xref: /aosp_15_r20/external/tink/cc/aead/internal/aead_util.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1*e7b1675dSTing-Kang Chang // Copyright 2021 Google LLC
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang //     http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang #include "tink/aead/internal/aead_util.h"
17*e7b1675dSTing-Kang Chang 
18*e7b1675dSTing-Kang Chang #include <string>
19*e7b1675dSTing-Kang Chang 
20*e7b1675dSTing-Kang Chang #include "absl/status/status.h"
21*e7b1675dSTing-Kang Chang #include "openssl/evp.h"
22*e7b1675dSTing-Kang Chang #include "tink/util/errors.h"
23*e7b1675dSTing-Kang Chang #include "tink/util/statusor.h"
24*e7b1675dSTing-Kang Chang 
25*e7b1675dSTing-Kang Chang namespace crypto {
26*e7b1675dSTing-Kang Chang namespace tink {
27*e7b1675dSTing-Kang Chang namespace internal {
28*e7b1675dSTing-Kang Chang 
IsSupportedKmsEnvelopeAeadDekKeyType(absl::string_view key_type)29*e7b1675dSTing-Kang Chang bool IsSupportedKmsEnvelopeAeadDekKeyType(absl::string_view key_type) {
30*e7b1675dSTing-Kang Chang   static const auto *kSupportedDekKeyTypes =
31*e7b1675dSTing-Kang Chang       new absl::flat_hash_set<std::string>({
32*e7b1675dSTing-Kang Chang           "type.googleapis.com/google.crypto.tink.AesGcmKey",
33*e7b1675dSTing-Kang Chang           "type.googleapis.com/google.crypto.tink.XChaCha20Poly1305Key",
34*e7b1675dSTing-Kang Chang           "type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey",
35*e7b1675dSTing-Kang Chang           "type.googleapis.com/google.crypto.tink.AesEaxKey",
36*e7b1675dSTing-Kang Chang           "type.googleapis.com/google.crypto.tink.AesGcmSivKey",
37*e7b1675dSTing-Kang Chang       });
38*e7b1675dSTing-Kang Chang   return kSupportedDekKeyTypes->contains(key_type);
39*e7b1675dSTing-Kang Chang }
40*e7b1675dSTing-Kang Chang 
GetAesGcmCipherForKeySize(uint32_t key_size_in_bytes)41*e7b1675dSTing-Kang Chang util::StatusOr<const EVP_CIPHER *> GetAesGcmCipherForKeySize(
42*e7b1675dSTing-Kang Chang     uint32_t key_size_in_bytes) {
43*e7b1675dSTing-Kang Chang   switch (key_size_in_bytes) {
44*e7b1675dSTing-Kang Chang     case 16:
45*e7b1675dSTing-Kang Chang       return EVP_aes_128_gcm();
46*e7b1675dSTing-Kang Chang     case 32:
47*e7b1675dSTing-Kang Chang       return EVP_aes_256_gcm();
48*e7b1675dSTing-Kang Chang     default:
49*e7b1675dSTing-Kang Chang       return ToStatusF(absl::StatusCode::kInvalidArgument,
50*e7b1675dSTing-Kang Chang                        "Invalid key size %d", key_size_in_bytes);
51*e7b1675dSTing-Kang Chang   }
52*e7b1675dSTing-Kang Chang }
53*e7b1675dSTing-Kang Chang 
54*e7b1675dSTing-Kang Chang #ifdef OPENSSL_IS_BORINGSSL
GetAesGcmAeadForKeySize(uint32_t key_size_in_bytes)55*e7b1675dSTing-Kang Chang util::StatusOr<const EVP_AEAD *> GetAesGcmAeadForKeySize(
56*e7b1675dSTing-Kang Chang     uint32_t key_size_in_bytes) {
57*e7b1675dSTing-Kang Chang   switch (key_size_in_bytes) {
58*e7b1675dSTing-Kang Chang     case 16:
59*e7b1675dSTing-Kang Chang       return EVP_aead_aes_128_gcm();
60*e7b1675dSTing-Kang Chang     case 32:
61*e7b1675dSTing-Kang Chang       return EVP_aead_aes_256_gcm();
62*e7b1675dSTing-Kang Chang     default:
63*e7b1675dSTing-Kang Chang       return ToStatusF(absl::StatusCode::kInvalidArgument,
64*e7b1675dSTing-Kang Chang                        "Invalid key size %d", key_size_in_bytes);
65*e7b1675dSTing-Kang Chang   }
66*e7b1675dSTing-Kang Chang }
67*e7b1675dSTing-Kang Chang 
GetAesGcmSivAeadCipherForKeySize(int key_size_in_bytes)68*e7b1675dSTing-Kang Chang util::StatusOr<const EVP_AEAD *> GetAesGcmSivAeadCipherForKeySize(
69*e7b1675dSTing-Kang Chang     int key_size_in_bytes) {
70*e7b1675dSTing-Kang Chang   switch (key_size_in_bytes) {
71*e7b1675dSTing-Kang Chang     case 16:
72*e7b1675dSTing-Kang Chang       return EVP_aead_aes_128_gcm_siv();
73*e7b1675dSTing-Kang Chang     case 32:
74*e7b1675dSTing-Kang Chang       return EVP_aead_aes_256_gcm_siv();
75*e7b1675dSTing-Kang Chang     default:
76*e7b1675dSTing-Kang Chang       return ToStatusF(
77*e7b1675dSTing-Kang Chang           absl::StatusCode::kInvalidArgument,
78*e7b1675dSTing-Kang Chang           "Invalid key size; valid values are {16, 32} bytes, got %d",
79*e7b1675dSTing-Kang Chang           key_size_in_bytes);
80*e7b1675dSTing-Kang Chang   }
81*e7b1675dSTing-Kang Chang }
82*e7b1675dSTing-Kang Chang #endif
83*e7b1675dSTing-Kang Chang 
84*e7b1675dSTing-Kang Chang }  // namespace internal
85*e7b1675dSTing-Kang Chang }  // namespace tink
86*e7b1675dSTing-Kang Chang }  // namespace crypto
87