1 /**
2  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3  * SPDX-License-Identifier: Apache-2.0.
4  */
5 
6 #pragma once
7 
8 #include <aws/core/Core_EXPORTS.h>
9 #include <aws/core/utils/Array.h>
10 #include <memory>
11 
12 namespace Aws
13 {
14     namespace Utils
15     {
16         namespace Crypto
17         {
18             class Hash;
19             class HMAC;
20             class SymmetricCipher;
21             class HashFactory;
22             class HMACFactory;
23             class SymmetricCipherFactory;
24             class SecureRandomBytes;
25             class SecureRandomFactory;
26 
27             /**
28              * You need to call this before using any of the cryptography libs. Should be called after setting the factories.
29              */
30             AWS_CORE_API void InitCrypto();
31             /**
32              * You need to call this upon program shutdown.
33              */
34             AWS_CORE_API void CleanupCrypto();
35             /**
36              * OpenSSL infects everything with its global state. If it is being used then we automatically initialize and clean it up.
37              * If this is a problem for you, set this to false. Be aware that if you don't use our init and cleanup and you are using
38              * crypto functionality, you are responsible for installing thread locking, and loading strings and error messages.
39              */
40             AWS_CORE_API void SetInitCleanupOpenSSLFlag(bool initCleanupFlag);
41 
42             /**
43              * Create an MD5 Hash provider
44              */
45             AWS_CORE_API std::shared_ptr<Hash> CreateMD5Implementation();
46             /**
47              * Create a Sha1 Hash provider
48              */
49             AWS_CORE_API std::shared_ptr<Hash> CreateSha1Implementation();
50             /**
51              * Create a Sha256 Hash provider
52              */
53             AWS_CORE_API std::shared_ptr<Hash> CreateSha256Implementation();
54             /**
55              * Create a Sha256 HMACHash provider
56              */
57             AWS_CORE_API std::shared_ptr<HMAC> CreateSha256HMACImplementation();
58 
59             /**
60              * Create AES in CBC mode off of a 256 bit key. Auto Generates a 16 byte secure random IV
61              */
62             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_CBCImplementation(const CryptoBuffer& key);
63             /**
64              * Create AES in CBC mode off of a 256 bit key and 16 byte IV
65              */
66             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_CBCImplementation(const CryptoBuffer& key, const CryptoBuffer& iv);
67             /**
68              * Create AES in CBC mode off of a 256 bit key and 16 byte IV
69              */
70             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_CBCImplementation(CryptoBuffer&& key, CryptoBuffer&& iv);
71 
72             /**
73              * Create AES in CTR mode off of a 256 bit key. Auto Generates a 16 byte IV in the format
74              * [nonce 4bytes ] [securely random iv 8 bytes] [ CTR init 4bytes ]
75              */
76             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_CTRImplementation(const CryptoBuffer& key);
77             /**
78              * Create AES in CTR mode off of a 256 bit key and 16 byte IV
79              */
80             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_CTRImplementation(const CryptoBuffer& key, const CryptoBuffer& iv);
81             /**
82              * Create AES in CTR mode off of a 256 bit key and 16 byte IV
83              */
84             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_CTRImplementation(CryptoBuffer&& key, CryptoBuffer&& iv);
85 
86             /**
87              * Create AES in GCM mode off of a 256 bit key. Auto Generates a 12 byte secure random IV.
88              */
89             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_GCMImplementation(const CryptoBuffer& key);
90             /**
91              * Create AES in GCM mode off of a 256 bit key. Auto Generates a 12 byte secure random IV and aad.
92              */
93             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_GCMImplementation(const CryptoBuffer& key, const CryptoBuffer* aad);
94             /**
95              * Create AES in GCM mode off of a 256 bit key, a 12 byte secure random IV, and an optional 16 byte Tag. If you are using this
96              * cipher to decrypt an encrypted payload, you must set the tag here.
97              */
98             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_GCMImplementation(const CryptoBuffer& key, const CryptoBuffer& iv,
99                                                                                       const CryptoBuffer& tag = CryptoBuffer(0), const CryptoBuffer& aad = CryptoBuffer(0));
100             /**
101              * Create AES in GCM mode off of a 256 bit key, a 16 byte secure random IV, and an optional 16 byte Tag, as well an optional add. If you are using this
102              * cipher to decrypt an encrypted payload, you must set the tag here.
103              */
104             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_GCMImplementation(CryptoBuffer&& key, CryptoBuffer&& iv,
105                                                                                       CryptoBuffer&& tag = CryptoBuffer(0), CryptoBuffer&& aad = CryptoBuffer(0));
106             /**
107              * Create AES in Key Wrap mode off of a 256 bit key.
108              */
109             AWS_CORE_API std::shared_ptr<SymmetricCipher> CreateAES_KeyWrapImplementation(const CryptoBuffer& key);
110 
111             /**
112              * Create SecureRandomBytes instance
113              */
114             AWS_CORE_API std::shared_ptr<SecureRandomBytes> CreateSecureRandomBytesImplementation();
115 
116             /**
117              * Set the global factory for MD5 Hash providers
118              */
119             AWS_CORE_API void SetMD5Factory(const std::shared_ptr<HashFactory>& factory);
120             /**
121              * Set the global factory for Sha1 Hash providers
122              */
123             AWS_CORE_API void SetSha1Factory(const std::shared_ptr<HashFactory>& factory);
124             /**
125              * Set the global factory for Sha256 Hash providers
126              */
127             AWS_CORE_API void SetSha256Factory(const std::shared_ptr<HashFactory>& factory);
128             /**
129              * Set the global factory for Sha256 HMAC Hash providers
130              */
131             AWS_CORE_API void SetSha256HMACFactory(const std::shared_ptr<HMACFactory>& factory);
132             /**
133              * Set the global factory for AES in CBC mode providers
134              */
135             AWS_CORE_API void SetAES_CBCFactory(const std::shared_ptr<SymmetricCipherFactory>& factory);
136             /**
137              * Set the global factory for AES in CTR mode providers
138              */
139             AWS_CORE_API void SetAES_CTRFactory(const std::shared_ptr<SymmetricCipherFactory>& factory);
140             /**
141              * Set the global factory for AES in GCM mode providers
142              */
143             AWS_CORE_API void SetAES_GCMFactory(const std::shared_ptr<SymmetricCipherFactory>& factory);
144             /**
145              * Set the global factory for AES in Key Wrap mode providers
146              */
147             AWS_CORE_API void SetAES_KeyWrapFactory(const std::shared_ptr<SymmetricCipherFactory>& factory);
148             /**
149              * Set the global factory for secure random bytes
150              */
151             AWS_CORE_API void SetSecureRandomFactory(const std::shared_ptr<SecureRandomFactory>& factory);
152 
153         } // namespace Crypto
154     } // namespace Utils
155 } // namespace Aws
156