Aktualizr
C++ SOTA Client
All Classes Namespaces Files Functions Variables Enumerations Enumerator Pages
crypto.h
1 #ifndef CRYPTO_H_
2 #define CRYPTO_H_
3 
4 #include <openssl/engine.h>
5 #include <openssl/err.h>
6 #include <openssl/evp.h>
7 #include <openssl/pem.h>
8 #include <openssl/pkcs12.h>
9 #include <openssl/rsa.h>
10 #include <sodium.h>
11 #include <boost/algorithm/hex.hpp>
12 #include <boost/algorithm/string.hpp>
13 #include <boost/algorithm/string/case_conv.hpp>
14 
15 #include <string>
16 #include <utility>
17 
18 #include "utilities/types.h"
19 #include "utilities/utils.h"
20 
21 // some older versions of openssl have BIO_new_mem_buf defined with fisrt parameter of type (void*)
22 // which is not true and breaks our build
23 #undef BIO_new_mem_buf
24 BIO *BIO_new_mem_buf(const void *, int);
25 
26 class PublicKey {
27  public:
28  PublicKey() = default;
29  explicit PublicKey(const boost::filesystem::path &path);
30 
31  explicit PublicKey(Json::Value uptane_json);
32 
33  PublicKey(const std::string &value, KeyType type);
34 
35  std::string Value() const { return value_; }
36 
37  KeyType Type() const { return type_; }
38  /**
39  * Verify a signature using this public key
40  */
41  bool VerifySignature(const std::string &signature, const std::string &message) const;
42  /**
43  * Uptane Json representation of this public key. Used in root.json
44  * and during provisioning.
45  */
46  Json::Value ToUptane() const;
47 
48  std::string KeyId() const;
49  bool operator==(const PublicKey &rhs) const;
50 
51  bool operator!=(const PublicKey &rhs) const { return !(*this == rhs); }
52 
53  private:
54  // std::string can be implicitly converted to a Json::Value. Make sure that
55  // the Json::Value constructor is not called accidentally.
56  PublicKey(std::string);
57  std::string value_;
58  KeyType type_{KeyType::kUnknown};
59 };
60 
61 class MultiPartHasher {
62  public:
63  virtual void update(const unsigned char *part, uint64_t size) = 0;
64  virtual std::string getHexDigest() = 0;
65  virtual ~MultiPartHasher() = default;
66 };
67 
68 class MultiPartSHA512Hasher : public MultiPartHasher {
69  public:
70  MultiPartSHA512Hasher() { crypto_hash_sha512_init(&state_); }
71  ~MultiPartSHA512Hasher() override = default;
72  void update(const unsigned char *part, uint64_t size) override { crypto_hash_sha512_update(&state_, part, size); }
73  std::string getHexDigest() override {
74  std::array<unsigned char, crypto_hash_sha512_BYTES> sha512_hash{};
75  crypto_hash_sha512_final(&state_, sha512_hash.data());
76  return boost::algorithm::hex(std::string(reinterpret_cast<char *>(sha512_hash.data()), crypto_hash_sha512_BYTES));
77  }
78 
79  private:
80  crypto_hash_sha512_state state_{};
81 };
82 
83 class MultiPartSHA256Hasher : public MultiPartHasher {
84  public:
85  MultiPartSHA256Hasher() { crypto_hash_sha256_init(&state_); }
86  ~MultiPartSHA256Hasher() override = default;
87  void update(const unsigned char *part, uint64_t size) override { crypto_hash_sha256_update(&state_, part, size); }
88  std::string getHexDigest() override {
89  std::array<unsigned char, crypto_hash_sha256_BYTES> sha256_hash{};
90  crypto_hash_sha256_final(&state_, sha256_hash.data());
91  return boost::algorithm::hex(std::string(reinterpret_cast<char *>(sha256_hash.data()), crypto_hash_sha256_BYTES));
92  }
93 
94  private:
95  crypto_hash_sha256_state state_{};
96 };
97 
98 class Crypto {
99  public:
100  static std::string sha256digest(const std::string &text);
101  static std::string sha512digest(const std::string &text);
102  static std::string RSAPSSSign(ENGINE *engine, const std::string &private_key, const std::string &message);
103  static std::string Sign(KeyType key_type, ENGINE *engine, const std::string &private_key, const std::string &message);
104  static std::string ED25519Sign(const std::string &private_key, const std::string &message);
105  static bool parseP12(BIO *p12_bio, const std::string &p12_password, std::string *out_pkey, std::string *out_cert,
106  std::string *out_ca);
107  static bool extractSubjectCN(const std::string &cert, std::string *cn);
108  static StructGuard<EVP_PKEY> generateRSAKeyPairEVP(KeyType key_type);
109  static bool generateRSAKeyPair(KeyType key_type, std::string *public_key, std::string *private_key);
110  static bool generateEDKeyPair(std::string *public_key, std::string *private_key);
111  static bool generateKeyPair(KeyType key_type, std::string *public_key, std::string *private_key);
112 
113  static bool RSAPSSVerify(const std::string &public_key, const std::string &signature, const std::string &message);
114  static bool ED25519Verify(const std::string &public_key, const std::string &signature, const std::string &message);
115 
116  static bool IsRsaKeyType(KeyType type);
117  static KeyType IdentifyRSAKeyType(const std::string &public_key_pem);
118 };
119 
120 #endif // CRYPTO_H_
types.h
MultiPartSHA256Hasher
Definition: crypto.h:83
PublicKey::ToUptane
Json::Value ToUptane() const
Uptane Json representation of this public key.
Definition: crypto.cc:74
MultiPartSHA512Hasher
Definition: crypto.h:68
PublicKey
Definition: crypto.h:26
Crypto::generateRSAKeyPair
static bool generateRSAKeyPair(KeyType key_type, std::string *public_key, std::string *private_key)
Generate a RSA keypair.
Definition: crypto.cc:383
PublicKey::VerifySignature
bool VerifySignature(const std::string &signature, const std::string &message) const
Verify a signature using this public key.
Definition: crypto.cc:60
Crypto
Definition: crypto.h:98
MultiPartHasher
Definition: crypto.h:61
Generated by   doxygen 1.8.16