Encrypt certificate reports before uploading to HTTP URLs

crypto/aead_openssl.h

Index: crypto/aead_openssl.h
diff --git a/crypto/aead_openssl.h b/crypto/aead_openssl.h
new file mode 100644
index 0000000000000000000000000000000000000000..25185cc6d45d27b41a5ebf9c546c995529b53118
--- /dev/null
+++ b/crypto/aead_openssl.h
@@ -0,0 +1,44 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CRYPTO_AEAD_H_
+#define CRYPTO_AEAD_H_
+
+#include <string>
+
+#include "base/strings/string_piece.h"
+#include "crypto/crypto_export.h"
+
+namespace crypto {
+
+extern const size_t kAeadKeyLength;

[agl, 2015/04/21 20:28:26]

these would have to be properties of |Aead|.

[estark, 2015/04/22 03:55:31]

Oops, these are actually dead. Removed.

+extern const size_t kAeadNonceLength;
+
+// This class exposes the AES-128-CTR-HMAC-SHA256 AEAD, currently only
+// for OpenSSL builds.
+class CRYPTO_EXPORT Aead {
+ public:
+  explicit Aead(const std::string* key);

[estark, 2015/04/18 05:24:42]

Wasn't sure if this should take an algorithm parameter of some kind if only one
algorithm is supported.

[agl, 2015/04/21 20:28:26]

It should, and the KeyLength and NonceLength() become non-static. See, for
example, hmac.h.

[estark, 2015/04/22 03:55:31]

Done.

+
+  ~Aead();
+
+  bool Seal(const base::StringPiece& plaintext,

[agl, 2015/04/21 20:28:26]

addition data argument?

[estark, 2015/04/22 03:55:30]

Done.

+            const base::StringPiece& nonce,
+            std::string* ciphertext);
+
+  bool Open(const base::StringPiece& ciphertext,
+            const base::StringPiece& nonce,
+            std::string* plaintext);
+
+  static size_t KeyLength();
+
+  static size_t NonceLength();
+
+ private:
+  const std::string* key_;
+};
+
+}  // namespace crypto
+
+#endif  // CRYPTO_ENCRYPTOR_H_