nlansing/DedicatedServerCourse
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Lesson 35 - Get Compute Auth Token Working

Browse Source
This commit is contained in:
Norman Lansing
2026-02-28 12:32:28 -05:00
parent 1d477ee42a
commit 4fde462bce
7743 changed files with 1397833 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

259
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/cal/symmetric_cipher.h Normal file
View File

@@ -0,0 +1,259 @@
#ifndef AWS_CAL_SYMMETRIC_CIPHER_H
#define AWS_CAL_SYMMETRIC_CIPHER_H
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/cal/cal.h>
#include <aws/common/byte_buf.h>
AWS_PUSH_SANE_WARNING_LEVEL
#define AWS_AES_256_CIPHER_BLOCK_SIZE 16
#define AWS_AES_256_KEY_BIT_LEN 256
#define AWS_AES_256_KEY_BYTE_LEN (AWS_AES_256_KEY_BIT_LEN / 8)
struct aws_symmetric_cipher;
typedef struct aws_symmetric_cipher *(aws_aes_cbc_256_new_fn)(struct aws_allocator *allocator,
const struct aws_byte_cursor *key,
const struct aws_byte_cursor *iv);
typedef struct aws_symmetric_cipher *(aws_aes_ctr_256_new_fn)(struct aws_allocator *allocator,
const struct aws_byte_cursor *key,
const struct aws_byte_cursor *iv);
typedef struct aws_symmetric_cipher *(aws_aes_gcm_256_new_fn)(struct aws_allocator *allocator,
const struct aws_byte_cursor *key,
const struct aws_byte_cursor *iv,
const struct aws_byte_cursor *aad);
typedef struct aws_symmetric_cipher *(aws_aes_keywrap_256_new_fn)(struct aws_allocator *allocator,
const struct aws_byte_cursor *key);
enum aws_symmetric_cipher_state {
AWS_SYMMETRIC_CIPHER_READY,
AWS_SYMMETRIC_CIPHER_FINALIZED,
AWS_SYMMETRIC_CIPHER_ERROR,
};
AWS_EXTERN_C_BEGIN
/**
* Creates an instance of AES CBC with 256-bit key.
* If key and iv are NULL, they will be generated internally.
* You can get the generated key and iv back by calling:
*
* aws_symmetric_cipher_get_key() and
* aws_symmetric_cipher_get_initialization_vector()
*
* respectively.
*
* If they are set, that key and iv will be copied internally and used by the cipher.
*
* Returns NULL on failure. You can check aws_last_error() to get the error code indicating the failure cause.
*/
AWS_CAL_API struct aws_symmetric_cipher *aws_aes_cbc_256_new(
struct aws_allocator *allocator,
const struct aws_byte_cursor *key,
const struct aws_byte_cursor *iv);
/**
* Creates an instance of AES CTR with 256-bit key.
* If key and iv are NULL, they will be generated internally.
* You can get the generated key and iv back by calling:
*
* aws_symmetric_cipher_get_key() and
* aws_symmetric_cipher_get_initialization_vector()
*
* respectively.
*
* If they are set, that key and iv will be copied internally and used by the cipher.
*
* Returns NULL on failure. You can check aws_last_error() to get the error code indicating the failure cause.
*/
AWS_CAL_API struct aws_symmetric_cipher *aws_aes_ctr_256_new(
struct aws_allocator *allocator,
const struct aws_byte_cursor *key,
const struct aws_byte_cursor *iv);
/**
* Creates an instance of AES GCM with 256-bit key.
* If key, iv are NULL, they will be generated internally.
* You can get the generated key and iv back by calling:
*
* aws_symmetric_cipher_get_key() and
* aws_symmetric_cipher_get_initialization_vector()
*
* respectively.
*
* If aad is set it will be copied and applied to the cipher.
*
* If they are set, that key and iv will be copied internally and used by the cipher.
*
* For decryption purposes tag can be provided via aws_symmetric_cipher_set_tag method.
* Note: for decrypt operations, tag must be provided before first decrypt is called.
* (this is a windows bcrypt limitations, but for consistency sake same limitation is extended to other platforms)
* Tag generated during encryption can be retrieved using aws_symmetric_cipher_get_tag method
* after finalize is called.
*
* Returns NULL on failure. You can check aws_last_error() to get the error code indicating the failure cause.
*/
AWS_CAL_API struct aws_symmetric_cipher *aws_aes_gcm_256_new(
struct aws_allocator *allocator,
const struct aws_byte_cursor *key,
const struct aws_byte_cursor *iv,
const struct aws_byte_cursor *aad);
/**
* Creates an instance of AES Keywrap with 256-bit key.
* If key is NULL, it will be generated internally.
* You can get the generated key back by calling:
*
* aws_symmetric_cipher_get_key()
*
* If key is set, that key will be copied internally and used by the cipher.
*
* Returns NULL on failure. You can check aws_last_error() to get the error code indicating the failure cause.
*/
AWS_CAL_API struct aws_symmetric_cipher *aws_aes_keywrap_256_new(
struct aws_allocator *allocator,
const struct aws_byte_cursor *key);
/**
* Cleans up internal resources and state for cipher and then deallocates it.
*/
AWS_CAL_API void aws_symmetric_cipher_destroy(struct aws_symmetric_cipher *cipher);
/**
* Encrypts the value in to_encrypt and writes the encrypted data into out.
* If out is dynamic it will be expanded. If it is not, and out is not large enough to handle
* the encrypted output, the call will fail. If you're trying to optimize to use a stack based array
* or something, make sure it's at least as large as the size of to_encrypt + an extra BLOCK to account for
* padding etc...
*
* returns AWS_OP_SUCCESS on success. Call aws_last_error() to determine the failure cause if it returns
* AWS_OP_ERR;
*/
AWS_CAL_API int aws_symmetric_cipher_encrypt(
struct aws_symmetric_cipher *cipher,
struct aws_byte_cursor to_encrypt,
struct aws_byte_buf *out);
/**
* Decrypts the value in to_decrypt and writes the decrypted data into out.
* If out is dynamic it will be expanded. If it is not, and out is not large enough to handle
* the decrypted output, the call will fail. If you're trying to optimize to use a stack based array
* or something, make sure it's at least as large as the size of to_decrypt + an extra BLOCK to account for
* padding etc...
*
* returns AWS_OP_SUCCESS on success. Call aws_last_error() to determine the failure cause if it returns
* AWS_OP_ERR;
*/
AWS_CAL_API int aws_symmetric_cipher_decrypt(
struct aws_symmetric_cipher *cipher,
struct aws_byte_cursor to_decrypt,
struct aws_byte_buf *out);
/**
* Encrypts any remaining data that was reserved for final padding, loads GMACs etc... and if there is any
* writes any remaining encrypted data to out. If out is dynamic it will be expanded. If it is not, and
* out is not large enough to handle the decrypted output, the call will fail. If you're trying to optimize
* to use a stack based array or something, make sure it's at least as large as the size of 2 BLOCKs to account for
* padding etc...
*
* After invoking this function, you MUST call aws_symmetric_cipher_reset() before invoking any encrypt/decrypt
* operations on this cipher again.
*
* returns AWS_OP_SUCCESS on success. Call aws_last_error() to determine the failure cause if it returns
* AWS_OP_ERR;
*/
AWS_CAL_API int aws_symmetric_cipher_finalize_encryption(struct aws_symmetric_cipher *cipher, struct aws_byte_buf *out);
/**
* Decrypts any remaining data that was reserved for final padding, loads GMACs etc... and if there is any
* writes any remaining decrypted data to out. If out is dynamic it will be expanded. If it is not, and
* out is not large enough to handle the decrypted output, the call will fail. If you're trying to optimize
* to use a stack based array or something, make sure it's at least as large as the size of 2 BLOCKs to account for
* padding etc...
*
* After invoking this function, you MUST call aws_symmetric_cipher_reset() before invoking any encrypt/decrypt
* operations on this cipher again.
*
* returns AWS_OP_SUCCESS on success. Call aws_last_error() to determine the failure cause if it returns
* AWS_OP_ERR;
*/
AWS_CAL_API int aws_symmetric_cipher_finalize_decryption(struct aws_symmetric_cipher *cipher, struct aws_byte_buf *out);
/**
* Resets the cipher state for starting a new encrypt or decrypt operation. Note encrypt/decrypt cannot be mixed on the
* same cipher without a call to reset in between them. However, this leaves the key, iv etc... materials setup for
* immediate reuse.
* Note: GCM tag is not preserved between operations. If you intend to do encrypt followed directly by decrypt, make
* sure to make a copy of tag before reseting the cipher and pass that copy for decryption.
*
* Warning: In most cases it's a really bad idea to reset a cipher and perform another operation using that cipher.
* Key and IV should not be reused for different operations. Instead of reseting the cipher, destroy the cipher
* and create new one with a new key/iv pair. Use reset at your own risk, and only after careful consideration.
*
* returns AWS_OP_SUCCESS on success. Call aws_last_error() to determine the failure cause if it returns
* AWS_OP_ERR;
*/
AWS_CAL_API int aws_symmetric_cipher_reset(struct aws_symmetric_cipher *cipher);
/**
* Gets the current GMAC tag. If not AES GCM, this function will just return an empty cursor.
* The memory in this cursor is unsafe as it refers to the internal buffer.
* This was done because the use case doesn't require fetching these during an
* encryption or decryption operation and it dramatically simplifies the API.
* Only use this function between other calls to this API as any function call can alter the value of this tag.
*
* If you need to access it in a different pattern, copy the values to your own buffer first.
*/
AWS_CAL_API struct aws_byte_cursor aws_symmetric_cipher_get_tag(const struct aws_symmetric_cipher *cipher);
/**
* Sets the GMAC tag on the cipher. Does nothing for ciphers that do not support tag.
*/
AWS_CAL_API void aws_symmetric_cipher_set_tag(struct aws_symmetric_cipher *cipher, struct aws_byte_cursor tag);
/**
* Gets the original initialization vector as a cursor.
* The memory in this cursor is unsafe as it refers to the internal buffer.
* This was done because the use case doesn't require fetching these during an
* encryption or decryption operation and it dramatically simplifies the API.
*
* Unlike some other fields, this value does not change after the inital construction of the cipher.
*
* For some algorithms, such as AES Keywrap, this will return an empty cursor.
*/
AWS_CAL_API struct aws_byte_cursor aws_symmetric_cipher_get_initialization_vector(
const struct aws_symmetric_cipher *cipher);
/**
* Gets the original key.
*
* The memory in this cursor is unsafe as it refers to the internal buffer.
* This was done because the use case doesn't require fetching these during an
* encryption or decryption operation and it dramatically simplifies the API.
*
* Unlike some other fields, this value does not change after the inital construction of the cipher.
*/
AWS_CAL_API struct aws_byte_cursor aws_symmetric_cipher_get_key(const struct aws_symmetric_cipher *cipher);
/**
* Returns true if the state of the cipher is good, and otherwise returns false.
* Most operations, other than aws_symmetric_cipher_reset() will fail if this function is returning false.
* aws_symmetric_cipher_reset() will reset the state to a good state if possible.
*/
AWS_CAL_API bool aws_symmetric_cipher_is_good(const struct aws_symmetric_cipher *cipher);
/**
* Retuns the current state of the cipher. Ther state of the cipher can be ready for use, finalized, or has encountered
* an error. if the cipher is in a finished or error state, it must be reset before further use.
*/
AWS_CAL_API enum aws_symmetric_cipher_state aws_symmetric_cipher_get_state(const struct aws_symmetric_cipher *cipher);
AWS_EXTERN_C_END
AWS_POP_SANE_WARNING_LEVEL
#endif /* AWS_CAL_SYMMETRIC_CIPHER_H */