1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_RSA_OPERATION_H_ 18 #define SYSTEM_KEYMASTER_RSA_OPERATION_H_ 19 20 #include <keymaster/UniquePtr.h> 21 22 #include <openssl/evp.h> 23 #include <openssl/rsa.h> 24 25 #include <keymaster/operation.h> 26 27 namespace keymaster { 28 29 /** 30 * Base class for all RSA operations. 31 * 32 * This class provides RSA key management, plus buffering of data for non-digesting modes. 33 */ 34 class RsaOperation : public Operation { 35 public: RsaOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_purpose_t purpose,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)36 RsaOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 37 keymaster_purpose_t purpose, keymaster_digest_t digest, 38 keymaster_padding_t padding, EVP_PKEY* key) 39 : Operation(purpose, move(hw_enforced), move(sw_enforced)), rsa_key_(key), 40 padding_(padding), digest_(digest), digest_algorithm_(nullptr) {} 41 ~RsaOperation(); 42 43 keymaster_error_t Begin(const AuthorizationSet& input_params, 44 AuthorizationSet* output_params) override; 45 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 46 AuthorizationSet* output_params, Buffer* output, 47 size_t* input_consumed) override; Abort()48 keymaster_error_t Abort() override { return KM_ERROR_OK; } 49 padding()50 keymaster_padding_t padding() const { return padding_; } digest()51 keymaster_digest_t digest() const { return digest_; } 52 53 protected: 54 virtual int GetOpensslPadding(keymaster_error_t* error) = 0; 55 virtual bool require_digest() const = 0; 56 57 keymaster_error_t StoreData(const Buffer& input, size_t* input_consumed); 58 keymaster_error_t SetRsaPaddingInEvpContext(EVP_PKEY_CTX* pkey_ctx, bool signing); 59 keymaster_error_t InitDigest(); 60 61 EVP_PKEY* rsa_key_; 62 const keymaster_padding_t padding_; 63 Buffer data_; 64 const keymaster_digest_t digest_; 65 const EVP_MD* digest_algorithm_; 66 }; 67 68 /** 69 * Base class for all digesting RSA operations. 70 * 71 * This class adds digesting support, for digesting modes. For non-digesting modes, it falls back 72 * on the RsaOperation input buffering. 73 */ 74 class RsaDigestingOperation : public RsaOperation { 75 public: 76 RsaDigestingOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 77 keymaster_purpose_t purpose, keymaster_digest_t digest, 78 keymaster_padding_t padding, EVP_PKEY* key); 79 ~RsaDigestingOperation(); 80 81 protected: 82 int GetOpensslPadding(keymaster_error_t* error) override; require_digest()83 bool require_digest() const override { return padding_ == KM_PAD_RSA_PSS; } 84 EVP_MD_CTX digest_ctx_; 85 }; 86 87 /** 88 * RSA private key signing operation. 89 */ 90 class RsaSignOperation : public RsaDigestingOperation { 91 public: RsaSignOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)92 RsaSignOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 93 keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 94 : RsaDigestingOperation(move(hw_enforced), move(sw_enforced), KM_PURPOSE_SIGN, digest, 95 padding, key) {} 96 97 keymaster_error_t Begin(const AuthorizationSet& input_params, 98 AuthorizationSet* output_params) override; 99 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 100 AuthorizationSet* output_params, Buffer* output, 101 size_t* input_consumed) override; 102 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 103 const Buffer& signature, AuthorizationSet* output_params, 104 Buffer* output) override; 105 106 private: 107 keymaster_error_t SignUndigested(Buffer* output); 108 keymaster_error_t SignDigested(Buffer* output); 109 }; 110 111 /** 112 * RSA public key verification operation. 113 */ 114 class RsaVerifyOperation : public RsaDigestingOperation { 115 public: RsaVerifyOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)116 RsaVerifyOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 117 keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 118 : RsaDigestingOperation(move(hw_enforced), move(sw_enforced), KM_PURPOSE_VERIFY, digest, 119 padding, key) {} 120 121 keymaster_error_t Begin(const AuthorizationSet& input_params, 122 AuthorizationSet* output_params) override; 123 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 124 AuthorizationSet* output_params, Buffer* output, 125 size_t* input_consumed) override; 126 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 127 const Buffer& signature, AuthorizationSet* output_params, 128 Buffer* output) override; 129 130 private: 131 keymaster_error_t VerifyUndigested(const Buffer& signature); 132 keymaster_error_t VerifyDigested(const Buffer& signature); 133 }; 134 135 /** 136 * Base class for RSA crypting operations. 137 */ 138 class RsaCryptOperation : public RsaOperation { 139 public: RsaCryptOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_purpose_t purpose,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)140 RsaCryptOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 141 keymaster_purpose_t purpose, keymaster_digest_t digest, 142 keymaster_padding_t padding, EVP_PKEY* key) 143 : RsaOperation(move(hw_enforced), move(sw_enforced), purpose, digest, padding, key), 144 mgf_digest_(KM_DIGEST_SHA1), mgf_digest_algorithm_(nullptr) {} oaepMgfDigest()145 keymaster_digest_t oaepMgfDigest() { return mgf_digest_; } setOaepMgfDigest(keymaster_digest_t mgf_digest)146 void setOaepMgfDigest(keymaster_digest_t mgf_digest) { mgf_digest_ = mgf_digest; } 147 keymaster_error_t Begin(const AuthorizationSet& input_params, 148 AuthorizationSet* output_params) override; 149 150 protected: 151 keymaster_error_t SetOaepDigestIfRequired(EVP_PKEY_CTX* pkey_ctx); 152 keymaster_error_t InitMgfDigest(); 153 154 private: 155 int GetOpensslPadding(keymaster_error_t* error) override; require_digest()156 bool require_digest() const override { return padding_ == KM_PAD_RSA_OAEP; } 157 keymaster_digest_t mgf_digest_; 158 const EVP_MD* mgf_digest_algorithm_; 159 }; 160 161 /** 162 * RSA public key encryption operation. 163 */ 164 class RsaEncryptOperation : public RsaCryptOperation { 165 public: RsaEncryptOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)166 RsaEncryptOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 167 keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 168 : RsaCryptOperation(move(hw_enforced), move(sw_enforced), KM_PURPOSE_ENCRYPT, digest, 169 padding, key) {} 170 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 171 const Buffer& signature, AuthorizationSet* output_params, 172 Buffer* output) override; 173 }; 174 175 /** 176 * RSA private key decryption operation. 177 */ 178 class RsaDecryptOperation : public RsaCryptOperation { 179 public: RsaDecryptOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)180 RsaDecryptOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 181 keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 182 : RsaCryptOperation(move(hw_enforced), move(sw_enforced), KM_PURPOSE_DECRYPT, digest, 183 padding, key) {} 184 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 185 const Buffer& signature, AuthorizationSet* output_params, 186 Buffer* output) override; 187 }; 188 189 /** 190 * Abstract base for all RSA operation factories. This class exists mainly to centralize some code 191 * common to all RSA operation factories. 192 */ 193 class RsaOperationFactory : public OperationFactory { 194 public: registry_key()195 KeyType registry_key() const override { return KeyType(KM_ALGORITHM_RSA, purpose()); } 196 virtual keymaster_purpose_t purpose() const = 0; 197 CreateOperation(Key && key,const AuthorizationSet & begin_params,keymaster_error_t * error)198 OperationPtr CreateOperation(Key&& key, const AuthorizationSet& begin_params, 199 keymaster_error_t* error) override { 200 return OperationPtr(CreateRsaOperation(move(key), begin_params, error)); 201 } 202 const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override; 203 204 protected: 205 static EVP_PKEY* GetRsaKey(const Key& key, keymaster_error_t* error); 206 virtual RsaOperation* CreateRsaOperation(Key&& key, const AuthorizationSet& begin_params, 207 keymaster_error_t* error); 208 209 private: 210 virtual RsaOperation* InstantiateOperation(AuthorizationSet&& hw_enforced, 211 AuthorizationSet&& sw_enforced, 212 keymaster_digest_t digest, 213 keymaster_padding_t padding, EVP_PKEY* key) = 0; 214 }; 215 216 /** 217 * Abstract base for RSA operations that digest their input (signing and verification). 218 */ 219 class RsaDigestingOperationFactory : public RsaOperationFactory { 220 public: 221 const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override; 222 }; 223 224 /** 225 * Abstract base for en/de-crypting RSA operation factories. This class does most of the work of 226 * creating such operations, delegating only the actual operation instantiation. 227 */ 228 class RsaCryptingOperationFactory : public RsaOperationFactory { 229 public: 230 RsaOperation* CreateRsaOperation(Key&& key, const AuthorizationSet& begin_params, 231 keymaster_error_t* error) override; 232 const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override; 233 234 protected: 235 keymaster_error_t GetAndValidateMgfDigest(const AuthorizationSet& begin_params, const Key& key, 236 keymaster_digest_t* digest) const; 237 }; 238 239 /** 240 * Concrete factory for RSA signing operations. 241 */ 242 class RsaSigningOperationFactory : public RsaDigestingOperationFactory { 243 public: purpose()244 keymaster_purpose_t purpose() const override { return KM_PURPOSE_SIGN; } InstantiateOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)245 RsaOperation* InstantiateOperation(AuthorizationSet&& hw_enforced, 246 AuthorizationSet&& sw_enforced, keymaster_digest_t digest, 247 keymaster_padding_t padding, EVP_PKEY* key) override { 248 return new (std::nothrow) 249 RsaSignOperation(move(hw_enforced), move(sw_enforced), digest, padding, key); 250 } 251 }; 252 253 /** 254 * Concrete factory for RSA signing operations. 255 */ 256 class RsaVerificationOperationFactory : public RsaDigestingOperationFactory { purpose()257 keymaster_purpose_t purpose() const override { return KM_PURPOSE_VERIFY; } InstantiateOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)258 RsaOperation* InstantiateOperation(AuthorizationSet&& hw_enforced, 259 AuthorizationSet&& sw_enforced, keymaster_digest_t digest, 260 keymaster_padding_t padding, EVP_PKEY* key) override { 261 return new (std::nothrow) 262 RsaVerifyOperation(move(hw_enforced), move(sw_enforced), digest, padding, key); 263 } 264 }; 265 266 /** 267 * Concrete factory for RSA signing operations. 268 */ 269 class RsaEncryptionOperationFactory : public RsaCryptingOperationFactory { purpose()270 keymaster_purpose_t purpose() const override { return KM_PURPOSE_ENCRYPT; } InstantiateOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)271 RsaOperation* InstantiateOperation(AuthorizationSet&& hw_enforced, 272 AuthorizationSet&& sw_enforced, keymaster_digest_t digest, 273 keymaster_padding_t padding, EVP_PKEY* key) override { 274 return new (std::nothrow) 275 RsaEncryptOperation(move(hw_enforced), move(sw_enforced), digest, padding, key); 276 } 277 }; 278 279 /** 280 * Concrete factory for RSA signing operations. 281 */ 282 class RsaDecryptionOperationFactory : public RsaCryptingOperationFactory { purpose()283 keymaster_purpose_t purpose() const override { return KM_PURPOSE_DECRYPT; } InstantiateOperation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)284 RsaOperation* InstantiateOperation(AuthorizationSet&& hw_enforced, 285 AuthorizationSet&& sw_enforced, keymaster_digest_t digest, 286 keymaster_padding_t padding, EVP_PKEY* key) override { 287 return new (std::nothrow) 288 RsaDecryptOperation(move(hw_enforced), move(sw_enforced), digest, padding, key); 289 } 290 }; 291 292 } // namespace keymaster 293 294 #endif // SYSTEM_KEYMASTER_RSA_OPERATION_H_ 295