From 3112828520f9f58b7a56ca0b73d458527f613523 Mon Sep 17 00:00:00 2001
From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Tue, 30 Jun 2015 11:19:02 +0200
Subject: [PATCH] Add support for AES CTR and AES CFB

[Feature] Implementation of encryption service
[Solution] CTR and CFB modes implemented

[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION. Only rsa tests
and gcm aad test may fail.

Change-Id: I71f8c71a0fce536037da7653986c674c3a63499a
---
 src/manager/crypto/sw-backend/crypto.h      | 14 ++++++++++++
 src/manager/crypto/sw-backend/internals.cpp | 34 ++++++++++++++++++++++++-----
 src/manager/crypto/sw-backend/internals.h   |  6 +++--
 src/manager/service/crypto-logic.cpp        |  4 ++--
 4 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/src/manager/crypto/sw-backend/crypto.h b/src/manager/crypto/sw-backend/crypto.h
index 40fe42d..d23aac0 100644
--- a/src/manager/crypto/sw-backend/crypto.h
+++ b/src/manager/crypto/sw-backend/crypto.h
@@ -127,6 +127,20 @@ DEFINE_CIPHER(AesGcmDecryption192, RawBuffer, EVP_aes_192_gcm(), false);
 DEFINE_CIPHER(AesGcmEncryption256, RawBuffer, EVP_aes_256_gcm(), true);
 DEFINE_CIPHER(AesGcmDecryption256, RawBuffer, EVP_aes_256_gcm(), false);
 
+DEFINE_CIPHER(AesCtrEncryption128, RawBuffer, EVP_aes_128_ctr(), true);
+DEFINE_CIPHER(AesCtrDecryption128, RawBuffer, EVP_aes_128_ctr(), false);
+DEFINE_CIPHER(AesCtrEncryption192, RawBuffer, EVP_aes_192_ctr(), true);
+DEFINE_CIPHER(AesCtrDecryption192, RawBuffer, EVP_aes_192_ctr(), false);
+DEFINE_CIPHER(AesCtrEncryption256, RawBuffer, EVP_aes_256_ctr(), true);
+DEFINE_CIPHER(AesCtrDecryption256, RawBuffer, EVP_aes_256_ctr(), false);
+
+DEFINE_CIPHER(AesCfbEncryption128, RawBuffer, EVP_aes_128_cfb(), true);
+DEFINE_CIPHER(AesCfbDecryption128, RawBuffer, EVP_aes_128_cfb(), false);
+DEFINE_CIPHER(AesCfbEncryption192, RawBuffer, EVP_aes_192_cfb(), true);
+DEFINE_CIPHER(AesCfbDecryption192, RawBuffer, EVP_aes_192_cfb(), false);
+DEFINE_CIPHER(AesCfbEncryption256, RawBuffer, EVP_aes_256_cfb(), true);
+DEFINE_CIPHER(AesCfbDecryption256, RawBuffer, EVP_aes_256_cfb(), false);
+
 #undef DEFINE_CIPHER
 
 } // namespace Cipher
diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp
index a6ad01a..ad646fb 100644
--- a/src/manager/crypto/sw-backend/internals.cpp
+++ b/src/manager/crypto/sw-backend/internals.cpp
@@ -247,6 +247,22 @@ CipherTree initializeCipherTree()
     tree[AlgoType::AES_GCM][192][false] = initCipher<Cipher::AesGcmDecryption192>;
     tree[AlgoType::AES_GCM][256][false] = initCipher<Cipher::AesGcmDecryption256>;
 
+    tree[AlgoType::AES_CTR][128][true] = initCipher<Cipher::AesCtrEncryption128>;
+    tree[AlgoType::AES_CTR][192][true] = initCipher<Cipher::AesCtrEncryption192>;
+    tree[AlgoType::AES_CTR][256][true] = initCipher<Cipher::AesCtrEncryption256>;
+
+    tree[AlgoType::AES_CTR][128][false] = initCipher<Cipher::AesCtrDecryption128>;
+    tree[AlgoType::AES_CTR][192][false] = initCipher<Cipher::AesCtrDecryption192>;
+    tree[AlgoType::AES_CTR][256][false] = initCipher<Cipher::AesCtrDecryption256>;
+
+    tree[AlgoType::AES_CFB][128][true] = initCipher<Cipher::AesCfbEncryption128>;
+    tree[AlgoType::AES_CFB][192][true] = initCipher<Cipher::AesCfbEncryption192>;
+    tree[AlgoType::AES_CFB][256][true] = initCipher<Cipher::AesCfbEncryption256>;
+
+    tree[AlgoType::AES_CFB][128][false] = initCipher<Cipher::AesCfbDecryption128>;
+    tree[AlgoType::AES_CFB][192][false] = initCipher<Cipher::AesCfbDecryption192>;
+    tree[AlgoType::AES_CFB][256][false] = initCipher<Cipher::AesCfbDecryption256>;
+
     return tree;
 }
 
@@ -528,13 +544,14 @@ Token generateSKey(CryptoBackend backendId, const CryptoAlgorithm &algorithm)
     return createKeyAES(backendId, keySizeBits);
 }
 
-RawBuffer encryptDataAesCbc(
+RawBuffer encryptDataAes(
+    AlgoType type,
     const RawBuffer &key,
     const RawBuffer &data,
     const RawBuffer &iv)
 {
     EvpCipherPtr enc;
-    selectCipher(AlgoType::AES_CBC, key.size())(enc, key, iv);
+    selectCipher(type, key.size())(enc, key, iv);
     RawBuffer result = enc->Append(data);
     RawBuffer tmp = enc->Finalize();
     std::copy(tmp.begin(), tmp.end(), std::back_inserter(result));
@@ -570,13 +587,14 @@ RawBuffer encryptDataAesGcmPacked(
     return pair.first;
 }
 
-RawBuffer decryptDataAesCbc(
+RawBuffer decryptDataAes(
+    AlgoType type,
     const RawBuffer &key,
     const RawBuffer &data,
     const RawBuffer &iv)
 {
     EvpCipherPtr dec;
-    selectCipher(AlgoType::AES_CBC, key.size(), false)(dec, key, iv);
+    selectCipher(type, key.size(), false)(dec, key, iv);
     RawBuffer result = dec->Append(data);
     RawBuffer tmp = dec->Finalize();
     std::copy(tmp.begin(), tmp.end(), std::back_inserter(result));
@@ -629,7 +647,9 @@ RawBuffer symmetricEncrypt(const RawBuffer &key,
     switch(keyType)
     {
         case AlgoType::AES_CBC:
-            return encryptDataAesCbc(key, data, unpack<RawBuffer>(alg, ParamName::ED_IV));
+        case AlgoType::AES_CTR:
+        case AlgoType::AES_CFB:
+            return encryptDataAes(keyType, key, data, unpack<RawBuffer>(alg, ParamName::ED_IV));
         case AlgoType::AES_GCM:
         {
             int tagLenBits = DEFAULT_AES_GCM_TAG_LEN;
@@ -656,7 +676,9 @@ RawBuffer symmetricDecrypt(const RawBuffer &key,
     switch(keyType)
     {
         case AlgoType::AES_CBC:
-            return decryptDataAesCbc(key, data, unpack<RawBuffer>(alg, ParamName::ED_IV));
+        case AlgoType::AES_CTR:
+        case AlgoType::AES_CFB:
+            return decryptDataAes(keyType, key, data, unpack<RawBuffer>(alg, ParamName::ED_IV));
         case AlgoType::AES_GCM:
         {
             int tagLenBits = DEFAULT_AES_GCM_TAG_LEN;
diff --git a/src/manager/crypto/sw-backend/internals.h b/src/manager/crypto/sw-backend/internals.h
index d9869b5..df3b245 100644
--- a/src/manager/crypto/sw-backend/internals.h
+++ b/src/manager/crypto/sw-backend/internals.h
@@ -70,11 +70,13 @@ RawBuffer decryptDataAesGcm(const RawBuffer &key,
     const RawBuffer &iv,
     const RawBuffer &tag);
 
-RawBuffer encryptDataAesCbc(const RawBuffer &key,
+RawBuffer encryptDataAes(AlgoType type,
+    const RawBuffer &key,
     const RawBuffer &data,
     const RawBuffer &iv);
 
-RawBuffer decryptDataAesCbc(const RawBuffer &key,
+RawBuffer decryptDataAes(AlgoType type,
+    const RawBuffer &key,
     const RawBuffer &data,
     const RawBuffer &iv);
 
diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp
index 10960fb..75c9b40 100644
--- a/src/manager/service/crypto-logic.cpp
+++ b/src/manager/service/crypto-logic.cpp
@@ -155,7 +155,7 @@ void CryptoLogic::encryptRow(const Password &password, DB::Row &row)
         if (!password.empty()) {
             key = passwordToKey(password, crow.iv, AES_CBC_KEY_SIZE);
 
-            crow.data = Crypto::SW::Internals::encryptDataAesCbc(key, crow.data, crow.iv);
+            crow.data = Crypto::SW::Internals::encryptDataAes(AlgoType::AES_CBC, key, crow.data, crow.iv);
             crow.encryptionScheme |= ENCR_PASSWORD;
         }
 
@@ -200,7 +200,7 @@ void CryptoLogic::decryptRow(const Password &password, DB::Row &row)
 
         if (crow.encryptionScheme & ENCR_PASSWORD) {
             key = passwordToKey(password, crow.iv, AES_CBC_KEY_SIZE);
-            crow.data = Crypto::SW::Internals::decryptDataAesCbc(key, crow.data, crow.iv);
+            crow.data = Crypto::SW::Internals::decryptDataAes(AlgoType::AES_CBC, key, crow.data, crow.iv);
         }
 
         if (crow.encryptionScheme & ENCR_APPKEY) {
-- 
2.7.4