• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include "key_exchange.h"
20 
21 #include <hardware/keymaster_defs.h>
22 #include <keymaster/authorization_set.h>
23 
24 #include <keymaster/UniquePtr.h>
25 
26 #include "openssl_utils.h"
27 
28 namespace keymaster {
29 
30 /**
31  * NistCurveKeyExchange implements a KeyExchange using elliptic-curve
32  * Diffie-Hellman on NIST curves: P-224, P-256, P-384 and P-521.
33  */
34 class NistCurveKeyExchange : public KeyExchange {
35   public:
~NistCurveKeyExchange()36     ~NistCurveKeyExchange() override {}
37 
38     /**
39      * NistCurveKeyExchange takes ownership of \p private_key.
40      */
41     NistCurveKeyExchange(EC_KEY* private_key, keymaster_error_t* error);
42 
43     /**
44      * GenerateKeyExchange generates a new public/private key pair on a NIST curve and returns
45      * a new key exchange object.
46      */
47     static NistCurveKeyExchange* GenerateKeyExchange(keymaster_ec_curve_t curve);
48 
49     /**
50      * KeyExchange interface.
51      */
52     bool CalculateSharedKey(const uint8_t* peer_public_value, size_t peer_public_value_len,
53                             Buffer* shared_key) const override;
54     bool CalculateSharedKey(const Buffer& peer_public_value, Buffer* shared_key) const override;
55     bool public_value(Buffer* public_value) const override;
56 
57     /* Caller takes ownership of \p private_key. */
private_key()58     EC_KEY* private_key() { return private_key_.release(); }
59 
60   private:
61     keymaster_error_t ExtractPublicKey();
62 
63     UniquePtr<EC_KEY, EC_KEY_Delete> private_key_;
64     UniquePtr<uint8_t[]> public_key_;
65     size_t public_key_len_;
66     size_t shared_secret_len_;
67 };
68 
69 }  // namespace keymaster
70