commit 6dde87c27ec620c0962507b58ece3fbe94bbff02
author Shawn Willden <swillden@google.com> Thu Dec 11 14:08:48 2014 -0700
committer Shawn Willden <swillden@google.com> Mon Feb 02 15:55:57 2015 -0700
tree e8815560c4fde740db03e56c1aebb518e46273ea
parent 5b53c999edcd819ab2e5318bfd4589bc969fcbcc

Add AES OCB decryption.

Also, refactor to extract functionality that will be common to all AEAD modes.

Change-Id: I4bcf12c9d2d464ab1af559c69031904ffae45e25

aes_key.cpp

diff --git a/aes_key.cpp b/aes_key.cpp
index 5bd1f8a..4ea13e5 100644
--- a/aes_key.cpp
+++ b/aes_key.cpp
@@ -64,7 +64,7 @@
         return NULL;
     }
 
-    // Check required for some modes.
+    // Mac required for some modes.
     uint32_t mac_length;
     if (mac_length_required(block_mode)) {
         if (!authorizations.GetTagValue(TAG_MAC_LENGTH, &mac_length) ||
@@ -102,9 +102,9 @@
         switch (purpose) {
         case KM_PURPOSE_SIGN:
         case KM_PURPOSE_VERIFY:
-            if (block_mode < KM_MODE_FIRST_AUTHENTICATED) {
-                logger.error("Only MACing or authenticated modes are supported for signing and "
-                             "verification purposes.");
+            if (block_mode < KM_MODE_FIRST_MAC) {
+                logger.error("Only MACing modes are supported for signing and verification "
+                             "purposes.");
                 return false;
             }
             break;
@@ -182,8 +182,9 @@
     Operation* op = NULL;
     switch (purpose) {
     case KM_PURPOSE_ENCRYPT:
-        op = new AesOcbEncryptOperation(logger_, key_data_, key_data_size_, chunk_length,
-                                        tag_length, additional_data);
+    case KM_PURPOSE_DECRYPT:
+        op = new AesOcbOperation(purpose, logger_, key_data_, key_data_size_, chunk_length,
+                                 tag_length, additional_data);
         break;
     default:
         *error = KM_ERROR_UNSUPPORTED_PURPOSE;