cryptohome/cryptorecovery/recovery_crypto_util.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2021 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CRYPTOHOME_CRYPTORECOVERY_RECOVERY_CRYPTO_UTIL_H_
 #define CRYPTOHOME_CRYPTORECOVERY_RECOVERY_CRYPTO_UTIL_H_

 #include <string>

 #include <brillo/secure_blob.h>

 namespace cryptohome {
 namespace cryptorecovery {

 // AEAD-encrypted payload.
 struct AeadPayload {
   // AES-GCM tag for encryption.
   brillo::SecureBlob tag;
   // AES-GCM iv for encryption.
   brillo::SecureBlob iv;
   // Additional authentication data, passed in clear. Serialized in cbor.
   brillo::SecureBlob associated_data;
   // Encrypted plain text. Plain text is serialized in cbor.
   brillo::SecureBlob cipher_text;
 };

 // HSM Payload is created at onboarding and contains all the data that are
 // persisted on a chromebook and will be eventually used for recovery.
 using HsmPayload = AeadPayload;

 // Recovery Request Payload is created during recovery flow.
 // `associated_data` contains data from `HsmPayload`, request metadata (RMD),
 // and epoch public key (G*r).
 using RequestPayload = AeadPayload;

 // HSM response. Contains response associated data AD3 = {kav, HMD}
 // (where kav is Key Auth Value and HMD is HSM Metadata) and plain text
 // response PT3 = {dealer_pub_key, mediated_share} encrypted with
 // DH of epoch and channel_pub_key.
 using ResponsePayload = AeadPayload;

 // `associated_data` for the HSM payload.
 // `publisher_pub_key` and `channel_pub_key` are elliptic curve points
 // encoded in OpenSSL octet form (a binary encoding of the EC_POINT
 // structure as defined in RFC5480).
 // TODO(mslus): exact format of rsa_public_key used for TPM 1.2 is
 // to be defined.
 struct HsmAssociatedData {
   // G*u, one of the keys that will be used for HSM payload decryption.
   brillo::SecureBlob publisher_pub_key;
   // G*s, one of the keys that will be used for Request payload decryption.
   brillo::SecureBlob channel_pub_key;
   // The key sent to HSM so that it can validate Request payload, used only for
   // TPM 1.2.
   brillo::SecureBlob rsa_public_key;
   // The metadata generated during the Onboarding workflow on a Chromebook
   // (OMD).
   brillo::SecureBlob onboarding_meta_data;
 };

 // Plain text for the HSM payload.
 // `dealer_pub_key` is an elliptic curve point encoded in OpenSSL octet form (a
 // binary encoding of the EC_POINT structure as defined in RFC5480).
 // `mediator_share` and `key_auth_value` are BIGNUMs encoded in big-endian
 // form.
 struct HsmPlainText {
   // Secret share of the Mediator (b1).
   brillo::SecureBlob mediator_share;
   // Key generated on Chromebook, to be sent to the Mediator service (G*a).
   brillo::SecureBlob dealer_pub_key;
   // Additional secret to seal the destination share. Used for TPM 1.2 only.
   brillo::SecureBlob key_auth_value;
 };

 // `associated_data` for the Request payload.
 struct RecoveryRequestAssociatedData {
   // HSM payload.
   HsmPayload hsm_payload;
   // The metadata generated during the Recovery flow on a Chromebook (RMD).
   brillo::SecureBlob request_meta_data;
   // Current epoch beacon value (G*r).
   brillo::SecureBlob epoch_pub_key;
   // Salt used in the derivation of request payload encryption key.
   brillo::SecureBlob request_payload_salt;
 };

 // Plain text for the Request payload.
 // `ephemeral_pub_inv_key` is an elliptic curve point encoded in OpenSSL octet
 // form (a binary encoding of the EC_POINT structure as defined in RFC5480).
 struct RecoveryRequestPlainText {
   // Ephemeral inverse key (G*-x) that is added to mediator DH (G*ab1) by the
   // Mediator service.
   brillo::SecureBlob ephemeral_pub_inv_key;
 };

 // RecoveryRequest is the request sent to the HSM server.
 struct RecoveryRequest {
   // The AEAD-encrypted payload.
   RequestPayload request_payload;
 };

 // `associated_data` for the Response payload.
 struct HsmResponseAssociatedData {
   // Salt used in the derivation of response payload encryption key.
   brillo::SecureBlob response_payload_salt;
   // The metadata generated by HSM.
   brillo::SecureBlob response_meta_data;
 };

 // Plain text for the Response payload.
 // `dealer_pub_key` and `mediated_point` are elliptic curve points encoded in
 // OpenSSL octet form (a binary encoding of the EC_POINT structure as defined in
 // RFC5480). `key_auth_value` is BIGNUM encoded in big-endian form.
 struct HsmResponsePlainText {
   // Mediated mediator share (b1) sent back to the Chromebook.
   brillo::SecureBlob mediated_point;
   // Key generated on Chromebook, that was used for mediation (G*a).
   brillo::SecureBlob dealer_pub_key;
   // Additional secret to seal the destination share. Used for TPM 1.2 only.
   brillo::SecureBlob key_auth_value;
 };

 // RecoveryResponse is the cbor response to a RecoveryRequest.
 struct RecoveryResponse {
   // The AEAD-encrypted payload.
   ResponsePayload response_payload;
   // Numeric error code.
   int error_code = 0;
   // Error message.
   std::string error_string;
 };

 }  // namespace cryptorecovery
 }  // namespace cryptohome

 #endif  // CRYPTOHOME_CRYPTORECOVERY_RECOVERY_CRYPTO_UTIL_H_
	// Copyright 2021 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CRYPTOHOME_CRYPTORECOVERY_RECOVERY_CRYPTO_UTIL_H_
	#define CRYPTOHOME_CRYPTORECOVERY_RECOVERY_CRYPTO_UTIL_H_

	#include <string>

	#include <brillo/secure_blob.h>

	namespace cryptohome {
	namespace cryptorecovery {

	// AEAD-encrypted payload.
	struct AeadPayload {
	// AES-GCM tag for encryption.
	brillo::SecureBlob tag;
	// AES-GCM iv for encryption.
	brillo::SecureBlob iv;
	// Additional authentication data, passed in clear. Serialized in cbor.
	brillo::SecureBlob associated_data;
	// Encrypted plain text. Plain text is serialized in cbor.
	brillo::SecureBlob cipher_text;
	};

	// HSM Payload is created at onboarding and contains all the data that are
	// persisted on a chromebook and will be eventually used for recovery.
	using HsmPayload = AeadPayload;

	// Recovery Request Payload is created during recovery flow.
	// `associated_data` contains data from `HsmPayload`, request metadata (RMD),
	// and epoch public key (G*r).
	using RequestPayload = AeadPayload;

	// HSM response. Contains response associated data AD3 = {kav, HMD}
	// (where kav is Key Auth Value and HMD is HSM Metadata) and plain text
	// response PT3 = {dealer_pub_key, mediated_share} encrypted with
	// DH of epoch and channel_pub_key.
	using ResponsePayload = AeadPayload;

	// `associated_data` for the HSM payload.
	// `publisher_pub_key` and `channel_pub_key` are elliptic curve points
	// encoded in OpenSSL octet form (a binary encoding of the EC_POINT
	// structure as defined in RFC5480).
	// TODO(mslus): exact format of rsa_public_key used for TPM 1.2 is
	// to be defined.
	struct HsmAssociatedData {
	// G*u, one of the keys that will be used for HSM payload decryption.
	brillo::SecureBlob publisher_pub_key;
	// G*s, one of the keys that will be used for Request payload decryption.
	brillo::SecureBlob channel_pub_key;
	// The key sent to HSM so that it can validate Request payload, used only for
	// TPM 1.2.
	brillo::SecureBlob rsa_public_key;
	// The metadata generated during the Onboarding workflow on a Chromebook
	// (OMD).
	brillo::SecureBlob onboarding_meta_data;
	};

	// Plain text for the HSM payload.
	// `dealer_pub_key` is an elliptic curve point encoded in OpenSSL octet form (a
	// binary encoding of the EC_POINT structure as defined in RFC5480).
	// `mediator_share` and `key_auth_value` are BIGNUMs encoded in big-endian
	// form.
	struct HsmPlainText {
	// Secret share of the Mediator (b1).
	brillo::SecureBlob mediator_share;
	// Key generated on Chromebook, to be sent to the Mediator service (G*a).
	brillo::SecureBlob dealer_pub_key;
	// Additional secret to seal the destination share. Used for TPM 1.2 only.
	brillo::SecureBlob key_auth_value;
	};

	// `associated_data` for the Request payload.
	struct RecoveryRequestAssociatedData {
	// HSM payload.
	HsmPayload hsm_payload;
	// The metadata generated during the Recovery flow on a Chromebook (RMD).
	brillo::SecureBlob request_meta_data;
	// Current epoch beacon value (G*r).
	brillo::SecureBlob epoch_pub_key;
	// Salt used in the derivation of request payload encryption key.
	brillo::SecureBlob request_payload_salt;
	};

	// Plain text for the Request payload.
	// `ephemeral_pub_inv_key` is an elliptic curve point encoded in OpenSSL octet
	// form (a binary encoding of the EC_POINT structure as defined in RFC5480).
	struct RecoveryRequestPlainText {
	// Ephemeral inverse key (G-x) that is added to mediator DH (Gab1) by the
	// Mediator service.
	brillo::SecureBlob ephemeral_pub_inv_key;
	};

	// RecoveryRequest is the request sent to the HSM server.
	struct RecoveryRequest {
	// The AEAD-encrypted payload.
	RequestPayload request_payload;
	};

	// `associated_data` for the Response payload.
	struct HsmResponseAssociatedData {
	// Salt used in the derivation of response payload encryption key.
	brillo::SecureBlob response_payload_salt;
	// The metadata generated by HSM.
	brillo::SecureBlob response_meta_data;
	};

	// Plain text for the Response payload.
	// `dealer_pub_key` and `mediated_point` are elliptic curve points encoded in
	// OpenSSL octet form (a binary encoding of the EC_POINT structure as defined in
	// RFC5480). `key_auth_value` is BIGNUM encoded in big-endian form.
	struct HsmResponsePlainText {
	// Mediated mediator share (b1) sent back to the Chromebook.
	brillo::SecureBlob mediated_point;
	// Key generated on Chromebook, that was used for mediation (G*a).
	brillo::SecureBlob dealer_pub_key;
	// Additional secret to seal the destination share. Used for TPM 1.2 only.
	brillo::SecureBlob key_auth_value;
	};

	// RecoveryResponse is the cbor response to a RecoveryRequest.
	struct RecoveryResponse {
	// The AEAD-encrypted payload.
	ResponsePayload response_payload;
	// Numeric error code.
	int error_code = 0;
	// Error message.
	std::string error_string;
	};

	} // namespace cryptorecovery
	} // namespace cryptohome

	#endif // CRYPTOHOME_CRYPTORECOVERY_RECOVERY_CRYPTO_UTIL_H_