return RawBuffer();
}
+int encryptAes256Gcm(const unsigned char *plaintext,
+ int plaintext_len, const unsigned char *key, const unsigned char *iv,
+ unsigned char *ciphertext, unsigned char *tag)
+{
+ EVP_CIPHER_CTX *ctx;
+ int len;
+ int ciphertext_len = 0;
+
+ if (!(ctx = EVP_CIPHER_CTX_new()))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
+ return OPENSSL_ENGINE_ERROR;
+
+ ciphertext_len = len;
+
+ if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
+ return OPENSSL_ENGINE_ERROR;
+
+ ciphertext_len += len;
+
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
+ return OPENSSL_ENGINE_ERROR;
+
+ EVP_CIPHER_CTX_free(ctx);
+
+ return ciphertext_len;
+}
+
+int decryptAes256Gcm(const unsigned char *ciphertext,
+ int ciphertext_len, unsigned char *tag, const unsigned char *key,
+ const unsigned char *iv, unsigned char *plaintext)
+{
+ EVP_CIPHER_CTX *ctx;
+ int len;
+ int plaintext_len;
+ int ret;
+
+ if (!(ctx = EVP_CIPHER_CTX_new()))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
+ return OPENSSL_ENGINE_ERROR;
+
+ if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
+ return OPENSSL_ENGINE_ERROR;
+
+ plaintext_len = len;
+
+ if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len)))
+ return OPENSSL_ENGINE_ERROR;
+
+ EVP_CIPHER_CTX_free(ctx);
+
+ if (ret > 0) {
+ plaintext_len += len;
+ return plaintext_len;
+ } else {
+ return -1;
+ }
+}
+
typedef std::array<uint8_t, MAX_KEY_SIZE> KeyData;
// derives a key used for DomainKEK encryption (aka PKEK1) from random salt & user password
{
LogDebug("KeyProvider Destructor");
}
-
-int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext,
- int plaintext_len, const unsigned char *key, const unsigned char *iv,
- unsigned char *ciphertext, unsigned char *tag)
-{
- EVP_CIPHER_CTX *ctx;
- int len;
- int ciphertext_len = 0;
-
- if (!(ctx = EVP_CIPHER_CTX_new()))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
- return OPENSSL_ENGINE_ERROR;
-
- ciphertext_len = len;
-
- if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
- return OPENSSL_ENGINE_ERROR;
-
- ciphertext_len += len;
-
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
- return OPENSSL_ENGINE_ERROR;
-
- EVP_CIPHER_CTX_free(ctx);
-
- return ciphertext_len;
-}
-
-int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext,
- int ciphertext_len, unsigned char *tag, const unsigned char *key,
- const unsigned char *iv, unsigned char *plaintext)
-{
- EVP_CIPHER_CTX *ctx;
- int len;
- int plaintext_len;
- int ret;
-
- if (!(ctx = EVP_CIPHER_CTX_new()))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
- return OPENSSL_ENGINE_ERROR;
-
- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
- return OPENSSL_ENGINE_ERROR;
-
- plaintext_len = len;
-
- if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len)))
- return OPENSSL_ENGINE_ERROR;
-
- EVP_CIPHER_CTX_free(ctx);
-
- if (ret > 0) {
- plaintext_len += len;
- return plaintext_len;
- } else {
- return -1;
- }
-}
projects / platform / core / security / key-manager.git / commitdiff