grpc: google.golang.org/grpc/credentials/alts/internal/conn Index | Files

package conn

import "google.golang.org/grpc/credentials/alts/internal/conn"

Package conn contains an implementation of a secure channel created by gRPC handshakers.

Index

Package Files

aeadrekey.go aes128gcm.go aes128gcmrekey.go common.go counter.go record.go utils.go

Constants

const (
    // GcmTagSize is the GCM tag size is the difference in length between
    // plaintext and ciphertext. From crypto/cipher/gcm.go in Go crypto
    // library.
    GcmTagSize = 16
)
const (
    // MsgLenFieldSize is the byte size of the frame length field of a
    // framed message.
    MsgLenFieldSize = 4
)

Variables

var ErrAuth = errors.New("message authentication failed")

ErrAuth occurs on authentication failure.

func CounterSide Uses

func CounterSide(c []byte) core.Side

CounterSide returns the connection side (client/server) a sequence counter is associated with.

func NewConn Uses

func NewConn(c net.Conn, side core.Side, recordProtocol string, key []byte, protected []byte) (net.Conn, error)

NewConn creates a new secure channel instance given the other party role and handshaking result.

func ParseFramedMsg Uses

func ParseFramedMsg(b []byte, maxLen uint32) ([]byte, []byte, error)

ParseFramedMsg parse the provided buffer and returns a frame of the format msgLength+msg and any remaining bytes in that buffer.

func RegisterProtocol Uses

func RegisterProtocol(protocol string, f ALTSRecordFunc) error

RegisterProtocol register a ALTS record encryption protocol.

func SliceForAppend Uses

func SliceForAppend(in []byte, n int) (head, tail []byte)

SliceForAppend takes a slice and a requested number of bytes. It returns a slice with the contents of the given slice followed by that many bytes and a second slice that aliases into it and contains only the extra bytes. If the original slice has sufficient capacity then no allocation is performed.

type ALTSRecordCrypto Uses

type ALTSRecordCrypto interface {
    // Encrypt encrypts the plaintext and computes the tag (if any) of dst
    // and plaintext, dst and plaintext do not overlap.
    Encrypt(dst, plaintext []byte) ([]byte, error)
    // EncryptionOverhead returns the tag size (if any) in bytes.
    EncryptionOverhead() int
    // Decrypt decrypts ciphertext and verify the tag (if any). dst and
    // ciphertext may alias exactly or not at all. To reuse ciphertext's
    // storage for the decrypted output, use ciphertext[:0] as dst.
    Decrypt(dst, ciphertext []byte) ([]byte, error)
}

ALTSRecordCrypto is the interface for gRPC ALTS record protocol.

func NewAES128GCM Uses

func NewAES128GCM(side core.Side, key []byte) (ALTSRecordCrypto, error)

NewAES128GCM creates an instance that uses aes128gcm for ALTS record.

func NewAES128GCMRekey Uses

func NewAES128GCMRekey(side core.Side, key []byte) (ALTSRecordCrypto, error)

NewAES128GCMRekey creates an instance that uses aes128gcm with rekeying for ALTS record. The key argument should be 44 bytes, the first 32 bytes are used as a key for HKDF-expand and the remainining 12 bytes are used as a random mask for the counter.

type ALTSRecordFunc Uses

type ALTSRecordFunc func(s core.Side, keyData []byte) (ALTSRecordCrypto, error)

ALTSRecordFunc is a function type for factory functions that create ALTSRecordCrypto instances.

type Counter Uses

type Counter struct {
    // contains filtered or unexported fields
}

Counter is a 96-bit, little-endian counter.

func CounterFromValue Uses

func CounterFromValue(value []byte, overflowLen int) (c Counter)

CounterFromValue creates a new counter given an initial value.

func NewInCounter Uses

func NewInCounter(s core.Side, overflowLen int) (c Counter)

NewInCounter returns an incoming counter initialized to the starting sequence number for the client/server side of a connection. This is used in ALTS record to check that incoming counters are as expected, since ALTS record guarantees that messages are unwrapped in the same order that the peer wrapped them.

func NewOutCounter Uses

func NewOutCounter(s core.Side, overflowLen int) (c Counter)

NewOutCounter returns an outgoing counter initialized to the starting sequence number for the client/server side of a connection.

func (*Counter) Inc Uses

func (c *Counter) Inc()

Inc increments the counter and checks for overflow.

func (*Counter) Value Uses

func (c *Counter) Value() ([]byte, error)

Value returns the current value of the counter as a byte slice.

type KeySizeError Uses

type KeySizeError int

KeySizeError signals that the given key does not have the correct size.

func (KeySizeError) Error Uses

func (k KeySizeError) Error() string

Package conn imports 12 packages (graph) and is imported by 4 packages. Updated 2019-05-19. Refresh now. Tools for package owners.