File SolidSyslogMbedTlsAesGcmPolicy.h¶
FileList > Interface > SolidSyslogMbedTlsAesGcmPolicy.h
Go to the source code of this file
AES-256-GCM confidentiality-and-integrity SecurityPolicy via Mbed TLS, for a store that must encrypt records at rest. More...
#include "ExternC.h"#include "SolidSyslogKeyFunction.h"
Classes¶
| Type | Name |
|---|---|
| struct | SolidSyslogMbedTlsAesGcmPolicyConfig |
Public Functions¶
| Type | Name |
|---|---|
| struct SolidSyslogSecurityPolicy * | SolidSyslogMbedTlsAesGcmPolicy_Create (const struct SolidSyslogMbedTlsAesGcmPolicyConfig * config) Draw an AES-GCM policy from the pool. |
| void | SolidSyslogMbedTlsAesGcmPolicy_Destroy (struct SolidSyslogSecurityPolicy * base) Release the pool slot; the policy owns no resources beyond the slot (the key is fetched per-call, the CTR-DRBG is caller-owned). |
Detailed Description¶
What the policy does through its vtable is the substance:
- Seal encrypts a record in place: draws a fresh 12-byte nonce from the caller's CTR-DRBG, encrypts the body (Content past HeaderLength), authenticates the header as associated data, and writes nonce‖tag into the record trailer. It is keyed and fails closed — if the key is unavailable or not exactly 32 bytes, Seal returns false and nothing is stored.
- Open reverses it: decrypts the body and verifies the tag over the header and ciphertext. A tag mismatch (tamper, or wrong key) is the expected rejection and returns false silently; only a genuine mbedTLS fault is reported.
The key is fetched on demand via GetKey and wiped after every operation — it is never stored on the instance.
Public Functions Documentation¶
function SolidSyslogMbedTlsAesGcmPolicy_Create¶
Draw an AES-GCM policy from the pool.
struct SolidSyslogSecurityPolicy * SolidSyslogMbedTlsAesGcmPolicy_Create (
const struct SolidSyslogMbedTlsAesGcmPolicyConfig * config
)
Bad config (NULL GetKey or NULL Rng) or an exhausted pool falls back to the shared NullSecurityPolicy.
function SolidSyslogMbedTlsAesGcmPolicy_Destroy¶
Release the pool slot; the policy owns no resources beyond the slot (the key is fetched per-call, the CTR-DRBG is caller-owned).
The documentation for this class was generated from the following file Platform/MbedTls/Interface/SolidSyslogMbedTlsAesGcmPolicy.h