Package io.grpc.alts.internal

Class AltsChannelCrypter

java.lang.Object
io.grpc.alts.internal.AltsChannelCrypter
All Implemented Interfaces:
ChannelCrypterNetty
final class AltsChannelCrypter extends Object implements ChannelCrypterNetty
Performs encryption and decryption with AES-GCM using JCE. All methods are thread-compatible.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private final AeadCrypter
    aeadCrypter
     
    private static final int
    COUNTER_LENGTH
     
    private static final int
    COUNTER_OVERFLOW_LENGTH
     
    private final byte[]
    inCounter
     
    private static final int
    KEY_LENGTH
     
    private final byte[]
    oldCounter
     
    private final byte[]
    outCounter
     
    private static final int
    TAG_LENGTH
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    AltsChannelCrypter(byte[] key, boolean isClient)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    decrypt(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf ciphertextAndTag)
    Decrypt ciphertext into the given output buffer and check tag.
    void
    decrypt(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf tag, List<io.netty.buffer.ByteBuf> ciphertextBufs)
    Decrypt ciphertext into the given output buffer and check tag.
    void
    destroy()
    Must be called to release all associated resources (instance cannot be used afterwards).
    void
    encrypt(io.netty.buffer.ByteBuf outBuf, List<io.netty.buffer.ByteBuf> plainBufs)
    Encrypt plaintext into output buffer.
    (package private) static int
    getCounterLength()
     
    (package private) static int
    getKeyLength()
     
    int
    getSuffixLength()
    Returns the length of the tag in bytes.
    (package private) static void
    incrementCounter(byte[] counter, byte[] oldCounter)
    Increments counter, store the unincremented value in oldCounter.
    private byte[]
    incrementInCounter()
    Increments the input counter, returning the previous (unincremented) value.
    (package private) void
    incrementInCounterForTesting(int n)
     
    private byte[]
    incrementOutCounter()
    Increments the output counter, returning the previous (unincremented) value.
    (package private) void
    incrementOutCounterForTesting(int n)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • KEY_LENGTH

      private static final int KEY_LENGTH

    • COUNTER_LENGTH

      private static final int COUNTER_LENGTH
      See Also:

    • COUNTER_OVERFLOW_LENGTH

      private static final int COUNTER_OVERFLOW_LENGTH
      See Also:

    • TAG_LENGTH

      private static final int TAG_LENGTH
      See Also:

    • aeadCrypter

      private final AeadCrypter aeadCrypter

    • outCounter

      private final byte[] outCounter

    • inCounter

      private final byte[] inCounter

    • oldCounter

      private final byte[] oldCounter

  • Constructor Details

    • AltsChannelCrypter

      AltsChannelCrypter(byte[] key, boolean isClient)

  • Method Details

    • getKeyLength

      static int getKeyLength()

    • getCounterLength

      static int getCounterLength()

    • encrypt

      public void encrypt(io.netty.buffer.ByteBuf outBuf, List<io.netty.buffer.ByteBuf> plainBufs) throws GeneralSecurityException
      Description copied from interface: ChannelCrypterNetty
      Encrypt plaintext into output buffer.
      Specified by:
      encrypt in interface ChannelCrypterNetty
      Parameters:
      outBuf - the protected input will be written into this buffer. The buffer must be direct and have enough space to hold all input buffers and the tag. Encrypt does not take ownership of this buffer.
      plainBufs - the input buffers that should be protected. Encrypt does not modify or take ownership of these buffers.
      Throws:
      GeneralSecurityException

    • decrypt

      public void decrypt(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf tag, List<io.netty.buffer.ByteBuf> ciphertextBufs) throws GeneralSecurityException
      Description copied from interface: ChannelCrypterNetty
      Decrypt ciphertext into the given output buffer and check tag.
      Specified by:
      decrypt in interface ChannelCrypterNetty
      Parameters:
      out - the unprotected input will be written into this buffer. The buffer must be direct and have enough space to hold all ciphertext buffers and the tag, i.e., it must have additional space for the tag, even though this space will be unused in the final result. Decrypt does not take ownership of this buffer.
      tag - the tag appended to the ciphertext. Decrypt does not modify or take ownership of this buffer.
      ciphertextBufs - the buffers that should be unprotected (excluding the tag). Decrypt does not modify or take ownership of these buffers.
      Throws:
      GeneralSecurityException

    • decrypt

      public void decrypt(io.netty.buffer.ByteBuf out, io.netty.buffer.ByteBuf ciphertextAndTag) throws GeneralSecurityException
      Description copied from interface: ChannelCrypterNetty
      Decrypt ciphertext into the given output buffer and check tag.
      Specified by:
      decrypt in interface ChannelCrypterNetty
      Parameters:
      out - the unprotected input will be written into this buffer. The buffer must be direct and have enough space to hold all ciphertext buffers and the tag, i.e., it must have additional space for the tag, even though this space will be unused in the final result. Decrypt does not take ownership of this buffer.
      ciphertextAndTag - single buffer containing ciphertext and tag that should be unprotected. The buffer must be direct and either completely overlap with out or not overlap at all.
      Throws:
      GeneralSecurityException

    • getSuffixLength

      public int getSuffixLength()
      Description copied from interface: ChannelCrypterNetty
      Returns the length of the tag in bytes.
      Specified by:
      getSuffixLength in interface ChannelCrypterNetty

    • destroy

      public void destroy()
      Description copied from interface: ChannelCrypterNetty
      Must be called to release all associated resources (instance cannot be used afterwards).
      Specified by:
      destroy in interface ChannelCrypterNetty

    • incrementCounter

      static void incrementCounter(byte[] counter, byte[] oldCounter) throws GeneralSecurityException
      Increments counter, store the unincremented value in oldCounter.
      Throws:
      GeneralSecurityException

    • incrementInCounter

      private byte[] incrementInCounter() throws GeneralSecurityException
      Increments the input counter, returning the previous (unincremented) value.
      Throws:
      GeneralSecurityException

    • incrementOutCounter

      private byte[] incrementOutCounter() throws GeneralSecurityException
      Increments the output counter, returning the previous (unincremented) value.
      Throws:
      GeneralSecurityException

    • incrementInCounterForTesting

      void incrementInCounterForTesting(int n) throws GeneralSecurityException
      Throws:
      GeneralSecurityException

    • incrementOutCounterForTesting

      void incrementOutCounterForTesting(int n) throws GeneralSecurityException
      Throws:
      GeneralSecurityException