1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef __CRYPTO_H__
18 #define __CRYPTO_H__
19 
20 #include <stdbool.h>
21 #include <stdint.h>
22 #include <stddef.h>
23 
24 extern "C" {
25   bool randomBytes(uint8_t* out, size_t len);
26   bool AES_gcm_encrypt(const uint8_t* in, uint8_t* out, size_t len,
27                        const uint8_t* key, size_t key_size, const uint8_t* iv, uint8_t* tag);
28   bool AES_gcm_decrypt(const uint8_t* in, uint8_t* out, size_t len,
29                        const uint8_t* key, size_t key_size, const uint8_t* iv,
30                        const uint8_t* tag);
31 
32   // Copied from system/security/keystore/keymaster_enforcement.h.
33   typedef uint64_t km_id_t;
34 
35   bool CreateKeyId(const uint8_t* key_blob, size_t len, km_id_t* out_id);
36 
37   void generateKeyFromPassword(uint8_t* key, size_t key_len, const char* pw,
38                                size_t pw_len, const uint8_t* salt);
39 
40   #include "openssl/digest.h"
41   #include "openssl/ec_key.h"
42 
43   bool HKDFExtract(uint8_t *out_key, size_t *out_len,
44                    const uint8_t *secret, size_t secret_len,
45                    const uint8_t *salt, size_t salt_len);
46 
47   bool HKDFExpand(uint8_t *out_key, size_t out_len,
48                   const uint8_t *prk, size_t prk_len,
49                   const uint8_t *info, size_t info_len);
50 
51   // We define this as field_elem_size.
52   static const size_t EC_MAX_BYTES = 32;
53 
54   int ECDHComputeKey(void *out, const EC_POINT *pub_key, const EC_KEY *priv_key);
55 
56   EC_KEY* ECKEYGenerateKey();
57 
58   size_t ECKEYMarshalPrivateKey(const EC_KEY *priv_key, uint8_t *buf, size_t len);
59 
60   EC_KEY* ECKEYParsePrivateKey(const uint8_t *buf, size_t len);
61 
62   size_t ECPOINTPoint2Oct(const EC_POINT *point, uint8_t *buf, size_t len);
63 
64   EC_POINT* ECPOINTOct2Point(const uint8_t *buf, size_t len);
65 
66 }
67 
68 // Parse a DER-encoded X.509 certificate contained in cert_buf, with length
69 // cert_len, extract the subject, DER-encode it and write the result to
70 // subject_buf, which has subject_buf_len capacity.
71 //
72 // Because the length of the subject is unknown, and because we'd like to (a) be
73 // able to handle subjects of any size and (b) avoid parsing the certificate
74 // twice most of the time, once to discover the length and once to parse it, the
75 // return value is overloaded.
76 //
77 // If the return value > 0 it specifies the number of bytes written into
78 // subject_buf; the operation was successful.
79 //
80 // If the return value == 0, certificate parsing failed unrecoverably.  The
81 // reason will be logged.
82 //
83 // If the return value < 0, the operation failed because the subject size >
84 // subject_buf_len.  The return value is -(subject_size), where subject_size is
85 // the size of the extracted DER-encoded subject field.  Call
86 // extractSubjectFromCertificate again with a sufficiently-large buffer.
87 int extractSubjectFromCertificate(const uint8_t* cert_buf, size_t cert_len,
88                                   uint8_t* subject_buf, size_t subject_buf_len);
89 
90 #endif  //  __CRYPTO_H__
91