• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2018 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 
17 #ifndef TINK_INTEGRATION_AWSKMS_AWS_KMS_AEAD_H_
18 #define TINK_INTEGRATION_AWSKMS_AWS_KMS_AEAD_H_
19 
20 #include "aws/kms/KMSClient.h"
21 #include "absl/strings/string_view.h"
22 #include "tink/aead.h"
23 #include "tink/util/statusor.h"
24 
25 namespace crypto {
26 namespace tink {
27 namespace integration {
28 namespace awskms {
29 
30 // AwsKmsAead is an implementation of AEAD that forwards encryption/decryption
31 // requests to a key managed by the AWS KMS (https://aws.amazon.com/kms).
32 class AwsKmsAead : public Aead {
33  public:
34   // Move only.
35   AwsKmsAead(AwsKmsAead&& other) = default;
36   AwsKmsAead& operator=(AwsKmsAead&& other) = default;
37   AwsKmsAead(const AwsKmsAead&) = delete;
38   AwsKmsAead& operator=(const AwsKmsAead&) = delete;
39 
40   // Creates a new AwsKmsAead that is bound to the key specified in `key_arn`,
41   // and that uses the given client when communicating with the KMS.
42   static crypto::tink::util::StatusOr<std::unique_ptr<Aead>> New(
43       absl::string_view key_arn,
44       std::shared_ptr<Aws::KMS::KMSClient> aws_client);
45 
46   crypto::tink::util::StatusOr<std::string> Encrypt(
47       absl::string_view plaintext,
48       absl::string_view associated_data) const override;
49 
50   crypto::tink::util::StatusOr<std::string> Decrypt(
51       absl::string_view ciphertext,
52       absl::string_view associated_data) const override;
53 
54  private:
AwsKmsAead(absl::string_view key_arn,std::shared_ptr<Aws::KMS::KMSClient> aws_client)55   AwsKmsAead(absl::string_view key_arn,
56              std::shared_ptr<Aws::KMS::KMSClient> aws_client)
57       : key_arn_(key_arn), aws_client_(aws_client) {}
58 
59   std::string key_arn_;  // The location of a crypto key in AWS KMS.
60   std::shared_ptr<Aws::KMS::KMSClient> aws_client_;
61 };
62 
63 }  // namespace awskms
64 }  // namespace integration
65 }  // namespace tink
66 }  // namespace crypto
67 
68 #endif  // TINK_INTEGRATION_AWSKMS_AWS_KMS_AEAD_H_
69