#include <gsec.h>
Public Attributes | |
| grpc_status_code(* | decrypt_iovec )(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *ciphertext_vec, size_t ciphertext_vec_length, struct iovec plaintext_vec, size_t *plaintext_bytes_written, char **error_details) |
| void(* | destruct )(gsec_aead_crypter *crypter) |
| grpc_status_code(* | encrypt_iovec )(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *plaintext_vec, size_t plaintext_vec_length, struct iovec ciphertext_vec, size_t *ciphertext_bytes_written, char **error_details) |
| grpc_status_code(* | key_length )(const gsec_aead_crypter *crypter, size_t *key_length_to_return, char **error_details) |
| grpc_status_code(* | max_ciphertext_and_tag_length )(const gsec_aead_crypter *crypter, size_t plaintext_length, size_t *max_ciphertext_and_tag_length_to_return, char **error_details) |
| grpc_status_code(* | max_plaintext_length )(const gsec_aead_crypter *crypter, size_t ciphertext_and_tag_length, size_t *max_plaintext_length_to_return, char **error_details) |
| grpc_status_code(* | nonce_length )(const gsec_aead_crypter *crypter, size_t *nonce_length_to_return, char **error_details) |
| grpc_status_code(* | tag_length )(const gsec_aead_crypter *crypter, size_t *tag_length_to_return, char **error_details) |
The gsec_aead_crypter is an API for different AEAD implementations such as AES_GCM. It encapsulates all AEAD-related operations in the format of V-table that stores pointers to functions implementing those operations. It also provides helper functions to wrap each of those function pointers.
A typical usage of this object would be:
// Declare a gsec_aead_crypter object, and create and assign an instance // of specific AEAD implementation e.g., AES_GCM to it. We assume both // key and nonce contain cryptographically secure random bytes, and the key // can be derived from an upper-layer application. gsec_aead_crypter* crypter; char* error_in_creation; // User can populate the message with any 100 bytes data. uint8_t* message = gpr_malloc(100); grpc_status_code creation_status = gsec_aes_gcm_aead_crypter_create(key, kAes128GcmKeyLength, kAesGcmNonceLength, kAesGcmTagLength, &crypter, false, 0 &error_in_creation);
if (creation_status == GRPC_STATUS_OK) { // Allocate a correct amount of memory to hold a ciphertext. size_t clength = 0; gsec_aead_crypter_max_ciphertext_and_tag_length(crypter, 100, &clength, nullptr); uint8_t* ciphertext = gpr_malloc(clength);
// Perform encryption size_t num_encrypted_bytes = 0; char* error_in_encryption = nullptr; grpc_status_code status = gsec_aead_crypter_encrypt(crypter, nonce, kAesGcmNonceLength, nullptr, 0, message, 100, ciphertext, clength, &num_encrypted_bytes, &error_in_encryption); if (status == GRPC_STATUS_OK) { // Allocate a correct amount of memory to hold a plaintext. size_t plength = 0; gsec_aead_crypter_max_plaintext_length(crypter, num_encrypted_bytes, &plength, nullptr); uint8_t* plaintext = gpr_malloc(plength);
// Perform decryption. size_t num_decrypted_bytes = 0; char* error_in_decryption = nullptr; status = gsec_aead_crypter_decrypt(crypter, nonce, kAesGcmNonceLength, nullptr, 0, ciphertext, num_encrypted_bytes, plaintext, plength, &num_decrypted_bytes, &error_in_decryption); if (status != GRPC_STATUS_OK) { fprintf(stderr, "AEAD decrypt operation failed with error code:" "%d, message: %s\n", status, error_in_decryption); } ... gpr_free(plaintext); gpr_free(error_in_decryption); } else { fprintf(stderr, "AEAD encrypt operation failed with error code:" "%d, message: %s\n", status, error_in_encryption); } ... gpr_free(ciphertext); gpr_free(error_in_encryption); } else { fprintf(stderr, "Creation of AEAD crypter instance failed with error code:" "%d, message: %s\n", creation_status, error_in_creation); }
// Destruct AEAD crypter instance. if (creation_status == GRPC_STATUS_OK) { gsec_aead_crypter_destroy(crypter); } gpr_free(error_in_creation);
| grpc_status_code(* gsec_aead_crypter_vtable::decrypt_iovec) (gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *ciphertext_vec, size_t ciphertext_vec_length, struct iovec plaintext_vec, size_t *plaintext_bytes_written, char **error_details) |
| void(* gsec_aead_crypter_vtable::destruct) (gsec_aead_crypter *crypter) |
| grpc_status_code(* gsec_aead_crypter_vtable::encrypt_iovec) (gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *plaintext_vec, size_t plaintext_vec_length, struct iovec ciphertext_vec, size_t *ciphertext_bytes_written, char **error_details) |
| grpc_status_code(* gsec_aead_crypter_vtable::key_length) (const gsec_aead_crypter *crypter, size_t *key_length_to_return, char **error_details) |
| grpc_status_code(* gsec_aead_crypter_vtable::max_ciphertext_and_tag_length) (const gsec_aead_crypter *crypter, size_t plaintext_length, size_t *max_ciphertext_and_tag_length_to_return, char **error_details) |
| grpc_status_code(* gsec_aead_crypter_vtable::max_plaintext_length) (const gsec_aead_crypter *crypter, size_t ciphertext_and_tag_length, size_t *max_plaintext_length_to_return, char **error_details) |
| grpc_status_code(* gsec_aead_crypter_vtable::nonce_length) (const gsec_aead_crypter *crypter, size_t *nonce_length_to_return, char **error_details) |
| grpc_status_code(* gsec_aead_crypter_vtable::tag_length) (const gsec_aead_crypter *crypter, size_t *tag_length_to_return, char **error_details) |