Home | History | Annotate | Download | only in keymaster 
      1 /*
      2  * Copyright 2015 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #include "rsa_keymaster1_operation.h"
     18 
     19 #include <memory>
     20 
     21 #include <keymaster/android_keymaster_utils.h>
     22 
     23 #include "openssl_err.h"
     24 #include "openssl_utils.h"
     25 #include "rsa_keymaster1_key.h"
     26 
     27 using std::unique_ptr;
     28 
     29 namespace keymaster {
     30 
     31 keymaster_error_t RsaKeymaster1WrappedOperation::Begin(EVP_PKEY* rsa_key,
     32                                                        const AuthorizationSet& input_params) {
     33     Keymaster1Engine::KeyData* key_data = engine_->GetData(rsa_key);
     34     if (!key_data)
     35         return KM_ERROR_UNKNOWN_ERROR;
     36 
     37     // Copy the input params and substitute KM_DIGEST_NONE for whatever was specified.  Also change
     38     // KM_PAD_RSA_PSS and KM_PAD_OAEP to KM_PAD_NONE, if necessary. These are the params we'll pass
     39     // to the hardware module.  The regular Rsa*Operation classes will do software digesting and
     40     // padding where we've told the HW not to.
     41     //
     42     // The reason we don't change KM_PAD_RSA_PKCS1_1_5_SIGN or KM_PAD_RSA_PKCS1_1_5_ENCRYPT to
     43     // KM_PAD_NONE is because the hardware can perform those padding modes, since they don't involve
     44     // digesting.
     45     //
     46     // We also cache in the key the padding value that we expect to be passed to the engine crypto
     47     // operation.  This just allows us to double-check that the correct padding value is reaching
     48     // that layer.
     49     AuthorizationSet begin_params(input_params);
     50     int pos = begin_params.find(TAG_DIGEST);
     51     if (pos == -1)
     52         return KM_ERROR_UNSUPPORTED_DIGEST;
     53     begin_params[pos].enumerated = KM_DIGEST_NONE;
     54 
     55     pos = begin_params.find(TAG_PADDING);
     56     if (pos == -1)
     57         return KM_ERROR_UNSUPPORTED_PADDING_MODE;
     58     switch (begin_params[pos].enumerated) {
     59 
     60     case KM_PAD_RSA_PSS:
     61     case KM_PAD_RSA_OAEP:
     62         key_data->expected_openssl_padding = RSA_NO_PADDING;
     63         begin_params[pos].enumerated = KM_PAD_NONE;
     64         break;
     65 
     66     case KM_PAD_RSA_PKCS1_1_5_ENCRYPT:
     67     case KM_PAD_RSA_PKCS1_1_5_SIGN:
     68         key_data->expected_openssl_padding = RSA_PKCS1_PADDING;
     69         break;
     70     }
     71 
     72     return engine_->device()->begin(engine_->device(), purpose_, &key_data->key_material,
     73                                     &begin_params, nullptr /* out_params */, &operation_handle_);
     74 }
     75 
     76 keymaster_error_t
     77 RsaKeymaster1WrappedOperation::PrepareFinish(EVP_PKEY* rsa_key,
     78                                              const AuthorizationSet& input_params) {
     79     Keymaster1Engine::KeyData* key_data = engine_->GetData(rsa_key);
     80     if (!key_data) {
     81         LOG_E("Could not get extended key data... not a Keymaster1Engine key?", 0);
     82         return KM_ERROR_UNKNOWN_ERROR;
     83     }
     84     key_data->op_handle = operation_handle_;
     85     key_data->finish_params.Reinitialize(input_params);
     86 
     87     return KM_ERROR_OK;
     88 }
     89 
     90 keymaster_error_t RsaKeymaster1WrappedOperation::Abort() {
     91     return engine_->device()->abort(engine_->device(), operation_handle_);
     92 }
     93 
     94 keymaster_error_t RsaKeymaster1WrappedOperation::GetError(EVP_PKEY* rsa_key) {
     95     Keymaster1Engine::KeyData* key_data = engine_->GetData(rsa_key);  // key_data is owned by rsa
     96     if (!key_data)
     97         return KM_ERROR_UNKNOWN_ERROR;
     98     return key_data->error;
     99 }
    100 
    101 static EVP_PKEY* GetEvpKey(const RsaKeymaster1Key& key, keymaster_error_t* error) {
    102     if (!key.key()) {
    103         *error = KM_ERROR_UNKNOWN_ERROR;
    104         return nullptr;
    105     }
    106 
    107     UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
    108     if (!key.InternalToEvp(pkey.get())) {
    109         *error = KM_ERROR_UNKNOWN_ERROR;
    110         return nullptr;
    111     }
    112     return pkey.release();
    113 }
    114 
    115 Operation* RsaKeymaster1OperationFactory::CreateOperation(const Key& key,
    116                                                           const AuthorizationSet& begin_params,
    117                                                           keymaster_error_t* error) {
    118     keymaster_digest_t digest;
    119     if (!GetAndValidateDigest(begin_params, key, &digest, error))
    120         return nullptr;
    121 
    122     keymaster_padding_t padding;
    123     if (!GetAndValidatePadding(begin_params, key, &padding, error))
    124         return nullptr;
    125 
    126     const RsaKeymaster1Key& rsa_km1_key(static_cast<const RsaKeymaster1Key&>(key));
    127     unique_ptr<EVP_PKEY, EVP_PKEY_Delete> rsa(GetEvpKey(rsa_km1_key, error));
    128     if (!rsa)
    129         return nullptr;
    130 
    131     switch (purpose_) {
    132     case KM_PURPOSE_SIGN:
    133         return new RsaKeymaster1Operation<RsaSignOperation>(digest, padding, rsa.release(),
    134                                                             engine_);
    135     case KM_PURPOSE_DECRYPT:
    136         return new RsaKeymaster1Operation<RsaDecryptOperation>(digest, padding, rsa.release(),
    137                                                                engine_);
    138     default:
    139         LOG_E("Bug: Pubkey operation requested.  Those should be handled by normal RSA operations.",
    140               0);
    141         *error = KM_ERROR_UNSUPPORTED_PURPOSE;
    142         return nullptr;
    143     }
    144 }
    145 
    146 static const keymaster_digest_t supported_digests[] = {
    147     KM_DIGEST_NONE,      KM_DIGEST_MD5,       KM_DIGEST_SHA1,     KM_DIGEST_SHA_2_224,
    148     KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512};
    149 
    150 const keymaster_digest_t*
    151 RsaKeymaster1OperationFactory::SupportedDigests(size_t* digest_count) const {
    152     *digest_count = array_length(supported_digests);
    153     return supported_digests;
    154 }
    155 
    156 static const keymaster_padding_t supported_sig_padding[] = {
    157     KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS,
    158 };
    159 static const keymaster_padding_t supported_crypt_padding[] = {
    160     KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_ENCRYPT, KM_PAD_RSA_OAEP,
    161 };
    162 
    163 const keymaster_padding_t*
    164 RsaKeymaster1OperationFactory::SupportedPaddingModes(size_t* padding_mode_count) const {
    165     switch (purpose_) {
    166     case KM_PURPOSE_SIGN:
    167     case KM_PURPOSE_VERIFY:
    168         *padding_mode_count = array_length(supported_sig_padding);
    169         return supported_sig_padding;
    170     case KM_PURPOSE_ENCRYPT:
    171     case KM_PURPOSE_DECRYPT:
    172         *padding_mode_count = array_length(supported_crypt_padding);
    173         return supported_crypt_padding;
    174     default:
    175         *padding_mode_count = 0;
    176         return nullptr;
    177     }
    178 }
    179 
    180 }  // namespace keymaster
    181