1 /* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_NIST_CURVE_KEY_EXCHANGE_H_ 18 #define SYSTEM_KEYMASTER_NIST_CURVE_KEY_EXCHANGE_H_ 19 20 #include "key_exchange.h" 21 22 #include <keymaster/authorization_set.h> 23 #include <hardware/keymaster_defs.h> 24 25 #include <UniquePtr.h> 26 27 #include "openssl_utils.h" 28 29 namespace keymaster { 30 31 /** 32 * NistCurveKeyExchange implements a KeyExchange using elliptic-curve 33 * Diffie-Hellman on NIST curves: P-224, P-256, P-384 and P-521. 34 */ 35 class NistCurveKeyExchange : public KeyExchange { 36 public: ~NistCurveKeyExchange()37 ~NistCurveKeyExchange() override {} 38 39 /** 40 * NistCurveKeyExchange takes ownership of \p private_key. 41 */ 42 NistCurveKeyExchange(EC_KEY* private_key, keymaster_error_t* error); 43 44 /** 45 * GenerateKeyExchange generates a new public/private key pair on a NIST curve and returns 46 * a new key exchange object. 47 */ 48 static NistCurveKeyExchange* GenerateKeyExchange(keymaster_ec_curve_t curve); 49 50 /** 51 * KeyExchange interface. 52 */ 53 bool CalculateSharedKey(const uint8_t* peer_public_value, size_t peer_public_value_len, 54 Buffer* shared_key) const override; 55 bool CalculateSharedKey(const Buffer& peer_public_value, Buffer* shared_key) const override; 56 bool public_value(Buffer* public_value) const override; 57 58 /* Caller takes ownership of \p private_key. */ private_key()59 EC_KEY* private_key() { return private_key_.release(); } 60 61 private: 62 keymaster_error_t ExtractPublicKey(); 63 64 UniquePtr<EC_KEY, EC_KEY_Delete> private_key_; 65 UniquePtr<uint8_t[]> public_key_; 66 size_t public_key_len_; 67 size_t shared_secret_len_; 68 }; 69 70 } // namespace keymaster 71 72 #endif // SYSTEM_KEYMASTER_NIST_CURVE_KEY_EXCHANGE_H_