1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_QUIC_CRYPTO_QUIC_ENCRYPTER_H_ 6 #define NET_QUIC_CRYPTO_QUIC_ENCRYPTER_H_ 7 8 #include "net/base/net_export.h" 9 #include "net/quic/quic_protocol.h" 10 11 namespace net { 12 13 class NET_EXPORT_PRIVATE QuicEncrypter { 14 public: ~QuicEncrypter()15 virtual ~QuicEncrypter() {} 16 17 static QuicEncrypter* Create(QuicTag algorithm); 18 19 // Sets the encryption key. Returns true on success, false on failure. 20 // 21 // NOTE: The key is the client_write_key or server_write_key derived from 22 // the master secret. 23 virtual bool SetKey(base::StringPiece key) = 0; 24 25 // Sets the fixed initial bytes of the nonce. Returns true on success, 26 // false on failure. 27 // 28 // NOTE: The nonce prefix is the client_write_iv or server_write_iv 29 // derived from the master secret. A 64-bit packet sequence number will 30 // be appended to form the nonce. 31 // 32 // <------------ 64 bits -----------> 33 // +---------------------+----------------------------------+ 34 // | Fixed prefix | Packet sequence number | 35 // +---------------------+----------------------------------+ 36 // Nonce format 37 // 38 // The security of the nonce format requires that QUIC never reuse a 39 // packet sequence number, even when retransmitting a lost packet. 40 virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) = 0; 41 42 // Encrypt encrypts |plaintext| and writes the ciphertext, plus a MAC over 43 // both |associated_data| and |plaintext| to |output|, using |nonce| as the 44 // nonce. |nonce| must be |8+GetNoncePrefixSize()| bytes long and |output| 45 // must point to a buffer that is at least 46 // |GetCiphertextSize(plaintext.size()| bytes long. 47 virtual bool Encrypt(base::StringPiece nonce, 48 base::StringPiece associated_data, 49 base::StringPiece plaintext, 50 unsigned char* output) = 0; 51 52 // Returns a newly created QuicData object containing the encrypted 53 // |plaintext| as well as a MAC over both |plaintext| and |associated_data|, 54 // or NULL if there is an error. |sequence_number| is appended to the 55 // |nonce_prefix| value provided in SetNoncePrefix() to form the nonce. 56 virtual QuicData* EncryptPacket(QuicPacketSequenceNumber sequence_number, 57 base::StringPiece associated_data, 58 base::StringPiece plaintext) = 0; 59 60 // GetKeySize() and GetNoncePrefixSize() tell the HKDF class how many bytes 61 // of key material needs to be derived from the master secret. 62 // NOTE: the sizes returned by GetKeySize() and GetNoncePrefixSize() are 63 // also correct for the QuicDecrypter of the same algorithm. So only 64 // QuicEncrypter has these two methods. 65 66 // Returns the size in bytes of a key for the algorithm. 67 virtual size_t GetKeySize() const = 0; 68 // Returns the size in bytes of the fixed initial part of the nonce. 69 virtual size_t GetNoncePrefixSize() const = 0; 70 71 // Returns the maximum length of plaintext that can be encrypted 72 // to ciphertext no larger than |ciphertext_size|. 73 virtual size_t GetMaxPlaintextSize(size_t ciphertext_size) const = 0; 74 75 // Returns the length of the ciphertext that would be generated by encrypting 76 // to plaintext of size |plaintext_size|. 77 virtual size_t GetCiphertextSize(size_t plaintext_size) const = 0; 78 79 // For use by unit tests only. 80 virtual base::StringPiece GetKey() const = 0; 81 virtual base::StringPiece GetNoncePrefix() const = 0; 82 }; 83 84 } // namespace net 85 86 #endif // NET_QUIC_CRYPTO_QUIC_ENCRYPTER_H_ 87