// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_QUIC_CRYPTO_CRYPTO_SECRET_BOXER_H_
#define NET_QUIC_CRYPTO_CRYPTO_SECRET_BOXER_H_
#include <string>
#include "base/strings/string_piece.h"
#include "net/base/net_export.h"
namespace net {
class QuicRandom;
// CryptoSecretBoxer encrypts small chunks of plaintext (called 'boxing') and
// then, later, can authenticate+decrypt the resulting boxes. This object is
// thread-safe.
class NET_EXPORT_PRIVATE CryptoSecretBoxer {
public:
// GetKeySize returns the number of bytes in a key.
static size_t GetKeySize();
// SetKey sets the key for this object. This must be done before |Box| or
// |Unbox| are called. |key| must be |GetKeySize()| bytes long.
void SetKey(base::StringPiece key);
// Box encrypts |plaintext| using a random nonce generated from |rand| and
// returns the resulting ciphertext. Since an authenticator and nonce are
// included, the result will be slightly larger than |plaintext|.
std::string Box(QuicRandom* rand, base::StringPiece plaintext) const;
// Unbox takes the result of a previous call to |Box| in |ciphertext| and
// authenticates+decrypts it. If |ciphertext| is not authentic then it
// returns false. Otherwise, |out_storage| is used to store the result and
// |out| is set to point into |out_storage| and contains the original
// plaintext.
bool Unbox(base::StringPiece ciphertext,
std::string* out_storage,
base::StringPiece* out) const;
private:
std::string key_;
};
} // namespace net
#endif // NET_QUIC_CRYPTO_CRYPTO_SECRET_BOXER_H_