NIF_TERM aes_cfb_8_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Key, IVec, Data, IsEncrypt) */ ErlNifBinary key, ivec, text; AES_KEY aes_key; unsigned char ivec_clone[16]; /* writable copy */ int new_ivlen = 0; ERL_NIF_TERM ret; unsigned char *outp; CHECK_NO_FIPS_MODE(); ASSERT(argc == 4); if (!enif_inspect_iolist_as_binary(env, argv[0], &key)) goto bad_arg; if (key.size != 16 && key.size != 24 && key.size != 32) goto bad_arg; if (!enif_inspect_binary(env, argv[1], &ivec)) goto bad_arg; if (ivec.size != 16) goto bad_arg; if (!enif_inspect_iolist_as_binary(env, argv[2], &text)) goto bad_arg; memcpy(ivec_clone, ivec.data, 16); /* NOTE: This function returns 0 on success unlike most OpenSSL functions */ if (AES_set_encrypt_key(key.data, (int)key.size * 8, &aes_key) != 0) goto err; if ((outp = enif_make_new_binary(env, text.size, &ret)) == NULL) goto err; AES_cfb8_encrypt((unsigned char *) text.data, outp, text.size, &aes_key, ivec_clone, &new_ivlen, (argv[3] == atom_true)); CONSUME_REDS(env,text); return ret; bad_arg: err: return enif_make_badarg(env); } ERL_NIF_TERM aes_cfb_128_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Key, IVec, Data, IsEncrypt) */ ErlNifBinary key, ivec, text; AES_KEY aes_key; unsigned char ivec_clone[16]; /* writable copy */ int new_ivlen = 0; ERL_NIF_TERM ret; unsigned char *outp; ASSERT(argc == 4); if (!enif_inspect_iolist_as_binary(env, argv[0], &key)) goto bad_arg; if (key.size != 16 && key.size != 24 && key.size != 32) goto bad_arg; if (!enif_inspect_binary(env, argv[1], &ivec)) goto bad_arg; if (ivec.size != 16) goto bad_arg; if (!enif_inspect_iolist_as_binary(env, argv[2], &text)) goto bad_arg; memcpy(ivec_clone, ivec.data, 16); /* NOTE: This function returns 0 on success unlike most OpenSSL functions */ if (AES_set_encrypt_key(key.data, (int)key.size * 8, &aes_key) != 0) goto err; if ((outp = enif_make_new_binary(env, text.size, &ret)) == NULL) goto err; AES_cfb128_encrypt((unsigned char *) text.data, outp, text.size, &aes_key, ivec_clone, &new_ivlen, (argv[3] == atom_true)); CONSUME_REDS(env,text); return ret; bad_arg: err: return enif_make_badarg(env); } ERL_NIF_TERM aes_ige_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Key, IVec, Data, IsEncrypt) */ #ifdef HAVE_AES_IGE ErlNifBinary key_bin, ivec_bin, data_bin; AES_KEY aes_key; unsigned char ivec[32]; int type; unsigned char* ret_ptr; ERL_NIF_TERM ret; CHECK_NO_FIPS_MODE(); ASSERT(argc == 4); if (!enif_inspect_iolist_as_binary(env, argv[0], &key_bin)) goto bad_arg; if (key_bin.size != 16 && key_bin.size != 32) goto bad_arg; if (!enif_inspect_binary(env, argv[1], &ivec_bin)) goto bad_arg; if (ivec_bin.size != 32) goto bad_arg; if (!enif_inspect_iolist_as_binary(env, argv[2], &data_bin)) goto bad_arg; if (data_bin.size % 16 != 0) goto bad_arg; if (argv[3] == atom_true) { type = AES_ENCRYPT; /* NOTE: This function returns 0 on success unlike most OpenSSL functions */ if (AES_set_encrypt_key(key_bin.data, (int)key_bin.size * 8, &aes_key) != 0) goto err; } else { type = AES_DECRYPT; /* NOTE: This function returns 0 on success unlike most OpenSSL functions */ if (AES_set_decrypt_key(key_bin.data, (int)key_bin.size * 8, &aes_key) != 0) goto err; } if ((ret_ptr = enif_make_new_binary(env, data_bin.size, &ret)) == NULL) goto err; memcpy(ivec, ivec_bin.data, 32); /* writable copy */ AES_ige_encrypt(data_bin.data, ret_ptr, data_bin.size, &aes_key, ivec, type); CONSUME_REDS(env,data_bin); return ret; bad_arg: err: return enif_make_badarg(env); #else return atom_notsup; #endif } #if !defined(HAVE_EVP_AES_CTR) ERL_NIF_TERM aes_ctr_stream_encrypt_compat(ErlNifEnv* env, const ERL_NIF_TERM state_arg, const ERL_NIF_TERM data_arg) {/* ({Key, IVec, ECount, Num}, Data) */ ErlNifBinary key_bin, ivec_bin, text_bin, ecount_bin; AES_KEY aes_key; unsigned int num; ERL_NIF_TERM ret, num2_term, cipher_term, ivec2_term, ecount2_term, new_state_term; int state_arity; const ERL_NIF_TERM *state_term; unsigned char * ivec2_buf; unsigned char * ecount2_buf; unsigned char *outp; if (!enif_get_tuple(env, state_arg, &state_arity, &state_term)) goto bad_arg; if (state_arity != 4) goto bad_arg; if (!enif_inspect_iolist_as_binary(env, state_term[0], &key_bin)) goto bad_arg; if (key_bin.size > INT_MAX / 8) goto bad_arg; if (!enif_inspect_binary(env, state_term[1], &ivec_bin)) goto bad_arg; if (ivec_bin.size != 16) goto bad_arg; if (!enif_inspect_binary(env, state_term[2], &ecount_bin)) goto bad_arg; if (ecount_bin.size != AES_BLOCK_SIZE) goto bad_arg; if (!enif_get_uint(env, state_term[3], &num)) goto bad_arg; if (!enif_inspect_iolist_as_binary(env, data_arg, &text_bin)) goto bad_arg; /* NOTE: This function returns 0 on success unlike most OpenSSL functions */ if (AES_set_encrypt_key(key_bin.data, (int)key_bin.size * 8, &aes_key) != 0) goto bad_arg; if ((ivec2_buf = enif_make_new_binary(env, ivec_bin.size, &ivec2_term)) == NULL) goto err; if ((ecount2_buf = enif_make_new_binary(env, ecount_bin.size, &ecount2_term)) == NULL) goto err; memcpy(ivec2_buf, ivec_bin.data, 16); memcpy(ecount2_buf, ecount_bin.data, ecount_bin.size); if ((outp = enif_make_new_binary(env, text_bin.size, &cipher_term)) == NULL) goto err; AES_ctr128_encrypt((unsigned char *) text_bin.data, outp, text_bin.size, &aes_key, ivec2_buf, ecount2_buf, &num); num2_term = enif_make_uint(env, num); new_state_term = enif_make_tuple4(env, state_term[0], ivec2_term, ecount2_term, num2_term); ret = enif_make_tuple2(env, new_state_term, cipher_term); CONSUME_REDS(env,text_bin); return ret; bad_arg: err: return enif_make_badarg(env); } #endif /* !HAVE_EVP_AES_CTR */ #ifdef HAVE_GCM_EVP_DECRYPT_BUG ERL_NIF_TERM aes_gcm_decrypt_NO_EVP(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Type,Key,Iv,AAD,In,Tag) */ GCM128_CONTEXT *ctx = NULL; ErlNifBinary key, iv, aad, in, tag; AES_KEY aes_key; unsigned char *outp; ERL_NIF_TERM out, ret; ASSERT(argc == 6); if (!enif_inspect_iolist_as_binary(env, argv[1], &key)) goto bad_arg; if (key.size > INT_MAX / 8) goto bad_arg; if (!enif_inspect_binary(env, argv[2], &iv)) goto bad_arg; if (iv.size == 0) goto bad_arg; if (!enif_inspect_iolist_as_binary(env, argv[3], &aad)) goto bad_arg; if (!enif_inspect_iolist_as_binary(env, argv[4], &in)) goto bad_arg; if (!enif_inspect_iolist_as_binary(env, argv[5], &tag)) goto bad_arg; /* NOTE: This function returns 0 on success unlike most OpenSSL functions */ if (AES_set_encrypt_key(key.data, (int)key.size * 8, &aes_key) != 0) goto bad_arg; if ((ctx = CRYPTO_gcm128_new(&aes_key, (block128_f)AES_encrypt)) == NULL) goto err; CRYPTO_gcm128_setiv(ctx, iv.data, iv.size); /* NOTE: This function returns 0 on success unlike most OpenSSL functions */ if (CRYPTO_gcm128_aad(ctx, aad.data, aad.size) != 0) goto err; if ((outp = enif_make_new_binary(env, in.size, &out)) == NULL) goto err; /* NOTE: This function returns 0 on success unlike most OpenSSL functions */ if (CRYPTO_gcm128_decrypt(ctx, in.data, outp, in.size) != 0) goto err; /* calculate and check the tag */ /* NOTE: This function returns 0 on success unlike most OpenSSL functions */ if (CRYPTO_gcm128_finish(ctx, tag.data, tag.size) != 0) goto err; CONSUME_REDS(env, in); ret = out; goto done; bad_arg: ret = enif_make_badarg(env); goto done; err: ret = atom_error; done: if (ctx) CRYPTO_gcm128_release(ctx); return ret; } #endif /* HAVE_GCM_EVP_DECRYPT_BUG */