diff options
author | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2019-01-29 15:43:32 +0100 |
---|---|---|
committer | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2019-02-13 13:37:15 +0100 |
commit | 0b4db5ef0ee9ab0827259cd8d8236ed3996315d7 (patch) | |
tree | d6e1353cdfc41f48dffcf93748accfb11610c86b | |
parent | f998e4d1758b214b390f6b7f841e6f698fb6f3f1 (diff) | |
download | key-manager-0b4db5ef0ee9ab0827259cd8d8236ed3996315d7.tar.gz key-manager-0b4db5ef0ee9ab0827259cd8d8236ed3996315d7.tar.bz2 key-manager-0b4db5ef0ee9ab0827259cd8d8236ed3996315d7.zip |
Make encrypt/decrypt local functions of key-provider.cpp
Change-Id: I0dfceda850c69b09a92d26254642357838ea7cb5
-rw-r--r-- | src/manager/service/key-provider.cpp | 160 | ||||
-rw-r--r-- | src/manager/service/key-provider.h | 16 |
2 files changed, 80 insertions, 96 deletions
diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp index 2895b6c0..0ed59cc5 100644 --- a/src/manager/service/key-provider.cpp +++ b/src/manager/service/key-provider.cpp @@ -45,6 +45,86 @@ RawBuffer toRawBuffer(T *) return RawBuffer(); } +int encryptAes256Gcm(const unsigned char *plaintext, + int plaintext_len, const unsigned char *key, const unsigned char *iv, + unsigned char *ciphertext, unsigned char *tag) +{ + EVP_CIPHER_CTX *ctx; + int len; + int ciphertext_len = 0; + + if (!(ctx = EVP_CIPHER_CTX_new())) + return OPENSSL_ENGINE_ERROR; + + if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) + return OPENSSL_ENGINE_ERROR; + + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) + return OPENSSL_ENGINE_ERROR; + + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) + return OPENSSL_ENGINE_ERROR; + + if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) + return OPENSSL_ENGINE_ERROR; + + ciphertext_len = len; + + if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) + return OPENSSL_ENGINE_ERROR; + + ciphertext_len += len; + + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag)) + return OPENSSL_ENGINE_ERROR; + + EVP_CIPHER_CTX_free(ctx); + + return ciphertext_len; +} + +int decryptAes256Gcm(const unsigned char *ciphertext, + int ciphertext_len, unsigned char *tag, const unsigned char *key, + const unsigned char *iv, unsigned char *plaintext) +{ + EVP_CIPHER_CTX *ctx; + int len; + int plaintext_len; + int ret; + + if (!(ctx = EVP_CIPHER_CTX_new())) + return OPENSSL_ENGINE_ERROR; + + if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) + return OPENSSL_ENGINE_ERROR; + + if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) + return OPENSSL_ENGINE_ERROR; + + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) + return OPENSSL_ENGINE_ERROR; + + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag)) + return OPENSSL_ENGINE_ERROR; + + if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) + return OPENSSL_ENGINE_ERROR; + + plaintext_len = len; + + if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len))) + return OPENSSL_ENGINE_ERROR; + + EVP_CIPHER_CTX_free(ctx); + + if (ret > 0) { + plaintext_len += len; + return plaintext_len; + } else { + return -1; + } +} + typedef std::array<uint8_t, MAX_KEY_SIZE> KeyData; // derives a key used for DomainKEK encryption (aka PKEK1) from random salt & user password @@ -472,83 +552,3 @@ KeyProvider::~KeyProvider() { LogDebug("KeyProvider Destructor"); } - -int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext, - int plaintext_len, const unsigned char *key, const unsigned char *iv, - unsigned char *ciphertext, unsigned char *tag) -{ - EVP_CIPHER_CTX *ctx; - int len; - int ciphertext_len = 0; - - if (!(ctx = EVP_CIPHER_CTX_new())) - return OPENSSL_ENGINE_ERROR; - - if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) - return OPENSSL_ENGINE_ERROR; - - if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) - return OPENSSL_ENGINE_ERROR; - - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) - return OPENSSL_ENGINE_ERROR; - - if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) - return OPENSSL_ENGINE_ERROR; - - ciphertext_len = len; - - if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) - return OPENSSL_ENGINE_ERROR; - - ciphertext_len += len; - - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag)) - return OPENSSL_ENGINE_ERROR; - - EVP_CIPHER_CTX_free(ctx); - - return ciphertext_len; -} - -int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext, - int ciphertext_len, unsigned char *tag, const unsigned char *key, - const unsigned char *iv, unsigned char *plaintext) -{ - EVP_CIPHER_CTX *ctx; - int len; - int plaintext_len; - int ret; - - if (!(ctx = EVP_CIPHER_CTX_new())) - return OPENSSL_ENGINE_ERROR; - - if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) - return OPENSSL_ENGINE_ERROR; - - if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) - return OPENSSL_ENGINE_ERROR; - - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) - return OPENSSL_ENGINE_ERROR; - - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag)) - return OPENSSL_ENGINE_ERROR; - - if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) - return OPENSSL_ENGINE_ERROR; - - plaintext_len = len; - - if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len))) - return OPENSSL_ENGINE_ERROR; - - EVP_CIPHER_CTX_free(ctx); - - if (ret > 0) { - plaintext_len += len; - return plaintext_len; - } else { - return -1; - } -} diff --git a/src/manager/service/key-provider.h b/src/manager/service/key-provider.h index 5f6e0cb2..ed47b586 100644 --- a/src/manager/service/key-provider.h +++ b/src/manager/service/key-provider.h @@ -167,22 +167,6 @@ private: // KeyAndInfoContainer class std::shared_ptr<KeyAndInfoContainer> m_kmcDKEK; bool m_isInitialized; - - static int encryptAes256Gcm( - const unsigned char *plaintext, - int plaintext_len, - const unsigned char *key, - const unsigned char *iv, - unsigned char *ciphertext, - unsigned char *tag); - - static int decryptAes256Gcm( - const unsigned char *ciphertext, - int ciphertext_len, - unsigned char *tag, - const unsigned char *key, - const unsigned char *iv, - unsigned char *plaintext); }; } // namespace CKM |