net/quic/crypto/crypto_secret_boxer.h

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_QUIC_CRYPTO_CRYPTO_SECRET_BOXER_H_
   6 #define NET_QUIC_CRYPTO_CRYPTO_SECRET_BOXER_H_
   7
   8 #include <string>
   9
  10 #include "base/strings/string_piece.h"
  11 #include "net/base/net_export.h"
  12
  13 namespace net {
  14
  15 class QuicRandom;
  16
  17 // CryptoSecretBoxer encrypts small chunks of plaintext (called 'boxing') and
  18 // then, later, can authenticate+decrypt the resulting boxes. This object is
  19 // thread-safe.
  20 class NET_EXPORT_PRIVATE CryptoSecretBoxer {
  21  public:
  22   // GetKeySize returns the number of bytes in a key.
  23   static size_t GetKeySize();
  24
  25   // SetKey sets the key for this object. This must be done before |Box| or
  26   // |Unbox| are called. |key| must be |GetKeySize()| bytes long.
  27   void SetKey(base::StringPiece key);
  28
  29   // Box encrypts |plaintext| using a random nonce generated from |rand| and
  30   // returns the resulting ciphertext. Since an authenticator and nonce are
  31   // included, the result will be slightly larger than |plaintext|.
  32   std::string Box(QuicRandom* rand, base::StringPiece plaintext) const;
  33
  34   // Unbox takes the result of a previous call to |Box| in |ciphertext| and
  35   // authenticates+decrypts it. If |ciphertext| is not authentic then it
  36   // returns false. Otherwise, |out_storage| is used to store the result and
  37   // |out| is set to point into |out_storage| and contains the original
  38   // plaintext.
  39   bool Unbox(base::StringPiece ciphertext,
  40              std::string* out_storage,
  41              base::StringPiece* out) const;
  42
  43  private:
  44   std::string key_;
  45 };
  46
  47 }  // namespace net
  48
  49 #endif  // NET_QUIC_CRYPTO_CRYPTO_SECRET_BOXER_H_