1/*
2 * Copyright 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "rsa_keymaster1_operation.h"
18
19#include <memory>
20
21#include <keymaster/android_keymaster_utils.h>
22
23#include "openssl_err.h"
24#include "openssl_utils.h"
25#include "rsa_keymaster1_key.h"
26
27using std::unique_ptr;
28
29namespace keymaster {
30
31keymaster_error_t RsaKeymaster1WrappedOperation::Begin(EVP_PKEY* rsa_key,
32                                                       const AuthorizationSet& input_params) {
33    Keymaster1Engine::KeyData* key_data = engine_->GetData(rsa_key);
34    if (!key_data)
35        return KM_ERROR_UNKNOWN_ERROR;
36
37    // Copy the input params and substitute KM_DIGEST_NONE for whatever was specified.  Also change
38    // KM_PAD_RSA_PSS and KM_PAD_OAEP to KM_PAD_NONE, if necessary. These are the params we'll pass
39    // to the hardware module.  The regular Rsa*Operation classes will do software digesting and
40    // padding where we've told the HW not to.
41    //
42    // The reason we don't change KM_PAD_RSA_PKCS1_1_5_SIGN or KM_PAD_RSA_PKCS1_1_5_ENCRYPT to
43    // KM_PAD_NONE is because the hardware can perform those padding modes, since they don't involve
44    // digesting.
45    //
46    // We also cache in the key the padding value that we expect to be passed to the engine crypto
47    // operation.  This just allows us to double-check that the correct padding value is reaching
48    // that layer.
49    AuthorizationSet begin_params(input_params);
50    int pos = begin_params.find(TAG_DIGEST);
51    if (pos == -1)
52        return KM_ERROR_UNSUPPORTED_DIGEST;
53    begin_params[pos].enumerated = KM_DIGEST_NONE;
54
55    pos = begin_params.find(TAG_PADDING);
56    if (pos == -1)
57        return KM_ERROR_UNSUPPORTED_PADDING_MODE;
58    switch (begin_params[pos].enumerated) {
59
60    case KM_PAD_RSA_PSS:
61    case KM_PAD_RSA_OAEP:
62        key_data->expected_openssl_padding = RSA_NO_PADDING;
63        begin_params[pos].enumerated = KM_PAD_NONE;
64        break;
65
66    case KM_PAD_RSA_PKCS1_1_5_ENCRYPT:
67    case KM_PAD_RSA_PKCS1_1_5_SIGN:
68        key_data->expected_openssl_padding = RSA_PKCS1_PADDING;
69        break;
70    }
71
72    return engine_->device()->begin(engine_->device(), purpose_, &key_data->key_material,
73                                    &begin_params, nullptr /* out_params */, &operation_handle_);
74}
75
76keymaster_error_t
77RsaKeymaster1WrappedOperation::PrepareFinish(EVP_PKEY* rsa_key,
78                                             const AuthorizationSet& input_params) {
79    Keymaster1Engine::KeyData* key_data = engine_->GetData(rsa_key);
80    if (!key_data) {
81        LOG_E("Could not get extended key data... not a Keymaster1Engine key?", 0);
82        return KM_ERROR_UNKNOWN_ERROR;
83    }
84    key_data->op_handle = operation_handle_;
85    key_data->finish_params.Reinitialize(input_params);
86
87    return KM_ERROR_OK;
88}
89
90keymaster_error_t RsaKeymaster1WrappedOperation::Abort() {
91    return engine_->device()->abort(engine_->device(), operation_handle_);
92}
93
94keymaster_error_t RsaKeymaster1WrappedOperation::GetError(EVP_PKEY* rsa_key) {
95    Keymaster1Engine::KeyData* key_data = engine_->GetData(rsa_key);  // key_data is owned by rsa
96    if (!key_data)
97        return KM_ERROR_UNKNOWN_ERROR;
98    return key_data->error;
99}
100
101static EVP_PKEY* GetEvpKey(const RsaKeymaster1Key& key, keymaster_error_t* error) {
102    if (!key.key()) {
103        *error = KM_ERROR_UNKNOWN_ERROR;
104        return nullptr;
105    }
106
107    UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
108    if (!key.InternalToEvp(pkey.get())) {
109        *error = KM_ERROR_UNKNOWN_ERROR;
110        return nullptr;
111    }
112    return pkey.release();
113}
114
115Operation* RsaKeymaster1OperationFactory::CreateOperation(const Key& key,
116                                                          const AuthorizationSet& begin_params,
117                                                          keymaster_error_t* error) {
118    keymaster_digest_t digest;
119    if (!GetAndValidateDigest(begin_params, key, &digest, error))
120        return nullptr;
121
122    keymaster_padding_t padding;
123    if (!GetAndValidatePadding(begin_params, key, &padding, error))
124        return nullptr;
125
126    const RsaKeymaster1Key& rsa_km1_key(static_cast<const RsaKeymaster1Key&>(key));
127    unique_ptr<EVP_PKEY, EVP_PKEY_Delete> rsa(GetEvpKey(rsa_km1_key, error));
128    if (!rsa)
129        return nullptr;
130
131    switch (purpose_) {
132    case KM_PURPOSE_SIGN:
133        return new RsaKeymaster1Operation<RsaSignOperation>(digest, padding, rsa.release(),
134                                                            engine_);
135    case KM_PURPOSE_DECRYPT:
136        return new RsaKeymaster1Operation<RsaDecryptOperation>(digest, padding, rsa.release(),
137                                                               engine_);
138    default:
139        LOG_E("Bug: Pubkey operation requested.  Those should be handled by normal RSA operations.",
140              0);
141        *error = KM_ERROR_UNSUPPORTED_PURPOSE;
142        return nullptr;
143    }
144}
145
146static const keymaster_digest_t supported_digests[] = {
147    KM_DIGEST_NONE,      KM_DIGEST_MD5,       KM_DIGEST_SHA1,     KM_DIGEST_SHA_2_224,
148    KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512};
149
150const keymaster_digest_t*
151RsaKeymaster1OperationFactory::SupportedDigests(size_t* digest_count) const {
152    *digest_count = array_length(supported_digests);
153    return supported_digests;
154}
155
156static const keymaster_padding_t supported_sig_padding[] = {
157    KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS,
158};
159static const keymaster_padding_t supported_crypt_padding[] = {
160    KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_ENCRYPT, KM_PAD_RSA_OAEP,
161};
162
163const keymaster_padding_t*
164RsaKeymaster1OperationFactory::SupportedPaddingModes(size_t* padding_mode_count) const {
165    switch (purpose_) {
166    case KM_PURPOSE_SIGN:
167    case KM_PURPOSE_VERIFY:
168        *padding_mode_count = array_length(supported_sig_padding);
169        return supported_sig_padding;
170    case KM_PURPOSE_ENCRYPT:
171    case KM_PURPOSE_DECRYPT:
172        *padding_mode_count = array_length(supported_crypt_padding);
173        return supported_crypt_padding;
174    default:
175        *padding_mode_count = 0;
176        return nullptr;
177    }
178}
179
180}  // namespace keymaster
181