1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_ECDSA_OPERATION_H_ 18 #define SYSTEM_KEYMASTER_ECDSA_OPERATION_H_ 19 20 #include <openssl/ec.h> 21 #include <openssl/evp.h> 22 23 #include <keymaster/UniquePtr.h> 24 25 #include <keymaster/key.h> 26 #include <keymaster/operation.h> 27 28 namespace keymaster { 29 30 class EcdsaOperation : public Operation { 31 public: EcdsaOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_purpose_t purpose,keymaster_digest_t digest,EVP_PKEY * key)32 EcdsaOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 33 keymaster_purpose_t purpose, keymaster_digest_t digest, EVP_PKEY* key) 34 : Operation(purpose, move(hw_enforced), move(sw_enforced)), digest_(digest), 35 digest_algorithm_(nullptr), ecdsa_key_(key) { 36 EVP_MD_CTX_init(&digest_ctx_); 37 } 38 ~EcdsaOperation(); 39 Abort()40 keymaster_error_t Abort() override { return KM_ERROR_OK; } 41 42 protected: 43 keymaster_error_t StoreData(const Buffer& input, size_t* input_consumed); 44 keymaster_error_t InitDigest(); 45 46 keymaster_digest_t digest_; 47 const EVP_MD* digest_algorithm_; 48 EVP_PKEY* ecdsa_key_; 49 EVP_MD_CTX digest_ctx_; 50 Buffer data_; 51 }; 52 53 class EcdsaSignOperation : public EcdsaOperation { 54 public: EcdsaSignOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,EVP_PKEY * key)55 EcdsaSignOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 56 keymaster_digest_t digest, EVP_PKEY* key) 57 : EcdsaOperation(move(hw_enforced), move(sw_enforced), KM_PURPOSE_SIGN, digest, key) {} 58 keymaster_error_t Begin(const AuthorizationSet& input_params, 59 AuthorizationSet* output_params) override; 60 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 61 AuthorizationSet* output_params, Buffer* output, 62 size_t* input_consumed) override; 63 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 64 const Buffer& signature, AuthorizationSet* output_params, 65 Buffer* output) override; 66 }; 67 68 class EcdsaVerifyOperation : public EcdsaOperation { 69 public: EcdsaVerifyOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,EVP_PKEY * key)70 EcdsaVerifyOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 71 keymaster_digest_t digest, EVP_PKEY* key) 72 : EcdsaOperation(move(hw_enforced), move(sw_enforced), KM_PURPOSE_VERIFY, digest, key) {} 73 keymaster_error_t Begin(const AuthorizationSet& input_params, 74 AuthorizationSet* output_params) override; 75 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 76 AuthorizationSet* output_params, Buffer* output, 77 size_t* input_consumed) override; 78 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 79 const Buffer& signature, AuthorizationSet* output_params, 80 Buffer* output) override; 81 }; 82 83 class EcdsaOperationFactory : public OperationFactory { 84 private: registry_key()85 KeyType registry_key() const override { return KeyType(KM_ALGORITHM_EC, purpose()); } 86 OperationPtr CreateOperation(Key&& key, const AuthorizationSet& begin_params, 87 keymaster_error_t* error) override; 88 const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override; 89 90 virtual keymaster_purpose_t purpose() const = 0; 91 virtual Operation* InstantiateOperation(AuthorizationSet&& hw_enforced, 92 AuthorizationSet&& sw_enforced, 93 keymaster_digest_t digest, EVP_PKEY* key) = 0; 94 }; 95 96 class EcdsaSignOperationFactory : public EcdsaOperationFactory { 97 private: purpose()98 keymaster_purpose_t purpose() const override { return KM_PURPOSE_SIGN; } InstantiateOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,EVP_PKEY * key)99 Operation* InstantiateOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 100 keymaster_digest_t digest, EVP_PKEY* key) override { 101 return new (std::nothrow) 102 EcdsaSignOperation(move(hw_enforced), move(sw_enforced), digest, key); 103 } 104 }; 105 106 class EcdsaVerifyOperationFactory : public EcdsaOperationFactory { 107 public: purpose()108 keymaster_purpose_t purpose() const override { return KM_PURPOSE_VERIFY; } InstantiateOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,EVP_PKEY * key)109 Operation* InstantiateOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 110 keymaster_digest_t digest, EVP_PKEY* key) override { 111 return new (std::nothrow) 112 EcdsaVerifyOperation(move(hw_enforced), move(sw_enforced), digest, key); 113 } 114 }; 115 116 } // namespace keymaster 117 118 #endif // SYSTEM_KEYMASTER_ECDSA_OPERATION_H_ 119