block-cipher.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2022 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #include "ndn-cxx/security/transform/block-cipher.hpp"
23 
24 #include <openssl/bio.h>
25 #include <openssl/evp.h>
26 
27 #include <boost/lexical_cast.hpp>
28 
29 namespace ndn {
30 namespace security {
31 namespace transform {
32 
33 class BlockCipher::Impl : boost::noncopyable
34 {
35 public:
36  Impl() noexcept
37  : m_cipher(BIO_new(BIO_f_cipher()))
38  , m_sink(BIO_new(BIO_s_mem()))
39  {
40  BIO_push(m_cipher, m_sink);
41  }
42 
43  ~Impl()
44  {
45  BIO_free_all(m_cipher);
46  }
47 
48 public:
49  BIO* m_cipher;
50  BIO* m_sink; // BIO_f_cipher alone does not work without a sink
51 };
52 
53 
54 BlockCipher::BlockCipher(BlockCipherAlgorithm algo, CipherOperator op,
55  span<const uint8_t> key, span<const uint8_t> iv)
56  : m_impl(make_unique<Impl>())
57 {
58  switch (algo) {
59  case BlockCipherAlgorithm::AES_CBC:
60  initializeAesCbc(key, iv, op);
61  break;
62  default:
63  NDN_THROW(Error(getIndex(), "Unsupported block cipher algorithm " +
64  boost::lexical_cast<std::string>(algo)));
65  }
66 }
67 
68 BlockCipher::~BlockCipher() = default;
69 
70 void
71 BlockCipher::preTransform()
72 {
73  fillOutputBuffer();
74 }
75 
76 size_t
77 BlockCipher::convert(span<const uint8_t> data)
78 {
79  if (data.empty())
80  return 0;
81 
82  int wLen = BIO_write(m_impl->m_cipher, data.data(), data.size());
83 
84  if (wLen <= 0) { // failed to write data
85  if (!BIO_should_retry(m_impl->m_cipher)) {
86  // we haven't written everything but some error happens, and we cannot retry
87  NDN_THROW(Error(getIndex(), "Failed to accept more input"));
88  }
89  return 0;
90  }
91  else { // update number of bytes written
92  fillOutputBuffer();
93  return static_cast<size_t>(wLen);
94  }
95 }
96 
97 void
98 BlockCipher::finalize()
99 {
100  if (BIO_flush(m_impl->m_cipher) != 1)
101  NDN_THROW(Error(getIndex(), "Failed to flush"));
102 
103  while (!isConverterEmpty()) {
104  fillOutputBuffer();
105  while (!isOutputBufferEmpty()) {
106  flushOutputBuffer();
107  }
108  }
109 }
110 
111 void
112 BlockCipher::fillOutputBuffer()
113 {
114  int nPending = BIO_pending(m_impl->m_sink);
115  if (nPending <= 0)
116  return;
117 
118  // there is something to read from BIO
119  auto buffer = make_unique<OBuffer>(nPending);
120  int nRead = BIO_read(m_impl->m_sink, buffer->data(), nPending);
121  if (nRead < 0)
122  return;
123 
124  buffer->erase(buffer->begin() + nRead, buffer->end());
125  setOutputBuffer(std::move(buffer));
126 }
127 
128 bool
129 BlockCipher::isConverterEmpty() const
130 {
131  return BIO_pending(m_impl->m_sink) <= 0;
132 }
133 
134 void
135 BlockCipher::initializeAesCbc(span<const uint8_t> key, span<const uint8_t> iv, CipherOperator op)
136 {
137  const EVP_CIPHER* cipherType = nullptr;
138  switch (key.size()) {
139  case 16:
140  cipherType = EVP_aes_128_cbc();
141  break;
142  case 24:
143  cipherType = EVP_aes_192_cbc();
144  break;
145  case 32:
146  cipherType = EVP_aes_256_cbc();
147  break;
148  default:
149  NDN_THROW(Error(getIndex(), "Unsupported key length " + to_string(key.size())));
150  }
151 
152  auto requiredIvLen = static_cast<size_t>(EVP_CIPHER_iv_length(cipherType));
153  if (iv.size() != requiredIvLen)
154  NDN_THROW(Error(getIndex(), "IV length must be " + to_string(requiredIvLen)));
155 
156  BIO_set_cipher(m_impl->m_cipher, cipherType, key.data(), iv.data(),
157  op == CipherOperator::ENCRYPT ? 1 : 0);
158 }
159 
160 unique_ptr<Transform>
161 blockCipher(BlockCipherAlgorithm algo, CipherOperator op,
162  span<const uint8_t> key, span<const uint8_t> iv)
163 {
164  return make_unique<BlockCipher>(algo, op, key, iv);
165 }
166 
167 } // namespace transform
168 } // namespace security
169 } // namespace ndn
ndn::security::transform::BlockCipher::BlockCipher
BlockCipher(BlockCipherAlgorithm algo, CipherOperator op, span< const uint8_t > key, span< const uint8_t > iv)
Create a block cipher.
Definition: block-cipher.cpp:54
ndn::security::transform::Downstream::getIndex
size_t getIndex() const
Get the module index.
Definition: transform-base.hpp:127
ndn::security::transform::Error
Base class of transformation error.
Definition: transform-base.hpp:50
ndn::security::transform::Transform::setOutputBuffer
void setOutputBuffer(unique_ptr< OBuffer > buffer)
Set output buffer to buffer.
Definition: transform-base.cpp:86
ndn::security::transform::Transform::isOutputBufferEmpty
bool isOutputBufferEmpty() const
Check if output buffer is empty.
Definition: transform-base.cpp:94
ndn::security::transform::Transform::flushOutputBuffer
void flushOutputBuffer()
Read the content from output buffer and write it into next module.
Definition: transform-base.cpp:68
NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:61
ndn::exception::to_string
std::string to_string(const errinfo_stacktrace &x)
Definition: exception.cpp:31
ndn::security::transform::blockCipher
unique_ptr< Transform > blockCipher(BlockCipherAlgorithm algo, CipherOperator op, span< const uint8_t > key, span< const uint8_t > iv)
Definition: block-cipher.cpp:161
ndn
Definition: data.cpp:25
ndn::BlockCipherAlgorithm
BlockCipherAlgorithm
Definition: security-common.hpp:123