cc/subtle/xchacha20_poly1305_boringssl.cc - third_party/tink - Git at Google

 // Copyright 2018 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ///////////////////////////////////////////////////////////////////////////////

 #include "tink/subtle/xchacha20_poly1305_boringssl.h"

 #include <algorithm>
 #include <cstdint>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>

 #include "absl/memory/memory.h"
 #include "absl/status/status.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
 #include "absl/types/span.h"
 #include "tink/aead.h"
 #include "tink/aead/internal/ssl_aead.h"
 #include "tink/internal/util.h"
 #include "tink/subtle/random.h"
 #include "tink/subtle/subtle_util.h"
 #include "tink/util/errors.h"
 #include "tink/util/status.h"
 #include "tink/util/statusor.h"

 namespace crypto {
 namespace tink {
 namespace subtle {

 constexpr int kNonceSizeInBytes = 24;
 constexpr int kTagSizeInBytes = 16;

 util::StatusOr<std::unique_ptr<Aead>> XChacha20Poly1305BoringSsl::New(
     util::SecretData key) {
   auto status = internal::CheckFipsCompatibility<XChacha20Poly1305BoringSsl>();
   if (!status.ok()) {
     return status;
   }
   util::StatusOr<std::unique_ptr<internal::SslOneShotAead>> aead =
       internal::CreateXchacha20Poly1305OneShotCrypter(key);
   if (!aead.ok()) {
     return aead.status();
   }
   std::unique_ptr<Aead> aead_impl =
       absl::WrapUnique(new XChacha20Poly1305BoringSsl(*std::move(aead)));
   return std::move(aead_impl);
 }

 util::StatusOr<std::string> XChacha20Poly1305BoringSsl::Encrypt(
     absl::string_view plaintext, absl::string_view associated_data) const {
   const int64_t kCiphertextSize =
       kNonceSizeInBytes + aead_->CiphertextSize(plaintext.size());
   std::string ct;
   ResizeStringUninitialized(&ct, kCiphertextSize);
   util::Status res =
       Random::GetRandomBytes(absl::MakeSpan(ct).subspan(0, kNonceSizeInBytes));
   if (!res.ok()) {
     return res;
   }
   auto nonce = absl::string_view(ct).substr(0, kNonceSizeInBytes);
   auto ciphertext_and_tag_buffer =
       absl::MakeSpan(ct).subspan(kNonceSizeInBytes);
   util::StatusOr<int64_t> written_bytes = aead_->Encrypt(
       plaintext, associated_data, nonce, ciphertext_and_tag_buffer);
   if (!written_bytes.ok()) {
     return written_bytes.status();
   }
   return ct;
 }

 util::StatusOr<std::string> XChacha20Poly1305BoringSsl::Decrypt(
     absl::string_view ciphertext, absl::string_view associated_data) const {
   if (ciphertext.size() < kNonceSizeInBytes + kTagSizeInBytes) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         absl::StrCat("Ciphertext too short; expected at least ",
                                      kNonceSizeInBytes + kTagSizeInBytes,
                                      " got ", ciphertext.size()));
   }
   const int64_t kPlaintextSize =
       aead_->PlaintextSize(ciphertext.size() - kNonceSizeInBytes);
   std::string plaintext;
   ResizeStringUninitialized(&plaintext, kPlaintextSize);
   auto nonce = ciphertext.substr(0, kNonceSizeInBytes);
   auto encrypted = ciphertext.substr(kNonceSizeInBytes);
   util::StatusOr<int64_t> written_bytes = aead_->Decrypt(
       encrypted, associated_data, nonce, absl::MakeSpan(plaintext));
   if (!written_bytes.ok()) {
     return written_bytes.status();
   }
   return plaintext;
 }

 }  // namespace subtle
 }  // namespace tink
 }  // namespace crypto
	// Copyright 2018 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	///////////////////////////////////////////////////////////////////////////////

	#include "tink/subtle/xchacha20_poly1305_boringssl.h"

	#include <algorithm>
	#include <cstdint>
	#include <memory>
	#include <string>
	#include <utility>
	#include <vector>

	#include "absl/memory/memory.h"
	#include "absl/status/status.h"
	#include "absl/strings/str_cat.h"
	#include "absl/strings/string_view.h"
	#include "absl/types/span.h"
	#include "tink/aead.h"
	#include "tink/aead/internal/ssl_aead.h"
	#include "tink/internal/util.h"
	#include "tink/subtle/random.h"
	#include "tink/subtle/subtle_util.h"
	#include "tink/util/errors.h"
	#include "tink/util/status.h"
	#include "tink/util/statusor.h"

	namespace crypto {
	namespace tink {
	namespace subtle {

	constexpr int kNonceSizeInBytes = 24;
	constexpr int kTagSizeInBytes = 16;

	util::StatusOr<std::unique_ptr<Aead>> XChacha20Poly1305BoringSsl::New(
	util::SecretData key) {
	auto status = internal::CheckFipsCompatibility<XChacha20Poly1305BoringSsl>();
	if (!status.ok()) {
	return status;
	}
	util::StatusOr<std::unique_ptr<internal::SslOneShotAead>> aead =
	internal::CreateXchacha20Poly1305OneShotCrypter(key);
	if (!aead.ok()) {
	return aead.status();
	}
	std::unique_ptr<Aead> aead_impl =
	absl::WrapUnique(new XChacha20Poly1305BoringSsl(*std::move(aead)));
	return std::move(aead_impl);
	}

	util::StatusOr<std::string> XChacha20Poly1305BoringSsl::Encrypt(
	absl::string_view plaintext, absl::string_view associated_data) const {
	const int64_t kCiphertextSize =
	kNonceSizeInBytes + aead_->CiphertextSize(plaintext.size());
	std::string ct;
	ResizeStringUninitialized(&ct, kCiphertextSize);
	util::Status res =
	Random::GetRandomBytes(absl::MakeSpan(ct).subspan(0, kNonceSizeInBytes));
	if (!res.ok()) {
	return res;
	}
	auto nonce = absl::string_view(ct).substr(0, kNonceSizeInBytes);
	auto ciphertext_and_tag_buffer =
	absl::MakeSpan(ct).subspan(kNonceSizeInBytes);
	util::StatusOr<int64_t> written_bytes = aead_->Encrypt(
	plaintext, associated_data, nonce, ciphertext_and_tag_buffer);
	if (!written_bytes.ok()) {
	return written_bytes.status();
	}
	return ct;
	}

	util::StatusOr<std::string> XChacha20Poly1305BoringSsl::Decrypt(
	absl::string_view ciphertext, absl::string_view associated_data) const {
	if (ciphertext.size() < kNonceSizeInBytes + kTagSizeInBytes) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	absl::StrCat("Ciphertext too short; expected at least ",
	kNonceSizeInBytes + kTagSizeInBytes,
	" got ", ciphertext.size()));
	}
	const int64_t kPlaintextSize =
	aead_->PlaintextSize(ciphertext.size() - kNonceSizeInBytes);
	std::string plaintext;
	ResizeStringUninitialized(&plaintext, kPlaintextSize);
	auto nonce = ciphertext.substr(0, kNonceSizeInBytes);
	auto encrypted = ciphertext.substr(kNonceSizeInBytes);
	util::StatusOr<int64_t> written_bytes = aead_->Decrypt(
	encrypted, associated_data, nonce, absl::MakeSpan(plaintext));
	if (!written_bytes.ok()) {
	return written_bytes.status();
	}
	return plaintext;
	}

	} // namespace subtle
	} // namespace tink
	} // namespace crypto