Package io.grpc.alts.internal
Class AltsChannelCrypter
java.lang.Object
io.grpc.alts.internal.AltsChannelCrypter
- All Implemented Interfaces:
ChannelCrypterNetty
Performs encryption and decryption with AES-GCM using JCE. All methods are thread-compatible.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final AeadCrypter
private static final int
private static final int
private final byte[]
private static final int
private final byte[]
private final byte[]
private static final int
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
decrypt
(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf ciphertextAndTag) Decrypt ciphertext into the given output buffer and check tag.void
decrypt
(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf tag, List<io.netty.buffer.ByteBuf> ciphertextBufs) Decrypt ciphertext into the given output buffer and check tag.void
destroy()
Must be called to release all associated resources (instance cannot be used afterwards).void
Encrypt plaintext into output buffer.(package private) static int
(package private) static int
int
Returns the length of the tag in bytes.(package private) static void
incrementCounter
(byte[] counter, byte[] oldCounter) Incrementscounter
, store the unincremented value inoldCounter
.private byte[]
Increments the input counter, returning the previous (unincremented) value.(package private) void
incrementInCounterForTesting
(int n) private byte[]
Increments the output counter, returning the previous (unincremented) value.(package private) void
-
Field Details
-
KEY_LENGTH
private static final int KEY_LENGTH -
COUNTER_LENGTH
private static final int COUNTER_LENGTH- See Also:
-
COUNTER_OVERFLOW_LENGTH
private static final int COUNTER_OVERFLOW_LENGTH- See Also:
-
TAG_LENGTH
private static final int TAG_LENGTH- See Also:
-
aeadCrypter
-
outCounter
private final byte[] outCounter -
inCounter
private final byte[] inCounter -
oldCounter
private final byte[] oldCounter
-
-
Constructor Details
-
AltsChannelCrypter
AltsChannelCrypter(byte[] key, boolean isClient)
-
-
Method Details
-
getKeyLength
static int getKeyLength() -
getCounterLength
static int getCounterLength() -
encrypt
public void encrypt(io.netty.buffer.ByteBuf outBuf, List<io.netty.buffer.ByteBuf> plainBufs) throws GeneralSecurityException Description copied from interface:ChannelCrypterNetty
Encrypt plaintext into output buffer.- Specified by:
encrypt
in interfaceChannelCrypterNetty
- Parameters:
outBuf
- the protected input will be written into this buffer. The buffer must be direct and have enough space to hold all input buffers and the tag. Encrypt does not take ownership of this buffer.plainBufs
- the input buffers that should be protected. Encrypt does not modify or take ownership of these buffers.- Throws:
GeneralSecurityException
-
decrypt
public void decrypt(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf tag, List<io.netty.buffer.ByteBuf> ciphertextBufs) throws GeneralSecurityException Description copied from interface:ChannelCrypterNetty
Decrypt ciphertext into the given output buffer and check tag.- Specified by:
decrypt
in interfaceChannelCrypterNetty
- Parameters:
out
- the unprotected input will be written into this buffer. The buffer must be direct and have enough space to hold all ciphertext buffers and the tag, i.e., it must have additional space for the tag, even though this space will be unused in the final result. Decrypt does not take ownership of this buffer.tag
- the tag appended to the ciphertext. Decrypt does not modify or take ownership of this buffer.ciphertextBufs
- the buffers that should be unprotected (excluding the tag). Decrypt does not modify or take ownership of these buffers.- Throws:
GeneralSecurityException
-
decrypt
public void decrypt(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf ciphertextAndTag) throws GeneralSecurityException Description copied from interface:ChannelCrypterNetty
Decrypt ciphertext into the given output buffer and check tag.- Specified by:
decrypt
in interfaceChannelCrypterNetty
- Parameters:
out
- the unprotected input will be written into this buffer. The buffer must be direct and have enough space to hold all ciphertext buffers and the tag, i.e., it must have additional space for the tag, even though this space will be unused in the final result. Decrypt does not take ownership of this buffer.ciphertextAndTag
- single buffer containing ciphertext and tag that should be unprotected. The buffer must be direct and either completely overlap without
or not overlap at all.- Throws:
GeneralSecurityException
-
getSuffixLength
public int getSuffixLength()Description copied from interface:ChannelCrypterNetty
Returns the length of the tag in bytes.- Specified by:
getSuffixLength
in interfaceChannelCrypterNetty
-
destroy
public void destroy()Description copied from interface:ChannelCrypterNetty
Must be called to release all associated resources (instance cannot be used afterwards).- Specified by:
destroy
in interfaceChannelCrypterNetty
-
incrementCounter
Incrementscounter
, store the unincremented value inoldCounter
.- Throws:
GeneralSecurityException
-
incrementInCounter
Increments the input counter, returning the previous (unincremented) value.- Throws:
GeneralSecurityException
-
incrementOutCounter
Increments the output counter, returning the previous (unincremented) value.- Throws:
GeneralSecurityException
-
incrementInCounterForTesting
- Throws:
GeneralSecurityException
-
incrementOutCounterForTesting
- Throws:
GeneralSecurityException
-