xref: /aosp_15_r20/external/tink/cc/subtle/aes_gcm_siv_boringssl.h (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 
17 #ifndef TINK_SUBTLE_AES_GCM_SIV_BORINGSSL_H_
18 #define TINK_SUBTLE_AES_GCM_SIV_BORINGSSL_H_
19 
20 #include <memory>
21 #include <string>
22 #include <utility>
23 
24 #include "absl/strings/string_view.h"
25 #include "tink/aead.h"
26 #include "tink/aead/internal/ssl_aead.h"
27 #include "tink/internal/fips_utils.h"
28 #include "tink/util/secret_data.h"
29 #include "tink/util/statusor.h"
30 
31 namespace crypto {
32 namespace tink {
33 namespace subtle {
34 
35 // AES-GCM-SIV is based on the paper
36 // “GCM-SIV: full nonce misuse-resistant authenticated encryption at under one
37 // cycle per byte.” by S.Gueron, and Y.Lindell,
38 // Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications
39 // Security. ACM, 2015.
40 // The implementation uses AES-GCM-SIV as defined in draft-irtf-cfrg-gcmsiv-08
41 // https://datatracker.ietf.org/doc/draft-irtf-cfrg-gcmsiv/
42 //
43 // This encryption mode is intended for authenticated encryption with
44 // associated data. A major security problem with AES-GCM is
45 // that reusing the same nonce twice leaks the authentication key.
46 // AES-GCM-SIV on the other hand has been designed to avoid this vulnerability.
47 //
48 // Usage bounds for the encryption mode can be found on
49 // https://cyber.biu.ac.il/aes-gcm-siv/
50 // or Section 6.3 of this paper:
51 // https://eprint.iacr.org/2017/702.pdf
52 class AesGcmSivBoringSsl : public Aead {
53  public:
54   static crypto::tink::util::StatusOr<std::unique_ptr<Aead>> New(
55       const util::SecretData& key);
56 
57   crypto::tink::util::StatusOr<std::string> Encrypt(
58       absl::string_view plaintext,
59       absl::string_view associated_data) const override;
60 
61   crypto::tink::util::StatusOr<std::string> Decrypt(
62       absl::string_view ciphertext,
63       absl::string_view associated_data) const override;
64 
65   static constexpr crypto::tink::internal::FipsCompatibility kFipsStatus =
66       crypto::tink::internal::FipsCompatibility::kNotFips;
67 
68  private:
AesGcmSivBoringSsl(std::unique_ptr<internal::SslOneShotAead> aead)69   explicit AesGcmSivBoringSsl(std::unique_ptr<internal::SslOneShotAead> aead)
70       : aead_(std::move(aead)) {}
71 
72   const std::unique_ptr<internal::SslOneShotAead> aead_;
73 };
74 
75 }  // namespace subtle
76 }  // namespace tink
77 }  // namespace crypto
78 
79 #endif  // TINK_SUBTLE_AES_GCM_SIV_BORINGSSL_H_
80