1 // 2 // Copyright (C) 2020 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 16 #pragma once 17 18 #include <keymaster/android_keymaster_utils.h> 19 #include <tss2/tss2_esys.h> 20 21 #include "host/commands/secure_env/tpm_auth.h" 22 23 namespace cuttlefish { 24 25 /** 26 * Encrypt `data_in` to `data_out`, which are both buffers of size `data_size`. 27 * 28 * There are no integrity guarantees on this data: if the encrypted data is 29 * corrupted, decrypting it could either fail or produce corrupted output. 30 * 31 * `iv` should be generated randomly, and can be stored unencrypted next to 32 * the plaintext. 33 */ 34 bool TpmEncrypt(ESYS_CONTEXT* esys, ESYS_TR key_handle, TpmAuth auth, 35 const TPM2B_IV& iv, uint8_t* data_in, uint8_t* data_out, 36 size_t data_size); 37 38 /** 39 * Decrypt `data_in` to `data_out`, which are both buffers of size `data_size`. 40 * 41 * There are no integrity guarantees on this data: if the encrypted data is 42 * corrupted, decrypting it could either fail or produce corrupted output. 43 */ 44 bool TpmDecrypt(ESYS_CONTEXT* esys, ESYS_TR key_handle, TpmAuth auth, 45 const TPM2B_IV& iv, uint8_t* data_in, uint8_t* data_out, 46 size_t data_size); 47 48 } // namespace cuttlefish 49