cc/subtle/aes_eax_boringssl.h - third_party/tink - Git at Google

 // Copyright 2017 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ///////////////////////////////////////////////////////////////////////////////

 #ifndef TINK_SUBTLE_AES_EAX_BORINGSSL_H_
 #define TINK_SUBTLE_AES_EAX_BORINGSSL_H_

 #include <memory>

 #include "absl/strings/string_view.h"
 #include "tink/aead.h"
 #include "tink/util/status.h"
 #include "tink/util/statusor.h"
 #include "openssl/aes.h"
 #include "openssl/evp.h"

 namespace crypto {
 namespace tink {
 namespace subtle {

 class AesEaxBoringSsl : public Aead {
  public:
   // Constructs a new Aead cipher for Aes-EAX.
   // Currently supported key sizes are 128 and 256 bits.
   // Currently supported nonce sizes are 12 and 16 bytes.
   // The tag size is fixed to 16 bytes.
   static crypto::tink::util::StatusOr<std::unique_ptr<Aead>> New(
       absl::string_view key_value, size_t nonce_size_in_bytes);

   crypto::tink::util::StatusOr<std::string> Encrypt(
       absl::string_view plaintext,
       absl::string_view additional_data) const override;

   crypto::tink::util::StatusOr<std::string> Decrypt(
       absl::string_view ciphertext,
       absl::string_view additional_data) const override;

   virtual ~AesEaxBoringSsl() {}

  private:
   static const int TAG_SIZE = 16;
   static const int BLOCK_SIZE = 16;

   AesEaxBoringSsl() = delete;
   AesEaxBoringSsl(absl::string_view key_value, size_t nonce_size);

   // Returns whether key_size_in_bytes is a supported key size.
   static bool IsValidKeySize(size_t key_size_in_bytes);

   // Returns whether nonce_size_in_bytes is a supported size for the nonce.
   static bool IsValidNonceSize(size_t nonce_size_in_bytes);

   // Encrypts a single block with AES.
   void EncryptBlock(const uint8_t in[BLOCK_SIZE],
                     uint8_t out[BLOCK_SIZE]) const;

   // Pads a partial data block of size 0 <= len <= BLOCK_SIZE.
   void Pad(const uint8_t* data, int len,
            uint8_t padded_block[BLOCK_SIZE]) const;

   // Computes a Omac over blob.
   // tag is either 0, 1 or 2, depending over which value (nonce, aad, message)
   // the Omac is computed.
   // mac is the return value of the function.
   void Omac(
       absl::string_view blob,
       int tag,
       uint8_t mac[BLOCK_SIZE]) const;

   // This is the same function as above with the difference that the blob
   // is represented by a pointer and its length.
   void Omac(const uint8_t* data, size_t len, int tag, uint8_t mac[BLOCK_SIZE])
       const;

   // Encrypts or decrypts some data using CTR mode. N are 16 bytes, which
   // are the result of an OMAC computation over the nonce.
   // in are the bytes that are encrypted or decrypted. result is the
   // encrypted rsp. decrypted value. size determines the size of in and result.
   void CtrCrypt(
       const uint8_t N[BLOCK_SIZE],
       const uint8_t *in,
       uint8_t *result,
       size_t size) const;

   // TODO(bleichen): This class is immutable. But it seems difficult to
   //   declare these members const, because the constructor is not trivial.
   AES_KEY aeskey_;
   uint8_t B_[BLOCK_SIZE];
   uint8_t P_[BLOCK_SIZE];
   const std::string key_;
   const size_t nonce_size_;
   // Set by the constructor to true if the initialization was successful.
   // New() is the only method that needs to check is_initialized_, since
   // New() will never return an AesEaxBoringssl instance that is not
   // initialized.
   bool is_initialized_;
 };

 }  // namespace subtle
 }  // namespace tink
 }  // namespace crypto

 #endif  // TINK_SUBTLE_AES_EAX_BORINGSSL_H_
	// Copyright 2017 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	///////////////////////////////////////////////////////////////////////////////

	#ifndef TINK_SUBTLE_AES_EAX_BORINGSSL_H_
	#define TINK_SUBTLE_AES_EAX_BORINGSSL_H_

	#include <memory>

	#include "absl/strings/string_view.h"
	#include "tink/aead.h"
	#include "tink/util/status.h"
	#include "tink/util/statusor.h"
	#include "openssl/aes.h"
	#include "openssl/evp.h"

	namespace crypto {
	namespace tink {
	namespace subtle {

	class AesEaxBoringSsl : public Aead {
	public:
	// Constructs a new Aead cipher for Aes-EAX.
	// Currently supported key sizes are 128 and 256 bits.
	// Currently supported nonce sizes are 12 and 16 bytes.
	// The tag size is fixed to 16 bytes.
	static crypto::tink::util::StatusOr<std::unique_ptr<Aead>> New(
	absl::string_view key_value, size_t nonce_size_in_bytes);

	crypto::tink::util::StatusOr<std::string> Encrypt(
	absl::string_view plaintext,
	absl::string_view additional_data) const override;

	crypto::tink::util::StatusOr<std::string> Decrypt(
	absl::string_view ciphertext,
	absl::string_view additional_data) const override;

	virtual ~AesEaxBoringSsl() {}

	private:
	static const int TAG_SIZE = 16;
	static const int BLOCK_SIZE = 16;

	AesEaxBoringSsl() = delete;
	AesEaxBoringSsl(absl::string_view key_value, size_t nonce_size);

	// Returns whether key_size_in_bytes is a supported key size.
	static bool IsValidKeySize(size_t key_size_in_bytes);

	// Returns whether nonce_size_in_bytes is a supported size for the nonce.
	static bool IsValidNonceSize(size_t nonce_size_in_bytes);

	// Encrypts a single block with AES.
	void EncryptBlock(const uint8_t in[BLOCK_SIZE],
	uint8_t out[BLOCK_SIZE]) const;

	// Pads a partial data block of size 0 <= len <= BLOCK_SIZE.
	void Pad(const uint8_t* data, int len,
	uint8_t padded_block[BLOCK_SIZE]) const;

	// Computes a Omac over blob.
	// tag is either 0, 1 or 2, depending over which value (nonce, aad, message)
	// the Omac is computed.
	// mac is the return value of the function.
	void Omac(
	absl::string_view blob,
	int tag,
	uint8_t mac[BLOCK_SIZE]) const;

	// This is the same function as above with the difference that the blob
	// is represented by a pointer and its length.
	void Omac(const uint8_t* data, size_t len, int tag, uint8_t mac[BLOCK_SIZE])
	const;

	// Encrypts or decrypts some data using CTR mode. N are 16 bytes, which
	// are the result of an OMAC computation over the nonce.
	// in are the bytes that are encrypted or decrypted. result is the
	// encrypted rsp. decrypted value. size determines the size of in and result.
	void CtrCrypt(
	const uint8_t N[BLOCK_SIZE],
	const uint8_t *in,
	uint8_t *result,
	size_t size) const;

	// TODO(bleichen): This class is immutable. But it seems difficult to
	// declare these members const, because the constructor is not trivial.
	AES_KEY aeskey_;
	uint8_t B_[BLOCK_SIZE];
	uint8_t P_[BLOCK_SIZE];
	const std::string key_;
	const size_t nonce_size_;
	// Set by the constructor to true if the initialization was successful.
	// New() is the only method that needs to check is_initialized_, since
	// New() will never return an AesEaxBoringssl instance that is not
	// initialized.
	bool is_initialized_;
	};

	} // namespace subtle
	} // namespace tink
	} // namespace crypto

	#endif // TINK_SUBTLE_AES_EAX_BORINGSSL_H_