Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / HEAD / . / hwsec-test-utils / common / openssl_utility.h
blob: d55f4a459ed3e162b513bbbfaf4c56af6b63771f [file] [log] [blame]
// Copyright 2020 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef HWSEC_TEST_UTILS_COMMON_OPENSSL_UTILITY_H_
#define HWSEC_TEST_UTILS_COMMON_OPENSSL_UTILITY_H_
#include <string>
#include <base/optional.h>
#include <crypto/scoped_openssl_types.h>
namespace hwsec_test_utils {
// Initializes the possibly needed initialization for use of OpenSSL library. If
// it is called before, then performs no-ops. This function is by design not
// thread-safe though the calls, for currently we don't have the usecase.
void InitializeOpenSSL();
// TODO(b/155150344): Use the libhwsec one after improving that implementation.
std::string GetOpenSSLError();
// Creates a newly generated EC key. The implementation hardcodes the curve id
// to NID_X9_62_prime256v1, for the in practice we don't expect any other curve
// to be used. In cae of failure, the returned object contains |nullptr|.
crypto::ScopedEVP_PKEY CreateNewEcKey();
// Parses |pem| into |crypto::ScopedEVP_PKEY| . In case of failure, the returned
// object contains |nullptr|.
crypto::ScopedEVP_PKEY PemToEVP(const std::string& pem);
// Generates random bytes with size of |length|. In case of failure, returns
// |base::nullopt|.
base::Optional<std::string> GetRandom(size_t length);
// Reads |pem| string and parse it to X509 object. In case of any error, the
// returned object contains |nullptr|.
crypto::ScopedX509 PemToX509(const std::string& pem);
// Performs the sequence of EVP_DigestSign(Init|Update|Final) operations using
// |key| as the signing or HMAC key. Returns nullopt if any error; otherwise
// returns the signature or HMAC.
base::Optional<std::string> EVPDigestSign(const crypto::ScopedEVP_PKEY& key,
const EVP_MD* md_type,
const std::string& data);
// Performs the sequence of EVP_DigestVerify(Init|Update|Final) operations using
// |key| as the signing key to verify |signature| against |data|. Returns |true|
// iff the signature is verified.
bool EVPDigestVerify(const crypto::ScopedEVP_PKEY& key,
const EVP_MD* md_type,
const std::string& data,
const std::string& signature);
// Performs the sequence of EVP_PKEY_encrypt(_init)? operations using |key| as
// the encryption key of a RSA key. |rsa_padding| is set after
// |EVP_PKEY_encrypt_init|.
base::Optional<std::string> EVPRsaEncrypt(const crypto::ScopedEVP_PKEY& key,
const std::string& data,
int rsa_padding);
// Performs the sequence of EVP_PKEY_decrypt(_init)? operations using |key| as
// the decryption key of a RSA key. |rsa_padding| is set after
// |EVP_PKEY_decrypt_init|.
base::Optional<std::string> EVPRsaDecrypt(const crypto::ScopedEVP_PKEY& key,
const std::string& encrypted_data,
int rsa_padding);
// Performs the sequence of EVP_Encrypt(Init_ex|Update|Final_ex) operations,
// where |aes_key|, |evp_cipher|, and |iv| are the input of what their names
// suggest.
base::Optional<std::string> EVPAesEncrypt(const std::string& data,
const EVP_CIPHER* evp_cipher,
const std::string& aes_key,
const std::string& iv);
// Performs the sequence of EVP_Decrypt(Init_ex|Update|Final_ex) operations,
// where |aes_key|, |evp_cipher|, and |iv| are the input of what their names
// suggest.
base::Optional<std::string> EVPAesDecrypt(const std::string& encrypted_data,
const EVP_CIPHER* evp_cipher,
const std::string& aes_key,
const std::string& iv);
// Performs the sequence of EVP_PKEY_derive_(_init|_set_peer) operations,
// where |key| and |peer_key| are 2 keys that exchange the shared secret. As its
// name suggests, |peer_key| is the key that comes from the other party.
base::Optional<std::string> EVPDerive(const crypto::ScopedEVP_PKEY& key,
const crypto::ScopedEVP_PKEY& peer_key);
} // namespace hwsec_test_utils
#endif // HWSEC_TEST_UTILS_COMMON_OPENSSL_UTILITY_H_