// Copyright 2020 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef COMPONENTS_TRUSTED_VAULT_SECUREBOX_H_ #define COMPONENTS_TRUSTED_VAULT_SECUREBOX_H_ #include <cstdint> #include <memory> #include <optional> #include <vector> #include "base/containers/span.h" #include "third_party/boringssl/src/include/openssl/base.h" namespace crypto { class OpenSSLErrStackTracer; } // namespace crypto namespace trusted_vault { // Encrypts |payload| according to SecureBox v2 spec: // 1. Encryption key is derived from |shared_secret| using HKDF-SHA256. // 2. |payload| is encrypted using AES-128-GCM, using random 96-bit nonce and // given |header|. // |shared_secret|, |header| and |payload| may be empty, though empty // |shared_secret| shouldn't be used. std::vector<uint8_t> SecureBoxSymmetricEncrypt( base::span<const uint8_t> shared_secret, base::span<const uint8_t> header, base::span<const uint8_t> payload); // Decrypts |encrypted_payload| according to SecureBox v2 spec (see // above). Returns nullopt if payload was encrypted with different parameters or // |encrypted_payload| isn't a valid SecureBox encrypted data. std::optional<std::vector<uint8_t>> SecureBoxSymmetricDecrypt( base::span<const uint8_t> shared_secret, base::span<const uint8_t> header, base::span<const uint8_t> encrypted_payload); class SecureBoxPublicKey { … }; class SecureBoxPrivateKey { … }; class SecureBoxKeyPair { … }; } // namespace trusted_vault #endif // COMPONENTS_TRUSTED_VAULT_SECUREBOX_H_
Codebase Browser
chromium