Line data    Source code

       1             : #pragma once
       2             : 
       3             : #include <cstdint>
       4             : #include <vector>
       5             : 
       6             : #include "envoy/buffer/buffer.h"
       7             : #include "envoy/common/crypto/crypto.h"
       8             : 
       9             : #include "source/common/singleton/threadsafe_singleton.h"
      10             : 
      11             : #include "absl/strings/string_view.h"
      12             : 
      13             : namespace Envoy {
      14             : namespace Common {
      15             : namespace Crypto {
      16             : 
      17             : struct VerificationOutput {
      18             :   /**
      19             :    * Verification result. If result_ is true, error_message_ is empty.
      20             :    */
      21             :   bool result_;
      22             : 
      23             :   /**
      24             :    * Error message when verification failed.
      25             :    * TODO(crazyxy): switch to absl::StatusOr when available
      26             :    */
      27             :   std::string error_message_;
      28             : };
      29             : 
      30             : class Utility {
      31             : public:
      32           0 :   virtual ~Utility() = default;
      33             : 
      34             :   /**
      35             :    * Computes the SHA-256 digest of a buffer.
      36             :    * @param buffer the buffer.
      37             :    * @return a vector of bytes for the computed digest.
      38             :    */
      39             :   virtual std::vector<uint8_t> getSha256Digest(const Buffer::Instance& buffer) PURE;
      40             : 
      41             :   /**
      42             :    * Computes the SHA-256 HMAC for a given key and message.
      43             :    * @param key the HMAC function key.
      44             :    * @param message string_view message data for the HMAC function.
      45             :    * @return a vector of bytes for the computed HMAC.
      46             :    */
      47             :   virtual std::vector<uint8_t> getSha256Hmac(const std::vector<uint8_t>& key,
      48             :                                              absl::string_view message) PURE;
      49             : 
      50             :   /**
      51             :    * Verify cryptographic signatures.
      52             :    * @param hash hash function(including SHA1, SHA224, SHA256, SHA384, SHA512)
      53             :    * @param key pointer to EVP_PKEY public key
      54             :    * @param signature signature
      55             :    * @param text clear text
      56             :    * @return If the result_ is true, the error_message_ is empty; otherwise,
      57             :    * the error_message_ stores the error message
      58             :    */
      59             :   virtual const VerificationOutput verifySignature(absl::string_view hash, CryptoObject& key,
      60             :                                                    const std::vector<uint8_t>& signature,
      61             :                                                    const std::vector<uint8_t>& text) PURE;
      62             : 
      63             :   /**
      64             :    * Import public key.
      65             :    * @param key key string
      66             :    * @return pointer to EVP_PKEY public key
      67             :    */
      68             :   virtual CryptoObjectPtr importPublicKey(const std::vector<uint8_t>& key) PURE;
      69             : };
      70             : 
      71             : using UtilitySingleton = InjectableSingleton<Utility>;
      72             : using ScopedUtilitySingleton = ScopedInjectableLoader<Utility>;
      73             : 
      74             : } // namespace Crypto
      75             : } // namespace Common
      76             : } // namespace Envoy