MCPcopy
hub / github.com/grpc/grpc-go / Encrypt

Method Encrypt

credentials/alts/internal/conn/aes128gcm.go:68–87  ·  view source on GitHub ↗

Encrypt is the encryption function. dst can contain bytes at the beginning of the ciphertext that will not be encrypted but will be authenticated. If dst has enough capacity to hold these bytes, the ciphertext and the tag, no allocation and copy operations will be performed. dst and plaintext do not

(dst, plaintext []byte)

Source from the content-addressed store, hash-verified

66// allocation and copy operations will be performed. dst and plaintext do not
67// overlap.
68func (s *aes128gcm) Encrypt(dst, plaintext []byte) ([]byte, error) {
69 // If we need to allocate an output buffer, we want to include space for
70 // GCM tag to avoid forcing ALTS record to reallocate as well.
71 dlen := len(dst)
72 dst, out := SliceForAppend(dst, len(plaintext)+GcmTagSize)
73 seq, err := s.outCounter.Value()
74 if err != nil {
75 return nil, err
76 }
77 data := out[:len(plaintext)]
78 copy(data, plaintext) // data may alias plaintext
79
80 // Seal appends the ciphertext and the tag to its first argument and
81 // returns the updated slice. However, SliceForAppend above ensures that
82 // dst has enough capacity to avoid a reallocation and copy due to the
83 // append.
84 dst = s.aead.Seal(dst[:dlen], seq, data, nil)
85 s.outCounter.Inc()
86 return dst, nil
87}
88
89func (s *aes128gcm) EncryptionOverhead() int {
90 return GcmTagSize

Callers

nothing calls this directly

Calls 4

SliceForAppendFunction · 0.85
SealMethod · 0.80
IncMethod · 0.80
ValueMethod · 0.45

Tested by

no test coverage detected