• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <utility>
20 
21 #include <openssl/evp.h>
22 
23 #include <hardware/keymaster1.h>
24 
25 #include <keymaster/android_keymaster_utils.h>
26 #include <keymaster/km_openssl/rsa_operation.h>
27 #include <keymaster/legacy_support/keymaster1_engine.h>
28 
29 namespace keymaster {
30 
31 class RsaKeymaster1WrappedOperation {
32   public:
RsaKeymaster1WrappedOperation(keymaster_purpose_t purpose,const Keymaster1Engine * engine)33     RsaKeymaster1WrappedOperation(keymaster_purpose_t purpose, const Keymaster1Engine* engine)
34         : purpose_(purpose), operation_handle_(0), engine_(engine) {}
~RsaKeymaster1WrappedOperation()35     ~RsaKeymaster1WrappedOperation() {
36         if (operation_handle_) Abort();
37     }
38 
39     keymaster_error_t Begin(EVP_PKEY* rsa_key, const AuthorizationSet& input_params);
40     keymaster_error_t PrepareFinish(EVP_PKEY* rsa_key, const AuthorizationSet& input_params);
41     keymaster_error_t Abort();
42 
43     keymaster_error_t GetError(EVP_PKEY* rsa_key);
44 
GetOperationHandle()45     keymaster_operation_handle_t GetOperationHandle() const { return operation_handle_; }
46 
47   protected:
48     keymaster_purpose_t purpose_;
49     keymaster_operation_handle_t operation_handle_;
50     const Keymaster1Engine* engine_;
51 };
52 
53 template <typename BaseOperation> class RsaKeymaster1Operation : public BaseOperation {
54     typedef BaseOperation super;
55 
56   public:
RsaKeymaster1Operation(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,keymaster_digest_t digest,keymaster_padding_t padding,EVP_PKEY * key,const Keymaster1Engine * engine)57     RsaKeymaster1Operation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced,
58                            keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key,
59                            const Keymaster1Engine* engine)
60         : BaseOperation(std::move(hw_enforced), std::move(sw_enforced), digest, padding, key),
61           wrapped_operation_(super::purpose(), engine) {
62         // Shouldn't be instantiated for public key operations.
63         assert(super::purpose() != KM_PURPOSE_VERIFY);
64         assert(super::purpose() != KM_PURPOSE_ENCRYPT);
65     }
66 
Begin(const AuthorizationSet & input_params,AuthorizationSet * output_params)67     keymaster_error_t Begin(const AuthorizationSet& input_params,
68                             AuthorizationSet* output_params) override {
69         keymaster_error_t error = wrapped_operation_.Begin(super::rsa_key_, input_params);
70         if (error != KM_ERROR_OK) return error;
71         return super::Begin(input_params, output_params);
72     }
73 
Finish(const AuthorizationSet & input_params,const Buffer & input,const Buffer & signature,AuthorizationSet * output_params,Buffer * output)74     keymaster_error_t Finish(const AuthorizationSet& input_params, const Buffer& input,
75                              const Buffer& signature, AuthorizationSet* output_params,
76                              Buffer* output) override {
77         keymaster_error_t error = wrapped_operation_.PrepareFinish(super::rsa_key_, input_params);
78         if (error != KM_ERROR_OK) return error;
79         error = super::Finish(input_params, input, signature, output_params, output);
80         if (wrapped_operation_.GetError(super::rsa_key_) != KM_ERROR_OK)
81             error = wrapped_operation_.GetError(super::rsa_key_);
82         return error;
83     }
84 
Abort()85     keymaster_error_t Abort() override {
86         keymaster_error_t error = wrapped_operation_.Abort();
87         if (error != KM_ERROR_OK) return error;
88         return super::Abort();
89     }
90 
operation_handle()91     keymaster_operation_handle_t operation_handle() const override {
92         return wrapped_operation_.GetOperationHandle();
93     }
94 
95   private:
96     RsaKeymaster1WrappedOperation wrapped_operation_;
97 };
98 
99 /**
100  * Factory that produces RsaKeymaster1Operations.  This is instantiated and
101  * provided by RsaKeymaster1KeyFactory.
102  */
103 class RsaKeymaster1OperationFactory : public OperationFactory {
104   public:
RsaKeymaster1OperationFactory(keymaster_purpose_t purpose,const Keymaster1Engine * engine)105     RsaKeymaster1OperationFactory(keymaster_purpose_t purpose, const Keymaster1Engine* engine)
106         : purpose_(purpose), engine_(engine) {}
registry_key()107     KeyType registry_key() const override { return KeyType(KM_ALGORITHM_RSA, purpose_); }
108 
109     OperationPtr CreateOperation(Key&& key, const AuthorizationSet& begin_params,
110                                  keymaster_error_t* error) override;
111 
112     const keymaster_digest_t* SupportedDigests(size_t* digest_count) const override;
113     const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const override;
114 
115   private:
116     keymaster_purpose_t purpose_;
117     const Keymaster1Engine* engine_;
118 };
119 
120 }  // namespace keymaster
121