Asylo
Public Member Functions | List of all members
asylo::AesGcmSivCryptor Class Reference

An AEAD cryptor that provides Seal() and Open() functionality using the AES GCM SIV cipher for both 128-bit and 256-bit keys. More...

#include <aes_gcm_siv.h>

Public Member Functions

 AesGcmSivCryptor (size_t message_size_limit, NonceGenerator< kAesGcmSivNonceSize > *nonce_generator)
 Constructs an AES GCM SIV cryptor that enforces the input message_size_limit and utilizes nonce_generator to generate nonces. More...
 
 ~AesGcmSivCryptor ()=default
 
template<typename ContainerT , typename ContainerU , typename ContainerV , typename ContainerW , typename ContainerX >
Status Seal (const ContainerT &key, const ContainerU &additional_data, const ContainerV &plaintext, ContainerW *nonce, ContainerX *ciphertext)
 Implements AEAD Authenticated Encryption (a.k.a. seal) functionality. More...
 
template<typename ContainerT , typename ContainerU , typename ContainerV , typename ContainerW , typename ContainerX >
Status Open (const ContainerT &key, const ContainerU &additional_data, const ContainerV &ciphertext, const ContainerW &nonce, ContainerX *plaintext)
 Implements AEAD Authenticated Decryption (a.k.a. open) functionality. More...
 

Detailed Description

An AEAD cryptor that provides Seal() and Open() functionality using the AES GCM SIV cipher for both 128-bit and 256-bit keys.

The class must be constructed using a pointer to a 96-bit NonceGenerator. If the NonceGenerator is thread-safe, then the constructed object is also thread-safe.

The Seal() and Open() methods provided by this cryptor are template methods that operate on "byte containers." A byte container is a C++ object that meets the following requirements:

A byte container is considered to be resizable if it provides a resize() method.

A byte container of type T is considered to be self-cleansing if T::allocator_type is same as CleansingAllocator<typename T::value_type>.

Constructor & Destructor Documentation

◆ AesGcmSivCryptor()

asylo::AesGcmSivCryptor::AesGcmSivCryptor ( size_t  message_size_limit,
NonceGenerator< kAesGcmSivNonceSize > *  nonce_generator 
)
inline

Constructs an AES GCM SIV cryptor that enforces the input message_size_limit and utilizes nonce_generator to generate nonces.

Parameters
message_size_limitMaximum message size supported by this cryptor.
nonce_generatorA NonceGenerator that is used by the cryptor for generating nonces. The cryptor takes ownership of nonce_generator.

◆ ~AesGcmSivCryptor()

asylo::AesGcmSivCryptor::~AesGcmSivCryptor ( )
default

Member Function Documentation

◆ Open()

template<typename ContainerT , typename ContainerU , typename ContainerV , typename ContainerW , typename ContainerX >
Status asylo::AesGcmSivCryptor::Open ( const ContainerT &  key,
const ContainerU &  additional_data,
const ContainerV &  ciphertext,
const ContainerW &  nonce,
ContainerX *  plaintext 
)
inline

Implements AEAD Authenticated Decryption (a.k.a. open) functionality.

Parameters
keyThe encryption key used by the cryptor. key must be a container with 1-byte value_type.
additional_dataAuthenticated data for the open operation. additional_data must be a container with 1-byte value_type.
ciphertextThe ciphertext to be decrypted. ciphertext must be a container with 1-byte value_type.
nonceNonce used in this open operation. nonce must be a container with 1-byte value_type.
[out]plaintextThe plaintext generated by the authenticated-decryption operation. plaintext must be a resizable, self-cleansing container with 1-byte value_type.
Returns
A non-OK Status if error encountered.

◆ Seal()

template<typename ContainerT , typename ContainerU , typename ContainerV , typename ContainerW , typename ContainerX >
Status asylo::AesGcmSivCryptor::Seal ( const ContainerT &  key,
const ContainerU &  additional_data,
const ContainerV &  plaintext,
ContainerW *  nonce,
ContainerX *  ciphertext 
)
inline

Implements AEAD Authenticated Encryption (a.k.a. seal) functionality.

Parameters
keyThe encryption key used by the cryptor. key must be a container with 1-byte value_type.
additional_dataAuthenticated data for the seal operation. additional_data must be a container with 1-byte value_type.
plaintextThe plaintext to be encrypted. plaintext must be a container with 1-byte value_type.
[out]nonceNonce used in this sealing operation. The cryptor samples the nonce value from NonceGenerator it was created with. nonce must be a pointer to a resizable container with 1-byte value_type.
[out]ciphertextThe ciphertext generated by the authenticated-encryption operation. ciphertext must be a resizable container with 1-byte value_type.
Returns
A non-OK Status if an error is encountered.

The documentation for this class was generated from the following file: