Package io.grpc.alts.internal
Interface ChannelCrypterNetty
- All Known Implementing Classes:
AltsChannelCrypter
public interface ChannelCrypterNetty
A
ChannelCrypterNetty
performs stateful encryption and decryption of independent input
and output streams. Both decrypt and encrypt gather their input from a list of Netty ByteBuf
instances.
Note that we provide implementations of this interface that provide integrity only and implementations that provide privacy and integrity. All methods should be thread-compatible.
-
Method Summary
Modifier and TypeMethodDescriptionvoid
decrypt
(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf ciphertextAndTag) Decrypt ciphertext into the given output buffer and check tag.void
decrypt
(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf tag, List<io.netty.buffer.ByteBuf> ciphertext) Decrypt ciphertext into the given output buffer and check tag.void
destroy()
Must be called to release all associated resources (instance cannot be used afterwards).void
Encrypt plaintext into output buffer.int
Returns the length of the tag in bytes.
-
Method Details
-
encrypt
void encrypt(io.netty.buffer.ByteBuf out, List<io.netty.buffer.ByteBuf> plain) throws GeneralSecurityException Encrypt plaintext into output buffer.- Parameters:
out
- the protected input will be written into this buffer. The buffer must be direct and have enough space to hold all input buffers and the tag. Encrypt does not take ownership of this buffer.plain
- the input buffers that should be protected. Encrypt does not modify or take ownership of these buffers.- Throws:
GeneralSecurityException
-
decrypt
void decrypt(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf tag, List<io.netty.buffer.ByteBuf> ciphertext) throws GeneralSecurityException Decrypt ciphertext into the given output buffer and check tag.- Parameters:
out
- the unprotected input will be written into this buffer. The buffer must be direct and have enough space to hold all ciphertext buffers and the tag, i.e., it must have additional space for the tag, even though this space will be unused in the final result. Decrypt does not take ownership of this buffer.tag
- the tag appended to the ciphertext. Decrypt does not modify or take ownership of this buffer.ciphertext
- the buffers that should be unprotected (excluding the tag). Decrypt does not modify or take ownership of these buffers.- Throws:
GeneralSecurityException
-
decrypt
void decrypt(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf ciphertextAndTag) throws GeneralSecurityException Decrypt ciphertext into the given output buffer and check tag.- Parameters:
out
- the unprotected input will be written into this buffer. The buffer must be direct and have enough space to hold all ciphertext buffers and the tag, i.e., it must have additional space for the tag, even though this space will be unused in the final result. Decrypt does not take ownership of this buffer.ciphertextAndTag
- single buffer containing ciphertext and tag that should be unprotected. The buffer must be direct and either completely overlap without
or not overlap at all.- Throws:
GeneralSecurityException
-
getSuffixLength
int getSuffixLength()Returns the length of the tag in bytes. -
destroy
void destroy()Must be called to release all associated resources (instance cannot be used afterwards).
-