1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_QUIC_CRYPTO_CRYPTO_SECRET_BOXER_H_ 6 #define NET_QUIC_CRYPTO_CRYPTO_SECRET_BOXER_H_ 7 8 #include <string> 9 10 #include "base/strings/string_piece.h" 11 #include "net/base/net_export.h" 12 13 namespace net { 14 15 class QuicRandom; 16 17 // CryptoSecretBoxer encrypts small chunks of plaintext (called 'boxing') and 18 // then, later, can authenticate+decrypt the resulting boxes. This object is 19 // thread-safe. 20 class NET_EXPORT_PRIVATE CryptoSecretBoxer { 21 public: 22 CryptoSecretBoxer() {} 23 24 // GetKeySize returns the number of bytes in a key. 25 static size_t GetKeySize(); 26 27 // SetKey sets the key for this object. This must be done before |Box| or 28 // |Unbox| are called. |key| must be |GetKeySize()| bytes long. 29 void SetKey(base::StringPiece key); 30 31 // Box encrypts |plaintext| using a random nonce generated from |rand| and 32 // returns the resulting ciphertext. Since an authenticator and nonce are 33 // included, the result will be slightly larger than |plaintext|. 34 std::string Box(QuicRandom* rand, base::StringPiece plaintext) const; 35 36 // Unbox takes the result of a previous call to |Box| in |ciphertext| and 37 // authenticates+decrypts it. If |ciphertext| is not authentic then it 38 // returns false. Otherwise, |out_storage| is used to store the result and 39 // |out| is set to point into |out_storage| and contains the original 40 // plaintext. 41 bool Unbox(base::StringPiece ciphertext, 42 std::string* out_storage, 43 base::StringPiece* out) const; 44 45 private: 46 std::string key_; 47 48 DISALLOW_COPY_AND_ASSIGN(CryptoSecretBoxer); 49 }; 50 51 } // namespace net 52 53 #endif // NET_QUIC_CRYPTO_CRYPTO_SECRET_BOXER_H_ 54