Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor: change init and destroy_key return type to S2N_RESULT in s2n_cipher struct #4639

Merged
merged 7 commits into from
Jul 10, 2024
22 changes: 11 additions & 11 deletions crypto/s2n_aead_cipher_aes_gcm.c
Original file line number Diff line number Diff line change
Expand Up @@ -185,22 +185,22 @@ static int s2n_aead_cipher_aes256_gcm_set_decryption_key_tls13(struct s2n_sessio
return S2N_SUCCESS;
}

static int s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key)
static S2N_RESULT s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key)
{
POSIX_ENSURE_REF(key);
RESULT_ENSURE_REF(key);

EVP_AEAD_CTX_zero(key->evp_aead_ctx);

return S2N_SUCCESS;
return S2N_RESULT_OK;
}

static int s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key)
static S2N_RESULT s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key)
{
POSIX_ENSURE_REF(key);
RESULT_ENSURE_REF(key);

EVP_AEAD_CTX_cleanup(key->evp_aead_ctx);

return S2N_SUCCESS;
return S2N_RESULT_OK;
}

#else /* Standard AES-GCM implementation */
Expand Down Expand Up @@ -357,18 +357,18 @@ static int s2n_aead_cipher_aes256_gcm_set_decryption_key_tls13(struct s2n_sessio
return S2N_SUCCESS;
}

static int s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key)
static S2N_RESULT s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key)
{
s2n_evp_ctx_init(key->evp_cipher_ctx);
RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);

return S2N_SUCCESS;
return S2N_RESULT_OK;
}

static int s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key)
static S2N_RESULT s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key)
{
EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);

return S2N_SUCCESS;
return S2N_RESULT_OK;
}

#endif
Expand Down
26 changes: 13 additions & 13 deletions crypto/s2n_aead_cipher_chacha20_poly1305.c
Original file line number Diff line number Diff line change
Expand Up @@ -143,18 +143,18 @@ static int s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_session_key
return 0;
}

static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
static S2N_RESULT s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
{
s2n_evp_ctx_init(key->evp_cipher_ctx);
RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);

return 0;
return S2N_RESULT_OK;
}

static int s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
static S2N_RESULT s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
{
EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);

return 0;
return S2N_RESULT_OK;
}

#elif defined(S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC) /* BoringSSL and AWS-LC implementation */
Expand Down Expand Up @@ -212,18 +212,18 @@ static int s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_session_key
return 0;
}

static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
static S2N_RESULT s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
{
EVP_AEAD_CTX_zero(key->evp_aead_ctx);

return 0;
return S2N_RESULT_OK;
}

static int s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
static S2N_RESULT s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
{
EVP_AEAD_CTX_cleanup(key->evp_aead_ctx);

return 0;
return S2N_RESULT_OK;
}

#else /* No ChaCha20-Poly1305 implementation exists for chosen cryptographic provider (E.g Openssl 1.0.x) */
Expand All @@ -248,14 +248,14 @@ static int s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_session_key
POSIX_BAIL(S2N_ERR_KEY_INIT);
}

static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
static S2N_RESULT s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
{
POSIX_BAIL(S2N_ERR_KEY_INIT);
RESULT_BAIL(S2N_ERR_KEY_INIT);
}

static int s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
static S2N_RESULT s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
{
POSIX_BAIL(S2N_ERR_KEY_DESTROY);
RESULT_BAIL(S2N_ERR_KEY_DESTROY);
}

#endif
Expand Down
10 changes: 5 additions & 5 deletions crypto/s2n_cbc_cipher_3des.c
Original file line number Diff line number Diff line change
Expand Up @@ -74,18 +74,18 @@ static int s2n_cbc_cipher_3des_set_encryption_key(struct s2n_session_key *key, s
return 0;
}

static int s2n_cbc_cipher_3des_init(struct s2n_session_key *key)
static S2N_RESULT s2n_cbc_cipher_3des_init(struct s2n_session_key *key)
{
s2n_evp_ctx_init(key->evp_cipher_ctx);
RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);

return 0;
return S2N_RESULT_OK;
}

static int s2n_cbc_cipher_3des_destroy_key(struct s2n_session_key *key)
static S2N_RESULT s2n_cbc_cipher_3des_destroy_key(struct s2n_session_key *key)
{
EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);

return 0;
return S2N_RESULT_OK;
}

const struct s2n_cipher s2n_3des = {
Expand Down
10 changes: 5 additions & 5 deletions crypto/s2n_cbc_cipher_aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -100,18 +100,18 @@ int s2n_cbc_cipher_aes256_set_encryption_key(struct s2n_session_key *key, struct
return 0;
}

static int s2n_cbc_cipher_aes_init(struct s2n_session_key *key)
static S2N_RESULT s2n_cbc_cipher_aes_init(struct s2n_session_key *key)
{
s2n_evp_ctx_init(key->evp_cipher_ctx);
RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);

return 0;
return S2N_RESULT_OK;
}

static int s2n_cbc_cipher_aes_destroy_key(struct s2n_session_key *key)
static S2N_RESULT s2n_cbc_cipher_aes_destroy_key(struct s2n_session_key *key)
{
EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);

return 0;
return S2N_RESULT_OK;
}

const struct s2n_cipher s2n_aes128 = {
Expand Down
4 changes: 2 additions & 2 deletions crypto/s2n_cipher.h
Original file line number Diff line number Diff line change
Expand Up @@ -83,10 +83,10 @@ struct s2n_cipher {
} io;
uint8_t key_material_size;
uint8_t (*is_available)(void);
int (*init)(struct s2n_session_key *key);
S2N_RESULT (*init)(struct s2n_session_key *key);
int (*set_decryption_key)(struct s2n_session_key *key, struct s2n_blob *in);
int (*set_encryption_key)(struct s2n_session_key *key, struct s2n_blob *in);
int (*destroy_key)(struct s2n_session_key *key);
S2N_RESULT (*destroy_key)(struct s2n_session_key *key);
S2N_RESULT (*set_ktls_info)(struct s2n_ktls_crypto_info_inputs *inputs,
struct s2n_ktls_crypto_info *crypto_info);
};
Expand Down
10 changes: 5 additions & 5 deletions crypto/s2n_composite_cipher_aes_sha.c
Original file line number Diff line number Diff line change
Expand Up @@ -287,18 +287,18 @@ static int s2n_composite_cipher_aes256_sha256_set_decryption_key(struct s2n_sess
return 0;
}

static int s2n_composite_cipher_aes_sha_init(struct s2n_session_key *key)
static S2N_RESULT s2n_composite_cipher_aes_sha_init(struct s2n_session_key *key)
{
s2n_evp_ctx_init(key->evp_cipher_ctx);
RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);

return 0;
return S2N_RESULT_OK;
}

static int s2n_composite_cipher_aes_sha_destroy_key(struct s2n_session_key *key)
static S2N_RESULT s2n_composite_cipher_aes_sha_destroy_key(struct s2n_session_key *key)
{
EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);

return 0;
return S2N_RESULT_OK;
}

const struct s2n_cipher s2n_aes128_sha = {
Expand Down
8 changes: 4 additions & 4 deletions crypto/s2n_stream_cipher_null.c
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,14 @@ static int s2n_stream_cipher_null_get_key(struct s2n_session_key *key, struct s2
return 0;
}

static int s2n_stream_cipher_null_destroy_key(struct s2n_session_key *key)
static S2N_RESULT s2n_stream_cipher_null_destroy_key(struct s2n_session_key *key)
{
return 0;
return S2N_RESULT_OK;
}

static int s2n_stream_cipher_null_init(struct s2n_session_key *key)
static S2N_RESULT s2n_stream_cipher_null_init(struct s2n_session_key *key)
{
return 0;
return S2N_RESULT_OK;
}

const struct s2n_cipher s2n_null_cipher = {
Expand Down
10 changes: 5 additions & 5 deletions crypto/s2n_stream_cipher_rc4.c
Original file line number Diff line number Diff line change
Expand Up @@ -87,18 +87,18 @@ static int s2n_stream_cipher_rc4_set_decryption_key(struct s2n_session_key *key,
return S2N_SUCCESS;
}

static int s2n_stream_cipher_rc4_init(struct s2n_session_key *key)
static S2N_RESULT s2n_stream_cipher_rc4_init(struct s2n_session_key *key)
{
s2n_evp_ctx_init(key->evp_cipher_ctx);
RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);

return 0;
return S2N_RESULT_OK;
}

static int s2n_stream_cipher_rc4_destroy_key(struct s2n_session_key *key)
static S2N_RESULT s2n_stream_cipher_rc4_destroy_key(struct s2n_session_key *key)
{
EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);

return 0;
return S2N_RESULT_OK;
}

const struct s2n_cipher s2n_rc4 = {
Expand Down
4 changes: 2 additions & 2 deletions tests/testlib/s2n_connection_test_utils.c
Original file line number Diff line number Diff line change
Expand Up @@ -296,13 +296,13 @@ S2N_RESULT s2n_connection_set_secrets(struct s2n_connection *conn)
uint8_t client_key_bytes[S2N_TLS13_SECRET_MAX_LEN] = "client key";
struct s2n_blob client_key = { 0 };
RESULT_GUARD_POSIX(s2n_blob_init(&client_key, client_key_bytes, cipher->key_material_size));
RESULT_GUARD_POSIX(cipher->init(&conn->secure->client_key));
RESULT_GUARD(cipher->init(&conn->secure->client_key));
RESULT_GUARD_POSIX(cipher->set_encryption_key(&conn->secure->client_key, &client_key));

uint8_t server_key_bytes[S2N_TLS13_SECRET_MAX_LEN] = "server key";
struct s2n_blob server_key = { 0 };
RESULT_GUARD_POSIX(s2n_blob_init(&server_key, server_key_bytes, cipher->key_material_size));
RESULT_GUARD_POSIX(cipher->init(&conn->secure->server_key));
RESULT_GUARD(cipher->init(&conn->secure->server_key));
RESULT_GUARD_POSIX(cipher->set_encryption_key(&conn->secure->server_key, &server_key));

conn->client = conn->secure;
Expand Down
8 changes: 4 additions & 4 deletions tests/unit/s2n_3des_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@ int main(int argc, char **argv)

/* test the 3des cipher with a SHA1 hash */
conn->secure->cipher_suite->record_alg = &s2n_record_alg_3des_sha;
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key));
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key));
EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key));
EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key));
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &des3));
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &des3));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
Expand Down Expand Up @@ -107,8 +107,8 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}

EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key));
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key));
EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key));
EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));

END_TEST();
Expand Down
8 changes: 4 additions & 4 deletions tests/unit/s2n_aead_aes_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,15 @@

static int destroy_server_keys(struct s2n_connection *server_conn)
{
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key));
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key));
POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key));
POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key));
return 0;
}

static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob *key)
{
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key));
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key));
POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key));
POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key));
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key));
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key));

Expand Down
20 changes: 10 additions & 10 deletions tests/unit/s2n_aead_chacha20_poly1305_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,15 @@

static int destroy_server_keys(struct s2n_connection *server_conn)
{
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key));
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key));
POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key));
POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key));
return 0;
}

static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob *key)
{
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key));
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key));
POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key));
POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key));
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key));
POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key));

Expand Down Expand Up @@ -182,8 +182,8 @@ int main(int argc, char **argv)

EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));

/* Tamper with the TAG and ensure decryption fails */
for (size_t j = 0; j < S2N_TLS_CHACHA20_POLY1305_TAG_LEN; j++) {
Expand All @@ -208,8 +208,8 @@ int main(int argc, char **argv)

EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
}

/* Tamper with the encrypted payload in the ciphertext and ensure decryption fails */
Expand All @@ -235,8 +235,8 @@ int main(int argc, char **argv)

EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
}
}

Expand Down
Loading
Loading