1 /*
2  * Copyright 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_KEYMASTER_RSA_OPERATION_H_
18 #define SYSTEM_KEYMASTER_RSA_OPERATION_H_
19 
20 #include <UniquePtr.h>
21 
22 #include <openssl/evp.h>
23 #include <openssl/rsa.h>
24 
25 #include "operation.h"
26 
27 namespace keymaster {
28 
29 /**
30  * Base class for all RSA operations.
31  *
32  * This class provides RSA key management, plus buffering of data for non-digesting modes.
33  */
34 class RsaOperation : public Operation {
35   public:
RsaOperation(keymaster_purpose_t purpose,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)36     RsaOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
37                  keymaster_padding_t padding, EVP_PKEY* key)
38         : Operation(purpose), rsa_key_(key), padding_(padding), digest_(digest),
39           digest_algorithm_(nullptr) {}
40     ~RsaOperation();
41 
42     keymaster_error_t Begin(const AuthorizationSet& input_params,
43                             AuthorizationSet* output_params) override;
44     keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
45                              AuthorizationSet* output_params, Buffer* output,
46                              size_t* input_consumed) override;
Abort()47     keymaster_error_t Abort() override { return KM_ERROR_OK; }
48 
padding()49     keymaster_padding_t padding() const { return padding_; }
digest()50     keymaster_digest_t digest() const { return digest_; }
51 
52   protected:
53     virtual int GetOpensslPadding(keymaster_error_t* error) = 0;
54     virtual bool require_digest() const = 0;
55 
56     keymaster_error_t StoreData(const Buffer& input, size_t* input_consumed);
57     keymaster_error_t SetRsaPaddingInEvpContext(EVP_PKEY_CTX* pkey_ctx, bool signing);
58     keymaster_error_t InitDigest();
59 
60     EVP_PKEY* rsa_key_;
61     const keymaster_padding_t padding_;
62     Buffer data_;
63     const keymaster_digest_t digest_;
64     const EVP_MD* digest_algorithm_;
65 };
66 
67 /**
68  * Base class for all digesting RSA operations.
69  *
70  * This class adds digesting support, for digesting modes.  For non-digesting modes, it falls back
71  * on the RsaOperation input buffering.
72  */
73 class RsaDigestingOperation : public RsaOperation {
74   public:
75     RsaDigestingOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
76                           keymaster_padding_t padding, EVP_PKEY* key);
77     ~RsaDigestingOperation();
78 
79   protected:
80     int GetOpensslPadding(keymaster_error_t* error) override;
require_digest()81     bool require_digest() const override { return padding_ == KM_PAD_RSA_PSS; }
82     EVP_MD_CTX digest_ctx_;
83 };
84 
85 /**
86  * RSA private key signing operation.
87  */
88 class RsaSignOperation : public RsaDigestingOperation {
89   public:
RsaSignOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)90     RsaSignOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key)
91         : RsaDigestingOperation(KM_PURPOSE_SIGN, digest, padding, key) {}
92 
93     keymaster_error_t Begin(const AuthorizationSet& input_params,
94                             AuthorizationSet* output_params) override;
95     keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
96                              AuthorizationSet* output_params, Buffer* output,
97                              size_t* input_consumed) override;
98     keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input,
99                              const Buffer& signature, AuthorizationSet* output_params,
100                              Buffer* output) override;
101 
102   private:
103     keymaster_error_t SignUndigested(Buffer* output);
104     keymaster_error_t SignDigested(Buffer* output);
105 };
106 
107 /**
108  * RSA public key verification operation.
109  */
110 class RsaVerifyOperation : public RsaDigestingOperation {
111   public:
RsaVerifyOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)112     RsaVerifyOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key)
113         : RsaDigestingOperation(KM_PURPOSE_VERIFY, digest, padding, key) {}
114 
115     keymaster_error_t Begin(const AuthorizationSet& input_params,
116                             AuthorizationSet* output_params) override;
117     keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
118                              AuthorizationSet* output_params, Buffer* output,
119                              size_t* input_consumed) override;
120     keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input,
121                              const Buffer& signature, AuthorizationSet* output_params,
122                              Buffer* output) override;
123 
124   private:
125     keymaster_error_t VerifyUndigested(const Buffer& signature);
126     keymaster_error_t VerifyDigested(const Buffer& signature);
127 };
128 
129 /**
130  * Base class for RSA crypting operations.
131  */
132 class RsaCryptOperation : public RsaOperation {
133   public:
RsaCryptOperation(keymaster_purpose_t purpose,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)134     RsaCryptOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
135                       keymaster_padding_t padding, EVP_PKEY* key)
136         : RsaOperation(purpose, digest, padding, key) {}
137 
138   protected:
139     keymaster_error_t SetOaepDigestIfRequired(EVP_PKEY_CTX* pkey_ctx);
140 
141   private:
142     int GetOpensslPadding(keymaster_error_t* error) override;
require_digest()143     bool require_digest() const override { return padding_ == KM_PAD_RSA_OAEP; }
144 };
145 
146 /**
147  * RSA public key encryption operation.
148  */
149 class RsaEncryptOperation : public RsaCryptOperation {
150   public:
RsaEncryptOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)151     RsaEncryptOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key)
152         : RsaCryptOperation(KM_PURPOSE_ENCRYPT, digest, padding, key) {}
153     keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input,
154                              const Buffer& signature, AuthorizationSet* output_params,
155                              Buffer* output) override;
156 };
157 
158 /**
159  * RSA private key decryption operation.
160  */
161 class RsaDecryptOperation : public RsaCryptOperation {
162   public:
RsaDecryptOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)163     RsaDecryptOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key)
164         : RsaCryptOperation(KM_PURPOSE_DECRYPT, digest, padding, key) {}
165     keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input,
166                              const Buffer& signature, AuthorizationSet* output_params,
167                              Buffer* output) override;
168 };
169 
170 /**
171  * Abstract base for all RSA operation factories.  This class exists mainly to centralize some code
172  * common to all RSA operation factories.
173  */
174 class RsaOperationFactory : public OperationFactory {
175   public:
registry_key()176     KeyType registry_key() const override { return KeyType(KM_ALGORITHM_RSA, purpose()); }
177     virtual keymaster_purpose_t purpose() const = 0;
178 
CreateOperation(const Key & key,const AuthorizationSet & begin_params,keymaster_error_t * error)179     Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params,
180                                keymaster_error_t* error) override {
181         return CreateRsaOperation(key, begin_params, error);
182     }
183     const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override;
184 
185   protected:
186     static EVP_PKEY* GetRsaKey(const Key& key, keymaster_error_t* error);
187     virtual RsaOperation* CreateRsaOperation(const Key& key, const AuthorizationSet& begin_params,
188                                              keymaster_error_t* error);
189 
190   private:
191     virtual RsaOperation* InstantiateOperation(keymaster_digest_t digest,
192                                                keymaster_padding_t padding, EVP_PKEY* key) = 0;
193 };
194 
195 /**
196  * Abstract base for RSA operations that digest their input (signing and verification).
197  */
198 class RsaDigestingOperationFactory : public RsaOperationFactory {
199   public:
200     const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override;
201 };
202 
203 /**
204  * Abstract base for en/de-crypting RSA operation factories.  This class does most of the work of
205  * creating such operations, delegating only the actual operation instantiation.
206  */
207 class RsaCryptingOperationFactory : public RsaOperationFactory {
208   public:
209     RsaOperation* CreateRsaOperation(const Key& key, const AuthorizationSet& begin_params,
210                                      keymaster_error_t* error) override;
211     const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override;
212 };
213 
214 /**
215  * Concrete factory for RSA signing operations.
216  */
217 class RsaSigningOperationFactory : public RsaDigestingOperationFactory {
218   public:
purpose()219     keymaster_purpose_t purpose() const override { return KM_PURPOSE_SIGN; }
InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)220     RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding,
221                                        EVP_PKEY* key) override {
222         return new (std::nothrow) RsaSignOperation(digest, padding, key);
223     }
224 };
225 
226 /**
227  * Concrete factory for RSA signing operations.
228  */
229 class RsaVerificationOperationFactory : public RsaDigestingOperationFactory {
purpose()230     keymaster_purpose_t purpose() const override { return KM_PURPOSE_VERIFY; }
InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)231     RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding,
232                                        EVP_PKEY* key) override {
233         return new (std::nothrow) RsaVerifyOperation(digest, padding, key);
234     }
235 };
236 
237 /**
238  * Concrete factory for RSA signing operations.
239  */
240 class RsaEncryptionOperationFactory : public RsaCryptingOperationFactory {
purpose()241     keymaster_purpose_t purpose() const override { return KM_PURPOSE_ENCRYPT; }
InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)242     RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding,
243                                        EVP_PKEY* key) override {
244         return new (std::nothrow) RsaEncryptOperation(digest, padding, key);
245     }
246 };
247 
248 /**
249  * Concrete factory for RSA signing operations.
250  */
251 class RsaDecryptionOperationFactory : public RsaCryptingOperationFactory {
purpose()252     keymaster_purpose_t purpose() const override { return KM_PURPOSE_DECRYPT; }
InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)253     RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding,
254                                        EVP_PKEY* key) override {
255         return new (std::nothrow) RsaDecryptOperation(digest, padding, key);
256     }
257 };
258 
259 }  // namespace keymaster
260 
261 #endif  // SYSTEM_KEYMASTER_RSA_OPERATION_H_
262