Skip to content

File SolidSyslogOpenSslAesGcmPolicy.h

FileList > Interface > SolidSyslogOpenSslAesGcmPolicy.h

Go to the source code of this file

A keyed AES-256-GCM security policy (OpenSSL reference integration) that encrypts and authenticates each stored record — confidentiality plus tamper-detection for store-and-forward. More...

  • #include "ExternC.h"
  • #include "SolidSyslogKeyFunction.h"

Classes

Type Name
struct SolidSyslogOpenSslAesGcmPolicyConfig
Supplies the key SolidSyslogOpenSslAesGcmPolicy seals and opens with.

Public Functions

Type Name
struct SolidSyslogSecurityPolicy * SolidSyslogOpenSslAesGcmPolicy_Create (const struct SolidSyslogOpenSslAesGcmPolicyConfig * config)
Draw a policy from the pool.
void SolidSyslogOpenSslAesGcmPolicy_Destroy (struct SolidSyslogSecurityPolicy * base)
Release the pool slot.

Detailed Description

What the policy does through its vtable is the substance:

  • SealRecord encrypts the body in place and authenticates the header as associated data (the header stays in clear), writing a fresh random nonce and the GCM tag into the record trailer (nonce ‖ tag, 28 bytes). The key is fetched on demand via GetKey and wiped before returning. It fails closed — returns false so nothing is stored — if the key is unavailable or not exactly 32 bytes (AES-256 admits no other length), if nonce generation fails, or on any encrypt error.
  • OpenRecord decrypts the body and verifies the tag over header + ciphertext. A tag mismatch is the expected tamper-detected outcome and returns false silently; only a genuine OpenSSL error is reported. The key is likewise fetched on demand and wiped.

Public Functions Documentation

function SolidSyslogOpenSslAesGcmPolicy_Create

Draw a policy from the pool.

struct SolidSyslogSecurityPolicy * SolidSyslogOpenSslAesGcmPolicy_Create (
    const struct SolidSyslogOpenSslAesGcmPolicyConfig * config
) 

A NULL config or NULL GetKey (bad config), or an exhausted pool (default size 1), falls back to the shared NullSecurityPolicy.


function SolidSyslogOpenSslAesGcmPolicy_Destroy

Release the pool slot.

void SolidSyslogOpenSslAesGcmPolicy_Destroy (
    struct SolidSyslogSecurityPolicy * base
) 

The policy owns no resources — the key is never stored on the instance — so this only frees the slot.



The documentation for this class was generated from the following file Platform/OpenSsl/Interface/SolidSyslogOpenSslAesGcmPolicy.h