 |
AlexaClientSDK
1.26.0
A cross-platform, modular SDK for interacting with the Alexa Voice Service
|
|
AlexaClientSDK
1.26.0
A cross-platform, modular SDK for interacting with the Alexa Voice Service
|
Key store implementation for PKCS11. More...
#include <PKCS11KeyStore.h>
Public Member Functions | |
KeyStoreInterface methods. | |
| ~PKCS11KeyStore () noexcept override | |
| bool | encrypt (const std::string &keyAlias, AlgorithmType type, const IV &iv, const DataBlock &plaintext, KeyChecksum &checksum, DataBlock &ciphertext) noexcept override |
| Encrypts data block. More... | |
| bool | encryptAE (const std::string &keyAlias, AlgorithmType type, const IV &iv, const DataBlock &aad, const DataBlock &plaintext, KeyChecksum &checksum, DataBlock &ciphertext, Tag &tag) noexcept override |
| Encrypts data block using authenticated encryption algorithm. More... | |
| bool | decrypt (const std::string &keyAlias, AlgorithmType type, const KeyChecksum &checksum, const IV &iv, const DataBlock &ciphertext, DataBlock &plaintext) noexcept override |
| Decrypts data block. More... | |
| bool | decryptAD (const std::string &keyAlias, AlgorithmType type, const KeyChecksum &checksum, const IV &iv, const DataBlock &aad, const DataBlock &ciphertext, const Tag &tag, DataBlock &plaintext) noexcept override |
| Decrypts data block using authenticated decryption algorithm. More... | |
| bool | getDefaultKeyAlias (std::string &keyAlias) noexcept override |
| Returns default key alias. More... | |
 Public Member Functions inherited from alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface | |
| virtual | ~KeyStoreInterface () noexcept=default |
| Default destructor. More... | |
Static Public Member Functions | |
| static std::shared_ptr< KeyStoreInterface > | create (const std::shared_ptr< MetricRecorderInterface > &metricRecorder=nullptr) noexcept |
| Creates key store. More... | |
Additional Inherited Members | |
| Public Types inherited from alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface | |
| typedef std::vector< unsigned char > | DataBlock |
| Data type for data block (encrypted or unencrypted). More... | |
| typedef std::vector< unsigned char > | IV |
| Data type for initialization vector data. More... | |
| typedef std::vector< unsigned char > | KeyChecksum |
| Data type for key checksum. More... | |
| typedef std::vector< unsigned char > | Tag |
| Data type for tag. Tag (known as Message Authentication Code) is used with AEAD mode of operation like with Galois/Counter mode. More... | |
Key store implementation for PKCS11.
This class implements features of alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface using PKCS#11 interface functions.
|
overridenoexcept |
|
staticnoexcept |
Creates key store.
| [in] | metricRecorder | Optional reference for metrics reporting. |
|
overridevirtualnoexcept |
Decrypts data block.
Method decrypts data block. The method locates the key, checks if key type supports requested algorithm and has matching checksum (if checksum is supported), and performs decryption.
| [in] | keyAlias | Key alias. |
| [in] | type | Algorithm type to use. The method will fail, if type is AEAD algorithm like AES-GCM. |
| [in] | checksum | Key checksum if available. If implementation doesn't support checksum, the value of this parameter is ignored. The system checks checksum against checksum of a currently available key before decrypting data to ensure we don't try to use a different key, then the one, that has been used during encryption. |
| [in] | iv | Initialization vector. This vector must match have the same value, as the one used when encrypting data. |
| [in] | ciphertext | Data to decrypt. |
| [out] | plaintext | Decrypted data. This method appends data to plaintext. |
Implements alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface.
|
overridevirtualnoexcept |
Decrypts data block using authenticated decryption algorithm.
Method decrypts data block using additional authenticated data and authentication tag (also known as Message Authentication Code/MAC). This method locates the key, checks if key type supports requested algorithm and has matching checksum (if checksum is supported), and performs decryption.
| [in] | keyAlias | Key alias. |
| [in] | type | Algorithm type to use. The method will fail, if type is not AEAD algorithm like AES-GCM. |
| [in] | checksum | Key checksum if available. If implementation doesn't support checksum, the value of this parameter is ignored. The system checks checksum against checksum of a currently available key before decrypting data to ensure we don't try to use a different key, then the one, that has been used during encryption. |
| [in] | iv | Initialization vector. This vector must match have the same value, as the one used when encrypting data. |
| [in] | aad | Additional authenticated data. This data must match AAD used when encrypting the content. Decryption will fail if the data doesn't match. |
| [in] | ciphertext | Data to decrypt. |
| [in] | tag | Authentication tag (also known as MAC). The algorithm uses tag from encryption algorithm to check if the data has been tampered. |
| [in] | plaintext | Decrypted data. This method appends data to plaintext. |
Implements alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface.
|
overridevirtualnoexcept |
Encrypts data block.
This method encrypts data block. The method locates the key, checks if the key type supports the algorithm, and performs encryption using provided initialization vector. As a result, the method provides key checksum (if supported), and encrypted content.
| [in] | keyAlias | Key alias. |
| [in] | type | Algorithm type to use. The method will fail, if type is AEAD algorithm like AES-GCM. |
| [in] | iv | Initialization vector. |
| [in] | plaintext | Data to encrypt. |
| [out] | checksum | Key checksum. The method appends data to checksum if this attribute is supported by implementation. |
| [out] | ciphertext | Encrypted data. The method appends data to ciphertext container. |
Implements alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface.
|
overridevirtualnoexcept |
Encrypts data block using authenticated encryption algorithm.
Method encrypts data block using authenticated encryption. The method locates the key, checks if the key type supports the algorithm, and performs encryption using provided initialization vector and additional authenticated data. As a result, the method provides key checksum (if supported), authentication tag (also known as Message Authentication Code/MAC), and encrypted content.
| [in] | keyAlias | Key alias. |
| [in] | type | Algorithm type to use. The method will fail, if type is not AEAD algorithm like AES-GCM. |
| [in] | iv | Initialization vector. |
| [in] | aad | Additional authenticated data. This data works as an input to encryption function to ensure that the resulting ciphertext can be decrypted only with the same AAD. |
| [in] | plaintext | Data to encrypt. |
| [out] | checksum | Key checksum. The method appends data to checksum if this attribute is supported by implementation. |
| [out] | ciphertext | Encrypted data. The method appends data to ciphertext container. |
| [out] | tag | Authentication tag (also known as MAC). Authentication tag must be provided to decryption function to prevent data tampering. The method appends data to tag container. |
Implements alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface.
|
overridevirtualnoexcept |
Returns default key alias.
Get default key alias. Any component can have component-specific configuration or use default configuration.
Default key alias is a platform configuration parameter, and may change over time. When the alias changes, implementation must use new alias to encrypt new data, and must use old alias to decrypt existing data as long as the old key exists.
| [out] | keyAlias | Reference to key alias. The method replaces contents of keyAlias. |
Implements alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface.
AlexaClientSDK 1.26.0 - Copyright 2016-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License, Version 2.0