1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_RSA_OPERATION_H_ 18 #define SYSTEM_KEYMASTER_RSA_OPERATION_H_ 19 20 #include <UniquePtr.h> 21 22 #include <openssl/evp.h> 23 #include <openssl/rsa.h> 24 25 #include "operation.h" 26 27 namespace keymaster { 28 29 /** 30 * Base class for all RSA operations. 31 * 32 * This class provides RSA key management, plus buffering of data for non-digesting modes. 33 */ 34 class RsaOperation : public Operation { 35 public: RsaOperation(keymaster_purpose_t purpose,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)36 RsaOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, 37 keymaster_padding_t padding, EVP_PKEY* key) 38 : Operation(purpose), rsa_key_(key), padding_(padding), digest_(digest), 39 digest_algorithm_(nullptr) {} 40 ~RsaOperation(); 41 42 keymaster_error_t Begin(const AuthorizationSet& input_params, 43 AuthorizationSet* output_params) override; 44 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 45 AuthorizationSet* output_params, Buffer* output, 46 size_t* input_consumed) override; Abort()47 keymaster_error_t Abort() override { return KM_ERROR_OK; } 48 padding()49 keymaster_padding_t padding() const { return padding_; } digest()50 keymaster_digest_t digest() const { return digest_; } 51 52 protected: 53 virtual int GetOpensslPadding(keymaster_error_t* error) = 0; 54 virtual bool require_digest() const = 0; 55 56 keymaster_error_t StoreData(const Buffer& input, size_t* input_consumed); 57 keymaster_error_t SetRsaPaddingInEvpContext(EVP_PKEY_CTX* pkey_ctx); 58 keymaster_error_t InitDigest(); 59 60 EVP_PKEY* rsa_key_; 61 keymaster_padding_t padding_; 62 Buffer data_; 63 const keymaster_digest_t digest_; 64 const EVP_MD* digest_algorithm_; 65 }; 66 67 /** 68 * Base class for all digesting RSA operations. 69 * 70 * This class adds digesting support, for digesting modes. For non-digesting modes, it falls back 71 * on the RsaOperation input buffering. 72 */ 73 class RsaDigestingOperation : public RsaOperation { 74 public: 75 RsaDigestingOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, 76 keymaster_padding_t padding, EVP_PKEY* key); 77 ~RsaDigestingOperation(); 78 79 protected: 80 int GetOpensslPadding(keymaster_error_t* error) override; require_digest()81 bool require_digest() const override { return padding_ == KM_PAD_RSA_PSS; } 82 EVP_MD_CTX digest_ctx_; 83 }; 84 85 /** 86 * RSA private key signing operation. 87 */ 88 class RsaSignOperation : public RsaDigestingOperation { 89 public: RsaSignOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)90 RsaSignOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 91 : RsaDigestingOperation(KM_PURPOSE_SIGN, digest, padding, key) {} 92 93 keymaster_error_t Begin(const AuthorizationSet& input_params, 94 AuthorizationSet* output_params) override; 95 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 96 AuthorizationSet* output_params, Buffer* output, 97 size_t* input_consumed) override; 98 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature, 99 AuthorizationSet* output_params, Buffer* output) override; 100 101 private: 102 keymaster_error_t SignUndigested(Buffer* output); 103 keymaster_error_t SignDigested(Buffer* output); 104 }; 105 106 /** 107 * RSA public key verification operation. 108 */ 109 class RsaVerifyOperation : public RsaDigestingOperation { 110 public: RsaVerifyOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)111 RsaVerifyOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 112 : RsaDigestingOperation(KM_PURPOSE_VERIFY, digest, padding, key) {} 113 114 keymaster_error_t Begin(const AuthorizationSet& input_params, 115 AuthorizationSet* output_params) override; 116 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 117 AuthorizationSet* output_params, Buffer* output, 118 size_t* input_consumed) override; 119 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature, 120 AuthorizationSet* output_params, Buffer* output) override; 121 122 private: 123 keymaster_error_t VerifyUndigested(const Buffer& signature); 124 keymaster_error_t VerifyDigested(const Buffer& signature); 125 }; 126 127 /** 128 * Base class for RSA crypting operations. 129 */ 130 class RsaCryptOperation : public RsaOperation { 131 public: RsaCryptOperation(keymaster_purpose_t,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)132 RsaCryptOperation(keymaster_purpose_t, keymaster_digest_t digest, keymaster_padding_t padding, 133 EVP_PKEY* key) 134 : RsaOperation(KM_PURPOSE_ENCRYPT, digest, padding, key) {} 135 136 protected: 137 keymaster_error_t SetOaepDigestIfRequired(EVP_PKEY_CTX* pkey_ctx); 138 139 private: 140 int GetOpensslPadding(keymaster_error_t* error) override; require_digest()141 bool require_digest() const override { return padding_ == KM_PAD_RSA_OAEP; } 142 }; 143 144 /** 145 * RSA public key encryption operation. 146 */ 147 class RsaEncryptOperation : public RsaCryptOperation { 148 public: RsaEncryptOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)149 RsaEncryptOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 150 : RsaCryptOperation(KM_PURPOSE_ENCRYPT, digest, padding, key) {} 151 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature, 152 AuthorizationSet* output_params, Buffer* output) override; 153 }; 154 155 /** 156 * RSA private key decryption operation. 157 */ 158 class RsaDecryptOperation : public RsaCryptOperation { 159 public: RsaDecryptOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)160 RsaDecryptOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 161 : RsaCryptOperation(KM_PURPOSE_DECRYPT, digest, padding, key) {} 162 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature, 163 AuthorizationSet* output_params, Buffer* output) override; 164 }; 165 166 /** 167 * Abstract base for all RSA operation factories. This class exists mainly to centralize some code 168 * common to all RSA operation factories. 169 */ 170 class RsaOperationFactory : public OperationFactory { 171 public: registry_key()172 KeyType registry_key() const override { return KeyType(KM_ALGORITHM_RSA, purpose()); } 173 virtual keymaster_purpose_t purpose() const = 0; 174 CreateOperation(const Key & key,const AuthorizationSet & begin_params,keymaster_error_t * error)175 Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params, 176 keymaster_error_t* error) override { 177 return CreateRsaOperation(key, begin_params, error); 178 } 179 const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override; 180 181 protected: 182 static EVP_PKEY* GetRsaKey(const Key& key, keymaster_error_t* error); 183 virtual RsaOperation* CreateRsaOperation(const Key& key, const AuthorizationSet& begin_params, 184 keymaster_error_t* error); 185 186 private: 187 virtual RsaOperation* InstantiateOperation(keymaster_digest_t digest, 188 keymaster_padding_t padding, EVP_PKEY* key) = 0; 189 }; 190 191 /** 192 * Abstract base for RSA operations that digest their input (signing and verification). This class 193 * does most of the work of creation of RSA digesting operations, delegating only the actual 194 * operation instantiation. 195 */ 196 class RsaDigestingOperationFactory : public RsaOperationFactory { 197 public: 198 const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override; 199 }; 200 201 /** 202 * Abstract base for en/de-crypting RSA operation factories. This class does most of the work of 203 * creating such operations, delegating only the actual operation instantiation. 204 */ 205 class RsaCryptingOperationFactory : public RsaOperationFactory { 206 public: 207 RsaOperation* CreateRsaOperation(const Key& key, const AuthorizationSet& begin_params, 208 keymaster_error_t* error) override; 209 const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override; 210 }; 211 212 /** 213 * Concrete factory for RSA signing operations. 214 */ 215 class RsaSigningOperationFactory : public RsaDigestingOperationFactory { 216 public: purpose()217 keymaster_purpose_t purpose() const override { return KM_PURPOSE_SIGN; } InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)218 RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, 219 EVP_PKEY* key) override { 220 return new (std::nothrow) RsaSignOperation(digest, padding, key); 221 } 222 }; 223 224 /** 225 * Concrete factory for RSA signing operations. 226 */ 227 class RsaVerificationOperationFactory : public RsaDigestingOperationFactory { purpose()228 keymaster_purpose_t purpose() const override { return KM_PURPOSE_VERIFY; } InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)229 RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, 230 EVP_PKEY* key) override { 231 return new (std::nothrow) RsaVerifyOperation(digest, padding, key); 232 } 233 }; 234 235 /** 236 * Concrete factory for RSA signing operations. 237 */ 238 class RsaEncryptionOperationFactory : public RsaCryptingOperationFactory { purpose()239 keymaster_purpose_t purpose() const override { return KM_PURPOSE_ENCRYPT; } InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)240 RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, 241 EVP_PKEY* key) override { 242 return new (std::nothrow) RsaEncryptOperation(digest, padding, key); 243 } 244 }; 245 246 /** 247 * Concrete factory for RSA signing operations. 248 */ 249 class RsaDecryptionOperationFactory : public RsaCryptingOperationFactory { purpose()250 keymaster_purpose_t purpose() const override { return KM_PURPOSE_DECRYPT; } InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)251 RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, 252 EVP_PKEY* key) override { 253 return new (std::nothrow) RsaDecryptOperation(digest, padding, key); 254 } 255 }; 256 257 } // namespace keymaster 258 259 #endif // SYSTEM_KEYMASTER_RSA_OPERATION_H_ 260