crypto_utility.h revision 745de272a4afde07cd3b3a7c376976bd0a972b36 
130a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn// Copyright 2015 The Chromium OS Authors. All rights reserved.
230a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn// Use of this source code is governed by a BSD-style license that can be
330a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn// found in the LICENSE file.
430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn
5745de272a4afde07cd3b3a7c376976bd0a972b36Darren Krahn#ifndef ATTESTATION_COMMON_CRYPTO_UTILITY_H_
6745de272a4afde07cd3b3a7c376976bd0a972b36Darren Krahn#define ATTESTATION_COMMON_CRYPTO_UTILITY_H_
730a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn
830a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn#include <string>
930a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn
1030a5bba00647d29e324111005deb76a0466f8c6bDarren Krahnnamespace attestation {
1130a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn
1230a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn// A class which provides helpers for cryptography-related tasks.
1330a5bba00647d29e324111005deb76a0466f8c6bDarren Krahnclass CryptoUtility {
1430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn public:
1530a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  virtual ~CryptoUtility() = default;
1630a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn
17d66389850c33614ffbbbbc3f768621182fd853baDarren Krahn  // Generates |num_bytes| of |random_data|. Returns true on success.
18d66389850c33614ffbbbbc3f768621182fd853baDarren Krahn  virtual bool GetRandom(size_t num_bytes, std::string* random_data) const = 0;
19d66389850c33614ffbbbbc3f768621182fd853baDarren Krahn
2030a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // Creates a random |aes_key| and seals it to the TPM's PCR0, producing a
2130a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // |sealed_key|. Returns true on success.
2230a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  virtual bool CreateSealedKey(std::string* aes_key,
23d569cf62b11f74b7ca2ff2db53414927f7e2d66aDarren Krahn                               std::string* sealed_key) = 0;
2430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn
2530a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // Encrypts the given |data| using the |aes_key|. The |sealed_key| will be
2630a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // embedded in the |encrypted_data| to assist with decryption. It can be
2730a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // extracted from the |encrypted_data| using UnsealKey(). Returns true on
2830a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // success.
2930a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  virtual bool EncryptData(const std::string& data,
3030a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn                           const std::string& aes_key,
3130a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn                           const std::string& sealed_key,
32d569cf62b11f74b7ca2ff2db53414927f7e2d66aDarren Krahn                           std::string* encrypted_data) = 0;
3330a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn
3430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // Extracts and unseals the |aes_key| from the |sealed_key| embedded in
3530a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // the given |encrypted_data|. The |sealed_key| is also provided as an output
3630a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // so callers can make subsequent calls to EncryptData() with the same key.
3730a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // Returns true on success.
3830a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  virtual bool UnsealKey(const std::string& encrypted_data,
3930a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn                         std::string* aes_key,
40d569cf62b11f74b7ca2ff2db53414927f7e2d66aDarren Krahn                         std::string* sealed_key) = 0;
4130a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn
4230a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // Decrypts |encrypted_data| using |aes_key|, producing the decrypted |data|.
4330a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  // Returns true on success.
4430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn  virtual bool DecryptData(const std::string& encrypted_data,
4530a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn                           const std::string& aes_key,
46d569cf62b11f74b7ca2ff2db53414927f7e2d66aDarren Krahn                           std::string* data) = 0;
476222defa52eb13c0d90673f642f2647f7753478bDarren Krahn
486222defa52eb13c0d90673f642f2647f7753478bDarren Krahn  // Convert |public_key| from PKCS #1 RSAPublicKey to X.509
496222defa52eb13c0d90673f642f2647f7753478bDarren Krahn  // SubjectPublicKeyInfo. On success returns true and provides the |spki|.
506222defa52eb13c0d90673f642f2647f7753478bDarren Krahn  virtual bool GetRSASubjectPublicKeyInfo(const std::string& public_key,
516222defa52eb13c0d90673f642f2647f7753478bDarren Krahn                                          std::string* spki) = 0;
5230a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn};
5330a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn
5430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn}  // namespace attestation
5530a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn
56745de272a4afde07cd3b3a7c376976bd0a972b36Darren Krahn#endif  // ATTESTATION_COMMON_CRYPTO_UTILITY_H_
57