libtpmcrypto/tpm_crypto.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2018 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef LIBTPMCRYPTO_TPM_CRYPTO_H_
 #define LIBTPMCRYPTO_TPM_CRYPTO_H_

 #include <string>

 #include <base/macros.h>
 #include <brillo/brillo_export.h>

 namespace brillo {
 class SecureBlob;
 }  // namespace brillo

 namespace tpmcrypto {

 // AES key size in bytes (256 bits).
 constexpr unsigned int kDefaultAesKeySize = 32;

 // AES GCM tag size in bytes (128 bits).
 constexpr int kGcmDefaultTagSize = 16;

 // AES GCM default IV size in bytes (96 bits).
 constexpr int kGcmDefaultIVSize = 12;

 class BRILLO_EXPORT TpmCrypto {
  public:
   virtual ~TpmCrypto() = default;

   // Seals arbitrary-length |data| to the TPM's PCR0 and returns
   // |encrypted_data| containing the encrypted data. Internally a new random
   // key is generated by the TPM which is used to encrypt the data, that key
   // is sealed by the Storage Root Key in the TPM. Returns true if the
   // encrypted data blob was created successfully.
   virtual bool Encrypt(const brillo::SecureBlob& data,
                        std::string* encrypted_data) = 0;

   // Decrypts data previously sealed to the TPM's PCR0. Internally the key
   // is unsealed using the Storage Root Key in the TPM, and the unsealed key
   // is used to decrypt the content. Decryption also validates that the GCM
   // tag created during encryption matches. Returns true if the data is
   // decrypted and verified successfully.
   virtual bool Decrypt(const std::string& encrypted_data,
                        brillo::SecureBlob* data) = 0;

  protected:
   TpmCrypto() = default;

   DISALLOW_COPY_AND_ASSIGN(TpmCrypto);
 };

 }  // namespace tpmcrypto

 #endif  // LIBTPMCRYPTO_TPM_CRYPTO_H_
	// Copyright 2018 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef LIBTPMCRYPTO_TPM_CRYPTO_H_
	#define LIBTPMCRYPTO_TPM_CRYPTO_H_

	#include <string>

	#include <base/macros.h>
	#include <brillo/brillo_export.h>

	namespace brillo {
	class SecureBlob;
	} // namespace brillo

	namespace tpmcrypto {

	// AES key size in bytes (256 bits).
	constexpr unsigned int kDefaultAesKeySize = 32;

	// AES GCM tag size in bytes (128 bits).
	constexpr int kGcmDefaultTagSize = 16;

	// AES GCM default IV size in bytes (96 bits).
	constexpr int kGcmDefaultIVSize = 12;

	class BRILLO_EXPORT TpmCrypto {
	public:
	virtual ~TpmCrypto() = default;

	// Seals arbitrary-length \|data\| to the TPM's PCR0 and returns
	// \|encrypted_data\| containing the encrypted data. Internally a new random
	// key is generated by the TPM which is used to encrypt the data, that key
	// is sealed by the Storage Root Key in the TPM. Returns true if the
	// encrypted data blob was created successfully.
	virtual bool Encrypt(const brillo::SecureBlob& data,
	std::string* encrypted_data) = 0;

	// Decrypts data previously sealed to the TPM's PCR0. Internally the key
	// is unsealed using the Storage Root Key in the TPM, and the unsealed key
	// is used to decrypt the content. Decryption also validates that the GCM
	// tag created during encryption matches. Returns true if the data is
	// decrypted and verified successfully.
	virtual bool Decrypt(const std::string& encrypted_data,
	brillo::SecureBlob* data) = 0;

	protected:
	TpmCrypto() = default;

	DISALLOW_COPY_AND_ASSIGN(TpmCrypto);
	};

	} // namespace tpmcrypto

	#endif // LIBTPMCRYPTO_TPM_CRYPTO_H_