Backend cryptography implementation. More...

#include <BPSecLib_Private.h>
#include <CryptoInterface.h>
#include <m-dict.h>
#include <openssl/err.h>
#include <openssl/rand.h>

Include dependency graph for CryptoInterface.c:

Go to the source code of this file.

Data Structures
struct	BSLB_CryptoKey_s
	Struct to hold private key information. More...

Typedefs
typedef struct BSLB_CryptoKey_s	BSLB_CryptoKey_t
	Struct to hold private key information.

Functions
static int	BSLB_CryptoKey_Deinit (BSLB_CryptoKey_t *key)

void	BSL_CryptoInit (void)
	Initialize the crypto subsystem.

void	BSL_CryptoDeinit (void)
	Deinitialize the crypto subsystem.

int	BSL_Crypto_UnwrapKey (BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_key_plaintext, size_t key_id, size_t aes_variant)

int	BSL_Crypto_WrapKey (BSL_Data_t *wrapped_key, BSL_Data_t cek, size_t content_key_id, size_t aes_variant)

int	BSL_AuthCtx_Init (BSL_AuthCtx_t *hmac_ctx, uint64_t keyid, BSL_CryptoCipherSHAVariant_e sha_var)
	Initialize HMAC context resources and set private key and SHA variant.

int	BSL_AuthCtx_DigestBuffer (BSL_AuthCtx_t hmac_ctx, const void data, size_t data_len)
	Input data to HMAC sign to context.

int	BSL_AuthCtx_DigestSeq (BSL_AuthCtx_t hmac_ctx, BSL_SeqReader_t reader)
	Input data to HMAC sign to context.

int	BSL_AuthCtx_Finalize (BSL_AuthCtx_t hmac_ctx, void hmac, size_t hmac_len)
	Finalize HMAC tag.

int	BSL_AuthCtx_Deinit (BSL_AuthCtx_t *hmac_ctx)
	Deinitialize HMAC context resources.

int	BSL_Cipher_Init (BSL_Cipher_t cipher_ctx, BSL_CipherMode_e enc, BSL_CryptoCipherAESVariant_e aes_var, const void init_vec, int iv_len, BSL_Data_t content_enc_key)
	Initialize crypto context resources and set as encoding or decoding.

int	BSL_Cipher_AddAAD (BSL_Cipher_t cipher_ctx, const void aad, int aad_len)
	Add additional authenticated data (AAD) to cipher context.

int	BSL_Cipher_AddData (BSL_Cipher_t *cipher_ctx, BSL_Data_t plaintext, BSL_Data_t ciphertext)

int	BSL_Cipher_AddSeq (BSL_Cipher_t cipher_ctx, BSL_SeqReader_t reader, BSL_SeqWriter_t *writer)
	Add data to encrypt or decrypt to the context sequentially.

int	BSL_Cipher_GetTag (BSL_Cipher_t cipher_ctx, void *tag)
	Get the tag of the crypto operation.

int	BSL_Cipher_SetTag (BSL_Cipher_t cipher_ctx, const void tag)
	Set the tag of the crypto operation.

int	BSL_Cipher_FinalizeData (BSL_Cipher_t cipher_ctx, BSL_Data_t extra)

int	BSL_Cipher_FinalizeSeq (BSL_Cipher_t cipher_ctx, BSL_SeqWriter_t writer)
	Finalize crypto operation.

int	BSL_Cipher_Deinit (BSL_Cipher_t *cipher_ctx)
	De-initialize crypto context resources.

int	BSL_Crypto_GenKey (uint8_t *key_buffer, size_t key_length)

int	BSL_Crypto_GenIV (void *buf, int size)
	Generate initialization vector (IV) for AES-GCM for BCBs.

int	BSL_Crypto_AddRegistryKey (uint64_t keyid, const uint8_t *secret, size_t secret_len)
	Add a new key to the crypto key registry.

int	BSLB_Crypto_GetRegistryKey (uint64_t keyid, const uint8_t *secret, size_t secret_len)
	Get pointers to an existing key, if present.

Variables
static BSLB_CryptoKeyDict_t	StaticKeyRegistry
	Crypto key registry.

static pthread_mutex_t	StaticCryptoMutex = PTHREAD_MUTEX_INITIALIZER

Detailed Description

Backend cryptography implementation.

Definition in file CryptoInterface.c.

Function Documentation

◆ BSL_AuthCtx_Deinit()

int BSL_AuthCtx_Deinit ( BSL_AuthCtx_t * hmac_ctx )

Deinitialize HMAC context resources.

Parameters

[in,out] hmac_ctx pointer to hmac context struct to add data to

Returns: 0 if successful

Definition at line 250 of file CryptoInterface.c.

References BSL_AuthCtx_s::libhandle.

Referenced by BSLX_BIB_GenHMAC().

◆ BSL_AuthCtx_DigestBuffer()

int BSL_AuthCtx_DigestBuffer	(	BSL_AuthCtx_t *	hmac_ctx,
		const void *	data,
		size_t	data_len
	)

Input data to HMAC sign to context.

Parameters

[in,out]	hmac_ctx	pointer to hmac context struct to add data to
[in]	data	buffer containing data to sign
	data_len	length of incoming data buffer

Returns: 0 if successful

Definition at line 214 of file CryptoInterface.c.

References BSL_AuthCtx_s::libhandle.

Referenced by BSLX_BIB_GenHMAC().

◆ BSL_AuthCtx_DigestSeq()

int BSL_AuthCtx_DigestSeq	(	BSL_AuthCtx_t *	hmac_ctx,
		BSL_SeqReader_t *	reader
	)

Input data to HMAC sign to context.

Parameters

[in,out]	hmac_ctx	pointer to hmac context struct to add data to
[in]	reader	sequential reader over data to sign

Returns: 0 if successful

Definition at line 223 of file CryptoInterface.c.

References BSL_AuthCtx_s::block_size, BSL_SeqReader_Get(), and BSL_AuthCtx_s::libhandle.

◆ BSL_AuthCtx_Finalize()

int BSL_AuthCtx_Finalize	(	BSL_AuthCtx_t *	hmac_ctx,
		void **	hmac,
		size_t *	hmac_len
	)

Finalize HMAC tag.

Parameters

[in,out]	hmac_ctx	pointer to hmac context struct to add data to
[out]	hmac	ptr to hmac tag
[out]	hmac_len	ptr to tag length

Returns: 0 if successful

Definition at line 237 of file CryptoInterface.c.

References BSL_AuthCtx_s::libhandle.

Referenced by BSLX_BIB_GenHMAC().

◆ BSL_AuthCtx_Init()

int BSL_AuthCtx_Init	(	BSL_AuthCtx_t *	hmac_ctx,
		uint64_t	keyid,
		BSL_CryptoCipherSHAVariant_e	sha_var
	)

Initialize HMAC context resources and set private key and SHA variant.

Parameters

[in,out]	hmac_ctx	pointer to hmac context struct to init and set
	keyid	ID of private key to use
[in]	sha_var	SHA variant, see RFC9173 [2]

Returns: 0 if successful

Definition at line 169 of file CryptoInterface.c.

References BSL_AuthCtx_s::block_size, BSL_ERR_FAILURE, BSL_ERR_NOT_FOUND, BSL_LOG_ERR, BSL_AuthCtx_s::libhandle, BSLB_CryptoKey_s::pkey, BSL_AuthCtx_s::SHA_variant, and StaticKeyRegistry.

Referenced by BSLX_BIB_GenHMAC().

◆ BSL_Cipher_AddAAD()

int BSL_Cipher_AddAAD	(	BSL_Cipher_t *	cipher_ctx,
		const void *	aad,
		int	aad_len
	)

Add additional authenticated data (AAD) to cipher context.

Parameters

cipher_ctx	pointer to context to add AAD to
aad	pointer to AAD
aad_len	length of AAD

Returns: 0 if successful

Definition at line 296 of file CryptoInterface.c.

References BSL_Cipher_s::libhandle.

◆ BSL_Cipher_AddData()

int BSL_Cipher_AddData	(	BSL_Cipher_t *	cipher_ctx,
		BSL_Data_t	plaintext,
		BSL_Data_t	ciphertext
	)

Todo:: Doxygen

Definition at line 305 of file CryptoInterface.c.

References BSL_Data_s::len, BSL_Cipher_s::libhandle, and BSL_Data_s::ptr.

◆ BSL_Cipher_AddSeq()

int BSL_Cipher_AddSeq	(	BSL_Cipher_t *	cipher_ctx,
		BSL_SeqReader_t *	reader,
		BSL_SeqWriter_t *	writer
	)

Add data to encrypt or decrypt to the context sequentially.

Parameters

	cipher_ctx	pointer to context to add data to
[in]	reader	pointer to sequential reader - input to crypto operation is
[in,out]	writer	pointer to sequential writer - output of crypto operation will be writter

Returns: 0 if successful

Definition at line 316 of file CryptoInterface.c.

References BSL_Cipher_s::block_size, BSL_SeqReader_Get(), BSL_SeqWriter_Put(), and BSL_Cipher_s::libhandle.

◆ BSL_Cipher_Deinit()

int BSL_Cipher_Deinit ( BSL_Cipher_t * cipher_ctx )

De-initialize crypto context resources.

Parameters

cipher_ctx pointer to context to deinitialize

Returns: 0 if successful

Definition at line 396 of file CryptoInterface.c.

References BSL_SUCCESS, and BSL_Cipher_s::libhandle.

◆ BSL_Cipher_FinalizeData()

int BSL_Cipher_FinalizeData	(	BSL_Cipher_t *	cipher_ctx,
		BSL_Data_t *	extra
	)

Definition at line 352 of file CryptoInterface.c.

◆ BSL_Cipher_FinalizeSeq()

int BSL_Cipher_FinalizeSeq	(	BSL_Cipher_t *	cipher_ctx,
		BSL_SeqWriter_t *	writer
	)

Finalize crypto operation.

Finalize may or may not add data to writer depending on implementation.

Parameters

	cipher_ctx	pointer to context to finalize
[out]	writer	additional written data

Returns: 0 if successful

Definition at line 379 of file CryptoInterface.c.

References BSL_SeqWriter_Put(), and BSL_Cipher_s::libhandle.

◆ BSL_Cipher_GetTag()

int BSL_Cipher_GetTag	(	BSL_Cipher_t *	cipher_ctx,
		void **	tag
	)

Get the tag of the crypto operation.

Parameters

	cipher_ctx	pointer to context to get tag from
[out]	tag	will contain tag information upon successful function completion

Returns: 0 if successful

Definition at line 335 of file CryptoInterface.c.

References BSL_Cipher_s::libhandle.

◆ BSL_Cipher_Init()

int BSL_Cipher_Init	(	BSL_Cipher_t *	cipher_ctx,
		BSL_CipherMode_e	enc,
		BSL_CryptoCipherAESVariant_e	aes_var,
		const void *	init_vec,
		int	iv_len,
		BSL_Data_t	content_enc_key
	)

Initialize crypto context resources and set as encoding or decoding.

Parameters

cipher_ctx	pointer to context to initialize
aes_var	AES GCM variant to use
enc	enum for BSL_CRYPTO_ENCRYPT or BSL_CRYPTO_DECRYPT
init_vec	pointer to initialization vector (IV) data
iv_len	length of IV data
content_enc_key	AES key to use as Content Encryption Key.

Returns: 0 if successful

Definition at line 256 of file CryptoInterface.c.

References BSL_Cipher_s::AES_variant, BSL_Cipher_s::block_size, BSL_CRYPTO_ENCRYPT, BSL_ERR_FAILURE, BSL_LOG_ERR, BSL_Cipher_s::enc, BSL_Data_s::len, BSL_Cipher_s::libhandle, and BSL_Data_s::ptr.

◆ BSL_Cipher_SetTag()

int BSL_Cipher_SetTag	(	BSL_Cipher_t *	cipher_ctx,
		const void *	tag
	)

Set the tag of the crypto operation.

Tag length is always 16 bytes

Parameters

	cipher_ctx	pointer to context to set tag of
[in]	tag	pointer to tag

Returns: 0 if successful

Definition at line 342 of file CryptoInterface.c.

References BSL_LOG_INFO, and BSL_Cipher_s::libhandle.

◆ BSL_Crypto_AddRegistryKey()

int BSL_Crypto_AddRegistryKey	(	uint64_t	keyid,
		const uint8_t *	secret,
		size_t	secret_len
	)

Add a new key to the crypto key registry.

Parameters

keyid	key ID that crypto functions will use to access key
secret	raw key data
secret_len	length of raw key

Returns: Zero upon success.

Definition at line 432 of file CryptoInterface.c.

References BSL_Data_CopyFrom(), BSL_Data_Init(), BSL_LOG_ERR, BSLB_CryptoKey_s::pkey, BSLB_CryptoKey_s::raw, and StaticKeyRegistry.

◆ BSL_Crypto_GenIV()

int BSL_Crypto_GenIV	(	void *	buf,
		int	size
	)

Generate initialization vector (IV) for AES-GCM for BCBs.

Parameters

[in,out]	buf	to write iv to
	size	size in bytes of iv (MUST be between 8-16, SHOULD be 12 [2])

Returns: 0 if successful

Definition at line 419 of file CryptoInterface.c.

◆ BSL_Crypto_GenKey()

int BSL_Crypto_GenKey	(	uint8_t *	key_buffer,
		size_t	key_length
	)

Definition at line 404 of file CryptoInterface.c.

◆ BSL_Crypto_UnwrapKey()

int BSL_Crypto_UnwrapKey	(	BSL_Data_t *	unwrapped_key_output,
		BSL_Data_t	wrapped_key_plaintext,
		size_t	key_id,
		size_t	aes_variant
	)

Todo:: Doxygen

Definition at line 74 of file CryptoInterface.c.

References BSL_LOG_ERR, BSLB_Crypto_GetRegistryKey(), BSL_Data_s::len, and BSL_Data_s::ptr.

◆ BSL_Crypto_WrapKey()

int BSL_Crypto_WrapKey	(	BSL_Data_t *	wrapped_key,
		BSL_Data_t	cek,
		size_t	content_key_id,
		size_t	aes_variant
	)

Todo:: Doxygen

Definition at line 120 of file CryptoInterface.c.

References BSL_LOG_ERR, BSL_LOG_INFO, BSLB_Crypto_GetRegistryKey(), BSL_Data_s::len, and BSL_Data_s::ptr.

◆ BSL_CryptoDeinit()

void BSL_CryptoDeinit ( void )

Deinitialize the crypto subsystem.

This should be called at the end of the process.

Definition at line 69 of file CryptoInterface.c.

References StaticKeyRegistry.

◆ BSL_CryptoInit()

void BSL_CryptoInit ( void )

Initialize the crypto subsystem.

This must be called once per process.

Definition at line 64 of file CryptoInterface.c.

References StaticKeyRegistry.

◆ BSLB_Crypto_GetRegistryKey()

int BSLB_Crypto_GetRegistryKey	(	uint64_t	keyid,
		const uint8_t **	secret,
		size_t *	secret_len
	)

Get pointers to an existing key, if present.

Parameters

	keyid	The key to search for.
[out]	secret	Pointer to the stored secret buffer, if successful.
[out]	secret_len	Pointer to the stored secret length, if successful.

Returns: Zero upon success.

Definition at line 461 of file CryptoInterface.c.

References BSL_ERR_NOT_FOUND, BSL_SUCCESS, BSL_Data_s::len, BSL_Data_s::ptr, BSLB_CryptoKey_s::raw, and StaticKeyRegistry.

Referenced by BSL_Crypto_UnwrapKey(), and BSL_Crypto_WrapKey().

◆ BSLB_CryptoKey_Deinit()

static int BSLB_CryptoKey_Deinit ( BSLB_CryptoKey_t * key )

static

Definition at line 44 of file CryptoInterface.c.

Variable Documentation

◆ StaticCryptoMutex

pthread_mutex_t StaticCryptoMutex = PTHREAD_MUTEX_INITIALIZER

static

Definition at line 61 of file CryptoInterface.c.

◆ StaticKeyRegistry

BSLB_CryptoKeyDict_t StaticKeyRegistry

static

Crypto key registry.

Definition at line 60 of file CryptoInterface.c.

Referenced by BSL_AuthCtx_Init(), BSL_Crypto_AddRegistryKey(), BSL_CryptoDeinit(), BSL_CryptoInit(), and BSLB_Crypto_GetRegistryKey().

Data Structures

Typedefs

Functions

Variables

Detailed Description

Function Documentation

◆ BSL_AuthCtx_Deinit()

◆ BSL_AuthCtx_DigestBuffer()

◆ BSL_AuthCtx_DigestSeq()

◆ BSL_AuthCtx_Finalize()

◆ BSL_AuthCtx_Init()

◆ BSL_Cipher_AddAAD()

◆ BSL_Cipher_AddData()

◆ BSL_Cipher_AddSeq()

◆ BSL_Cipher_Deinit()

◆ BSL_Cipher_FinalizeData()

◆ BSL_Cipher_FinalizeSeq()

◆ BSL_Cipher_GetTag()

◆ BSL_Cipher_Init()

◆ BSL_Cipher_SetTag()

◆ BSL_Crypto_AddRegistryKey()

◆ BSL_Crypto_GenIV()

◆ BSL_Crypto_GenKey()

◆ BSL_Crypto_UnwrapKey()

◆ BSL_Crypto_WrapKey()

◆ BSL_CryptoDeinit()

◆ BSL_CryptoInit()

◆ BSLB_Crypto_GetRegistryKey()

◆ BSLB_CryptoKey_Deinit()

Variable Documentation

◆ StaticCryptoMutex

◆ StaticKeyRegistry