crypto_utility.h revision 745de272a4afde07cd3b3a7c376976bd0a972b36
130a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn// Copyright 2015 The Chromium OS Authors. All rights reserved. 230a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn// Use of this source code is governed by a BSD-style license that can be 330a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn// found in the LICENSE file. 430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn 5745de272a4afde07cd3b3a7c376976bd0a972b36Darren Krahn#ifndef ATTESTATION_COMMON_CRYPTO_UTILITY_H_ 6745de272a4afde07cd3b3a7c376976bd0a972b36Darren Krahn#define ATTESTATION_COMMON_CRYPTO_UTILITY_H_ 730a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn 830a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn#include <string> 930a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn 1030a5bba00647d29e324111005deb76a0466f8c6bDarren Krahnnamespace attestation { 1130a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn 1230a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn// A class which provides helpers for cryptography-related tasks. 1330a5bba00647d29e324111005deb76a0466f8c6bDarren Krahnclass CryptoUtility { 1430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn public: 1530a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn virtual ~CryptoUtility() = default; 1630a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn 17d66389850c33614ffbbbbc3f768621182fd853baDarren Krahn // Generates |num_bytes| of |random_data|. Returns true on success. 18d66389850c33614ffbbbbc3f768621182fd853baDarren Krahn virtual bool GetRandom(size_t num_bytes, std::string* random_data) const = 0; 19d66389850c33614ffbbbbc3f768621182fd853baDarren Krahn 2030a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // Creates a random |aes_key| and seals it to the TPM's PCR0, producing a 2130a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // |sealed_key|. Returns true on success. 2230a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn virtual bool CreateSealedKey(std::string* aes_key, 23d569cf62b11f74b7ca2ff2db53414927f7e2d66aDarren Krahn std::string* sealed_key) = 0; 2430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn 2530a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // Encrypts the given |data| using the |aes_key|. The |sealed_key| will be 2630a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // embedded in the |encrypted_data| to assist with decryption. It can be 2730a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // extracted from the |encrypted_data| using UnsealKey(). Returns true on 2830a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // success. 2930a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn virtual bool EncryptData(const std::string& data, 3030a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn const std::string& aes_key, 3130a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn const std::string& sealed_key, 32d569cf62b11f74b7ca2ff2db53414927f7e2d66aDarren Krahn std::string* encrypted_data) = 0; 3330a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn 3430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // Extracts and unseals the |aes_key| from the |sealed_key| embedded in 3530a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // the given |encrypted_data|. The |sealed_key| is also provided as an output 3630a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // so callers can make subsequent calls to EncryptData() with the same key. 3730a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // Returns true on success. 3830a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn virtual bool UnsealKey(const std::string& encrypted_data, 3930a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn std::string* aes_key, 40d569cf62b11f74b7ca2ff2db53414927f7e2d66aDarren Krahn std::string* sealed_key) = 0; 4130a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn 4230a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // Decrypts |encrypted_data| using |aes_key|, producing the decrypted |data|. 4330a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn // Returns true on success. 4430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn virtual bool DecryptData(const std::string& encrypted_data, 4530a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn const std::string& aes_key, 46d569cf62b11f74b7ca2ff2db53414927f7e2d66aDarren Krahn std::string* data) = 0; 476222defa52eb13c0d90673f642f2647f7753478bDarren Krahn 486222defa52eb13c0d90673f642f2647f7753478bDarren Krahn // Convert |public_key| from PKCS #1 RSAPublicKey to X.509 496222defa52eb13c0d90673f642f2647f7753478bDarren Krahn // SubjectPublicKeyInfo. On success returns true and provides the |spki|. 506222defa52eb13c0d90673f642f2647f7753478bDarren Krahn virtual bool GetRSASubjectPublicKeyInfo(const std::string& public_key, 516222defa52eb13c0d90673f642f2647f7753478bDarren Krahn std::string* spki) = 0; 5230a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn}; 5330a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn 5430a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn} // namespace attestation 5530a5bba00647d29e324111005deb76a0466f8c6bDarren Krahn 56745de272a4afde07cd3b3a7c376976bd0a972b36Darren Krahn#endif // ATTESTATION_COMMON_CRYPTO_UTILITY_H_ 57