/src/ghostpdl/base/saes.c

Source
/* Copyright (C) 2001-2023 Artifex Software, Inc.
   All Rights Reserved.

   This software is provided AS-IS with no warranty, either express or
   implied.

   This software is distributed under license and may not be copied,
   modified or distributed except as expressly authorized under the terms
   of the license contained in the file LICENSE in this distribution.

   Refer to licensing information at http://www.artifex.com or contact
   Artifex Software, Inc.,  39 Mesa Street, Suite 108A, San Francisco,
   CA 94129, USA, for further information.
*/



/* AES filter implementation */

#include "memory_.h"
#include "gserrors.h"
#include "strimpl.h"
#include "saes.h"

/* stream implementation */

private_st_aes_state(); /* creates a gc object for our state,
                           defined in saes.h */

/* Store a key in our crypt context */
int
s_aes_set_key(stream_aes_state * state, const unsigned char *key,
                  int keylength)
{
    int code = 0;

    if ( (keylength < 1) || (keylength > SAES_MAX_KEYLENGTH) )
        return_error(gs_error_rangecheck);
    if (key == NULL)
        return_error(gs_error_invalidaccess);

    /* we can't set the key here because the interpreter's
       filter implementation wants to duplicate our state
       after the zfaes.c binding calls us. So stash it now
       and handle it in our process method. */
    memcpy(state->key, key, keylength);
    state->keylength = keylength;

    if (code) {
      return gs_throw(gs_error_rangecheck, "could not set AES key");
    }

    /* return successfully */
    return 0;
}

/* Specify whether the plaintext stream uses RFC 1423-style padding
 * (allowing it to be an arbitrary length), or is unpadded (and must
 * therefore be a multiple of 16 bytes long). */
void
s_aes_set_padding(stream_aes_state *state, int use_padding)
{
    state->use_padding = use_padding;
}

/* initialize our state object. */
static int
s_aes_init(stream_state *ss)
{
    stream_aes_state *const state = (stream_aes_state *) ss;

    /* clear the flags so we know we're at the start of a stream */
    state->initialized = 0;
    state->ctx = NULL;

    return 0;
}

/* release our private storage */
static void
s_aes_release(stream_state *ss)
{
    stream_aes_state *const state = (stream_aes_state *) ss;

    if (state->ctx != NULL)
        gs_free_object(state->memory, state->ctx, "aes context structure");
}

/* (de)crypt a section of text--the procedure is the same
 * in each direction. see strimpl.h for return codes.
 */
static int
s_aes_process(stream_state * ss, stream_cursor_read * pr,
                  stream_cursor_write * pw, bool last)
{
    stream_aes_state *const state = (stream_aes_state *) ss;
    const unsigned char *limit;
    const long in_size = pr->limit - pr->ptr;
    const long out_size = pw->limit - pw->ptr;
    unsigned char temp[16];
    int status = 0;

    /* figure out if we're going to run out of space */
    if (in_size > out_size) {
        limit = pr->ptr + out_size;
        status = 1; /* need more output space */
    } else {
        limit = pr->limit;
        status = last ? EOFC : 0; /* need more input */
    }

    /* set up state and context */
    if (state->ctx == NULL) {
      /* allocate the aes context. this is a public struct but it
         contains internal pointers, so we need to store it separately
         in immovable memory like any opaque structure. */
      state->ctx = (aes_context *)gs_alloc_bytes_immovable(state->memory,
                sizeof(aes_context), "aes context structure");
      if (state->ctx == NULL) {
        gs_throw(gs_error_VMerror, "could not allocate aes context");
        return ERRC;
      }
      memset(state->ctx, 0x00, sizeof(aes_context));
      if (state->keylength < 1 || state->keylength > SAES_MAX_KEYLENGTH) {
        gs_throw1(gs_error_rangecheck, "invalid aes key length (%d bytes)",
                state->keylength);
        return ERRC;
      }
      aes_setkey_dec(state->ctx, state->key, state->keylength * 8);
    }
    if (!state->initialized) {
        /* read the initialization vector from the first 16 bytes */
        if (in_size < 16) return 0; /* get more data */
        memcpy(state->iv, pr->ptr + 1, 16);
        state->initialized = 1;
        pr->ptr += 16;
    }

    /* decrypt available blocks */
    while (pr->ptr + 16 <= limit) {
      aes_crypt_cbc(state->ctx, AES_DECRYPT, 16, state->iv,
                                pr->ptr + 1, temp);
      pr->ptr += 16;
      if (last && pr->ptr == pr->limit) {
        /* we're on the last block; unpad if necessary */
        int pad;

        if (state->use_padding) {
          /* we are using RFC 1423-style padding, so the last byte of the
             plaintext gives the number of bytes to discard */
          pad = temp[15];
          if (pad < 1 || pad > 16) {
            /* Bug 692343 - don't error here, just warn. Take padding to be
             * zero. This may give us a stream that's too long - preferable
             * to the alternatives. */
            gs_warn1("invalid aes padding byte (0x%02x)",
                     (unsigned char)pad);
            pad = 0;
          }
        } else {
          /* not using padding */
          pad = 0;
        }

        memcpy(pw->ptr + 1, temp, 16 - pad);
        pw->ptr +=  16 - pad;
        return EOFC;
      }
      memcpy(pw->ptr + 1, temp, 16);
      pw->ptr += 16;
    }

    /* if we got to the end of the file without triggering the padding
       check, the input must not have been a multiple of 16 bytes long.
       complain. */
    if (status == EOFC) {
      gs_throw(gs_error_rangecheck, "aes stream isn't a multiple of 16 bytes");
      return 0;
    }

    return status;
}

/* stream template */
const stream_template s_aes_template = {
    &st_aes_state, s_aes_init,
    s_aes_process, 16, 16,
    s_aes_release
};

Line	Count	Source
1		/* Copyright (C) 2001-2023 Artifex Software, Inc.
2		All Rights Reserved.
3
4		This software is provided AS-IS with no warranty, either express or
5		implied.
6
7		This software is distributed under license and may not be copied,
8		modified or distributed except as expressly authorized under the terms
9		of the license contained in the file LICENSE in this distribution.
10
11		Refer to licensing information at http://www.artifex.com or contact
12		Artifex Software, Inc., 39 Mesa Street, Suite 108A, San Francisco,
13		CA 94129, USA, for further information.
14		*/
15
16
17
18		/* AES filter implementation */
19
20		#include "memory_.h"
21		#include "gserrors.h"
22		#include "strimpl.h"
23		#include "saes.h"
24
25		/* stream implementation */
26
27		private_st_aes_state(); /* creates a gc object for our state,
28		defined in saes.h */
29
30		/* Store a key in our crypt context */
31		int
32		s_aes_set_key(stream_aes_state * state, const unsigned char *key,
33		int keylength)
34	38.3k	{
35	38.3k	int code = 0;
36
37	38.3k	if ( (keylength < 1) \|\| (keylength > SAES_MAX_KEYLENGTH) )
38	0	return_error(gs_error_rangecheck);
39	38.3k	if (key == NULL)
40	0	return_error(gs_error_invalidaccess);
41
42		/* we can't set the key here because the interpreter's
43		filter implementation wants to duplicate our state
44		after the zfaes.c binding calls us. So stash it now
45		and handle it in our process method. */
46	38.3k	memcpy(state->key, key, keylength);
47	38.3k	state->keylength = keylength;
48
49	38.3k	if (code) {
50	0	return gs_throw(gs_error_rangecheck, "could not set AES key");
51	0	}
52
53		/* return successfully */
54	38.3k	return 0;
55	38.3k	}
56
57		/* Specify whether the plaintext stream uses RFC 1423-style padding
58		* (allowing it to be an arbitrary length), or is unpadded (and must
59		* therefore be a multiple of 16 bytes long). */
60		void
61		s_aes_set_padding(stream_aes_state *state, int use_padding)
62	38.3k	{
63	38.3k	state->use_padding = use_padding;
64	38.3k	}
65
66		/* initialize our state object. */
67		static int
68		s_aes_init(stream_state *ss)
69	38.3k	{
70	38.3k	stream_aes_state const state = (stream_aes_state ) ss;
71
72		/* clear the flags so we know we're at the start of a stream */
73	38.3k	state->initialized = 0;
74	38.3k	state->ctx = NULL;
75
76	38.3k	return 0;
77	38.3k	}
78
79		/* release our private storage */
80		static void
81		s_aes_release(stream_state *ss)
82	38.3k	{
83	38.3k	stream_aes_state const state = (stream_aes_state ) ss;
84
85	38.3k	if (state->ctx != NULL)
86	37.4k	gs_free_object(state->memory, state->ctx, "aes context structure");
87	38.3k	}
88
89		/* (de)crypt a section of text--the procedure is the same
90		* in each direction. see strimpl.h for return codes.
91		*/
92		static int
93		s_aes_process(stream_state * ss, stream_cursor_read * pr,
94		stream_cursor_write * pw, bool last)
95	109k	{
96	109k	stream_aes_state const state = (stream_aes_state ) ss;
97	109k	const unsigned char *limit;
98	109k	const long in_size = pr->limit - pr->ptr;
99	109k	const long out_size = pw->limit - pw->ptr;
100	109k	unsigned char temp[16];
101	109k	int status = 0;
102
103		/* figure out if we're going to run out of space */
104	109k	if (in_size > out_size) {
105	28.2k	limit = pr->ptr + out_size;
106	28.2k	status = 1; /* need more output space */
107	81.5k	} else {
108	81.5k	limit = pr->limit;
109	81.5k	status = last ? EOFC : 0; /* need more input */
110	81.5k	}
111
112		/* set up state and context */
113	109k	if (state->ctx == NULL) {
114		/* allocate the aes context. this is a public struct but it
115		contains internal pointers, so we need to store it separately
116		in immovable memory like any opaque structure. */
117	37.4k	state->ctx = (aes_context *)gs_alloc_bytes_immovable(state->memory,
118	37.4k	sizeof(aes_context), "aes context structure");
119	37.4k	if (state->ctx == NULL) {
120	0	gs_throw(gs_error_VMerror, "could not allocate aes context");
121	0	return ERRC;
122	0	}
123	37.4k	memset(state->ctx, 0x00, sizeof(aes_context));
124	37.4k	if (state->keylength < 1 \|\| state->keylength > SAES_MAX_KEYLENGTH) {
125	0	gs_throw1(gs_error_rangecheck, "invalid aes key length (%d bytes)",
126	0	state->keylength);
127	0	return ERRC;
128	0	}
129	37.4k	aes_setkey_dec(state->ctx, state->key, state->keylength * 8);
130	37.4k	}
131	109k	if (!state->initialized) {
132		/* read the initialization vector from the first 16 bytes */
133	62.7k	if (in_size < 16) return 0; /* get more data */
134	36.4k	memcpy(state->iv, pr->ptr + 1, 16);
135	36.4k	state->initialized = 1;
136	36.4k	pr->ptr += 16;
137	36.4k	}
138
139		/* decrypt available blocks */
140	4.23M	while (pr->ptr + 16 <= limit) {
141	4.17M	aes_crypt_cbc(state->ctx, AES_DECRYPT, 16, state->iv,
142	4.17M	pr->ptr + 1, temp);
143	4.17M	pr->ptr += 16;
144	4.17M	if (last && pr->ptr == pr->limit) {
145		/* we're on the last block; unpad if necessary */
146	23.1k	int pad;
147
148	23.1k	if (state->use_padding) {
149		/* we are using RFC 1423-style padding, so the last byte of the
150		plaintext gives the number of bytes to discard */
151	23.1k	pad = temp[15];
152	23.1k	if (pad < 1 \|\| pad > 16) {
153		/* Bug 692343 - don't error here, just warn. Take padding to be
154		* zero. This may give us a stream that's too long - preferable
155		* to the alternatives. */
156	1.34k	gs_warn1("invalid aes padding byte (0x%02x)",
157	1.34k	(unsigned char)pad);
158	1.34k	pad = 0;
159	1.34k	}
160	23.1k	} else {
161		/* not using padding */
162	0	pad = 0;
163	0	}
164
165	23.1k	memcpy(pw->ptr + 1, temp, 16 - pad);
166	23.1k	pw->ptr += 16 - pad;
167	23.1k	return EOFC;
168	23.1k	}
169	4.15M	memcpy(pw->ptr + 1, temp, 16);
170	4.15M	pw->ptr += 16;
171	4.15M	}
172
173		/* if we got to the end of the file without triggering the padding
174		check, the input must not have been a multiple of 16 bytes long.
175		complain. */
176	60.4k	if (status == EOFC) {
177	3.77k	gs_throw(gs_error_rangecheck, "aes stream isn't a multiple of 16 bytes");
178	3.77k	return 0;
179	3.77k	}
180
181	56.6k	return status;
182	60.4k	}
183
184		/* stream template */
185		const stream_template s_aes_template = {
186		&st_aes_state, s_aes_init,
187		s_aes_process, 16, 16,
188		s_aes_release
189		};

Coverage Report

Created: 2026-04-01 07:17