Add GroupEncryptionKeyHandle to C++ Containers SDK (#4964)

Ref #4442
project-oak · Mar 27, 2024 · 57a8f73 · 57a8f73
1 parent 863ee00
commit 57a8f73
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/cc/containers/sdk/encryption_key_handle.cc b/cc/containers/sdk/encryption_key_handle.cc
@@ -44,4 +44,16 @@ InstanceEncryptionKeyHandle::GenerateRecipientContext(
   return RecipientContext::Deserialize(*session_keys);
 }
 
+absl::StatusOr<std::unique_ptr<RecipientContext>>
+GroupEncryptionKeyHandle::GenerateRecipientContext(
+    absl::string_view serialized_encapsulated_public_key) {
+  absl::StatusOr<SessionKeys> session_keys = orchestrator_crypto_client_.DeriveSessionKeys(
+      KeyOrigin::GROUP, serialized_encapsulated_public_key);
+  if (!session_keys.ok()) {
+    return absl::InternalError("couldn't derive session keys");
+  }
+
+  return RecipientContext::Deserialize(*session_keys);
+}
+
 }  // namespace oak::containers::sdk
diff --git a/cc/containers/sdk/encryption_key_handle.h b/cc/containers/sdk/encryption_key_handle.h
@@ -37,6 +37,15 @@ class InstanceEncryptionKeyHandle : public ::oak::crypto::EncryptionKeyHandle {
   OrchestratorCryptoClient orchestrator_crypto_client_;
 };
 
+class GroupEncryptionKeyHandle : public ::oak::crypto::EncryptionKeyHandle {
+ public:
+  absl::StatusOr<std::unique_ptr<::oak::crypto::RecipientContext>> GenerateRecipientContext(
+      absl::string_view serialized_encapsulated_public_key) override;
+
+ private:
+  OrchestratorCryptoClient orchestrator_crypto_client_;
+};
+
 }  // namespace oak::containers::sdk
 
 #endif  // THIRD_PARTY_OAK_CC_CONTAINERS_ENCRYPTION_KEY_HANDLE_H_