1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/subtle/aes_gcm_siv_boringssl.h"
18
19 #include <cstdint>
20 #include <memory>
21 #include <string>
22 #include <utility>
23 #include <vector>
24
25 #include "absl/memory/memory.h"
26 #include "absl/status/status.h"
27 #include "absl/strings/str_cat.h"
28 #include "absl/strings/string_view.h"
29 #include "absl/types/span.h"
30 #include "tink/aead/internal/ssl_aead.h"
31 #include "tink/subtle/random.h"
32 #include "tink/subtle/subtle_util.h"
33 #include "tink/util/status.h"
34
35 namespace crypto {
36 namespace tink {
37 namespace subtle {
38
39 constexpr int kIvSizeInBytes = 12;
40 constexpr int kTagSizeInBytes = 16;
41
New(const util::SecretData & key)42 util::StatusOr<std::unique_ptr<Aead>> AesGcmSivBoringSsl::New(
43 const util::SecretData& key) {
44 auto status = internal::CheckFipsCompatibility<AesGcmSivBoringSsl>();
45 if (!status.ok()) {
46 return status;
47 }
48
49 util::StatusOr<std::unique_ptr<internal::SslOneShotAead>> aead =
50 internal::CreateAesGcmSivOneShotCrypter(key);
51 if (!aead.ok()) {
52 return aead.status();
53 }
54
55 return {absl::WrapUnique(new AesGcmSivBoringSsl(*std::move(aead)))};
56 }
57
Encrypt(absl::string_view plaintext,absl::string_view associated_data) const58 util::StatusOr<std::string> AesGcmSivBoringSsl::Encrypt(
59 absl::string_view plaintext, absl::string_view associated_data) const {
60 const int64_t kCiphertextSize =
61 kIvSizeInBytes + aead_->CiphertextSize(plaintext.size());
62 std::string ct;
63 ResizeStringUninitialized(&ct, kCiphertextSize);
64 util::Status res =
65 Random::GetRandomBytes(absl::MakeSpan(ct).subspan(0, kIvSizeInBytes));
66 if (!res.ok()) {
67 return res;
68 }
69 auto nonce = absl::string_view(ct).substr(0, kIvSizeInBytes);
70 auto ciphertext_and_tag_buffer = absl::MakeSpan(ct).subspan(kIvSizeInBytes);
71 util::StatusOr<int64_t> written_bytes = aead_->Encrypt(
72 plaintext, associated_data, nonce, ciphertext_and_tag_buffer);
73 if (!written_bytes.ok()) {
74 return written_bytes.status();
75 }
76 return ct;
77 }
78
Decrypt(absl::string_view ciphertext,absl::string_view associated_data) const79 util::StatusOr<std::string> AesGcmSivBoringSsl::Decrypt(
80 absl::string_view ciphertext, absl::string_view associated_data) const {
81 if (ciphertext.size() < kIvSizeInBytes + kTagSizeInBytes) {
82 return util::Status(absl::StatusCode::kInvalidArgument,
83 absl::StrCat("Ciphertext too short; expected at least ",
84 kIvSizeInBytes + kTagSizeInBytes, " got ",
85 ciphertext.size()));
86 }
87 const int64_t kPlaintextSize =
88 aead_->PlaintextSize(ciphertext.size() - kIvSizeInBytes);
89 std::string plaintext;
90 ResizeStringUninitialized(&plaintext, kPlaintextSize);
91 auto nonce = ciphertext.substr(0, kIvSizeInBytes);
92 auto encrypted = ciphertext.substr(kIvSizeInBytes);
93 util::StatusOr<int64_t> written_bytes = aead_->Decrypt(
94 encrypted, associated_data, nonce, absl::MakeSpan(plaintext));
95 if (!written_bytes.ok()) {
96 return written_bytes.status();
97 }
98 return plaintext;
99 }
100
101 } // namespace subtle
102 } // namespace tink
103 } // namespace crypto
104