Replace hardcoded parameters
This commit is contained in:
Lu Chen
82
common/ecies_crypto.h
Normal file
82
common/ecies_crypto.h
Normal file
@@ -0,0 +1,82 @@
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
// Copyright 2019 Google LLC.
|
||||
//
|
||||
// This software is licensed under the terms defined in the Widevine Master
|
||||
// License Agreement. For a copy of this agreement, please contact
|
||||
// widevine-licensing@google.com.
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifndef COMMON_ECIES_CRYPTO_H_
|
||||
#define COMMON_ECIES_CRYPTO_H_
|
||||
|
||||
#include <memory>
|
||||
#include <string>
|
||||
|
||||
#include "common/ec_key.h"
|
||||
#include "common/ec_key_source.h"
|
||||
|
||||
namespace widevine {
|
||||
|
||||
class EciesEncryptor {
|
||||
public:
|
||||
static std::unique_ptr<EciesEncryptor> Create(const std::string& public_key,
|
||||
ECKeySource* key_source);
|
||||
virtual ~EciesEncryptor() = default;
|
||||
EciesEncryptor(const EciesEncryptor&) = delete;
|
||||
EciesEncryptor& operator=(const EciesEncryptor&) = delete;
|
||||
|
||||
// Generates an encrypted EC-IES message using the public key, an ephemeral
|
||||
// private key and context. This function uses AES 256 bit encryption with a
|
||||
// master key derived from EC shared key generated from the public key and
|
||||
// ephemeral private key.
|
||||
// |plaintext| is the value to be encrypted.
|
||||
// |context| is used as part of the key derivation.
|
||||
// |ecies_message| is the concatenation of
|
||||
// 1) the ephemeral public key.
|
||||
// 2) the plaintext encrypted with the derived AES key using AES CBC,
|
||||
// PKCS7 padding and a zerio iv.
|
||||
// 3) The HMAC SHA256 of the cipher text.
|
||||
// Returns false if there is a problem encrypting the content, true otherwise.
|
||||
virtual bool Encrypt(const std::string& plaintext, const std::string& context,
|
||||
std::string* ecies_message) const;
|
||||
|
||||
protected:
|
||||
// Creates the EciesEncryptor with a given ECKey. This is protected in order
|
||||
// to support mock tests.
|
||||
EciesEncryptor(std::unique_ptr<ECPublicKey> public_key,
|
||||
ECKeySource* key_source);
|
||||
|
||||
private:
|
||||
std::unique_ptr<ECPublicKey> public_key_;
|
||||
ECKeySource* key_source_;
|
||||
};
|
||||
|
||||
class EciesDecryptor {
|
||||
public:
|
||||
static std::unique_ptr<EciesDecryptor> Create(
|
||||
const std::string& serialized_private_key);
|
||||
|
||||
virtual ~EciesDecryptor() = default;
|
||||
EciesDecryptor(const EciesDecryptor&) = delete;
|
||||
EciesDecryptor& operator=(const EciesDecryptor&) = delete;
|
||||
|
||||
// Decrypts and verifies an EC-IES message using the private key, the
|
||||
// ephemeral public key embedded in |ecies_message| and the |context|.
|
||||
// This function uses a master AES key to decrypt the content and validate the
|
||||
// signature. The content is encrypted with AES CBC, PKCS7 padded with a
|
||||
// zero iv.
|
||||
// |plaintext| will be populated iff decryption is successful and the
|
||||
// signature is valid.
|
||||
// Returns false if there is a problem decrypting the content, true otherwise.
|
||||
virtual bool Decrypt(const std::string& ecies_message,
|
||||
const std::string& context,
|
||||
std::string* plaintext) const;
|
||||
|
||||
private:
|
||||
explicit EciesDecryptor(std::unique_ptr<ECPrivateKey> private_key);
|
||||
std::unique_ptr<ECPrivateKey> private_key_;
|
||||
};
|
||||
|
||||
} // namespace widevine
|
||||
|
||||
#endif // COMMON_ECIES_CRYPTO_H_
|
||||
Reference in New Issue
Block a user