Home | History | Annotate | Download | only in keymaster 
      1 /*
      2  * Copyright 2015 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #ifndef SYSTEM_KEYMASTER_RSA_KEYMASTER1_OPERATION_H_
     18 #define SYSTEM_KEYMASTER_RSA_KEYMASTER1_OPERATION_H_
     19 
     20 #include <openssl/evp.h>
     21 
     22 #include <hardware/keymaster1.h>
     23 #include <keymaster/android_keymaster_utils.h>
     24 
     25 #include "keymaster1_engine.h"
     26 #include "rsa_operation.h"
     27 
     28 namespace keymaster {
     29 
     30 class RsaKeymaster1WrappedOperation {
     31   public:
     32     RsaKeymaster1WrappedOperation(keymaster_purpose_t purpose, const Keymaster1Engine* engine)
     33         : purpose_(purpose), operation_handle_(0), engine_(engine) {}
     34     ~RsaKeymaster1WrappedOperation() {
     35         if (operation_handle_)
     36             Abort();
     37     }
     38 
     39     keymaster_error_t Begin(EVP_PKEY* rsa_key, const AuthorizationSet& input_params);
     40     keymaster_error_t PrepareFinish(EVP_PKEY* rsa_key, const AuthorizationSet& input_params);
     41     void Finish() { operation_handle_ = 0; }
     42     keymaster_error_t Abort();
     43 
     44     keymaster_error_t GetError(EVP_PKEY* rsa_key);
     45 
     46   protected:
     47     keymaster_purpose_t purpose_;
     48     keymaster_operation_handle_t operation_handle_;
     49     const Keymaster1Engine* engine_;
     50 };
     51 
     52 template <typename BaseOperation> class RsaKeymaster1Operation : public BaseOperation {
     53     typedef BaseOperation super;
     54 
     55   public:
     56     RsaKeymaster1Operation(keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key,
     57                            const Keymaster1Engine* engine)
     58         : BaseOperation(digest, padding, key), wrapped_operation_(super::purpose(), engine) {
     59         // Shouldn't be instantiated for public key operations.
     60         assert(super::purpose() != KM_PURPOSE_VERIFY);
     61         assert(super::purpose() != KM_PURPOSE_ENCRYPT);
     62     }
     63 
     64     keymaster_error_t Begin(const AuthorizationSet& input_params,
     65                             AuthorizationSet* output_params) override {
     66         keymaster_error_t error = wrapped_operation_.Begin(super::rsa_key_, input_params);
     67         if (error != KM_ERROR_OK)
     68             return error;
     69         return super::Begin(input_params, output_params);
     70     }
     71 
     72     keymaster_error_t Finish(const AuthorizationSet& input_params, const Buffer& input,
     73                              const Buffer& signature, AuthorizationSet* output_params,
     74                              Buffer* output) override {
     75         keymaster_error_t error = wrapped_operation_.PrepareFinish(super::rsa_key_, input_params);
     76         if (error != KM_ERROR_OK)
     77             return error;
     78         error = super::Finish(input_params, input, signature, output_params, output);
     79         if (wrapped_operation_.GetError(super::rsa_key_) != KM_ERROR_OK)
     80             error = wrapped_operation_.GetError(super::rsa_key_);
     81         if (error == KM_ERROR_OK)
     82             wrapped_operation_.Finish();
     83         return error;
     84     }
     85 
     86     keymaster_error_t Abort() override {
     87         keymaster_error_t error = wrapped_operation_.Abort();
     88         if (error != KM_ERROR_OK)
     89             return error;
     90         return super::Abort();
     91     }
     92 
     93   private:
     94     RsaKeymaster1WrappedOperation wrapped_operation_;
     95 };
     96 
     97 /**
     98  * Factory that produces RsaKeymaster1Operations.  This is instantiated and
     99  * provided by RsaKeymaster1KeyFactory.
    100  */
    101 class RsaKeymaster1OperationFactory : public OperationFactory {
    102   public:
    103     RsaKeymaster1OperationFactory(keymaster_purpose_t purpose, const Keymaster1Engine* engine)
    104         : purpose_(purpose), engine_(engine) {}
    105     KeyType registry_key() const override { return KeyType(KM_ALGORITHM_RSA, purpose_); }
    106 
    107     Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params,
    108                                keymaster_error_t* error) override;
    109 
    110     const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override;
    111     const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override;
    112 
    113   private:
    114     keymaster_purpose_t purpose_;
    115     const Keymaster1Engine* engine_;
    116 };
    117 
    118 }  // namespace keymaster
    119 
    120 #endif  // SYSTEM_KEYMASTER_RSA_KEYMASTER1_OPERATION_H_
    121