1 /** 2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 * SPDX-License-Identifier: Apache-2.0. 4 */ 5 #pragma once 6 #include <aws/core/utils/crypto/EncryptionMaterials.h> 7 #include <aws/s3-encryption/s3Encryption_EXPORTS.h> 8 9 #if defined(_MSC_VER) && (_MSC_VER <= 1900 ) 10 #pragma warning (disable : 4996) 11 #endif 12 namespace Aws 13 { 14 namespace S3Encryption 15 { 16 namespace Materials 17 { 18 /* 19 * Simple Encryption Materials is responsible for handling the encryption/decryption of 20 * content encryption keys. This class will use a user provided symmetric 21 * master key to encrypt/decrypt keys with AES Key Wrap. 22 */ 23 class AWS_S3ENCRYPTION_API SimpleEncryptionMaterialsBase : public Aws::Utils::Crypto::EncryptionMaterials 24 { 25 public: 26 /* 27 Initialize with symmetric key. 28 */ 29 SimpleEncryptionMaterialsBase(const Aws::Utils::CryptoBuffer& symmetricKey); 30 31 /* 32 * This will encrypt the cek within the Content Crypto material and KeyWrapAlgorithm within the Content Crypto Material. 33 * This will occur in place and will directly manipulate the content crypto material passed to it. 34 */ 35 Aws::Utils::Crypto::CryptoOutcome EncryptCEK(Aws::Utils::Crypto::ContentCryptoMaterial& contentCryptoMaterial) override; 36 37 /* 38 * This will decrypt the cek with the symmetric master key. 39 * This will occur in place and will directly manipulate the content crypto material passed to it. 40 */ 41 Aws::Utils::Crypto::CryptoOutcome DecryptCEK(Aws::Utils::Crypto::ContentCryptoMaterial& contentCryptoMaterial) override; 42 43 protected: 44 virtual std::shared_ptr<Aws::Utils::Crypto::SymmetricCipher> CreateCipher(Aws::Utils::Crypto::ContentCryptoMaterial&, bool) const; 45 46 virtual Aws::Utils::Crypto::KeyWrapAlgorithm GetKeyWrapAlgorithm() const; 47 48 Aws::Utils::CryptoBuffer m_symmetricMasterKey; 49 }; 50 51 /** 52 * @deprecated This class is in the maintenance mode, no new updates will be released, use SimpleEncryptionMaterialsWithGCMAAD. 53 */ 54 class 55 AWS_DEPRECATED("This class is in the maintenance mode, no new updates will be released, use SimpleEncryptionMaterialsWithGCMAAD. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information.") 56 AWS_S3ENCRYPTION_API SimpleEncryptionMaterials : public SimpleEncryptionMaterialsBase 57 { 58 public: SimpleEncryptionMaterials(const Aws::Utils::CryptoBuffer & symmetricKey)59 SimpleEncryptionMaterials(const Aws::Utils::CryptoBuffer& symmetricKey) 60 : SimpleEncryptionMaterialsBase(symmetricKey) {} 61 }; 62 63 /** 64 * SimpleEncryptionMaterialsWithGCMAAD provides more secure key wrap algorithm than SimpleEncryptionMaterials. See https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html 65 * Examples: https://github.com/awsdocs/aws-doc-sdk-examples/blob/master/cpp/example_code/s3encryption/s3Encryption.cpp 66 */ 67 class AWS_S3ENCRYPTION_API SimpleEncryptionMaterialsWithGCMAAD : public SimpleEncryptionMaterialsBase 68 { 69 public: SimpleEncryptionMaterialsWithGCMAAD(const Aws::Utils::CryptoBuffer & symmetricKey)70 SimpleEncryptionMaterialsWithGCMAAD(const Aws::Utils::CryptoBuffer& symmetricKey) 71 : SimpleEncryptionMaterialsBase(symmetricKey) {} 72 73 protected: 74 Aws::Utils::Crypto::KeyWrapAlgorithm GetKeyWrapAlgorithm() const override; 75 }; 76 77 }//namespace Materials 78 }//namespace S3Encryption 79 }//namespace Aws 80