1 /*
2  *
3  * Copyright 2018 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_RECORD_PROTOCOL_CRYPTER_COMMON_H
20 #define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_RECORD_PROTOCOL_CRYPTER_COMMON_H
21 
22 #include <grpc/support/port_platform.h>
23 
24 #include <grpc/grpc.h>
25 
26 #include "src/core/tsi/alts/frame_protector/alts_counter.h"
27 #include "src/core/tsi/alts/frame_protector/alts_crypter.h"
28 
29 /**
30  * This file contains common implementation that will be used in both seal and
31  * unseal operations.
32  */
33 
34 /**
35  * Main struct for alts_record_protocol_crypter that will be used in both
36  * seal and unseal operations.
37  */
38 typedef struct alts_record_protocol_crypter {
39   alts_crypter base;
40   gsec_aead_crypter* crypter;
41   alts_counter* ctr;
42 } alts_record_protocol_crypter;
43 
44 /**
45  * This method performs input sanity checks on a subset of inputs to
46  * alts_crypter_process_in_place() for both seal and unseal operations.
47  *
48  * - rp_crypter: an alts_record_protocol_crypter instance.
49  * - data: it represents raw data that needs to be sealed in a seal operation or
50  *   protected data that needs to be unsealed in an unseal operation.
51  * - output_size: size of data written to the data buffer after a seal or
52  *   unseal operation.
53  * - error_details: a buffer containing an error message if any of checked
54  *   inputs is nullptr. It is legal to pass nullptr into error_details and
55  *   otherwise, the parameter should be freed with gpr_free.
56  *
57  * On success, the method returns GRPC_STATUS_OK. Otherwise,
58  * it returns an error status code along with its details specified in
59  * error_details (if error_details is not nullptr).
60  */
61 grpc_status_code input_sanity_check(
62     const alts_record_protocol_crypter* rp_crypter, const unsigned char* data,
63     size_t* output_size, char** error_details);
64 
65 /**
66  * This method increments the counter within an alts_record_protocol_crypter
67  * instance.
68  *
69  * - rp_crypter: an alts_record_protocol_crypter instance.
70  * - error_details: a buffer containing an error message if the method does not
71  *   function correctly or the counter is wrapped. It is legal to pass nullptr
72  *   into error_details and otherwise, the parameter should be freed with
73  *   gpr_free.
74  *
75  * On success, the method returns GRPC_STATUS_OK. Otherwise,
76  * it returns an error status code along with its details specified in
77  * error_details (if error_details is not nullptr).
78  */
79 grpc_status_code increment_counter(alts_record_protocol_crypter* rp_crypter,
80                                    char** error_details);
81 
82 /**
83  * This method creates an alts_crypter instance, and populates the fields
84  * that are common to both seal and unseal operations.
85  *
86  * - crypter: a gsec_aead_crypter instance used to perform AEAD decryption. The
87  *   function does not take ownership of crypter.
88  * - is_client: a flag indicating if the alts_crypter instance will be
89  *   used at the client (is_client = true) or server (is_client =
90  *   false) side.
91  * - overflow_size: overflow size of counter in bytes.
92  * - error_details: a buffer containing an error message if the method does
93  *   not function correctly. It is legal to pass nullptr into error_details, and
94  *   otherwise, the parameter should be freed with gpr_free.
95  *
96  * On success of creation, the method returns alts_record_protocol_crypter
97  * instance. Otherwise, it returns nullptr with its details specified in
98  * error_details (if error_details is not nullptr).
99  *
100  */
101 alts_record_protocol_crypter* alts_crypter_create_common(
102     gsec_aead_crypter* crypter, bool is_client, size_t overflow_size,
103     char** error_details);
104 
105 /**
106  * For the following two methods, please refer to the corresponding API in
107  * alts_crypter.h for detailed specifications.
108  */
109 size_t alts_record_protocol_crypter_num_overhead_bytes(const alts_crypter* c);
110 
111 void alts_record_protocol_crypter_destruct(alts_crypter* c);
112 
113 #endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_RECORD_PROTOCOL_CRYPTER_COMMON_H \
114         */
115