| GCC Code Coverage Report | |||||||||||||||||||||
|
|||||||||||||||||||||
| Line | Branch | Exec | Source |
1 |
#include "crypto/crypto_cipher.h" |
||
2 |
#include "base_object-inl.h" |
||
3 |
#include "crypto/crypto_util.h" |
||
4 |
#include "env-inl.h" |
||
5 |
#include "memory_tracker-inl.h" |
||
6 |
#include "node_buffer.h" |
||
7 |
#include "node_internals.h" |
||
8 |
#include "node_process-inl.h" |
||
9 |
#include "v8.h" |
||
10 |
|||
11 |
namespace node { |
||
12 |
|||
13 |
using v8::Array; |
||
14 |
using v8::ArrayBuffer; |
||
15 |
using v8::BackingStore; |
||
16 |
using v8::Context; |
||
17 |
using v8::FunctionCallbackInfo; |
||
18 |
using v8::FunctionTemplate; |
||
19 |
using v8::HandleScope; |
||
20 |
using v8::Int32; |
||
21 |
using v8::Isolate; |
||
22 |
using v8::Local; |
||
23 |
using v8::Object; |
||
24 |
using v8::Uint32; |
||
25 |
using v8::Value; |
||
26 |
|||
27 |
namespace crypto { |
||
28 |
namespace { |
||
29 |
4742 |
bool IsSupportedAuthenticatedMode(const EVP_CIPHER* cipher) { |
|
30 |
✓✓✓ | 4742 |
switch (EVP_CIPHER_mode(cipher)) { |
31 |
1857 |
case EVP_CIPH_CCM_MODE: |
|
32 |
case EVP_CIPH_GCM_MODE: |
||
33 |
#ifndef OPENSSL_NO_OCB |
||
34 |
case EVP_CIPH_OCB_MODE: |
||
35 |
#endif |
||
36 |
1857 |
return true; |
|
37 |
1747 |
case EVP_CIPH_STREAM_CIPHER: |
|
38 |
1747 |
return EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305; |
|
39 |
1138 |
default: |
|
40 |
1138 |
return false; |
|
41 |
} |
||
42 |
} |
||
43 |
|||
44 |
2442 |
bool IsSupportedAuthenticatedMode(const EVP_CIPHER_CTX* ctx) { |
|
45 |
2442 |
const EVP_CIPHER* cipher = EVP_CIPHER_CTX_cipher(ctx); |
|
46 |
2442 |
return IsSupportedAuthenticatedMode(cipher); |
|
47 |
} |
||
48 |
|||
49 |
66 |
bool IsValidGCMTagLength(unsigned int tag_len) { |
|
50 |
✓✓✓✓ ✓✓✓✓ |
66 |
return tag_len == 4 || tag_len == 8 || (tag_len >= 12 && tag_len <= 16); |
51 |
} |
||
52 |
|||
53 |
// Collects and returns information on the given cipher |
||
54 |
425 |
void GetCipherInfo(const FunctionCallbackInfo<Value>& args) { |
|
55 |
425 |
Environment* env = Environment::GetCurrent(args); |
|
56 |
✗✓ | 425 |
CHECK(args[0]->IsObject()); |
57 |
✓✗ | 850 |
Local<Object> info = args[0].As<Object>(); |
58 |
|||
59 |
✓✓✗✓ ✗✓ |
982 |
CHECK(args[1]->IsString() || args[1]->IsInt32()); |
60 |
|||
61 |
const EVP_CIPHER* cipher; |
||
62 |
✓✓ | 850 |
if (args[1]->IsString()) { |
63 |
586 |
Utf8Value name(env->isolate(), args[1]); |
|
64 |
293 |
cipher = EVP_get_cipherbyname(*name); |
|
65 |
} else { |
||
66 |
264 |
int nid = args[1].As<Int32>()->Value(); |
|
67 |
132 |
cipher = EVP_get_cipherbynid(nid); |
|
68 |
} |
||
69 |
|||
70 |
✓✓ | 425 |
if (cipher == nullptr) |
71 |
7 |
return; |
|
72 |
|||
73 |
423 |
int mode = EVP_CIPHER_mode(cipher); |
|
74 |
423 |
int iv_length = EVP_CIPHER_iv_length(cipher); |
|
75 |
423 |
int key_length = EVP_CIPHER_key_length(cipher); |
|
76 |
423 |
int block_length = EVP_CIPHER_block_size(cipher); |
|
77 |
423 |
const char* mode_label = nullptr; |
|
78 |
✓✓✓✓ ✓✓✓✓ ✓✓✓✗ |
423 |
switch (mode) { |
79 |
86 |
case EVP_CIPH_CBC_MODE: mode_label = "cbc"; break; |
|
80 |
36 |
case EVP_CIPH_CCM_MODE: mode_label = "ccm"; break; |
|
81 |
96 |
case EVP_CIPH_CFB_MODE: mode_label = "cfb"; break; |
|
82 |
30 |
case EVP_CIPH_CTR_MODE: mode_label = "ctr"; break; |
|
83 |
42 |
case EVP_CIPH_ECB_MODE: mode_label = "ecb"; break; |
|
84 |
27 |
case EVP_CIPH_GCM_MODE: mode_label = "gcm"; break; |
|
85 |
25 |
case EVP_CIPH_OCB_MODE: mode_label = "ocb"; break; |
|
86 |
36 |
case EVP_CIPH_OFB_MODE: mode_label = "ofb"; break; |
|
87 |
33 |
case EVP_CIPH_WRAP_MODE: mode_label = "wrap"; break; |
|
88 |
6 |
case EVP_CIPH_XTS_MODE: mode_label = "xts"; break; |
|
89 |
6 |
case EVP_CIPH_STREAM_CIPHER: mode_label = "stream"; break; |
|
90 |
} |
||
91 |
|||
92 |
// If the testKeyLen and testIvLen arguments are specified, |
||
93 |
// then we will make an attempt to see if they are usable for |
||
94 |
// the cipher in question, returning undefined if they are not. |
||
95 |
// If they are, the info object will be returned with the values |
||
96 |
// given. |
||
97 |
✓✓✓✓ ✓✓ |
844 |
if (args[2]->IsInt32() || args[3]->IsInt32()) { |
98 |
// Test and input IV or key length to determine if it's acceptable. |
||
99 |
// If it is, then the getCipherInfo will succeed with the given |
||
100 |
// values. |
||
101 |
29 |
CipherCtxPointer ctx(EVP_CIPHER_CTX_new()); |
|
102 |
✗✓ | 29 |
if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr, 1)) |
103 |
return; |
||
104 |
|||
105 |
✓✓ | 29 |
if (args[2]->IsInt32()) { |
106 |
4 |
int check_len = args[2].As<Int32>()->Value(); |
|
107 |
✓✓ | 2 |
if (!EVP_CIPHER_CTX_set_key_length(ctx.get(), check_len)) |
108 |
1 |
return; |
|
109 |
1 |
key_length = check_len; |
|
110 |
} |
||
111 |
|||
112 |
✓✓ | 28 |
if (args[3]->IsInt32()) { |
113 |
54 |
int check_len = args[3].As<Int32>()->Value(); |
|
114 |
// For CCM modes, the IV may be between 7 and 13 bytes. |
||
115 |
// For GCM and OCB modes, we'll check by attempting to |
||
116 |
// set the value. For everything else, just check that |
||
117 |
// check_len == iv_length. |
||
118 |
✓✓✓ | 27 |
switch (mode) { |
119 |
9 |
case EVP_CIPH_CCM_MODE: |
|
120 |
✓✓✓✓ |
9 |
if (check_len < 7 || check_len > 13) |
121 |
2 |
return; |
|
122 |
7 |
break; |
|
123 |
16 |
case EVP_CIPH_GCM_MODE: |
|
124 |
// Fall through |
||
125 |
case EVP_CIPH_OCB_MODE: |
||
126 |
✓✓ | 16 |
if (!EVP_CIPHER_CTX_ctrl( |
127 |
ctx.get(), |
||
128 |
EVP_CTRL_AEAD_SET_IVLEN, |
||
129 |
check_len, |
||
130 |
nullptr)) { |
||
131 |
1 |
return; |
|
132 |
} |
||
133 |
15 |
break; |
|
134 |
2 |
default: |
|
135 |
✓✓ | 2 |
if (check_len != iv_length) |
136 |
1 |
return; |
|
137 |
} |
||
138 |
23 |
iv_length = check_len; |
|
139 |
} |
||
140 |
} |
||
141 |
|||
142 |
✓✗ | 836 |
if (mode_label != nullptr && |
143 |
418 |
info->Set( |
|
144 |
env->context(), |
||
145 |
FIXED_ONE_BYTE_STRING(env->isolate(), "mode"), |
||
146 |
✗✓✗✓ |
2090 |
OneByteString(env->isolate(), mode_label)).IsNothing()) { |
147 |
return; |
||
148 |
} |
||
149 |
|||
150 |
// OBJ_nid2sn(EVP_CIPHER_nid(cipher)) is used here instead of |
||
151 |
// EVP_CIPHER_name(cipher) for compatibility with BoringSSL. |
||
152 |
836 |
if (info->Set( |
|
153 |
env->context(), |
||
154 |
env->name_string(), |
||
155 |
OneByteString( |
||
156 |
env->isolate(), |
||
157 |
✗✓ | 1672 |
OBJ_nid2sn(EVP_CIPHER_nid(cipher)))).IsNothing()) { |
158 |
return; |
||
159 |
} |
||
160 |
|||
161 |
836 |
if (info->Set( |
|
162 |
env->context(), |
||
163 |
FIXED_ONE_BYTE_STRING(env->isolate(), "nid"), |
||
164 |
✗✓ | 1672 |
Int32::New(env->isolate(), EVP_CIPHER_nid(cipher))).IsNothing()) { |
165 |
return; |
||
166 |
} |
||
167 |
|||
168 |
// Stream ciphers do not have a meaningful block size |
||
169 |
✓✓ | 830 |
if (mode != EVP_CIPH_STREAM_CIPHER && |
170 |
418 |
info->Set( |
|
171 |
env->context(), |
||
172 |
FIXED_ONE_BYTE_STRING(env->isolate(), "blockSize"), |
||
173 |
✗✓✗✓ |
2066 |
Int32::New(env->isolate(), block_length)).IsNothing()) { |
174 |
return; |
||
175 |
} |
||
176 |
|||
177 |
// Ciphers that do not use an IV shouldn't report a length |
||
178 |
✓✓ | 788 |
if (iv_length != 0 && |
179 |
418 |
info->Set( |
|
180 |
env->context(), |
||
181 |
FIXED_ONE_BYTE_STRING(env->isolate(), "ivLength"), |
||
182 |
✗✓✗✓ |
1898 |
Int32::New(env->isolate(), iv_length)).IsNothing()) { |
183 |
return; |
||
184 |
} |
||
185 |
|||
186 |
836 |
if (info->Set( |
|
187 |
env->context(), |
||
188 |
FIXED_ONE_BYTE_STRING(env->isolate(), "keyLength"), |
||
189 |
✗✓ | 1672 |
Int32::New(env->isolate(), key_length)).IsNothing()) { |
190 |
return; |
||
191 |
} |
||
192 |
|||
193 |
836 |
args.GetReturnValue().Set(info); |
|
194 |
} |
||
195 |
} // namespace |
||
196 |
|||
197 |
1 |
void CipherBase::GetSSLCiphers(const FunctionCallbackInfo<Value>& args) { |
|
198 |
1 |
Environment* env = Environment::GetCurrent(args); |
|
199 |
|||
200 |
1 |
SSLCtxPointer ctx(SSL_CTX_new(TLS_method())); |
|
201 |
✗✓ | 1 |
if (!ctx) { |
202 |
return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new"); |
||
203 |
} |
||
204 |
|||
205 |
1 |
SSLPointer ssl(SSL_new(ctx.get())); |
|
206 |
✗✓ | 1 |
if (!ssl) { |
207 |
return ThrowCryptoError(env, ERR_get_error(), "SSL_new"); |
||
208 |
} |
||
209 |
|||
210 |
1 |
STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl.get()); |
|
211 |
|||
212 |
// TLSv1.3 ciphers aren't listed by EVP. There are only 5, we could just |
||
213 |
// document them, but since there are only 5, easier to just add them manually |
||
214 |
// and not have to explain their absence in the API docs. They are lower-cased |
||
215 |
// because the docs say they will be. |
||
216 |
static const char* TLS13_CIPHERS[] = { |
||
217 |
"tls_aes_256_gcm_sha384", |
||
218 |
"tls_chacha20_poly1305_sha256", |
||
219 |
"tls_aes_128_gcm_sha256", |
||
220 |
"tls_aes_128_ccm_8_sha256", |
||
221 |
"tls_aes_128_ccm_sha256" |
||
222 |
}; |
||
223 |
|||
224 |
1 |
const int n = sk_SSL_CIPHER_num(ciphers); |
|
225 |
1 |
std::vector<Local<Value>> arr(n + arraysize(TLS13_CIPHERS)); |
|
226 |
|||
227 |
✓✓ | 61 |
for (int i = 0; i < n; ++i) { |
228 |
60 |
const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(ciphers, i); |
|
229 |
120 |
arr[i] = OneByteString(env->isolate(), SSL_CIPHER_get_name(cipher)); |
|
230 |
} |
||
231 |
|||
232 |
✓✓ | 6 |
for (unsigned i = 0; i < arraysize(TLS13_CIPHERS); ++i) { |
233 |
5 |
const char* name = TLS13_CIPHERS[i]; |
|
234 |
10 |
arr[n + i] = OneByteString(env->isolate(), name); |
|
235 |
} |
||
236 |
|||
237 |
2 |
args.GetReturnValue().Set(Array::New(env->isolate(), arr.data(), arr.size())); |
|
238 |
} |
||
239 |
|||
240 |
8 |
void CipherBase::GetCiphers(const FunctionCallbackInfo<Value>& args) { |
|
241 |
8 |
Environment* env = Environment::GetCurrent(args); |
|
242 |
16 |
MarkPopErrorOnReturn mark_pop_error_on_return; |
|
243 |
8 |
CipherPushContext ctx(env); |
|
244 |
8 |
EVP_CIPHER_do_all_sorted( |
|
245 |
#if OPENSSL_VERSION_MAJOR >= 3 |
||
246 |
array_push_back<EVP_CIPHER, |
||
247 |
EVP_CIPHER_fetch, |
||
248 |
EVP_CIPHER_free, |
||
249 |
EVP_get_cipherbyname, |
||
250 |
EVP_CIPHER_get0_name>, |
||
251 |
#else |
||
252 |
array_push_back<EVP_CIPHER>, |
||
253 |
#endif |
||
254 |
&ctx); |
||
255 |
16 |
args.GetReturnValue().Set(ctx.ToJSArray()); |
|
256 |
8 |
} |
|
257 |
|||
258 |
1483 |
CipherBase::CipherBase(Environment* env, |
|
259 |
Local<Object> wrap, |
||
260 |
1483 |
CipherKind kind) |
|
261 |
: BaseObject(env, wrap), |
||
262 |
ctx_(nullptr), |
||
263 |
kind_(kind), |
||
264 |
auth_tag_state_(kAuthTagUnknown), |
||
265 |
auth_tag_len_(kNoAuthTagLength), |
||
266 |
1483 |
pending_auth_failed_(false) { |
|
267 |
1483 |
MakeWeak(); |
|
268 |
1483 |
} |
|
269 |
|||
270 |
void CipherBase::MemoryInfo(MemoryTracker* tracker) const { |
||
271 |
tracker->TrackFieldWithSize("context", ctx_ ? kSizeOf_EVP_CIPHER_CTX : 0); |
||
272 |
} |
||
273 |
|||
274 |
789 |
void CipherBase::Initialize(Environment* env, Local<Object> target) { |
|
275 |
789 |
Isolate* isolate = env->isolate(); |
|
276 |
789 |
Local<Context> context = env->context(); |
|
277 |
|||
278 |
789 |
Local<FunctionTemplate> t = NewFunctionTemplate(isolate, New); |
|
279 |
|||
280 |
1578 |
t->InstanceTemplate()->SetInternalFieldCount( |
|
281 |
CipherBase::kInternalFieldCount); |
||
282 |
789 |
t->Inherit(BaseObject::GetConstructorTemplate(env)); |
|
283 |
|||
284 |
789 |
SetProtoMethod(isolate, t, "init", Init); |
|
285 |
789 |
SetProtoMethod(isolate, t, "initiv", InitIv); |
|
286 |
789 |
SetProtoMethod(isolate, t, "update", Update); |
|
287 |
789 |
SetProtoMethod(isolate, t, "final", Final); |
|
288 |
789 |
SetProtoMethod(isolate, t, "setAutoPadding", SetAutoPadding); |
|
289 |
789 |
SetProtoMethodNoSideEffect(isolate, t, "getAuthTag", GetAuthTag); |
|
290 |
789 |
SetProtoMethod(isolate, t, "setAuthTag", SetAuthTag); |
|
291 |
789 |
SetProtoMethod(isolate, t, "setAAD", SetAAD); |
|
292 |
789 |
SetConstructorFunction(context, target, "CipherBase", t); |
|
293 |
|||
294 |
789 |
SetMethodNoSideEffect(context, target, "getSSLCiphers", GetSSLCiphers); |
|
295 |
789 |
SetMethodNoSideEffect(context, target, "getCiphers", GetCiphers); |
|
296 |
|||
297 |
789 |
SetMethod(context, |
|
298 |
target, |
||
299 |
"publicEncrypt", |
||
300 |
PublicKeyCipher::Cipher<PublicKeyCipher::kPublic, |
||
301 |
EVP_PKEY_encrypt_init, |
||
302 |
EVP_PKEY_encrypt>); |
||
303 |
789 |
SetMethod(context, |
|
304 |
target, |
||
305 |
"privateDecrypt", |
||
306 |
PublicKeyCipher::Cipher<PublicKeyCipher::kPrivate, |
||
307 |
EVP_PKEY_decrypt_init, |
||
308 |
EVP_PKEY_decrypt>); |
||
309 |
789 |
SetMethod(context, |
|
310 |
target, |
||
311 |
"privateEncrypt", |
||
312 |
PublicKeyCipher::Cipher<PublicKeyCipher::kPrivate, |
||
313 |
EVP_PKEY_sign_init, |
||
314 |
EVP_PKEY_sign>); |
||
315 |
789 |
SetMethod(context, |
|
316 |
target, |
||
317 |
"publicDecrypt", |
||
318 |
PublicKeyCipher::Cipher<PublicKeyCipher::kPublic, |
||
319 |
EVP_PKEY_verify_recover_init, |
||
320 |
EVP_PKEY_verify_recover>); |
||
321 |
|||
322 |
789 |
SetMethodNoSideEffect(context, target, "getCipherInfo", GetCipherInfo); |
|
323 |
|||
324 |
2367 |
NODE_DEFINE_CONSTANT(target, kWebCryptoCipherEncrypt); |
|
325 |
1578 |
NODE_DEFINE_CONSTANT(target, kWebCryptoCipherDecrypt); |
|
326 |
789 |
} |
|
327 |
|||
328 |
5527 |
void CipherBase::RegisterExternalReferences( |
|
329 |
ExternalReferenceRegistry* registry) { |
||
330 |
5527 |
registry->Register(New); |
|
331 |
|||
332 |
5527 |
registry->Register(Init); |
|
333 |
5527 |
registry->Register(InitIv); |
|
334 |
5527 |
registry->Register(Update); |
|
335 |
5527 |
registry->Register(Final); |
|
336 |
5527 |
registry->Register(SetAutoPadding); |
|
337 |
5527 |
registry->Register(GetAuthTag); |
|
338 |
5527 |
registry->Register(SetAuthTag); |
|
339 |
5527 |
registry->Register(SetAAD); |
|
340 |
|||
341 |
5527 |
registry->Register(GetSSLCiphers); |
|
342 |
5527 |
registry->Register(GetCiphers); |
|
343 |
|||
344 |
5527 |
registry->Register(PublicKeyCipher::Cipher<PublicKeyCipher::kPublic, |
|
345 |
EVP_PKEY_encrypt_init, |
||
346 |
EVP_PKEY_encrypt>); |
||
347 |
5527 |
registry->Register(PublicKeyCipher::Cipher<PublicKeyCipher::kPrivate, |
|
348 |
EVP_PKEY_decrypt_init, |
||
349 |
EVP_PKEY_decrypt>); |
||
350 |
5527 |
registry->Register(PublicKeyCipher::Cipher<PublicKeyCipher::kPrivate, |
|
351 |
EVP_PKEY_sign_init, |
||
352 |
EVP_PKEY_sign>); |
||
353 |
5527 |
registry->Register(PublicKeyCipher::Cipher<PublicKeyCipher::kPublic, |
|
354 |
EVP_PKEY_verify_recover_init, |
||
355 |
EVP_PKEY_verify_recover>); |
||
356 |
|||
357 |
5527 |
registry->Register(GetCipherInfo); |
|
358 |
5527 |
} |
|
359 |
|||
360 |
1483 |
void CipherBase::New(const FunctionCallbackInfo<Value>& args) { |
|
361 |
✗✓ | 1483 |
CHECK(args.IsConstructCall()); |
362 |
1483 |
Environment* env = Environment::GetCurrent(args); |
|
363 |
✓✗✓✓ |
2966 |
new CipherBase(env, args.This(), args[0]->IsTrue() ? kCipher : kDecipher); |
364 |
1483 |
} |
|
365 |
|||
366 |
907 |
void CipherBase::CommonInit(const char* cipher_type, |
|
367 |
const EVP_CIPHER* cipher, |
||
368 |
const unsigned char* key, |
||
369 |
int key_len, |
||
370 |
const unsigned char* iv, |
||
371 |
int iv_len, |
||
372 |
unsigned int auth_tag_len) { |
||
373 |
✗✓ | 907 |
CHECK(!ctx_); |
374 |
907 |
ctx_.reset(EVP_CIPHER_CTX_new()); |
|
375 |
|||
376 |
907 |
const int mode = EVP_CIPHER_mode(cipher); |
|
377 |
✓✓ | 907 |
if (mode == EVP_CIPH_WRAP_MODE) |
378 |
29 |
EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); |
|
379 |
|||
380 |
907 |
const bool encrypt = (kind_ == kCipher); |
|
381 |
✗✓ | 907 |
if (1 != EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, |
382 |
nullptr, nullptr, encrypt)) { |
||
383 |
return ThrowCryptoError(env(), ERR_get_error(), |
||
384 |
"Failed to initialize cipher"); |
||
385 |
} |
||
386 |
|||
387 |
✓✓ | 907 |
if (IsSupportedAuthenticatedMode(cipher)) { |
388 |
✗✓ | 679 |
CHECK_GE(iv_len, 0); |
389 |
✓✓ | 679 |
if (!InitAuthenticated(cipher_type, iv_len, auth_tag_len)) |
390 |
74 |
return; |
|
391 |
} |
||
392 |
|||
393 |
✓✓ | 833 |
if (!EVP_CIPHER_CTX_set_key_length(ctx_.get(), key_len)) { |
394 |
1 |
ctx_.reset(); |
|
395 |
1 |
return THROW_ERR_CRYPTO_INVALID_KEYLEN(env()); |
|
396 |
} |
||
397 |
|||
398 |
✗✓ | 832 |
if (1 != EVP_CipherInit_ex(ctx_.get(), nullptr, nullptr, key, iv, encrypt)) { |
399 |
return ThrowCryptoError(env(), ERR_get_error(), |
||
400 |
"Failed to initialize cipher"); |
||
401 |
} |
||
402 |
} |
||
403 |
|||
404 |
89 |
void CipherBase::Init(const char* cipher_type, |
|
405 |
const ArrayBufferOrViewContents<unsigned char>& key_buf, |
||
406 |
unsigned int auth_tag_len) { |
||
407 |
89 |
HandleScope scope(env()->isolate()); |
|
408 |
89 |
MarkPopErrorOnReturn mark_pop_error_on_return; |
|
409 |
#if OPENSSL_VERSION_MAJOR >= 3 |
||
410 |
✗✓ | 89 |
if (EVP_default_properties_is_fips_enabled(nullptr)) { |
411 |
#else |
||
412 |
if (FIPS_mode()) { |
||
413 |
#endif |
||
414 |
return THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION(env(), |
||
415 |
"crypto.createCipher() is not supported in FIPS mode."); |
||
416 |
} |
||
417 |
|||
418 |
89 |
const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type); |
|
419 |
✗✓ | 89 |
if (cipher == nullptr) |
420 |
return THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env()); |
||
421 |
|||
422 |
unsigned char key[EVP_MAX_KEY_LENGTH]; |
||
423 |
unsigned char iv[EVP_MAX_IV_LENGTH]; |
||
424 |
|||
425 |
89 |
int key_len = EVP_BytesToKey(cipher, |
|
426 |
EVP_md5(), |
||
427 |
nullptr, |
||
428 |
key_buf.data(), |
||
429 |
89 |
key_buf.size(), |
|
430 |
1, |
||
431 |
key, |
||
432 |
89 |
iv); |
|
433 |
✗✓ | 89 |
CHECK_NE(key_len, 0); |
434 |
|||
435 |
89 |
const int mode = EVP_CIPHER_mode(cipher); |
|
436 |
✓✓✓✗ ✓✓ |
89 |
if (kind_ == kCipher && (mode == EVP_CIPH_CTR_MODE || |
437 |
✓✓ | 43 |
mode == EVP_CIPH_GCM_MODE || |
438 |
mode == EVP_CIPH_CCM_MODE)) { |
||
439 |
// Ignore the return value (i.e. possible exception) because we are |
||
440 |
// not calling back into JS anyway. |
||
441 |
ProcessEmitWarning(env(), |
||
442 |
"Use Cipheriv for counter mode of %s", |
||
443 |
24 |
cipher_type); |
|
444 |
} |
||
445 |
|||
446 |
89 |
CommonInit(cipher_type, cipher, key, key_len, iv, |
|
447 |
EVP_CIPHER_iv_length(cipher), auth_tag_len); |
||
448 |
} |
||
449 |
|||
450 |
89 |
void CipherBase::Init(const FunctionCallbackInfo<Value>& args) { |
|
451 |
CipherBase* cipher; |
||
452 |
✗✓ | 89 |
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder()); |
453 |
89 |
Environment* env = Environment::GetCurrent(args); |
|
454 |
|||
455 |
✗✓ | 89 |
CHECK_GE(args.Length(), 3); |
456 |
|||
457 |
89 |
const Utf8Value cipher_type(args.GetIsolate(), args[0]); |
|
458 |
89 |
ArrayBufferOrViewContents<unsigned char> key_buf(args[1]); |
|
459 |
✗✓ | 89 |
if (!key_buf.CheckSizeInt32()) |
460 |
return THROW_ERR_OUT_OF_RANGE(env, "password is too large"); |
||
461 |
|||
462 |
// Don't assign to cipher->auth_tag_len_ directly; the value might not |
||
463 |
// represent a valid length at this point. |
||
464 |
unsigned int auth_tag_len; |
||
465 |
✓✓ | 89 |
if (args[2]->IsUint32()) { |
466 |
70 |
auth_tag_len = args[2].As<Uint32>()->Value(); |
|
467 |
} else { |
||
468 |
✓✗✗✓ ✗✓ |
162 |
CHECK(args[2]->IsInt32() && args[2].As<Int32>()->Value() == -1); |
469 |
54 |
auth_tag_len = kNoAuthTagLength; |
|
470 |
} |
||
471 |
|||
472 |
89 |
cipher->Init(*cipher_type, key_buf, auth_tag_len); |
|
473 |
} |
||
474 |
|||
475 |
1394 |
void CipherBase::InitIv(const char* cipher_type, |
|
476 |
const ByteSource& key_buf, |
||
477 |
const ArrayBufferOrViewContents<unsigned char>& iv_buf, |
||
478 |
unsigned int auth_tag_len) { |
||
479 |
1394 |
HandleScope scope(env()->isolate()); |
|
480 |
1394 |
MarkPopErrorOnReturn mark_pop_error_on_return; |
|
481 |
|||
482 |
1394 |
const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type); |
|
483 |
✓✓ | 1394 |
if (cipher == nullptr) |
484 |
1 |
return THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env()); |
|
485 |
|||
486 |
1393 |
const int expected_iv_len = EVP_CIPHER_iv_length(cipher); |
|
487 |
1393 |
const bool is_authenticated_mode = IsSupportedAuthenticatedMode(cipher); |
|
488 |
1393 |
const bool has_iv = iv_buf.size() > 0; |
|
489 |
|||
490 |
// Throw if no IV was passed and the cipher requires an IV |
||
491 |
✓✓✓✓ |
1393 |
if (!has_iv && expected_iv_len != 0) |
492 |
61 |
return THROW_ERR_CRYPTO_INVALID_IV(env()); |
|
493 |
|||
494 |
// Throw if an IV was passed which does not match the cipher's fixed IV length |
||
495 |
// static_cast<int> for the iv_buf.size() is safe because we've verified |
||
496 |
// prior that the value is not larger than INT_MAX. |
||
497 |
✓✓ | 695 |
if (!is_authenticated_mode && |
498 |
✓✓✓✓ |
2027 |
has_iv && |
499 |
✓✓ | 670 |
static_cast<int>(iv_buf.size()) != expected_iv_len) { |
500 |
509 |
return THROW_ERR_CRYPTO_INVALID_IV(env()); |
|
501 |
} |
||
502 |
|||
503 |
✓✓ | 823 |
if (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305) { |
504 |
✗✓ | 292 |
CHECK(has_iv); |
505 |
// Check for invalid IV lengths, since OpenSSL does not under some |
||
506 |
// conditions: |
||
507 |
// https://www.openssl.org/news/secadv/20190306.txt. |
||
508 |
✓✓ | 292 |
if (iv_buf.size() > 12) |
509 |
5 |
return THROW_ERR_CRYPTO_INVALID_IV(env()); |
|
510 |
} |
||
511 |
|||
512 |
1636 |
CommonInit( |
|
513 |
cipher_type, |
||
514 |
cipher, |
||
515 |
key_buf.data<unsigned char>(), |
||
516 |
818 |
key_buf.size(), |
|
517 |
iv_buf.data(), |
||
518 |
818 |
iv_buf.size(), |
|
519 |
auth_tag_len); |
||
520 |
} |
||
521 |
|||
522 |
1394 |
void CipherBase::InitIv(const FunctionCallbackInfo<Value>& args) { |
|
523 |
CipherBase* cipher; |
||
524 |
✗✓ | 1394 |
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder()); |
525 |
1394 |
Environment* env = cipher->env(); |
|
526 |
|||
527 |
✗✓ | 1394 |
CHECK_GE(args.Length(), 4); |
528 |
|||
529 |
1394 |
const Utf8Value cipher_type(env->isolate(), args[0]); |
|
530 |
|||
531 |
// The argument can either be a KeyObjectHandle or a byte source |
||
532 |
// (e.g. ArrayBuffer, TypedArray, etc). Whichever it is, grab the |
||
533 |
// raw bytes and proceed... |
||
534 |
1394 |
const ByteSource key_buf = ByteSource::FromSecretKeyBytes(env, args[1]); |
|
535 |
|||
536 |
✗✓ | 1394 |
if (UNLIKELY(key_buf.size() > INT_MAX)) |
537 |
return THROW_ERR_OUT_OF_RANGE(env, "key is too big"); |
||
538 |
|||
539 |
ArrayBufferOrViewContents<unsigned char> iv_buf( |
||
540 |
✓✓ | 4176 |
!args[2]->IsNull() ? args[2] : Local<Value>()); |
541 |
|||
542 |
✗✓ | 1394 |
if (UNLIKELY(!iv_buf.CheckSizeInt32())) |
543 |
return THROW_ERR_OUT_OF_RANGE(env, "iv is too big"); |
||
544 |
|||
545 |
// Don't assign to cipher->auth_tag_len_ directly; the value might not |
||
546 |
// represent a valid length at this point. |
||
547 |
unsigned int auth_tag_len; |
||
548 |
✓✓ | 1394 |
if (args[3]->IsUint32()) { |
549 |
932 |
auth_tag_len = args[3].As<Uint32>()->Value(); |
|
550 |
} else { |
||
551 |
✓✗✗✓ ✗✓ |
2784 |
CHECK(args[3]->IsInt32() && args[3].As<Int32>()->Value() == -1); |
552 |
928 |
auth_tag_len = kNoAuthTagLength; |
|
553 |
} |
||
554 |
|||
555 |
1394 |
cipher->InitIv(*cipher_type, key_buf, iv_buf, auth_tag_len); |
|
556 |
} |
||
557 |
|||
558 |
679 |
bool CipherBase::InitAuthenticated( |
|
559 |
const char* cipher_type, |
||
560 |
int iv_len, |
||
561 |
unsigned int auth_tag_len) { |
||
562 |
✗✓ | 679 |
CHECK(IsAuthenticatedMode()); |
563 |
1358 |
MarkPopErrorOnReturn mark_pop_error_on_return; |
|
564 |
|||
565 |
✗✓ | 679 |
if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), |
566 |
EVP_CTRL_AEAD_SET_IVLEN, |
||
567 |
iv_len, |
||
568 |
nullptr)) { |
||
569 |
THROW_ERR_CRYPTO_INVALID_IV(env()); |
||
570 |
return false; |
||
571 |
} |
||
572 |
|||
573 |
679 |
const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); |
|
574 |
✓✓ | 679 |
if (mode == EVP_CIPH_GCM_MODE) { |
575 |
✓✓ | 184 |
if (auth_tag_len != kNoAuthTagLength) { |
576 |
✓✓ | 24 |
if (!IsValidGCMTagLength(auth_tag_len)) { |
577 |
16 |
THROW_ERR_CRYPTO_INVALID_AUTH_TAG( |
|
578 |
env(), |
||
579 |
"Invalid authentication tag length: %u", |
||
580 |
auth_tag_len); |
||
581 |
16 |
return false; |
|
582 |
} |
||
583 |
|||
584 |
// Remember the given authentication tag length for later. |
||
585 |
8 |
auth_tag_len_ = auth_tag_len; |
|
586 |
} |
||
587 |
} else { |
||
588 |
✓✓ | 495 |
if (auth_tag_len == kNoAuthTagLength) { |
589 |
// We treat ChaCha20-Poly1305 specially. Like GCM, the authentication tag |
||
590 |
// length defaults to 16 bytes when encrypting. Unlike GCM, the |
||
591 |
// authentication tag length also defaults to 16 bytes when decrypting, |
||
592 |
// whereas GCM would accept any valid authentication tag length. |
||
593 |
✓✓ | 18 |
if (EVP_CIPHER_CTX_nid(ctx_.get()) == NID_chacha20_poly1305) { |
594 |
10 |
auth_tag_len = 16; |
|
595 |
} else { |
||
596 |
8 |
THROW_ERR_CRYPTO_INVALID_AUTH_TAG( |
|
597 |
env(), "authTagLength required for %s", cipher_type); |
||
598 |
8 |
return false; |
|
599 |
} |
||
600 |
} |
||
601 |
|||
602 |
// TODO(tniessen) Support CCM decryption in FIPS mode |
||
603 |
|||
604 |
#if OPENSSL_VERSION_MAJOR >= 3 |
||
605 |
✓✓✓✓ ✗✓✗✓ |
541 |
if (mode == EVP_CIPH_CCM_MODE && kind_ == kDecipher && |
606 |
54 |
EVP_default_properties_is_fips_enabled(nullptr)) { |
|
607 |
#else |
||
608 |
if (mode == EVP_CIPH_CCM_MODE && kind_ == kDecipher && FIPS_mode()) { |
||
609 |
#endif |
||
610 |
THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION(env(), |
||
611 |
"CCM encryption not supported in FIPS mode"); |
||
612 |
return false; |
||
613 |
} |
||
614 |
|||
615 |
// Tell OpenSSL about the desired length. |
||
616 |
✓✓ | 487 |
if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_SET_TAG, auth_tag_len, |
617 |
nullptr)) { |
||
618 |
50 |
THROW_ERR_CRYPTO_INVALID_AUTH_TAG( |
|
619 |
env(), "Invalid authentication tag length: %u", auth_tag_len); |
||
620 |
50 |
return false; |
|
621 |
} |
||
622 |
|||
623 |
// Remember the given authentication tag length for later. |
||
624 |
437 |
auth_tag_len_ = auth_tag_len; |
|
625 |
|||
626 |
✓✓ | 437 |
if (mode == EVP_CIPH_CCM_MODE) { |
627 |
// Restrict the message length to min(INT_MAX, 2^(8*(15-iv_len))-1) bytes. |
||
628 |
✓✗✗✓ |
90 |
CHECK(iv_len >= 7 && iv_len <= 13); |
629 |
90 |
max_message_size_ = INT_MAX; |
|
630 |
✓✓ | 90 |
if (iv_len == 12) max_message_size_ = 16777215; |
631 |
✓✓ | 90 |
if (iv_len == 13) max_message_size_ = 65535; |
632 |
} |
||
633 |
} |
||
634 |
|||
635 |
605 |
return true; |
|
636 |
} |
||
637 |
|||
638 |
127 |
bool CipherBase::CheckCCMMessageLength(int message_len) { |
|
639 |
✗✓ | 127 |
CHECK(ctx_); |
640 |
✗✓ | 127 |
CHECK(EVP_CIPHER_CTX_mode(ctx_.get()) == EVP_CIPH_CCM_MODE); |
641 |
|||
642 |
✓✓ | 127 |
if (message_len > max_message_size_) { |
643 |
4 |
THROW_ERR_CRYPTO_INVALID_MESSAGELEN(env()); |
|
644 |
4 |
return false; |
|
645 |
} |
||
646 |
|||
647 |
123 |
return true; |
|
648 |
} |
||
649 |
|||
650 |
1986 |
bool CipherBase::IsAuthenticatedMode() const { |
|
651 |
// Check if this cipher operates in an AEAD mode that we support. |
||
652 |
✗✓ | 1986 |
CHECK(ctx_); |
653 |
1986 |
return IsSupportedAuthenticatedMode(ctx_.get()); |
|
654 |
} |
||
655 |
|||
656 |
164 |
void CipherBase::GetAuthTag(const FunctionCallbackInfo<Value>& args) { |
|
657 |
164 |
Environment* env = Environment::GetCurrent(args); |
|
658 |
CipherBase* cipher; |
||
659 |
✗✓ | 224 |
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder()); |
660 |
|||
661 |
// Only callable after Final and if encrypting. |
||
662 |
433 |
if (cipher->ctx_ || |
|
663 |
✓✓✓✗ ✓✓ |
269 |
cipher->kind_ != kCipher || |
664 |
✓✓ | 105 |
cipher->auth_tag_len_ == kNoAuthTagLength) { |
665 |
60 |
return; |
|
666 |
} |
||
667 |
|||
668 |
104 |
args.GetReturnValue().Set( |
|
669 |
208 |
Buffer::Copy(env, cipher->auth_tag_, cipher->auth_tag_len_) |
|
670 |
.FromMaybe(Local<Value>())); |
||
671 |
} |
||
672 |
|||
673 |
357 |
void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) { |
|
674 |
CipherBase* cipher; |
||
675 |
✗✓ | 610 |
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder()); |
676 |
357 |
Environment* env = Environment::GetCurrent(args); |
|
677 |
|||
678 |
357 |
if (!cipher->ctx_ || |
|
679 |
✓✗ | 356 |
!cipher->IsAuthenticatedMode() || |
680 |
✓✓✓✗ ✓✓ |
1069 |
cipher->kind_ != kDecipher || |
681 |
✓✓ | 356 |
cipher->auth_tag_state_ != kAuthTagUnknown) { |
682 |
✗✓ | 8 |
return args.GetReturnValue().Set(false); |
683 |
} |
||
684 |
|||
685 |
353 |
ArrayBufferOrViewContents<char> auth_tag(args[0]); |
|
686 |
✗✓ | 353 |
if (UNLIKELY(!auth_tag.CheckSizeInt32())) |
687 |
return THROW_ERR_OUT_OF_RANGE(env, "buffer is too big"); |
||
688 |
|||
689 |
353 |
unsigned int tag_len = auth_tag.size(); |
|
690 |
|||
691 |
353 |
const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_.get()); |
|
692 |
bool is_valid; |
||
693 |
✓✓ | 353 |
if (mode == EVP_CIPH_GCM_MODE) { |
694 |
// Restrict GCM tag lengths according to NIST 800-38d, page 9. |
||
695 |
43 |
is_valid = (cipher->auth_tag_len_ == kNoAuthTagLength || |
|
696 |
✓✓✓✓ ✓✓ |
85 |
cipher->auth_tag_len_ == tag_len) && |
697 |
42 |
IsValidGCMTagLength(tag_len); |
|
698 |
} else { |
||
699 |
// At this point, the tag length is already known and must match the |
||
700 |
// length of the given authentication tag. |
||
701 |
✗✓ | 310 |
CHECK(IsSupportedAuthenticatedMode(cipher->ctx_.get())); |
702 |
✗✓ | 310 |
CHECK_NE(cipher->auth_tag_len_, kNoAuthTagLength); |
703 |
310 |
is_valid = cipher->auth_tag_len_ == tag_len; |
|
704 |
} |
||
705 |
|||
706 |
✓✓ | 353 |
if (!is_valid) { |
707 |
249 |
return THROW_ERR_CRYPTO_INVALID_AUTH_TAG( |
|
708 |
249 |
env, "Invalid authentication tag length: %u", tag_len); |
|
709 |
} |
||
710 |
|||
711 |
104 |
cipher->auth_tag_len_ = tag_len; |
|
712 |
104 |
cipher->auth_tag_state_ = kAuthTagKnown; |
|
713 |
✗✓ | 104 |
CHECK_LE(cipher->auth_tag_len_, sizeof(cipher->auth_tag_)); |
714 |
|||
715 |
104 |
memset(cipher->auth_tag_, 0, sizeof(cipher->auth_tag_)); |
|
716 |
104 |
auth_tag.CopyTo(cipher->auth_tag_, cipher->auth_tag_len_); |
|
717 |
|||
718 |
✓✗ | 208 |
args.GetReturnValue().Set(true); |
719 |
} |
||
720 |
|||
721 |
474 |
bool CipherBase::MaybePassAuthTagToOpenSSL() { |
|
722 |
✓✓ | 474 |
if (auth_tag_state_ == kAuthTagKnown) { |
723 |
✗✓ | 103 |
if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), |
724 |
EVP_CTRL_AEAD_SET_TAG, |
||
725 |
103 |
auth_tag_len_, |
|
726 |
103 |
reinterpret_cast<unsigned char*>(auth_tag_))) { |
|
727 |
return false; |
||
728 |
} |
||
729 |
103 |
auth_tag_state_ = kAuthTagPassedToOpenSSL; |
|
730 |
} |
||
731 |
474 |
return true; |
|
732 |
} |
||
733 |
|||
734 |
124 |
bool CipherBase::SetAAD( |
|
735 |
const ArrayBufferOrViewContents<unsigned char>& data, |
||
736 |
int plaintext_len) { |
||
737 |
✓✓✗✓ ✓✓ |
124 |
if (!ctx_ || !IsAuthenticatedMode()) |
738 |
2 |
return false; |
|
739 |
244 |
MarkPopErrorOnReturn mark_pop_error_on_return; |
|
740 |
|||
741 |
int outlen; |
||
742 |
122 |
const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); |
|
743 |
|||
744 |
// When in CCM mode, we need to set the authentication tag and the plaintext |
||
745 |
// length in advance. |
||
746 |
✓✓ | 122 |
if (mode == EVP_CIPH_CCM_MODE) { |
747 |
✓✓ | 55 |
if (plaintext_len < 0) { |
748 |
2 |
THROW_ERR_MISSING_ARGS(env(), |
|
749 |
"options.plaintextLength required for CCM mode with AAD"); |
||
750 |
2 |
return false; |
|
751 |
} |
||
752 |
|||
753 |
✓✓ | 53 |
if (!CheckCCMMessageLength(plaintext_len)) |
754 |
2 |
return false; |
|
755 |
|||
756 |
✓✓ | 51 |
if (kind_ == kDecipher) { |
757 |
✗✓ | 26 |
if (!MaybePassAuthTagToOpenSSL()) |
758 |
return false; |
||
759 |
} |
||
760 |
|||
761 |
// Specify the plaintext length. |
||
762 |
✗✓ | 51 |
if (!EVP_CipherUpdate(ctx_.get(), nullptr, &outlen, nullptr, plaintext_len)) |
763 |
return false; |
||
764 |
} |
||
765 |
|||
766 |
118 |
return 1 == EVP_CipherUpdate(ctx_.get(), |
|
767 |
nullptr, |
||
768 |
&outlen, |
||
769 |
data.data(), |
||
770 |
236 |
data.size()); |
|
771 |
} |
||
772 |
|||
773 |
124 |
void CipherBase::SetAAD(const FunctionCallbackInfo<Value>& args) { |
|
774 |
CipherBase* cipher; |
||
775 |
✗✓ | 124 |
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder()); |
776 |
124 |
Environment* env = Environment::GetCurrent(args); |
|
777 |
|||
778 |
✗✓ | 124 |
CHECK_EQ(args.Length(), 2); |
779 |
✗✓ | 124 |
CHECK(args[1]->IsInt32()); |
780 |
✓✗ | 248 |
int plaintext_len = args[1].As<Int32>()->Value(); |
781 |
124 |
ArrayBufferOrViewContents<unsigned char> buf(args[0]); |
|
782 |
|||
783 |
✗✓ | 124 |
if (UNLIKELY(!buf.CheckSizeInt32())) |
784 |
return THROW_ERR_OUT_OF_RANGE(env, "buffer is too big"); |
||
785 |
✓✓ | 248 |
args.GetReturnValue().Set(cipher->SetAAD(buf, plaintext_len)); |
786 |
} |
||
787 |
|||
788 |
606 |
CipherBase::UpdateResult CipherBase::Update( |
|
789 |
const char* data, |
||
790 |
size_t len, |
||
791 |
std::unique_ptr<BackingStore>* out) { |
||
792 |
✓✗✗✓ ✗✓ |
606 |
if (!ctx_ || len > INT_MAX) |
793 |
return kErrorState; |
||
794 |
1212 |
MarkPopErrorOnReturn mark_pop_error_on_return; |
|
795 |
|||
796 |
606 |
const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); |
|
797 |
|||
798 |
✓✓✓✓ ✓✓ |
606 |
if (mode == EVP_CIPH_CCM_MODE && !CheckCCMMessageLength(len)) |
799 |
2 |
return kErrorMessageSize; |
|
800 |
|||
801 |
// Pass the authentication tag to OpenSSL if possible. This will only happen |
||
802 |
// once, usually on the first update. |
||
803 |
✓✓✓✓ ✓✓ |
604 |
if (kind_ == kDecipher && IsAuthenticatedMode()) |
804 |
✗✓ | 344 |
CHECK(MaybePassAuthTagToOpenSSL()); |
805 |
|||
806 |
604 |
int buf_len = len + EVP_CIPHER_CTX_block_size(ctx_.get()); |
|
807 |
// For key wrapping algorithms, get output size by calling |
||
808 |
// EVP_CipherUpdate() with null output. |
||
809 |
✓✓✓✓ ✗✓✗✓ |
613 |
if (kind_ == kCipher && mode == EVP_CIPH_WRAP_MODE && |
810 |
9 |
EVP_CipherUpdate(ctx_.get(), |
|
811 |
nullptr, |
||
812 |
&buf_len, |
||
813 |
reinterpret_cast<const unsigned char*>(data), |
||
814 |
len) != 1) { |
||
815 |
return kErrorState; |
||
816 |
} |
||
817 |
|||
818 |
{ |
||
819 |
604 |
NoArrayBufferZeroFillScope no_zero_fill_scope(env()->isolate_data()); |
|
820 |
604 |
*out = ArrayBuffer::NewBackingStore(env()->isolate(), buf_len); |
|
821 |
} |
||
822 |
|||
823 |
604 |
int r = EVP_CipherUpdate(ctx_.get(), |
|
824 |
604 |
static_cast<unsigned char*>((*out)->Data()), |
|
825 |
&buf_len, |
||
826 |
reinterpret_cast<const unsigned char*>(data), |
||
827 |
len); |
||
828 |
|||
829 |
✗✓ | 604 |
CHECK_LE(static_cast<size_t>(buf_len), (*out)->ByteLength()); |
830 |
✓✓ | 604 |
if (buf_len == 0) |
831 |
67 |
*out = ArrayBuffer::NewBackingStore(env()->isolate(), 0); |
|
832 |
else |
||
833 |
537 |
*out = BackingStore::Reallocate(env()->isolate(), std::move(*out), buf_len); |
|
834 |
|||
835 |
// When in CCM mode, EVP_CipherUpdate will fail if the authentication tag is |
||
836 |
// invalid. In that case, remember the error and throw in final(). |
||
837 |
✓✓✓✗ ✓✗ |
604 |
if (!r && kind_ == kDecipher && mode == EVP_CIPH_CCM_MODE) { |
838 |
5 |
pending_auth_failed_ = true; |
|
839 |
5 |
return kSuccess; |
|
840 |
} |
||
841 |
✓✗ | 599 |
return r == 1 ? kSuccess : kErrorState; |
842 |
} |
||
843 |
|||
844 |
606 |
void CipherBase::Update(const FunctionCallbackInfo<Value>& args) { |
|
845 |
606 |
Decode<CipherBase>(args, [](CipherBase* cipher, |
|
846 |
const FunctionCallbackInfo<Value>& args, |
||
847 |
606 |
const char* data, size_t size) { |
|
848 |
606 |
std::unique_ptr<BackingStore> out; |
|
849 |
606 |
Environment* env = Environment::GetCurrent(args); |
|
850 |
|||
851 |
✗✓ | 606 |
if (UNLIKELY(size > INT_MAX)) |
852 |
return THROW_ERR_OUT_OF_RANGE(env, "data is too long"); |
||
853 |
|||
854 |
606 |
UpdateResult r = cipher->Update(data, size, &out); |
|
855 |
|||
856 |
✓✓ | 606 |
if (r != kSuccess) { |
857 |
✗✓ | 2 |
if (r == kErrorState) { |
858 |
ThrowCryptoError(env, ERR_get_error(), |
||
859 |
"Trying to add data in unsupported state"); |
||
860 |
} |
||
861 |
2 |
return; |
|
862 |
} |
||
863 |
|||
864 |
604 |
Local<ArrayBuffer> ab = ArrayBuffer::New(env->isolate(), std::move(out)); |
|
865 |
1208 |
args.GetReturnValue().Set( |
|
866 |
1208 |
Buffer::New(env, ab, 0, ab->ByteLength()).FromMaybe(Local<Value>())); |
|
867 |
}); |
||
868 |
606 |
} |
|
869 |
|||
870 |
18 |
bool CipherBase::SetAutoPadding(bool auto_padding) { |
|
871 |
✓✓ | 18 |
if (!ctx_) |
872 |
1 |
return false; |
|
873 |
17 |
MarkPopErrorOnReturn mark_pop_error_on_return; |
|
874 |
17 |
return EVP_CIPHER_CTX_set_padding(ctx_.get(), auto_padding); |
|
875 |
} |
||
876 |
|||
877 |
18 |
void CipherBase::SetAutoPadding(const FunctionCallbackInfo<Value>& args) { |
|
878 |
CipherBase* cipher; |
||
879 |
✗✓ | 18 |
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder()); |
880 |
|||
881 |
✓✗✓✓ |
36 |
bool b = cipher->SetAutoPadding(args.Length() < 1 || args[0]->IsTrue()); |
882 |
✓✓ | 36 |
args.GetReturnValue().Set(b); // Possibly report invalid state failure |
883 |
} |
||
884 |
|||
885 |
292 |
bool CipherBase::Final(std::unique_ptr<BackingStore>* out) { |
|
886 |
✗✓ | 292 |
if (!ctx_) |
887 |
return false; |
||
888 |
|||
889 |
292 |
const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); |
|
890 |
|||
891 |
{ |
||
892 |
292 |
NoArrayBufferZeroFillScope no_zero_fill_scope(env()->isolate_data()); |
|
893 |
584 |
*out = ArrayBuffer::NewBackingStore(env()->isolate(), |
|
894 |
584 |
static_cast<size_t>(EVP_CIPHER_CTX_block_size(ctx_.get()))); |
|
895 |
} |
||
896 |
|||
897 |
✓✓✓✓ ✓✓ |
292 |
if (kind_ == kDecipher && IsSupportedAuthenticatedMode(ctx_.get())) |
898 |
104 |
MaybePassAuthTagToOpenSSL(); |
|
899 |
|||
900 |
// In CCM mode, final() only checks whether authentication failed in update(). |
||
901 |
// EVP_CipherFinal_ex must not be called and will fail. |
||
902 |
bool ok; |
||
903 |
✓✓✓✓ |
292 |
if (kind_ == kDecipher && mode == EVP_CIPH_CCM_MODE) { |
904 |
29 |
ok = !pending_auth_failed_; |
|
905 |
29 |
*out = ArrayBuffer::NewBackingStore(env()->isolate(), 0); |
|
906 |
} else { |
||
907 |
263 |
int out_len = (*out)->ByteLength(); |
|
908 |
263 |
ok = EVP_CipherFinal_ex(ctx_.get(), |
|
909 |
263 |
static_cast<unsigned char*>((*out)->Data()), |
|
910 |
&out_len) == 1; |
||
911 |
|||
912 |
✗✓ | 263 |
CHECK_LE(static_cast<size_t>(out_len), (*out)->ByteLength()); |
913 |
✓✓ | 263 |
if (out_len > 0) { |
914 |
*out = |
||
915 |
73 |
BackingStore::Reallocate(env()->isolate(), std::move(*out), out_len); |
|
916 |
} else { |
||
917 |
190 |
*out = ArrayBuffer::NewBackingStore(env()->isolate(), 0); |
|
918 |
} |
||
919 |
|||
920 |
✓✓✓✓ ✓✓✓✓ |
263 |
if (ok && kind_ == kCipher && IsAuthenticatedMode()) { |
921 |
// In GCM mode, the authentication tag length can be specified in advance, |
||
922 |
// but defaults to 16 bytes when encrypting. In CCM and OCB mode, it must |
||
923 |
// always be given by the user. |
||
924 |
✓✓ | 104 |
if (auth_tag_len_ == kNoAuthTagLength) { |
925 |
✗✓ | 30 |
CHECK(mode == EVP_CIPH_GCM_MODE); |
926 |
30 |
auth_tag_len_ = sizeof(auth_tag_); |
|
927 |
} |
||
928 |
104 |
ok = (1 == EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_GET_TAG, |
|
929 |
104 |
auth_tag_len_, |
|
930 |
104 |
reinterpret_cast<unsigned char*>(auth_tag_))); |
|
931 |
} |
||
932 |
} |
||
933 |
|||
934 |
292 |
ctx_.reset(); |
|
935 |
|||
936 |
292 |
return ok; |
|
937 |
} |
||
938 |
|||
939 |
296 |
void CipherBase::Final(const FunctionCallbackInfo<Value>& args) { |
|
940 |
296 |
Environment* env = Environment::GetCurrent(args); |
|
941 |
|||
942 |
CipherBase* cipher; |
||
943 |
✗✓ | 317 |
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder()); |
944 |
✓✓ | 296 |
if (cipher->ctx_ == nullptr) |
945 |
4 |
return THROW_ERR_CRYPTO_INVALID_STATE(env); |
|
946 |
|||
947 |
292 |
std::unique_ptr<BackingStore> out; |
|
948 |
|||
949 |
// Check IsAuthenticatedMode() first, Final() destroys the EVP_CIPHER_CTX. |
||
950 |
292 |
const bool is_auth_mode = cipher->IsAuthenticatedMode(); |
|
951 |
292 |
bool r = cipher->Final(&out); |
|
952 |
|||
953 |
✓✓ | 292 |
if (!r) { |
954 |
17 |
const char* msg = is_auth_mode |
|
955 |
✓✓ | 17 |
? "Unsupported state or unable to authenticate data" |
956 |
: "Unsupported state"; |
||
957 |
|||
958 |
17 |
return ThrowCryptoError(env, ERR_get_error(), msg); |
|
959 |
} |
||
960 |
|||
961 |
275 |
Local<ArrayBuffer> ab = ArrayBuffer::New(env->isolate(), std::move(out)); |
|
962 |
550 |
args.GetReturnValue().Set( |
|
963 |
550 |
Buffer::New(env, ab, 0, ab->ByteLength()).FromMaybe(Local<Value>())); |
|
964 |
} |
||
965 |
|||
966 |
template <PublicKeyCipher::Operation operation, |
||
967 |
PublicKeyCipher::EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init, |
||
968 |
PublicKeyCipher::EVP_PKEY_cipher_t EVP_PKEY_cipher> |
||
969 |
312 |
bool PublicKeyCipher::Cipher( |
|
970 |
Environment* env, |
||
971 |
const ManagedEVPPKey& pkey, |
||
972 |
int padding, |
||
973 |
const EVP_MD* digest, |
||
974 |
const ArrayBufferOrViewContents<unsigned char>& oaep_label, |
||
975 |
const ArrayBufferOrViewContents<unsigned char>& data, |
||
976 |
std::unique_ptr<BackingStore>* out) { |
||
977 |
624 |
EVPKeyCtxPointer ctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); |
|
978 |
✗✓ | 312 |
if (!ctx) |
979 |
return false; |
||
980 |
✓✓ | 312 |
if (EVP_PKEY_cipher_init(ctx.get()) <= 0) |
981 |
2 |
return false; |
|
982 |
✗✓ | 310 |
if (EVP_PKEY_CTX_set_rsa_padding(ctx.get(), padding) <= 0) |
983 |
return false; |
||
984 |
|||
985 |
✓✓ | 310 |
if (digest != nullptr) { |
986 |
✗✓ | 42 |
if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), digest) <= 0) |
987 |
return false; |
||
988 |
} |
||
989 |
|||
990 |
✓✓ | 310 |
if (oaep_label.size() != 0) { |
991 |
// OpenSSL takes ownership of the label, so we need to create a copy. |
||
992 |
8 |
void* label = OPENSSL_memdup(oaep_label.data(), oaep_label.size()); |
|
993 |
✗✓ | 8 |
CHECK_NOT_NULL(label); |
994 |
✗✓ | 8 |
if (0 >= EVP_PKEY_CTX_set0_rsa_oaep_label(ctx.get(), |
995 |
static_cast<unsigned char*>(label), |
||
996 |
8 |
oaep_label.size())) { |
|
997 |
OPENSSL_free(label); |
||
998 |
return false; |
||
999 |
} |
||
1000 |
} |
||
1001 |
|||
1002 |
310 |
size_t out_len = 0; |
|
1003 |
310 |
if (EVP_PKEY_cipher( |
|
1004 |
ctx.get(), |
||
1005 |
nullptr, |
||
1006 |
&out_len, |
||
1007 |
data.data(), |
||
1008 |
✗✓ | 310 |
data.size()) <= 0) { |
1009 |
return false; |
||
1010 |
} |
||
1011 |
|||
1012 |
{ |
||
1013 |
310 |
NoArrayBufferZeroFillScope no_zero_fill_scope(env->isolate_data()); |
|
1014 |
310 |
*out = ArrayBuffer::NewBackingStore(env->isolate(), out_len); |
|
1015 |
} |
||
1016 |
|||
1017 |
620 |
if (EVP_PKEY_cipher( |
|
1018 |
ctx.get(), |
||
1019 |
310 |
static_cast<unsigned char*>((*out)->Data()), |
|
1020 |
&out_len, |
||
1021 |
data.data(), |
||
1022 |
✓✓ | 310 |
data.size()) <= 0) { |
1023 |
2 |
return false; |
|
1024 |
} |
||
1025 |
|||
1026 |
✗✓ | 308 |
CHECK_LE(out_len, (*out)->ByteLength()); |
1027 |
✓✗ | 308 |
if (out_len > 0) |
1028 |
308 |
*out = BackingStore::Reallocate(env->isolate(), std::move(*out), out_len); |
|
1029 |
else |
||
1030 |
*out = ArrayBuffer::NewBackingStore(env->isolate(), 0); |
||
1031 |
|||
1032 |
308 |
return true; |
|
1033 |
} |
||
1034 |
|||
1035 |
template <PublicKeyCipher::Operation operation, |
||
1036 |
PublicKeyCipher::EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init, |
||
1037 |
PublicKeyCipher::EVP_PKEY_cipher_t EVP_PKEY_cipher> |
||
1038 |
162 |
void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) { |
|
1039 |
162 |
MarkPopErrorOnReturn mark_pop_error_on_return; |
|
1040 |
162 |
Environment* env = Environment::GetCurrent(args); |
|
1041 |
|||
1042 |
162 |
unsigned int offset = 0; |
|
1043 |
162 |
ManagedEVPPKey pkey = |
|
1044 |
ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(args, &offset); |
||
1045 |
162 |
if (!pkey) |
|
1046 |
4 |
return; |
|
1047 |
|||
1048 |
316 |
ArrayBufferOrViewContents<unsigned char> buf(args[offset]); |
|
1049 |
158 |
if (UNLIKELY(!buf.CheckSizeInt32())) |
|
1050 |
return THROW_ERR_OUT_OF_RANGE(env, "buffer is too long"); |
||
1051 |
|||
1052 |
uint32_t padding; |
||
1053 |
474 |
if (!args[offset + 1]->Uint32Value(env->context()).To(&padding)) return; |
|
1054 |
|||
1055 |
158 |
const EVP_MD* digest = nullptr; |
|
1056 |
474 |
if (args[offset + 2]->IsString()) { |
|
1057 |
46 |
const Utf8Value oaep_str(env->isolate(), args[offset + 2]); |
|
1058 |
23 |
digest = EVP_get_digestbyname(*oaep_str); |
|
1059 |
23 |
if (digest == nullptr) |
|
1060 |
2 |
return THROW_ERR_OSSL_EVP_INVALID_DIGEST(env); |
|
1061 |
} |
||
1062 |
|||
1063 |
156 |
ArrayBufferOrViewContents<unsigned char> oaep_label( |
|
1064 |
468 |
!args[offset + 3]->IsUndefined() ? args[offset + 3] : Local<Value>()); |
|
1065 |
156 |
if (UNLIKELY(!oaep_label.CheckSizeInt32())) |
|
1066 |
return THROW_ERR_OUT_OF_RANGE(env, "oaepLabel is too big"); |
||
1067 |
|||
1068 |
156 |
std::unique_ptr<BackingStore> out; |
|
1069 |
156 |
if (!Cipher<operation, EVP_PKEY_cipher_init, EVP_PKEY_cipher>( |
|
1070 |
env, pkey, padding, digest, oaep_label, buf, &out)) { |
||
1071 |
2 |
return ThrowCryptoError(env, ERR_get_error()); |
|
1072 |
} |
||
1073 |
|||
1074 |
154 |
Local<ArrayBuffer> ab = ArrayBuffer::New(env->isolate(), std::move(out)); |
|
1075 |
308 |
args.GetReturnValue().Set( |
|
1076 |
308 |
Buffer::New(env, ab, 0, ab->ByteLength()).FromMaybe(Local<Value>())); |
|
1077 |
} |
||
1078 |
|||
1079 |
} // namespace crypto |
||
1080 |
} // namespace node |
| Generated by: GCOVR (Version 4.2) |