code refactoring

m3sserschmitt · Dec 19, 2021 · 1cfd6f5 · 1cfd6f5
1 parent 83b81a7
commit 1cfd6f5
Show file tree

Hide file tree

Showing 6 changed files with 203 additions and 149 deletions.
diff --git a/include/aes.hh b/include/aes.hh
@@ -14,6 +14,7 @@
 #include "types.hh"
 #include "aes_const.hh"
 
+
 namespace CRYPTO
 {
   /**
@@ -38,15 +39,15 @@ namespace CRYPTO
  * @param autoset IV autoset flag
  * @param ctx AES to enable IV autoset
  */
-  [[deprecated("This function might be removed in further releases; AES_auth_encrypt will automatically generate a new IV on every encryption cycle.")]] void AES_iv_autoset(bool autoset, AES_CRYPTO ctx);
+  [[deprecated("This function might be removed in further releases;")]] void AES_iv_autoset(bool autoset, AES_CRYPTO ctx);
 
   /**
  * @brief Enable or disable IV append. If IV append enabled, then IV will be put at the beginning of every ciphertext.
  * 
  * @param append IV append flag
  * @param ctx AES to enable IV append
  */
-  [[deprecated("This function might be removed in further releases; AES_auth_encrypt will automatically append IV to ciphertext")]] void AES_iv_append(bool append, AES_CRYPTO ctx);
+  [[deprecated("This function might be removed in further releases;")]] void AES_iv_append(bool append, AES_CRYPTO ctx);
 
   /**
  * @brief Setup initialization vector to be used for encryption / decryption.
@@ -55,7 +56,7 @@ namespace CRYPTO
  * @param ctx AES context to setup iv vector.
  * @return int 0 if success, -1 if failure.
  */
-  int AES_setup_iv(const BYTE *iv, SIZE ivlen, AES_CRYPTO ctx);
+  [[deprecated("This function might be removed in further releases;")]] int AES_setup_iv(const BYTE *iv, SIZE ivlen, AES_CRYPTO ctx);
 
   /**
  * @brief Return current encryption key from AES context.
@@ -93,7 +94,7 @@ namespace CRYPTO
  * @param ctx AES context to be initialized.
  * @return int 0 for success, -1 for failure.
  */
-  [[deprecated("This function initializes AES context in CBC mode and it might be removed in further releases. Use AES_setup key & AES_init_ctx instead.")]] int AES_init(const BYTE *passphrase, SIZE passlen, const BYTE *salt, int rounds, CRYPTO_OP op, AES_CRYPTO ctx);
+  [[deprecated("This function might be removed in further releases. Use AES_init_ctx instead.")]] int AES_init(const BYTE *passphrase, SIZE passlen, const BYTE *salt, int rounds, CRYPTO_OP op, AES_CRYPTO ctx);
 
   /**
  * @brief Initialize AES context for both encryption and decryption.
@@ -106,7 +107,7 @@ namespace CRYPTO
  * @param ctx AES context to be initialized.
  * @return int 0 for success, -1 for failure.
  */
-  [[deprecated("This function initializes AES context in CBC mode and it might be removed in further releases. Use AES_setup key & AES_init_ctx instead.")]] int AES_init(const BYTE *passphrase, SIZE passlen, const BYTE *salt, int rounds, AES_CRYPTO ctx);
+  [[deprecated("This function might be removed in further releases. Use AES_init_ctx instead.")]] int AES_init(const BYTE *passphrase, SIZE passlen, const BYTE *salt, int rounds, AES_CRYPTO ctx);
 
   /**
  * @brief Check if AES context is ready for encryption;
@@ -137,74 +138,26 @@ namespace CRYPTO
   int AES_ctx_dup(AES_CRYPTO dest, const _AES_CRYPTO *src);
 
   /**
- * @brief Perform AES encryption.
- * 
- * @param ctx Initialized AES context.
- * @param in Data to be encrypted.
- * @param inlen Data length in bytes.
- * @param out Encrypted data (if null, then it is dynamically allocated).
- * @param aad Additional Authenticated Data (AAD)
- * @param aadlen Additional authenticated data size in bytes
- * @return int Size of encrypted data if success, -1 if failure.
- */
-  int AES_auth_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const BYTE *aad, SIZE aadlen, BYTES *out);
-
-  /**
- * @brief Perform AES encryption.
- * 
- * @param ctx Initialized AES context.
- * @param in Data to be encrypted.
- * @param inlen Data length in bytes.
- * @param out Encrypted data (if null, then it is dynamically allocated).
- * @return int Size of encrypted data if success, -1 if failure.
- */
-  int AES_auth_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out);
-
-  /**
- * @brief Perform AES encryption.
+ * @brief Perform AES CBC encryption.
  * 
  * @param ctx Initialized AES context.
  * @param in Data to be encrypted.
  * @param inlen Data length in bytes.
  * @param out Encrypted data (if null, then it is dynamically allocated).
  * @return int Size of encrypted data if success, -1 if failure.
  */
-  [[deprecated("This function uses CBC mode for encryption and might be removed in further releases; Use AES_auth_encrypt instead.")]] int AES_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out);
-
-  /**
- * @brief Perform AES encryption.
- * 
- * @param ctx Initialized AES context.
- * @param in Data to be encrypted.
- * @param inlen Data length in bytes.
- * @param out Encrypted data (if null, then it is dynamically allocated).
- * @param aad Additional Authenticated Data (AAD)
- * @param aadlen Additional authenticated data size in bytes
- * @return int Size of encrypted data if success, -1 if failure.
- */
-  int AES_auth_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const BYTE *aad, SIZE aadlen, BYTES *out);
-
-  /**
- * @brief Perform AES decryption.
- * 
- * @param ctx Initialized AES context.
- * @param in Data to be decrypted.
- * @param inlen Data length in bytes.
- * @param out Decrypted data (if null, then it is dynamically allocated).
- * @return int Size of decrypted data if success, -1 if failure.
- */
-  int AES_auth_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out);
+  [[deprecated("This function might be removed in further releases;")]] int AES_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out);
 
   /**
- * @brief Perform AES decryption.
+ * @brief Perform AES CBC decryption.
  * 
  * @param ctx Initialized AES context.
  * @param in Data to be decrypted.
  * @param inlen Data length in bytes.
  * @param out Decrypted data (if null, then it is dynamically allocated).
  * @return int Size of decrypted data if success, -1 if failure.
  */
-  [[deprecated("This function uses CBC mode for decryption and might be removed in further releases; Use AES_auth_decrypt instead.")]] int AES_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out);
+  [[deprecated("This function might be removed in further releases;")]] int AES_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out);
 
   /**
  * @brief Frees memory allocated for AES context.

diff --git a/include/aes_auth.hh b/include/aes_auth.hh
@@ -0,0 +1,67 @@
+/**
+ * @file aes_auth.hh
+ * @author Romulus-Emanuel Ruja <[email protected]>
+ * @brief This file contains function definitions for AES GCM
+ * @date 2021-12-19
+ * 
+ * @copyright Copyright (c) 2021 MIT License
+ * 
+ */
+
+
+#include "aes_const.hh"
+#include "types.hh"
+
+
+namespace CRYPTO
+{
+   /**
+ * @brief Perform AES GCM encryption.
+ * 
+ * @param ctx Initialized AES context.
+ * @param in Data to be encrypted.
+ * @param inlen Data length in bytes.
+ * @param out Encrypted data (if null, then it is dynamically allocated).
+ * @param aad Additional Authenticated Data (AAD)
+ * @param aadlen Additional authenticated data size in bytes
+ * @return int Size of encrypted data if success, -1 if failure.
+ */
+   int AES_auth_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out);
+
+   /**
+ * @brief Perform AES GCM encryption.
+ * 
+ * @param ctx Initialized AES context.
+ * @param in Data to be encrypted.
+ * @param inlen Data length in bytes.
+ * @param out Encrypted data (if null, then it is dynamically allocated).
+ * @param aad Additional Authenticated Data (AAD)
+ * @param aadlen Additional authenticated data size in bytes
+ * @return int Size of encrypted data if success, -1 if failure.
+ */
+   int AES_auth_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const BYTE *aad, SIZE aadlen, BYTES *out);
+
+   /**
+ * @brief Perform AES GCM decryption.
+ * 
+ * @param ctx Initialized AES context.
+ * @param in Data to be decrypted.
+ * @param inlen Data length in bytes.
+ * @param out Decrypted data (if null, then it is dynamically allocated).
+ * @param aad Additional Authenticated Data (AAD)
+ * @param aadlen Additional authenticated data size in bytes
+ * @return int Size of decrypted data if success, -1 if failure.
+ */
+   int AES_auth_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const BYTE *aad, SIZE aadlen, BYTES *out);
+
+   /**
+ * @brief Perform AES GCM decryption.
+ * 
+ * @param ctx Initialized AES context.
+ * @param in Data to be decrypted.
+ * @param inlen Data length in bytes.
+ * @param out Decrypted data (if null, then it is dynamically allocated).
+ * @return int Size of decrypted data if success, -1 if failure.
+ */
+   int AES_auth_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out);
+}
diff --git a/include/aes_types.hh b/include/aes_types.hh
@@ -8,13 +8,19 @@
 struct _AES_CRYPTO
 {
     BYTES key;
-    BYTES iv;
+    // single IV used AES_encrypt & AES_decrypt functions;
+    [[deprecated("It might be removed in further releases;")]] BYTES iv;
+
+    // distinct contexts are used for encryption & decryption
     EVP_CIPHER_CTX *encr;
     EVP_CIPHER_CTX *decr;
+
+    // track context initialization for encryption & decryption
     bool encrinit;
     bool decrinit;
-    bool iv_autoset;
-    bool iv_append;
+
+    [[deprecated("It might be removed in further releases;")]] bool iv_autoset;
+    [[deprecated("It might be removed in further releases;")]] bool iv_append;
 
     _AES_CRYPTO *ref;
 };

diff --git a/include/cryptography.hh b/include/cryptography.hh
@@ -11,6 +11,7 @@
 
 #include "aes_const.hh"
 #include "aes.hh"
+#include "aes_auth.hh"
 #include "base64.hh"
 #include "rsa.hh"
 #include "random.hh"

diff --git a/src/aes.cc b/src/aes.cc
@@ -119,6 +119,33 @@ int CRYPTO::AES_read_iv(const _AES_CRYPTO *ctx, SIZE ivlen, BYTES *iv)
     return 0;
 }
 
+int CRYPTO::AES_init_ctx(CRYPTO_OP op, AES_CRYPTO ctx)
+{
+    if ((op == ENCRYPT and not ctx->encrinit) or
+        (op == DECRYPT and not ctx->decrinit))
+    {
+        EVP_CIPHER_CTX **aes = 0;
+
+        op == ENCRYPT and (aes = &ctx->encr);
+        op == DECRYPT and (aes = &ctx->decr);
+
+        if (not(*aes or (*aes = EVP_CIPHER_CTX_new())))
+        {
+            return -1;
+        }
+
+        if (EVP_CIPHER_CTX_init(*aes) <= 0)
+        {
+            return -1;
+        }
+
+        op == ENCRYPT and (ctx->encrinit = 1);
+        op == DECRYPT and (ctx->decrinit = 1);
+    }
+
+    return 0;
+}
+
 int CRYPTO::AES_init(const BYTE *passphrase, SIZE passlen, const BYTE *salt, int rounds, CRYPTO_OP op, AES_CRYPTO ctx)
 {
     if (not ctx)