Data Structures | |
| struct | aws_cryptosdk_edk |
| struct | aws_cryptosdk_cmm |
| struct | aws_cryptosdk_keyring |
| struct | aws_cryptosdk_enc_request |
| struct | aws_cryptosdk_enc_materials |
| struct | aws_cryptosdk_dec_request |
| struct | aws_cryptosdk_dec_materials |
| struct | aws_cryptosdk_cmm_vt |
| struct | aws_cryptosdk_keyring_vt |
Enumerations | |
| enum | aws_cryptosdk_commitment_policy { COMMITMENT_POLICY_REQUIRE_ENCRYPT_REQUIRE_DECRYPT = 0x598f396c , COMMITMENT_POLICY_REQUIRE_ENCRYPT_ALLOW_DECRYPT = 0x493769b7 , COMMITMENT_POLICY_FORBID_ENCRYPT_ALLOW_DECRYPT = 0x2735f98a } |
Detailed Description
This section contains low-level APIs of interest to developers of custom keyrings or CMMs.
Enumeration Type Documentation
◆ aws_cryptosdk_commitment_policy
Governs how a aws_cryptosdk_session behaves during configuration, encryption, and decryption, with respect to key commitment.
Definition at line 105 of file materials.h.
Function Documentation
◆ aws_atomic_var_is_valid_int()
| bool aws_atomic_var_is_valid_int | ( | const struct aws_atomic_var * | var | ) |
Putting this here for now, until we get it merged into the atomics.h in c-common
Definition at line 403 of file materials.h.
◆ aws_atomic_var_is_valid_ptr()
| bool aws_atomic_var_is_valid_ptr | ( | const struct aws_atomic_var * | var | ) |
Putting this here for now, until we get it merged into the atomics.h in c-common
Definition at line 410 of file materials.h.
◆ aws_cryptosdk_cmm_base_init()
| void aws_cryptosdk_cmm_base_init | ( | struct aws_cryptosdk_cmm * | cmm, |
| const struct aws_cryptosdk_cmm_vt * | vtable ) |
Initialize the base structure for a CMM. The implementation of a CMM needs to call this function to set up the vtable and reference count. On return, the reference count is initialized to 1.
Definition at line 436 of file materials.h.
◆ aws_cryptosdk_cmm_base_is_valid()
| bool aws_cryptosdk_cmm_base_is_valid | ( | const struct aws_cryptosdk_cmm * | cmm | ) |
Constant time check of data-structure invariants for struct aws_cryptosdk_cmm. Since implementations of the cmm may add additional fields, they may define their own, specialized is_valid functions that use this as a base.
Definition at line 426 of file materials.h.
◆ aws_cryptosdk_cmm_decrypt_materials()
| int aws_cryptosdk_cmm_decrypt_materials | ( | struct aws_cryptosdk_cmm * | cmm, |
| struct aws_cryptosdk_dec_materials ** | output, | ||
| struct aws_cryptosdk_dec_request * | request ) |
Receives decryption request from user and attempts to get decryption materials.
On success returns AWS_OP_SUCCESS and allocates decryption materials object at address pointed to by output.
On failure returns AWS_OP_ERR, sets address pointed to by output to NULL, and sets internal AWS error code.
Definition at line 501 of file materials.h.
◆ aws_cryptosdk_cmm_generate_enc_materials()
| int aws_cryptosdk_cmm_generate_enc_materials | ( | struct aws_cryptosdk_cmm * | cmm, |
| struct aws_cryptosdk_enc_materials ** | output, | ||
| struct aws_cryptosdk_enc_request * | request ) |
Receives encryption request from user and attempts to generate encryption materials, including an encrypted data key and a list of EDKs for doing encryption.
On success returns AWS_OP_SUCCESS and allocates encryption materials object at address pointed to by output.
On failure returns AWS_OP_ERR, sets address pointed to by output to NULL, and sets internal AWS error code.
Definition at line 478 of file materials.h.
◆ aws_cryptosdk_cmm_vtable_is_valid()
| bool aws_cryptosdk_cmm_vtable_is_valid | ( | const struct aws_cryptosdk_cmm_vt * | vtable | ) |
Constant time check of data-structure invariants for struct aws_cryptosdk_cmm_vt
Definition at line 417 of file materials.h.
◆ aws_cryptosdk_commitment_policy_encrypt_must_include_commitment()
| bool aws_cryptosdk_commitment_policy_encrypt_must_include_commitment | ( | enum aws_cryptosdk_commitment_policy | commitment_policy | ) |
Returns true if encryption must include key commitment under the given key commitment policy, or false otherwise.
Definition at line 725 of file materials.h.
◆ aws_cryptosdk_commitment_policy_is_valid()
| bool aws_cryptosdk_commitment_policy_is_valid | ( | uint32_t | commitment_policy | ) |
Returns true if the given uint32_t is a valid aws_cryptosdk_commitment_policy, or false otherwise.
Definition at line 712 of file materials.h.
◆ aws_cryptosdk_dec_materials_destroy()
| void aws_cryptosdk_dec_materials_destroy | ( | struct aws_cryptosdk_dec_materials * | dec_mat | ) |
Deallocates all memory associated with the decryption materials object including the object itself and the unencrypted data key it is holding, if an EDK has been decrypted successfully.
◆ aws_cryptosdk_dec_materials_is_valid()
| bool aws_cryptosdk_dec_materials_is_valid | ( | const struct aws_cryptosdk_dec_materials * | materials | ) |
Definition at line 227 of file materials.h.
◆ aws_cryptosdk_dec_materials_new()
| struct aws_cryptosdk_dec_materials * aws_cryptosdk_dec_materials_new | ( | struct aws_allocator * | alloc, |
| enum aws_cryptosdk_alg_id | alg ) |
Allocates a new decryption materials object. Note that no memory will be allocated to the byte buffer for the unencrypted data key. That will only be allocated when an EDK is decrypted.
On failure, returns NULL and an internal AWS error code is set.
◆ aws_cryptosdk_dec_request_is_valid()
| bool aws_cryptosdk_dec_request_is_valid | ( | const struct aws_cryptosdk_dec_request * | request | ) |
Definition at line 195 of file materials.h.
◆ aws_cryptosdk_edk_clean_up()
| void aws_cryptosdk_edk_clean_up | ( | struct aws_cryptosdk_edk * | edk | ) |
Deallocates all memory associated with an EDK. Setting all bytes of an EDK to zero when you declare it will make this safe to call even if some buffers are unused.
◆ aws_cryptosdk_edk_eq()
| bool aws_cryptosdk_edk_eq | ( | const struct aws_cryptosdk_edk * | a, |
| const struct aws_cryptosdk_edk * | b ) |
◆ aws_cryptosdk_edk_init_clone()
| int aws_cryptosdk_edk_init_clone | ( | struct aws_allocator * | alloc, |
| struct aws_cryptosdk_edk * | dest, | ||
| const struct aws_cryptosdk_edk * | src ) |
Copies the EDK data in src to dest.
◆ aws_cryptosdk_edk_is_valid()
| bool aws_cryptosdk_edk_is_valid | ( | const struct aws_cryptosdk_edk *const | edk | ) |
Evaluates the set of properties that define the shape of all valid aws_cryptosdk_edk structures. It is also a cheap check, in the sense it run in constant time (i.e., no loops or recursion).
◆ aws_cryptosdk_edk_list_clean_up()
| void aws_cryptosdk_edk_list_clean_up | ( | struct aws_array_list * | edk_list | ) |
Deallocates all memory associated with all EDKs in the list and then deallocates the list.
◆ aws_cryptosdk_edk_list_clear()
| void aws_cryptosdk_edk_list_clear | ( | struct aws_array_list * | edk_list | ) |
Deallocates all memory associated with all EDKs in the list and then clears the list. The array list itself remains allocated but empty.
◆ aws_cryptosdk_edk_list_elements_are_valid()
| bool aws_cryptosdk_edk_list_elements_are_valid | ( | const struct aws_array_list * | edk_list | ) |
Evaluates the set of properties that define the shape of a valid edk_list. Takes time O(list->length) as it loops through all elements of the list;
◆ aws_cryptosdk_edk_list_init()
| int aws_cryptosdk_edk_list_init | ( | struct aws_allocator * | alloc, |
| struct aws_array_list * | edk_list ) |
Allocates an empty list of EDKs.
◆ aws_cryptosdk_edk_list_is_valid()
| bool aws_cryptosdk_edk_list_is_valid | ( | const struct aws_array_list * | edk_list | ) |
Evaluates the set of properties that define the shape of a valid edk_list. if (AWS_DEEP_CHECKS == 1), loops through all elements of the list; otherwise, it completes in constant time.
◆ aws_cryptosdk_empty_edk_list_is_valid()
| bool aws_cryptosdk_empty_edk_list_is_valid | ( | const struct aws_array_list * | edk_list | ) |
Evaluates the set of properties that define the shape of a valid empty edk_list.
◆ aws_cryptosdk_enc_materials_destroy()
| void aws_cryptosdk_enc_materials_destroy | ( | struct aws_cryptosdk_enc_materials * | enc_mat | ) |
Deallocates all memory associated with the encryption materials object including the object itself. All keys in the materials will have their associated memory also deallocated, but make sure that they have been initialized properly per the comments on aws_cryptosdk_keyring_generate_data_key.
◆ aws_cryptosdk_enc_materials_is_valid()
| bool aws_cryptosdk_enc_materials_is_valid | ( | const struct aws_cryptosdk_enc_materials * | materials | ) |
Definition at line 213 of file materials.h.
◆ aws_cryptosdk_enc_materials_new()
| struct aws_cryptosdk_enc_materials * aws_cryptosdk_enc_materials_new | ( | struct aws_allocator * | alloc, |
| enum aws_cryptosdk_alg_id | alg ) |
Allocates a new encryption materials object, including allocating memory to the list of EDKs. The list of EDKs will be empty and no memory will be allocated to any byte buffers in that list, nor will memory be allocated to the unencrypted data key buffer.
On failure, returns NULL and an error code will be set.
◆ aws_cryptosdk_enc_request_is_valid()
| bool aws_cryptosdk_enc_request_is_valid | ( | const struct aws_cryptosdk_enc_request * | request | ) |
Definition at line 166 of file materials.h.
◆ aws_cryptosdk_keyring_base_init()
| void aws_cryptosdk_keyring_base_init | ( | struct aws_cryptosdk_keyring * | keyring, |
| const struct aws_cryptosdk_keyring_vt * | vtable ) |
Initialize the base structure for a keyring. The implementation of a keyring needs to call this function to set up the vtable and reference count. On return, the reference count is initialized to 1.
Definition at line 589 of file materials.h.
◆ aws_cryptosdk_keyring_is_valid()
| bool aws_cryptosdk_keyring_is_valid | ( | const struct aws_cryptosdk_keyring * | keyring | ) |
Constant time check of data-structure invariants for struct aws_cryptosdk_keyring.
Definition at line 579 of file materials.h.
◆ aws_cryptosdk_keyring_on_decrypt()
| int aws_cryptosdk_keyring_on_decrypt | ( | struct aws_cryptosdk_keyring * | keyring, |
| struct aws_allocator * | request_alloc, | ||
| struct aws_byte_buf * | unencrypted_data_key, | ||
| struct aws_array_list * | keyring_trace, | ||
| const struct aws_array_list * | edks, | ||
| const struct aws_hash_table * | enc_ctx, | ||
| enum aws_cryptosdk_alg_id | alg ) |
The KR attempts to find one of the EDKs to decrypt.
On success AWS_OP_SUCCESS will be returned. This does not necessarily mean that the data key will be decrypted, as it is normal behavior that a particular KR may not find an EDK that it can decrypt. To determine whether the data key was decrypted, check unencrypted_data_key.buffer. If the data key was not decrypted, that pointer will be set to NULL. If the data key was decrypted, that pointer will point to the bytes of the key.
On internal failure, AWS_OP_ERR will be returned and an error code will be set.
◆ aws_cryptosdk_keyring_on_encrypt()
| int aws_cryptosdk_keyring_on_encrypt | ( | struct aws_cryptosdk_keyring * | keyring, |
| struct aws_allocator * | request_alloc, | ||
| struct aws_byte_buf * | unencrypted_data_key, | ||
| struct aws_array_list * | keyring_trace, | ||
| struct aws_array_list * | edks, | ||
| const struct aws_hash_table * | enc_ctx, | ||
| enum aws_cryptosdk_alg_id | alg ) |
If byte buffer for unencrypted_data_key is already allocated, this makes zero or more encrypted data keys which decrypt to that data key and pushes them onto the EDK list.
If byte buffer for unencrypted_data_key is not already allocated, this may make a new data key, allocating the buffer and putting the data key into that buffer. It also makes zero or more encrypted data keys which decrypt to that data key and pushes them onto the EDK list.
On success (1) AWS_OP_SUCCESS is returned, (2) if the unencrypted_data_key buffer was previously allocated, it will be unchanged, (3) if the unencrypted_data_key buffer was not previously allocated, it may now be allocated, (4) zero or more EDKS will be appended to the list of EDKS.
On failure AWS_OP_ERR is returned, an internal AWS error code is set.
◆ aws_cryptosdk_keyring_vt_is_valid()
| bool aws_cryptosdk_keyring_vt_is_valid | ( | const struct aws_cryptosdk_keyring_vt * | vtable | ) |
Constant time check of data-structure invariants for struct aws_cryptosdk_keyring_vt.
Definition at line 570 of file materials.h.
Generated by
1.13.2