• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <functional>
20 #include <string>
21 #include <vector>
22 
23 #include <android-base/result.h>
24 
25 // Information extracted from a certificate.
26 struct CertInfo {
27     std::string subjectCn;
28     std::vector<uint8_t> subjectRsaPublicKey;
29 };
30 
31 // Subjects of certificates we issue.
32 struct CertSubject {
33     const char* commonName;
34     unsigned serialNumber;
35 };
36 
37 // These are all the certificates we ever sign (the first one being our
38 // self-signed cert).  We shouldn't really re-use serial numbers for different
39 // certificates for the same subject but we do; only one should be in use at a
40 // time though.
41 inline const CertSubject kRootSubject{"ODS", 1};
42 inline const CertSubject kCompOsSubject{"CompOs", 2};
43 
44 android::base::Result<void> createSelfSignedCertificate(
45     const std::vector<uint8_t>& publicKey,
46     const std::function<android::base::Result<std::string>(const std::string&)>& signFunction,
47     const std::string& path);
48 
49 android::base::Result<void> createLeafCertificate(
50     const CertSubject& subject, const std::vector<uint8_t>& publicKey,
51     const std::function<android::base::Result<std::string>(const std::string&)>& signFunction,
52     const std::string& issuerCertPath, const std::string& outPath);
53 
54 android::base::Result<std::vector<uint8_t>> createPkcs7(const std::vector<uint8_t>& signedData,
55                                                         const CertSubject& signer);
56 
57 android::base::Result<std::vector<uint8_t>>
58 extractPublicKeyFromX509(const std::vector<uint8_t>& x509);
59 android::base::Result<std::vector<uint8_t>>
60 extractPublicKeyFromSubjectPublicKeyInfo(const std::vector<uint8_t>& subjectKeyInfo);
61 android::base::Result<std::vector<uint8_t>> extractPublicKeyFromX509(const std::string& path);
62 
63 android::base::Result<CertInfo>
64 verifyAndExtractCertInfoFromX509(const std::string& path, const std::vector<uint8_t>& publicKey);
65 
66 android::base::Result<void> verifySignature(const std::string& message,
67                                             const std::string& signature,
68                                             const std::vector<uint8_t>& publicKey);
69 
70 android::base::Result<void> verifyRsaPublicKeySignature(const std::string& message,
71                                                         const std::string& signature,
72                                                         const std::vector<uint8_t>& rsaPublicKey);
73