1 // Copyright 2018 Google Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 /////////////////////////////////////////////////////////////////////////////// 16 17 #ifndef TINK_STREAMING_AEAD_H_ 18 #define TINK_STREAMING_AEAD_H_ 19 20 #include <memory> 21 22 #include "absl/strings/string_view.h" 23 #include "tink/input_stream.h" 24 #include "tink/output_stream.h" 25 #include "tink/random_access_stream.h" 26 #include "tink/util/statusor.h" 27 28 namespace crypto { 29 namespace tink { 30 31 32 // An interface for streaming authenticated encryption with associated data. 33 // Streaming encryption is typically used for encrypting large plaintexts such 34 // as large files. Tink may eventually contain multiple interfaces for 35 // streaming encryption depending on the supported properties. This interface 36 // supports a streaming interface for symmetric encryption with 37 // authentication. The underlying encryption modes are selected so that partial 38 // plaintext can be obtained fast by decrypting and authenticating just a part 39 // of the ciphertext. 40 class StreamingAead { 41 public: 42 // Returns a wrapper around 'ciphertext_destination', such that any bytes 43 // written via the wrapper are AEAD-encrypted using 'associated_data' as 44 // associated authenticated data. The associated data is not included in the 45 // ciphertext and has to be passed in as parameter for decryption. 46 // ByteCount() of the wrapper returns the number of written plaintext bytes. 47 // Closing the wrapper results in closing of the wrapped stream. 48 virtual crypto::tink::util::StatusOr< 49 std::unique_ptr<crypto::tink::OutputStream>> 50 NewEncryptingStream( 51 std::unique_ptr<crypto::tink::OutputStream> ciphertext_destination, 52 absl::string_view associated_data) const = 0; 53 54 // Returns a wrapper around 'ciphertext_source', such that reading 55 // via the wrapper leads to AEAD-decryption of the underlying ciphertext, 56 // using 'associated_data' as associated authenticated data, and the 57 // read bytes are bytes of the resulting plaintext. 58 // ByteCount() of the wrapper returns the number of read plaintext bytes. 59 virtual crypto::tink::util::StatusOr< 60 std::unique_ptr<crypto::tink::InputStream>> 61 NewDecryptingStream( 62 std::unique_ptr<crypto::tink::InputStream> ciphertext_source, 63 absl::string_view associated_data) const = 0; 64 65 // Returns a wrapper around 'ciphertext_source', such that reading 66 // via the wrapper leads to AEAD-decryption of the underlying ciphertext, 67 // using 'associated_data' as associated authenticated data, and the 68 // read bytes are bytes of the resulting plaintext. 69 // Note that the returned wrapper's size()-method reports size that is 70 // not checked for integrity. For example, if the ciphertext file has been 71 // truncated then size() will return a wrong result. Reading the last block 72 // of the plaintext will verify whether size() is correct. 73 // Reading through the wrapper is thread safe. 74 virtual crypto::tink::util::StatusOr< 75 std::unique_ptr<crypto::tink::RandomAccessStream>> 76 NewDecryptingRandomAccessStream( 77 std::unique_ptr<crypto::tink::RandomAccessStream> ciphertext_source, 78 absl::string_view associated_data) const = 0; 79 80 virtual ~StreamingAead() = default; 81 }; 82 83 } // namespace tink 84 } // namespace crypto 85 86 #endif // TINK_STREAMING_AEAD_H_ 87