diff --git a/include/aes.hh b/include/aes.hh index 44395ca..1062bc3 100644 --- a/include/aes.hh +++ b/include/aes.hh @@ -1,8 +1,7 @@ /** * @file aes.hh - * @author Romulus-Emanuel Ruja + * @author Romulus-Emanuel Ruja * @brief This file contains functions for basic AES operations. - * @version 0.1 * @date 2021-07-06 * * @copyright Copyright (c) 2021 MIT License. @@ -17,73 +16,73 @@ namespace CRYPTO { - /** + /** * @brief Create new AES encryption / decryption context. * * @return AES_CRYPTO AES encryption / decryption context. */ - AES_CRYPTO AES_CRYPTO_new(); + AES_CRYPTO AES_CRYPTO_new(); - /** + /** * @brief Setup key to be used for AES encryption / decryption. * * @param key Key to be used. * @param ctx AES context to setup encryption key. * @return int 0 if success, -1 if failure. */ - int AES_setup_key(const BYTE *key, SIZE keylen, AES_CRYPTO ctx); + int AES_setup_key(const BYTE *key, SIZE keylen, AES_CRYPTO ctx); - /** + /** * @brief Enable or disable IV autoset. If IV autoset enabled, then a new IV is generated on every encryption cycle. * * @param autoset IV autoset flag * @param ctx AES to enable IV autoset */ - [[deprecated("This function might be removed in further releases; AES_auth_encrypt will automatically generate a new IV on every encryption cycle.")]] void AES_iv_autoset(bool autoset, AES_CRYPTO ctx); + [[deprecated("This function might be removed in further releases; AES_auth_encrypt will automatically generate a new IV on every encryption cycle.")]] void AES_iv_autoset(bool autoset, AES_CRYPTO ctx); - /** + /** * @brief Enable or disable IV append. If IV append enabled, then IV will be put at the beginning of every ciphertext. * * @param append IV append flag * @param ctx AES to enable IV append */ - [[deprecated("This function might be removed in further releases; AES_auth_encrypt will automatically append IV to ciphertext")]] void AES_iv_append(bool append, AES_CRYPTO ctx); + [[deprecated("This function might be removed in further releases; AES_auth_encrypt will automatically append IV to ciphertext")]] void AES_iv_append(bool append, AES_CRYPTO ctx); - /** + /** * @brief Setup initialization vector to be used for encryption / decryption. * * @param iv Initialization vector (tipically a 16 bytes random vector). * @param ctx AES context to setup iv vector. * @return int 0 if success, -1 if failure. */ - int AES_setup_iv(const BYTE *iv, SIZE ivlen, AES_CRYPTO ctx); + int AES_setup_iv(const BYTE *iv, SIZE ivlen, AES_CRYPTO ctx); - /** + /** * @brief Return current encryption key from AES context. * * @param ctx Context to retrieve key from. * @return SIZE return length of key in bytes. */ - int AES_read_key(const _AES_CRYPTO *ctx, SIZE keylen, BYTES *key); + int AES_read_key(const _AES_CRYPTO *ctx, SIZE keylen, BYTES *key); - /** + /** * @brief Get initialization vector from AES context. * * @param ctx Context to retrieve iv from. * @return SIZE Size of iv in bytes or -1 if no iv is used within this context. */ - int AES_read_iv(const _AES_CRYPTO *ctx, SIZE ivlen, BYTES *iv); + int AES_read_iv(const _AES_CRYPTO *ctx, SIZE ivlen, BYTES *iv); - /** + /** * @brief Initialize AES contex for specified operation. * * @param op Cryptographic operation: ENCRYPT / DECRYPT. * @param ctx AES context to be initialized. * @return int */ - int AES_init_ctx(CRYPTO_OP op, AES_CRYPTO ctx); + int AES_init_ctx(CRYPTO_OP op, AES_CRYPTO ctx); - /** + /** * @brief Initialize AES contex for specified operation. * * @param passphrase Passphrase to be used for encryption. @@ -94,9 +93,9 @@ namespace CRYPTO * @param ctx AES context to be initialized. * @return int 0 for success, -1 for failure. */ - [[deprecated("This function initializes AES context in CBC mode and it might be removed in further releases. Use AES_setup key & AES_init_ctx instead.")]] int AES_init(const BYTE *passphrase, SIZE passlen, const BYTE *salt, int rounds, CRYPTO_OP op, AES_CRYPTO ctx); + [[deprecated("This function initializes AES context in CBC mode and it might be removed in further releases. Use AES_setup key & AES_init_ctx instead.")]] int AES_init(const BYTE *passphrase, SIZE passlen, const BYTE *salt, int rounds, CRYPTO_OP op, AES_CRYPTO ctx); - /** + /** * @brief Initialize AES context for both encryption and decryption. * * @param passphrase Passphrase to be used for encryption. @@ -107,25 +106,25 @@ namespace CRYPTO * @param ctx AES context to be initialized. * @return int 0 for success, -1 for failure. */ - [[deprecated("This function initializes AES context in CBC mode and it might be removed in further releases. Use AES_setup key & AES_init_ctx instead.")]] int AES_init(const BYTE *passphrase, SIZE passlen, const BYTE *salt, int rounds, AES_CRYPTO ctx); + [[deprecated("This function initializes AES context in CBC mode and it might be removed in further releases. Use AES_setup key & AES_init_ctx instead.")]] int AES_init(const BYTE *passphrase, SIZE passlen, const BYTE *salt, int rounds, AES_CRYPTO ctx); - /** + /** * @brief Check if AES context is ready for encryption; * * @param ctx AES context to be checked * @return int 1 if AES context is ready for encryption, 0 otherwise */ - int AES_encrypt_ready(const _AES_CRYPTO *ctx); + int AES_encrypt_ready(const _AES_CRYPTO *ctx); - /** + /** * @brief Check if AES context is ready for decryption; * * @param ctx AES context to be checked * @return int 1 if AES context is ready for decryption, 0 otherwise */ - int AES_decrypt_ready(const _AES_CRYPTO *ctx); + int AES_decrypt_ready(const _AES_CRYPTO *ctx); - /** + /** * @brief Duplicates AES context. Destination context will use the same resources as source context. * For example, if you clean up destination context, source context will be freed too. * This function is used when you want to encrypt / decrypt using different keys, but you don't want to allocate @@ -135,9 +134,9 @@ namespace CRYPTO * @param src Source AES context. * @return int 0 if success, -1 if failure. */ - int AES_ctx_dup(AES_CRYPTO dest, const _AES_CRYPTO *src); + int AES_ctx_dup(AES_CRYPTO dest, const _AES_CRYPTO *src); - /** + /** * @brief Perform AES encryption. * * @param ctx Initialized AES context. @@ -148,9 +147,9 @@ namespace CRYPTO * @param aadlen Additional authenticated data size in bytes * @return int Size of encrypted data if success, -1 if failure. */ - int AES_auth_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const BYTE *aad, SIZE aadlen, BYTES *out); + int AES_auth_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const BYTE *aad, SIZE aadlen, BYTES *out); - /** + /** * @brief Perform AES encryption. * * @param ctx Initialized AES context. @@ -159,9 +158,20 @@ namespace CRYPTO * @param out Encrypted data (if null, then it is dynamically allocated). * @return int Size of encrypted data if success, -1 if failure. */ - [[deprecated("This function uses CBC mode for encryption and might be removed in further releases; Use AES_auth_encrypt instead.")]] int AES_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out); + int AES_auth_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out); - /** + /** + * @brief Perform AES encryption. + * + * @param ctx Initialized AES context. + * @param in Data to be encrypted. + * @param inlen Data length in bytes. + * @param out Encrypted data (if null, then it is dynamically allocated). + * @return int Size of encrypted data if success, -1 if failure. + */ + [[deprecated("This function uses CBC mode for encryption and might be removed in further releases; Use AES_auth_encrypt instead.")]] int AES_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out); + + /** * @brief Perform AES encryption. * * @param ctx Initialized AES context. @@ -172,9 +182,20 @@ namespace CRYPTO * @param aadlen Additional authenticated data size in bytes * @return int Size of encrypted data if success, -1 if failure. */ - int AES_auth_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const BYTE *aad, SIZE aadlen, BYTES *out); + int AES_auth_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const BYTE *aad, SIZE aadlen, BYTES *out); + + /** + * @brief Perform AES decryption. + * + * @param ctx Initialized AES context. + * @param in Data to be decrypted. + * @param inlen Data length in bytes. + * @param out Decrypted data (if null, then it is dynamically allocated). + * @return int Size of decrypted data if success, -1 if failure. + */ + int AES_auth_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out); - /** + /** * @brief Perform AES decryption. * * @param ctx Initialized AES context. @@ -183,16 +204,16 @@ namespace CRYPTO * @param out Decrypted data (if null, then it is dynamically allocated). * @return int Size of decrypted data if success, -1 if failure. */ - [[deprecated("This function uses CBC mode for decryption and might be removed in further releases; Use AES_auth_decrypt instead.")]] int AES_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out); + [[deprecated("This function uses CBC mode for decryption and might be removed in further releases; Use AES_auth_decrypt instead.")]] int AES_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out); - /** + /** * @brief Frees memory allocated for AES context. * * @param ctx Context to be freed. */ - void AES_CRYPTO_free(AES_CRYPTO ctx); + void AES_CRYPTO_free(AES_CRYPTO ctx); - void AES_CRYPTO_free_keys(AES_CRYPTO ctx); + void AES_CRYPTO_free_keys(AES_CRYPTO ctx); } #endif diff --git a/include/aes_const.hh b/include/aes_const.hh index bc91ace..131521b 100644 --- a/include/aes_const.hh +++ b/include/aes_const.hh @@ -1,3 +1,14 @@ +/** + * @file aes_const.hh + * @author Romulus-Emanuel Ruja + * @brief This file contains some constants used in AES GCM Mode. + * @date 2021-12-19 + * + * @copyright Copyright (c) 2021 MIT License. + * + */ + + #ifndef AES_CONST_HH #define AES_CONST_HH diff --git a/include/aes_types.hh b/include/aes_types.hh new file mode 100644 index 0000000..d16907b --- /dev/null +++ b/include/aes_types.hh @@ -0,0 +1,22 @@ +#ifndef AES_TYPES_HH +#define AES_TYPES_HH + +#include "types.hh" + +#include + +struct _AES_CRYPTO +{ + BYTES key; + BYTES iv; + EVP_CIPHER_CTX *encr; + EVP_CIPHER_CTX *decr; + bool encrinit; + bool decrinit; + bool iv_autoset; + bool iv_append; + + _AES_CRYPTO *ref; +}; + +#endif diff --git a/include/base64.hh b/include/base64.hh index 0684068..553b39c 100644 --- a/include/base64.hh +++ b/include/base64.hh @@ -1,8 +1,7 @@ /** * @file base64.hh - * @author Romulus-Emanuel Ruja + * @author Romulus-Emanuel Ruja * @brief This file contain functions for base64 encoding & decoding. - * @version 0.1 * @date 2021-07-06 * * @copyright Copyright (c) 2021 MIT License. diff --git a/include/cryptography.hh b/include/cryptography.hh index 1f13c34..5d6f66f 100644 --- a/include/cryptography.hh +++ b/include/cryptography.hh @@ -1,8 +1,7 @@ /** * @file cryptography.hh - * @author Romulus-Emanuel Ruja + * @author Romulus-Emanuel Ruja * @brief You should include this file in your project in order to have access to all cryptographic operations. - * @version 0.1 * @date 2021-07-06 * * @copyright Copyright (c) 2021 MIT License. @@ -10,9 +9,11 @@ */ +#include "aes_const.hh" #include "aes.hh" -#include "rsa.hh" #include "base64.hh" +#include "rsa.hh" +#include "random.hh" #include "types.hh" #include "sha.hh" -#include "random.hh" +#include "types.hh" diff --git a/include/rsa.hh b/include/rsa.hh index d2bf674..621cc69 100644 --- a/include/rsa.hh +++ b/include/rsa.hh @@ -1,8 +1,7 @@ /** * @file rsa.hh - * @author Romulus-Emanuel Ruja + * @author Romulus-Emanuel Ruja * @brief This file contains functions for basic RSA operations. - * @version 0.1 * @date 2021-07-06 * * @copyright Copyright (c) 2021 MIT License. diff --git a/include/sha.hh b/include/sha.hh index 5b6139e..7a6bd3f 100644 --- a/include/sha.hh +++ b/include/sha.hh @@ -1,8 +1,7 @@ /** * @file sha.hh - * @author Romulus-Emanuel Ruja + * @author Romulus-Emanuel Ruja * @brief This file contains functions for SHA hashing. - * @version 0.1 * @date 2021-07-06 * * @copyright Copyright (c) 2021 MIT License. diff --git a/include/types.hh b/include/types.hh index 2b7a9fc..e8e8f6c 100644 --- a/include/types.hh +++ b/include/types.hh @@ -1,8 +1,7 @@ /** * @file types.hh - * @author Romulus-Emanuel Ruja + * @author Romulus-Emanuel Ruja * @brief This file contain some type definitions. - * @version 0.1 * @date 2021-07-06 * * @copyright Copyright (c) 2021 MIT License. diff --git a/src/aes.cc b/src/aes.cc index a35c51d..5a29b72 100644 --- a/src/aes.cc +++ b/src/aes.cc @@ -1,3 +1,4 @@ +#include "aes_types.hh" #include "aes.hh" #include "random.hh" @@ -5,20 +6,6 @@ #include #include -struct _AES_CRYPTO -{ - BYTES key; - BYTES iv; - EVP_CIPHER_CTX *encr; - EVP_CIPHER_CTX *decr; - bool encrinit; - bool decrinit; - bool iv_autoset; - bool iv_append; - - _AES_CRYPTO *ref; -}; - static inline SIZE AES_get_encrypted_size(SIZE inlen) { return inlen + AES_BLOCK_SIZE; diff --git a/src/aes_auth.cc b/src/aes_auth.cc index adbb374..294b7c8 100644 --- a/src/aes_auth.cc +++ b/src/aes_auth.cc @@ -1,25 +1,12 @@ -#include "../include/aes.hh" -#include "../include/random.hh" +#include "aes_types.hh" +#include "aes.hh" +#include "random.hh" #include #include #include -struct _AES_CRYPTO -{ - BYTES key; - BYTES iv; - EVP_CIPHER_CTX *encr; - EVP_CIPHER_CTX *decr; - bool encrinit; - bool decrinit; - bool iv_autoset; - bool iv_append; - - _AES_CRYPTO *ref; -}; - int CRYPTO::AES_init_ctx(CRYPTO_OP op, AES_CRYPTO ctx) { if ((op == ENCRYPT and not ctx->encrinit) or @@ -134,6 +121,11 @@ int CRYPTO::AES_auth_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const B return f_len + len + AES_GCM_IV_SIZE + AES_GCM_TAG_SIZE; } +int CRYPTO::AES_auth_encrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out) +{ + return AES_auth_encrypt(ctx, in, inlen, 0, 0, out); +} + int CRYPTO::AES_auth_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const BYTE *aad, SIZE aadlen, BYTES *out) { if (1 != EVP_DecryptInit_ex(ctx->decr, EVP_aes_256_gcm(), NULL, NULL, NULL)) @@ -203,3 +195,8 @@ int CRYPTO::AES_auth_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, const B return len + f_len; } + +int CRYPTO::AES_auth_decrypt(AES_CRYPTO ctx, const BYTE *in, SIZE inlen, BYTES *out) +{ + return AES_auth_decrypt(ctx, in, inlen, 0, 0, out); +} diff --git a/tests/main.cc b/tests/main.cc index 0d02cb7..5e9ecd5 100644 --- a/tests/main.cc +++ b/tests/main.cc @@ -6,25 +6,6 @@ using namespace std; -/* -static BYTES read_file(string filename, const char *open_mode) -{ - FILE *file = fopen(filename.c_str(), open_mode); - - fseek(file, 0, SEEK_END); - long filesize = ftell(file); - fseek(file, 0, SEEK_SET); - - BYTES data = new BYTE[filesize + 1]; - - fread(data, sizeof(BYTE), filesize, file); - - fclose(file); - - return data; -} -*/ - /** * @brief Basic example for base64 encoding / decoding. * @@ -82,12 +63,12 @@ bool test_AES() cout << "aes_decrypt_ready: " << CRYPTO::AES_decrypt_ready(ctx) << "\n"; BYTES encr = 0; - int encrlen = CRYPTO::AES_auth_encrypt(ctx, data, datalen, 0, 0, &encr); + int encrlen = CRYPTO::AES_auth_encrypt(ctx, data, datalen, &encr); cout << "aes_auth_encr: " << encrlen << "\n"; BYTES decr = 0; - int decrlen = CRYPTO::AES_auth_decrypt(ctx, encr, encrlen, 0, 0, &decr); + int decrlen = CRYPTO::AES_auth_decrypt(ctx, encr, encrlen, &decr); cout << "aes_auth_decr: " << decrlen << "\n";