1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_KEYMASTER_NIST_CURVE_KEY_EXCHANGE_H_
18 #define SYSTEM_KEYMASTER_NIST_CURVE_KEY_EXCHANGE_H_
19 
20 #include "key_exchange.h"
21 
22 #include <keymaster/authorization_set.h>
23 #include <hardware/keymaster_defs.h>
24 
25 #include <UniquePtr.h>
26 
27 #include "openssl_utils.h"
28 
29 namespace keymaster {
30 
31 /**
32  * NistCurveKeyExchange implements a KeyExchange using elliptic-curve
33  * Diffie-Hellman on NIST curves: P-224, P-256, P-384 and P-521.
34  */
35 class NistCurveKeyExchange : public KeyExchange {
36   public:
~NistCurveKeyExchange()37     ~NistCurveKeyExchange() override {}
38 
39     /**
40      * NistCurveKeyExchange takes ownership of \p private_key.
41      */
42     NistCurveKeyExchange(EC_KEY* private_key, keymaster_error_t* error);
43 
44     /**
45      * GenerateKeyExchange generates a new public/private key pair on a NIST curve and returns
46      * a new key exchange object.
47      */
48     static NistCurveKeyExchange* GenerateKeyExchange(keymaster_ec_curve_t curve);
49 
50     /**
51      * KeyExchange interface.
52      */
53     bool CalculateSharedKey(const uint8_t* peer_public_value, size_t peer_public_value_len,
54                             Buffer* shared_key) const override;
55     bool CalculateSharedKey(const Buffer& peer_public_value, Buffer* shared_key) const override;
56     bool public_value(Buffer* public_value) const override;
57 
58     /* Caller takes ownership of \p private_key. */
private_key()59     EC_KEY* private_key() { return private_key_.release(); }
60 
61   private:
62     keymaster_error_t ExtractPublicKey();
63 
64     UniquePtr<EC_KEY, EC_KEY_Delete> private_key_;
65     UniquePtr<uint8_t[]> public_key_;
66     size_t public_key_len_;
67     size_t shared_secret_len_;
68 };
69 
70 }  // namespace keymaster
71 
72 #endif  // SYSTEM_KEYMASTER_NIST_CURVE_KEY_EXCHANGE_H_