1 // Copyright 2022 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/hybrid/internal/hpke_context_boringssl.h"
18
19 #include <memory>
20 #include <string>
21 #include <utility>
22
23 #include "absl/strings/string_view.h"
24 #include "openssl/base.h"
25 #include "openssl/hpke.h"
26 #include "tink/hybrid/internal/hpke_util.h"
27 #include "tink/hybrid/internal/hpke_util_boringssl.h"
28 #include "tink/internal/ssl_unique_ptr.h"
29 #include "tink/subtle/subtle_util.h"
30 #include "tink/util/secret_data.h"
31 #include "tink/util/statusor.h"
32
33 namespace crypto {
34 namespace tink {
35 namespace internal {
36
37 util::StatusOr<SenderHpkeContextBoringSsl>
SetupSender(const HpkeParams & params,absl::string_view recipient_public_key,absl::string_view context_info)38 HpkeContextBoringSsl::SetupSender(const HpkeParams& params,
39 absl::string_view recipient_public_key,
40 absl::string_view context_info) {
41 util::StatusOr<const EVP_HPKE_KEM *> kem = KemParam(params);
42 if (!kem.ok()) {
43 return kem.status();
44 }
45 util::StatusOr<const EVP_HPKE_KDF *> kdf = KdfParam(params);
46 if (!kdf.ok()) {
47 return kdf.status();
48 }
49 util::StatusOr<const EVP_HPKE_AEAD *> aead = AeadParam(params);
50 if (!aead.ok()) {
51 return aead.status();
52 }
53 uint8_t enc[EVP_HPKE_MAX_ENC_LENGTH];
54 size_t enc_len;
55 SslUniquePtr<EVP_HPKE_CTX> context(EVP_HPKE_CTX_new());
56 if (!EVP_HPKE_CTX_setup_sender(
57 context.get(), enc, &enc_len, sizeof(enc), *kem, *kdf, *aead,
58 reinterpret_cast<const uint8_t *>(recipient_public_key.data()),
59 recipient_public_key.size(),
60 reinterpret_cast<const uint8_t *>(context_info.data()),
61 context_info.size())) {
62 return util::Status(absl::StatusCode::kUnknown,
63 "Unable to set up HPKE sender context.");
64 }
65 SenderHpkeContextBoringSsl tuple;
66 tuple.context =
67 absl::WrapUnique(new HpkeContextBoringSsl(std::move(context)));
68 tuple.encapsulated_key =
69 std::string(reinterpret_cast<const char *>(enc), enc_len);
70 return std::move(tuple);
71 }
72
73 util::StatusOr<std::unique_ptr<HpkeContextBoringSsl>>
SetupRecipient(const HpkeParams & params,const util::SecretData & recipient_private_key,absl::string_view encapsulated_key,absl::string_view info)74 HpkeContextBoringSsl::SetupRecipient(
75 const HpkeParams& params, const util::SecretData& recipient_private_key,
76 absl::string_view encapsulated_key, absl::string_view info) {
77 util::StatusOr<const EVP_HPKE_KEM *> kem = KemParam(params);
78 if (!kem.ok()) {
79 return kem.status();
80 }
81 util::StatusOr<const EVP_HPKE_KDF *> kdf = KdfParam(params);
82 if (!kdf.ok()) {
83 return kdf.status();
84 }
85 util::StatusOr<const EVP_HPKE_AEAD *> aead = AeadParam(params);
86 if (!aead.ok()) {
87 return aead.status();
88 }
89 bssl::ScopedEVP_HPKE_KEY hpke_key;
90 if (!EVP_HPKE_KEY_init(
91 hpke_key.get(), *kem,
92 reinterpret_cast<const uint8_t *>(recipient_private_key.data()),
93 recipient_private_key.size())) {
94 return util::Status(
95 absl::StatusCode::kInvalidArgument,
96 "Unable to initialize BoringSSL HPKE recipient private key.");
97 }
98 SslUniquePtr<EVP_HPKE_CTX> context(EVP_HPKE_CTX_new());
99 if (!EVP_HPKE_CTX_setup_recipient(
100 context.get(), hpke_key.get(), *kdf, *aead,
101 reinterpret_cast<const uint8_t *>(encapsulated_key.data()),
102 encapsulated_key.size(),
103 reinterpret_cast<const uint8_t *>(info.data()), info.size())) {
104 return util::Status(absl::StatusCode::kUnknown,
105 "Unable to set up BoringSSL HPKE recipient context.");
106 }
107 return absl::WrapUnique(new HpkeContextBoringSsl(std::move(context)));
108 }
109
Seal(absl::string_view plaintext,absl::string_view associated_data)110 util::StatusOr<std::string> HpkeContextBoringSsl::Seal(
111 absl::string_view plaintext, absl::string_view associated_data) {
112 std::string ciphertext;
113 subtle::ResizeStringUninitialized(
114 &ciphertext,
115 plaintext.size() + EVP_HPKE_CTX_max_overhead(context_.get()));
116 size_t max_out_len = ciphertext.size();
117 size_t ciphertext_size;
118 if (!EVP_HPKE_CTX_seal(
119 context_.get(), reinterpret_cast<uint8_t *>(&ciphertext[0]),
120 &ciphertext_size, max_out_len,
121 reinterpret_cast<const uint8_t *>(plaintext.data()), plaintext.size(),
122 reinterpret_cast<const uint8_t *>(associated_data.data()),
123 associated_data.size())) {
124 return util::Status(absl::StatusCode::kUnknown,
125 "BoringSSL HPKE encryption failed.");
126 }
127 if (ciphertext_size < ciphertext.size()) {
128 subtle::ResizeStringUninitialized(&ciphertext, ciphertext_size);
129 }
130 return ciphertext;
131 }
132
Open(absl::string_view ciphertext,absl::string_view associated_data)133 util::StatusOr<std::string> HpkeContextBoringSsl::Open(
134 absl::string_view ciphertext, absl::string_view associated_data) {
135 std::string plaintext;
136 subtle::ResizeStringUninitialized(&plaintext, ciphertext.size());
137 size_t plaintext_size;
138 if (!EVP_HPKE_CTX_open(
139 context_.get(), reinterpret_cast<uint8_t *>(&plaintext[0]),
140 &plaintext_size, plaintext.size(),
141 reinterpret_cast<const uint8_t *>(ciphertext.data()),
142 ciphertext.size(),
143 reinterpret_cast<const uint8_t *>(associated_data.data()),
144 associated_data.size())) {
145 return util::Status(absl::StatusCode::kUnknown,
146 "BoringSSL HPKE decryption failed.");
147 }
148 subtle::ResizeStringUninitialized(&plaintext, plaintext_size);
149 return plaintext;
150 }
151
Export(absl::string_view exporter_context,int64_t secret_length)152 util::StatusOr<util::SecretData> HpkeContextBoringSsl::Export(
153 absl::string_view exporter_context, int64_t secret_length) {
154 std::string secret;
155 subtle::ResizeStringUninitialized(&secret, secret_length);
156 if (!EVP_HPKE_CTX_export(
157 context_.get(), reinterpret_cast<uint8_t *>(&secret[0]),
158 secret_length,
159 reinterpret_cast<const uint8_t *>(exporter_context.data()),
160 exporter_context.size())) {
161 return util::Status(absl::StatusCode::kUnknown, "Unable to export secret.");
162 }
163 return util::SecretDataFromStringView(secret);
164 }
165
166 } // namespace internal
167 } // namespace tink
168 } // namespace crypto
169