Google Git
Sign in
chromium / chromium / src.git / 0a02b73e8c3116ca8ee07c5ccc8c7a656099de01 / . / crypto / aead.cc
blob: 933d94b302ba3a853b0db08542a1c42badadc37a [file] [log] [blame]
Avi Drissman201a9a832022-09-13 19:39:25[diff] [blame]1// Copyright 2015 The Chromium Authors
estark03206a12015-04-25 04:52:25[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
svaldez22de42fe2016-04-21 19:42:22[diff] [blame]5#include "crypto/aead.h"
estark03206a12015-04-25 04:52:25[diff] [blame]6
avidd373b8b2015-12-21 21:34:43[diff] [blame]7#include <stddef.h>
8#include <stdint.h>
estark03206a12015-04-25 04:52:25[diff] [blame]9#include <string>
10
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]11#include "base/containers/span.h"
12#include "base/numerics/checked_math.h"
tfarina29a3a1742016-10-28 18:47:33[diff] [blame]13#include "third_party/boringssl/src/include/openssl/aes.h"
14#include "third_party/boringssl/src/include/openssl/evp.h"
estark03206a12015-04-25 04:52:25[diff] [blame]15
16namespace crypto {
17
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]18Aead::Aead(AeadAlgorithm algorithm) {
estark03206a12015-04-25 04:52:25[diff] [blame]19 switch (algorithm) {
20 case AES_128_CTR_HMAC_SHA256:
21 aead_ = EVP_aead_aes_128_ctr_hmac_sha256();
22 break;
Kim Paulhamus98e3cb92c2018-05-01 16:49:42[diff] [blame]23 case AES_256_GCM:
24 aead_ = EVP_aead_aes_256_gcm();
25 break;
Martin Kreichgaueraa06bffa2018-06-29 07:54:10[diff] [blame]26 case AES_256_GCM_SIV:
27 aead_ = EVP_aead_aes_256_gcm_siv();
28 break;
Leonid Baraz07c05772020-08-18 19:55:09[diff] [blame]29 case CHACHA20_POLY1305:
30 aead_ = EVP_aead_chacha20_poly1305();
31 break;
estark03206a12015-04-25 04:52:25[diff] [blame]32 }
33}
34
Chris Watkinsa850a302017-11-30 03:53:49[diff] [blame]35Aead::~Aead() = default;
estark03206a12015-04-25 04:52:25[diff] [blame]36
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]37void Aead::Init(base::span<const uint8_t> key) {
estark03206a12015-04-25 04:52:25[diff] [blame]38 DCHECK(!key_);
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]39 DCHECK_EQ(KeyLength(), key.size());
estark03206a12015-04-25 04:52:25[diff] [blame]40 key_ = key;
41}
42
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]43void Aead::Init(const std::string* key) {
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]44 Init(base::as_byte_span(*key));
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]45}
46
47std::vector<uint8_t> Aead::Seal(
48 base::span<const uint8_t> plaintext,
49 base::span<const uint8_t> nonce,
50 base::span<const uint8_t> additional_data) const {
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]51 size_t max_output_length =
52 base::CheckAdd(plaintext.size(), EVP_AEAD_max_overhead(aead_))
53 .ValueOrDie();
54 std::vector<uint8_t> ret(max_output_length);
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]55
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]56 std::optional<size_t> output_length =
57 Seal(plaintext, nonce, additional_data, ret);
58 CHECK(output_length);
59 ret.resize(*output_length);
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]60 return ret;
61}
62
David Benjamin3bfdc522023-09-01 21:13:45[diff] [blame]63bool Aead::Seal(std::string_view plaintext,
64 std::string_view nonce,
65 std::string_view additional_data,
estark03206a12015-04-25 04:52:25[diff] [blame]66 std::string* ciphertext) const {
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]67 size_t max_output_length =
68 base::CheckAdd(plaintext.size(), EVP_AEAD_max_overhead(aead_))
69 .ValueOrDie();
70 ciphertext->resize(max_output_length);
estark03206a12015-04-25 04:52:25[diff] [blame]71
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]72 std::optional<size_t> output_length =
73 Seal(base::as_byte_span(plaintext), base::as_byte_span(nonce),
74 base::as_byte_span(additional_data),
75 base::as_writable_byte_span(*ciphertext));
76 if (!output_length) {
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]77 ciphertext->clear();
estark03206a12015-04-25 04:52:25[diff] [blame]78 return false;
79 }
80
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]81 ciphertext->resize(*output_length);
estark03206a12015-04-25 04:52:25[diff] [blame]82 return true;
83}
84
Arthur Sonzogni59ac8222023-11-10 09:46:54[diff] [blame]85std::optional<std::vector<uint8_t>> Aead::Open(
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]86 base::span<const uint8_t> ciphertext,
87 base::span<const uint8_t> nonce,
88 base::span<const uint8_t> additional_data) const {
89 const size_t max_output_length = ciphertext.size();
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]90 std::vector<uint8_t> ret(max_output_length);
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]91
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]92 std::optional<size_t> output_length =
93 Open(ciphertext, nonce, additional_data, ret);
94 if (!output_length) {
Arthur Sonzogni59ac8222023-11-10 09:46:54[diff] [blame]95 return std::nullopt;
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]96 }
97
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]98 ret.resize(*output_length);
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]99 return ret;
100}
101
David Benjamin3bfdc522023-09-01 21:13:45[diff] [blame]102bool Aead::Open(std::string_view ciphertext,
103 std::string_view nonce,
104 std::string_view additional_data,
estark03206a12015-04-25 04:52:25[diff] [blame]105 std::string* plaintext) const {
estark03206a12015-04-25 04:52:25[diff] [blame]106 const size_t max_output_length = ciphertext.size();
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]107 plaintext->resize(max_output_length);
estark03206a12015-04-25 04:52:25[diff] [blame]108
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]109 std::optional<size_t> output_length =
110 Open(base::as_byte_span(ciphertext), base::as_byte_span(nonce),
111 base::as_byte_span(additional_data),
112 base::as_writable_byte_span(*plaintext));
113 if (!output_length) {
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]114 plaintext->clear();
estark03206a12015-04-25 04:52:25[diff] [blame]115 return false;
116 }
117
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]118 plaintext->resize(*output_length);
estark03206a12015-04-25 04:52:25[diff] [blame]119 return true;
120}
121
122size_t Aead::KeyLength() const {
123 return EVP_AEAD_key_length(aead_);
124}
125
126size_t Aead::NonceLength() const {
127 return EVP_AEAD_nonce_length(aead_);
128}
129
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]130std::optional<size_t> Aead::Seal(base::span<const uint8_t> plaintext,
131 base::span<const uint8_t> nonce,
132 base::span<const uint8_t> additional_data,
133 base::span<uint8_t> out) const {
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]134 DCHECK(key_);
135 DCHECK_EQ(NonceLength(), nonce.size());
136 bssl::ScopedEVP_AEAD_CTX ctx;
137
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]138 size_t out_len;
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]139 if (!EVP_AEAD_CTX_init(ctx.get(), aead_, key_->data(), key_->size(),
140 EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr) ||
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]141 !EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(),
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]142 nonce.data(), nonce.size(), plaintext.data(),
143 plaintext.size(), additional_data.data(),
144 additional_data.size())) {
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]145 return std::nullopt;
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]146 }
147
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]148 DCHECK_LE(out_len, out.size());
149 return out_len;
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]150}
151
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]152std::optional<size_t> Aead::Open(base::span<const uint8_t> plaintext,
153 base::span<const uint8_t> nonce,
154 base::span<const uint8_t> additional_data,
155 base::span<uint8_t> out) const {
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]156 DCHECK(key_);
157 DCHECK_EQ(NonceLength(), nonce.size());
158 bssl::ScopedEVP_AEAD_CTX ctx;
159
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]160 size_t out_len;
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]161 if (!EVP_AEAD_CTX_init(ctx.get(), aead_, key_->data(), key_->size(),
162 EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr) ||
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]163 !EVP_AEAD_CTX_open(ctx.get(), out.data(), &out_len, out.size(),
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]164 nonce.data(), nonce.size(), plaintext.data(),
165 plaintext.size(), additional_data.data(),
166 additional_data.size())) {
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]167 return std::nullopt;
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]168 }
169
David Benjamin78bbd022024-02-09 01:02:49[diff] [blame]170 DCHECK_LE(out_len, out.size());
171 return out_len;
Adam Langleyf21497312019-08-09 22:23:33[diff] [blame]172}
173
davidben6004dc52017-02-03 04:15:29[diff] [blame]174} // namespace crypto