GRPC Core  9.0.0
gsec.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2018 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H
20 #define GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H
21 
23 
24 #include <assert.h>
25 #include <stdint.h>
26 #include <stdlib.h>
27 
28 #include <grpc/grpc.h>
29 
30 struct iovec {
31  void* iov_base;
32  size_t iov_len;
33 };
34 
41 /* Key, nonce, and tag length in bytes */
42 const size_t kAesGcmNonceLength = 12;
43 const size_t kAesGcmTagLength = 16;
44 const size_t kAes128GcmKeyLength = 16;
45 const size_t kAes256GcmKeyLength = 32;
46 
47 // The first 32 bytes are used as a KDF key and the remaining 12 bytes are used
48 // to mask the nonce.
49 const size_t kAes128GcmRekeyKeyLength = 44;
50 
52 
140 /* V-table for gsec AEAD operations */
141 typedef struct gsec_aead_crypter_vtable {
143  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
144  const struct iovec* aad_vec, size_t aad_vec_length,
145  const struct iovec* plaintext_vec, size_t plaintext_vec_length,
146  struct iovec ciphertext_vec, size_t* ciphertext_bytes_written,
147  char** error_details);
149  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
150  const struct iovec* aad_vec, size_t aad_vec_length,
151  const struct iovec* ciphertext_vec, size_t ciphertext_vec_length,
152  struct iovec plaintext_vec, size_t* plaintext_bytes_written,
153  char** error_details);
155  const gsec_aead_crypter* crypter, size_t plaintext_length,
156  size_t* max_ciphertext_and_tag_length_to_return, char** error_details);
158  const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length,
159  size_t* max_plaintext_length_to_return, char** error_details);
161  size_t* nonce_length_to_return,
162  char** error_details);
164  size_t* key_length_to_return,
165  char** error_details);
167  size_t* tag_length_to_return,
168  char** error_details);
169  void (*destruct)(gsec_aead_crypter* crypter);
171 
172 /* Main struct for gsec interface */
175 };
176 
211  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
212  const uint8_t* aad, size_t aad_length, const uint8_t* plaintext,
213  size_t plaintext_length, uint8_t* ciphertext_and_tag,
214  size_t ciphertext_and_tag_length, size_t* bytes_written,
215  char** error_details);
216 
244  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
245  const struct iovec* aad_vec, size_t aad_vec_length,
246  const struct iovec* plaintext_vec, size_t plaintext_vec_length,
247  struct iovec ciphertext_vec, size_t* ciphertext_bytes_written,
248  char** error_details);
249 
282  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
283  const uint8_t* aad, size_t aad_length, const uint8_t* ciphertext_and_tag,
284  size_t ciphertext_and_tag_length, uint8_t* plaintext,
285  size_t plaintext_length, size_t* bytes_written, char** error_details);
286 
312  gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
313  const struct iovec* aad_vec, size_t aad_vec_length,
314  const struct iovec* ciphertext_vec, size_t ciphertext_vec_length,
315  struct iovec plaintext_vec, size_t* plaintext_bytes_written,
316  char** error_details);
317 
337  const gsec_aead_crypter* crypter, size_t plaintext_length,
338  size_t* max_ciphertext_and_tag_length_to_return, char** error_details);
339 
359  const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length,
360  size_t* max_plaintext_length_to_return, char** error_details);
361 
378  const gsec_aead_crypter* crypter, size_t* nonce_length_to_return,
379  char** error_details);
380 
397  size_t* key_length_to_return,
398  char** error_details);
415  size_t* tag_length_to_return,
416  char** error_details);
417 
425 
448  size_t key_length,
449  size_t nonce_length,
450  size_t tag_length, bool rekey,
451  gsec_aead_crypter** crypter,
452  char** error_details);
453 
454 #endif /* GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H */
size_t iov_len
Definition: gsec.h:32
grpc_status_code(* nonce_length)(const gsec_aead_crypter *crypter, size_t *nonce_length_to_return, char **error_details)
Definition: gsec.h:160
grpc_status_code gsec_aead_crypter_nonce_length(const gsec_aead_crypter *crypter, size_t *nonce_length_to_return, char **error_details)
This method returns a valid size of nonce array used at the construction of AEAD crypter instance...
Definition: gsec.cc:143
void * iov_base
Definition: gsec.h:31
grpc_status_code gsec_aes_gcm_aead_crypter_create(const uint8_t *key, size_t key_length, size_t nonce_length, size_t tag_length, bool rekey, gsec_aead_crypter **crypter, char **error_details)
This method creates an AEAD crypter instance of AES-GCM encryption scheme which supports 16 and 32 by...
Definition: aes_gcm.cc:632
const size_t kAes128GcmKeyLength
Definition: gsec.h:44
The gsec_aead_crypter is an API for different AEAD implementations such as AES_GCM.
Definition: gsec.h:141
const size_t kAes128GcmRekeyKeyLength
Definition: gsec.h:49
grpc_status_code(* tag_length)(const gsec_aead_crypter *crypter, size_t *tag_length_to_return, char **error_details)
Definition: gsec.h:166
const struct gsec_aead_crypter_vtable * vtable
Definition: gsec.h:174
void(* destruct)(gsec_aead_crypter *crypter)
Definition: gsec.h:169
grpc_status_code gsec_aead_crypter_encrypt(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const uint8_t *aad, size_t aad_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext_and_tag, size_t ciphertext_and_tag_length, size_t *bytes_written, char **error_details)
This method performs an AEAD encrypt operation.
Definition: gsec.cc:38
grpc_status_code gsec_aead_crypter_max_ciphertext_and_tag_length(const gsec_aead_crypter *crypter, size_t plaintext_length, size_t *max_ciphertext_and_tag_length_to_return, char **error_details)
This method computes the size of ciphertext+tag buffer that must be passed to gsec_aead_crypter_encry...
Definition: gsec.cc:115
const size_t kAes256GcmKeyLength
Definition: gsec.h:45
struct gsec_aead_crypter_vtable gsec_aead_crypter_vtable
The gsec_aead_crypter is an API for different AEAD implementations such as AES_GCM.
const size_t kAesGcmTagLength
Definition: gsec.h:43
grpc_status_code gsec_aead_crypter_key_length(const gsec_aead_crypter *crypter, size_t *key_length_to_return, char **error_details)
This method returns a valid size of key array used at the construction of AEAD crypter instance...
Definition: gsec.cc:156
grpc_status_code gsec_aead_crypter_tag_length(const gsec_aead_crypter *crypter, size_t *tag_length_to_return, char **error_details)
This method returns a valid size of tag array used at the construction of AEAD crypter instance...
Definition: gsec.cc:169
grpc_status_code(* key_length)(const gsec_aead_crypter *crypter, size_t *key_length_to_return, char **error_details)
Definition: gsec.h:163
grpc_status_code gsec_aead_crypter_encrypt_iovec(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *plaintext_vec, size_t plaintext_vec_length, struct iovec ciphertext_vec, size_t *ciphertext_bytes_written, char **error_details)
This method performs an AEAD encrypt operation.
Definition: gsec.cc:59
Definition: gsec.h:30
Definition: gsec.h:173
grpc_status_code(* encrypt_iovec)(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *plaintext_vec, size_t plaintext_vec_length, struct iovec ciphertext_vec, size_t *ciphertext_bytes_written, char **error_details)
Definition: gsec.h:142
grpc_status_code gsec_aead_crypter_max_plaintext_length(const gsec_aead_crypter *crypter, size_t ciphertext_and_tag_length, size_t *max_plaintext_length_to_return, char **error_details)
This method computes the size of plaintext buffer that must be passed to gsec_aead_crypter_decrypt fu...
Definition: gsec.cc:129
grpc_status_code gsec_aead_crypter_decrypt(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const uint8_t *aad, size_t aad_length, const uint8_t *ciphertext_and_tag, size_t ciphertext_and_tag_length, uint8_t *plaintext, size_t plaintext_length, size_t *bytes_written, char **error_details)
This method performs an AEAD decrypt operation.
Definition: gsec.cc:77
grpc_status_code(* decrypt_iovec)(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *ciphertext_vec, size_t ciphertext_vec_length, struct iovec plaintext_vec, size_t *plaintext_bytes_written, char **error_details)
Definition: gsec.h:148
const size_t kAesGcmNonceLength
A gsec interface for AEAD encryption schemes.
Definition: gsec.h:42
grpc_status_code(* max_ciphertext_and_tag_length)(const gsec_aead_crypter *crypter, size_t plaintext_length, size_t *max_ciphertext_and_tag_length_to_return, char **error_details)
Definition: gsec.h:154
grpc_status_code
Definition: status.h:26
grpc_status_code(* max_plaintext_length)(const gsec_aead_crypter *crypter, size_t ciphertext_and_tag_length, size_t *max_plaintext_length_to_return, char **error_details)
Definition: gsec.h:157
void gsec_aead_crypter_destroy(gsec_aead_crypter *crypter)
This method destroys an AEAD crypter instance by de-allocating all of its occupied memory...
Definition: gsec.cc:182
grpc_status_code gsec_aead_crypter_decrypt_iovec(gsec_aead_crypter *crypter, const uint8_t *nonce, size_t nonce_length, const struct iovec *aad_vec, size_t aad_vec_length, const struct iovec *ciphertext_vec, size_t ciphertext_vec_length, struct iovec plaintext_vec, size_t *plaintext_bytes_written, char **error_details)
This method performs an AEAD decrypt operation.
Definition: gsec.cc:97