blob: 8b8a8dffff645e6ea2f4b896d43ae1b6bdf5ee2b [file] [edit]
#include "crypto.h"
#include "header.h"
#include <openssl/err.h>
#include <climits>
namespace SFRAME_NAMESPACE {
Result<size_t>
cipher_digest_size(CipherSuite suite)
{
switch (suite) {
case CipherSuite::AES_128_CTR_HMAC_SHA256_80:
case CipherSuite::AES_128_CTR_HMAC_SHA256_64:
case CipherSuite::AES_128_CTR_HMAC_SHA256_32:
case CipherSuite::AES_GCM_128_SHA256:
return 32;
case CipherSuite::AES_GCM_256_SHA512:
return 64;
default:
return SFrameErrorType::unsupported_ciphersuite_error;
}
}
Result<size_t>
cipher_key_size(CipherSuite suite)
{
switch (suite) {
case CipherSuite::AES_128_CTR_HMAC_SHA256_80:
case CipherSuite::AES_128_CTR_HMAC_SHA256_64:
case CipherSuite::AES_128_CTR_HMAC_SHA256_32:
// 16-byte AES key + 32-byte HMAC key
return 48;
case CipherSuite::AES_GCM_128_SHA256:
return 16;
case CipherSuite::AES_GCM_256_SHA512:
return 32;
default:
return SFrameErrorType::unsupported_ciphersuite_error;
}
}
Result<size_t>
cipher_enc_key_size(CipherSuite suite)
{
switch (suite) {
case CipherSuite::AES_128_CTR_HMAC_SHA256_80:
case CipherSuite::AES_128_CTR_HMAC_SHA256_64:
case CipherSuite::AES_128_CTR_HMAC_SHA256_32:
return 16;
default:
return SFrameErrorType::unsupported_ciphersuite_error;
}
}
Result<size_t>
cipher_nonce_size(CipherSuite suite)
{
switch (suite) {
case CipherSuite::AES_128_CTR_HMAC_SHA256_80:
case CipherSuite::AES_128_CTR_HMAC_SHA256_64:
case CipherSuite::AES_128_CTR_HMAC_SHA256_32:
case CipherSuite::AES_GCM_128_SHA256:
case CipherSuite::AES_GCM_256_SHA512:
return 12;
default:
return SFrameErrorType::unsupported_ciphersuite_error;
}
}
Result<size_t>
cipher_overhead(CipherSuite suite)
{
switch (suite) {
case CipherSuite::AES_128_CTR_HMAC_SHA256_80:
return 10; // 80-bit tag
case CipherSuite::AES_128_CTR_HMAC_SHA256_64:
return 8; // 64-bit tag
case CipherSuite::AES_128_CTR_HMAC_SHA256_32:
return 4; // 32-bit tag
case CipherSuite::AES_GCM_128_SHA256:
case CipherSuite::AES_GCM_256_SHA512:
return 16; // Full 128-bit AES-GCM tag
default:
return SFrameErrorType::unsupported_ciphersuite_error;
}
}
Result<int>
checked_int(size_t size)
{
if (size > INT_MAX) {
return SFrameError(SFrameErrorType::invalid_parameter_error,
"Input too large for OpenSSL");
}
return static_cast<int>(size);
}
Result<void>
validate_ctr_size(size_t size)
{
static constexpr uint64_t max_ctr_size = uint64_t(1) << 36;
if (uint64_t(size) > max_ctr_size) {
return SFrameError(SFrameErrorType::invalid_parameter_error,
"CTR input too large");
}
auto size_int = checked_int(size);
if (size_int.is_err()) {
return size_int.error();
}
return Result<void>::ok();
}
void
clear_openssl_errors()
{
ERR_clear_error();
}
} // namespace SFRAME_NAMESPACE