1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
/*
*
* Copyright 2018 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H
#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H
#include <grpc/support/port_platform.h>
#include <stdbool.h>
#include "src/core/tsi/alts/crypt/gsec.h"
constexpr size_t kZeroCopyFrameMessageType = 0x06;
constexpr size_t kZeroCopyFrameLengthFieldSize = 4;
constexpr size_t kZeroCopyFrameMessageTypeFieldSize = 4;
constexpr size_t kZeroCopyFrameHeaderSize =
kZeroCopyFrameLengthFieldSize + kZeroCopyFrameMessageTypeFieldSize;
// Limit k on number of frames such that at most 2^(8 * k) frames can be sent.
constexpr size_t kAltsRecordProtocolRekeyFrameLimit = 8;
constexpr size_t kAltsRecordProtocolFrameLimit = 5;
/* An implementation of alts record protocol. The API is thread-compatible. */
typedef struct iovec iovec_t;
typedef struct alts_iovec_record_protocol alts_iovec_record_protocol;
/**
* This method gets the length of record protocol frame header.
*/
size_t alts_iovec_record_protocol_get_header_length();
/**
* This method gets the length of record protocol frame tag.
*
* - rp: an alts_iovec_record_protocol instance.
*
* On success, the method returns the length of record protocol frame tag.
* Otherwise, it returns zero.
*/
size_t alts_iovec_record_protocol_get_tag_length(
const alts_iovec_record_protocol* rp);
/**
* This method returns maximum allowed unprotected data size, given maximum
* protected frame size.
*
* - rp: an alts_iovec_record_protocol instance.
* - max_protected_frame_size: maximum protected frame size.
*
* On success, the method returns the maximum allowed unprotected data size.
* Otherwise, it returns zero.
*/
size_t alts_iovec_record_protocol_max_unprotected_data_size(
const alts_iovec_record_protocol* rp, size_t max_protected_frame_size);
/**
* This method performs integrity-only protect operation on a
* alts_iovec_record_protocol instance, i.e., compute frame header and tag. The
* caller needs to allocate the memory for header and tag prior to calling this
* method.
*
* - rp: an alts_iovec_record_protocol instance.
* - unprotected_vec: an iovec array containing unprotected data.
* - unprotected_vec_length: the array length of unprotected_vec.
* - header: an iovec containing the output frame header.
* - tag: an iovec containing the output frame tag.
* - error_details: a buffer containing an error message if the method does not
* function correctly. It is OK to pass nullptr into error_details.
*
* On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
* error status code along with its details specified in error_details (if
* error_details is not nullptr).
*/
grpc_status_code alts_iovec_record_protocol_integrity_only_protect(
alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec,
size_t unprotected_vec_length, iovec_t header, iovec_t tag,
char** error_details);
/**
* This method performs integrity-only unprotect operation on a
* alts_iovec_record_protocol instance, i.e., verify frame header and tag.
*
* - rp: an alts_iovec_record_protocol instance.
* - protected_vec: an iovec array containing protected data.
* - protected_vec_length: the array length of protected_vec.
* - header: an iovec containing the frame header.
* - tag: an iovec containing the frame tag.
* - error_details: a buffer containing an error message if the method does not
* function correctly. It is OK to pass nullptr into error_details.
*
* On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
* error status code along with its details specified in error_details (if
* error_details is not nullptr).
*/
grpc_status_code alts_iovec_record_protocol_integrity_only_unprotect(
alts_iovec_record_protocol* rp, const iovec_t* protected_vec,
size_t protected_vec_length, iovec_t header, iovec_t tag,
char** error_details);
/**
* This method performs privacy-integrity protect operation on a
* alts_iovec_record_protocol instance, i.e., compute a protected frame. The
* caller needs to allocate the memory for the protected frame prior to calling
* this method.
*
* - rp: an alts_iovec_record_protocol instance.
* - unprotected_vec: an iovec array containing unprotected data.
* - unprotected_vec_length: the array length of unprotected_vec.
* - protected_frame: an iovec containing the output protected frame.
* - error_details: a buffer containing an error message if the method does not
* function correctly. It is OK to pass nullptr into error_details.
*
* On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
* error status code along with its details specified in error_details (if
* error_details is not nullptr).
*/
grpc_status_code alts_iovec_record_protocol_privacy_integrity_protect(
alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec,
size_t unprotected_vec_length, iovec_t protected_frame,
char** error_details);
/**
* This method performs privacy-integrity unprotect operation on a
* alts_iovec_record_protocol instance given a full protected frame, i.e.,
* compute the unprotected data. The caller needs to allocated the memory for
* the unprotected data prior to calling this method.
*
* - rp: an alts_iovec_record_protocol instance.
* - header: an iovec containing the frame header.
* - protected_vec: an iovec array containing protected data including the tag.
* - protected_vec_length: the array length of protected_vec.
* - unprotected_data: an iovec containing the output unprotected data.
* - error_details: a buffer containing an error message if the method does not
* function correctly. It is OK to pass nullptr into error_details.
*
* On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
* error status code along with its details specified in error_details (if
* error_details is not nullptr).
*/
grpc_status_code alts_iovec_record_protocol_privacy_integrity_unprotect(
alts_iovec_record_protocol* rp, iovec_t header,
const iovec_t* protected_vec, size_t protected_vec_length,
iovec_t unprotected_data, char** error_details);
/**
* This method creates an alts_iovec_record_protocol instance, given a
* gsec_aead_crypter instance, a flag indicating if the created instance will be
* used at the client or server side, and a flag indicating if the created
* instance will be used for integrity-only mode or privacy-integrity mode. The
* ownership of gsec_aead_crypter instance is transferred to this new object.
*
* - crypter: a gsec_aead_crypter instance used to perform AEAD decryption.
* - overflow_size: overflow size of counter in bytes.
* - is_client: a flag indicating if the alts_iovec_record_protocol instance
* will be used at the client or server side.
* - is_integrity_only: a flag indicating if the alts_iovec_record_protocol
* instance will be used for integrity-only or privacy-integrity mode.
* - is_protect: a flag indicating if the alts_grpc_record_protocol instance
* will be used for protect or unprotect.
* - rp: an alts_iovec_record_protocol instance to be returned from
* the method.
* - error_details: a buffer containing an error message if the method does not
* function correctly. It is OK to pass nullptr into error_details.
*
* On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
* error status code along with its details specified in error_details (if
* error_details is not nullptr).
*/
grpc_status_code alts_iovec_record_protocol_create(
gsec_aead_crypter* crypter, size_t overflow_size, bool is_client,
bool is_integrity_only, bool is_protect, alts_iovec_record_protocol** rp,
char** error_details);
/**
* This method destroys an alts_iovec_record_protocol instance by de-allocating
* all of its occupied memory. A gsec_aead_crypter instance passed in at
* gsec_alts_crypter instance creation time will be destroyed in this method.
*/
void alts_iovec_record_protocol_destroy(alts_iovec_record_protocol* rp);
#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H \
*/
|
