128e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden/* 228e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * Copyright 2014 The Android Open Source Project 328e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * 428e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * Licensed under the Apache License, Version 2.0 (the "License"); 528e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * you may not use this file except in compliance with the License. 628e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * You may obtain a copy of the License at 728e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * 828e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * http://www.apache.org/licenses/LICENSE-2.0 928e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * 1028e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * Unless required by applicable law or agreed to in writing, software 1128e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * distributed under the License is distributed on an "AS IS" BASIS, 1228e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1328e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * See the License for the specific language governing permissions and 1428e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * limitations under the License. 1528e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden */ 1628e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden 1728e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden#ifndef SYSTEM_KEYMASTER_OPENSSL_UTILS_H_ 1828e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden#define SYSTEM_KEYMASTER_OPENSSL_UTILS_H_ 1928e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden 2028e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden#include <openssl/bn.h> 212beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden#include <openssl/ec.h> 22d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden#include <openssl/engine.h> 23f7538e0127ec2cb5202b0cbc64ad8305aae6243bQuan Nguyen#include <openssl/evp.h> 242beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden#include <openssl/rsa.h> 254d306ec792b4348253aa77dff965bff5def1dccbShawn Willden#include <openssl/x509.h> 2628e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden 27f38a002624126ca837865826f948edc9100d6e8aJanis Danisevskis#include <keymaster/UniquePtr.h> 282c8dd3e93d66fed41561933105e6050ff0655d76Shawn Willden 29b9d584d3dacc8041e5502cd0d036e21895eb6dc6Shawn Willden#include <hardware/keymaster_defs.h> 302c8dd3e93d66fed41561933105e6050ff0655d76Shawn Willden 314d306ec792b4348253aa77dff965bff5def1dccbShawn Willdennamespace keymaster { 324d306ec792b4348253aa77dff965bff5def1dccbShawn Willden 33398c158a0206217025f327c2d26bb6c86659f5a0Shawn Willdenstruct KeymasterKeyBlob; 34398c158a0206217025f327c2d26bb6c86659f5a0Shawn Willden 35f7538e0127ec2cb5202b0cbc64ad8305aae6243bQuan Nguyenclass EvpMdCtxCleaner { 36f7538e0127ec2cb5202b0cbc64ad8305aae6243bQuan Nguyen public: 375d5e42b081646208e134a96d0cb500e6b6e8f043Chih-Hung Hsieh explicit EvpMdCtxCleaner(EVP_MD_CTX* ctx) : ctx_(ctx) {} 38f7538e0127ec2cb5202b0cbc64ad8305aae6243bQuan Nguyen ~EvpMdCtxCleaner() { EVP_MD_CTX_cleanup(ctx_); } 39f7538e0127ec2cb5202b0cbc64ad8305aae6243bQuan Nguyen 40f7538e0127ec2cb5202b0cbc64ad8305aae6243bQuan Nguyen private: 41f7538e0127ec2cb5202b0cbc64ad8305aae6243bQuan Nguyen EVP_MD_CTX* ctx_; 42f7538e0127ec2cb5202b0cbc64ad8305aae6243bQuan Nguyen}; 43f7538e0127ec2cb5202b0cbc64ad8305aae6243bQuan Nguyen 44aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn Willdentemplate <typename T, void (*FreeFunc)(T*)> struct OpenSslObjectDeleter { 45aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn Willden void operator()(T* p) { FreeFunc(p); } 46fabacaf3e6019804cc8a98a2b8296be1d0125519Thai Duong}; 47fabacaf3e6019804cc8a98a2b8296be1d0125519Thai Duong 48aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn Willden#define DEFINE_OPENSSL_OBJECT_POINTER(name) \ 49aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn Willden typedef OpenSslObjectDeleter<name, name##_free> name##_Delete; \ 50aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn Willden typedef UniquePtr<name, name##_Delete> name##_Ptr; 51aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn Willden 52d487dc9e95162f249048bd31d4191a0d50b77496Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(ASN1_BIT_STRING) 53aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(ASN1_INTEGER) 54aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(ASN1_OBJECT) 55aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(ASN1_OCTET_STRING) 56aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(ASN1_TIME) 57d487dc9e95162f249048bd31d4191a0d50b77496Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(BN_CTX) 58d487dc9e95162f249048bd31d4191a0d50b77496Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(EC_GROUP) 59d487dc9e95162f249048bd31d4191a0d50b77496Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(EC_KEY) 60d487dc9e95162f249048bd31d4191a0d50b77496Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(EC_POINT) 61d487dc9e95162f249048bd31d4191a0d50b77496Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(ENGINE) 62d487dc9e95162f249048bd31d4191a0d50b77496Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(EVP_PKEY) 63d487dc9e95162f249048bd31d4191a0d50b77496Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(PKCS8_PRIV_KEY_INFO) 64d487dc9e95162f249048bd31d4191a0d50b77496Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(RSA) 65aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(X509) 66aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(X509_EXTENSION) 67aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn WilldenDEFINE_OPENSSL_OBJECT_POINTER(X509_NAME) 68aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn Willden 69aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn Willdentypedef OpenSslObjectDeleter<BIGNUM, BN_free> BIGNUM_Delete; 70aa58329b5bc3b30c6a01221b2a89808ebf347650Shawn Willdentypedef UniquePtr<BIGNUM, BIGNUM_Delete> BIGNUM_Ptr; 71d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden 72fabacaf3e6019804cc8a98a2b8296be1d0125519Thai Duongkeymaster_error_t ec_get_group_size(const EC_GROUP* group, size_t* key_size_bits); 73fabacaf3e6019804cc8a98a2b8296be1d0125519Thai DuongEC_GROUP* ec_get_group(keymaster_ec_curve_t curve); 74fabacaf3e6019804cc8a98a2b8296be1d0125519Thai Duong 7528e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden/** 7628e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * Many OpenSSL APIs take ownership of an argument on success but don't free the argument on 7728e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * failure. This means we need to tell our scoped pointers when we've transferred ownership, without 7828e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden * triggering a warning by not using the result of release(). 7928e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden */ 8028e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willdentemplate <typename T, typename Delete_T> 8128e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willdeninline void release_because_ownership_transferred(UniquePtr<T, Delete_T>& p) { 8228e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden T* val __attribute__((unused)) = p.release(); 8328e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden} 8428e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden 854d306ec792b4348253aa77dff965bff5def1dccbShawn Willdenkeymaster_error_t convert_pkcs8_blob_to_evp(const uint8_t* key_data, size_t key_length, 864d306ec792b4348253aa77dff965bff5def1dccbShawn Willden keymaster_algorithm_t expected_algorithm, 874d306ec792b4348253aa77dff965bff5def1dccbShawn Willden UniquePtr<EVP_PKEY, EVP_PKEY_Delete>* pkey); 884d306ec792b4348253aa77dff965bff5def1dccbShawn Willden 89398c158a0206217025f327c2d26bb6c86659f5a0Shawn Willdenkeymaster_error_t KeyMaterialToEvpKey(keymaster_key_format_t key_format, 90398c158a0206217025f327c2d26bb6c86659f5a0Shawn Willden const KeymasterKeyBlob& key_material, 91398c158a0206217025f327c2d26bb6c86659f5a0Shawn Willden keymaster_algorithm_t expected_algorithm, 92398c158a0206217025f327c2d26bb6c86659f5a0Shawn Willden UniquePtr<EVP_PKEY, EVP_PKEY_Delete>* evp_pkey); 93398c158a0206217025f327c2d26bb6c86659f5a0Shawn Willden 94398c158a0206217025f327c2d26bb6c86659f5a0Shawn Willdenkeymaster_error_t EvpKeyToKeyMaterial(const EVP_PKEY* evp_pkey, KeymasterKeyBlob* key_blob); 95398c158a0206217025f327c2d26bb6c86659f5a0Shawn Willden 96d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willdensize_t ec_group_size_bits(EC_KEY* ec_key); 97d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden 984d306ec792b4348253aa77dff965bff5def1dccbShawn Willden} // namespace keymaster 9928e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden 10028e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden#endif // SYSTEM_KEYMASTER_OPENSSL_UTILS_H_ 101