Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / refs/heads/factory-ambassador-14265.B / . / cryptohome / cryptorecovery / recovery_crypto_hsm_cbor_serialization.h
blob: 0b7be9c520340fb28ff05ff653aa80b66a750ae5 [file] [log] [blame]
// Copyright 2021 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CRYPTOHOME_CRYPTORECOVERY_RECOVERY_CRYPTO_HSM_CBOR_SERIALIZATION_H_
#define CRYPTOHOME_CRYPTORECOVERY_RECOVERY_CRYPTO_HSM_CBOR_SERIALIZATION_H_
#include <string>
#include <brillo/secure_blob.h>
#include <chromeos/cbor/values.h>
#include "cryptohome/cryptorecovery/recovery_crypto_util.h"
namespace cryptohome {
namespace cryptorecovery {
// Constants that will be used as keys in the CBOR map.
extern const char kRecoveryCryptoRequestSchemaVersion[];
extern const char kMediatorShare[];
extern const char kMediatedPoint[];
extern const char kKeyAuthValue[];
extern const char kDealerPublicKey[];
extern const char kPublisherPublicKey[];
extern const char kChannelPublicKey[];
extern const char kRsaPublicKey[];
extern const char kOnboardingMetaData[];
extern const char kHsmAead[];
extern const char kAeadCipherText[];
extern const char kAeadAd[];
extern const char kAeadIv[];
extern const char kAeadTag[];
extern const char kEphemeralPublicInvKey[];
extern const char kRequestMetaData[];
extern const char kRequestAead[];
extern const char kEpochPublicKey[];
extern const char kRequestPayloadSalt[];
extern const char kResponseAead[];
extern const char kResponseMetaData[];
extern const char kResponsePayloadSalt[];
extern const char kResponseErrorCode[];
extern const char kResponseErrorString[];
// Mediation protocol version.
extern const int kProtocolVersion;
// Constructs cbor-encoded binary blob for the Recovery Request.
bool SerializeRecoveryRequestToCbor(const RecoveryRequest& request,
brillo::SecureBlob* request_cbor);
// Constructs cbor-encoded binary blob with HSM associated data.
bool SerializeHsmAssociatedDataToCbor(const HsmAssociatedData& ad,
brillo::SecureBlob* ad_cbor);
// Constructs cbor-encoded binary blob with associated data for request payload.
bool SerializeRecoveryRequestAssociatedDataToCbor(
const RecoveryRequestAssociatedData& request_ad,
brillo::SecureBlob* request_ad_cbor);
// Constructs cbor-encoded binary blob with associated data for response
// payload.
bool SerializeHsmResponseAssociatedDataToCbor(
const HsmResponseAssociatedData& response_ad,
brillo::SecureBlob* response_ad_cbor);
// Constructs cbor-encoded binary blob from plain text of data that will
// be subsequently encrypted and in HSM payload.
bool SerializeHsmPlainTextToCbor(const HsmPlainText& plain_text,
brillo::SecureBlob* plain_text_cbor);
// Constructs cbor-encoded binary blob from plain text of data that will
// be subsequently encrypted and in Request payload.
bool SerializeRecoveryRequestPlainTextToCbor(
const RecoveryRequestPlainText& plain_text,
brillo::SecureBlob* plain_text_cbor);
// Constructs cbor-encoded binary blob for the Recovery Response.
bool SerializeRecoveryResponseToCbor(const RecoveryResponse& response,
brillo::SecureBlob* response_cbor);
// Constructs cbor-encoded binary blob from plain text of data that will
// be subsequently encrypted and in response payload.
bool SerializeHsmResponsePlainTextToCbor(const HsmResponsePlainText& plain_text,
brillo::SecureBlob* plain_text_cbor);
// Constructs cbor-encoded binary blob from HsmPayload to be saved on the
// device.
bool SerializeHsmPayloadToCbor(const HsmPayload& hsm_payload,
brillo::SecureBlob* serialized_cbor);
// Extracts data from HSM payload cbor.
bool DeserializeHsmPayloadFromCbor(const brillo::SecureBlob& serialized_cbor,
HsmPayload* hsm_payload);
// Extracts data from HSM plain text cbor.
bool DeserializeHsmPlainTextFromCbor(
const brillo::SecureBlob& hsm_plain_text_cbor,
HsmPlainText* hsm_plain_text);
// Extracts data from Recovery Request plain text cbor.
bool DeserializeRecoveryRequestPlainTextFromCbor(
const brillo::SecureBlob& request_plain_text_cbor,
RecoveryRequestPlainText* request_plain_text);
// Extracts data from Recovery Request cbor.
bool DeserializeRecoveryRequestFromCbor(
const brillo::SecureBlob& recovery_request_cbor,
RecoveryRequest* recovery_request);
// Extracts data from response plain text cbor.
bool DeserializeHsmResponsePlainTextFromCbor(
const brillo::SecureBlob& response_payload_cbor,
HsmResponsePlainText* response_payload);
// Extracts data from HSM Response associated data cbor.
bool DeserializeHsmResponseAssociatedDataFromCbor(
const brillo::SecureBlob& response_ad_cbor,
HsmResponseAssociatedData* response_ad);
// Extracts data from Recovery Response cbor.
bool DeserializeRecoveryResponseFromCbor(
const brillo::SecureBlob& response_cbor, RecoveryResponse* response);
//============================================================================
// The methods below are for testing only.
//============================================================================
bool GetValueFromCborMapByKeyForTesting(const brillo::SecureBlob& input_cbor,
const std::string& map_key,
cbor::Value* value);
bool GetBytestringValueFromCborMapByKeyForTesting(
const brillo::SecureBlob& input_cbor,
const std::string& map_key,
brillo::SecureBlob* value);
bool GetHsmPayloadFromRequestAdForTesting(
const brillo::SecureBlob& request_payload_cbor, HsmPayload* hsm_payload);
bool GetRequestPayloadSchemaVersionForTesting(
const brillo::SecureBlob& input_cbor, int* value);
// Returns number of values in CBOR map. Returns -1 if provided blob is not a
// CBOR map.
int GetCborMapSize(const brillo::SecureBlob& input_cbor);
} // namespace cryptorecovery
} // namespace cryptohome
#endif // CRYPTOHOME_CRYPTORECOVERY_RECOVERY_CRYPTO_HSM_CBOR_SERIALIZATION_H_