1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <openssl/evp.h>
20 
21 #include <hardware/keymaster1.h>
22 
23 #include <keymaster/android_keymaster_utils.h>
24 #include <keymaster/km_openssl/rsa_operation.h>
25 #include <keymaster/legacy_support/keymaster1_engine.h>
26 
27 namespace keymaster {
28 
29 class RsaKeymaster1WrappedOperation {
30   public:
RsaKeymaster1WrappedOperation(keymaster_purpose_t purpose,const Keymaster1Engine * engine)31     RsaKeymaster1WrappedOperation(keymaster_purpose_t purpose, const Keymaster1Engine* engine)
32         : purpose_(purpose), operation_handle_(0), engine_(engine) {}
~RsaKeymaster1WrappedOperation()33     ~RsaKeymaster1WrappedOperation() {
34         if (operation_handle_) Abort();
35     }
36 
37     keymaster_error_t Begin(EVP_PKEY* rsa_key, const AuthorizationSet& input_params);
38     keymaster_error_t PrepareFinish(EVP_PKEY* rsa_key, const AuthorizationSet& input_params);
39     keymaster_error_t Abort();
40 
41     keymaster_error_t GetError(EVP_PKEY* rsa_key);
42 
GetOperationHandle()43     keymaster_operation_handle_t GetOperationHandle() const { return operation_handle_; }
44 
45   protected:
46     keymaster_purpose_t purpose_;
47     keymaster_operation_handle_t operation_handle_;
48     const Keymaster1Engine* engine_;
49 };
50 
51 template <typename BaseOperation> class RsaKeymaster1Operation : public BaseOperation {
52     typedef BaseOperation super;
53 
54   public:
RsaKeymaster1Operation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key,const Keymaster1Engine * engine)55     RsaKeymaster1Operation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced,
56                            keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key,
57                            const Keymaster1Engine* engine)
58         : BaseOperation(move(hw_enforced), move(sw_enforced), digest, padding, key),
59           wrapped_operation_(super::purpose(), engine) {
60         // Shouldn't be instantiated for public key operations.
61         assert(super::purpose() != KM_PURPOSE_VERIFY);
62         assert(super::purpose() != KM_PURPOSE_ENCRYPT);
63     }
64 
Begin(const AuthorizationSet & input_params,AuthorizationSet * output_params)65     keymaster_error_t Begin(const AuthorizationSet& input_params,
66                             AuthorizationSet* output_params) override {
67         keymaster_error_t error = wrapped_operation_.Begin(super::rsa_key_, input_params);
68         if (error != KM_ERROR_OK) return error;
69         return super::Begin(input_params, output_params);
70     }
71 
Finish(const AuthorizationSet & input_params,const Buffer & input,const Buffer & signature,AuthorizationSet * output_params,Buffer * output)72     keymaster_error_t Finish(const AuthorizationSet& input_params, const Buffer& input,
73                              const Buffer& signature, AuthorizationSet* output_params,
74                              Buffer* output) override {
75         keymaster_error_t error = wrapped_operation_.PrepareFinish(super::rsa_key_, input_params);
76         if (error != KM_ERROR_OK) return error;
77         error = super::Finish(input_params, input, signature, output_params, output);
78         if (wrapped_operation_.GetError(super::rsa_key_) != KM_ERROR_OK)
79             error = wrapped_operation_.GetError(super::rsa_key_);
80         return error;
81     }
82 
Abort()83     keymaster_error_t Abort() override {
84         keymaster_error_t error = wrapped_operation_.Abort();
85         if (error != KM_ERROR_OK) return error;
86         return super::Abort();
87     }
88 
operation_handle()89     keymaster_operation_handle_t operation_handle() const override {
90         return wrapped_operation_.GetOperationHandle();
91     }
92 
93   private:
94     RsaKeymaster1WrappedOperation wrapped_operation_;
95 };
96 
97 /**
98  * Factory that produces RsaKeymaster1Operations.  This is instantiated and
99  * provided by RsaKeymaster1KeyFactory.
100  */
101 class RsaKeymaster1OperationFactory : public OperationFactory {
102   public:
RsaKeymaster1OperationFactory(keymaster_purpose_t purpose,const Keymaster1Engine * engine)103     RsaKeymaster1OperationFactory(keymaster_purpose_t purpose, const Keymaster1Engine* engine)
104         : purpose_(purpose), engine_(engine) {}
registry_key()105     KeyType registry_key() const override { return KeyType(KM_ALGORITHM_RSA, purpose_); }
106 
107     OperationPtr CreateOperation(Key&& key, const AuthorizationSet& begin_params,
108                                  keymaster_error_t* error) override;
109 
110     const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override;
111     const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override;
112 
113   private:
114     keymaster_purpose_t purpose_;
115     const Keymaster1Engine* engine_;
116 };
117 
118 }  // namespace keymaster
119