WIP on crypto.

.gitignore

@@ -9,7 +9,7 @@ Release
 *#
 
 #compiled python files
-.pyc
+*.pyc
 
 #Vagrant stuff
 Vagrantfile

aws-cpp-sdk-core/include/aws/core/VersionConfig.h

@@ -1,16 +1,16 @@
-/*
-  * Copyright 2010-2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-  *
-  * Licensed under the Apache License, Version 2.0 (the "License").
-  * You may not use this file except in compliance with the License.
-  * A copy of the License is located at
-  *
-  *  http://aws.amazon.com/apache2.0
-  *
-  * or in the "license" file accompanying this file. This file is distributed
-  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-  * express or implied. See the License for the specific language governing
-  * permissions and limitations under the License.
-  */
-
-#define AWS_SDK_VERSION_STRING "0.9.6-81-g49849c1"
+/*
+  * Copyright 2010-2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License").
+  * You may not use this file except in compliance with the License.
+  * A copy of the License is located at
+  *
+  *  http://aws.amazon.com/apache2.0
+  *
+  * or in the "license" file accompanying this file. This file is distributed
+  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+  * express or implied. See the License for the specific language governing
+  * permissions and limitations under the License.
+  */
+
+#define AWS_SDK_VERSION_STRING "0.9.6-85-g932b44b"

aws-cpp-sdk-core/include/aws/core/utils/crypto/Cipher.h

@@ -0,0 +1,53 @@
+/*
+* Copyright 2010-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License").
+* You may not use this file except in compliance with the License.
+* A copy of the License is located at
+*
+*  http://aws.amazon.com/apache2.0
+*
+* or in the "license" file accompanying this file. This file is distributed
+* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+* express or implied. See the License for the specific language governing
+* permissions and limitations under the License.
+*/
+
+#pragma once
+
+#include <aws/core/utils/Array.h>
+#include <aws/core/utils/memory/stl/AWSStreamFwd.h>
+
+namespace Aws
+{
+    namespace Utils
+    {
+        namespace Crypto
+        {
+            /**
+             * Interface for encryption and decryption providers. An instance of this class is good for exactly one encryption or decryption run.
+             * It should not be used to encrypt or decrypt multiple messages.
+             */
+            class Cipher
+            {
+            public:
+                virtual ~Cipher() = default;
+                /**
+                 * Encrypt a buffer of data. Part of the contract for this interface is that intention that 
+                 * a user call this function multiple times for a large stream. As such, it is expected that this function
+                 * will mutate initialization vectors and other state involved in the encryption process, mutliple calls to this function
+                 * on the same instance should produce valid sequential output for an encrypted stream.
+                 */
+                virtual ByteBuffer Encrypt( const ByteBuffer& unEncryptedData) = 0;
+
+                /**
+                * Decrypt a buffer of data. Part of the contract for this interface is that intention that
+                * a user call this function multiple times for a large stream. As such, it is expected that this function
+                * will mutate initialization vectors and other state involved in the decryption process, mutliple calls to this function
+                * on the same instance should produce valid sequential output from an encrypted stream.
+                */
+                virtual ByteBuffer Decrypt(const ByteBuffer& encryptedData) = 0;               
+            };
+        }
+    }
+}

aws-cpp-sdk-core/include/aws/core/utils/crypto/bcrypt/CryptoImpl.h

@@ -18,6 +18,7 @@
 #include <aws/core/Core_EXPORTS.h>
 #include <aws/core/utils/crypto/Hash.h>
 #include <aws/core/utils/crypto/HMAC.h>
+#include <aws/core/utils/crypto/Cipher.h>
 #include <mutex>
 
 #ifdef AWS_SDK_PLATFORM_WINDOWS
@@ -149,10 +150,83 @@ namespace Aws
                 virtual HashResult Calculate(const ByteBuffer& toSign, const ByteBuffer& secret) override;
 
             private:
-
                 BCryptHashImpl m_impl;
             };
 
+            /** RAII class for persistent data (can be reused across cipher calculations) used in Windows cryptographic implementations
+            *  If a mutex-free implementation is desired then this data won't be reusable like this
+            */
+            class BCryptCipherProvider
+            {
+            public:
+                /**
+                * Inititializes Windows Crypto APIs and gets the instance ready to perform crypto calculations.
+                * algorithmName is one of the values described here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa375534(v=vs.85).aspx
+                */
+                BCryptCipherProvider(LPCWSTR algorithmName, LPCWSTR chainingMode);
+                virtual ~BCryptCipherProvider();                 
+
+            private:
+                BCRYPT_ALG_HANDLE m_algHandle;
+                DWORD m_keyObjectSize;
+                DWORD m_blockSize;
+                bool m_isObjValid;
+
+            friend class BCryptSymetricCipher;
+            };
+
+            /**
+             * Encryptor/Decrypto for AES in CBC mode. Can be used with an initialization vector or without.
+             */
+            class BCryptSymetricCipher : public Cipher
+            {
+            public:                
+                ~BCryptSymetricCipher();
+
+                BCryptSymetricCipher(const BCryptSymetricCipher&) = delete;
+                BCryptSymetricCipher& operator=(const BCryptSymetricCipher&) = delete;               
+
+                ByteBuffer Encrypt(const ByteBuffer& unEncryptedData) override;
+                ByteBuffer Decrypt(const ByteBuffer& encryptedData) override;
+
+                /*
+                 * This call is not cheap. Don't make it often. The intention is that a user call this once for the lifetime of the application needing and AES_CBC cipher
+                 * then pass the pointer to the constructor for the constructor of this class.
+                 */
+                static std::shared_ptr<BCryptCipherProvider> CreateBCrypt_AES_CBC_CipherProvider();
+
+                static std::shared_ptr<BCryptSymetricCipher> CreateBCrypt_AES_CBC_Cipher(const std::shared_ptr<BCryptCipherProvider>& provider, const ByteBuffer& key);
+                static std::shared_ptr<BCryptSymetricCipher> CreateBCrypt_AES_CBC_Cipher(const std::shared_ptr<BCryptCipherProvider>& provider, ByteBuffer&& key);
+                static std::shared_ptr<BCryptSymetricCipher> CreateBCrypt_AES_CBC_Cipher(const std::shared_ptr<BCryptCipherProvider>& provider, const ByteBuffer& key, const ByteBuffer& iv);
+                static std::shared_ptr<BCryptSymetricCipher> CreateBCrypt_AES_CBC_Cipher(const std::shared_ptr<BCryptCipherProvider>& provider, ByteBuffer&& key, const ByteBuffer& iv);
+                static std::shared_ptr<BCryptSymetricCipher> CreateBCrypt_AES_CBC_Cipher(const std::shared_ptr<BCryptCipherProvider>& provider, ByteBuffer&& key, ByteBuffer&& iv);
+
+                /*
+                * This call is not cheap. Don't make it often. The intention is that a user call this once for the lifetime of the application needing and AES_CBC cipher
+                * then pass the pointer to the constructor for the constructor of this class.
+                */
+                static std::shared_ptr<BCryptCipherProvider> CreateBCrypt_AES_GCM_CipherProvider();
+
+                static std::shared_ptr<BCryptSymetricCipher> CreateBCrypt_AES_GCM_Cipher(const std::shared_ptr<BCryptCipherProvider>& provider, const ByteBuffer& key);
+                static std::shared_ptr<BCryptSymetricCipher> CreateBCrypt_AES_GCM_Cipher(const std::shared_ptr<BCryptCipherProvider>& provider, ByteBuffer&& key);
+                static std::shared_ptr<BCryptSymetricCipher> CreateBCrypt_AES_GCM_Cipher(const std::shared_ptr<BCryptCipherProvider>& provider, const ByteBuffer& key, const ByteBuffer& iv);
+                static std::shared_ptr<BCryptSymetricCipher> CreateBCrypt_AES_GCM_Cipher(const std::shared_ptr<BCryptCipherProvider>& provider, ByteBuffer&& key, const ByteBuffer& iv);
+                static std::shared_ptr<BCryptSymetricCipher> CreateBCrypt_AES_GCM_Cipher(const std::shared_ptr<BCryptCipherProvider>& provider, ByteBuffer&& key, ByteBuffer&& iv);
+
+            private:
+                std::shared_ptr<BCryptCipherProvider> m_cipherProvider;
+                BCRYPT_KEY_HANDLE m_keyHandle;
+                ByteBuffer m_symKey;
+                ByteBuffer m_iv;
+                unsigned long m_flags;
+
+                BCryptSymetricCipher(const std::shared_ptr<BCryptCipherProvider>& ciperProvider, const ByteBuffer& key, unsigned long flags);
+                BCryptSymetricCipher(const std::shared_ptr<BCryptCipherProvider>& ciperProvider, ByteBuffer&& key, unsigned long flags);
+                BCryptSymetricCipher(const std::shared_ptr<BCryptCipherProvider>& ciperProvider, const ByteBuffer& key, const ByteBuffer& iv, unsigned long flags);
+                BCryptSymetricCipher(const std::shared_ptr<BCryptCipherProvider>& ciperProvider, ByteBuffer&& key, const ByteBuffer& iv, unsigned long flags);
+                BCryptSymetricCipher(const std::shared_ptr<BCryptCipherProvider>& ciperProvider, ByteBuffer&& key, ByteBuffer&& iv, unsigned long flags);
+                void Init(const ByteBuffer& key);
+            };           
         } // namespace Crypto
     } // namespace Utils
 } // namespace Aws