1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
/*
*
* Copyright 2018 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
#include <grpc/support/port_platform.h>
#include <grpc/support/alloc.h>
#include "src/core/tsi/alts/frame_protector/alts_counter.h"
#include "src/core/tsi/alts/frame_protector/alts_crypter.h"
#include "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h"
static void maybe_copy_error_msg(const char* src, char** dst) {
if (dst != nullptr && src != nullptr) {
*dst = static_cast<char*>(gpr_malloc(strlen(src) + 1));
memcpy(*dst, src, strlen(src) + 1);
}
}
/* Perform input santity check for a seal operation. */
static grpc_status_code seal_check(alts_crypter* c, const unsigned char* data,
size_t data_allocated_size, size_t data_size,
size_t* output_size, char** error_details) {
/* Do common input sanity check. */
grpc_status_code status = input_sanity_check(
reinterpret_cast<const alts_record_protocol_crypter*>(c), data,
output_size, error_details);
if (status != GRPC_STATUS_OK) return status;
/* Do seal-specific check. */
size_t num_overhead_bytes =
alts_crypter_num_overhead_bytes(reinterpret_cast<const alts_crypter*>(c));
if (data_size == 0) {
const char error_msg[] = "data_size is zero.";
maybe_copy_error_msg(error_msg, error_details);
return GRPC_STATUS_INVALID_ARGUMENT;
}
if (data_size + num_overhead_bytes > data_allocated_size) {
const char error_msg[] =
"data_allocated_size is smaller than sum of data_size and "
"num_overhead_bytes.";
maybe_copy_error_msg(error_msg, error_details);
return GRPC_STATUS_INVALID_ARGUMENT;
}
return GRPC_STATUS_OK;
}
static grpc_status_code alts_seal_crypter_process_in_place(
alts_crypter* c, unsigned char* data, size_t data_allocated_size,
size_t data_size, size_t* output_size, char** error_details) {
grpc_status_code status = seal_check(c, data, data_allocated_size, data_size,
output_size, error_details);
if (status != GRPC_STATUS_OK) {
return status;
}
/* Do AEAD encryption. */
alts_record_protocol_crypter* rp_crypter =
reinterpret_cast<alts_record_protocol_crypter*>(c);
status = gsec_aead_crypter_encrypt(
rp_crypter->crypter, alts_counter_get_counter(rp_crypter->ctr),
alts_counter_get_size(rp_crypter->ctr), nullptr /* aad */,
0 /* aad_length */, data, data_size, data, data_allocated_size,
output_size, error_details);
if (status != GRPC_STATUS_OK) {
return status;
}
/* Increment the crypter counter. */
return increment_counter(rp_crypter, error_details);
}
static const alts_crypter_vtable vtable = {
alts_record_protocol_crypter_num_overhead_bytes,
alts_seal_crypter_process_in_place, alts_record_protocol_crypter_destruct};
grpc_status_code alts_seal_crypter_create(gsec_aead_crypter* gc, bool is_client,
size_t overflow_size,
alts_crypter** crypter,
char** error_details) {
if (crypter == nullptr) {
const char error_msg[] = "crypter is nullptr.";
maybe_copy_error_msg(error_msg, error_details);
return GRPC_STATUS_FAILED_PRECONDITION;
}
alts_record_protocol_crypter* rp_crypter =
alts_crypter_create_common(gc, !is_client, overflow_size, error_details);
if (rp_crypter == nullptr) {
return GRPC_STATUS_FAILED_PRECONDITION;
}
rp_crypter->base.vtable = &vtable;
*crypter = &rp_crypter->base;
return GRPC_STATUS_OK;
}
|
