net/quic/crypto/quic_decrypter.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_QUIC_CRYPTO_QUIC_DECRYPTER_H_
   6 #define NET_QUIC_CRYPTO_QUIC_DECRYPTER_H_
   7
   8 #include "net/base/net_export.h"
   9 #include "net/quic/quic_protocol.h"
  10
  11 namespace net {
  12
  13 class NET_EXPORT_PRIVATE QuicDecrypter {
  14  public:
  15   virtual ~QuicDecrypter() {}
  16
  17   static QuicDecrypter* Create(QuicTag algorithm);
  18
  19   // Sets the encryption key. Returns true on success, false on failure.
  20   //
  21   // NOTE: The key is the client_write_key or server_write_key derived from
  22   // the master secret.
  23   virtual bool SetKey(base::StringPiece key) = 0;
  24
  25   // Sets the fixed initial bytes of the nonce. Returns true on success,
  26   // false on failure.
  27   //
  28   // NOTE: The nonce prefix is the client_write_iv or server_write_iv
  29   // derived from the master secret. A 64-bit packet number will
  30   // be appended to form the nonce.
  31   //
  32   //                          <------------ 64 bits ----------->
  33   //   +---------------------+----------------------------------+
  34   //   |    Fixed prefix     |      packet number      |
  35   //   +---------------------+----------------------------------+
  36   //                          Nonce format
  37   //
  38   // The security of the nonce format requires that QUIC never reuse a
  39   // packet number, even when retransmitting a lost packet.
  40   virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) = 0;
  41
  42   // Populates |output| with the decrypted |ciphertext| and populates
  43   // |output_length| with the length.  Returns 0 if there is an error.
  44   // |output| size is specified by |max_output_length| and must be
  45   // at least as large as the ciphertext.  |packet_number| is
  46   // appended to the |nonce_prefix| value provided in SetNoncePrefix()
  47   // to form the nonce.
  48   // TODO(wtc): add a way for DecryptPacket to report decryption failure due
  49   // to non-authentic inputs, as opposed to other reasons for failure.
  50   virtual bool DecryptPacket(QuicPacketNumber packet_number,
  51                              const base::StringPiece& associated_data,
  52                              const base::StringPiece& ciphertext,
  53                              char* output,
  54                              size_t* output_length,
  55                              size_t max_output_length) = 0;
  56
  57   // The name of the cipher.
  58   virtual const char* cipher_name() const = 0;
  59   // The ID of the cipher. Return 0x03000000 ORed with the 'cryptographic suite
  60   // selector'.
  61   virtual uint32 cipher_id() const = 0;
  62
  63   // For use by unit tests only.
  64   virtual base::StringPiece GetKey() const = 0;
  65   virtual base::StringPiece GetNoncePrefix() const = 0;
  66 };
  67
  68 }  // namespace net
  69
  70 #endif  // NET_QUIC_CRYPTO_QUIC_DECRYPTER_H_