1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_RSA_OPERATION_H_ 18 #define SYSTEM_KEYMASTER_RSA_OPERATION_H_ 19 20 #include <utility> 21 22 #include <keymaster/UniquePtr.h> 23 24 #include <openssl/evp.h> 25 #include <openssl/rsa.h> 26 27 #include <keymaster/operation.h> 28 29 namespace keymaster { 30 31 /** 32 * Base class for all RSA operations. 33 * 34 * This class provides RSA key management, plus buffering of data for non-digesting modes. 35 */ 36 class RsaOperation : public Operation { 37 public: RsaOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_purpose_t purpose,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)38 RsaOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 39 keymaster_purpose_t purpose, keymaster_digest_t digest, 40 keymaster_padding_t padding, EVP_PKEY* key) 41 : Operation(purpose, std::move(hw_enforced), std::move(sw_enforced)), rsa_key_(key), 42 padding_(padding), digest_(digest), digest_algorithm_(nullptr) {} 43 ~RsaOperation(); 44 45 keymaster_error_t Begin(const AuthorizationSet& input_params, 46 AuthorizationSet* output_params) override; 47 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 48 AuthorizationSet* output_params, Buffer* output, 49 size_t* input_consumed) override; Abort()50 keymaster_error_t Abort() override { return KM_ERROR_OK; } 51 padding()52 keymaster_padding_t padding() const { return padding_; } digest()53 keymaster_digest_t digest() const { return digest_; } 54 55 protected: 56 virtual int GetOpensslPadding(keymaster_error_t* error) = 0; 57 virtual bool require_digest() const = 0; 58 59 keymaster_error_t StoreData(const Buffer& input, size_t* input_consumed); 60 keymaster_error_t SetRsaPaddingInEvpContext(EVP_PKEY_CTX* pkey_ctx, bool signing); 61 keymaster_error_t InitDigest(); 62 63 EVP_PKEY* rsa_key_; 64 const keymaster_padding_t padding_; 65 Buffer data_; 66 const keymaster_digest_t digest_; 67 const EVP_MD* digest_algorithm_; 68 }; 69 70 /** 71 * Base class for all digesting RSA operations. 72 * 73 * This class adds digesting support, for digesting modes. For non-digesting modes, it falls back 74 * on the RsaOperation input buffering. 75 */ 76 class RsaDigestingOperation : public RsaOperation { 77 public: 78 RsaDigestingOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 79 keymaster_purpose_t purpose, keymaster_digest_t digest, 80 keymaster_padding_t padding, EVP_PKEY* key); 81 ~RsaDigestingOperation(); 82 83 protected: 84 int GetOpensslPadding(keymaster_error_t* error) override; require_digest()85 bool require_digest() const override { return padding_ == KM_PAD_RSA_PSS; } 86 EVP_MD_CTX digest_ctx_; 87 }; 88 89 /** 90 * RSA private key signing operation. 91 */ 92 class RsaSignOperation : public RsaDigestingOperation { 93 public: RsaSignOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)94 RsaSignOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 95 keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 96 : RsaDigestingOperation(std::move(hw_enforced), std::move(sw_enforced), KM_PURPOSE_SIGN, 97 digest, padding, key) {} 98 99 keymaster_error_t Begin(const AuthorizationSet& input_params, 100 AuthorizationSet* output_params) override; 101 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 102 AuthorizationSet* output_params, Buffer* output, 103 size_t* input_consumed) override; 104 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 105 const Buffer& signature, AuthorizationSet* output_params, 106 Buffer* output) override; 107 108 private: 109 keymaster_error_t SignUndigested(Buffer* output); 110 keymaster_error_t SignDigested(Buffer* output); 111 }; 112 113 /** 114 * RSA public key verification operation. 115 */ 116 class RsaVerifyOperation : public RsaDigestingOperation { 117 public: RsaVerifyOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)118 RsaVerifyOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 119 keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 120 : RsaDigestingOperation(std::move(hw_enforced), std::move(sw_enforced), KM_PURPOSE_VERIFY, 121 digest, padding, key) {} 122 123 keymaster_error_t Begin(const AuthorizationSet& input_params, 124 AuthorizationSet* output_params) override; 125 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 126 AuthorizationSet* output_params, Buffer* output, 127 size_t* input_consumed) override; 128 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 129 const Buffer& signature, AuthorizationSet* output_params, 130 Buffer* output) override; 131 132 private: 133 keymaster_error_t VerifyUndigested(const Buffer& signature); 134 keymaster_error_t VerifyDigested(const Buffer& signature); 135 }; 136 137 /** 138 * Base class for RSA crypting operations. 139 */ 140 class RsaCryptOperation : public RsaOperation { 141 public: RsaCryptOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_purpose_t purpose,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)142 RsaCryptOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 143 keymaster_purpose_t purpose, keymaster_digest_t digest, 144 keymaster_padding_t padding, EVP_PKEY* key) 145 : RsaOperation(std::move(hw_enforced), std::move(sw_enforced), purpose, digest, padding, 146 key), 147 mgf_digest_(KM_DIGEST_SHA1), mgf_digest_algorithm_(nullptr) {} oaepMgfDigest()148 keymaster_digest_t oaepMgfDigest() { return mgf_digest_; } setOaepMgfDigest(keymaster_digest_t mgf_digest)149 void setOaepMgfDigest(keymaster_digest_t mgf_digest) { mgf_digest_ = mgf_digest; } 150 keymaster_error_t Begin(const AuthorizationSet& input_params, 151 AuthorizationSet* output_params) override; 152 153 protected: 154 keymaster_error_t SetOaepDigestIfRequired(EVP_PKEY_CTX* pkey_ctx); 155 keymaster_error_t InitMgfDigest(); 156 157 private: 158 int GetOpensslPadding(keymaster_error_t* error) override; require_digest()159 bool require_digest() const override { return padding_ == KM_PAD_RSA_OAEP; } 160 keymaster_digest_t mgf_digest_; 161 const EVP_MD* mgf_digest_algorithm_; 162 }; 163 164 /** 165 * RSA public key encryption operation. 166 */ 167 class RsaEncryptOperation : public RsaCryptOperation { 168 public: RsaEncryptOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)169 RsaEncryptOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 170 keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 171 : RsaCryptOperation(std::move(hw_enforced), std::move(sw_enforced), KM_PURPOSE_ENCRYPT, 172 digest, padding, key) {} 173 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 174 const Buffer& signature, AuthorizationSet* output_params, 175 Buffer* output) override; 176 }; 177 178 /** 179 * RSA private key decryption operation. 180 */ 181 class RsaDecryptOperation : public RsaCryptOperation { 182 public: RsaDecryptOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)183 RsaDecryptOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 184 keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 185 : RsaCryptOperation(std::move(hw_enforced), std::move(sw_enforced), KM_PURPOSE_DECRYPT, 186 digest, padding, key) {} 187 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 188 const Buffer& signature, AuthorizationSet* output_params, 189 Buffer* output) override; 190 }; 191 192 /** 193 * Abstract base for all RSA operation factories. This class exists mainly to centralize some code 194 * common to all RSA operation factories. 195 */ 196 class RsaOperationFactory : public OperationFactory { 197 public: registry_key()198 KeyType registry_key() const override { return KeyType(KM_ALGORITHM_RSA, purpose()); } 199 virtual keymaster_purpose_t purpose() const = 0; 200 CreateOperation(Key && key,const AuthorizationSet & begin_params,keymaster_error_t * error)201 OperationPtr CreateOperation(Key&& key, const AuthorizationSet& begin_params, 202 keymaster_error_t* error) override { 203 return OperationPtr(CreateRsaOperation(std::move(key), begin_params, error)); 204 } 205 const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override; 206 207 protected: 208 static EVP_PKEY* GetRsaKey(const Key& key, keymaster_error_t* error); 209 virtual RsaOperation* CreateRsaOperation(Key&& key, const AuthorizationSet& begin_params, 210 keymaster_error_t* error); 211 212 private: 213 virtual RsaOperation* InstantiateOperation(AuthorizationSet&& hw_enforced, 214 AuthorizationSet&& sw_enforced, 215 keymaster_digest_t digest, 216 keymaster_padding_t padding, EVP_PKEY* key) = 0; 217 }; 218 219 /** 220 * Abstract base for RSA operations that digest their input (signing and verification). 221 */ 222 class RsaDigestingOperationFactory : public RsaOperationFactory { 223 public: 224 const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override; 225 }; 226 227 /** 228 * Abstract base for en/de-crypting RSA operation factories. This class does most of the work of 229 * creating such operations, delegating only the actual operation instantiation. 230 */ 231 class RsaCryptingOperationFactory : public RsaOperationFactory { 232 public: 233 RsaOperation* CreateRsaOperation(Key&& key, const AuthorizationSet& begin_params, 234 keymaster_error_t* error) override; 235 const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override; 236 237 protected: 238 keymaster_error_t GetAndValidateMgfDigest(const AuthorizationSet& begin_params, const Key& key, 239 keymaster_digest_t* digest) const; 240 }; 241 242 /** 243 * Concrete factory for RSA signing operations. 244 */ 245 class RsaSigningOperationFactory : public RsaDigestingOperationFactory { 246 public: purpose()247 keymaster_purpose_t purpose() const override { return KM_PURPOSE_SIGN; } InstantiateOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)248 RsaOperation* InstantiateOperation(AuthorizationSet&& hw_enforced, 249 AuthorizationSet&& sw_enforced, keymaster_digest_t digest, 250 keymaster_padding_t padding, EVP_PKEY* key) override { 251 return new (std::nothrow) 252 RsaSignOperation(std::move(hw_enforced), std::move(sw_enforced), digest, padding, key); 253 } 254 }; 255 256 /** 257 * Concrete factory for RSA signing operations. 258 */ 259 class RsaVerificationOperationFactory : public RsaDigestingOperationFactory { purpose()260 keymaster_purpose_t purpose() const override { return KM_PURPOSE_VERIFY; } InstantiateOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)261 RsaOperation* InstantiateOperation(AuthorizationSet&& hw_enforced, 262 AuthorizationSet&& sw_enforced, keymaster_digest_t digest, 263 keymaster_padding_t padding, EVP_PKEY* key) override { 264 return new (std::nothrow) 265 RsaVerifyOperation(std::move(hw_enforced), std::move(sw_enforced), digest, padding, 266 key); 267 } 268 }; 269 270 /** 271 * Concrete factory for RSA signing operations. 272 */ 273 class RsaEncryptionOperationFactory : public RsaCryptingOperationFactory { purpose()274 keymaster_purpose_t purpose() const override { return KM_PURPOSE_ENCRYPT; } InstantiateOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)275 RsaOperation* InstantiateOperation(AuthorizationSet&& hw_enforced, 276 AuthorizationSet&& sw_enforced, keymaster_digest_t digest, 277 keymaster_padding_t padding, EVP_PKEY* key) override { 278 return new (std::nothrow) 279 RsaEncryptOperation(std::move(hw_enforced), std::move(sw_enforced), digest, padding, 280 key); 281 } 282 }; 283 284 /** 285 * Concrete factory for RSA signing operations. 286 */ 287 class RsaDecryptionOperationFactory : public RsaCryptingOperationFactory { purpose()288 keymaster_purpose_t purpose() const override { return KM_PURPOSE_DECRYPT; } InstantiateOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)289 RsaOperation* InstantiateOperation(AuthorizationSet&& hw_enforced, 290 AuthorizationSet&& sw_enforced, keymaster_digest_t digest, 291 keymaster_padding_t padding, EVP_PKEY* key) override { 292 return new (std::nothrow) 293 RsaDecryptOperation(std::move(hw_enforced), std::move(sw_enforced), digest, padding, 294 key); 295 } 296 }; 297 298 } // namespace keymaster 299 300 #endif // SYSTEM_KEYMASTER_RSA_OPERATION_H_ 301