1 /* 2 * Copyright 2018 The gRPC Authors 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package io.grpc.alts.internal; 18 19 import java.nio.ByteBuffer; 20 import java.security.GeneralSecurityException; 21 22 /** 23 * {@code AeadCrypter} performs authenticated encryption and decryption for a fixed key given unique 24 * nonces. Authenticated additional data is supported. 25 */ 26 interface AeadCrypter { 27 /** 28 * Encrypt plaintext into ciphertext buffer using the given nonce. 29 * 30 * @param ciphertext the encrypted plaintext and the tag will be written into this buffer. 31 * @param plaintext the input that should be encrypted. 32 * @param nonce the unique nonce used for the encryption. 33 * @throws GeneralSecurityException if ciphertext buffer is short or the nonce does not have the 34 * expected size. 35 */ encrypt(ByteBuffer ciphertext, ByteBuffer plaintext, byte[] nonce)36 void encrypt(ByteBuffer ciphertext, ByteBuffer plaintext, byte[] nonce) 37 throws GeneralSecurityException; 38 39 /** 40 * Encrypt plaintext into ciphertext buffer using the given nonce with authenticated data. 41 * 42 * @param ciphertext the encrypted plaintext and the tag will be written into this buffer. 43 * @param plaintext the input that should be encrypted. 44 * @param aad additional data that should be authenticated, but not encrypted. 45 * @param nonce the unique nonce used for the encryption. 46 * @throws GeneralSecurityException if ciphertext buffer is short or the nonce does not have the 47 * expected size. 48 */ encrypt(ByteBuffer ciphertext, ByteBuffer plaintext, ByteBuffer aad, byte[] nonce)49 void encrypt(ByteBuffer ciphertext, ByteBuffer plaintext, ByteBuffer aad, byte[] nonce) 50 throws GeneralSecurityException; 51 52 /** 53 * Decrypt ciphertext into plaintext buffer using the given nonce. 54 * 55 * @param plaintext the decrypted plaintext will be written into this buffer. 56 * @param ciphertext the ciphertext and tag that should be decrypted. 57 * @param nonce the nonce that was used for the encryption. 58 * @throws GeneralSecurityException if the tag is invalid or any of the inputs do not have the 59 * expected size. 60 */ decrypt(ByteBuffer plaintext, ByteBuffer ciphertext, byte[] nonce)61 void decrypt(ByteBuffer plaintext, ByteBuffer ciphertext, byte[] nonce) 62 throws GeneralSecurityException; 63 64 /** 65 * Decrypt ciphertext into plaintext buffer using the given nonce. 66 * 67 * @param plaintext the decrypted plaintext will be written into this buffer. 68 * @param ciphertext the ciphertext and tag that should be decrypted. 69 * @param aad additional data that is checked for authenticity. 70 * @param nonce the nonce that was used for the encryption. 71 * @throws GeneralSecurityException if the tag is invalid or any of the inputs do not have the 72 * expected size. 73 */ decrypt(ByteBuffer plaintext, ByteBuffer ciphertext, ByteBuffer aad, byte[] nonce)74 void decrypt(ByteBuffer plaintext, ByteBuffer ciphertext, ByteBuffer aad, byte[] nonce) 75 throws GeneralSecurityException; 76 } 77