Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(332)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/crypto/crypto_secret_boxer.h

Issue 1715593002: QUIC: obtain source address token keys from internal key server. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@114217654
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/quic/crypto/crypto_secret_boxer.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/crypto_secret_boxer.h
diff --git a/net/quic/crypto/crypto_secret_boxer.h b/net/quic/crypto/crypto_secret_boxer.h
index 266b34a5631166689873c829c081f9ba5d2d042a..09ec23c3613e81c366d4a3e03528c5b239c55a5c 100644
--- a/net/quic/crypto/crypto_secret_boxer.h
+++ b/net/quic/crypto/crypto_secret_boxer.h
@@ -8,9 +8,11 @@
#include <stddef.h>
#include <string>
+#include <vector>
#include "base/macros.h"
#include "base/strings/string_piece.h"
+#include "base/synchronization/lock.h"
#include "net/base/net_export.h"
namespace net {
@@ -22,31 +24,37 @@ class QuicRandom;
// thread-safe.
class NET_EXPORT_PRIVATE CryptoSecretBoxer {
public:
- CryptoSecretBoxer() {}
+ CryptoSecretBoxer();
+ ~CryptoSecretBoxer();
// GetKeySize returns the number of bytes in a key.
static size_t GetKeySize();
- // SetKey sets the key for this object. This must be done before |Box| or
- // |Unbox| are called. |key| must be |GetKeySize()| bytes long.
- void SetKey(base::StringPiece key);
+ // SetKeys sets a std::list of encryption keys. The first key in the std::list
+ // will be used by |Box|, but all supplied keys will be tried by |Unbox|, to
+ // handle key skew across the fleet. This must be called before |Box| or
+ // |Unbox|. Keys must be |GetKeySize()| bytes long.
+ void SetKeys(const std::vector<std::string>& keys);
// Box encrypts |plaintext| using a random nonce generated from |rand| and
// returns the resulting ciphertext. Since an authenticator and nonce are
- // included, the result will be slightly larger than |plaintext|.
+ // included, the result will be slightly larger than |plaintext|. The first
+ // key in the std::vector supplied to |SetKeys| will be used.
std::string Box(QuicRandom* rand, base::StringPiece plaintext) const;
// Unbox takes the result of a previous call to |Box| in |ciphertext| and
- // authenticates+decrypts it. If |ciphertext| is not authentic then it
- // returns false. Otherwise, |out_storage| is used to store the result and
- // |out| is set to point into |out_storage| and contains the original
- // plaintext.
+ // authenticates+decrypts it. If |ciphertext| cannot be decrypted with any of
+ // the supplied keys, the function returns false. Otherwise, |out_storage| is
+ // used to store the result and |out| is set to point into |out_storage| and
+ // contains the original plaintext.
bool Unbox(base::StringPiece ciphertext,
std::string* out_storage,
base::StringPiece* out) const;
private:
- std::string key_;
+ mutable base::Lock lock_;
+ // GUARDED_BY(lock_).
+ std::vector<std::string> keys_;
DISALLOW_COPY_AND_ASSIGN(CryptoSecretBoxer);
};
« no previous file with comments | « no previous file | net/quic/crypto/crypto_secret_boxer.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698