GRPC C++  1.39.1
gsec.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2018 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H
20 #define GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H
21 
23 
24 #include <grpc/event_engine/port.h>
25 
26 #include <assert.h>
27 #include <stdint.h>
28 #include <stdlib.h>
29 
30 #include <grpc/grpc.h>
31 
32 #ifndef _STRUCT_IOVEC
33 #ifndef GRPC_EVENT_ENGINE_POSIX
34 struct iovec {
35  void* iov_base;
36  size_t iov_len;
37 };
38 #endif // GRPC_EVENT_ENGINE_POSIX
39 #endif // _STRUCT_IOVEC
40 
47 /* Key, nonce, and tag length in bytes */
48 const size_t kAesGcmNonceLength = 12;
49 const size_t kAesGcmTagLength = 16;
50 const size_t kAes128GcmKeyLength = 16;
51 const size_t kAes256GcmKeyLength = 32;
52 
53 // The first 32 bytes are used as a KDF key and the remaining 12 bytes are used
54 // to mask the nonce.
55 const size_t kAes128GcmRekeyKeyLength = 44;
56 
58 
146 /* V-table for gsec AEAD operations */
147 typedef struct gsec_aead_crypter_vtable {
149  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
150  const struct iovec* aad_vec, size_t aad_vec_length,
151  const struct iovec* plaintext_vec, size_t plaintext_vec_length,
152  struct iovec ciphertext_vec, size_t* ciphertext_bytes_written,
153  char** error_details);
155  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
156  const struct iovec* aad_vec, size_t aad_vec_length,
157  const struct iovec* ciphertext_vec, size_t ciphertext_vec_length,
158  struct iovec plaintext_vec, size_t* plaintext_bytes_written,
159  char** error_details);
161  const gsec_aead_crypter* crypter, size_t plaintext_length,
162  size_t* max_ciphertext_and_tag_length_to_return, char** error_details);
164  const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length,
165  size_t* max_plaintext_length_to_return, char** error_details);
167  size_t* nonce_length_to_return,
168  char** error_details);
170  size_t* key_length_to_return,
171  char** error_details);
173  size_t* tag_length_to_return,
174  char** error_details);
175  void (*destruct)(gsec_aead_crypter* crypter);
177 
178 /* Main struct for gsec interface */
181 };
182 
217  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
218  const uint8_t* aad, size_t aad_length, const uint8_t* plaintext,
219  size_t plaintext_length, uint8_t* ciphertext_and_tag,
220  size_t ciphertext_and_tag_length, size_t* bytes_written,
221  char** error_details);
222 
250  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
251  const struct iovec* aad_vec, size_t aad_vec_length,
252  const struct iovec* plaintext_vec, size_t plaintext_vec_length,
253  struct iovec ciphertext_vec, size_t* ciphertext_bytes_written,
254  char** error_details);
255 
288  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
289  const uint8_t* aad, size_t aad_length, const uint8_t* ciphertext_and_tag,
290  size_t ciphertext_and_tag_length, uint8_t* plaintext,
291  size_t plaintext_length, size_t* bytes_written, char** error_details);
292 
318  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
319  const struct iovec* aad_vec, size_t aad_vec_length,
320  const struct iovec* ciphertext_vec, size_t ciphertext_vec_length,
321  struct iovec plaintext_vec, size_t* plaintext_bytes_written,
322  char** error_details);
323 
343  const gsec_aead_crypter* crypter, size_t plaintext_length,
344  size_t* max_ciphertext_and_tag_length_to_return, char** error_details);
345 
365  const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length,
366  size_t* max_plaintext_length_to_return, char** error_details);
367 
384  const gsec_aead_crypter* crypter, size_t* nonce_length_to_return,
385  char** error_details);
386 
403  size_t* key_length_to_return,
404  char** error_details);
421  size_t* tag_length_to_return,
422  char** error_details);
423 
431 
454  size_t key_length,
455  size_t nonce_length,
456  size_t tag_length, bool rekey,
457  gsec_aead_crypter** crypter,
458  char** error_details);
459 
460 #endif /* GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H */
grpc_status_code
Definition: status.h:26
grpc_status_code gsec_aead_crypter_decrypt(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const uint8_t *aad, size_t aad_length, const uint8_t *ciphertext_and_tag, size_t ciphertext_and_tag_length, uint8_t *plaintext, size_t plaintext_length, size_t *bytes_written, char **error_details)
This method performs an AEAD decrypt operation.
Definition: gsec.cc:78
grpc_status_code gsec_aead_crypter_key_length(const gsec_aead_crypter *crypter, size_t *key_length_to_return, char **error_details)
This method returns a valid size of key array used at the construction of AEAD crypter instance.
Definition: gsec.cc:157
grpc_status_code gsec_aead_crypter_max_ciphertext_and_tag_length(const gsec_aead_crypter *crypter, size_t plaintext_length, size_t *max_ciphertext_and_tag_length_to_return, char **error_details)
This method computes the size of ciphertext+tag buffer that must be passed to gsec_aead_crypter_encry...
Definition: gsec.cc:116
grpc_status_code gsec_aead_crypter_decrypt_iovec(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *ciphertext_vec, size_t ciphertext_vec_length, struct iovec plaintext_vec, size_t *plaintext_bytes_written, char **error_details)
This method performs an AEAD decrypt operation.
Definition: gsec.cc:98
const size_t kAes128GcmRekeyKeyLength
Definition: gsec.h:55
grpc_status_code gsec_aead_crypter_encrypt_iovec(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *plaintext_vec, size_t plaintext_vec_length, struct iovec ciphertext_vec, size_t *ciphertext_bytes_written, char **error_details)
This method performs an AEAD encrypt operation.
Definition: gsec.cc:60
struct gsec_aead_crypter_vtable gsec_aead_crypter_vtable
The gsec_aead_crypter is an API for different AEAD implementations such as AES_GCM.
grpc_status_code gsec_aead_crypter_nonce_length(const gsec_aead_crypter *crypter, size_t *nonce_length_to_return, char **error_details)
This method returns a valid size of nonce array used at the construction of AEAD crypter instance.
Definition: gsec.cc:144
const size_t kAesGcmTagLength
Definition: gsec.h:49
grpc_status_code gsec_aes_gcm_aead_crypter_create(const uint8_t *key, size_t key_length, size_t nonce_length, size_t tag_length, bool rekey, gsec_aead_crypter **crypter, char **error_details)
This method creates an AEAD crypter instance of AES-GCM encryption scheme which supports 16 and 32 by...
Definition: aes_gcm.cc:630
const size_t kAes256GcmKeyLength
Definition: gsec.h:51
grpc_status_code gsec_aead_crypter_tag_length(const gsec_aead_crypter *crypter, size_t *tag_length_to_return, char **error_details)
This method returns a valid size of tag array used at the construction of AEAD crypter instance.
Definition: gsec.cc:170
const size_t kAes128GcmKeyLength
Definition: gsec.h:50
grpc_status_code gsec_aead_crypter_max_plaintext_length(const gsec_aead_crypter *crypter, size_t ciphertext_and_tag_length, size_t *max_plaintext_length_to_return, char **error_details)
This method computes the size of plaintext buffer that must be passed to gsec_aead_crypter_decrypt fu...
Definition: gsec.cc:130
grpc_status_code gsec_aead_crypter_encrypt(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const uint8_t *aad, size_t aad_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext_and_tag, size_t ciphertext_and_tag_length, size_t *bytes_written, char **error_details)
This method performs an AEAD encrypt operation.
Definition: gsec.cc:38
void gsec_aead_crypter_destroy(gsec_aead_crypter *crypter)
This method destroys an AEAD crypter instance by de-allocating all of its occupied memory.
Definition: gsec.cc:183
const size_t kAesGcmNonceLength
A gsec interface for AEAD encryption schemes.
Definition: gsec.h:48
The gsec_aead_crypter is an API for different AEAD implementations such as AES_GCM.
Definition: gsec.h:147
grpc_status_code(* max_ciphertext_and_tag_length)(const gsec_aead_crypter *crypter, size_t plaintext_length, size_t *max_ciphertext_and_tag_length_to_return, char **error_details)
Definition: gsec.h:160
grpc_status_code(* encrypt_iovec)(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *plaintext_vec, size_t plaintext_vec_length, struct iovec ciphertext_vec, size_t *ciphertext_bytes_written, char **error_details)
Definition: gsec.h:148
grpc_status_code(* nonce_length)(const gsec_aead_crypter *crypter, size_t *nonce_length_to_return, char **error_details)
Definition: gsec.h:166
void(* destruct)(gsec_aead_crypter *crypter)
Definition: gsec.h:175
grpc_status_code(* tag_length)(const gsec_aead_crypter *crypter, size_t *tag_length_to_return, char **error_details)
Definition: gsec.h:172
grpc_status_code(* decrypt_iovec)(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *ciphertext_vec, size_t ciphertext_vec_length, struct iovec plaintext_vec, size_t *plaintext_bytes_written, char **error_details)
Definition: gsec.h:154
grpc_status_code(* max_plaintext_length)(const gsec_aead_crypter *crypter, size_t ciphertext_and_tag_length, size_t *max_plaintext_length_to_return, char **error_details)
Definition: gsec.h:163
grpc_status_code(* key_length)(const gsec_aead_crypter *crypter, size_t *key_length_to_return, char **error_details)
Definition: gsec.h:169
Definition: gsec.h:179
const struct gsec_aead_crypter_vtable * vtable
Definition: gsec.h:180
Definition: gsec.h:34
void * iov_base
Definition: gsec.h:35
size_t iov_len
Definition: gsec.h:36