 |
Signet Forge 0.1.0
C++20 Parquet library with AI-native extensions
|
DEMO |
|
Signet Forge 0.1.0
C++20 Parquet library with AI-native extensions
|
DEMO |
AES-256-GCM adapter – wraps the low-level AesGcm class behind ICipher. More...
#include <cipher_interface.hpp>
Public Types | |
| using | RotationCallback = std::function< void(uint64_t invocation_count)> |
| Callback type for key rotation notification. | |
Public Member Functions | |
| AesGcmCipher (const std::vector< uint8_t > &key) | |
| Construct from a key vector (must be 32 bytes for AES-256). | |
| AesGcmCipher (const uint8_t *key, size_t key_len) | |
| Construct from a raw key pointer and length. | |
| void | set_rotation_callback (RotationCallback cb, uint64_t threshold=DEFAULT_ROTATION_THRESHOLD) |
| Register a callback invoked when the key approaches its invocation limit. | |
| uint64_t | invocation_count () const noexcept |
| Get the current number of encrypt() invocations on this key. | |
| expected< std::vector< uint8_t > > | encrypt (const uint8_t *data, size_t size, const std::string &aad="") const override |
| Encrypt data. | |
| expected< std::vector< uint8_t > > | decrypt (const uint8_t *data, size_t size, const std::string &aad="") const override |
| Decrypt data produced by encrypt(). | |
| ~AesGcmCipher () override | |
| Destructor: securely zeroes key material (CWE-244: heap inspection). | |
| bool | is_authenticated () const noexcept override |
| Whether this cipher provides authentication (GCM=true, CTR=false). | |
| size_t | key_size () const noexcept override |
| Key size in bytes (32 for AES-256). | |
| std::string_view | algorithm_name () const noexcept override |
| Human-readable algorithm name. | |
 Public Member Functions inherited from signet::forge::crypto::ICipher | |
| virtual | ~ICipher ()=default |
| ICipher ()=default | |
| ICipher (const ICipher &)=delete | |
| ICipher & | operator= (const ICipher &)=delete |
| ICipher (ICipher &&)=default | |
| ICipher & | operator= (ICipher &&)=default |
Static Public Attributes | |
| static constexpr uint64_t | MAX_INVOCATIONS = UINT64_C(0xFFFFFFFF) |
| NIST SP 800-38D §8.2: With random 96-bit IVs, the probability of IV collision exceeds 2^-32 after 2^32 invocations (birthday bound). | |
| static constexpr uint64_t | DEFAULT_ROTATION_THRESHOLD |
| Default warning threshold: trigger rotation callback at 75% of max. | |
AES-256-GCM adapter – wraps the low-level AesGcm class behind ICipher.
Provides authenticated encryption with AAD support. Generates a random 12-byte IV per encrypt() call and prepends it to the output.
Gap C-3 (NIST SP 800-38D §8.2): Tracks invocation count per key and enforces the 2^32 limit on GCM invocations with a single key (with random 96-bit IVs, birthday bound for IV collision is ~2^32). Callers can register a key rotation callback to be notified when approaching the limit.
Definition at line 387 of file cipher_interface.hpp.
| using signet::forge::crypto::AesGcmCipher::RotationCallback = std::function<void(uint64_t invocation_count)> |
Callback type for key rotation notification.
Called when invocation count reaches the rotation threshold. The parameter is the current invocation count.
Definition at line 401 of file cipher_interface.hpp.
|
inlineexplicit |
Construct from a key vector (must be 32 bytes for AES-256).
Definition at line 404 of file cipher_interface.hpp.
|
inlineexplicit |
Construct from a raw key pointer and length.
Definition at line 411 of file cipher_interface.hpp.
|
inlineoverride |
Destructor: securely zeroes key material (CWE-244: heap inspection).
Uses volatile write + compiler barrier to prevent dead-store elimination.
Definition at line 493 of file cipher_interface.hpp.
|
inlineoverridevirtualnoexcept |
Human-readable algorithm name.
Implements signet::forge::crypto::ICipher.
Definition at line 503 of file cipher_interface.hpp.
|
inlineoverridevirtual |
Decrypt data produced by encrypt().
Implements signet::forge::crypto::ICipher.
Definition at line 469 of file cipher_interface.hpp.
|
inlineoverridevirtual |
Encrypt data.
For authenticated ciphers, aad is bound into the tag. For unauthenticated ciphers, aad is ignored. Returns: [iv_size(1)] [iv] [ciphertext] [tag if authenticated]
Implements signet::forge::crypto::ICipher.
Definition at line 433 of file cipher_interface.hpp.
|
inlinenoexcept |
Get the current number of encrypt() invocations on this key.
Definition at line 429 of file cipher_interface.hpp.
|
inlineoverridevirtualnoexcept |
Whether this cipher provides authentication (GCM=true, CTR=false).
Implements signet::forge::crypto::ICipher.
Definition at line 501 of file cipher_interface.hpp.
|
inlineoverridevirtualnoexcept |
Key size in bytes (32 for AES-256).
Implements signet::forge::crypto::ICipher.
Definition at line 502 of file cipher_interface.hpp.
|
inline |
Register a callback invoked when the key approaches its invocation limit.
NIST SP 800-38D §8.2 requires key rotation before 2^32 random-IV GCM invocations to maintain the collision bound.
| cb | Callback receiving the current invocation count. |
| threshold | Invocation count at which to trigger (default: 75% of 2^32). |
Definition at line 422 of file cipher_interface.hpp.
|
staticconstexpr |
Default warning threshold: trigger rotation callback at 75% of max.
Definition at line 395 of file cipher_interface.hpp.
|
staticconstexpr |
NIST SP 800-38D §8.2: With random 96-bit IVs, the probability of IV collision exceeds 2^-32 after 2^32 invocations (birthday bound).
Key must be rotated before reaching this limit.
Definition at line 392 of file cipher_interface.hpp.
1.9.8