GRPC Core  18.0.0
Data Structures | Functions | Variables
aes_gcm.cc File Reference
#include <grpc/support/port_platform.h>
#include "src/core/tsi/alts/crypt/gsec.h"
#include <openssl/bio.h>
#include <openssl/buffer.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <string.h>
#include <grpc/support/alloc.h>

Data Structures

struct  gsec_aes_gcm_aead_rekey_data
 
struct  gsec_aes_gcm_aead_crypter
 

Functions

grpc_status_code gsec_aes_gcm_aead_crypter_create (const uint8_t *key, size_t key_length, size_t nonce_length, size_t tag_length, bool rekey, gsec_aead_crypter **crypter, char **error_details)
 This method creates an AEAD crypter instance of AES-GCM encryption scheme which supports 16 and 32 bytes long keys, 12 and 16 bytes long nonces, and 16 bytes long tags. More...
 

Variables

constexpr size_t kKdfKeyLen = 32
 
constexpr size_t kKdfCounterLen = 6
 
constexpr size_t kKdfCounterOffset = 2
 
constexpr size_t kRekeyAeadKeyLen = kAes128GcmKeyLength
 

Function Documentation

◆ gsec_aes_gcm_aead_crypter_create()

grpc_status_code gsec_aes_gcm_aead_crypter_create ( const uint8_t *  key,
size_t  key_length,
size_t  nonce_length,
size_t  tag_length,
bool  rekey,
gsec_aead_crypter **  crypter,
char **  error_details 
)

This method creates an AEAD crypter instance of AES-GCM encryption scheme which supports 16 and 32 bytes long keys, 12 and 16 bytes long nonces, and 16 bytes long tags.

It should be noted that once the lengths of key, nonce, and tag are determined at construction time, they cannot be modified later.

  • key: buffer containing a key which is binded with AEAD crypter instance.
  • key_length: length of a key in bytes, which should be 44 if rekeying is enabled and 16 or 32 otherwise.
  • nonce_length: length of a nonce in bytes, which should be either 12 or 16.
  • tag_length: length of a tag in bytes, which should be always 16.
  • rekey: enable nonce-based rekeying and nonce-masking.
  • crypter: address of AES_GCM crypter instance returned from the method.
  • error_details: a buffer containing an error message if the method does not function correctly. It is legal to pass nullptr into error_details, and otherwise, the parameter should be freed with gpr_free.

On success of instance creation, it stores the address of instance at crypter. Otherwise, it returns an error status code together with its details specified in error_details.

Variable Documentation

◆ kKdfCounterLen

constexpr size_t kKdfCounterLen = 6
constexpr

◆ kKdfCounterOffset

constexpr size_t kKdfCounterOffset = 2
constexpr

◆ kKdfKeyLen

constexpr size_t kKdfKeyLen = 32
constexpr

◆ kRekeyAeadKeyLen

constexpr size_t kRekeyAeadKeyLen = kAes128GcmKeyLength
constexpr