1 // 2 // Copyright (C) 2015 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #ifndef ATTESTATION_COMMON_CRYPTO_UTILITY_IMPL_H_ 18 #define ATTESTATION_COMMON_CRYPTO_UTILITY_IMPL_H_ 19 20 #include "attestation/common/crypto_utility.h" 21 22 #include <string> 23 24 #include <openssl/rsa.h> 25 26 #include "attestation/common/tpm_utility.h" 27 28 namespace attestation { 29 30 // An implementation of CryptoUtility. 31 class CryptoUtilityImpl : public CryptoUtility { 32 public: 33 // Does not take ownership of pointers. 34 explicit CryptoUtilityImpl(TpmUtility* tpm_utility); 35 ~CryptoUtilityImpl() override; 36 37 // CryptoUtility methods. 38 bool GetRandom(size_t num_bytes, std::string* random_data) const override; 39 bool CreateSealedKey(std::string* aes_key, std::string* sealed_key) override; 40 bool EncryptData(const std::string& data, 41 const std::string& aes_key, 42 const std::string& sealed_key, 43 std::string* encrypted_data) override; 44 bool UnsealKey(const std::string& encrypted_data, 45 std::string* aes_key, 46 std::string* sealed_key) override; 47 bool DecryptData(const std::string& encrypted_data, 48 const std::string& aes_key, 49 std::string* data) override; 50 bool GetRSASubjectPublicKeyInfo(const std::string& public_key, 51 std::string* spki) override; 52 bool GetRSAPublicKey(const std::string& public_key_info, 53 std::string* public_key) override; 54 bool EncryptIdentityCredential( 55 const std::string& credential, 56 const std::string& ek_public_key_info, 57 const std::string& aik_public_key, 58 EncryptedIdentityCredential* encrypted) override; 59 bool EncryptForUnbind(const std::string& public_key, 60 const std::string& data, 61 std::string* encrypted_data) override; 62 bool VerifySignature(const std::string& public_key, 63 const std::string& data, 64 const std::string& signature) override; 65 66 private: 67 // Encrypts |data| using |key| and |iv| for AES in CBC mode with PKCS #5 68 // padding and produces the |encrypted_data|. Returns true on success. 69 bool AesEncrypt(const std::string& data, 70 const std::string& key, 71 const std::string& iv, 72 std::string* encrypted_data); 73 74 // Decrypts |encrypted_data| using |key| and |iv| for AES in CBC mode with 75 // PKCS #5 padding and produces the decrypted |data|. Returns true on success. 76 bool AesDecrypt(const std::string& encrypted_data, 77 const std::string& key, 78 const std::string& iv, 79 std::string* data); 80 81 // Computes and returns an HMAC of |data| using |key| and SHA-512. 82 std::string HmacSha512(const std::string& data, const std::string& key); 83 84 // Encrypt like trousers does. This is like AesEncrypt but a random IV is 85 // included in the output. 86 bool TssCompatibleEncrypt(const std::string& input, 87 const std::string& key, 88 std::string* output); 89 90 // Encrypts using RSA-OAEP and the TPM-specific OAEP parameter. 91 bool TpmCompatibleOAEPEncrypt(const std::string& input, 92 RSA* key, 93 std::string* output); 94 95 TpmUtility* tpm_utility_; 96 }; 97 98 } // namespace attestation 99 100 #endif // ATTESTATION_COMMON_CRYPTO_UTILITY_IMPL_H_ 101