[common,crypto] Add crypto provider interface

Signed-off-by: Mykhailo Lohvynenko <[email protected]>

Author: mlohvynenko

include/aos/common/crypto/crypto.hpp

@@ -296,6 +296,33 @@ class RandomItf {
     virtual ~RandomItf() = default;
 };
 
+/***
+ * UUID generator interface.
+ */
+class UUIDItf {
+public:
+    /**
+     * Creates UUID v4.
+     *
+     * @return RetWithError<uuid::UUID>.
+     */
+    virtual RetWithError<uuid::UUID> CreateUUIDv4() = 0;
+
+    /**
+     * Creates UUID version 5 based on a given namespace identifier and name.
+     *
+     * @param space namespace identifier.
+     * @param name name.
+     * @result RetWithError<uuid::UUID>.
+     */
+    virtual RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) = 0;
+
+    /**
+     * Destructor.
+     */
+    virtual ~UUIDItf() = default;
+};
+
 /**
  * Options being used while signing.
  */
@@ -700,15 +727,6 @@ class ProviderItf {
      */
     virtual Error ASN1DecodeOID(const Array<uint8_t>& inOID, Array<uint8_t>& dst) = 0;
 
-    /**
-     * Creates UUID version 5 based on a given namespace identifier and name.
-     *
-     * @param space namespace identifier.
-     * @param name name.
-     * @result RetWithError<uuid::UUID>.
-     */
-    virtual RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) = 0;
-
     /**
      * Destroys object instance.
      */
@@ -721,6 +739,18 @@ class ProviderItf {
 using CertificateChain = StaticArray<Certificate, cCertChainSize>;
 
 } // namespace x509
+
+/**
+ * Crypto provider interface.
+ */
+class CryptoProviderItf : public x509::ProviderItf, public HasherItf, public RandomItf, public UUIDItf {
+public:
+    /**
+     * Destructor.
+     */
+    virtual ~CryptoProviderItf() = default;
+};
+
 } // namespace aos::crypto
 
 #endif

include/aos/common/crypto/mbedtls/cryptoprovider.hpp

@@ -22,7 +22,7 @@ namespace aos::crypto {
 /**
  * MbedTLSCryptoProvider provider.
  */
-class MbedTLSCryptoProvider : public x509::ProviderItf, public HasherItf, public RandomItf {
+class MbedTLSCryptoProvider : public CryptoProviderItf {
 public:
     /**
      * Initializes the object.
@@ -164,15 +164,6 @@ class MbedTLSCryptoProvider : public x509::ProviderItf, public HasherItf, public
      */
     Error ASN1DecodeOID(const Array<uint8_t>& inOID, Array<uint8_t>& dst) override;
 
-    /**
-     * Creates UUID version 5 based on a given namespace identifier and name.
-     *
-     * @param space namespace identifier.
-     * @param name name.
-     * @result RetWithError<uuid::UUID>.
-     */
-    RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) override;
-
     /**
      * Creates hash instance.
      *
@@ -198,6 +189,22 @@ class MbedTLSCryptoProvider : public x509::ProviderItf, public HasherItf, public
      */
     Error RandBuffer(Array<uint8_t>& buffer, size_t size) override;
 
+    /**
+     * Creates UUID v4.
+     *
+     * @return RetWithError<uuid::UUID>.
+     */
+    RetWithError<uuid::UUID> CreateUUIDv4() override;
+
+    /**
+     * Creates UUID version 5 based on a given namespace identifier and name.
+     *
+     * @param space namespace identifier.
+     * @param name name.
+     * @result RetWithError<uuid::UUID>.
+     */
+    RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) override;
+
 private:
     class MBedTLSHash : public crypto::HashItf, private NonCopyable {
     public:

include/aos/common/crypto/openssl/cryptoprovider.hpp

@@ -17,7 +17,7 @@ namespace aos::crypto {
 /**
  * OpenSSLCryptoProvider provider.
  */
-class OpenSSLCryptoProvider : public x509::ProviderItf, public HasherItf, public RandomItf {
+class OpenSSLCryptoProvider : public CryptoProviderItf {
 public:
     /**
      * Destructor.
@@ -164,15 +164,6 @@ class OpenSSLCryptoProvider : public x509::ProviderItf, public HasherItf, public
      */
     Error ASN1DecodeOID(const Array<uint8_t>& inOID, Array<uint8_t>& dst) override;
 
-    /**
-     * Creates UUID version 5 based on a given namespace identifier and name.
-     *
-     * @param space namespace identifier.
-     * @param name name.
-     * @result RetWithError<uuid::UUID>.
-     */
-    RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) override;
-
     /**
      * Creates hash instance.
      *
@@ -198,6 +189,22 @@ class OpenSSLCryptoProvider : public x509::ProviderItf, public HasherItf, public
      */
     Error RandBuffer(Array<uint8_t>& buffer, size_t size = 0) override;
 
+    /**
+     * Creates UUID v4.
+     *
+     * @return RetWithError<uuid::UUID>.
+     */
+    RetWithError<uuid::UUID> CreateUUIDv4() override;
+
+    /**
+     * Creates UUID version 5 based on a given namespace identifier and name.
+     *
+     * @param space namespace identifier.
+     * @param name name.
+     * @result RetWithError<uuid::UUID>.
+     */
+    RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) override;
+
 private:
     class OpenSSLHash : public crypto::HashItf, private NonCopyable {
     public:

include/aos/iam/certmodules/pkcs11/pkcs11.hpp

@@ -73,11 +73,11 @@ class PKCS11Module : public HSMItf {
      * @param certType certificate type.
      * @param config module configuration.
      * @param pkcs11 reference to pkcs11 library context.
-     * @param x509Provider reference to x509 crypto interface.
+     * @param cryptoProvider reference to crypto provider interface.
      * @return Error.
      */
     Error Init(const String& certType, const PKCS11ModuleConfig& config, pkcs11::PKCS11Manager& pkcs11,
-        crypto::x509::ProviderItf& x509Provider);
+        crypto::CryptoProviderItf& cryptoProvider);
 
     /**
      * Owns the module.
@@ -209,7 +209,7 @@ class PKCS11Module : public HSMItf {
     PKCS11ModuleConfig         mConfig {};
 
     SharedPtr<pkcs11::LibraryContext> mPKCS11;
-    crypto::x509::ProviderItf*        mX509Provider {};
+    crypto::CryptoProviderItf*        mCryptoProvider {};
 
     uint32_t                        mSlotID = 0;
     StaticString<pkcs11::cLabelLen> mTokenLabel;

include/aos/test/crypto/providers/cryptofactoryitf.hpp

@@ -44,7 +44,7 @@ class CryptoFactoryItf {
      *
      * @return x509::ProviderItf&.
      */
-    virtual x509::ProviderItf& GetCryptoProvider() = 0;
+    virtual CryptoProviderItf& GetCryptoProvider() = 0;
 
     /**
      * Returns hash provider.

include/aos/test/crypto/providers/mbedtlsfactory.hpp

@@ -40,9 +40,9 @@ class MBedTLSCryptoFactory : public CryptoFactoryItf {
     /**
      * Returns crypto provider.
      *
-     * @return x509::ProviderItf&.
+     * @return CryptoProviderItf&.
      */
-    x509::ProviderItf& GetCryptoProvider() override;
+    CryptoProviderItf& GetCryptoProvider() override;
 
     /**
      * Returns hash provider.

include/aos/test/crypto/providers/opensslfactory.hpp

@@ -40,9 +40,9 @@ class OpenSSLCryptoFactory : public CryptoFactoryItf {
     /**
      * Returns crypto provider.
      *
-     * @return x509::ProviderItf&.
+     * @return CryptoProviderItf&.
      */
-    x509::ProviderItf& GetCryptoProvider() override;
+    CryptoProviderItf& GetCryptoProvider() override;
 
     /**
      * Returns hash provider.

src/common/crypto/mbedtls/cryptoprovider.cpp

@@ -571,36 +571,6 @@ Error MbedTLSCryptoProvider::ASN1DecodeOID(const Array<uint8_t>& inOID, Array<ui
     return crypto::ASN1RemoveTag(inOID, dst, MBEDTLS_ASN1_OID);
 }
 
-RetWithError<uuid::UUID> MbedTLSCryptoProvider::CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name)
-{
-    constexpr auto cUUIDVersion = 5;
-
-    StaticArray<uint8_t, cSHA1InputDataSize> buffer = space;
-
-    auto err = buffer.Insert(buffer.end(), name.begin(), name.end());
-    if (!err.IsNone()) {
-        return {{}, AOS_ERROR_WRAP(err)};
-    }
-
-    StaticArray<uint8_t, cSHA1DigestSize> sha1;
-
-    sha1.Resize(sha1.MaxSize());
-
-    int ret = mbedtls_sha1(buffer.Get(), buffer.Size(), sha1.Get());
-    if (ret != 0) {
-        return {{}, AOS_ERROR_WRAP(ret)};
-    }
-
-    // copy lowest 16 bytes
-    uuid::UUID result = Array<uint8_t>(sha1.Get(), uuid::cUUIDSize);
-
-    // The version of the UUID will be the lower 4 bits of cUUIDVersion
-    result[6] = (result[6] & 0x0f) | uint8_t((cUUIDVersion & 0xf) << 4);
-    result[8] = (result[8] & 0x3f) | 0x80; // RFC 4122 variant
-
-    return result;
-}
-
 RetWithError<UniquePtr<HashItf>> MbedTLSCryptoProvider::CreateHash(Hash algorithm)
 {
     psa_algorithm_t alg = PSA_ALG_SHA3_256;
@@ -674,6 +644,53 @@ Error MbedTLSCryptoProvider::RandBuffer(Array<uint8_t>& buffer, size_t size)
     return ErrorEnum::eNone;
 }
 
+RetWithError<uuid::UUID> MbedTLSCryptoProvider::CreateUUIDv4()
+{
+    constexpr auto cUUIDVersion = 4;
+
+    uuid::UUID uuid;
+
+    if (auto err = RandBuffer(uuid, uuid.MaxSize()); !err.IsNone()) {
+        return {{}, AOS_ERROR_WRAP(err)};
+    }
+
+    // The version of the UUID will be the lower 4 bits of cUUIDVersion
+    uuid[6] = (uuid[6] & 0x0f) | uint8_t((cUUIDVersion & 0xf) << 4);
+    uuid[8] = (uuid[8] & 0x3f) | 0x80; // RFC 4122 variant
+
+    return uuid;
+}
+
+RetWithError<uuid::UUID> MbedTLSCryptoProvider::CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name)
+{
+    constexpr auto cUUIDVersion = 5;
+
+    StaticArray<uint8_t, cSHA1InputDataSize> buffer = space;
+
+    auto err = buffer.Insert(buffer.end(), name.begin(), name.end());
+    if (!err.IsNone()) {
+        return {{}, AOS_ERROR_WRAP(err)};
+    }
+
+    StaticArray<uint8_t, cSHA1DigestSize> sha1;
+
+    sha1.Resize(sha1.MaxSize());
+
+    int ret = mbedtls_sha1(buffer.Get(), buffer.Size(), sha1.Get());
+    if (ret != 0) {
+        return {{}, AOS_ERROR_WRAP(ret)};
+    }
+
+    // copy lowest 16 bytes
+    uuid::UUID result = Array<uint8_t>(sha1.Get(), uuid::cUUIDSize);
+
+    // The version of the UUID will be the lower 4 bits of cUUIDVersion
+    result[6] = (result[6] & 0x0f) | uint8_t((cUUIDVersion & 0xf) << 4);
+    result[8] = (result[8] & 0x3f) | 0x80; // RFC 4122 variant
+
+    return result;
+}
+
 /***********************************************************************************************************************
  * Private
  **********************************************************************************************************************/

src/common/crypto/openssl/cryptoprovider.cpp

@@ -1487,33 +1487,6 @@ Error OpenSSLCryptoProvider::ASN1DecodeOID(const Array<uint8_t>& inOID, Array<ui
     return ErrorEnum::eNone;
 }
 
-RetWithError<uuid::UUID> OpenSSLCryptoProvider::CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name)
-{
-    constexpr auto cUUIDVersion = 5;
-
-    StaticArray<uint8_t, cSHA1InputDataSize> buffer = space;
-
-    auto err = buffer.Insert(buffer.end(), name.begin(), name.end());
-    if (!err.IsNone()) {
-        return {{}, AOS_ERROR_WRAP(err)};
-    }
-
-    StaticArray<uint8_t, cSHA1DigestSize> sha1;
-
-    sha1.Resize(sha1.MaxSize());
-
-    SHA1(buffer.Get(), buffer.Size(), sha1.Get());
-
-    // copy lowest 16 bytes
-    uuid::UUID result = Array<uint8_t>(sha1.Get(), uuid::cUUIDSize);
-
-    // The version of the UUID will be the lower 4 bits of cUUIDVersion
-    result[6] = (result[6] & 0x0f) | uint8_t((cUUIDVersion & 0xf) << 4);
-    result[8] = (result[8] & 0x3f) | 0x80; // RFC 4122 variant
-
-    return result;
-}
-
 RetWithError<UniquePtr<HashItf>> OpenSSLCryptoProvider::CreateHash(Hash algorithm)
 {
     if (algorithm == HashEnum::eNone) {
@@ -1556,6 +1529,50 @@ Error OpenSSLCryptoProvider::RandBuffer(Array<uint8_t>& buffer, size_t size)
     return ErrorEnum::eNone;
 }
 
+RetWithError<uuid::UUID> OpenSSLCryptoProvider::CreateUUIDv4()
+{
+    constexpr auto cUUIDVersion = 4;
+
+    uuid::UUID uuid;
+
+    if (auto err = RandBuffer(uuid, uuid.MaxSize()); !err.IsNone()) {
+        return {{}, AOS_ERROR_WRAP(err)};
+    }
+
+    // The version of the UUID will be the lower 4 bits of cUUIDVersion
+    uuid[6] = (uuid[6] & 0x0f) | uint8_t((cUUIDVersion & 0xf) << 4);
+    uuid[8] = (uuid[8] & 0x3f) | 0x80; // RFC 4122 variant
+
+    return uuid;
+}
+
+RetWithError<uuid::UUID> OpenSSLCryptoProvider::CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name)
+{
+    constexpr auto cUUIDVersion = 5;
+
+    StaticArray<uint8_t, cSHA1InputDataSize> buffer = space;
+
+    auto err = buffer.Insert(buffer.end(), name.begin(), name.end());
+    if (!err.IsNone()) {
+        return {{}, AOS_ERROR_WRAP(err)};
+    }
+
+    StaticArray<uint8_t, cSHA1DigestSize> sha1;
+
+    sha1.Resize(sha1.MaxSize());
+
+    SHA1(buffer.Get(), buffer.Size(), sha1.Get());
+
+    // copy lowest 16 bytes
+    uuid::UUID result = Array<uint8_t>(sha1.Get(), uuid::cUUIDSize);
+
+    // The version of the UUID will be the lower 4 bits of cUUIDVersion
+    result[6] = (result[6] & 0x0f) | uint8_t((cUUIDVersion & 0xf) << 4);
+    result[8] = (result[8] & 0x3f) | 0x80; // RFC 4122 variant
+
+    return result;
+}
+
 /***********************************************************************************************************************
  * Private
  **********************************************************************************************************************/