| Index: net/quic/crypto/quic_encrypter.h
|
| diff --git a/net/quic/crypto/quic_encrypter.h b/net/quic/crypto/quic_encrypter.h
|
| index f077c1fd2737e5d0419265ace613e57fd7db5517..214ce2d30f186f1226b30c694a733e76f5810923 100644
|
| --- a/net/quic/crypto/quic_encrypter.h
|
| +++ b/net/quic/crypto/quic_encrypter.h
|
| @@ -17,20 +17,55 @@ class NET_EXPORT_PRIVATE QuicEncrypter {
|
|
|
| static QuicEncrypter* Create(CryptoTag algorithm);
|
|
|
| + // Sets the encryption key. Returns true on success, false on failure.
|
| + //
|
| + // NOTE: The key is the client_write_key or server_write_key derived from
|
| + // the master secret.
|
| + virtual bool SetKey(base::StringPiece key) = 0;
|
| +
|
| + // Sets the fixed initial bytes of the nonce. Returns true on success,
|
| + // false on failure.
|
| + //
|
| + // NOTE: The nonce prefix is the client_write_iv or server_write_iv
|
| + // derived from the master secret. A 64-bit packet sequence number will
|
| + // be appended to form the nonce.
|
| + //
|
| + // <------------ 64 bits ----------->
|
| + // +---------------------+----------------------------------+
|
| + // | Fixed prefix | Packet sequence number |
|
| + // +---------------------+----------------------------------+
|
| + // Nonce format
|
| + //
|
| + // The security of the nonce format requires that QUIC never reuse a
|
| + // packet sequence number, even when retransmitting a lost packet.
|
| + virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) = 0;
|
| +
|
| // Returns a newly created QuicData object containing the encrypted
|
| // |plaintext| as well as a MAC over both |plaintext| and |associated_data|,
|
| - // or NULL if there is an error.
|
| - virtual QuicData* Encrypt(base::StringPiece associated_data,
|
| + // or NULL if there is an error. |sequence_number| is appended to the
|
| + // |nonce_prefix| value provided in SetNoncePrefix() to form the nonce.
|
| + virtual QuicData* Encrypt(QuicPacketSequenceNumber sequence_number,
|
| + base::StringPiece associated_data,
|
| base::StringPiece plaintext) = 0;
|
|
|
| + // GetKeySize() and GetNoncePrefixSize() tell the HKDF class how many bytes
|
| + // of key material needs to be derived from the master secret.
|
| + // NOTE: the sizes returned by GetKeySize() and GetNoncePrefixSize() are
|
| + // also correct for the QuicDecrypter of the same algorithm. So only
|
| + // QuicEncrypter has these two methods.
|
| +
|
| + // Returns the size in bytes of a key for the algorithm.
|
| + virtual size_t GetKeySize() const = 0;
|
| + // Returns the size in bytes of the fixed initial part of the nonce.
|
| + virtual size_t GetNoncePrefixSize() const = 0;
|
| +
|
| // Returns the maximum length of plaintext that can be encrypted
|
| // to ciphertext no larger than |ciphertext_size|.
|
| - virtual size_t GetMaxPlaintextSize(size_t ciphertext_size) = 0;
|
| + virtual size_t GetMaxPlaintextSize(size_t ciphertext_size) const = 0;
|
|
|
| // Returns the length of the ciphertext that would be generated by encrypting
|
| // to plaintext of size |plaintext_size|.
|
| - virtual size_t GetCiphertextSize(size_t plaintext_size) = 0;
|
| -
|
| + virtual size_t GetCiphertextSize(size_t plaintext_size) const = 0;
|
| };
|
|
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 12334063:
Land recent QUIC changes. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src