diff options
author | ambrosin <ambrosin@google.com> | 2023-05-03 00:49:16 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-05-03 00:50:24 -0700 |
commit | 5c84ec5111a55f6fef552c974d9b59bf23a61455 (patch) | |
tree | df3c6d5140e8139c804ffbe706e03a04abd6317f /cc/aead | |
parent | 6d17fa447f46f3243f474cde2e0aea9c0d21430e (diff) | |
download | tink-5c84ec5111a55f6fef552c974d9b59bf23a61455.tar.gz |
Remove internal classes from ssl_aead
* Remove SslAesGcmOneShotAead, SslAesGcmSivOneShotAead and SslXchacha20Poly1305OneShotAead
* Add CiphertextSize and PlaintextSize to OpenSslOneShotAeadImpl and BoringSslOneShotAeadImpl.
PiperOrigin-RevId: 529015291
Diffstat (limited to 'cc/aead')
-rw-r--r-- | cc/aead/internal/ssl_aead.cc | 86 | ||||
-rw-r--r-- | cc/aead/internal/ssl_aead.h | 3 |
2 files changed, 29 insertions, 60 deletions
diff --git a/cc/aead/internal/ssl_aead.cc b/cc/aead/internal/ssl_aead.cc index 2c70b730f..9ed026840 100644 --- a/cc/aead/internal/ssl_aead.cc +++ b/cc/aead/internal/ssl_aead.cc @@ -44,6 +44,7 @@ namespace internal { ABSL_CONST_INIT const int kXchacha20Poly1305TagSizeInBytes = 16; ABSL_CONST_INIT const int kAesGcmTagSizeInBytes = 16; +ABSL_CONST_INIT const int kAesGcmSivTagSizeInBytes = 16; namespace { @@ -281,6 +282,17 @@ class OpenSslOneShotAeadImpl : public SslOneShotAead { return *written_bytes; } + int64_t CiphertextSize(int64_t plaintext_length) const override { + return plaintext_length + tag_size_; + } + + int64_t PlaintextSize(int64_t ciphertext_length) const override { + if (ciphertext_length < tag_size_) { + return 0; + } + return ciphertext_length - tag_size_; + } + private: const internal::SslUniquePtr<EVP_CIPHER_CTX> context_; const size_t tag_size_; @@ -388,72 +400,24 @@ class BoringSslOneShotAeadImpl : public SslOneShotAead { return out_len; } - const internal::SslUniquePtr<EVP_AEAD_CTX> context_; - const size_t tag_size_; -}; - -#endif - -#ifdef OPENSSL_IS_BORINGSSL -// Always use the BoringSSL APIs when available. -using SslOneShotAeadImpl = BoringSslOneShotAeadImpl; -#else -using SslOneShotAeadImpl = OpenSslOneShotAeadImpl; -#endif - -// One shot implementing AES-GCM. -class SslAesGcmOneShotAead : public SslOneShotAeadImpl { - public: -#ifdef OPENSSL_IS_BORINGSSL - explicit SslAesGcmOneShotAead(internal::SslUniquePtr<EVP_AEAD_CTX> context) - : BoringSslOneShotAeadImpl(std::move(context), kAesGcmTagSizeInBytes) {} -#else - explicit SslAesGcmOneShotAead(internal::SslUniquePtr<EVP_CIPHER_CTX> context) - : SslOneShotAeadImpl(std::move(context), kAesGcmTagSizeInBytes) {} -#endif - int64_t CiphertextSize(int64_t plaintext_length) const override { - return plaintext_length + kAesGcmTagSizeInBytes; + return plaintext_length + tag_size_; } int64_t PlaintextSize(int64_t ciphertext_length) const override { - if (ciphertext_length < kAesGcmTagSizeInBytes) { + if (ciphertext_length < tag_size_) { return 0; } - return ciphertext_length - kAesGcmTagSizeInBytes; + return ciphertext_length - tag_size_; } -}; -// One shot implementing AES-GCM-SIV. -using SslAesGcmSivOneShotAead = SslAesGcmOneShotAead; + private: + const internal::SslUniquePtr<EVP_AEAD_CTX> context_; + const size_t tag_size_; +}; -// One shot implementing XCHACHA-POLY-1305. -class SslXchacha20Poly1305OneShotAead : public SslOneShotAeadImpl { - public: -#ifdef OPENSSL_IS_BORINGSSL - explicit SslXchacha20Poly1305OneShotAead( - internal::SslUniquePtr<EVP_AEAD_CTX> context) - : BoringSslOneShotAeadImpl(std::move(context), - kXchacha20Poly1305TagSizeInBytes) {} -#else - explicit SslXchacha20Poly1305OneShotAead( - internal::SslUniquePtr<EVP_CIPHER_CTX> context) - : SslOneShotAeadImpl(std::move(context), - kXchacha20Poly1305TagSizeInBytes) {} #endif - int64_t CiphertextSize(int64_t plaintext_length) const override { - return plaintext_length + kXchacha20Poly1305TagSizeInBytes; - } - - int64_t PlaintextSize(int64_t ciphertext_length) const override { - if (ciphertext_length < kXchacha20Poly1305TagSizeInBytes) { - return 0; - } - return ciphertext_length - kXchacha20Poly1305TagSizeInBytes; - } -}; - } // namespace util::StatusOr<std::unique_ptr<SslOneShotAead>> CreateAesGcmOneShotCrypter( @@ -472,6 +436,8 @@ util::StatusOr<std::unique_ptr<SslOneShotAead>> CreateAesGcmOneShotCrypter( absl::StatusCode::kInternal, absl::StrCat("EVP_AEAD_CTX_new failed: ", internal::GetSslErrors())); } + return {absl::make_unique<BoringSslOneShotAeadImpl>(std::move(context), + kAesGcmTagSizeInBytes)}; #else util::StatusOr<const EVP_CIPHER *> aead_cipher = GetAesGcmCipherForKeySize(key.size()); @@ -496,8 +462,9 @@ util::StatusOr<std::unique_ptr<SslOneShotAead>> CreateAesGcmOneShotCrypter( return util::Status(absl::StatusCode::kInternal, "Context initialization failed"); } + return {absl::make_unique<OpenSslOneShotAeadImpl>(std::move(context), + kAesGcmTagSizeInBytes)}; #endif - return {absl::make_unique<SslAesGcmOneShotAead>(std::move(context))}; } util::StatusOr<std::unique_ptr<SslOneShotAead>> CreateAesGcmSivOneShotCrypter( @@ -515,7 +482,8 @@ util::StatusOr<std::unique_ptr<SslOneShotAead>> CreateAesGcmSivOneShotCrypter( absl::StrCat("EVP_AEAD_CTX_new initialization Failed: ", internal::GetSslErrors())); } - return {absl::make_unique<SslAesGcmSivOneShotAead>(std::move(context))}; + return {absl::make_unique<BoringSslOneShotAeadImpl>( + std::move(context), kAesGcmSivTagSizeInBytes)}; #else return util::Status(absl::StatusCode::kUnimplemented, "AES-GCM-SIV is unimplemented for OpenSSL"); @@ -540,8 +508,8 @@ CreateXchacha20Poly1305OneShotCrypter(const util::SecretData &key) { absl::StrCat("EVP_AEAD_CTX_new initialization Failed: ", internal::GetSslErrors())); } - return { - absl::make_unique<SslXchacha20Poly1305OneShotAead>(std::move(context))}; + return {absl::make_unique<BoringSslOneShotAeadImpl>( + std::move(context), kXchacha20Poly1305TagSizeInBytes)}; #else return util::Status(absl::StatusCode::kUnimplemented, "Xchacha20-Poly1305 is unimplemented for OpenSSL"); diff --git a/cc/aead/internal/ssl_aead.h b/cc/aead/internal/ssl_aead.h index 6ff877aa2..3fdc15891 100644 --- a/cc/aead/internal/ssl_aead.h +++ b/cc/aead/internal/ssl_aead.h @@ -28,9 +28,10 @@ namespace crypto { namespace tink { namespace internal { +// Tag sizes. ABSL_CONST_INIT extern const int kXchacha20Poly1305TagSizeInBytes; -// Tag size for both AES-GCM and AES-GCM-SIV. ABSL_CONST_INIT extern const int kAesGcmTagSizeInBytes; +ABSL_CONST_INIT extern const int kAesGcmSivTagSizeInBytes; // Interface for one-shot AEAD crypters. class SslOneShotAead { |