summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKrzysztof Jackiewicz <k.jackiewicz@samsung.com>2019-01-29 15:43:32 +0100
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>2019-02-13 13:37:15 +0100
commit0b4db5ef0ee9ab0827259cd8d8236ed3996315d7 (patch)
treed6e1353cdfc41f48dffcf93748accfb11610c86b
parentf998e4d1758b214b390f6b7f841e6f698fb6f3f1 (diff)
downloadkey-manager-0b4db5ef0ee9ab0827259cd8d8236ed3996315d7.tar.gz
key-manager-0b4db5ef0ee9ab0827259cd8d8236ed3996315d7.tar.bz2
key-manager-0b4db5ef0ee9ab0827259cd8d8236ed3996315d7.zip
Make encrypt/decrypt local functions of key-provider.cpp
Change-Id: I0dfceda850c69b09a92d26254642357838ea7cb5
-rw-r--r--src/manager/service/key-provider.cpp160
-rw-r--r--src/manager/service/key-provider.h16
2 files changed, 80 insertions, 96 deletions
diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp
index 2895b6c..0ed59cc 100644
--- a/src/manager/service/key-provider.cpp
+++ b/src/manager/service/key-provider.cpp
@@ -45,6 +45,86 @@ RawBuffer toRawBuffer(T *)
return RawBuffer();
}
+int encryptAes256Gcm(const unsigned char *plaintext,
+ int plaintext_len, const unsigned char *key, const unsigned char *iv,
+ unsigned char *ciphertext, unsigned char *tag)
+{
+ EVP_CIPHER_CTX *ctx;
+ int len;
+ int ciphertext_len = 0;
+
+ if (!(ctx = EVP_CIPHER_CTX_new()))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
+ return OPENSSL_ENGINE_ERROR;
+
+ ciphertext_len = len;
+
+ if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
+ return OPENSSL_ENGINE_ERROR;
+
+ ciphertext_len += len;
+
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
+ return OPENSSL_ENGINE_ERROR;
+
+ EVP_CIPHER_CTX_free(ctx);
+
+ return ciphertext_len;
+}
+
+int decryptAes256Gcm(const unsigned char *ciphertext,
+ int ciphertext_len, unsigned char *tag, const unsigned char *key,
+ const unsigned char *iv, unsigned char *plaintext)
+{
+ EVP_CIPHER_CTX *ctx;
+ int len;
+ int plaintext_len;
+ int ret;
+
+ if (!(ctx = EVP_CIPHER_CTX_new()))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
+ return OPENSSL_ENGINE_ERROR;
+
+ plaintext_len = len;
+
+ if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len)))
+ return OPENSSL_ENGINE_ERROR;
+
+ EVP_CIPHER_CTX_free(ctx);
+
+ if (ret > 0) {
+ plaintext_len += len;
+ return plaintext_len;
+ } else {
+ return -1;
+ }
+}
+
typedef std::array<uint8_t, MAX_KEY_SIZE> KeyData;
// derives a key used for DomainKEK encryption (aka PKEK1) from random salt & user password
@@ -472,83 +552,3 @@ KeyProvider::~KeyProvider()
{
LogDebug("KeyProvider Destructor");
}
-
-int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext,
- int plaintext_len, const unsigned char *key, const unsigned char *iv,
- unsigned char *ciphertext, unsigned char *tag)
-{
- EVP_CIPHER_CTX *ctx;
- int len;
- int ciphertext_len = 0;
-
- if (!(ctx = EVP_CIPHER_CTX_new()))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
- return OPENSSL_ENGINE_ERROR;
-
- ciphertext_len = len;
-
- if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
- return OPENSSL_ENGINE_ERROR;
-
- ciphertext_len += len;
-
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
- return OPENSSL_ENGINE_ERROR;
-
- EVP_CIPHER_CTX_free(ctx);
-
- return ciphertext_len;
-}
-
-int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext,
- int ciphertext_len, unsigned char *tag, const unsigned char *key,
- const unsigned char *iv, unsigned char *plaintext)
-{
- EVP_CIPHER_CTX *ctx;
- int len;
- int plaintext_len;
- int ret;
-
- if (!(ctx = EVP_CIPHER_CTX_new()))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
- return OPENSSL_ENGINE_ERROR;
-
- plaintext_len = len;
-
- if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len)))
- return OPENSSL_ENGINE_ERROR;
-
- EVP_CIPHER_CTX_free(ctx);
-
- if (ret > 0) {
- plaintext_len += len;
- return plaintext_len;
- } else {
- return -1;
- }
-}
diff --git a/src/manager/service/key-provider.h b/src/manager/service/key-provider.h
index 5f6e0cb..ed47b58 100644
--- a/src/manager/service/key-provider.h
+++ b/src/manager/service/key-provider.h
@@ -167,22 +167,6 @@ private:
// KeyAndInfoContainer class
std::shared_ptr<KeyAndInfoContainer> m_kmcDKEK;
bool m_isInitialized;
-
- static int encryptAes256Gcm(
- const unsigned char *plaintext,
- int plaintext_len,
- const unsigned char *key,
- const unsigned char *iv,
- unsigned char *ciphertext,
- unsigned char *tag);
-
- static int decryptAes256Gcm(
- const unsigned char *ciphertext,
- int ciphertext_len,
- unsigned char *tag,
- const unsigned char *key,
- const unsigned char *iv,
- unsigned char *plaintext);
};
} // namespace CKM