1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_ASYMMETRIC_KEY_H 18 #define SYSTEM_KEYMASTER_ASYMMETRIC_KEY_H 19 20 #include <openssl/rsa.h> 21 #include <openssl/dsa.h> 22 #include <openssl/ecdsa.h> 23 #include <openssl/evp.h> 24 25 #include "key.h" 26 27 namespace keymaster { 28 29 class AsymmetricKey : public Key { 30 public: 31 protected: AsymmetricKey(const KeyBlob & blob,const Logger & logger)32 AsymmetricKey(const KeyBlob& blob, const Logger& logger) : Key(blob, logger) {} 33 keymaster_error_t LoadKey(const KeyBlob& blob); 34 35 /** 36 * Return a copy of raw key material, in the key's preferred binary format. 37 */ 38 virtual keymaster_error_t key_material(UniquePtr<uint8_t[]>* material, size_t* size) const; 39 40 /** 41 * Return a copy of raw key material, in the specified format. 42 */ 43 virtual keymaster_error_t formatted_key_material(keymaster_key_format_t format, 44 UniquePtr<uint8_t[]>* material, 45 size_t* size) const; 46 47 virtual Operation* CreateOperation(keymaster_purpose_t purpose, keymaster_error_t* error); 48 49 protected: AsymmetricKey(const AuthorizationSet & auths,const Logger & logger)50 AsymmetricKey(const AuthorizationSet& auths, const Logger& logger) : Key(auths, logger) {} 51 52 private: 53 virtual int evp_key_type() = 0; 54 virtual bool InternalToEvp(EVP_PKEY* pkey) const = 0; 55 virtual bool EvpToInternal(const EVP_PKEY* pkey) = 0; 56 virtual Operation* CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, 57 keymaster_padding_t padding, keymaster_error_t* error) = 0; 58 }; 59 60 class RsaKey : public AsymmetricKey { 61 public: 62 static RsaKey* GenerateKey(const AuthorizationSet& key_description, const Logger& logger, 63 keymaster_error_t* error); 64 static RsaKey* ImportKey(const AuthorizationSet& key_description, EVP_PKEY* pkey, 65 const Logger& logger, keymaster_error_t* error); 66 RsaKey(const KeyBlob& blob, const Logger& logger, keymaster_error_t* error); 67 68 virtual Operation* CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, 69 keymaster_padding_t padding, keymaster_error_t* error); 70 71 private: RsaKey(RSA * rsa_key,const AuthorizationSet & auths,const Logger & logger)72 RsaKey(RSA* rsa_key, const AuthorizationSet& auths, const Logger& logger) 73 : AsymmetricKey(auths, logger), rsa_key_(rsa_key) {} 74 evp_key_type()75 virtual int evp_key_type() { return EVP_PKEY_RSA; } 76 virtual bool InternalToEvp(EVP_PKEY* pkey) const; 77 virtual bool EvpToInternal(const EVP_PKEY* pkey); 78 79 struct RSA_Delete { operatorRSA_Delete80 void operator()(RSA* p) { RSA_free(p); } 81 }; 82 83 UniquePtr<RSA, RSA_Delete> rsa_key_; 84 }; 85 86 class DsaKey : public AsymmetricKey { 87 public: 88 static DsaKey* GenerateKey(const AuthorizationSet& key_description, const Logger& logger, 89 keymaster_error_t* error); 90 static DsaKey* ImportKey(const AuthorizationSet& key_description, EVP_PKEY* pkey, 91 const Logger& logger, keymaster_error_t* error); 92 DsaKey(const KeyBlob& blob, const Logger& logger, keymaster_error_t* error); 93 94 virtual Operation* CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, 95 keymaster_padding_t padding, keymaster_error_t* error); 96 static size_t key_size_bits(DSA* dsa_key); 97 98 private: 99 DsaKey(DSA * dsa_key,const AuthorizationSet auths,const Logger & logger)100 DsaKey(DSA* dsa_key, const AuthorizationSet auths, const Logger& logger) 101 : AsymmetricKey(auths, logger), dsa_key_(dsa_key) {} 102 evp_key_type()103 virtual int evp_key_type() { return EVP_PKEY_DSA; } 104 virtual bool InternalToEvp(EVP_PKEY* pkey) const; 105 virtual bool EvpToInternal(const EVP_PKEY* pkey); 106 107 struct DSA_Delete { operatorDSA_Delete108 void operator()(DSA* p) { DSA_free(p); } 109 }; 110 111 UniquePtr<DSA, DSA_Delete> dsa_key_; 112 }; 113 114 class EcdsaKey : public AsymmetricKey { 115 public: 116 static EcdsaKey* GenerateKey(const AuthorizationSet& key_description, const Logger& logger, 117 keymaster_error_t* error); 118 static EcdsaKey* ImportKey(const AuthorizationSet& key_description, EVP_PKEY* pkey, 119 const Logger& logger, keymaster_error_t* error); 120 EcdsaKey(const KeyBlob& blob, const Logger& logger, keymaster_error_t* error); 121 122 virtual Operation* CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, 123 keymaster_padding_t padding, keymaster_error_t* error); 124 125 private: EcdsaKey(EC_KEY * ecdsa_key,const AuthorizationSet auths,const Logger & logger)126 EcdsaKey(EC_KEY* ecdsa_key, const AuthorizationSet auths, const Logger& logger) 127 : AsymmetricKey(auths, logger), ecdsa_key_(ecdsa_key) {} 128 129 static EC_GROUP* choose_group(size_t key_size_bits); 130 static keymaster_error_t get_group_size(const EC_GROUP& group, size_t* key_size_bits); 131 evp_key_type()132 virtual int evp_key_type() { return EVP_PKEY_EC; } 133 virtual bool InternalToEvp(EVP_PKEY* pkey) const; 134 virtual bool EvpToInternal(const EVP_PKEY* pkey); 135 136 struct ECDSA_Delete { operatorECDSA_Delete137 void operator()(EC_KEY* p) { EC_KEY_free(p); } 138 }; 139 140 struct EC_GROUP_Delete { operatorEC_GROUP_Delete141 void operator()(EC_GROUP* p) { EC_GROUP_free(p); } 142 }; 143 144 UniquePtr<EC_KEY, ECDSA_Delete> ecdsa_key_; 145 }; 146 147 } // namespace keymaster 148 149 #endif // SYSTEM_KEYMASTER_ASYMMETRIC_KEY_H 150