GCC Code Coverage Report

Directory:	cvmfs/
File:	cvmfs/crypto/encrypt.cc
Date:	2025-11-09 02:35:23

	Exec	Total	Coverage
Lines:	167	179	93.3%
Branches:	99	177	55.9%

Line	Branch	Exec	Source
1			/**
2			* This file is part of the CernVM File System
3			*/
4
5
6			#include "crypto/encrypt.h"
7
8			#include <fcntl.h>
9			#include <openssl/evp.h>
10			#include <openssl/rand.h>
11			#include <unistd.h>
12
13			#include <cassert>
14			#include <cstdlib>
15			#include <cstring>
16			#include <ctime>
17
18			#include "crypto/hash.h"
19			#include "crypto/openssl_version.h"
20			#include "util/concurrency.h"
21			#include "util/exception.h"
22			#include "util/platform.h"
23			#include "util/pointer.h"
24			#include "util/smalloc.h"
25			#include "util/string.h"
26			#include "util/uuid.h"
27
28			using namespace std; // NOLINT
29
30			namespace cipher {
31
32		600078	Key *Key::CreateRandomly(const unsigned size) {
33		600078	Key *result = new Key();
34		600078	result->size_ = size;
35		600078	result->data_ = reinterpret_cast<unsigned char *>(smalloc(size));
36			// TODO(jblomer): pin memory in RAM
37		600078	const int retval = RAND_bytes(result->data_, result->size_);
38	1/2 ✗ Branch 0 not taken. ✓ Branch 1 taken 600078 times.	600078	if (retval != 1) {
39			// Not enough entropy
40		✗	delete result;
41		✗	result = NULL;
42			}
43		600078	return result;
44			}
45
46
47		18	Key *Key::CreateFromFile(const string &path) {
48	1/2 ✓ Branch 2 taken 18 times. ✗ Branch 3 not taken.	18	const int fd = open(path.c_str(), O_RDONLY);
49	2/2 ✓ Branch 0 taken 6 times. ✓ Branch 1 taken 12 times.	18	if (fd < 0)
50		6	return NULL;
51		12	platform_disable_kcache(fd);
52
53			platform_stat64 info;
54		12	const int retval = platform_fstat(fd, &info);
55	1/2 ✗ Branch 0 not taken. ✓ Branch 1 taken 12 times.	12	if (retval != 0) {
56		✗	close(fd);
57		✗	return NULL;
58			}
59	3/4 ✓ Branch 0 taken 6 times. ✓ Branch 1 taken 6 times. ✗ Branch 2 not taken. ✓ Branch 3 taken 6 times.	12	if ((info.st_size == 0) \|\| (info.st_size > kMaxSize)) {
60	1/2 ✓ Branch 1 taken 6 times. ✗ Branch 2 not taken.	6	close(fd);
61		6	return NULL;
62			}
63
64	1/2 ✓ Branch 1 taken 6 times. ✗ Branch 2 not taken.	6	Key *result = new Key();
65		6	result->size_ = info.st_size;
66		6	result->data_ = reinterpret_cast<unsigned char *>(smalloc(result->size_));
67	1/2 ✓ Branch 1 taken 6 times. ✗ Branch 2 not taken.	6	const int nbytes = read(fd, result->data_, result->size_);
68	1/2 ✓ Branch 1 taken 6 times. ✗ Branch 2 not taken.	6	close(fd);
69	2/4 ✓ Branch 0 taken 6 times. ✗ Branch 1 not taken. ✗ Branch 2 not taken. ✓ Branch 3 taken 6 times.	6	if ((nbytes < 0) \|\| (static_cast<unsigned>(nbytes) != result->size_)) {
70		✗	delete result;
71		✗	result = NULL;
72			}
73		6	return result;
74			}
75
76
77		42	Key *Key::CreateFromString(const string &key) {
78		42	const unsigned size = key.size();
79	4/4 ✓ Branch 0 taken 36 times. ✓ Branch 1 taken 6 times. ✓ Branch 2 taken 6 times. ✓ Branch 3 taken 30 times.	42	if ((size == 0) \|\| (size > kMaxSize))
80		12	return NULL;
81	2/4 ✓ Branch 1 taken 30 times. ✗ Branch 2 not taken. ✓ Branch 5 taken 30 times. ✗ Branch 6 not taken.	30	UniquePtr<Key> result(new Key());
82		30	result->size_ = size;
83		30	result->data_ = reinterpret_cast<unsigned char *>(smalloc(size));
84		30	memcpy(result->data_, key.data(), size);
85		30	return result.Release();
86		30	}
87
88
89		600114	Key::~Key() {
90	1/2 ✓ Branch 0 taken 600114 times. ✗ Branch 1 not taken.	600114	if (data_) {
91		600114	memset(data_, 0, size_);
92		600114	free(data_);
93			}
94		600114	}
95
96
97		12	bool Key::SaveToFile(const std::string &path) {
98		12	const int fd = open(path.c_str(), O_WRONLY);
99	2/2 ✓ Branch 0 taken 6 times. ✓ Branch 1 taken 6 times.	12	if (fd < 0)
100		6	return false;
101		6	platform_disable_kcache(fd);
102
103		6	const int nbytes = write(fd, data_, size_);
104		6	close(fd);
105	2/4 ✓ Branch 0 taken 6 times. ✗ Branch 1 not taken. ✓ Branch 2 taken 6 times. ✗ Branch 3 not taken.	6	return (nbytes >= 0) && (static_cast<unsigned>(nbytes) == size_);
106			}
107
108
109		48	string Key::ToBase64() const {
110	2/4 ✓ Branch 2 taken 48 times. ✗ Branch 3 not taken. ✓ Branch 5 taken 48 times. ✗ Branch 6 not taken.	96	return Base64(string(reinterpret_cast<const char *>(data_), size_));
111			}
112
113
114			//------------------------------------------------------------------------------
115
116
117		6	MemoryKeyDatabase::MemoryKeyDatabase() {
118		6	lock_ = reinterpret_cast<pthread_mutex_t *>(smalloc(sizeof(pthread_mutex_t)));
119		6	const int retval = pthread_mutex_init(lock_, NULL);
120	1/2 ✗ Branch 0 not taken. ✓ Branch 1 taken 6 times.	6	assert(retval == 0);
121		6	}
122
123
124		12	MemoryKeyDatabase::~MemoryKeyDatabase() {
125		12	pthread_mutex_destroy(lock_);
126		12	free(lock_);
127			}
128
129
130		12	bool MemoryKeyDatabase::StoreNew(const Key key, string id) {
131		12	const MutexLockGuard mutex_guard(lock_);
132			// TODO(jblomer): is this good enough for random keys? Salting? KDF2?
133	1/2 ✓ Branch 1 taken 12 times. ✗ Branch 2 not taken.	12	shash::Any hash(shash::kShake128);
134	1/2 ✓ Branch 3 taken 12 times. ✗ Branch 4 not taken.	12	HashMem(key->data(), key->size(), &hash);
135	2/4 ✓ Branch 1 taken 12 times. ✗ Branch 2 not taken. ✓ Branch 4 taken 12 times. ✗ Branch 5 not taken.	12	*id = "H" + hash.ToString();
136	1/2 ✓ Branch 1 taken 12 times. ✗ Branch 2 not taken.	12	const map<string, const Key >::const_iterator i = database_.find(id);
137	2/2 ✓ Branch 3 taken 6 times. ✓ Branch 4 taken 6 times.	12	if (i != database_.end())
138		6	return false;
139
140	1/2 ✓ Branch 1 taken 6 times. ✗ Branch 2 not taken.	6	database_[*id] = key;
141		6	return true;
142		12	}
143
144
145		12	const Key *MemoryKeyDatabase::Find(const string &id) {
146		12	const MutexLockGuard mutex_guard(lock_);
147	1/2 ✓ Branch 1 taken 12 times. ✗ Branch 2 not taken.	12	const map<string, const Key *>::const_iterator i = database_.find(id);
148	2/2 ✓ Branch 3 taken 6 times. ✓ Branch 4 taken 6 times.	12	if (i != database_.end())
149		6	return i->second;
150		6	return NULL;
151		12	}
152
153
154			//------------------------------------------------------------------------------
155
156
157		114	Cipher *Cipher::Create(const Algorithms a) {
158	2/3 ✓ Branch 0 taken 90 times. ✓ Branch 1 taken 24 times. ✗ Branch 2 not taken.	114	switch (a) {
159		90	case kAes256Cbc:
160		90	return new CipherAes256Cbc();
161		24	case kNone:
162		24	return new CipherNone();
163		✗	default:
164		✗	PANIC(NULL);
165			}
166			// Never here
167			}
168
169
170		72	bool Cipher::Encrypt(const string &plaintext,
171			const Key &key,
172			string *ciphertext) {
173		72	ciphertext->clear();
174	1/2 ✗ Branch 2 not taken. ✓ Branch 3 taken 72 times.	72	if (key.size() != key_size())
175		✗	return false;
176
177		72	unsigned char envelope = 0 & 0x0F;
178		72	envelope \|= (algorithm() << 4) & 0xF0;
179		72	ciphertext->push_back(envelope);
180
181	1/2 ✓ Branch 2 taken 72 times. ✗ Branch 3 not taken.	72	*ciphertext += DoEncrypt(plaintext, key);
182		72	return true;
183			}
184
185
186		96	bool Cipher::Decrypt(const string &ciphertext,
187			const Key &key,
188			string *plaintext) {
189		96	plaintext->clear();
190	2/2 ✓ Branch 1 taken 6 times. ✓ Branch 2 taken 90 times.	96	if (ciphertext.size() < 1)
191		6	return false;
192		90	const unsigned char envelope = ciphertext[0];
193		90	const unsigned char version = envelope & 0x0F;
194	2/2 ✓ Branch 0 taken 6 times. ✓ Branch 1 taken 84 times.	90	if (version != 0)
195		6	return false;
196		84	const unsigned char algorithm = (envelope & 0xF0) >> 4;
197	2/2 ✓ Branch 0 taken 6 times. ✓ Branch 1 taken 78 times.	84	if (algorithm > kNone)
198		6	return false;
199
200	2/4 ✓ Branch 1 taken 78 times. ✗ Branch 2 not taken. ✓ Branch 4 taken 78 times. ✗ Branch 5 not taken.	78	const UniquePtr<Cipher> cipher(Create(static_cast<Algorithms>(algorithm)));
201	3/4 ✓ Branch 3 taken 78 times. ✗ Branch 4 not taken. ✓ Branch 5 taken 6 times. ✓ Branch 6 taken 72 times.	78	if (key.size() != cipher->key_size())
202		6	return false;
203	3/6 ✓ Branch 2 taken 72 times. ✗ Branch 3 not taken. ✓ Branch 5 taken 72 times. ✗ Branch 6 not taken. ✓ Branch 8 taken 72 times. ✗ Branch 9 not taken.	72	*plaintext += cipher->DoDecrypt(ciphertext.substr(1), key);
204		72	return true;
205		78	}
206
207
208			//------------------------------------------------------------------------------
209
210
211		54	string CipherAes256Cbc::DoDecrypt(const string &ciphertext, const Key &key) {
212	1/2 ✗ Branch 1 not taken. ✓ Branch 2 taken 54 times.	54	assert(key.size() == kKeySize);
213			int retval;
214	2/2 ✓ Branch 1 taken 6 times. ✓ Branch 2 taken 48 times.	54	if (ciphertext.size() < kIvSize)
215	1/2 ✓ Branch 2 taken 6 times. ✗ Branch 3 not taken.	6	return "";
216
217			const unsigned char iv = reinterpret_cast<const unsigned char >(
218		48	ciphertext.data());
219
220			// See OpenSSL documentation for the size
221			unsigned char plaintext = reinterpret_cast<unsigned char >(
222		48	smalloc(kBlockSize + ciphertext.size() - kIvSize));
223			int plaintext_len;
224			int tail_len;
225			#ifdef OPENSSL_API_INTERFACE_V11
226	1/2 ✓ Branch 1 taken 48 times. ✗ Branch 2 not taken.	48	EVP_CIPHER_CTX *ctx_ptr = EVP_CIPHER_CTX_new();
227			#else
228			EVP_CIPHER_CTX ctx;
229			EVP_CIPHER_CTX_init(&ctx);
230			EVP_CIPHER_CTX *ctx_ptr = &ctx;
231			#endif
232	2/4 ✓ Branch 2 taken 48 times. ✗ Branch 3 not taken. ✓ Branch 5 taken 48 times. ✗ Branch 6 not taken.	48	retval = EVP_DecryptInit_ex(ctx_ptr, EVP_aes_256_cbc(), NULL, key.data(), iv);
233	1/2 ✗ Branch 0 not taken. ✓ Branch 1 taken 48 times.	48	assert(retval == 1);
234		144	retval = EVP_DecryptUpdate(
235			ctx_ptr, plaintext, &plaintext_len,
236	1/2 ✓ Branch 1 taken 48 times. ✗ Branch 2 not taken.	48	reinterpret_cast<const unsigned char *>(ciphertext.data() + kIvSize),
237		48	ciphertext.length() - kIvSize);
238	1/2 ✗ Branch 0 not taken. ✓ Branch 1 taken 48 times.	48	if (retval != 1) {
239		✗	free(plaintext);
240			#ifdef OPENSSL_API_INTERFACE_V11
241		✗	EVP_CIPHER_CTX_free(ctx_ptr);
242			#else
243			retval = EVP_CIPHER_CTX_cleanup(&ctx);
244			assert(retval == 1);
245			#endif
246		✗	return "";
247			}
248	1/2 ✓ Branch 1 taken 48 times. ✗ Branch 2 not taken.	48	retval = EVP_DecryptFinal_ex(ctx_ptr, plaintext + plaintext_len, &tail_len);
249			#ifdef OPENSSL_API_INTERFACE_V11
250	1/2 ✓ Branch 1 taken 48 times. ✗ Branch 2 not taken.	48	EVP_CIPHER_CTX_free(ctx_ptr);
251			#else
252			int retval_2 = EVP_CIPHER_CTX_cleanup(&ctx);
253			assert(retval_2 == 1);
254			#endif
255	2/2 ✓ Branch 0 taken 12 times. ✓ Branch 1 taken 36 times.	48	if (retval != 1) {
256		12	free(plaintext);
257	1/2 ✓ Branch 2 taken 12 times. ✗ Branch 3 not taken.	12	return "";
258			}
259
260		36	plaintext_len += tail_len;
261	2/2 ✓ Branch 0 taken 6 times. ✓ Branch 1 taken 30 times.	36	if (plaintext_len == 0) {
262		6	free(plaintext);
263	1/2 ✓ Branch 2 taken 6 times. ✗ Branch 3 not taken.	6	return "";
264			}
265	1/2 ✓ Branch 2 taken 30 times. ✗ Branch 3 not taken.	30	string result(reinterpret_cast<char *>(plaintext), plaintext_len);
266		30	free(plaintext);
267		30	return result;
268		30	}
269
270
271		60	string CipherAes256Cbc::DoEncrypt(const string &plaintext, const Key &key) {
272	1/2 ✗ Branch 1 not taken. ✓ Branch 2 taken 60 times.	60	assert(key.size() == kKeySize);
273			int retval;
274
275	1/2 ✓ Branch 1 taken 60 times. ✗ Branch 2 not taken.	60	shash::Md5 md5(GenerateIv(key));
276			// iv size happens to be md5 digest size
277		60	unsigned char *iv = md5.digest;
278
279			// See OpenSSL documentation as for the size. Additionally, we prepend the
280			// initialization vector.
281			unsigned char ciphertext = reinterpret_cast<unsigned char >(
282		60	smalloc(kIvSize + 2 * kBlockSize + plaintext.size()));
283		60	memcpy(ciphertext, iv, kIvSize);
284		60	int cipher_len = 0;
285		60	int tail_len = 0;
286			#ifdef OPENSSL_API_INTERFACE_V11
287	1/2 ✓ Branch 1 taken 60 times. ✗ Branch 2 not taken.	60	EVP_CIPHER_CTX *ctx_ptr = EVP_CIPHER_CTX_new();
288			#else
289			EVP_CIPHER_CTX ctx;
290			EVP_CIPHER_CTX_init(&ctx);
291			EVP_CIPHER_CTX *ctx_ptr = &ctx;
292			#endif
293	2/4 ✓ Branch 2 taken 60 times. ✗ Branch 3 not taken. ✓ Branch 5 taken 60 times. ✗ Branch 6 not taken.	60	retval = EVP_EncryptInit_ex(ctx_ptr, EVP_aes_256_cbc(), NULL, key.data(), iv);
294	1/2 ✗ Branch 0 not taken. ✓ Branch 1 taken 60 times.	60	assert(retval == 1);
295			// Older versions of OpenSSL don't allow empty input buffers
296	2/2 ✓ Branch 1 taken 54 times. ✓ Branch 2 taken 6 times.	60	if (!plaintext.empty()) {
297	1/2 ✓ Branch 1 taken 54 times. ✗ Branch 2 not taken.	54	retval = EVP_EncryptUpdate(
298			ctx_ptr, ciphertext + kIvSize, &cipher_len,
299		54	reinterpret_cast<const unsigned char *>(plaintext.data()),
300		54	plaintext.length());
301	1/2 ✗ Branch 0 not taken. ✓ Branch 1 taken 54 times.	54	assert(retval == 1);
302			}
303	1/2 ✓ Branch 1 taken 60 times. ✗ Branch 2 not taken.	60	retval = EVP_EncryptFinal_ex(ctx_ptr, ciphertext + kIvSize + cipher_len,
304			&tail_len);
305	1/2 ✗ Branch 0 not taken. ✓ Branch 1 taken 60 times.	60	assert(retval == 1);
306			#ifdef OPENSSL_API_INTERFACE_V11
307	1/2 ✓ Branch 1 taken 60 times. ✗ Branch 2 not taken.	60	EVP_CIPHER_CTX_free(ctx_ptr);
308			#else
309			retval = EVP_CIPHER_CTX_cleanup(&ctx);
310			assert(retval == 1);
311			#endif
312
313		60	cipher_len += tail_len;
314	1/2 ✗ Branch 0 not taken. ✓ Branch 1 taken 60 times.	60	assert(cipher_len > 0);
315	1/2 ✓ Branch 2 taken 60 times. ✗ Branch 3 not taken.	60	string result(reinterpret_cast<char *>(ciphertext), kIvSize + cipher_len);
316		60	free(ciphertext);
317		120	return result;
318			}
319
320
321			/**
322			* The block size of AES-256-CBC happens to be the same of the MD5 digest
323			* (128 bits). Use the HMAC of a UUID to make it random and unpredictable.
324			*/
325		600060	shash::Md5 CipherAes256Cbc::GenerateIv(const Key &key) {
326			// The UUID is random but not necessarily cryptographically random. That
327			// saves the entropy pool.
328	3/6 ✓ Branch 2 taken 600060 times. ✗ Branch 3 not taken. ✓ Branch 5 taken 600060 times. ✗ Branch 6 not taken. ✓ Branch 8 taken 600060 times. ✗ Branch 9 not taken.	1200120	const UniquePtr<cvmfs::Uuid> uuid(cvmfs::Uuid::Create(""));
329	1/2 ✗ Branch 1 not taken. ✓ Branch 2 taken 600060 times.	600060	assert(uuid.IsValid());
330
331			// Now make it unpredictable, using an HMAC with the encryption key.
332	1/2 ✓ Branch 1 taken 600060 times. ✗ Branch 2 not taken.	600060	shash::Any hmac(shash::kMd5);
333	2/4 ✓ Branch 8 taken 600060 times. ✗ Branch 9 not taken. ✓ Branch 11 taken 600060 times. ✗ Branch 12 not taken.	600060	shash::Hmac(string(reinterpret_cast<const char *>(key.data()), key.size()),
334			uuid->data(), uuid->size(), &hmac);
335	1/2 ✓ Branch 1 taken 600060 times. ✗ Branch 2 not taken.	1200120	return hmac.CastToMd5();
336		600060	}
337
338
339			//------------------------------------------------------------------------------
340
341
342		18	string CipherNone::DoDecrypt(const string &ciphertext, const Key &key) {
343		18	return ciphertext;
344			}
345
346
347		12	string CipherNone::DoEncrypt(const string &plaintext, const Key &key) {
348		12	return plaintext;
349			}
350
351			} // namespace cipher
352

1

/**

2

* This file is part of the CernVM File System

*/

#include "crypto/encrypt.h"

7

8

#include <fcntl.h>

9

#include <openssl/evp.h>

10

#include <openssl/rand.h>

#include <unistd.h>

#include <cassert>

#include <cstdlib>

#include <cstring>

#include <ctime>

#include "crypto/hash.h"

19

#include "crypto/openssl_version.h"

20

#include "util/concurrency.h"

21

#include "util/exception.h"

22

#include "util/platform.h"

23

#include "util/pointer.h"

24

#include "util/smalloc.h"

25

#include "util/string.h"

26

#include "util/uuid.h"

27

28

using namespace std; // NOLINT

namespace cipher {

600078

Key *Key::CreateRandomly(const unsigned size) {

33

600078

Key *result = new Key();

34

600078

result->size_ = size;

35

600078

result->data_ = reinterpret_cast<unsigned char *>(smalloc(size));

36

// TODO(jblomer): pin memory in RAM

37

600078

const int retval = RAND_bytes(result->data_, result->size_);

38

1/2

✗ Branch 0 not taken.

✓ Branch 1 taken 600078 times.

600078

if (retval != 1) {

39

// Not enough entropy

40

✗

delete result;

41

✗

result = NULL;

42

}

43

600078

return result;

}

18

Key *Key::CreateFromFile(const string &path) {

48

1/2

✓ Branch 2 taken 18 times.

✗ Branch 3 not taken.

18

const int fd = open(path.c_str(), O_RDONLY);

49

2/2

✓ Branch 0 taken 6 times.

✓ Branch 1 taken 12 times.

18

if (fd < 0)

50

6

return NULL;

51

12

platform_disable_kcache(fd);

52

53

platform_stat64 info;

54

12

const int retval = platform_fstat(fd, &info);

55

1/2

✗ Branch 0 not taken.

✓ Branch 1 taken 12 times.

12

if (retval != 0) {

56

✗

close(fd);

57

✗

return NULL;

58

}

59

3/4

✓ Branch 0 taken 6 times.

✓ Branch 1 taken 6 times.

✗ Branch 2 not taken.

✓ Branch 3 taken 6 times.

12

if ((info.st_size == 0) || (info.st_size > kMaxSize)) {

60

1/2

✓ Branch 1 taken 6 times.

✗ Branch 2 not taken.

6

close(fd);

61

6

return NULL;

62

}

63

64

1/2

✓ Branch 1 taken 6 times.

✗ Branch 2 not taken.

6

Key *result = new Key();

65

6

result->size_ = info.st_size;

66

6

result->data_ = reinterpret_cast<unsigned char *>(smalloc(result->size_));

67

1/2

✓ Branch 1 taken 6 times.

✗ Branch 2 not taken.

6

const int nbytes = read(fd, result->data_, result->size_);

68

1/2

✓ Branch 1 taken 6 times.

✗ Branch 2 not taken.

6

close(fd);

69

2/4

✓ Branch 0 taken 6 times.

✗ Branch 1 not taken.

✗ Branch 2 not taken.

✓ Branch 3 taken 6 times.

6

if ((nbytes < 0) || (static_cast<unsigned>(nbytes) != result->size_)) {

70

✗

delete result;

71

✗

result = NULL;

72

}

73

6

return result;

}

42

Key *Key::CreateFromString(const string &key) {

78

42

const unsigned size = key.size();

79

4/4

✓ Branch 0 taken 36 times.

✓ Branch 1 taken 6 times.

✓ Branch 2 taken 6 times.

✓ Branch 3 taken 30 times.

42

if ((size == 0) || (size > kMaxSize))

80

12

return NULL;

81

2/4

✓ Branch 1 taken 30 times.

✗ Branch 2 not taken.

✓ Branch 5 taken 30 times.

✗ Branch 6 not taken.

30

UniquePtr<Key> result(new Key());

82

30

result->size_ = size;

83

30

result->data_ = reinterpret_cast<unsigned char *>(smalloc(size));

84

30

memcpy(result->data_, key.data(), size);

85

30

return result.Release();

86

30

}

87

88

89

600114

Key::~Key() {

90

1/2

✓ Branch 0 taken 600114 times.

✗ Branch 1 not taken.

600114

if (data_) {

91

600114

memset(data_, 0, size_);

92

600114

free(data_);

93

}

94

600114

}

95

96

97

12

bool Key::SaveToFile(const std::string &path) {

98

12

const int fd = open(path.c_str(), O_WRONLY);

99

2/2

✓ Branch 0 taken 6 times.

✓ Branch 1 taken 6 times.

12

if (fd < 0)

100

6

return false;

101

6

platform_disable_kcache(fd);

102

103

6

const int nbytes = write(fd, data_, size_);

104

6

close(fd);

105

2/4

✓ Branch 0 taken 6 times.

✗ Branch 1 not taken.

✓ Branch 2 taken 6 times.

✗ Branch 3 not taken.

6

return (nbytes >= 0) && (static_cast<unsigned>(nbytes) == size_);

}

48

string Key::ToBase64() const {

110

2/4

✓ Branch 2 taken 48 times.

✗ Branch 3 not taken.

✓ Branch 5 taken 48 times.

✗ Branch 6 not taken.

96

return Base64(string(reinterpret_cast<const char *>(data_), size_));

}

//------------------------------------------------------------------------------

115

116

117

6

MemoryKeyDatabase::MemoryKeyDatabase() {

118

6

lock_ = reinterpret_cast<pthread_mutex_t *>(smalloc(sizeof(pthread_mutex_t)));

119

6

const int retval = pthread_mutex_init(lock_, NULL);

120

1/2

✗ Branch 0 not taken.

✓ Branch 1 taken 6 times.

6

assert(retval == 0);

121

6

}

122

123

124

12

MemoryKeyDatabase::~MemoryKeyDatabase() {

125

12

pthread_mutex_destroy(lock_);

126

12

free(lock_);

}

12

bool MemoryKeyDatabase::StoreNew(const Key *key, string *id) {

131

12

const MutexLockGuard mutex_guard(lock_);

132

// TODO(jblomer): is this good enough for random keys? Salting? KDF2?

133

1/2

✓ Branch 1 taken 12 times.

✗ Branch 2 not taken.

12

shash::Any hash(shash::kShake128);

134

1/2

✓ Branch 3 taken 12 times.

✗ Branch 4 not taken.

12

HashMem(key->data(), key->size(), &hash);

135

2/4

✓ Branch 1 taken 12 times.

✗ Branch 2 not taken.

✓ Branch 4 taken 12 times.

✗ Branch 5 not taken.

12

*id = "H" + hash.ToString();

136

1/2

✓ Branch 1 taken 12 times.

✗ Branch 2 not taken.

12

const map<string, const Key *>::const_iterator i = database_.find(*id);

137

2/2

✓ Branch 3 taken 6 times.

✓ Branch 4 taken 6 times.

12

if (i != database_.end())

138

6

return false;

139

140

1/2

✓ Branch 1 taken 6 times.

✗ Branch 2 not taken.

6

database_[*id] = key;

141

6

return true;

142

12

}

143

144

145

12

const Key *MemoryKeyDatabase::Find(const string &id) {

146

12

const MutexLockGuard mutex_guard(lock_);

147

1/2

✓ Branch 1 taken 12 times.

✗ Branch 2 not taken.

12

const map<string, const Key *>::const_iterator i = database_.find(id);

148

2/2

✓ Branch 3 taken 6 times.

✓ Branch 4 taken 6 times.

12

if (i != database_.end())

149

6

return i->second;

150

6

return NULL;

151

12

}

152

153

154

//------------------------------------------------------------------------------

155

156

157

114

Cipher *Cipher::Create(const Algorithms a) {

158

2/3

✓ Branch 0 taken 90 times.

✓ Branch 1 taken 24 times.

✗ Branch 2 not taken.

114

switch (a) {

159

90

case kAes256Cbc:

160

90

return new CipherAes256Cbc();

161

24

case kNone:

162

24

return new CipherNone();

163

✗

default:

164

✗

PANIC(NULL);

}

// Never here

}

72

bool Cipher::Encrypt(const string &plaintext,

171

const Key &key,

172

string *ciphertext) {

173

72

ciphertext->clear();

174

1/2

✗ Branch 2 not taken.

✓ Branch 3 taken 72 times.

72

if (key.size() != key_size())

175

✗

return false;

176

177

72

unsigned char envelope = 0 & 0x0F;

178

72

envelope |= (algorithm() << 4) & 0xF0;

179

72

ciphertext->push_back(envelope);

180

181

1/2

✓ Branch 2 taken 72 times.

✗ Branch 3 not taken.

72

*ciphertext += DoEncrypt(plaintext, key);

182

72

return true;

}

96

bool Cipher::Decrypt(const string &ciphertext,

187

const Key &key,

188

string *plaintext) {

189

96

plaintext->clear();

190

2/2

✓ Branch 1 taken 6 times.

✓ Branch 2 taken 90 times.

96

if (ciphertext.size() < 1)

191

6

return false;

192

90

const unsigned char envelope = ciphertext[0];

193

90

const unsigned char version = envelope & 0x0F;

194

2/2

✓ Branch 0 taken 6 times.

✓ Branch 1 taken 84 times.

90

if (version != 0)

195

6

return false;

196

84

const unsigned char algorithm = (envelope & 0xF0) >> 4;

197

2/2

✓ Branch 0 taken 6 times.

✓ Branch 1 taken 78 times.

84

if (algorithm > kNone)

198

6

return false;

199

200

2/4

✓ Branch 1 taken 78 times.

✗ Branch 2 not taken.

✓ Branch 4 taken 78 times.

✗ Branch 5 not taken.

78

const UniquePtr<Cipher> cipher(Create(static_cast<Algorithms>(algorithm)));

201

3/4

✓ Branch 3 taken 78 times.

✗ Branch 4 not taken.

✓ Branch 5 taken 6 times.

✓ Branch 6 taken 72 times.

78

if (key.size() != cipher->key_size())

202

6

return false;

203

3/6

✓ Branch 2 taken 72 times.

✗ Branch 3 not taken.

✓ Branch 5 taken 72 times.

✗ Branch 6 not taken.

✓ Branch 8 taken 72 times.

✗ Branch 9 not taken.

72

*plaintext += cipher->DoDecrypt(ciphertext.substr(1), key);

204

72

return true;

205

78

}

206

207

208

//------------------------------------------------------------------------------

209

210

211

54

string CipherAes256Cbc::DoDecrypt(const string &ciphertext, const Key &key) {

212

1/2

✗ Branch 1 not taken.

✓ Branch 2 taken 54 times.

54

assert(key.size() == kKeySize);

213

int retval;

214

2/2

✓ Branch 1 taken 6 times.

✓ Branch 2 taken 48 times.

54

if (ciphertext.size() < kIvSize)

215

1/2

✓ Branch 2 taken 6 times.

✗ Branch 3 not taken.

6

return "";

216

217

const unsigned char *iv = reinterpret_cast<const unsigned char *>(

218

48

ciphertext.data());

219

220

// See OpenSSL documentation for the size

221

unsigned char *plaintext = reinterpret_cast<unsigned char *>(

222

48

smalloc(kBlockSize + ciphertext.size() - kIvSize));

223

int plaintext_len;

224

int tail_len;

225

#ifdef OPENSSL_API_INTERFACE_V11

226

1/2

✓ Branch 1 taken 48 times.

✗ Branch 2 not taken.

48

EVP_CIPHER_CTX *ctx_ptr = EVP_CIPHER_CTX_new();

227

#else

228

EVP_CIPHER_CTX ctx;

229

EVP_CIPHER_CTX_init(&ctx);

230

EVP_CIPHER_CTX *ctx_ptr = &ctx;

231

#endif

232

2/4

✓ Branch 2 taken 48 times.

✗ Branch 3 not taken.

✓ Branch 5 taken 48 times.

✗ Branch 6 not taken.

48

retval = EVP_DecryptInit_ex(ctx_ptr, EVP_aes_256_cbc(), NULL, key.data(), iv);

233

1/2

✗ Branch 0 not taken.

✓ Branch 1 taken 48 times.

48

assert(retval == 1);

234

144

retval = EVP_DecryptUpdate(

235

ctx_ptr, plaintext, &plaintext_len,

236

1/2

✓ Branch 1 taken 48 times.

✗ Branch 2 not taken.

48

reinterpret_cast<const unsigned char *>(ciphertext.data() + kIvSize),

237

48

ciphertext.length() - kIvSize);

238

1/2

✗ Branch 0 not taken.

✓ Branch 1 taken 48 times.

48

if (retval != 1) {

239

✗

free(plaintext);

240

#ifdef OPENSSL_API_INTERFACE_V11

241

✗

EVP_CIPHER_CTX_free(ctx_ptr);

242

#else

243

retval = EVP_CIPHER_CTX_cleanup(&ctx);

244

assert(retval == 1);

245

#endif

246

✗

return "";

247

}

248

1/2

✓ Branch 1 taken 48 times.

✗ Branch 2 not taken.

48

retval = EVP_DecryptFinal_ex(ctx_ptr, plaintext + plaintext_len, &tail_len);

249

#ifdef OPENSSL_API_INTERFACE_V11

250

1/2

✓ Branch 1 taken 48 times.

✗ Branch 2 not taken.

48

EVP_CIPHER_CTX_free(ctx_ptr);

251

#else

252

int retval_2 = EVP_CIPHER_CTX_cleanup(&ctx);

253

assert(retval_2 == 1);

254

#endif

255

2/2

✓ Branch 0 taken 12 times.

✓ Branch 1 taken 36 times.

48

if (retval != 1) {

256

12

free(plaintext);

257

1/2

✓ Branch 2 taken 12 times.

✗ Branch 3 not taken.

12

return "";

258

}

259

260

36

plaintext_len += tail_len;

261

2/2

✓ Branch 0 taken 6 times.

✓ Branch 1 taken 30 times.

36

if (plaintext_len == 0) {

262

6

free(plaintext);

263

1/2

✓ Branch 2 taken 6 times.

✗ Branch 3 not taken.

6

return "";

264

}

265

1/2

✓ Branch 2 taken 30 times.

✗ Branch 3 not taken.

30

string result(reinterpret_cast<char *>(plaintext), plaintext_len);

266

30

free(plaintext);

267

30

return result;

268

30

}

269

270

271

60

string CipherAes256Cbc::DoEncrypt(const string &plaintext, const Key &key) {

272

1/2

✗ Branch 1 not taken.

✓ Branch 2 taken 60 times.

60

assert(key.size() == kKeySize);

273

int retval;

274

275

1/2

✓ Branch 1 taken 60 times.

✗ Branch 2 not taken.

60

shash::Md5 md5(GenerateIv(key));

276

// iv size happens to be md5 digest size

277

60

unsigned char *iv = md5.digest;

278

279

// See OpenSSL documentation as for the size. Additionally, we prepend the

280

// initialization vector.

281

unsigned char *ciphertext = reinterpret_cast<unsigned char *>(

282

60

smalloc(kIvSize + 2 * kBlockSize + plaintext.size()));

283

60

memcpy(ciphertext, iv, kIvSize);

284

60

int cipher_len = 0;

285

60

int tail_len = 0;

286

#ifdef OPENSSL_API_INTERFACE_V11

287

1/2

✓ Branch 1 taken 60 times.

✗ Branch 2 not taken.

60

EVP_CIPHER_CTX *ctx_ptr = EVP_CIPHER_CTX_new();

288

#else

289

EVP_CIPHER_CTX ctx;

290

EVP_CIPHER_CTX_init(&ctx);

291

EVP_CIPHER_CTX *ctx_ptr = &ctx;

292

#endif

293

2/4

✓ Branch 2 taken 60 times.

✗ Branch 3 not taken.

✓ Branch 5 taken 60 times.

✗ Branch 6 not taken.

60

retval = EVP_EncryptInit_ex(ctx_ptr, EVP_aes_256_cbc(), NULL, key.data(), iv);

294

1/2

✗ Branch 0 not taken.

✓ Branch 1 taken 60 times.

60

assert(retval == 1);

295

// Older versions of OpenSSL don't allow empty input buffers

296

2/2

✓ Branch 1 taken 54 times.

✓ Branch 2 taken 6 times.

60

if (!plaintext.empty()) {

297

1/2

✓ Branch 1 taken 54 times.

✗ Branch 2 not taken.

54

retval = EVP_EncryptUpdate(

298

ctx_ptr, ciphertext + kIvSize, &cipher_len,

299

54

reinterpret_cast<const unsigned char *>(plaintext.data()),

300

54

plaintext.length());

301

1/2

✗ Branch 0 not taken.

✓ Branch 1 taken 54 times.

54

assert(retval == 1);

302

}

303

1/2

✓ Branch 1 taken 60 times.

✗ Branch 2 not taken.

60

retval = EVP_EncryptFinal_ex(ctx_ptr, ciphertext + kIvSize + cipher_len,

304

&tail_len);

305

1/2

✗ Branch 0 not taken.

✓ Branch 1 taken 60 times.

60

assert(retval == 1);

306

#ifdef OPENSSL_API_INTERFACE_V11

307

1/2

✓ Branch 1 taken 60 times.

✗ Branch 2 not taken.

60

EVP_CIPHER_CTX_free(ctx_ptr);

308

#else

309

retval = EVP_CIPHER_CTX_cleanup(&ctx);

assert(retval == 1);

#endif

60

cipher_len += tail_len;

314

1/2

✗ Branch 0 not taken.

✓ Branch 1 taken 60 times.

60

assert(cipher_len > 0);

315

1/2

✓ Branch 2 taken 60 times.

✗ Branch 3 not taken.

60

string result(reinterpret_cast<char *>(ciphertext), kIvSize + cipher_len);

316

60

free(ciphertext);

317

120

return result;

}

/**

* The block size of AES-256-CBC happens to be the same of the MD5 digest

323

* (128 bits). Use the HMAC of a UUID to make it random and unpredictable.

324

*/

325

600060

shash::Md5 CipherAes256Cbc::GenerateIv(const Key &key) {

326

// The UUID is random but not necessarily cryptographically random. That

327

// saves the entropy pool.

328

3/6

✓ Branch 2 taken 600060 times.

✗ Branch 3 not taken.

✓ Branch 5 taken 600060 times.

✗ Branch 6 not taken.

✓ Branch 8 taken 600060 times.

✗ Branch 9 not taken.

1200120

const UniquePtr<cvmfs::Uuid> uuid(cvmfs::Uuid::Create(""));

329

1/2

✗ Branch 1 not taken.

✓ Branch 2 taken 600060 times.

600060

assert(uuid.IsValid());

330

331

// Now make it unpredictable, using an HMAC with the encryption key.

332

1/2

✓ Branch 1 taken 600060 times.

✗ Branch 2 not taken.

600060

shash::Any hmac(shash::kMd5);

333

2/4

✓ Branch 8 taken 600060 times.

✗ Branch 9 not taken.

✓ Branch 11 taken 600060 times.

✗ Branch 12 not taken.

600060

shash::Hmac(string(reinterpret_cast<const char *>(key.data()), key.size()),

334

uuid->data(), uuid->size(), &hmac);

335

1/2

✓ Branch 1 taken 600060 times.

✗ Branch 2 not taken.

1200120

return hmac.CastToMd5();

336

600060

}

337

338

339

//------------------------------------------------------------------------------

340

341

342

18

string CipherNone::DoDecrypt(const string &ciphertext, const Key &key) {

343

18

return ciphertext;

}

12

string CipherNone::DoEncrypt(const string &plaintext, const Key &key) {

348

12

return plaintext;

349

}

350

351

} // namespace cipher

352