83 lines
3.1 KiB
C++
83 lines
3.1 KiB
C++
////////////////////////////////////////////////////////////////////////////////
|
|
// Copyright 2019 Google LLC.
|
|
//
|
|
// This software is licensed under the terms defined in the Widevine Master
|
|
// License Agreement. For a copy of this agreement, please contact
|
|
// widevine-licensing@google.com.
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
#ifndef COMMON_ECIES_CRYPTO_H_
|
|
#define COMMON_ECIES_CRYPTO_H_
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
|
|
#include "common/ec_key.h"
|
|
#include "common/ec_key_source.h"
|
|
|
|
namespace widevine {
|
|
|
|
class EciesEncryptor {
|
|
public:
|
|
static std::unique_ptr<EciesEncryptor> Create(const std::string& public_key,
|
|
ECKeySource* key_source);
|
|
virtual ~EciesEncryptor() = default;
|
|
EciesEncryptor(const EciesEncryptor&) = delete;
|
|
EciesEncryptor& operator=(const EciesEncryptor&) = delete;
|
|
|
|
// Generates an encrypted EC-IES message using the public key, an ephemeral
|
|
// private key and context. This function uses AES 256 bit encryption with a
|
|
// master key derived from EC shared key generated from the public key and
|
|
// ephemeral private key.
|
|
// |plaintext| is the value to be encrypted.
|
|
// |context| is used as part of the key derivation.
|
|
// |ecies_message| is the concatenation of
|
|
// 1) the ephemeral public key.
|
|
// 2) the plaintext encrypted with the derived AES key using AES CBC,
|
|
// PKCS7 padding and a zerio iv.
|
|
// 3) The HMAC SHA256 of the cipher text.
|
|
// Returns false if there is a problem encrypting the content, true otherwise.
|
|
virtual bool Encrypt(const std::string& plaintext, const std::string& context,
|
|
std::string* ecies_message) const;
|
|
|
|
protected:
|
|
// Creates the EciesEncryptor with a given ECKey. This is protected in order
|
|
// to support mock tests.
|
|
EciesEncryptor(std::unique_ptr<ECPublicKey> public_key,
|
|
ECKeySource* key_source);
|
|
|
|
private:
|
|
std::unique_ptr<ECPublicKey> public_key_;
|
|
ECKeySource* key_source_;
|
|
};
|
|
|
|
class EciesDecryptor {
|
|
public:
|
|
static std::unique_ptr<EciesDecryptor> Create(
|
|
const std::string& serialized_private_key);
|
|
|
|
virtual ~EciesDecryptor() = default;
|
|
EciesDecryptor(const EciesDecryptor&) = delete;
|
|
EciesDecryptor& operator=(const EciesDecryptor&) = delete;
|
|
|
|
// Decrypts and verifies an EC-IES message using the private key, the
|
|
// ephemeral public key embedded in |ecies_message| and the |context|.
|
|
// This function uses a master AES key to decrypt the content and validate the
|
|
// signature. The content is encrypted with AES CBC, PKCS7 padded with a
|
|
// zero iv.
|
|
// |plaintext| will be populated iff decryption is successful and the
|
|
// signature is valid.
|
|
// Returns false if there is a problem decrypting the content, true otherwise.
|
|
virtual bool Decrypt(const std::string& ecies_message,
|
|
const std::string& context,
|
|
std::string* plaintext) const;
|
|
|
|
private:
|
|
explicit EciesDecryptor(std::unique_ptr<ECPrivateKey> private_key);
|
|
std::unique_ptr<ECPrivateKey> private_key_;
|
|
};
|
|
|
|
} // namespace widevine
|
|
|
|
#endif // COMMON_ECIES_CRYPTO_H_
|