hmac_operation.cpp revision c3326552d973ce34f0f3138333a05a4a1865a699 
1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "hmac_operation.h"
18
19#include <openssl/evp.h>
20#include <openssl/hmac.h>
21
22#include "openssl_err.h"
23#include "symmetric_key.h"
24
25#if defined(OPENSSL_IS_BORINGSSL)
26#include <openssl/mem.h>
27typedef size_t openssl_size_t;
28#else
29typedef int openssl_size_t;
30#endif
31
32namespace keymaster {
33
34/**
35 * Abstract base for HMAC operation factories.  This class does all of the work to create
36 * HMAC operations.
37 */
38class HmacOperationFactory : public OperationFactory {
39  public:
40    virtual KeyType registry_key() const { return KeyType(KM_ALGORITHM_HMAC, purpose()); }
41
42    virtual Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params,
43                                       keymaster_error_t* error);
44
45    virtual const keymaster_digest_t* SupportedDigests(size_t* digest_count) const;
46
47    virtual keymaster_purpose_t purpose() const = 0;
48};
49
50Operation* HmacOperationFactory::CreateOperation(const Key& key,
51                                                 const AuthorizationSet& begin_params,
52                                                 keymaster_error_t* error) {
53    uint32_t tag_length = 0;
54    begin_params.GetTagValue(TAG_MAC_LENGTH, &tag_length);
55    if (tag_length % 8 != 0) {
56        LOG_E("MAC length %d nod a multiple of 8 bits", tag_length);
57        *error = KM_ERROR_UNSUPPORTED_MAC_LENGTH;
58        return nullptr;
59    }
60
61    keymaster_digest_t digest;
62    if (!begin_params.GetTagValue(TAG_DIGEST, &digest)) {
63        LOG_E("%d digests specified in begin params", begin_params.GetTagCount(TAG_DIGEST));
64        *error = KM_ERROR_UNSUPPORTED_DIGEST;
65        return nullptr;
66    } else if (!key.authorizations().Contains(TAG_DIGEST, digest)) {
67        LOG_E("Digest %d was specified, but not authorized by key", digest);
68        *error = KM_ERROR_INCOMPATIBLE_DIGEST;
69        return nullptr;
70    }
71
72    const SymmetricKey* symmetric_key = static_cast<const SymmetricKey*>(&key);
73    UniquePtr<HmacOperation> op(new HmacOperation(purpose(), symmetric_key->key_data(),
74                                                  symmetric_key->key_data_size(), digest,
75                                                  tag_length / 8));
76    if (!op.get())
77        *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
78    else
79        *error = op->error();
80
81    if (*error != KM_ERROR_OK)
82        return nullptr;
83
84    return op.release();
85}
86
87static keymaster_digest_t supported_digests[] = {KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
88                                                 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
89                                                 KM_DIGEST_SHA_2_512};
90const keymaster_digest_t* HmacOperationFactory::SupportedDigests(size_t* digest_count) const {
91    *digest_count = array_length(supported_digests);
92    return supported_digests;
93}
94
95/**
96 * Concrete factory for creating HMAC signing operations.
97 */
98class HmacSignOperationFactory : public HmacOperationFactory {
99    keymaster_purpose_t purpose() const { return KM_PURPOSE_SIGN; }
100};
101static OperationFactoryRegistry::Registration<HmacSignOperationFactory> sign_registration;
102
103/**
104 * Concrete factory for creating HMAC verification operations.
105 */
106class HmacVerifyOperationFactory : public HmacOperationFactory {
107    keymaster_purpose_t purpose() const { return KM_PURPOSE_VERIFY; }
108};
109static OperationFactoryRegistry::Registration<HmacVerifyOperationFactory> verify_registration;
110
111HmacOperation::HmacOperation(keymaster_purpose_t purpose, const uint8_t* key_data,
112                             size_t key_data_size, keymaster_digest_t digest, size_t tag_length)
113    : Operation(purpose), error_(KM_ERROR_OK), tag_length_(tag_length) {
114    // Initialize CTX first, so dtor won't crash even if we error out later.
115    HMAC_CTX_init(&ctx_);
116
117    const EVP_MD* md = nullptr;
118    switch (digest) {
119    case KM_DIGEST_NONE:
120    case KM_DIGEST_MD5:
121        error_ = KM_ERROR_UNSUPPORTED_DIGEST;
122        break;
123    case KM_DIGEST_SHA1:
124        md = EVP_sha1();
125        break;
126    case KM_DIGEST_SHA_2_224:
127        md = EVP_sha224();
128        break;
129    case KM_DIGEST_SHA_2_256:
130        md = EVP_sha256();
131        break;
132    case KM_DIGEST_SHA_2_384:
133        md = EVP_sha384();
134        break;
135    case KM_DIGEST_SHA_2_512:
136        md = EVP_sha512();
137        break;
138    }
139
140    if (md == nullptr) {
141        error_ = KM_ERROR_UNSUPPORTED_DIGEST;
142        return;
143    }
144
145    HMAC_Init_ex(&ctx_, key_data, key_data_size, md, NULL /* engine */);
146}
147
148HmacOperation::~HmacOperation() {
149    HMAC_CTX_cleanup(&ctx_);
150}
151
152keymaster_error_t HmacOperation::Begin(const AuthorizationSet& /* input_params */,
153                                       AuthorizationSet* /* output_params */) {
154    return error_;
155}
156
157keymaster_error_t HmacOperation::Update(const AuthorizationSet& /* additional_params */,
158                                        const Buffer& input, Buffer* /* output */,
159                                        size_t* input_consumed) {
160    if (!HMAC_Update(&ctx_, input.peek_read(), input.available_read()))
161        return TranslateLastOpenSslError();
162    *input_consumed = input.available_read();
163    return KM_ERROR_OK;
164}
165
166keymaster_error_t HmacOperation::Abort() {
167    return KM_ERROR_OK;
168}
169
170keymaster_error_t HmacOperation::Finish(const AuthorizationSet& /* additional_params */,
171                                        const Buffer& signature, Buffer* output) {
172    uint8_t digest[EVP_MAX_MD_SIZE];
173    unsigned int digest_len;
174    if (!HMAC_Final(&ctx_, digest, &digest_len))
175        return TranslateLastOpenSslError();
176
177    switch (purpose()) {
178    case KM_PURPOSE_SIGN:
179        if (tag_length_ > digest_len)
180            return KM_ERROR_UNSUPPORTED_MAC_LENGTH;
181        if (!output->reserve(tag_length_) || !output->write(digest, tag_length_))
182            return KM_ERROR_MEMORY_ALLOCATION_FAILED;
183        return KM_ERROR_OK;
184    case KM_PURPOSE_VERIFY:
185        if (signature.available_read() > digest_len)
186            return KM_ERROR_INVALID_INPUT_LENGTH;
187        if (CRYPTO_memcmp(signature.peek_read(), digest, signature.available_read()) != 0)
188            return KM_ERROR_VERIFICATION_FAILED;
189        return KM_ERROR_OK;
190    default:
191        return KM_ERROR_UNSUPPORTED_PURPOSE;
192    }
193}
194
195}  // namespace keymaster
196