C++程序  |  99行  |  4.18 KB

//
// Copyright (C) 2015 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//

#ifndef ATTESTATION_COMMON_CRYPTO_UTILITY_H_
#define ATTESTATION_COMMON_CRYPTO_UTILITY_H_

#include <string>

#include "attestation/common/common.pb.h"

namespace attestation {

// A class which provides helpers for cryptography-related tasks.
class CryptoUtility {
 public:
  virtual ~CryptoUtility() = default;

  // Generates |num_bytes| of |random_data|. Returns true on success.
  virtual bool GetRandom(size_t num_bytes, std::string* random_data) const = 0;

  // Creates a random |aes_key| and seals it to the TPM's PCR0, producing a
  // |sealed_key|. Returns true on success.
  virtual bool CreateSealedKey(std::string* aes_key,
                               std::string* sealed_key) = 0;

  // Encrypts the given |data| using the |aes_key|. The |sealed_key| will be
  // embedded in the |encrypted_data| to assist with decryption. It can be
  // extracted from the |encrypted_data| using UnsealKey(). Returns true on
  // success.
  virtual bool EncryptData(const std::string& data,
                           const std::string& aes_key,
                           const std::string& sealed_key,
                           std::string* encrypted_data) = 0;

  // Extracts and unseals the |aes_key| from the |sealed_key| embedded in
  // the given |encrypted_data|. The |sealed_key| is also provided as an output
  // so callers can make subsequent calls to EncryptData() with the same key.
  // Returns true on success.
  virtual bool UnsealKey(const std::string& encrypted_data,
                         std::string* aes_key,
                         std::string* sealed_key) = 0;

  // Decrypts |encrypted_data| using |aes_key|, producing the decrypted |data|.
  // Returns true on success.
  virtual bool DecryptData(const std::string& encrypted_data,
                           const std::string& aes_key,
                           std::string* data) = 0;

  // Convert |public_key| from PKCS #1 RSAPublicKey to X.509
  // SubjectPublicKeyInfo. On success returns true and provides the
  // |public_key_info|.
  virtual bool GetRSASubjectPublicKeyInfo(const std::string& public_key,
                                          std::string* public_key_info) = 0;

  // Convert |public_key_info| from X.509 SubjectPublicKeyInfo to PKCS #1
  // RSAPublicKey. On success returns true and provides the |public_key|.
  virtual bool GetRSAPublicKey(const std::string& public_key_info,
                               std::string* public_key) = 0;

  // Encrypts a |credential| in a format compatible with TPM attestation key
  // activation. The |ek_public_key_info| must be provided in X.509
  // SubjectPublicKeyInfo format and the |aik_public_key| must be provided in
  // TPM_PUBKEY format.
  virtual bool EncryptIdentityCredential(
      const std::string& credential,
      const std::string& ek_public_key_info,
      const std::string& aik_public_key,
      EncryptedIdentityCredential* encrypted) = 0;

  // Encrypts |data| in a format compatible with the TPM unbind operation. The
  // |public_key| must be provided in X.509 SubjectPublicKeyInfo format.
  virtual bool EncryptForUnbind(const std::string& public_key,
                                const std::string& data,
                                std::string* encrypted_data) = 0;

  // Verifies a PKCS #1 v1.5 SHA-256 |signature| over |data|. The |public_key|
  // must be provided in X.509 SubjectPublicKeyInfo format.
  virtual bool VerifySignature(const std::string& public_key,
                               const std::string& data,
                               const std::string& signature) = 0;
};

}  // namespace attestation

#endif  // ATTESTATION_COMMON_CRYPTO_UTILITY_H_