Make encrypt/decrypt local functions of key-provider.cpp

Change-Id: I0dfceda850c69b09a92d26254642357838ea7cb5

2 files changed, 80 insertions, 96 deletions

diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp
index 2895b6c0..0ed59cc5 100644
--- a/src/manager/service/key-provider.cpp
+++ b/src/manager/service/key-provider.cpp
@@ -45,6 +45,86 @@ RawBuffer toRawBuffer(T *)
 	return RawBuffer();
 }
 
+int encryptAes256Gcm(const unsigned char *plaintext,
+                     int plaintext_len, const unsigned char *key, const unsigned char *iv,
+                     unsigned char *ciphertext, unsigned char *tag)
+{
+	EVP_CIPHER_CTX *ctx;
+	int len;
+	int ciphertext_len = 0;
+
+	if (!(ctx = EVP_CIPHER_CTX_new()))
+		return OPENSSL_ENGINE_ERROR;
+
+	if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+		return OPENSSL_ENGINE_ERROR;
+
+	if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+		return OPENSSL_ENGINE_ERROR;
+
+	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+		return OPENSSL_ENGINE_ERROR;
+
+	if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
+		return OPENSSL_ENGINE_ERROR;
+
+	ciphertext_len = len;
+
+	if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
+		return OPENSSL_ENGINE_ERROR;
+
+	ciphertext_len += len;
+
+	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
+		return OPENSSL_ENGINE_ERROR;
+
+	EVP_CIPHER_CTX_free(ctx);
+
+	return ciphertext_len;
+}
+
+int decryptAes256Gcm(const unsigned char *ciphertext,
+                     int ciphertext_len, unsigned char *tag, const unsigned char *key,
+                     const unsigned char *iv, unsigned char *plaintext)
+{
+	EVP_CIPHER_CTX *ctx;
+	int len;
+	int plaintext_len;
+	int ret;
+
+	if (!(ctx = EVP_CIPHER_CTX_new()))
+		return OPENSSL_ENGINE_ERROR;
+
+	if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+		return OPENSSL_ENGINE_ERROR;
+
+	if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+		return OPENSSL_ENGINE_ERROR;
+
+	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+		return OPENSSL_ENGINE_ERROR;
+
+	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
+		return OPENSSL_ENGINE_ERROR;
+
+	if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
+		return OPENSSL_ENGINE_ERROR;
+
+	plaintext_len = len;
+
+	if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len)))
+		return OPENSSL_ENGINE_ERROR;
+
+	EVP_CIPHER_CTX_free(ctx);
+
+	if (ret > 0) {
+		plaintext_len += len;
+		return plaintext_len;
+	} else {
+		return -1;
+	}
+}
+
 typedef std::array<uint8_t, MAX_KEY_SIZE> KeyData;
 
 // derives a key used for DomainKEK encryption (aka PKEK1) from random salt & user password
@@ -472,83 +552,3 @@ KeyProvider::~KeyProvider()
 {
 	LogDebug("KeyProvider Destructor");
 }
-
-int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext,
-								  int plaintext_len, const unsigned char *key, const unsigned char *iv,
-								  unsigned char *ciphertext, unsigned char *tag)
-{
-	EVP_CIPHER_CTX *ctx;
-	int len;
-	int ciphertext_len = 0;
-
-	if (!(ctx = EVP_CIPHER_CTX_new()))
-		return OPENSSL_ENGINE_ERROR;
-
-	if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
-		return OPENSSL_ENGINE_ERROR;
-
-	if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
-		return OPENSSL_ENGINE_ERROR;
-
-	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
-		return OPENSSL_ENGINE_ERROR;
-
-	if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
-		return OPENSSL_ENGINE_ERROR;
-
-	ciphertext_len = len;
-
-	if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
-		return OPENSSL_ENGINE_ERROR;
-
-	ciphertext_len += len;
-
-	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
-		return OPENSSL_ENGINE_ERROR;
-
-	EVP_CIPHER_CTX_free(ctx);
-
-	return ciphertext_len;
-}
-
-int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext,
-								  int ciphertext_len, unsigned char *tag, const unsigned char *key,
-								  const unsigned char *iv, unsigned char *plaintext)
-{
-	EVP_CIPHER_CTX *ctx;
-	int len;
-	int plaintext_len;
-	int ret;
-
-	if (!(ctx = EVP_CIPHER_CTX_new()))
-		return OPENSSL_ENGINE_ERROR;
-
-	if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
-		return OPENSSL_ENGINE_ERROR;
-
-	if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
-		return OPENSSL_ENGINE_ERROR;
-
-	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
-		return OPENSSL_ENGINE_ERROR;
-
-	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
-		return OPENSSL_ENGINE_ERROR;
-
-	if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
-		return OPENSSL_ENGINE_ERROR;
-
-	plaintext_len = len;
-
-	if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len)))
-		return OPENSSL_ENGINE_ERROR;
-
-	EVP_CIPHER_CTX_free(ctx);
-
-	if (ret > 0) {
-		plaintext_len += len;
-		return plaintext_len;
-	} else {
-		return -1;
-	}
-}
diff --git a/src/manager/service/key-provider.h b/src/manager/service/key-provider.h
index 5f6e0cb2..ed47b586 100644
--- a/src/manager/service/key-provider.h
+++ b/src/manager/service/key-provider.h
@@ -167,22 +167,6 @@ private:
 	// KeyAndInfoContainer class
 	std::shared_ptr<KeyAndInfoContainer> m_kmcDKEK;
 	bool m_isInitialized;
-
-	static int encryptAes256Gcm(
-		const unsigned char *plaintext,
-		int plaintext_len,
-		const unsigned char *key,
-		const unsigned char *iv,
-		unsigned char *ciphertext,
-		unsigned char *tag);
-
-	static int decryptAes256Gcm(
-		const unsigned char *ciphertext,
-		int ciphertext_len,
-		unsigned char *tag,
-		const unsigned char *key,
-		const unsigned char *iv,
-		unsigned char *plaintext);
 };
 
 } // namespace CKM