hmac_operation.cpp revision c3326552d973ce34f0f3138333a05a4a1865a699
1/* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include "hmac_operation.h" 18 19#include <openssl/evp.h> 20#include <openssl/hmac.h> 21 22#include "openssl_err.h" 23#include "symmetric_key.h" 24 25#if defined(OPENSSL_IS_BORINGSSL) 26#include <openssl/mem.h> 27typedef size_t openssl_size_t; 28#else 29typedef int openssl_size_t; 30#endif 31 32namespace keymaster { 33 34/** 35 * Abstract base for HMAC operation factories. This class does all of the work to create 36 * HMAC operations. 37 */ 38class HmacOperationFactory : public OperationFactory { 39 public: 40 virtual KeyType registry_key() const { return KeyType(KM_ALGORITHM_HMAC, purpose()); } 41 42 virtual Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params, 43 keymaster_error_t* error); 44 45 virtual const keymaster_digest_t* SupportedDigests(size_t* digest_count) const; 46 47 virtual keymaster_purpose_t purpose() const = 0; 48}; 49 50Operation* HmacOperationFactory::CreateOperation(const Key& key, 51 const AuthorizationSet& begin_params, 52 keymaster_error_t* error) { 53 uint32_t tag_length = 0; 54 begin_params.GetTagValue(TAG_MAC_LENGTH, &tag_length); 55 if (tag_length % 8 != 0) { 56 LOG_E("MAC length %d nod a multiple of 8 bits", tag_length); 57 *error = KM_ERROR_UNSUPPORTED_MAC_LENGTH; 58 return nullptr; 59 } 60 61 keymaster_digest_t digest; 62 if (!begin_params.GetTagValue(TAG_DIGEST, &digest)) { 63 LOG_E("%d digests specified in begin params", begin_params.GetTagCount(TAG_DIGEST)); 64 *error = KM_ERROR_UNSUPPORTED_DIGEST; 65 return nullptr; 66 } else if (!key.authorizations().Contains(TAG_DIGEST, digest)) { 67 LOG_E("Digest %d was specified, but not authorized by key", digest); 68 *error = KM_ERROR_INCOMPATIBLE_DIGEST; 69 return nullptr; 70 } 71 72 const SymmetricKey* symmetric_key = static_cast<const SymmetricKey*>(&key); 73 UniquePtr<HmacOperation> op(new HmacOperation(purpose(), symmetric_key->key_data(), 74 symmetric_key->key_data_size(), digest, 75 tag_length / 8)); 76 if (!op.get()) 77 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED; 78 else 79 *error = op->error(); 80 81 if (*error != KM_ERROR_OK) 82 return nullptr; 83 84 return op.release(); 85} 86 87static keymaster_digest_t supported_digests[] = {KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, 88 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, 89 KM_DIGEST_SHA_2_512}; 90const keymaster_digest_t* HmacOperationFactory::SupportedDigests(size_t* digest_count) const { 91 *digest_count = array_length(supported_digests); 92 return supported_digests; 93} 94 95/** 96 * Concrete factory for creating HMAC signing operations. 97 */ 98class HmacSignOperationFactory : public HmacOperationFactory { 99 keymaster_purpose_t purpose() const { return KM_PURPOSE_SIGN; } 100}; 101static OperationFactoryRegistry::Registration<HmacSignOperationFactory> sign_registration; 102 103/** 104 * Concrete factory for creating HMAC verification operations. 105 */ 106class HmacVerifyOperationFactory : public HmacOperationFactory { 107 keymaster_purpose_t purpose() const { return KM_PURPOSE_VERIFY; } 108}; 109static OperationFactoryRegistry::Registration<HmacVerifyOperationFactory> verify_registration; 110 111HmacOperation::HmacOperation(keymaster_purpose_t purpose, const uint8_t* key_data, 112 size_t key_data_size, keymaster_digest_t digest, size_t tag_length) 113 : Operation(purpose), error_(KM_ERROR_OK), tag_length_(tag_length) { 114 // Initialize CTX first, so dtor won't crash even if we error out later. 115 HMAC_CTX_init(&ctx_); 116 117 const EVP_MD* md = nullptr; 118 switch (digest) { 119 case KM_DIGEST_NONE: 120 case KM_DIGEST_MD5: 121 error_ = KM_ERROR_UNSUPPORTED_DIGEST; 122 break; 123 case KM_DIGEST_SHA1: 124 md = EVP_sha1(); 125 break; 126 case KM_DIGEST_SHA_2_224: 127 md = EVP_sha224(); 128 break; 129 case KM_DIGEST_SHA_2_256: 130 md = EVP_sha256(); 131 break; 132 case KM_DIGEST_SHA_2_384: 133 md = EVP_sha384(); 134 break; 135 case KM_DIGEST_SHA_2_512: 136 md = EVP_sha512(); 137 break; 138 } 139 140 if (md == nullptr) { 141 error_ = KM_ERROR_UNSUPPORTED_DIGEST; 142 return; 143 } 144 145 HMAC_Init_ex(&ctx_, key_data, key_data_size, md, NULL /* engine */); 146} 147 148HmacOperation::~HmacOperation() { 149 HMAC_CTX_cleanup(&ctx_); 150} 151 152keymaster_error_t HmacOperation::Begin(const AuthorizationSet& /* input_params */, 153 AuthorizationSet* /* output_params */) { 154 return error_; 155} 156 157keymaster_error_t HmacOperation::Update(const AuthorizationSet& /* additional_params */, 158 const Buffer& input, Buffer* /* output */, 159 size_t* input_consumed) { 160 if (!HMAC_Update(&ctx_, input.peek_read(), input.available_read())) 161 return TranslateLastOpenSslError(); 162 *input_consumed = input.available_read(); 163 return KM_ERROR_OK; 164} 165 166keymaster_error_t HmacOperation::Abort() { 167 return KM_ERROR_OK; 168} 169 170keymaster_error_t HmacOperation::Finish(const AuthorizationSet& /* additional_params */, 171 const Buffer& signature, Buffer* output) { 172 uint8_t digest[EVP_MAX_MD_SIZE]; 173 unsigned int digest_len; 174 if (!HMAC_Final(&ctx_, digest, &digest_len)) 175 return TranslateLastOpenSslError(); 176 177 switch (purpose()) { 178 case KM_PURPOSE_SIGN: 179 if (tag_length_ > digest_len) 180 return KM_ERROR_UNSUPPORTED_MAC_LENGTH; 181 if (!output->reserve(tag_length_) || !output->write(digest, tag_length_)) 182 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 183 return KM_ERROR_OK; 184 case KM_PURPOSE_VERIFY: 185 if (signature.available_read() > digest_len) 186 return KM_ERROR_INVALID_INPUT_LENGTH; 187 if (CRYPTO_memcmp(signature.peek_read(), digest, signature.available_read()) != 0) 188 return KM_ERROR_VERIFICATION_FAILED; 189 return KM_ERROR_OK; 190 default: 191 return KM_ERROR_UNSUPPORTED_PURPOSE; 192 } 193} 194 195} // namespace keymaster 196