From 57a8f734719715be5f119a6990fd9deebea94196 Mon Sep 17 00:00:00 2001
From: Ivan Petrov <ivanpetrov@google.com>
Date: Wed, 27 Mar 2024 15:29:07 +0000
Subject: [PATCH] Add GroupEncryptionKeyHandle to C++ Containers SDK (#4964)

Ref https://github.com/project-oak/oak/issues/4442
---
 cc/containers/sdk/encryption_key_handle.cc | 12 ++++++++++++
 cc/containers/sdk/encryption_key_handle.h  |  9 +++++++++
 2 files changed, 21 insertions(+)

diff --git a/cc/containers/sdk/encryption_key_handle.cc b/cc/containers/sdk/encryption_key_handle.cc
index c28c5ffbeb9..3e6328a2bbe 100644
--- a/cc/containers/sdk/encryption_key_handle.cc
+++ b/cc/containers/sdk/encryption_key_handle.cc
@@ -44,4 +44,16 @@ InstanceEncryptionKeyHandle::GenerateRecipientContext(
   return RecipientContext::Deserialize(*session_keys);
 }
 
+absl::StatusOr<std::unique_ptr<RecipientContext>>
+GroupEncryptionKeyHandle::GenerateRecipientContext(
+    absl::string_view serialized_encapsulated_public_key) {
+  absl::StatusOr<SessionKeys> session_keys = orchestrator_crypto_client_.DeriveSessionKeys(
+      KeyOrigin::GROUP, serialized_encapsulated_public_key);
+  if (!session_keys.ok()) {
+    return absl::InternalError("couldn't derive session keys");
+  }
+
+  return RecipientContext::Deserialize(*session_keys);
+}
+
 }  // namespace oak::containers::sdk
diff --git a/cc/containers/sdk/encryption_key_handle.h b/cc/containers/sdk/encryption_key_handle.h
index a2513324c66..58ceabe89ef 100644
--- a/cc/containers/sdk/encryption_key_handle.h
+++ b/cc/containers/sdk/encryption_key_handle.h
@@ -37,6 +37,15 @@ class InstanceEncryptionKeyHandle : public ::oak::crypto::EncryptionKeyHandle {
   OrchestratorCryptoClient orchestrator_crypto_client_;
 };
 
+class GroupEncryptionKeyHandle : public ::oak::crypto::EncryptionKeyHandle {
+ public:
+  absl::StatusOr<std::unique_ptr<::oak::crypto::RecipientContext>> GenerateRecipientContext(
+      absl::string_view serialized_encapsulated_public_key) override;
+
+ private:
+  OrchestratorCryptoClient orchestrator_crypto_client_;
+};
+
 }  // namespace oak::containers::sdk
 
 #endif  // THIRD_PARTY_OAK_CC_CONTAINERS_ENCRYPTION_KEY_HANDLE_H_