blob: 9fa6ec1a9c3c9e23403a42e44d8505a7004edd63
1 | /* |
2 | * Copyright 2014 The Android Open Source Project |
3 | * |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
5 | * you may not use this file except in compliance with the License. |
6 | * You may obtain a copy of the License at |
7 | * |
8 | * http://www.apache.org/licenses/LICENSE-2.0 |
9 | * |
10 | * Unless required by applicable law or agreed to in writing, software |
11 | * distributed under the License is distributed on an "AS IS" BASIS, |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | * See the License for the specific language governing permissions and |
14 | * limitations under the License. |
15 | */ |
16 | |
17 | #ifndef SYSTEM_KEYMASTER_OPENSSL_UTILS_H_ |
18 | #define SYSTEM_KEYMASTER_OPENSSL_UTILS_H_ |
19 | |
20 | #include <openssl/bn.h> |
21 | #include <openssl/ec.h> |
22 | #include <openssl/engine.h> |
23 | #include <openssl/evp.h> |
24 | #include <openssl/rsa.h> |
25 | #include <openssl/x509.h> |
26 | |
27 | #include <UniquePtr.h> |
28 | |
29 | #include <hardware/keymaster_defs.h> |
30 | |
31 | namespace keymaster { |
32 | |
33 | struct KeymasterKeyBlob; |
34 | |
35 | class EvpMdCtxCleaner { |
36 | public: |
37 | explicit EvpMdCtxCleaner(EVP_MD_CTX* ctx) : ctx_(ctx) {} |
38 | ~EvpMdCtxCleaner() { EVP_MD_CTX_cleanup(ctx_); } |
39 | |
40 | private: |
41 | EVP_MD_CTX* ctx_; |
42 | }; |
43 | |
44 | template <typename T, void (*FreeFunc)(T*)> struct OpenSslObjectDeleter { |
45 | void operator()(T* p) { FreeFunc(p); } |
46 | }; |
47 | |
48 | #define DEFINE_OPENSSL_OBJECT_POINTER(name) \ |
49 | typedef OpenSslObjectDeleter<name, name##_free> name##_Delete; \ |
50 | typedef UniquePtr<name, name##_Delete> name##_Ptr; |
51 | |
52 | DEFINE_OPENSSL_OBJECT_POINTER(ASN1_BIT_STRING) |
53 | DEFINE_OPENSSL_OBJECT_POINTER(ASN1_INTEGER) |
54 | DEFINE_OPENSSL_OBJECT_POINTER(ASN1_OBJECT) |
55 | DEFINE_OPENSSL_OBJECT_POINTER(ASN1_OCTET_STRING) |
56 | DEFINE_OPENSSL_OBJECT_POINTER(ASN1_TIME) |
57 | DEFINE_OPENSSL_OBJECT_POINTER(BN_CTX) |
58 | DEFINE_OPENSSL_OBJECT_POINTER(EC_GROUP) |
59 | DEFINE_OPENSSL_OBJECT_POINTER(EC_KEY) |
60 | DEFINE_OPENSSL_OBJECT_POINTER(EC_POINT) |
61 | DEFINE_OPENSSL_OBJECT_POINTER(ENGINE) |
62 | DEFINE_OPENSSL_OBJECT_POINTER(EVP_PKEY) |
63 | DEFINE_OPENSSL_OBJECT_POINTER(PKCS8_PRIV_KEY_INFO) |
64 | DEFINE_OPENSSL_OBJECT_POINTER(RSA) |
65 | DEFINE_OPENSSL_OBJECT_POINTER(X509) |
66 | DEFINE_OPENSSL_OBJECT_POINTER(X509_EXTENSION) |
67 | DEFINE_OPENSSL_OBJECT_POINTER(X509_NAME) |
68 | |
69 | typedef OpenSslObjectDeleter<BIGNUM, BN_free> BIGNUM_Delete; |
70 | typedef UniquePtr<BIGNUM, BIGNUM_Delete> BIGNUM_Ptr; |
71 | |
72 | keymaster_error_t ec_get_group_size(const EC_GROUP* group, size_t* key_size_bits); |
73 | EC_GROUP* ec_get_group(keymaster_ec_curve_t curve); |
74 | |
75 | /** |
76 | * Many OpenSSL APIs take ownership of an argument on success but don't free the argument on |
77 | * failure. This means we need to tell our scoped pointers when we've transferred ownership, without |
78 | * triggering a warning by not using the result of release(). |
79 | */ |
80 | template <typename T, typename Delete_T> |
81 | inline void release_because_ownership_transferred(UniquePtr<T, Delete_T>& p) { |
82 | T* val __attribute__((unused)) = p.release(); |
83 | } |
84 | |
85 | keymaster_error_t convert_pkcs8_blob_to_evp(const uint8_t* key_data, size_t key_length, |
86 | keymaster_algorithm_t expected_algorithm, |
87 | UniquePtr<EVP_PKEY, EVP_PKEY_Delete>* pkey); |
88 | |
89 | keymaster_error_t KeyMaterialToEvpKey(keymaster_key_format_t key_format, |
90 | const KeymasterKeyBlob& key_material, |
91 | keymaster_algorithm_t expected_algorithm, |
92 | UniquePtr<EVP_PKEY, EVP_PKEY_Delete>* evp_pkey); |
93 | |
94 | keymaster_error_t EvpKeyToKeyMaterial(const EVP_PKEY* evp_pkey, KeymasterKeyBlob* key_blob); |
95 | |
96 | size_t ec_group_size_bits(EC_KEY* ec_key); |
97 | |
98 | } // namespace keymaster |
99 | |
100 | #endif // SYSTEM_KEYMASTER_OPENSSL_UTILS_H_ |
101 |