net/quic/crypto/quic_encrypter.h - platform/external/chromium_org - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_QUIC_CRYPTO_QUIC_ENCRYPTER_H_
 #define NET_QUIC_CRYPTO_QUIC_ENCRYPTER_H_

 #include "net/base/net_export.h"
 #include "net/quic/quic_protocol.h"

 namespace net {

 class NET_EXPORT_PRIVATE QuicEncrypter {
  public:
   virtual ~QuicEncrypter() {}

   static QuicEncrypter* Create(QuicTag algorithm);

   // Sets the encryption key. Returns true on success, false on failure.
   //
   // NOTE: The key is the client_write_key or server_write_key derived from
   // the master secret.
   virtual bool SetKey(base::StringPiece key) = 0;

   // Sets the fixed initial bytes of the nonce. Returns true on success,
   // false on failure.
   //
   // NOTE: The nonce prefix is the client_write_iv or server_write_iv
   // derived from the master secret. A 64-bit packet sequence number will
   // be appended to form the nonce.
   //
   //                          <------------ 64 bits ----------->
   //   +---------------------+----------------------------------+
   //   |    Fixed prefix     |      Packet sequence number      |
   //   +---------------------+----------------------------------+
   //                          Nonce format
   //
   // The security of the nonce format requires that QUIC never reuse a
   // packet sequence number, even when retransmitting a lost packet.
   virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) = 0;

   // Encrypt encrypts |plaintext| and writes the ciphertext, plus a MAC over
   // both |associated_data| and |plaintext| to |output|, using |nonce| as the
   // nonce. |nonce| must be |8+GetNoncePrefixSize()| bytes long and |output|
   // must point to a buffer that is at least
   // |GetCiphertextSize(plaintext.size()| bytes long.
   virtual bool Encrypt(base::StringPiece nonce,
                        base::StringPiece associated_data,
                        base::StringPiece plaintext,
                        unsigned char* output) = 0;

   // Returns a newly created QuicData object containing the encrypted
   // |plaintext| as well as a MAC over both |plaintext| and |associated_data|,
   // or NULL if there is an error. |sequence_number| is appended to the
   // |nonce_prefix| value provided in SetNoncePrefix() to form the nonce.
   virtual QuicData* EncryptPacket(QuicPacketSequenceNumber sequence_number,
                                   base::StringPiece associated_data,
                                   base::StringPiece plaintext) = 0;

   // GetKeySize() and GetNoncePrefixSize() tell the HKDF class how many bytes
   // of key material needs to be derived from the master secret.
   // NOTE: the sizes returned by GetKeySize() and GetNoncePrefixSize() are
   // also correct for the QuicDecrypter of the same algorithm. So only
   // QuicEncrypter has these two methods.

   // Returns the size in bytes of a key for the algorithm.
   virtual size_t GetKeySize() const = 0;
   // Returns the size in bytes of the fixed initial part of the nonce.
   virtual size_t GetNoncePrefixSize() const = 0;

   // Returns the maximum length of plaintext that can be encrypted
   // to ciphertext no larger than |ciphertext_size|.
   virtual size_t GetMaxPlaintextSize(size_t ciphertext_size) const = 0;

   // Returns the length of the ciphertext that would be generated by encrypting
   // to plaintext of size |plaintext_size|.
   virtual size_t GetCiphertextSize(size_t plaintext_size) const = 0;

   // For use by unit tests only.
   virtual base::StringPiece GetKey() const = 0;
   virtual base::StringPiece GetNoncePrefix() const = 0;
 };

 }  // namespace net

 #endif  // NET_QUIC_CRYPTO_QUIC_ENCRYPTER_H_
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_QUIC_CRYPTO_QUIC_ENCRYPTER_H_
	#define NET_QUIC_CRYPTO_QUIC_ENCRYPTER_H_

	#include "net/base/net_export.h"
	#include "net/quic/quic_protocol.h"

	namespace net {

	class NET_EXPORT_PRIVATE QuicEncrypter {
	public:
	virtual ~QuicEncrypter() {}

	static QuicEncrypter* Create(QuicTag algorithm);

	// Sets the encryption key. Returns true on success, false on failure.
	//
	// NOTE: The key is the client_write_key or server_write_key derived from
	// the master secret.
	virtual bool SetKey(base::StringPiece key) = 0;

	// Sets the fixed initial bytes of the nonce. Returns true on success,
	// false on failure.
	//
	// NOTE: The nonce prefix is the client_write_iv or server_write_iv
	// derived from the master secret. A 64-bit packet sequence number will
	// be appended to form the nonce.
	//
	// <------------ 64 bits ----------->
	// +---------------------+----------------------------------+
	// \| Fixed prefix \| Packet sequence number \|
	// +---------------------+----------------------------------+
	// Nonce format
	//
	// The security of the nonce format requires that QUIC never reuse a
	// packet sequence number, even when retransmitting a lost packet.
	virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) = 0;

	// Encrypt encrypts \|plaintext\| and writes the ciphertext, plus a MAC over
	// both \|associated_data\| and \|plaintext\| to \|output\|, using \|nonce\| as the
	// nonce. \|nonce\| must be \|8+GetNoncePrefixSize()\| bytes long and \|output\|
	// must point to a buffer that is at least
	// \|GetCiphertextSize(plaintext.size()\| bytes long.
	virtual bool Encrypt(base::StringPiece nonce,
	base::StringPiece associated_data,
	base::StringPiece plaintext,
	unsigned char* output) = 0;

	// Returns a newly created QuicData object containing the encrypted
	// \|plaintext\| as well as a MAC over both \|plaintext\| and \|associated_data\|,
	// or NULL if there is an error. \|sequence_number\| is appended to the
	// \|nonce_prefix\| value provided in SetNoncePrefix() to form the nonce.
	virtual QuicData* EncryptPacket(QuicPacketSequenceNumber sequence_number,
	base::StringPiece associated_data,
	base::StringPiece plaintext) = 0;

	// GetKeySize() and GetNoncePrefixSize() tell the HKDF class how many bytes
	// of key material needs to be derived from the master secret.
	// NOTE: the sizes returned by GetKeySize() and GetNoncePrefixSize() are
	// also correct for the QuicDecrypter of the same algorithm. So only
	// QuicEncrypter has these two methods.

	// Returns the size in bytes of a key for the algorithm.
	virtual size_t GetKeySize() const = 0;
	// Returns the size in bytes of the fixed initial part of the nonce.
	virtual size_t GetNoncePrefixSize() const = 0;

	// Returns the maximum length of plaintext that can be encrypted
	// to ciphertext no larger than \|ciphertext_size\|.
	virtual size_t GetMaxPlaintextSize(size_t ciphertext_size) const = 0;

	// Returns the length of the ciphertext that would be generated by encrypting
	// to plaintext of size \|plaintext_size\|.
	virtual size_t GetCiphertextSize(size_t plaintext_size) const = 0;

	// For use by unit tests only.
	virtual base::StringPiece GetKey() const = 0;
	virtual base::StringPiece GetNoncePrefix() const = 0;
	};

	} // namespace net

	#endif // NET_QUIC_CRYPTO_QUIC_ENCRYPTER_H_