An AEAD cryptor that provides Seal() and Open() functionality.
More...
#include <aead_cryptor.h>
|
| size_t | MaxMessageSize () const |
| | Gets the maximum size of a message that may be sealed successfully. More...
|
| |
| uint64_t | MaxSealedMessages () const |
| | Gets the maximum number of messages that may be sealed successfully. More...
|
| |
| size_t | MaxSealOverhead () const |
| | Gets the max overhead of Seal(). More...
|
| |
| size_t | NonceSize () const |
| | Gets the nonce size. More...
|
| |
| Status | Seal (ByteContainerView plaintext, ByteContainerView associated_data, absl::Span< uint8_t > nonce, absl::Span< uint8_t > ciphertext, size_t *ciphertext_size) |
| | Implements the AEAD Seal operation. More...
|
| |
| Status | Open (ByteContainerView ciphertext, ByteContainerView associated_data, ByteContainerView nonce, absl::Span< uint8_t > plaintext, size_t *plaintext_size) |
| | Implements the AEAD Open operation. More...
|
| |
An AEAD cryptor that provides Seal() and Open() functionality.
Currently supported configurations:
- AES-GCM-128 and AES-GCM-256 with 96-bit random nonces.
- AES-GCM-SIV-128 and AES-GCM-SIV-256 with 96-bit random nonces. (For information on AES-GCM-SIV see https://cyber.biu.ac.il/aes-gcm-siv/)
◆ CreateAesGcmCryptor()
| static StatusOr<std::unique_ptr<AeadCryptor> > asylo::AeadCryptor::CreateAesGcmCryptor |
( |
ByteContainerView |
key | ) |
|
|
static |
Creates a cryptor that uses AES-GCM for Seal() and Open(), and generates random 96-bit nonces for use in Seal().
- Parameters
-
| key | The underlying key used for encryption and decryption. |
- Returns
- A pointer to the created cryptor, or a non-OK Status if creation failed.
◆ CreateAesGcmSivCryptor()
| static StatusOr<std::unique_ptr<AeadCryptor> > asylo::AeadCryptor::CreateAesGcmSivCryptor |
( |
ByteContainerView |
key | ) |
|
|
static |
Creates a cryptor that uses AES-GCM-SIV for Seal() and Open(), and generates random 96-bit nonces for use in Seal().
- Parameters
-
| key | The underlying key used for encryption and decryption. |
- Returns
- A pointer to the created cryptor, or a non-OK Status if creation failed.
◆ MaxMessageSize() [1/2]
| static StatusOr<size_t> asylo::AeadCryptor::MaxMessageSize |
( |
AeadScheme |
scheme | ) |
|
|
static |
Gets the maximum size of a message that may be sealed successfully with a cryptor that uses scheme.
- Parameters
-
| scheme | The associated AeadScheme. |
- Returns
- The maximum message size that may be sealed successfully, or a non-OK Status if
scheme is unsupported.
◆ MaxMessageSize() [2/2]
| size_t asylo::AeadCryptor::MaxMessageSize |
( |
| ) |
const |
Gets the maximum size of a message that may be sealed successfully.
- Returns
- The maximum message size that this cryptor will seal successfully.
◆ MaxSealedMessages() [1/2]
| static StatusOr<uint64_t> asylo::AeadCryptor::MaxSealedMessages |
( |
AeadScheme |
scheme | ) |
|
|
static |
Gets the maximum number of messages that may be sealed safely with a cryptor that uses scheme.
- Parameters
-
| scheme | The associated AeadScheme. |
- Returns
- The maximum number of messages that may be sealed safely, or a non-OK Status if
scheme is unsupported.
◆ MaxSealedMessages() [2/2]
| uint64_t asylo::AeadCryptor::MaxSealedMessages |
( |
| ) |
const |
Gets the maximum number of messages that may be sealed successfully.
- Returns
- The maximum number of messages that this cryptor will seal successfully.
◆ MaxSealOverhead()
| size_t asylo::AeadCryptor::MaxSealOverhead |
( |
| ) |
const |
Gets the max overhead of Seal().
- Returns
- The maximum space overhead of Seal().
◆ NonceSize()
| size_t asylo::AeadCryptor::NonceSize |
( |
| ) |
const |
Gets the nonce size.
- Returns
- The nonce size.
◆ Open()
| Status asylo::AeadCryptor::Open |
( |
ByteContainerView |
ciphertext, |
|
|
ByteContainerView |
associated_data, |
|
|
ByteContainerView |
nonce, |
|
|
absl::Span< uint8_t > |
plaintext, |
|
|
size_t * |
plaintext_size |
|
) |
| |
Implements the AEAD Open operation.
nonce.size() must be greater than or equal to the value returned by NonceSize(). plaintext is not resized, but its final size is returned through plaintext_size. To ascertain that plaintext is not smaller than is necessary for Open(), plaintext.size() should be greater than or equal to ciphertext.size().
- Parameters
-
| ciphertext | The sealed ciphertext. |
| associated_data | The authenticated data for the Open() operation. |
| nonce | The nonce used to seal the ciphertext. |
| [out] | plaintext | The unsealed ciphertext. |
| [out] | plaintext_size | The size of the plaintext. |
- Returns
- The resulting status of the Open() operation.
◆ Seal()
| Status asylo::AeadCryptor::Seal |
( |
ByteContainerView |
plaintext, |
|
|
ByteContainerView |
associated_data, |
|
|
absl::Span< uint8_t > |
nonce, |
|
|
absl::Span< uint8_t > |
ciphertext, |
|
|
size_t * |
ciphertext_size |
|
) |
| |
Implements the AEAD Seal operation.
The nonce used is returned through nonce and the authenticated ciphertext is written to ciphertext. plaintext.size() must be less than or equal to MaxMessageSize(). nonce.size() must be greater than or equal to the value returned by NonceSize(). ciphertext.size() must be greater than or equal to plaintext.size() + MaxSealOverhead(). ciphertext is not resized, but its final size is returned through ciphertext_size. Seal() will succeed at most MaxSealedMessages() times.
- Parameters
-
| plaintext | The secret that will be sealed. |
| associated_data | The authenticated data for the Seal() operation. |
| [out] | nonce | The generated nonce. |
| [out] | ciphertext | The sealed ciphertext of plaintext. |
| [out] | ciphertext_size | The size of ciphertext. |
- Returns
- The resulting status of the Seal() operation.
The documentation for this class was generated from the following file: