Move assymetric key factory declarations to includes.

This exposes EcKeyFactory and RsaKeyFactory so they can be used for constructing the Trusty KeymasterContext. Note that there are no code changes, just reorganization. Change-Id: I8e8e068fb875f9d9c5c35320a545347dc33bc507
author: Shawn Willden <swillden@google.com> 2015-05-28 00:04:06 -0600
committer: Shawn Willden <swillden@google.com> 2015-05-31 10:57:49 -0600
commit: 398c158a0206217025f327c2d26bb6c86659f5a0 (patch)
tree: 3b0295ca708ef59fec1aeeb4d0d65bdf84e67641 /include
parent: 0629810b145187575bc26c910dded0d24c64569d (diff)
download: keymaster-398c158a0206217025f327c2d26bb6c86659f5a0.tar.gz
4 files changed, 240 insertions, 0 deletions
diff --git a/include/keymaster/asymmetric_key_factory.h b/include/keymaster/asymmetric_key_factory.h
new file mode 100644
index 0000000..22dfcde
--- /dev/null
+++ b/include/keymaster/asymmetric_key_factory.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SYSTEM_KEYMASTER_ASYMMETRIC_KEY_FACTORY_H_
+#define SYSTEM_KEYMASTER_ASYMMETRIC_KEY_FACTORY_H_
+
+#include <keymaster/key_factory.h>
+
+namespace keymaster {
+
+/**
+ * Abstract base for KeyFactories that handle asymmetric keys.
+ */
+class AsymmetricKey;
+class AsymmetricKeyFactory : public KeyFactory {
+  public:
+    AsymmetricKeyFactory(const KeymasterContext* context) : KeyFactory(context) {}
+
+    keymaster_error_t LoadKey(const KeymasterKeyBlob& key_material,
+                              const AuthorizationSet& hw_enforced,
+                              const AuthorizationSet& sw_enforced,
+                              UniquePtr<Key>* key) const override;
+
+    virtual keymaster_error_t CreateEmptyKey(const AuthorizationSet& hw_enforced,
+                                             const AuthorizationSet& sw_enforced,
+                                             UniquePtr<AsymmetricKey>* key) const = 0;
+
+    virtual keymaster_algorithm_t keymaster_key_type() const = 0;
+    virtual int evp_key_type() const = 0;
+
+    virtual const keymaster_key_format_t* SupportedImportFormats(size_t* format_count) const;
+    virtual const keymaster_key_format_t* SupportedExportFormats(size_t* format_count) const;
+};
+
+}  // namespace keymaster
+
+#endif  // SYSTEM_KEYMASTER_ASYMMETRIC_KEY_FACTORY_H_
diff --git a/include/keymaster/ec_key_factory.h b/include/keymaster/ec_key_factory.h
new file mode 100644
index 0000000..d76b29d
--- /dev/null
+++ b/include/keymaster/ec_key_factory.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SYSTEM_KEYMASTER_EC_KEY_FACTORY_H_
+#define SYSTEM_KEYMASTER_EC_KEY_FACTORY_H_
+
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+
+#include <keymaster/asymmetric_key_factory.h>
+
+namespace keymaster {
+
+class EcKeyFactory : public AsymmetricKeyFactory {
+  public:
+    EcKeyFactory(const KeymasterContext* context) : AsymmetricKeyFactory(context) {}
+
+    keymaster_algorithm_t keymaster_key_type() const override { return KM_ALGORITHM_EC; }
+    int evp_key_type() const override { return EVP_PKEY_EC; }
+
+    keymaster_error_t GenerateKey(const AuthorizationSet& key_description,
+                                  KeymasterKeyBlob* key_blob, AuthorizationSet* hw_enforced,
+                                  AuthorizationSet* sw_enforced) const override;
+    keymaster_error_t ImportKey(const AuthorizationSet& key_description,
+                                keymaster_key_format_t input_key_material_format,
+                                const KeymasterKeyBlob& input_key_material,
+                                KeymasterKeyBlob* output_key_blob, AuthorizationSet* hw_enforced,
+                                AuthorizationSet* sw_enforced) const override;
+
+    keymaster_error_t CreateEmptyKey(const AuthorizationSet& hw_enforced,
+                                     const AuthorizationSet& sw_enforced,
+                                     UniquePtr<AsymmetricKey>* key) const override;
+
+    keymaster_error_t UpdateImportKeyDescription(const AuthorizationSet& key_description,
+                                                 keymaster_key_format_t key_format,
+                                                 const KeymasterKeyBlob& key_material,
+                                                 AuthorizationSet* updated_description,
+                                                 uint32_t* key_size) const;
+
+    OperationFactory* GetOperationFactory(keymaster_purpose_t purpose) const override;
+
+  private:
+    static EC_GROUP* choose_group(size_t key_size_bits);
+    static keymaster_error_t get_group_size(const EC_GROUP& group, size_t* key_size_bits);
+};
+
+}  // namespace keymaster
+
+#endif  // SYSTEM_KEYMASTER_EC_KEY_FACTORY_H_
diff --git a/include/keymaster/key_factory.h b/include/keymaster/key_factory.h
new file mode 100644
index 0000000..4ce3ddb
--- /dev/null
+++ b/include/keymaster/key_factory.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SYSTEM_KEYMASTER_KEY_FACTORY_H_
+#define SYSTEM_KEYMASTER_KEY_FACTORY_H_
+
+#include <hardware/keymaster_defs.h>
+#include <keymaster/authorization_set.h>
+
+namespace keymaster {
+
+class Key;
+class KeymasterContext;
+class OperationFactory;
+struct KeymasterKeyBlob;
+
+/**
+ * KeyFactory is a abstraction that encapsulats the knowledge of how to build and parse a specifiec
+ * subclass of Key.
+ */
+class KeyFactory {
+  public:
+    KeyFactory(const KeymasterContext* context) : context_(context) {}
+    virtual ~KeyFactory() {}
+
+    // Factory methods.
+    virtual keymaster_error_t GenerateKey(const AuthorizationSet& key_description,
+                                          KeymasterKeyBlob* key_blob, AuthorizationSet* hw_enforced,
+                                          AuthorizationSet* sw_enforced) const = 0;
+
+    virtual keymaster_error_t ImportKey(const AuthorizationSet& key_description,
+                                        keymaster_key_format_t input_key_material_format,
+                                        const KeymasterKeyBlob& input_key_material,
+                                        KeymasterKeyBlob* output_key_blob,
+                                        AuthorizationSet* hw_enforced,
+                                        AuthorizationSet* sw_enforced) const = 0;
+
+    virtual keymaster_error_t LoadKey(const KeymasterKeyBlob& key_material,
+                                      const AuthorizationSet& hw_enforced,
+                                      const AuthorizationSet& sw_enforced,
+                                      UniquePtr<Key>* key) const = 0;
+
+    virtual OperationFactory* GetOperationFactory(keymaster_purpose_t purpose) const = 0;
+
+    // Informational methods.
+    virtual const keymaster_key_format_t* SupportedImportFormats(size_t* format_count) const = 0;
+    virtual const keymaster_key_format_t* SupportedExportFormats(size_t* format_count) const = 0;
+
+  protected:
+    const KeymasterContext* context_;
+};
+
+}  // namespace keymaster
+
+#endif  // SYSTEM_KEYMASTER_KEY_FACTORY_H_
diff --git a/include/keymaster/rsa_key_factory.h b/include/keymaster/rsa_key_factory.h
new file mode 100644
index 0000000..03d2dd1
--- /dev/null
+++ b/include/keymaster/rsa_key_factory.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SYSTEM_KEYMASTER_RSA_KEY_FACTORY_H_
+#define SYSTEM_KEYMASTER_RSA_KEY_FACTORY_H_
+
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+#include <keymaster/asymmetric_key_factory.h>
+
+namespace keymaster {
+
+class RsaKeyFactory : public AsymmetricKeyFactory {
+  public:
+    RsaKeyFactory(const KeymasterContext* context) : AsymmetricKeyFactory(context) {}
+
+    keymaster_error_t GenerateKey(const AuthorizationSet& key_description,
+                                  KeymasterKeyBlob* key_blob, AuthorizationSet* hw_enforced,
+                                  AuthorizationSet* sw_enforced) const override;
+    keymaster_error_t ImportKey(const AuthorizationSet& key_description,
+                                keymaster_key_format_t input_key_material_format,
+                                const KeymasterKeyBlob& input_key_material,
+                                KeymasterKeyBlob* output_key_blob, AuthorizationSet* hw_enforced,
+                                AuthorizationSet* sw_enforced) const override;
+
+    keymaster_error_t CreateEmptyKey(const AuthorizationSet& hw_enforced,
+                                     const AuthorizationSet& sw_enforced,
+                                     UniquePtr<AsymmetricKey>* key) const override;
+
+    OperationFactory* GetOperationFactory(keymaster_purpose_t purpose) const override;
+
+    keymaster_algorithm_t keymaster_key_type() const override { return KM_ALGORITHM_RSA; }
+    int evp_key_type() const override { return EVP_PKEY_RSA; }
+
+  protected:
+    keymaster_error_t UpdateImportKeyDescription(const AuthorizationSet& key_description,
+                                                 keymaster_key_format_t import_key_format,
+                                                 const KeymasterKeyBlob& import_key_material,
+                                                 AuthorizationSet* updated_description,
+                                                 uint64_t* public_exponent,
+                                                 uint32_t* key_size) const;
+};
+
+}  // namespace keymaster
+
+#endif  // SYSTEM_KEYMASTER_RSA_KEY_FACTORY_H_
author	Shawn Willden <swillden@google.com>	2015-05-28 00:04:06 -0600
committer	Shawn Willden <swillden@google.com>	2015-05-31 10:57:49 -0600
commit	398c158a0206217025f327c2d26bb6c86659f5a0 (patch)
tree	3b0295ca708ef59fec1aeeb4d0d65bdf84e67641 /include
parent	0629810b145187575bc26c910dded0d24c64569d (diff)
download	keymaster-398c158a0206217025f327c2d26bb6c86659f5a0.tar.gz