Remove aes_gcm_encrypt/decrypt convenience API from ccf::crypto (#7811)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: maxtropets <16566519+maxtropets@users.noreply.github.com>
Co-authored-by: Max <maxtropets@microsoft.com>

Author: Copilot

CHANGELOG.md

@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [7.0.0-rc2]
+
+[7.0.0-rc2]: https://github.com/microsoft/CCF/releases/tag/ccf-7.0.0-rc2
+
+### Removed
+
+- Removed `aes_gcm_encrypt()`, `aes_gcm_decrypt()`, and `default_iv` from `ccf::crypto` (#7811).
+
 ## [7.0.0-rc1]
 
 [7.0.0-rc1]: https://github.com/microsoft/CCF/releases/tag/ccf-7.0.0-rc1

doc/build_apps/crypto.rst

@@ -63,12 +63,6 @@ Symmetric Keys
 
 Currently, only AES-GCM is supported for symmetric encryption. New keys are generated via :cpp:func:`ccf::crypto::Entropy::random`
 
-.. doxygenfunction:: ccf::crypto::aes_gcm_encrypt
-  :project: CCF
-
-.. doxygenfunction:: ccf::crypto::aes_gcm_decrypt
-  :project: CCF
-
 .. doxygenclass:: ccf::crypto::Entropy
   :project: CCF
   :members:

include/ccf/crypto/symmetric_key.h

@@ -106,31 +106,4 @@ namespace ccf::crypto
       throw std::runtime_error("Unsupported key size");
     }
   }
-
-  /** Default initialization vector for AES-GCM (12 zeroes) */
-  static std::vector<uint8_t> default_iv(iv_size, 0);
-
-  /// AES-GCM Encryption with @p key of @p data
-  /// @param key The key
-  /// @param plaintext The data
-  /// @param iv Intialization vector
-  /// @param aad Additional authenticated data
-  /// @return ciphertext
-  std::vector<uint8_t> aes_gcm_encrypt(
-    std::span<const uint8_t> key,
-    std::span<const uint8_t> plaintext,
-    const std::vector<uint8_t>& iv = default_iv,
-    const std::vector<uint8_t>& aad = {});
-
-  /// AES-GCM Decryption with @p key of @p data
-  /// @param key The key
-  /// @param ciphertext The (encrypted) data
-  /// @param iv Initialization vector
-  /// @param aad Additional authenticated data
-  /// @return plaintext
-  std::vector<uint8_t> aes_gcm_decrypt(
-    std::span<const uint8_t> key,
-    std::span<const uint8_t> ciphertext,
-    const std::vector<uint8_t>& iv = default_iv,
-    const std::vector<uint8_t>& aad = {});
 }

python/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ccf"
-version = "7.0.0.rc1"
+version = "7.0.0.rc2"
 authors = [
   { name="CCF Team", email="CCF-Sec@microsoft.com" },
 ]

src/crypto/symmetric_key.cpp

@@ -7,8 +7,6 @@
 #include "ccf/crypto/symmetric_key.h"
 #include "ds/serialized.h"
 
-#include <climits>
-
 #define FMT_HEADER_ONLY
 #include <fmt/format.h>
 
@@ -103,49 +101,4 @@ namespace ccf::crypto
   {
     return std::make_unique<KeyAesGcm_OpenSSL>(rawKey);
   }
-
-  std::vector<uint8_t> aes_gcm_encrypt(
-    std::span<const uint8_t> key,
-    std::span<const uint8_t> plaintext,
-    const std::vector<uint8_t>& iv,
-    const std::vector<uint8_t>& aad)
-  {
-    check_supported_aes_key_size(key.size() * CHAR_BIT);
-
-    std::vector<uint8_t> r;
-    std::vector<uint8_t> tag(GCM_SIZE_TAG);
-    auto k = make_key_aes_gcm(key);
-    k->encrypt(iv, plaintext, aad, r, tag.data());
-    r.insert(r.end(), tag.begin(), tag.end());
-    return r;
-  }
-
-  std::vector<uint8_t> aes_gcm_decrypt(
-    std::span<const uint8_t> key,
-    std::span<const uint8_t> ciphertext,
-    const std::vector<uint8_t>& iv,
-    const std::vector<uint8_t>& aad)
-  {
-    check_supported_aes_key_size(key.size() * CHAR_BIT);
-
-    if (ciphertext.size() <= GCM_SIZE_TAG)
-    {
-      throw std::runtime_error("Not enough ciphertext");
-    }
-
-    size_t ciphertext_length = ciphertext.size() - GCM_SIZE_TAG;
-    std::vector<uint8_t> r;
-    auto k = make_key_aes_gcm(key);
-    if (!k->decrypt(
-          iv,
-          ciphertext.data() + ciphertext_length,
-          std::span<const uint8_t>(ciphertext.data(), ciphertext_length),
-          aad,
-          r))
-    {
-      throw std::runtime_error("Failed to decrypt");
-    }
-
-    return r;
-  }
 }

src/crypto/test/crypto.cpp

@@ -886,15 +886,6 @@ TEST_CASE("CKM_RSA_AES_KEY_WRAP")
   REQUIRE(unwrapped == key_to_wrap);
 }
 
-TEST_CASE("AES-GCM convenience functions")
-{
-  EntropyPtr entropy = get_entropy();
-  std::vector<uint8_t> key = entropy->random(GCM_DEFAULT_KEY_SIZE);
-  auto encrypted = aes_gcm_encrypt(key, contents);
-  auto decrypted = aes_gcm_decrypt(key, encrypted);
-  REQUIRE(decrypted == contents);
-}
-
 TEST_CASE("x509 time")
 {
   auto time = ccf::nonstd::SystemClock::now();
@@ -1334,23 +1325,6 @@ TEST_CASE("Sign and verify a chain with an intermediate and different subjects")
   REQUIRE(!rc);
 }
 
-TEST_CASE("Decrypt should validate integrity")
-{
-  auto key = get_entropy()->random(16);
-  std::vector<uint8_t> expected_plaintext = {0xde, 0xad, 0xbe, 0xef};
-  auto ciphertext = ccf::crypto::aes_gcm_encrypt(key, expected_plaintext);
-  auto decrypted_plaintext = ccf::crypto::aes_gcm_decrypt(key, ciphertext);
-
-  CHECK_EQ(expected_plaintext, decrypted_plaintext);
-
-  // corrupt part of ciphertext
-  auto broken_ciphertext = std::vector<uint8_t>(ciphertext);
-  broken_ciphertext[ciphertext.size() / 2] =
-    ~broken_ciphertext[ciphertext.size() / 2];
-
-  CHECK_THROWS(ccf::crypto::aes_gcm_decrypt(key, broken_ciphertext));
-}
-
 TEST_CASE("Do not trust non-ca certs")
 {
   auto kp = ccf::crypto::make_ec_key_pair(CurveID::SECP384R1);

src/pal/test/snp_ioctl_test.cpp

@@ -42,10 +42,17 @@ TEST_CASE("SNP derive key")
     ccf::ds::to_hex(key1->get_raw()), ccf::ds::to_hex(key2->get_raw()));
 
   std::vector<uint8_t> expected_plaintext = {0xde, 0xad, 0xbe, 0xef};
-  auto ciphertext =
-    ccf::crypto::aes_gcm_encrypt(key1->get_raw(), expected_plaintext);
-  auto decrypted_plaintext =
-    ccf::crypto::aes_gcm_decrypt(key2->get_raw(), ciphertext);
+  auto entropy = ccf::crypto::get_entropy();
+  auto iv = entropy->random(ccf::crypto::iv_size);
+
+  auto k1 = ccf::crypto::make_key_aes_gcm(key1->get_raw());
+  std::vector<uint8_t> cipher;
+  uint8_t tag[ccf::crypto::GCM_SIZE_TAG];
+  k1->encrypt(iv, expected_plaintext, {}, cipher, tag);
+
+  auto k2 = ccf::crypto::make_key_aes_gcm(key2->get_raw());
+  std::vector<uint8_t> decrypted_plaintext;
+  REQUIRE(k2->decrypt(iv, tag, cipher, {}, decrypted_plaintext));
 
   CHECK_EQ(
     ccf::ds::to_hex(expected_plaintext), ccf::ds::to_hex(decrypted_plaintext));
@@ -63,21 +70,17 @@ TEST_CASE("SNP derived keys with different TCBs should be different")
   CHECK_NE(ccf::ds::to_hex(key1->get_raw()), ccf::ds::to_hex(key2->get_raw()));
 
   std::vector<uint8_t> expected_plaintext = {0xde, 0xad, 0xbe, 0xef};
-  bool threw = false;
-  try
-  {
-    auto ciphertext =
-      ccf::crypto::aes_gcm_encrypt(key1->get_raw(), expected_plaintext);
-    auto decrypted_plaintext =
-      ccf::crypto::aes_gcm_decrypt(key2->get_raw(), ciphertext);
-  }
-  catch (std::runtime_error& e)
-  {
-    CHECK(std::string(e.what()) == "Failed to decrypt");
-    threw = true;
-  }
+  auto entropy = ccf::crypto::get_entropy();
+  auto iv = entropy->random(ccf::crypto::iv_size);
+
+  auto k1 = ccf::crypto::make_key_aes_gcm(key1->get_raw());
+  std::vector<uint8_t> cipher;
+  uint8_t tag[ccf::crypto::GCM_SIZE_TAG];
+  k1->encrypt(iv, expected_plaintext, {}, cipher, tag);
 
-  CHECK(threw == true);
+  auto k2 = ccf::crypto::make_key_aes_gcm(key2->get_raw());
+  std::vector<uint8_t> decrypted_plaintext;
+  CHECK_FALSE(k2->decrypt(iv, tag, cipher, {}, decrypted_plaintext));
 }
 
 int main(int argc, char** argv)