alts_unseal_privacy_integrity_crypter.cc

Go to the documentation of this file.

/*
 *
 * Copyright 2018 gRPC authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */
 
#include <grpc/support/port_platform.h>
 
#include <grpc/support/alloc.h>
 
#include "src/core/tsi/alts/frame_protector/alts_counter.h"
#include "src/core/tsi/alts/frame_protector/alts_crypter.h"
#include "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h"
 
static void maybe_copy_error_msg(const char* src, char** dst) {
  if (dst != nullptr && src != nullptr) {
    *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1));
    memcpy(*dst, src, strlen(src) + 1);
  }
}
 
/* Perform input santity check. */
static grpc_status_code unseal_check(alts_crypter* c, const unsigned char* data,
                                     size_t /*data_allocated_size*/,
                                     size_t data_size, size_t* output_size,
                                     char** error_details) {
  /* Do common input sanity check. */
  grpc_status_code status = input_sanity_check(
      reinterpret_cast<const alts_record_protocol_crypter*>(c), data,
      output_size, error_details);
  if (status != GRPC_STATUS_OK) {
    return status;
  }
  /* Do unseal-specific input check. */
  size_t num_overhead_bytes =
      alts_crypter_num_overhead_bytes(reinterpret_cast<const alts_crypter*>(c));
  if (num_overhead_bytes > data_size) {
    const char error_msg[] = "data_size is smaller than num_overhead_bytes.";
    maybe_copy_error_msg(error_msg, error_details);
    return GRPC_STATUS_INVALID_ARGUMENT;
  }
  return GRPC_STATUS_OK;
}
 
static grpc_status_code alts_unseal_crypter_process_in_place(
    alts_crypter* c, unsigned char* data, size_t data_allocated_size,
    size_t data_size, size_t* output_size, char** error_details) {
  grpc_status_code status = unseal_check(c, data, data_allocated_size,
                                         data_size, output_size, error_details);
  if (status != GRPC_STATUS_OK) {
    return status;
  }
  /* Do AEAD decryption. */
  alts_record_protocol_crypter* rp_crypter =
      reinterpret_cast<alts_record_protocol_crypter*>(c);
  status = gsec_aead_crypter_decrypt(
      rp_crypter->crypter, alts_counter_get_counter(rp_crypter->ctr),
      alts_counter_get_size(rp_crypter->ctr), nullptr /* aad */,
      0 /* aad_length */, data, data_size, data, data_allocated_size,
      output_size, error_details);
  if (status != GRPC_STATUS_OK) {
    return status;
  }
  /* Increment the crypter counter. */
  return increment_counter(rp_crypter, error_details);
}
 
static const alts_crypter_vtable vtable = {
    alts_record_protocol_crypter_num_overhead_bytes,
    alts_unseal_crypter_process_in_place,
    alts_record_protocol_crypter_destruct};
 
grpc_status_code alts_unseal_crypter_create(gsec_aead_crypter* gc,
                                            bool is_client,
                                            size_t overflow_size,
                                            alts_crypter** crypter,
                                            char** error_details) {
  if (crypter == nullptr) {
    const char error_msg[] = "crypter is nullptr.";
    maybe_copy_error_msg(error_msg, error_details);
    return GRPC_STATUS_FAILED_PRECONDITION;
  }
  alts_record_protocol_crypter* rp_crypter =
      alts_crypter_create_common(gc, is_client, overflow_size, error_details);
  if (rp_crypter == nullptr) {
    return GRPC_STATUS_FAILED_PRECONDITION;
  }
  rp_crypter->base.vtable = &vtable;
  *crypter = &rp_crypter->base;
  return GRPC_STATUS_OK;
}