1// 2// Copyright (C) 2015 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#ifndef ATTESTATION_COMMON_CRYPTO_UTILITY_IMPL_H_ 18#define ATTESTATION_COMMON_CRYPTO_UTILITY_IMPL_H_ 19 20#include "attestation/common/crypto_utility.h" 21 22#include <string> 23 24#include <openssl/rsa.h> 25 26#include "attestation/common/tpm_utility.h" 27 28namespace attestation { 29 30// An implementation of CryptoUtility. 31class CryptoUtilityImpl : public CryptoUtility { 32 public: 33 // Does not take ownership of pointers. 34 explicit CryptoUtilityImpl(TpmUtility* tpm_utility); 35 ~CryptoUtilityImpl() override; 36 37 // CryptoUtility methods. 38 bool GetRandom(size_t num_bytes, std::string* random_data) const override; 39 bool CreateSealedKey(std::string* aes_key, std::string* sealed_key) override; 40 bool EncryptData(const std::string& data, 41 const std::string& aes_key, 42 const std::string& sealed_key, 43 std::string* encrypted_data) override; 44 bool UnsealKey(const std::string& encrypted_data, 45 std::string* aes_key, 46 std::string* sealed_key) override; 47 bool DecryptData(const std::string& encrypted_data, 48 const std::string& aes_key, 49 std::string* data) override; 50 bool GetRSASubjectPublicKeyInfo(const std::string& public_key, 51 std::string* spki) override; 52 bool GetRSAPublicKey(const std::string& public_key_info, 53 std::string* public_key) override; 54 bool EncryptIdentityCredential( 55 const std::string& credential, 56 const std::string& ek_public_key_info, 57 const std::string& aik_public_key, 58 EncryptedIdentityCredential* encrypted) override; 59 bool EncryptForUnbind(const std::string& public_key, 60 const std::string& data, 61 std::string* encrypted_data) override; 62 bool VerifySignature(const std::string& public_key, 63 const std::string& data, 64 const std::string& signature) override; 65 66 private: 67 // Encrypts |data| using |key| and |iv| for AES in CBC mode with PKCS #5 68 // padding and produces the |encrypted_data|. Returns true on success. 69 bool AesEncrypt(const std::string& data, 70 const std::string& key, 71 const std::string& iv, 72 std::string* encrypted_data); 73 74 // Decrypts |encrypted_data| using |key| and |iv| for AES in CBC mode with 75 // PKCS #5 padding and produces the decrypted |data|. Returns true on success. 76 bool AesDecrypt(const std::string& encrypted_data, 77 const std::string& key, 78 const std::string& iv, 79 std::string* data); 80 81 // Computes and returns an HMAC of |data| using |key| and SHA-512. 82 std::string HmacSha512(const std::string& data, const std::string& key); 83 84 // Encrypt like trousers does. This is like AesEncrypt but a random IV is 85 // included in the output. 86 bool TssCompatibleEncrypt(const std::string& input, 87 const std::string& key, 88 std::string* output); 89 90 // Encrypts using RSA-OAEP and the TPM-specific OAEP parameter. 91 bool TpmCompatibleOAEPEncrypt(const std::string& input, 92 RSA* key, 93 std::string* output); 94 95 TpmUtility* tpm_utility_; 96}; 97 98} // namespace attestation 99 100#endif // ATTESTATION_COMMON_CRYPTO_UTILITY_IMPL_H_ 101