| // |
| // Copyright (C) 2020 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| #pragma once |
| |
| #include <keymaster/android_keymaster_utils.h> |
| #include <tss2/tss2_esys.h> |
| |
| #include "host/commands/secure_env/tpm_auth.h" |
| |
| namespace cuttlefish { |
| |
| /** |
| * Encrypt `data_in` to `data_out`, which are both buffers of size `data_size`. |
| * |
| * There are no integrity guarantees on this data: if the encrypted data is |
| * corrupted, decrypting it could either fail or produce corrupted output. |
| * |
| * `iv` should be generated randomly, and can be stored unencrypted next to |
| * the plaintext. |
| */ |
| bool TpmEncrypt(ESYS_CONTEXT* esys, ESYS_TR key_handle, TpmAuth auth, |
| const TPM2B_IV& iv, uint8_t* data_in, uint8_t* data_out, |
| size_t data_size); |
| |
| /** |
| * Decrypt `data_in` to `data_out`, which are both buffers of size `data_size`. |
| * |
| * There are no integrity guarantees on this data: if the encrypted data is |
| * corrupted, decrypting it could either fail or produce corrupted output. |
| */ |
| bool TpmDecrypt(ESYS_CONTEXT* esys, ESYS_TR key_handle, TpmAuth auth, |
| const TPM2B_IV& iv, uint8_t* data_in, uint8_t* data_out, |
| size_t data_size); |
| |
| } // namespace cuttlefish |
