AlexaClientSDK
1.26.0
A cross-platform, modular SDK for interacting with the Alexa Voice Service
|
Binary codec implementation. More...
#include <OpenSslCryptoCodec.h>
Public Member Functions | |
CryptoCodecInterface methods. | |
~OpenSslCryptoCodec () noexcept override | |
bool | init (const Key &key, const IV &iv) noexcept override |
Initialize the codec. More... | |
bool | processAAD (const DataBlock &dataIn) noexcept override |
Process AAD data block. More... | |
bool | processAAD (DataBlock::const_iterator dataInBegin, DataBlock::const_iterator dataInEnd) noexcept override |
Process AAD data block range. More... | |
bool | process (const DataBlock &dataIn, DataBlock &dataOut) noexcept override |
Encrypt or decrypt a data block. More... | |
bool | process (DataBlock::const_iterator dataInBegin, DataBlock::const_iterator dataInEnd, DataBlock &dataOut) noexcept override |
Encrypt or decrypt a data block range. More... | |
bool | finalize (DataBlock &dataOut) noexcept override |
Complete data processing. More... | |
bool | getTag (Tag &tag) noexcept override |
Provides tag from authenticated encryption. More... | |
bool | setTag (const Tag &tag) noexcept override |
Sets tag for authenticated decryption. More... | |
Public Member Functions inherited from alexaClientSDK::acsdkCryptoInterfaces::CryptoCodecInterface | |
virtual | ~CryptoCodecInterface () noexcept=default |
Default destructor. More... | |
Static Public Member Functions | |
static std::unique_ptr< OpenSslCryptoCodec > | createDecoder (AlgorithmType type) noexcept |
Create decoder. More... | |
static std::unique_ptr< OpenSslCryptoCodec > | createEncoder (AlgorithmType type) noexcept |
Create encoder. More... | |
Additional Inherited Members | |
Public Types inherited from alexaClientSDK::acsdkCryptoInterfaces::CryptoCodecInterface | |
typedef std::vector< unsigned char > | DataBlock |
Data block type. This type represents a byte array. More... | |
typedef std::vector< unsigned char > | Key |
Key type. This type contains key bytes. More... | |
typedef std::vector< unsigned char > | IV |
Initialization vector type. Initialization vector contains data to initialize codec state before encrypting or decrypting data. More... | |
typedef std::vector< unsigned char > | Tag |
Tag vector type. Tag is used with AEAD mode of operation like with Galois/Counter mode. More... | |
Binary codec implementation.
This class uses EVP API from OpenSSL library. We can add new algorithms as needed.
|
overridenoexcept |
|
staticnoexcept |
Create decoder.
Factory method to create decoder for an encryption algorithm.
[in] | type | Encryption algorithm. |
|
staticnoexcept |
Create encoder.
Factory method to create encoder for an encryption algorithm.
[in] | type | Encryption algorithm. |
|
overridevirtualnoexcept |
Complete data processing.
Completes processing (encryption or decryption) of data. This method writes a final data block to dataOut if necessary. Finalize may or may not produce a final data block depending on codec state and encryption mode. For example, when block cipher is used without padding, this method never produces contents (it may still fail if previous input didn't match block boundary), but when PKCS#7 padding is used, this method may produce up to block size bytes of data.
When performing Authenticated Encryption, this method completes tag (MAC) computation and getTag() method shall be called after this method.
When performing Authenticated Decryption, setTag() method shall be called with a tag (MAC) and this method performs tag validation.
[out] | dataOut | Processed data. Method appends data to dataOut container. |
Implements alexaClientSDK::acsdkCryptoInterfaces::CryptoCodecInterface.
|
overridevirtualnoexcept |
Provides tag from authenticated encryption.
This method returns a tag (known as Message Authentication Code/MAC) after authenticated encryption is completed with finalize() call. This method must be used with Authenticated Encryption Authenticated Decryption ciphers like AES-GCM, and cannot be used with non-AEAD algorithms. TThe method will fail if the codec algorithm is not from AEAD family.
[out] | tag | Tag value. Method appends a value to tag container. |
Implements alexaClientSDK::acsdkCryptoInterfaces::CryptoCodecInterface.
|
overridevirtualnoexcept |
Initialize the codec.
Initializes (or re-initializes) codec with a given key and initialization vector. This method must be called before any processing can be done.
This method can be called to reset and re-initialize codec instance for reuse.
[in] | key | Key to use. The method will fail with an error if the size of the key doesn't correspond to cipher type. |
[in] | iv | Initialization vector. The method will fail with an error if the size of IV doesn't correspond to cipher type. |
Implements alexaClientSDK::acsdkCryptoInterfaces::CryptoCodecInterface.
|
overridevirtualnoexcept |
Encrypt or decrypt a data block.
Processes (encrypts or decrypts) a data block. This method consumes a block of input data and optionally produces output data. Because cipher algorithms can cache some data internally, the size of output may not match size of input.
This method can be called any number of times after init has been performed and before calling finalize. If there is no more data to process, the user must call finalize() to get the final data block. The method will fail, if this method is called before init() or after finalize() calls.
When cipher is processing data, the output is appended to dataOut container. The caller should not make assumptions how many bytes will be appended, as the implementation may cache data internally.
[in] | dataIn | Data to encrypt or decrypt. If the data container is empty, the method will do nothing and return true. |
[out] | dataOut | Processed data. Method appends data to dataOut container. The size of output may differ from the size of input. |
Implements alexaClientSDK::acsdkCryptoInterfaces::CryptoCodecInterface.
|
overridevirtualnoexcept |
Encrypt or decrypt a data block range.
Processes (encrypts or decrypts) a data block range. This method consumes a block of input data and optionally produces output data. Because cipher algorithms can cache some data internally, the size of output may not match size of input.
This method can be called any number of times after init has been performed and before calling finalize. If there is no more data to process, the user must call finalize() to get the final data block. The method will fail, if this method is called before init() or after finalize() calls.
When cipher is processing data, the output is appended to dataOut container. The caller should not make assumptions how many bytes will be appended, as the implementation may cache data internally.
[in] | dataInBegin | Range start. This parameter must be equal or less than dataInEnd. If the parameter is greater than dataInEnd the implementation does nothing and returns false. |
[in] | dataInEnd | Range end. This parameter must be equal or greater than dataInBegin. If the parameter is smaller than dataInBegin the implementation does nothing and returns false. |
[out] | dataOut | Processed data. Method appends (not replaces) data to dataOut container. The size of output may differ from the size of input. |
Implements alexaClientSDK::acsdkCryptoInterfaces::CryptoCodecInterface.
|
overridevirtualnoexcept |
Process AAD data block.
Processes Additional Authenticated Data block. AAD is used for Authenticated Encryption Authenticated Decryption algorithms like AES-GCM, and cannot be used with non-AEAD algorithms.
AEAD algorithms allow submission of arbitrary amount of AAD (including none), and this data affects algorithm output and tag value computation. When data is encrypted with AAD, the same AAD must be used for decryption.
AAD doesn't impact the output size of ciphertext when encrypting, nor the size of plaintext when decrypting. For data decryption the total submitted AAD input must match the one used for encryption. There is no difference if AAD is submitted all at once, or split into smaller chunks and submitted through a series of calls.
This method can be called any number of times after init() has been performed and before calling process(). If there is no more data to process, the user must call finalize() to get the final data block. The method will fail, if this method is called before init() or after process() or finalize() calls. The method will fail if the codec algorithm is not from AEAD family.
[in] | dataIn | Additional authenticated data. If the data container is empty, the method will do nothing and return true. |
Implements alexaClientSDK::acsdkCryptoInterfaces::CryptoCodecInterface.
|
overridevirtualnoexcept |
Process AAD data block range.
Processes Additional Authenticated Data block range. AAD is used for Authenticated Encryption Authenticated Decryption algorithms like AES-GCM, and cannot be used with non-AEAD algorithms.
AEAD algorithms allow submission of arbitrary amount of AAD (including none), and this data affects algorithm output and tag value computation. When data is encrypted with AAD, the same AAD must be used for decryption.
AAD doesn't impact the output size of ciphertext when encrypting, nor the size of plaintext when decrypting. For data decryption the total submitted AAD input must match the one used for encryption. There is no difference if AAD is submitted all at once, or split into smaller chunks and submitted through a series of calls.
This method can be called any number of times after init() has been performed and before calling process(). If there is no more data to process, the user must call finalize() to get the final data block. The method will fail, if this method is called before init() or after process() or finalize() calls. The method will fail if the codec algorithm is not from AEAD family.
[in] | dataInBegin | Range start. This parameter must be equal or less than dataInEnd. If the parameter is greater than dataInEnd the implementation does nothing and returns false. |
[in] | dataInEnd | Range end. This parameter must be equal or greater than dataInBegin. If the parameter is smaller than dataInBegin the implementation does nothing and returns false. |
Implements alexaClientSDK::acsdkCryptoInterfaces::CryptoCodecInterface.
|
overridevirtualnoexcept |
Sets tag for authenticated decryption.
This method provide a tag (known as Message Authentication Code/MAC) to authenticated decryption algorithm after all ciphertext is submitted with process() calls and before completing it with finalize() call. This method must be used with Authenticated Encryption Authenticated Decryption ciphers like AES-GCM, and cannot be used with non-AEAD algorithms. The method will fail if the codec algorithm is not from AEAD family.
[in] | tag | Tag value. |
Implements alexaClientSDK::acsdkCryptoInterfaces::CryptoCodecInterface.
AlexaClientSDK 1.26.0 - Copyright 2016-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License, Version 2.0