Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #ifndef SYSTEM_KEYMASTER_RSA_OPERATION_H_ |
| 18 | #define SYSTEM_KEYMASTER_RSA_OPERATION_H_ |
| 19 | |
| 20 | #include <UniquePtr.h> |
| 21 | |
Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 22 | #include <openssl/evp.h> |
| 23 | #include <openssl/rsa.h> |
| 24 | |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 25 | #include "operation.h" |
| 26 | |
| 27 | namespace keymaster { |
| 28 | |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 29 | /** |
| 30 | * Base class for all RSA operations. |
| 31 | * |
| 32 | * This class provides RSA key management, plus buffering of data for non-digesting modes. |
| 33 | */ |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 34 | class RsaOperation : public Operation { |
| 35 | public: |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 36 | RsaOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, |
| 37 | keymaster_padding_t padding, EVP_PKEY* key) |
| 38 | : Operation(purpose), rsa_key_(key), padding_(padding), digest_(digest), |
| 39 | digest_algorithm_(nullptr) {} |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 40 | ~RsaOperation(); |
| 41 | |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 42 | keymaster_error_t Begin(const AuthorizationSet& input_params, |
| 43 | AuthorizationSet* output_params) override; |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 44 | keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, |
Shawn Willden | ded8e7d | 2015-06-01 15:29:12 -0600 | [diff] [blame] | 45 | AuthorizationSet* output_params, Buffer* output, |
| 46 | size_t* input_consumed) override; |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 47 | keymaster_error_t Abort() override { return KM_ERROR_OK; } |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 48 | |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 49 | keymaster_padding_t padding() const { return padding_; } |
| 50 | keymaster_digest_t digest() const { return digest_; } |
| 51 | |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 52 | protected: |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 53 | virtual int GetOpensslPadding(keymaster_error_t* error) = 0; |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 54 | virtual bool require_digest() const = 0; |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 55 | |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 56 | keymaster_error_t StoreData(const Buffer& input, size_t* input_consumed); |
| 57 | keymaster_error_t SetRsaPaddingInEvpContext(EVP_PKEY_CTX* pkey_ctx); |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 58 | keymaster_error_t InitDigest(); |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 59 | |
| 60 | EVP_PKEY* rsa_key_; |
Shawn Willden | 2612fb5 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 61 | const keymaster_padding_t padding_; |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 62 | Buffer data_; |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 63 | const keymaster_digest_t digest_; |
| 64 | const EVP_MD* digest_algorithm_; |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 65 | }; |
| 66 | |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 67 | /** |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 68 | * Base class for all digesting RSA operations. |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 69 | * |
| 70 | * This class adds digesting support, for digesting modes. For non-digesting modes, it falls back |
| 71 | * on the RsaOperation input buffering. |
| 72 | */ |
| 73 | class RsaDigestingOperation : public RsaOperation { |
| 74 | public: |
| 75 | RsaDigestingOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 76 | keymaster_padding_t padding, EVP_PKEY* key); |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 77 | ~RsaDigestingOperation(); |
| 78 | |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 79 | protected: |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 80 | int GetOpensslPadding(keymaster_error_t* error) override; |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 81 | bool require_digest() const override { return padding_ == KM_PAD_RSA_PSS; } |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 82 | EVP_MD_CTX digest_ctx_; |
| 83 | }; |
| 84 | |
| 85 | /** |
| 86 | * RSA private key signing operation. |
| 87 | */ |
| 88 | class RsaSignOperation : public RsaDigestingOperation { |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 89 | public: |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 90 | RsaSignOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 91 | : RsaDigestingOperation(KM_PURPOSE_SIGN, digest, padding, key) {} |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 92 | |
| 93 | keymaster_error_t Begin(const AuthorizationSet& input_params, |
| 94 | AuthorizationSet* output_params) override; |
| 95 | keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, |
Shawn Willden | ded8e7d | 2015-06-01 15:29:12 -0600 | [diff] [blame] | 96 | AuthorizationSet* output_params, Buffer* output, |
| 97 | size_t* input_consumed) override; |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 98 | keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature, |
Shawn Willden | ded8e7d | 2015-06-01 15:29:12 -0600 | [diff] [blame] | 99 | AuthorizationSet* output_params, Buffer* output) override; |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 100 | |
| 101 | private: |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 102 | keymaster_error_t SignUndigested(Buffer* output); |
| 103 | keymaster_error_t SignDigested(Buffer* output); |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 104 | }; |
| 105 | |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 106 | /** |
| 107 | * RSA public key verification operation. |
| 108 | */ |
| 109 | class RsaVerifyOperation : public RsaDigestingOperation { |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 110 | public: |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 111 | RsaVerifyOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 112 | : RsaDigestingOperation(KM_PURPOSE_VERIFY, digest, padding, key) {} |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 113 | |
| 114 | keymaster_error_t Begin(const AuthorizationSet& input_params, |
| 115 | AuthorizationSet* output_params) override; |
| 116 | keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, |
Shawn Willden | ded8e7d | 2015-06-01 15:29:12 -0600 | [diff] [blame] | 117 | AuthorizationSet* output_params, Buffer* output, |
| 118 | size_t* input_consumed) override; |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 119 | keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature, |
Shawn Willden | ded8e7d | 2015-06-01 15:29:12 -0600 | [diff] [blame] | 120 | AuthorizationSet* output_params, Buffer* output) override; |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 121 | |
| 122 | private: |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 123 | keymaster_error_t VerifyUndigested(const Buffer& signature); |
| 124 | keymaster_error_t VerifyDigested(const Buffer& signature); |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 125 | }; |
| 126 | |
| 127 | /** |
| 128 | * Base class for RSA crypting operations. |
| 129 | */ |
| 130 | class RsaCryptOperation : public RsaOperation { |
| 131 | public: |
Shawn Willden | 2612fb5 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 132 | RsaCryptOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, |
| 133 | keymaster_padding_t padding, EVP_PKEY* key) |
| 134 | : RsaOperation(purpose, digest, padding, key) {} |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 135 | |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 136 | protected: |
| 137 | keymaster_error_t SetOaepDigestIfRequired(EVP_PKEY_CTX* pkey_ctx); |
| 138 | |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 139 | private: |
| 140 | int GetOpensslPadding(keymaster_error_t* error) override; |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 141 | bool require_digest() const override { return padding_ == KM_PAD_RSA_OAEP; } |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 142 | }; |
| 143 | |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 144 | /** |
| 145 | * RSA public key encryption operation. |
| 146 | */ |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 147 | class RsaEncryptOperation : public RsaCryptOperation { |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 148 | public: |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 149 | RsaEncryptOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) |
| 150 | : RsaCryptOperation(KM_PURPOSE_ENCRYPT, digest, padding, key) {} |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 151 | keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature, |
Shawn Willden | ded8e7d | 2015-06-01 15:29:12 -0600 | [diff] [blame] | 152 | AuthorizationSet* output_params, Buffer* output) override; |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 153 | }; |
| 154 | |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 155 | /** |
| 156 | * RSA private key decryption operation. |
| 157 | */ |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 158 | class RsaDecryptOperation : public RsaCryptOperation { |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 159 | public: |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 160 | RsaDecryptOperation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) |
| 161 | : RsaCryptOperation(KM_PURPOSE_DECRYPT, digest, padding, key) {} |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 162 | keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature, |
Shawn Willden | ded8e7d | 2015-06-01 15:29:12 -0600 | [diff] [blame] | 163 | AuthorizationSet* output_params, Buffer* output) override; |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 164 | }; |
| 165 | |
| 166 | /** |
| 167 | * Abstract base for all RSA operation factories. This class exists mainly to centralize some code |
| 168 | * common to all RSA operation factories. |
| 169 | */ |
| 170 | class RsaOperationFactory : public OperationFactory { |
| 171 | public: |
| 172 | KeyType registry_key() const override { return KeyType(KM_ALGORITHM_RSA, purpose()); } |
| 173 | virtual keymaster_purpose_t purpose() const = 0; |
| 174 | |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 175 | Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params, |
| 176 | keymaster_error_t* error) override { |
| 177 | return CreateRsaOperation(key, begin_params, error); |
| 178 | } |
| 179 | const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override; |
| 180 | |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 181 | protected: |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 182 | static EVP_PKEY* GetRsaKey(const Key& key, keymaster_error_t* error); |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 183 | virtual RsaOperation* CreateRsaOperation(const Key& key, const AuthorizationSet& begin_params, |
| 184 | keymaster_error_t* error); |
| 185 | |
| 186 | private: |
| 187 | virtual RsaOperation* InstantiateOperation(keymaster_digest_t digest, |
| 188 | keymaster_padding_t padding, EVP_PKEY* key) = 0; |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 189 | }; |
| 190 | |
| 191 | /** |
Shawn Willden | 2612fb5 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 192 | * Abstract base for RSA operations that digest their input (signing and verification). |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 193 | */ |
| 194 | class RsaDigestingOperationFactory : public RsaOperationFactory { |
| 195 | public: |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 196 | const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override; |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 197 | }; |
| 198 | |
| 199 | /** |
| 200 | * Abstract base for en/de-crypting RSA operation factories. This class does most of the work of |
| 201 | * creating such operations, delegating only the actual operation instantiation. |
| 202 | */ |
| 203 | class RsaCryptingOperationFactory : public RsaOperationFactory { |
| 204 | public: |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 205 | RsaOperation* CreateRsaOperation(const Key& key, const AuthorizationSet& begin_params, |
| 206 | keymaster_error_t* error) override; |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 207 | const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override; |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 208 | }; |
| 209 | |
| 210 | /** |
| 211 | * Concrete factory for RSA signing operations. |
| 212 | */ |
| 213 | class RsaSigningOperationFactory : public RsaDigestingOperationFactory { |
| 214 | public: |
| 215 | keymaster_purpose_t purpose() const override { return KM_PURPOSE_SIGN; } |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 216 | RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, |
| 217 | EVP_PKEY* key) override { |
Shawn Willden | 0f906ec | 2015-06-20 09:16:30 -0600 | [diff] [blame] | 218 | return new (std::nothrow) RsaSignOperation(digest, padding, key); |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 219 | } |
| 220 | }; |
| 221 | |
| 222 | /** |
| 223 | * Concrete factory for RSA signing operations. |
| 224 | */ |
| 225 | class RsaVerificationOperationFactory : public RsaDigestingOperationFactory { |
| 226 | keymaster_purpose_t purpose() const override { return KM_PURPOSE_VERIFY; } |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 227 | RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, |
| 228 | EVP_PKEY* key) override { |
Shawn Willden | 0f906ec | 2015-06-20 09:16:30 -0600 | [diff] [blame] | 229 | return new (std::nothrow) RsaVerifyOperation(digest, padding, key); |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 230 | } |
| 231 | }; |
| 232 | |
| 233 | /** |
| 234 | * Concrete factory for RSA signing operations. |
| 235 | */ |
| 236 | class RsaEncryptionOperationFactory : public RsaCryptingOperationFactory { |
| 237 | keymaster_purpose_t purpose() const override { return KM_PURPOSE_ENCRYPT; } |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 238 | RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, |
| 239 | EVP_PKEY* key) override { |
| 240 | return new (std::nothrow) RsaEncryptOperation(digest, padding, key); |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 241 | } |
| 242 | }; |
| 243 | |
| 244 | /** |
| 245 | * Concrete factory for RSA signing operations. |
| 246 | */ |
| 247 | class RsaDecryptionOperationFactory : public RsaCryptingOperationFactory { |
| 248 | keymaster_purpose_t purpose() const override { return KM_PURPOSE_DECRYPT; } |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 249 | RsaOperation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding, |
| 250 | EVP_PKEY* key) override { |
| 251 | return new (std::nothrow) RsaDecryptOperation(digest, padding, key); |
Shawn Willden | 0629810 | 2015-05-25 23:12:48 -0600 | [diff] [blame] | 252 | } |
Shawn Willden | 0a4df7e | 2014-08-28 16:09:05 -0600 | [diff] [blame] | 253 | }; |
| 254 | |
| 255 | } // namespace keymaster |
| 256 | |
| 257 | #endif // SYSTEM_KEYMASTER_RSA_OPERATION_H_ |