Asylo
nonce_generator.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2017 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_CRYPTO_NONCE_GENERATOR_H_
20 #define ASYLO_CRYPTO_NONCE_GENERATOR_H_
21 
22 #include <string>
23 
24 #include "asylo/crypto/util/bytes.h"
25 #include "asylo/util/status.h"
26 
27 namespace asylo {
28 
29 /// Defines a nonce-generator interface. The template parameter `Size`
30 /// determines the size of the nonces produced by this generator.
31 template <size_t Size>
33  public:
34  NonceGenerator() = default;
35  virtual ~NonceGenerator() = default;
36 
37  /// Generates the next nonce.
38  ///
39  /// Generates the next nonce and writes it to `nonce`. The nonce generator may
40  /// optionally use the `key_id` parameter to select a `key_id`-specific nonce.
41  /// There is, however, no guarantee that the nonce-generator implementation
42  /// will handle the `key_id` input as a sensitive secret. Consequently, users
43  /// of the nonce-generator interface must never pass sensitive keys directly
44  /// as key identifiers. Instead, a `key_id` must be generated from key using a
45  /// one-way hash function.
46  ///
47  /// \param key_id Key identifier of the key that will be used with the nonce.
48  /// \param[out] nonce The generated nonce.
49  /// \return A non-OK Status if an error is encountered.
50  virtual Status NextNonce(const std::vector<uint8_t> &key_id,
51  UnsafeBytes<Size> *nonce) = 0;
52 
53  /// Indicates whether nonce generator utilizes the `key_id` input of the
54  /// NextNonce() method to maintain key-id-specific nonce state.
55  ///
56  /// \return True if the nonce generator utilizes the `key_id` input of the
57  /// NextNonce() method to maintain key-id-specific nonce state.
58  virtual bool uses_key_id() { return false; }
59 
60  /// Gets the size of the nonces generated by this nonce generator.
61  ///
62  /// \return Size of the nonces generated by this nonce generator.
63  static constexpr size_t nonce_size() { return Size; }
64 };
65 
66 } // namespace asylo
67 
68 #endif // ASYLO_CRYPTO_NONCE_GENERATOR_H_
virtual ~NonceGenerator()=default
virtual Status NextNonce(const std::vector< uint8_t > &key_id, UnsafeBytes< Size > *nonce)=0
Generates the next nonce.
virtual bool uses_key_id()
Indicates whether nonce generator utilizes the key_id input of the NextNonce() method to maintain key...
Definition: nonce_generator.h:58
Definition: aes_gcm_siv.h:37
static constexpr size_t nonce_size()
Gets the size of the nonces generated by this nonce generator.
Definition: nonce_generator.h:63
Defines a nonce-generator interface.
Definition: nonce_generator.h:32