diff options
author | wconner <wconner@google.com> | 2023-05-12 09:50:16 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-05-12 09:51:49 -0700 |
commit | efbb99574361c91851e828644545d5578d5c619a (patch) | |
tree | 491fcc8731424dedb0964cc6c01c019de9a330b1 /cc/aead/aead_key.h | |
parent | 60c8ca7f5e602cd58229a72ee802441ab891faa9 (diff) | |
download | tink-efbb99574361c91851e828644545d5578d5c619a.tar.gz |
Add AEAD parameters and key types to C++ library.
PiperOrigin-RevId: 531532517
Diffstat (limited to 'cc/aead/aead_key.h')
-rw-r--r-- | cc/aead/aead_key.h | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/cc/aead/aead_key.h b/cc/aead/aead_key.h new file mode 100644 index 000000000..64f7880b3 --- /dev/null +++ b/cc/aead/aead_key.h @@ -0,0 +1,53 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#ifndef TINK_AEAD_AEAD_KEY_H_ +#define TINK_AEAD_AEAD_KEY_H_ + +#include <string> + +#include "tink/aead/aead_parameters.h" +#include "tink/key.h" + +namespace crypto { +namespace tink { + +// Represents a function to encrypt and decrypt data using authenticated +// encryption with associated data (AEAD). +class AeadKey : public Key { + public: + // Returns the bytes prefixed to every ciphertext generated by this key. + // + // In order to make key rotation more efficient, Tink allows every AEAD key to + // have an associated ciphertext output prefix. When decrypting a ciphertext, + // only keys with a matching prefix have to be tried. + // + // Note that a priori, the output prefix may not be unique in a keyset + // (i.e., different keys in a keyset may have the same prefix or one prefix + // may be a prefix of another). To avoid this, built-in Tink keys use the + // convention that the prefix is either '0x00<big endian key id>' or + // '0x01<big endian key id>'. + virtual std::string GetOutputPrefix() const = 0; + + const AeadParameters& GetParameters() const override = 0; + + bool operator==(const Key& other) const override = 0; +}; + +} // namespace tink +} // namespace crypto + +#endif // TINK_AEAD_AEAD_KEY_H_ |