main/doxygen/include_2ccf_2crypto_2symmetric__key_8h_source.html

// Copyright (c) Microsoft Corporation. All rights reserved.

// Licensed under the Apache 2.0 License.

#pragma once


#include "ccf/crypto/entropy.h"


#include <span>

#include <vector>


namespace ccf::crypto

{

  constexpr size_t GCM_DEFAULT_KEY_SIZE = 32;


  constexpr size_t GCM_SIZE_TAG = 16;


  struct GcmHeader

  {

    uint8_t tag[GCM_SIZE_TAG] = {};


    // Size does not change after construction

    std::vector<uint8_t> iv;


    GcmHeader(size_t iv_size);


    void set_iv(const uint8_t* data, size_t size);

    [[nodiscard]] std::span<const uint8_t> get_iv() const;


    [[nodiscard]] size_t serialised_size() const;

    std::vector<uint8_t> serialise();


    void deserialise(const std::vector<uint8_t>& ser);

    void deserialise(const uint8_t*& data, size_t& size);

  };


  template <size_t IV_BYTES>


  struct FixedSizeGcmHeader : public GcmHeader

  {

    static constexpr size_t IV_SIZE = IV_BYTES;


    FixedSizeGcmHeader() : GcmHeader(IV_SIZE) {}


    static size_t serialised_size()

    {

      return GCM_SIZE_TAG + IV_SIZE;

    }


    void set_random_iv(EntropyPtr entropy = ccf::crypto::get_entropy())

    {

      iv = entropy->random(IV_SIZE);

    }


  };


  // GcmHeader with 12-byte (96-bit) IV

  constexpr size_t iv_size = 12;

  using StandardGcmHeader = FixedSizeGcmHeader<iv_size>;


  struct GcmCipher

  {

    StandardGcmHeader hdr;

    std::vector<uint8_t> cipher;


    GcmCipher();

    GcmCipher(size_t size);


    std::vector<uint8_t> serialise();


    void deserialise(const std::vector<uint8_t>& serial);

  };


  class KeyAesGcm

  {

  public:

    KeyAesGcm() = default;

    virtual ~KeyAesGcm() = default;


    // AES-GCM encryption

    virtual void encrypt(

      std::span<const uint8_t> iv,

      std::span<const uint8_t> plain,

      std::span<const uint8_t> aad,

      std::vector<uint8_t>& cipher,

      uint8_t tag[GCM_SIZE_TAG]) const = 0;


    // AES-GCM decryption

    virtual bool decrypt(

      std::span<const uint8_t> iv,

      const uint8_t tag[GCM_SIZE_TAG],

      std::span<const uint8_t> cipher,

      std::span<const uint8_t> aad,

      std::vector<uint8_t>& plain) const = 0;


    // Key size in bits

    [[nodiscard]] virtual size_t key_size() const = 0;

  };


  std::unique_ptr<KeyAesGcm> make_key_aes_gcm(std::span<const uint8_t> rawKey);


  inline void check_supported_aes_key_size(size_t num_bits)

  {

    // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers,readability-magic-numbers)

    if (num_bits != 128 && num_bits != 192 && num_bits != 256)

    {

      throw std::runtime_error("Unsupported key size");

    }

  }


}

ccf::crypto::KeyAesGcm
Definition symmetric_key.h:71

ccf::crypto::KeyAesGcm::decrypt
virtual bool decrypt(std::span< const uint8_t > iv, const uint8_t tag[GCM_SIZE_TAG], std::span< const uint8_t > cipher, std::span< const uint8_t > aad, std::vector< uint8_t > &plain) const =0

ccf::crypto::KeyAesGcm::key_size
virtual size_t key_size() const =0

ccf::crypto::KeyAesGcm::~KeyAesGcm
virtual ~KeyAesGcm()=default

ccf::crypto::KeyAesGcm::encrypt
virtual void encrypt(std::span< const uint8_t > iv, std::span< const uint8_t > plain, std::span< const uint8_t > aad, std::vector< uint8_t > &cipher, uint8_t tag[GCM_SIZE_TAG]) const =0

ccf::crypto::KeyAesGcm::KeyAesGcm
KeyAesGcm()=default

entropy.h

ccf::crypto
Definition base64.h:11

ccf::crypto::check_supported_aes_key_size
void check_supported_aes_key_size(size_t num_bits)
Definition symmetric_key.h:101

ccf::crypto::make_key_aes_gcm
std::unique_ptr< KeyAesGcm > make_key_aes_gcm(std::span< const uint8_t > rawKey)
Free function implementation.
Definition symmetric_key.cpp:100

ccf::crypto::iv_size
constexpr size_t iv_size
Definition symmetric_key.h:54

ccf::crypto::get_entropy
EntropyPtr get_entropy()
Definition entropy.cpp:10

ccf::crypto::EntropyPtr
std::shared_ptr< Entropy > EntropyPtr
Definition entropy.h:32

ccf::crypto::GCM_SIZE_TAG
constexpr size_t GCM_SIZE_TAG
Definition symmetric_key.h:14

ccf::crypto::GCM_DEFAULT_KEY_SIZE
constexpr size_t GCM_DEFAULT_KEY_SIZE
Definition symmetric_key.h:12

ccf::crypto::FixedSizeGcmHeader
Definition symmetric_key.h:37

ccf::crypto::FixedSizeGcmHeader::set_random_iv
void set_random_iv(EntropyPtr entropy=ccf::crypto::get_entropy())
Definition symmetric_key.h:47

ccf::crypto::FixedSizeGcmHeader::FixedSizeGcmHeader
FixedSizeGcmHeader()
Definition symmetric_key.h:40

ccf::crypto::FixedSizeGcmHeader::IV_SIZE
static constexpr size_t IV_SIZE
Definition symmetric_key.h:38

ccf::crypto::FixedSizeGcmHeader::serialised_size
static size_t serialised_size()
Definition symmetric_key.h:42

ccf::crypto::GcmCipher
Definition symmetric_key.h:58

ccf::crypto::GcmCipher::deserialise
void deserialise(const std::vector< uint8_t > &serial)
Definition symmetric_key.cpp:91

ccf::crypto::GcmCipher::GcmCipher
GcmCipher()
GcmCipher implementation.

ccf::crypto::GcmCipher::serialise
std::vector< uint8_t > serialise()
Definition symmetric_key.cpp:76

ccf::crypto::GcmCipher::hdr
StandardGcmHeader hdr
Definition symmetric_key.h:59

ccf::crypto::GcmCipher::cipher
std::vector< uint8_t > cipher
Definition symmetric_key.h:60

ccf::crypto::GcmHeader
Definition symmetric_key.h:17

ccf::crypto::GcmHeader::serialise
std::vector< uint8_t > serialise()
Definition symmetric_key.cpp:42

ccf::crypto::GcmHeader::tag
uint8_t tag[GCM_SIZE_TAG]
Definition symmetric_key.h:18

ccf::crypto::GcmHeader::set_iv
void set_iv(const uint8_t *data, size_t size)
Definition symmetric_key.cpp:21

ccf::crypto::GcmHeader::iv
std::vector< uint8_t > iv
Definition symmetric_key.h:21

ccf::crypto::GcmHeader::serialised_size
size_t serialised_size() const
Definition symmetric_key.cpp:37

ccf::crypto::GcmHeader::deserialise
void deserialise(const std::vector< uint8_t > &ser)
Definition symmetric_key.cpp:54

ccf::crypto::GcmHeader::get_iv
std::span< const uint8_t > get_iv() const
Definition symmetric_key.cpp:32