Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 2bf4ad32f195bd734e4d7e7d4ac52c051f182fbf / . / rsa_operation.h
blob: 30d62b8453d2f9f79ef74a142c0924114aadb9c5 [file] [log] [blame]
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef SYSTEM_KEYMASTER_RSA_OPERATION_H_
18#define SYSTEM_KEYMASTER_RSA_OPERATION_H_
19
20#include <UniquePtr.h>
21
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]22#include <openssl/evp.h>
23#include <openssl/rsa.h>
24
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]25#include "operation.h"
26
27namespace keymaster {
28
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]29/**
30 * Base class for all RSA operations.
31 *
32 * This class provides RSA key management, plus buffering of data for non-digesting modes.
33 */
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]34class RsaOperation : public Operation {
35 public:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]36 RsaOperation(keymaster_purpose_t purpose, keymaster_padding_t padding, EVP_PKEY* key)
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]37 : Operation(purpose), rsa_key_(key), padding_(padding) {}
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]38 ~RsaOperation();
39
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]40 keymaster_error_t Begin(const AuthorizationSet& /* input_params */,
41 AuthorizationSet* /* output_params */) override {
Shawn Willden111edb32015-02-05 22:44:24 -0700[diff] [blame]42 return KM_ERROR_OK;
43 }
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]44 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
45 Buffer* output, size_t* input_consumed) override;
46 keymaster_error_t Abort() override { return KM_ERROR_OK; }
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]47
48 protected:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]49 virtual int GetOpensslPadding(keymaster_error_t* error) = 0;
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]50
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]51 keymaster_error_t StoreData(const Buffer& input, size_t* input_consumed);
52 keymaster_error_t SetRsaPaddingInEvpContext(EVP_PKEY_CTX* pkey_ctx);
53
54 EVP_PKEY* rsa_key_;
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]55 keymaster_padding_t padding_;
56 Buffer data_;
57};
58
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]59/**
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]60 * Base class for all digesting RSA operations.
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]61 *
62 * This class adds digesting support, for digesting modes. For non-digesting modes, it falls back
63 * on the RsaOperation input buffering.
64 */
65class RsaDigestingOperation : public RsaOperation {
66 public:
67 RsaDigestingOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]68 keymaster_padding_t padding, EVP_PKEY* key);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]69 ~RsaDigestingOperation();
70
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]71 protected:
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]72 keymaster_error_t InitDigest();
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]73 int GetOpensslPadding(keymaster_error_t* error) override;
74
75 bool require_digest() const { return padding_ == KM_PAD_RSA_PSS; }
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]76
77 const keymaster_digest_t digest_;
78 const EVP_MD* digest_algorithm_;
79 EVP_MD_CTX digest_ctx_;
80};
81
82/**
83 * RSA private key signing operation.
84 */
85class RsaSignOperation : public RsaDigestingOperation {
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]86 public:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]87 RsaSignOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key)
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]88 : RsaDigestingOperation(KM_PURPOSE_SIGN, digest, padding, key) {}
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]89
90 keymaster_error_t Begin(const AuthorizationSet& input_params,
91 AuthorizationSet* output_params) override;
92 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
93 Buffer* output, size_t* input_consumed) override;
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]94 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature,
95 Buffer* output) override;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]96
97 private:
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]98 keymaster_error_t SignUndigested(Buffer* output);
99 keymaster_error_t SignDigested(Buffer* output);
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]100};
101
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]102/**
103 * RSA public key verification operation.
104 */
105class RsaVerifyOperation : public RsaDigestingOperation {
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]106 public:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]107 RsaVerifyOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key)
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]108 : RsaDigestingOperation(KM_PURPOSE_VERIFY, digest, padding, key) {}
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]109
110 keymaster_error_t Begin(const AuthorizationSet& input_params,
111 AuthorizationSet* output_params) override;
112 keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
113 Buffer* output, size_t* input_consumed) override;
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]114 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature,
115 Buffer* output) override;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]116
117 private:
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]118 keymaster_error_t VerifyUndigested(const Buffer& signature);
119 keymaster_error_t VerifyDigested(const Buffer& signature);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]120};
121
122/**
123 * Base class for RSA crypting operations.
124 */
125class RsaCryptOperation : public RsaOperation {
126 public:
127 RsaCryptOperation(keymaster_purpose_t, keymaster_padding_t padding, EVP_PKEY* key)
128 : RsaOperation(KM_PURPOSE_ENCRYPT, padding, key) {}
129
130 private:
131 int GetOpensslPadding(keymaster_error_t* error) override;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]132};
133
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]134/**
135 * RSA public key encryption operation.
136 */
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]137class RsaEncryptOperation : public RsaCryptOperation {
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]138 public:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]139 RsaEncryptOperation(keymaster_padding_t padding, EVP_PKEY* key)
140 : RsaCryptOperation(KM_PURPOSE_ENCRYPT, padding, key) {}
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]141 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature,
142 Buffer* output) override;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]143};
144
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]145/**
146 * RSA private key decryption operation.
147 */
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]148class RsaDecryptOperation : public RsaCryptOperation {
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]149 public:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]150 RsaDecryptOperation(keymaster_padding_t padding, EVP_PKEY* key)
151 : RsaCryptOperation(KM_PURPOSE_DECRYPT, padding, key) {}
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]152 keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature,
153 Buffer* output) override;
154};
155
156/**
157 * Abstract base for all RSA operation factories. This class exists mainly to centralize some code
158 * common to all RSA operation factories.
159 */
160class RsaOperationFactory : public OperationFactory {
161 public:
162 KeyType registry_key() const override { return KeyType(KM_ALGORITHM_RSA, purpose()); }
163 virtual keymaster_purpose_t purpose() const = 0;
164
165 protected:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]166 static EVP_PKEY* GetRsaKey(const Key& key, keymaster_error_t* error);
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]167};
168
169/**
170 * Abstract base for RSA operations that digest their input (signing and verification). This class
171 * does most of the work of creation of RSA digesting operations, delegating only the actual
172 * operation instantiation.
173 */
174class RsaDigestingOperationFactory : public RsaOperationFactory {
175 public:
176 virtual Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params,
177 keymaster_error_t* error);
178 const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override;
179 const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override;
180
181 private:
182 virtual Operation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding,
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]183 EVP_PKEY* key) = 0;
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]184};
185
186/**
187 * Abstract base for en/de-crypting RSA operation factories. This class does most of the work of
188 * creating such operations, delegating only the actual operation instantiation.
189 */
190class RsaCryptingOperationFactory : public RsaOperationFactory {
191 public:
192 virtual Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params,
193 keymaster_error_t* error);
194 const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override;
195 const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override;
196
197 private:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]198 virtual Operation* InstantiateOperation(keymaster_padding_t padding, EVP_PKEY* key) = 0;
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]199};
200
201/**
202 * Concrete factory for RSA signing operations.
203 */
204class RsaSigningOperationFactory : public RsaDigestingOperationFactory {
205 public:
206 keymaster_purpose_t purpose() const override { return KM_PURPOSE_SIGN; }
207 Operation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding,
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]208 EVP_PKEY* key) override {
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]209 return new RsaSignOperation(digest, padding, key);
210 }
211};
212
213/**
214 * Concrete factory for RSA signing operations.
215 */
216class RsaVerificationOperationFactory : public RsaDigestingOperationFactory {
217 keymaster_purpose_t purpose() const override { return KM_PURPOSE_VERIFY; }
218 Operation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding,
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]219 EVP_PKEY* key) override {
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]220 return new RsaVerifyOperation(digest, padding, key);
221 }
222};
223
224/**
225 * Concrete factory for RSA signing operations.
226 */
227class RsaEncryptionOperationFactory : public RsaCryptingOperationFactory {
228 keymaster_purpose_t purpose() const override { return KM_PURPOSE_ENCRYPT; }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]229 Operation* InstantiateOperation(keymaster_padding_t padding, EVP_PKEY* key) override {
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]230 return new RsaEncryptOperation(padding, key);
231 }
232};
233
234/**
235 * Concrete factory for RSA signing operations.
236 */
237class RsaDecryptionOperationFactory : public RsaCryptingOperationFactory {
238 keymaster_purpose_t purpose() const override { return KM_PURPOSE_DECRYPT; }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame^]239 Operation* InstantiateOperation(keymaster_padding_t padding, EVP_PKEY* key) override {
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]240 return new RsaDecryptOperation(padding, key);
241 }
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]242};
243
244} // namespace keymaster
245
246#endif // SYSTEM_KEYMASTER_RSA_OPERATION_H_