aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/crypto/aes.c235
-rw-r--r--lib/include/crypto/aes.h50
2 files changed, 285 insertions, 0 deletions
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
new file mode 100644
index 0000000..941b5c5
--- /dev/null
+++ b/lib/crypto/aes.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright (c) 2023-2024 Ian Marco Moffett and the Osmora Team.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Hyra nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/mman.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <crypto/aes.h>
+#include <stdio.h>
+
+/*
+ * Encrypt 'data' with AES-256-GCM.
+ *
+ * @data: Data to be encrypted.
+ * @len: Length of data.
+ * @key: Private key to use.
+ * @res: Will contains the new ciphertext and IV.
+ *
+ * TODO: Transparently authenticate data with AAD.
+ */
+int
+aes256_encrypt(const unsigned char *data, size_t len,
+ const unsigned char *key, struct aes_message *res)
+{
+ EVP_CIPHER_CTX *ctx = NULL;
+ size_t ciphertext_len;
+ int error, tmp, *lenres;
+
+ if (res == NULL) {
+ printf("aes256_encrypt: 'res' is NULL!\n");
+ return -1;
+ }
+
+ lenres = &res->ciphertext_len;
+ ciphertext_len = 0;
+ res->ciphertext = malloc(len + AES_GCM_TAG_SIZE);
+ res->ciphertext_len = ciphertext_len;
+
+ /* Generate random bytes for IV */
+ if (RAND_bytes(res->iv, AES_IV_SIZE) <= 0) {
+ printf("aes256_encrypt: Failed to generate AES-256 IV\n");
+ free(res->ciphertext);
+ return -1;
+ }
+
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ printf("aes256_encrypt: Failed to create EVP PKEY context\n");
+ free(res->ciphertext);
+ return -1;
+ }
+
+ /* Initialize encryption operation */
+ error = EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
+ if (error <= 0) {
+ printf("aes256_encrypt: Failed to initialize AES context\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(res->ciphertext);
+ return -1;
+ }
+
+ /* Setup the IV length */
+ error = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, AES_IV_SIZE, NULL);
+ if (error <= 0) {
+ printf("aes256_encrypt: Failed to initialize context IV length\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(res->ciphertext);
+ return -1;
+ }
+
+ /* Initialize key and IV */
+ error = EVP_EncryptInit_ex(ctx, NULL, NULL, key, res->iv);
+ if (error <= 0) {
+ printf("aes256_encrypt: Failed to initialize key and IV\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(res->ciphertext);
+ return -1;
+ }
+
+ error = EVP_EncryptUpdate(ctx, res->ciphertext, &tmp, data, len);
+ if (error <= 0) {
+ printf("aes256_encrypt: Failed to add plaintext\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(res->ciphertext);
+ return -1;
+ }
+
+ res->ciphertext_len = tmp;
+ error = EVP_EncryptFinal_ex(ctx, res->ciphertext + tmp, &tmp);
+ if (error <= 0) {
+ printf("aes256_encrypt: Failed to finish encryption\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(res->ciphertext);
+ return -1;
+ }
+
+ res->ciphertext_len += tmp;
+ error = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GCM_TAG_SIZE,
+ res->tag);
+
+ if (error <= 0) {
+ printf("aes256_encrypt: Failed get GCM tag\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(res->ciphertext);
+ return -1;
+ }
+
+ EVP_CIPHER_CTX_free(ctx);
+ return 0;
+}
+
+
+/*
+ * Decrypt 'data' with AES-256-GCM.
+ *
+ * @amp: Contains ciphertext and IV.
+ * @key: Private key to use.
+ * @res: Will be set to a buffer containing plaintext.
+ */
+int
+aes256_decrypt(struct aes_message *amp, const unsigned char *key,
+ unsigned char **res)
+{
+ EVP_CIPHER_CTX *ctx = NULL;
+ int len, error;
+ unsigned char *plaintext;
+
+ if (res == NULL) {
+ printf("aes256_decrypt: 'res' is NULL\n");
+ return -1;
+ }
+
+ plaintext = malloc(amp->ciphertext_len);
+ if (plaintext == NULL) {
+ printf("aes256_decrypt: Failed to allocate plaintext memory\n");
+ return -1;
+ }
+
+ /* Lock plaintext in memory */
+ if (mlock(plaintext, amp->ciphertext_len) != 0) {
+ printf("aes256_decrypt: Failed to lock plaintext memory\n");
+ return -1;
+ }
+
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ printf("aes256_decrypt: Failed to create cipher context\n");
+ free(plaintext);
+ return -1;
+ }
+
+ error = EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
+ if (error <= 0) {
+ printf("aes256_decrypt: Failed to initialize decryption\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(plaintext);
+ return -1;
+ }
+
+ /* Set IV length */
+ error = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, AES_IV_SIZE, NULL);
+ if (error <= 0) {
+ printf("aes256_decrypt: Failed to set IV length\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(plaintext);
+ return -1;
+ }
+
+ /* Init key and IV */
+ error = EVP_DecryptInit_ex(ctx, NULL, NULL, key, amp->iv);
+ if (error <= 0) {
+ printf("aes256_decrypt: Failed to set key and IV\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(plaintext);
+ return -1;
+ }
+
+ error = EVP_DecryptUpdate(ctx, plaintext, &len, amp->ciphertext,
+ amp->ciphertext_len);
+
+ if (error <= 0) {
+ printf("aes256_decrypt: Failed to set plaintext\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(plaintext);
+ return -1;
+ }
+
+ /* Set GCM tag */
+ error = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_GCM_TAG_SIZE,
+ amp->tag);
+
+ if (error <= 0) {
+ printf("aes256_decrypt: Failed to set tag\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(plaintext);
+ return -1;
+ }
+
+ error = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
+ if (error <= 0) {
+ printf("aes256_decrypt: Could not verify plaintext\n");
+ EVP_CIPHER_CTX_free(ctx);
+ free(plaintext);
+ return -1;
+ }
+
+ *res = plaintext;
+ return 0;
+}
diff --git a/lib/include/crypto/aes.h b/lib/include/crypto/aes.h
new file mode 100644
index 0000000..5973323
--- /dev/null
+++ b/lib/include/crypto/aes.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2023-2024 Ian Marco Moffett and the Osmora Team.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Hyra nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef CRYPTO_AES_H_
+#define CRYPTO_AES_H_
+
+#include <stddef.h>
+
+#define AES_IV_SIZE 16
+#define AES_GCM_TAG_SIZE 16
+
+struct aes_message {
+ unsigned char tag[AES_GCM_TAG_SIZE];
+ unsigned char iv[AES_IV_SIZE];
+ unsigned char *ciphertext;
+ int ciphertext_len;
+};
+
+int aes256_encrypt(const unsigned char *data, size_t len,
+ const unsigned char *key, struct aes_message *res);
+int aes256_decrypt(struct aes_message *amp, const unsigned char *key,
+ unsigned char **res);
+
+#endif /* CRYPTO_AES_H_ */
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 19:17:26 +0000