AttestationResult AttestationClientImpl::Encrypt()

in client-library/src/Attestation/AttestationClient/lib/AttestationClientImpl.cpp [204:267]

• 55 lines of code
• 12 McCabe index (conditional complexity)

AttestationResult AttestationClientImpl::Encrypt(const attest::EncryptionType encryption_type,
                                                 const unsigned char* jwt_token,
                                                 const unsigned char* data,
                                                 uint32_t data_size,
                                                 unsigned char** encrypted_data,
                                                 uint32_t* encrypted_data_size,
                                                 unsigned char** encryption_metadata,
                                                 uint32_t* encryption_metadata_size,
                                                 const attest::RsaScheme rsaWrapAlgId,
                                                 const attest::RsaHashAlg rsaHashAlgId) noexcept {
    AttestationResult result(AttestationResult::ErrorCode::SUCCESS);
    if (jwt_token == nullptr ||
        data == nullptr ||
        data_size <= 0 ||
        encrypted_data == nullptr ||
        encrypted_data_size == nullptr ||
        encryption_metadata == nullptr ||
        encryption_metadata_size == nullptr ||
        encryption_type != attest::EncryptionType::NONE) {
        CLIENT_LOG_ERROR("Invalid input parameter");
        result.code_ = AttestationResult::ErrorCode::ERROR_INVALID_INPUT_PARAMETER;
        result.description_ = std::string("Invalid input parameter");
        return result;
    }

    std::string jwt_token_str(const_cast<char*>(reinterpret_cast<const char*>(jwt_token)));
    // Extract JWK info from attestation JWT
    std::string n_base64url, e_base64url;
    if (!jwt::ExtractJwkInfoFromAttestationJwt(jwt_token_str, n_base64url, e_base64url)) {
        CLIENT_LOG_ERROR("Error while extracting JWK info from JWT");
        result.code_ = AttestationResult::ErrorCode::ERROR_EXTRACTING_JWK_INFO;
        result.description_ = std::string("Error while extracting JWK info from JWT");
        return result;
    }

    // Convert JWK to RSA public key
    BIO* pkey_bio = BIO_new(BIO_s_mem());
    if ((result = crypto::ConvertJwkToRsaPubKey(pkey_bio, n_base64url, e_base64url)).code_ != 
                                                                AttestationResult::ErrorCode::SUCCESS) {
        CLIENT_LOG_ERROR("Failed to convert JWK to RSA Public key");
        BIO_free(pkey_bio);
        return result;
    }

    // For encryption type 'NONE', the data is expected to be the symmetric key
    std::vector<unsigned char> in_data(data, data + data_size);
    std::vector<unsigned char> out_data;
    // Use RSA public key to encrypt the input data
    if ((result = crypto::EncryptDataWithRSAPubKey(pkey_bio, rsaWrapAlgId, rsaHashAlgId, in_data, out_data)).code_ !=
        AttestationResult::ErrorCode::SUCCESS) {
        CLIENT_LOG_ERROR("Failed to encrypt the buffer");
        BIO_free(pkey_bio);
        return result;
    }

    *encrypted_data = (unsigned char*)malloc(sizeof(unsigned char) * out_data.size());
    std::memcpy((void*)*encrypted_data, (void*)out_data.data(), out_data.size());
    *encrypted_data_size = out_data.size();
    *encryption_metadata = nullptr;
    *encryption_metadata_size = 0;

    BIO_free(pkey_bio);
    return result;
}