1 /* 2 * Copyright 2018 Google LLC 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * https://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef FCP_SECAGG_SHARED_AES_GCM_ENCRYPTION_H_ 18 #define FCP_SECAGG_SHARED_AES_GCM_ENCRYPTION_H_ 19 20 #include <string> 21 22 #include "fcp/base/monitoring.h" 23 #include "fcp/secagg/shared/aes_key.h" 24 #include "openssl/evp.h" 25 26 namespace fcp { 27 namespace secagg { 28 29 // A class to handle encryption and decryption using AES-256-GCM. 30 // This class is NOT thread-safe. 31 class AesGcmEncryption { 32 public: 33 AesGcmEncryption(); 34 35 // Encrypts the plaintext with the given key, using AES-256-GCM. Prepends an 36 // IV randomly generated with the given prng to the ciphertext, and appends 37 // the AES-GCM tag. 38 std::string Encrypt(const AesKey& key, const std::string& plaintext); 39 40 // Decrypts the plaintext with the given key, using AES-256-GCM. Expects the 41 // IV to be prepended to the ciphertext, and the tag to be appended. If the 42 // tag does not authenticate, returns a DATA_LOSS error status. 43 StatusOr<std::string> Decrypt(const AesKey& key, 44 const std::string& ciphertext); 45 }; 46 47 } // namespace secagg 48 } // namespace fcp 49 50 #endif // FCP_SECAGG_SHARED_AES_GCM_ENCRYPTION_H_ 51