diff --git a/src/CryptoInterface.h b/src/CryptoInterface.h index b9ca66f4..b8b36fed 100644 --- a/src/CryptoInterface.h +++ b/src/CryptoInterface.h @@ -124,6 +124,10 @@ typedef struct BSL_AuthCtx_s * @note Private value */ size_t block_size; + /** Storage for input blocks. + * After init this is sized to #block_size. + */ + BSL_Data_t in_buf; } BSL_AuthCtx_t; /** @@ -141,6 +145,14 @@ typedef struct BSL_Cipher_s void *keyhandle; /// block size of cipher context size_t block_size; + /** Storage for input blocks. + * After init this is sized to #block_size. + */ + BSL_Data_t in_buf; + /** Storage for output blocks. + * After init this is sized to #block_size. + */ + BSL_Data_t out_buf; } BSL_Cipher_t; /** @@ -242,12 +254,12 @@ int BSL_Crypto_UnwrapKey(void *kek_handle, BSL_Data_t *wrapped_key, void **cek_h /** * Initialize crypto context resources and set as encoding or decoding - * @param cipher_ctx pointer to context to initialize + * @param[out] cipher_ctx pointer to context to initialize * @param aes_var AES GCM variant to use * @param enc enum for BSL_CRYPTO_ENCRYPT or BSL_CRYPTO_DECRYPT - * @param init_vec pointer to initialization vector (IV) data - * @param iv_len length of IV data - * @param key_handle key handle to use + * @param[in] init_vec pointer to initialization vector (IV) data + * @param[in] iv_len length of IV data + * @param[in] key_handle key handle to use * @return 0 if successful */ int BSL_Cipher_Init(BSL_Cipher_t *cipher_ctx, BSL_CipherMode_e enc, BSL_CryptoCipherAESVariant_e aes_var, @@ -275,11 +287,6 @@ int BSL_Crypto_RemoveRegistryKey(const char *keyid); */ int BSL_Cipher_AddAAD(BSL_Cipher_t *cipher_ctx, const void *aad, int aad_len); -/** - * @todo Doxygen - */ -int BSL_Cipher_AddData(BSL_Cipher_t *cipher_ctx, BSL_Data_t plaintext, BSL_Data_t ciphertext); - /** * Add data to encrypt or decrypt to the context sequentially * @param cipher_ctx pointer to context to add data to @@ -289,6 +296,9 @@ int BSL_Cipher_AddData(BSL_Cipher_t *cipher_ctx, BSL_Data_t plaintext, BSL_Data_ */ int BSL_Cipher_AddSeq(BSL_Cipher_t *cipher_ctx, BSL_SeqReader_t *reader, BSL_SeqWriter_t *writer); +/// @overload +int BSL_Cipher_AddData(BSL_Cipher_t *cipher_ctx, const BSL_Data_t *input, BSL_Data_t *output); + /** * Get the tag of the crypto operation * @param cipher_ctx pointer to context to get tag from @@ -314,6 +324,7 @@ int BSL_Cipher_SetTag(BSL_Cipher_t *cipher_ctx, const void *tag); * @return 0 if successful */ int BSL_Cipher_FinalizeSeq(BSL_Cipher_t *cipher_ctx, BSL_SeqWriter_t *writer); +/// @overload int BSL_Cipher_FinalizeData(BSL_Cipher_t *cipher_ctx, BSL_Data_t *extra); /** diff --git a/src/crypto/CryptoInterface.c b/src/crypto/CryptoInterface.c index a6699aa3..afdbbf7e 100644 --- a/src/crypto/CryptoInterface.c +++ b/src/crypto/CryptoInterface.c @@ -377,6 +377,9 @@ int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, void *keyhandle, BSL_CryptoCipherS BSL_LOG_ERR("invalid block size zero, assuming %zu", hmac_ctx->block_size); } + res = BSL_Data_InitBuffer(&hmac_ctx->in_buf, hmac_ctx->block_size); + CHK_PROPERTY(!res); + key_info->stats.stats[BSL_CRYPTO_KEYSTATS_TIMES_USED]++; return 0; @@ -426,6 +429,7 @@ int BSL_AuthCtx_Finalize(BSL_AuthCtx_t *hmac_ctx, void **hmac, size_t *hmac_len) int BSL_AuthCtx_Deinit(BSL_AuthCtx_t *hmac_ctx) { + BSL_Data_Deinit(&hmac_ctx->in_buf); EVP_MD_CTX_free(hmac_ctx->libhandle); memset(hmac_ctx, 0, sizeof(BSL_AuthCtx_t)); return 0; @@ -477,6 +481,12 @@ int BSL_Cipher_Init(BSL_Cipher_t *cipher_ctx, BSL_CipherMode_e enc, BSL_CryptoCi res = EVP_CipherInit_ex(cipher_ctx->libhandle, NULL, NULL, key->raw.ptr, init_vec, -1); CHK_PROPERTY(res == 1); + res = BSL_Data_InitBuffer(&cipher_ctx->in_buf, cipher_ctx->block_size); + CHK_PROPERTY(!res); + + res = BSL_Data_InitBuffer(&cipher_ctx->out_buf, cipher_ctx->block_size); + CHK_PROPERTY(!res); + key->stats.stats[BSL_CRYPTO_KEYSTATS_TIMES_USED]++; return 0; @@ -495,17 +505,17 @@ int BSL_Cipher_AddAAD(BSL_Cipher_t *cipher_ctx, const void *aad, int aad_len) return 0; } -int BSL_Cipher_AddData(BSL_Cipher_t *cipher_ctx, BSL_Data_t plaintext, BSL_Data_t ciphertext) +int BSL_Cipher_AddData(BSL_Cipher_t *cipher_ctx, const BSL_Data_t *input, BSL_Data_t *output) { ASSERT_ARG_NONNULL(cipher_ctx); - int cipherlen = (int)ciphertext.len; - if (EVP_CipherUpdate(cipher_ctx->libhandle, ciphertext.ptr, &cipherlen, plaintext.ptr, (int)plaintext.len) != 1) + int cipherlen = (int)output->len; + if (EVP_CipherUpdate(cipher_ctx->libhandle, output->ptr, &cipherlen, input->ptr, (int)input->len) != 1) { return -1; } BSL_CryptoKey_t *key = (BSL_CryptoKey_t *)cipher_ctx->keyhandle; - key->stats.stats[BSL_CRYPTO_KEYSTATS_BYTES_PROCESSED] += plaintext.len; + key->stats.stats[BSL_CRYPTO_KEYSTATS_BYTES_PROCESSED] += input->len; return cipherlen; } @@ -576,7 +586,7 @@ int BSL_Cipher_FinalizeData(BSL_Cipher_t *cipher_ctx, BSL_Data_t *extra) CHK_PROPERTY(res == 1); BSL_LOG_DEBUG("extra->len = %zu | got len = %d", extra->len, len); memset(extra->ptr, 0, extra->len); - BSL_LOG_INFO("Completed EVP_CipherFinal_ex"); + BSL_LOG_DEBUG("Completed EVP_CipherFinal_ex"); if (len > 0) { memcpy(extra->ptr, buf, sizeof(buf)); @@ -590,11 +600,8 @@ int BSL_Cipher_FinalizeSeq(BSL_Cipher_t *cipher_ctx, BSL_SeqWriter_t *writer) CHK_ARG_NONNULL(cipher_ctx); CHK_ARG_NONNULL(writer); - // finalize can add 1 cipher block - uint8_t buf[cipher_ctx->block_size]; - int evp_len = 0; - int res = EVP_CipherFinal_ex(cipher_ctx->libhandle, buf, &evp_len); + int res = EVP_CipherFinal_ex(cipher_ctx->libhandle, cipher_ctx->out_buf.ptr, &evp_len); if (res != 1) { BSL_LOG_ERR("EVP_CipherFinal_ex error %s", ERR_error_string(ERR_get_error(), NULL)); @@ -604,7 +611,7 @@ int BSL_Cipher_FinalizeSeq(BSL_Cipher_t *cipher_ctx, BSL_SeqWriter_t *writer) if (evp_len > 0) { size_t bsl_len = evp_len; - BSL_SeqWriter_Put(writer, buf, bsl_len); + BSL_SeqWriter_Put(writer, cipher_ctx->out_buf.ptr, bsl_len); } return 0; @@ -613,6 +620,8 @@ int BSL_Cipher_FinalizeSeq(BSL_Cipher_t *cipher_ctx, BSL_SeqWriter_t *writer) int BSL_Cipher_Deinit(BSL_Cipher_t *cipher_ctx) { CHK_ARG_NONNULL(cipher_ctx); + BSL_Data_Deinit(&cipher_ctx->out_buf); + BSL_Data_Deinit(&cipher_ctx->in_buf); EVP_CIPHER_CTX_free(cipher_ctx->libhandle); memset(cipher_ctx, 0, sizeof(*cipher_ctx)); return BSL_SUCCESS;