1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_RSA_OPERATION_H_ 18 #define SYSTEM_KEYMASTER_RSA_OPERATION_H_ 19 20 #include <UniquePtr.h> 21 22 #include <openssl/evp.h> 23 #include <openssl/rsa.h> 24 25 #include "operation.h" 26 27 namespace keymaster { 28 29 /** 30 * Base class for all RSA operations. 31 * 32 * This class provides RSA key management, plus buffering of data for non-digesting modes. 33 */ 34 class RsaOperation : public Operation { 35 public: RsaOperation(keymaster_purpose_t purpose,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)36 RsaOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, 37 keymaster_padding_t padding, EVP_PKEY* key) 38 : Operation(purpose), rsa_key_(key), padding_(padding), digest_(digest), 39 digest_algorithm_(nullptr) {} 40 ~RsaOperation(); 41 42 keymaster_error_t Begin(const AuthorizationSet& input_params, 43 AuthorizationSet* output_params) override; 44 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 45 AuthorizationSet* output_params, Buffer* output, 46 size_t* input_consumed) override; Abort()47 keymaster_error_t Abort() override { return KM_ERROR_OK; } 48 padding()49 keymaster_padding_t padding() const { return padding_; } digest()50 keymaster_digest_t digest() const { return digest_; } 51 52 protected: 53 virtual int GetOpensslPadding(keymaster_error_t* error) = 0; 54 virtual bool require_digest() const = 0; 55 56 keymaster_error_t StoreData(const Buffer& input, size_t* input_consumed); 57 keymaster_error_t SetRsaPaddingInEvpContext(EVP_PKEY_CTX* pkey_ctx, bool signing); 58 keymaster_error_t InitDigest(); 59 60 EVP_PKEY* rsa_key_; 61 const keymaster_padding_t padding_; 62 Buffer data_; 63 const keymaster_digest_t digest_; 64 const EVP_MD* digest_algorithm_; 65 }; 66 67 /** 68 * Base class for all digesting RSA operations. 69 * 70 * This class adds digesting support, for digesting modes. For non-digesting modes, it falls back 71 * on the RsaOperation input buffering. 72 */ 73 class RsaDigestingOperation : public RsaOperation { 74 public: 75 RsaDigestingOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, 76 keymaster_padding_t padding, EVP_PKEY* key); 77 ~RsaDigestingOperation(); 78 79 protected: 80 int GetOpensslPadding(keymaster_error_t* error) override; require_digest()81 bool require_digest() const override { return padding_ == KM_PAD_RSA_PSS; } 82 EVP_MD_CTX digest_ctx_; 83 }; 84 85 /** 86 * RSA private key signing operation. 87 */ 88 class RsaSignOperation : public RsaDigestingOperation { 89 public: RsaSignOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)90 RsaSignOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 91 : RsaDigestingOperation(KM_PURPOSE_SIGN, digest, padding, key) {} 92 93 keymaster_error_t Begin(const AuthorizationSet& input_params, 94 AuthorizationSet* output_params) override; 95 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 96 AuthorizationSet* output_params, Buffer* output, 97 size_t* input_consumed) override; 98 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 99 const Buffer& signature, AuthorizationSet* output_params, 100 Buffer* output) override; 101 102 private: 103 keymaster_error_t SignUndigested(Buffer* output); 104 keymaster_error_t SignDigested(Buffer* output); 105 }; 106 107 /** 108 * RSA public key verification operation. 109 */ 110 class RsaVerifyOperation : public RsaDigestingOperation { 111 public: RsaVerifyOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)112 RsaVerifyOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 113 : RsaDigestingOperation(KM_PURPOSE_VERIFY, digest, padding, key) {} 114 115 keymaster_error_t Begin(const AuthorizationSet& input_params, 116 AuthorizationSet* output_params) override; 117 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 118 AuthorizationSet* output_params, Buffer* output, 119 size_t* input_consumed) override; 120 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 121 const Buffer& signature, AuthorizationSet* output_params, 122 Buffer* output) override; 123 124 private: 125 keymaster_error_t VerifyUndigested(const Buffer& signature); 126 keymaster_error_t VerifyDigested(const Buffer& signature); 127 }; 128 129 /** 130 * Base class for RSA crypting operations. 131 */ 132 class RsaCryptOperation : public RsaOperation { 133 public: RsaCryptOperation(keymaster_purpose_t purpose,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)134 RsaCryptOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, 135 keymaster_padding_t padding, EVP_PKEY* key) 136 : RsaOperation(purpose, digest, padding, key) {} 137 138 protected: 139 keymaster_error_t SetOaepDigestIfRequired(EVP_PKEY_CTX* pkey_ctx); 140 141 private: 142 int GetOpensslPadding(keymaster_error_t* error) override; require_digest()143 bool require_digest() const override { return padding_ == KM_PAD_RSA_OAEP; } 144 }; 145 146 /** 147 * RSA public key encryption operation. 148 */ 149 class RsaEncryptOperation : public RsaCryptOperation { 150 public: RsaEncryptOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)151 RsaEncryptOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 152 : RsaCryptOperation(KM_PURPOSE_ENCRYPT, digest, padding, key) {} 153 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 154 const Buffer& signature, AuthorizationSet* output_params, 155 Buffer* output) override; 156 }; 157 158 /** 159 * RSA private key decryption operation. 160 */ 161 class RsaDecryptOperation : public RsaCryptOperation { 162 public: RsaDecryptOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)163 RsaDecryptOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) 164 : RsaCryptOperation(KM_PURPOSE_DECRYPT, digest, padding, key) {} 165 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 166 const Buffer& signature, AuthorizationSet* output_params, 167 Buffer* output) override; 168 }; 169 170 /** 171 * Abstract base for all RSA operation factories. This class exists mainly to centralize some code 172 * common to all RSA operation factories. 173 */ 174 class RsaOperationFactory : public OperationFactory { 175 public: registry_key()176 KeyType registry_key() const override { return KeyType(KM_ALGORITHM_RSA, purpose()); } 177 virtual keymaster_purpose_t purpose() const = 0; 178 CreateOperation(const Key & key,const AuthorizationSet & begin_params,keymaster_error_t * error)179 Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params, 180 keymaster_error_t* error) override { 181 return CreateRsaOperation(key, begin_params, error); 182 } 183 const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override; 184 185 protected: 186 static EVP_PKEY* GetRsaKey(const Key& key, keymaster_error_t* error); 187 virtual RsaOperation* CreateRsaOperation(const Key& key, const AuthorizationSet& begin_params, 188 keymaster_error_t* error); 189 190 private: 191 virtual RsaOperation* InstantiateOperation(keymaster_digest_t digest, 192 keymaster_padding_t padding, EVP_PKEY* key) = 0; 193 }; 194 195 /** 196 * Abstract base for RSA operations that digest their input (signing and verification). 197 */ 198 class RsaDigestingOperationFactory : public RsaOperationFactory { 199 public: 200 const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override; 201 }; 202 203 /** 204 * Abstract base for en/de-crypting RSA operation factories. This class does most of the work of 205 * creating such operations, delegating only the actual operation instantiation. 206 */ 207 class RsaCryptingOperationFactory : public RsaOperationFactory { 208 public: 209 RsaOperation* CreateRsaOperation(const Key& key, const AuthorizationSet& begin_params, 210 keymaster_error_t* error) override; 211 const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override; 212 }; 213 214 /** 215 * Concrete factory for RSA signing operations. 216 */ 217 class RsaSigningOperationFactory : public RsaDigestingOperationFactory { 218 public: purpose()219 keymaster_purpose_t purpose() const override { return KM_PURPOSE_SIGN; } InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)220 RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, 221 EVP_PKEY* key) override { 222 return new (std::nothrow) RsaSignOperation(digest, padding, key); 223 } 224 }; 225 226 /** 227 * Concrete factory for RSA signing operations. 228 */ 229 class RsaVerificationOperationFactory : public RsaDigestingOperationFactory { purpose()230 keymaster_purpose_t purpose() const override { return KM_PURPOSE_VERIFY; } InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)231 RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, 232 EVP_PKEY* key) override { 233 return new (std::nothrow) RsaVerifyOperation(digest, padding, key); 234 } 235 }; 236 237 /** 238 * Concrete factory for RSA signing operations. 239 */ 240 class RsaEncryptionOperationFactory : public RsaCryptingOperationFactory { purpose()241 keymaster_purpose_t purpose() const override { return KM_PURPOSE_ENCRYPT; } InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)242 RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, 243 EVP_PKEY* key) override { 244 return new (std::nothrow) RsaEncryptOperation(digest, padding, key); 245 } 246 }; 247 248 /** 249 * Concrete factory for RSA signing operations. 250 */ 251 class RsaDecryptionOperationFactory : public RsaCryptingOperationFactory { purpose()252 keymaster_purpose_t purpose() const override { return KM_PURPOSE_DECRYPT; } InstantiateOperation(keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key)253 RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, 254 EVP_PKEY* key) override { 255 return new (std::nothrow) RsaDecryptOperation(digest, padding, key); 256 } 257 }; 258 259 } // namespace keymaster 260 261 #endif // SYSTEM_KEYMASTER_RSA_OPERATION_H_ 262