• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_KEYMASTER_ECDSA_KEYMASTER1_OPERATION_H_
18 #define SYSTEM_KEYMASTER_ECDSA_KEYMASTER1_OPERATION_H_
19 
20 #include <utility>
21 
22 #include <openssl/evp.h>
23 
24 #include <hardware/keymaster1.h>
25 
26 #include <keymaster/android_keymaster_utils.h>
27 #include <keymaster/km_openssl/ecdsa_operation.h>
28 #include <keymaster/legacy_support/keymaster1_engine.h>
29 
30 namespace keymaster {
31 
32 class EcdsaKeymaster1WrappedOperation {
33   public:
EcdsaKeymaster1WrappedOperation(keymaster_purpose_t purpose,const Keymaster1Engine * engine)34     EcdsaKeymaster1WrappedOperation(keymaster_purpose_t purpose, const Keymaster1Engine* engine)
35         : purpose_(purpose), operation_handle_(0), engine_(engine) {}
~EcdsaKeymaster1WrappedOperation()36     ~EcdsaKeymaster1WrappedOperation() {
37         if (operation_handle_) Abort();
38     }
39 
40     keymaster_error_t Begin(EVP_PKEY* ecdsa_key, const AuthorizationSet& input_params);
41     keymaster_error_t PrepareFinish(EVP_PKEY* ecdsa_key, const AuthorizationSet& input_params);
42     keymaster_error_t Abort();
43 
44     keymaster_error_t GetError(EVP_PKEY* ecdsa_key);
45 
GetOperationHandle()46     keymaster_operation_handle_t GetOperationHandle() const { return operation_handle_; }
47 
48   protected:
49     keymaster_purpose_t purpose_;
50     keymaster_operation_handle_t operation_handle_;
51     const Keymaster1Engine* engine_;
52 };
53 
54 template <typename BaseOperation> class EcdsaKeymaster1Operation : public BaseOperation {
55     typedef BaseOperation super;
56 
57   public:
EcdsaKeymaster1Operation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,EVP_PKEY * key,const Keymaster1Engine * engine)58     EcdsaKeymaster1Operation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced,
59                              keymaster_digest_t digest, EVP_PKEY* key,
60                              const Keymaster1Engine* engine)
61         : BaseOperation(std::move(hw_enforced), std::move(sw_enforced), digest, key),
62           wrapped_operation_(super::purpose(), engine) {
63         // Shouldn't be instantiated for public key operations.
64         assert(super::purpose() != KM_PURPOSE_VERIFY);
65         assert(super::purpose() != KM_PURPOSE_ENCRYPT);
66     }
67 
Begin(const AuthorizationSet & input_params,AuthorizationSet * output_params)68     keymaster_error_t Begin(const AuthorizationSet& input_params,
69                             AuthorizationSet* output_params) override {
70         keymaster_error_t error = wrapped_operation_.Begin(super::ecdsa_key_, input_params);
71         if (error != KM_ERROR_OK) return error;
72         return super::Begin(input_params, output_params);
73     }
74 
Finish(const AuthorizationSet & input_params,const Buffer & input,const Buffer & signature,AuthorizationSet * output_params,Buffer * output)75     keymaster_error_t Finish(const AuthorizationSet& input_params, const Buffer& input,
76                              const Buffer& signature, AuthorizationSet* output_params,
77                              Buffer* output) override {
78         keymaster_error_t error = wrapped_operation_.PrepareFinish(super::ecdsa_key_, input_params);
79         if (error != KM_ERROR_OK) return error;
80         error = super::Finish(input_params, input, signature, output_params, output);
81         if (wrapped_operation_.GetError(super::ecdsa_key_) != KM_ERROR_OK)
82             error = wrapped_operation_.GetError(super::ecdsa_key_);
83         return error;
84     }
85 
Abort()86     keymaster_error_t Abort() override {
87         keymaster_error_t error = wrapped_operation_.Abort();
88         if (error != KM_ERROR_OK) return error;
89         return super::Abort();
90     }
91 
operation_handle()92     keymaster_operation_handle_t operation_handle() const override {
93         return wrapped_operation_.GetOperationHandle();
94     }
95 
96   private:
97     EcdsaKeymaster1WrappedOperation wrapped_operation_;
98 };
99 
100 /**
101  * Factory that produces EcdsaKeymaster1Operations.  This is instantiated and
102  * provided by EcdsaKeymaster1KeyFactory.
103  */
104 class EcdsaKeymaster1OperationFactory : public OperationFactory {
105   public:
EcdsaKeymaster1OperationFactory(keymaster_purpose_t purpose,const Keymaster1Engine * engine)106     EcdsaKeymaster1OperationFactory(keymaster_purpose_t purpose, const Keymaster1Engine* engine)
107         : purpose_(purpose), engine_(engine) {}
registry_key()108     KeyType registry_key() const override { return KeyType(KM_ALGORITHM_EC, purpose_); }
109 
110     OperationPtr CreateOperation(Key&& key, const AuthorizationSet& begin_params,
111                                  keymaster_error_t* error) override;
112 
113     const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override;
114     const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override;
115 
116   private:
117     keymaster_purpose_t purpose_;
118     const Keymaster1Engine* engine_;
119 };
120 
121 }  // namespace keymaster
122 
123 #endif  // SYSTEM_KEYMASTER_ECDSA_KEYMASTER1_OPERATION_H_
124