Skip to content

File SolidSyslogMbedTlsAesGcmPolicy.h

FileList > Interface > SolidSyslogMbedTlsAesGcmPolicy.h

Go to the source code of this file

AES-256-GCM confidentiality-and-integrity SecurityPolicy via Mbed TLS, for a store that must encrypt records at rest. More...

  • #include "ExternC.h"
  • #include "SolidSyslogKeyFunction.h"

Classes

Type Name
struct SolidSyslogMbedTlsAesGcmPolicyConfig

Public Functions

Type Name
struct SolidSyslogSecurityPolicy * SolidSyslogMbedTlsAesGcmPolicy_Create (const struct SolidSyslogMbedTlsAesGcmPolicyConfig * config)
Draw an AES-GCM policy from the pool.
void SolidSyslogMbedTlsAesGcmPolicy_Destroy (struct SolidSyslogSecurityPolicy * base)
Release the pool slot; the policy owns no resources beyond the slot (the key is fetched per-call, the CTR-DRBG is caller-owned).

Detailed Description

What the policy does through its vtable is the substance:

  • Seal encrypts a record in place: draws a fresh 12-byte nonce from the caller's CTR-DRBG, encrypts the body (Content past HeaderLength), authenticates the header as associated data, and writes nonce‖tag into the record trailer. It is keyed and fails closed — if the key is unavailable or not exactly 32 bytes, Seal returns false and nothing is stored.
  • Open reverses it: decrypts the body and verifies the tag over the header and ciphertext. A tag mismatch (tamper, or wrong key) is the expected rejection and returns false silently; only a genuine mbedTLS fault is reported.

The key is fetched on demand via GetKey and wiped after every operation — it is never stored on the instance.

Public Functions Documentation

function SolidSyslogMbedTlsAesGcmPolicy_Create

Draw an AES-GCM policy from the pool.

struct SolidSyslogSecurityPolicy * SolidSyslogMbedTlsAesGcmPolicy_Create (
    const struct SolidSyslogMbedTlsAesGcmPolicyConfig * config
) 

Bad config (NULL GetKey or NULL Rng) or an exhausted pool falls back to the shared NullSecurityPolicy.


function SolidSyslogMbedTlsAesGcmPolicy_Destroy

Release the pool slot; the policy owns no resources beyond the slot (the key is fetched per-call, the CTR-DRBG is caller-owned).

void SolidSyslogMbedTlsAesGcmPolicy_Destroy (
    struct SolidSyslogSecurityPolicy * base
) 



The documentation for this class was generated from the following file Platform/MbedTls/Interface/SolidSyslogMbedTlsAesGcmPolicy.h