Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / 61902366cc912daacb84dd84c9bada95718e19b7 / . / rsa_operation.cpp
blob: d13a420b49211757204f12aef8195ad334c4f524 [file] [log] [blame]
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]17#include "rsa_operation.h"
18
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]19#include <limits.h>
20
21#include <openssl/err.h>
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]22
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]23#include <keymaster/logger.h>
24
25#include "openssl_err.h"
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]26#include "openssl_utils.h"
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]27#include "rsa_key.h"
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]28
29namespace keymaster {
30
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]31/**
32 * Abstract base for all RSA operation factories. This class exists mainly to centralize some code
33 * common to all RSA operation factories.
34 */
35class RsaOperationFactory : public OperationFactory {
36 public:
37 virtual KeyType registry_key() const { return KeyType(KM_ALGORITHM_RSA, purpose()); }
38 virtual keymaster_purpose_t purpose() const = 0;
39
40 protected:
41 bool GetAndValidatePadding(const Key& key, keymaster_padding_t* padding,
42 keymaster_error_t* error) const;
43 bool GetAndValidateDigest(const Key& key, keymaster_digest_t* digest,
44 keymaster_error_t* error) const;
45 static RSA* GetRsaKey(const Key& key, keymaster_error_t* error);
46};
47
48bool RsaOperationFactory::GetAndValidatePadding(const Key& key, keymaster_padding_t* padding,
49 keymaster_error_t* error) const {
50 *error = KM_ERROR_UNSUPPORTED_PADDING_MODE;
51 if (!key.authorizations().GetTagValue(TAG_PADDING, padding))
52 return false;
53
54 size_t padding_count;
55 const keymaster_padding_t* supported_paddings = SupportedPaddingModes(&padding_count);
56 for (size_t i = 0; i < padding_count; ++i) {
57 if (*padding == supported_paddings[i]) {
58 *error = KM_ERROR_OK;
59 return true;
60 }
61 }
62 return false;
63}
64
65bool RsaOperationFactory::GetAndValidateDigest(const Key& key, keymaster_digest_t* digest,
66 keymaster_error_t* error) const {
67 *error = KM_ERROR_UNSUPPORTED_DIGEST;
68 if (!key.authorizations().GetTagValue(TAG_DIGEST, digest))
69 return false;
70
71 size_t digest_count;
72 const keymaster_digest_t* supported_digests = SupportedDigests(&digest_count);
73 for (size_t i = 0; i < digest_count; ++i) {
74 if (*digest == supported_digests[i]) {
75 *error = KM_ERROR_OK;
76 return true;
77 }
78 }
79 return false;
80}
81
82/* static */
83RSA* RsaOperationFactory::GetRsaKey(const Key& key, keymaster_error_t* error) {
84 const RsaKey* rsa_key = static_cast<const RsaKey*>(&key);
85 assert(rsa_key);
86 if (!rsa_key || !rsa_key->key()) {
87 *error = KM_ERROR_UNKNOWN_ERROR;
88 return NULL;
89 }
Shawn Willden28eed512015-02-25 19:16:36 -0700[diff] [blame]90 RSA_up_ref(rsa_key->key());
91 return rsa_key->key();
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]92}
93
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame^]94static const keymaster_digest_t supported_digests[] = {KM_DIGEST_NONE, KM_DIGEST_SHA_2_256};
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]95static const keymaster_padding_t supported_sig_padding[] = {KM_PAD_NONE};
96
97/**
98 * Abstract base for RSA operations that digest their input (signing and verification). This class
99 * does most of the work of creation of RSA digesting operations, delegating only the actual
100 * operation instantiation.
101 */
102class RsaDigestingOperationFactory : public RsaOperationFactory {
103 public:
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]104 virtual Operation* CreateOperation(const Key& key, keymaster_error_t* error);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]105
106 virtual const keymaster_digest_t* SupportedDigests(size_t* digest_count) const {
107 *digest_count = array_length(supported_digests);
108 return supported_digests;
109 }
110
111 virtual const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const {
112 *padding_mode_count = array_length(supported_sig_padding);
113 return supported_sig_padding;
114 }
115
116 private:
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]117 virtual Operation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding,
118 RSA* key) = 0;
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]119};
120
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]121Operation* RsaDigestingOperationFactory::CreateOperation(const Key& key, keymaster_error_t* error) {
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]122 keymaster_padding_t padding;
123 keymaster_digest_t digest;
124 RSA* rsa;
125 if (!GetAndValidateDigest(key, &digest, error) ||
126 !GetAndValidatePadding(key, &padding, error) || !(rsa = GetRsaKey(key, error)))
127 return NULL;
128
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]129 Operation* op = InstantiateOperation(digest, padding, rsa);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]130 if (!op)
131 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
132 return op;
133}
134
135static const keymaster_padding_t supported_crypt_padding[] = {KM_PAD_RSA_OAEP,
136 KM_PAD_RSA_PKCS1_1_5_ENCRYPT};
137
138/**
139 * Abstract base for en/de-crypting RSA operation factories. This class does most of the work of
140 * creating such operations, delegating only the actual operation instantiation.
141 */
142class RsaCryptingOperationFactory : public RsaOperationFactory {
143 public:
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]144 virtual Operation* CreateOperation(const Key& key, keymaster_error_t* error);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]145
146 virtual const keymaster_padding_t* SupportedPaddingModes(size_t* padding_mode_count) const {
147 *padding_mode_count = array_length(supported_crypt_padding);
148 return supported_crypt_padding;
149 }
150
151 virtual const keymaster_digest_t* SupportedDigests(size_t* digest_count) const {
152 *digest_count = 0;
153 return NULL;
154 }
155
156 private:
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]157 virtual Operation* InstantiateOperation(keymaster_padding_t padding, RSA* key) = 0;
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]158};
159
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]160Operation* RsaCryptingOperationFactory::CreateOperation(const Key& key, keymaster_error_t* error) {
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]161 keymaster_padding_t padding;
162 RSA* rsa;
163 if (!GetAndValidatePadding(key, &padding, error) || !(rsa = GetRsaKey(key, error)))
164 return NULL;
165
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]166 Operation* op = InstantiateOperation(padding, rsa);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]167 if (!op)
168 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
169 return op;
170}
171
172/**
173 * Concrete factory for RSA signing operations.
174 */
175class RsaSigningOperationFactory : public RsaDigestingOperationFactory {
176 public:
177 virtual keymaster_purpose_t purpose() const { return KM_PURPOSE_SIGN; }
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]178 virtual Operation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding,
179 RSA* key) {
180 return new RsaSignOperation(digest, padding, key);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]181 }
182};
183static OperationFactoryRegistry::Registration<RsaSigningOperationFactory> sign_registration;
184
185/**
186 * Concrete factory for RSA signing operations.
187 */
188class RsaVerificationOperationFactory : public RsaDigestingOperationFactory {
189 virtual keymaster_purpose_t purpose() const { return KM_PURPOSE_VERIFY; }
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]190 virtual Operation* InstantiateOperation(keymaster_digest_t digest, keymaster_padding_t padding,
191 RSA* key) {
192 return new RsaVerifyOperation(digest, padding, key);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]193 }
194};
195static OperationFactoryRegistry::Registration<RsaVerificationOperationFactory> verify_registration;
196
197/**
198 * Concrete factory for RSA signing operations.
199 */
200class RsaEncryptionOperationFactory : public RsaCryptingOperationFactory {
201 virtual keymaster_purpose_t purpose() const { return KM_PURPOSE_ENCRYPT; }
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]202 virtual Operation* InstantiateOperation(keymaster_padding_t padding, RSA* key) {
203 return new RsaEncryptOperation(padding, key);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]204 }
205};
206static OperationFactoryRegistry::Registration<RsaEncryptionOperationFactory> encrypt_registration;
207
208/**
209 * Concrete factory for RSA signing operations.
210 */
211class RsaDecryptionOperationFactory : public RsaCryptingOperationFactory {
212 virtual keymaster_purpose_t purpose() const { return KM_PURPOSE_DECRYPT; }
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]213 virtual Operation* InstantiateOperation(keymaster_padding_t padding, RSA* key) {
214 return new RsaDecryptOperation(padding, key);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]215 }
216};
217
218static OperationFactoryRegistry::Registration<RsaDecryptionOperationFactory> decrypt_registration;
219
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]220struct RSA_Delete {
221 void operator()(RSA* p) const { RSA_free(p); }
222};
223
224RsaOperation::~RsaOperation() {
225 if (rsa_key_ != NULL)
226 RSA_free(rsa_key_);
227}
228
Shawn Willden6bfbff02015-02-06 19:48:24 -0700[diff] [blame]229keymaster_error_t RsaOperation::Update(const AuthorizationSet& /* additional_params */,
230 const Buffer& input, Buffer* /* output */,
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]231 size_t* input_consumed) {
232 assert(input_consumed);
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]233 switch (purpose()) {
234 default:
235 return KM_ERROR_UNIMPLEMENTED;
236 case KM_PURPOSE_SIGN:
237 case KM_PURPOSE_VERIFY:
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]238 case KM_PURPOSE_ENCRYPT:
239 case KM_PURPOSE_DECRYPT:
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]240 return StoreData(input, input_consumed);
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]241 }
242}
243
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]244keymaster_error_t RsaOperation::StoreData(const Buffer& input, size_t* input_consumed) {
245 assert(input_consumed);
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]246 if (!data_.reserve(data_.available_read() + input.available_read()) ||
247 !data_.write(input.peek_read(), input.available_read()))
248 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]249 *input_consumed = input.available_read();
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]250 return KM_ERROR_OK;
251}
252
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame^]253RsaDigestingOperation::RsaDigestingOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
254 keymaster_padding_t padding, RSA* key)
255 : RsaOperation(purpose, padding, key), digest_(digest), digest_algorithm_(NULL) {
256 EVP_MD_CTX_init(&digest_ctx_);
257}
258RsaDigestingOperation::~RsaDigestingOperation() {
259 EVP_MD_CTX_cleanup(&digest_ctx_);
260}
261
262keymaster_error_t RsaDigestingOperation::Begin(const AuthorizationSet& /* input_params */,
263 AuthorizationSet* /* output_params */) {
264 if (digest_ == KM_DIGEST_NONE)
265 return KM_ERROR_OK;
266
267 // TODO(swillden): Factor out EVP_MD selection. It will be done for many operations.
268 switch (digest_) {
269 case KM_DIGEST_SHA_2_256:
270 digest_algorithm_ = EVP_sha256();
271 break;
272 default:
273 return KM_ERROR_UNSUPPORTED_DIGEST;
274 }
275
276 if (!EVP_DigestInit_ex(&digest_ctx_, digest_algorithm_, NULL /* engine */)) {
277 int err = ERR_get_error();
278 LOG_E("Failed to initialize digest: %d %s", err, ERR_error_string(err, NULL));
279 return KM_ERROR_UNKNOWN_ERROR;
280 }
281
282 return KM_ERROR_OK;
283}
284
285keymaster_error_t RsaDigestingOperation::Update(const AuthorizationSet& additional_params,
286 const Buffer& input, Buffer* output,
287 size_t* input_consumed) {
288 if (digest_ == KM_DIGEST_NONE)
289 return RsaOperation::Update(additional_params, input, output, input_consumed);
290 if (!EVP_DigestUpdate(&digest_ctx_, input.peek_read(), input.available_read())) {
291 int err = ERR_get_error();
292 LOG_E("Failed to update digest: %d %s", err, ERR_error_string(err, NULL));
293 return KM_ERROR_UNKNOWN_ERROR;
294 }
295 *input_consumed = input.available_read();
296 return KM_ERROR_OK;
297}
298
299uint8_t* RsaDigestingOperation::FinishDigest(unsigned* digest_size) {
300 assert(digest_algorithm_ != NULL);
301 UniquePtr<uint8_t[]> digest(new uint8_t[EVP_MAX_MD_SIZE]);
302 if (!EVP_DigestFinal_ex(&digest_ctx_, digest.get(), digest_size)) {
303 int err = ERR_get_error();
304 LOG_E("Failed to finalize digest: %d %s", err, ERR_error_string(err, NULL));
305 return NULL;
306 }
307 assert(*digest_size == static_cast<unsigned>(EVP_MD_size(digest_algorithm_)));
308 return digest.release();
309}
310
Shawn Willden6bfbff02015-02-06 19:48:24 -0700[diff] [blame]311keymaster_error_t RsaSignOperation::Finish(const AuthorizationSet& /* additional_params */,
312 const Buffer& /* signature */, Buffer* output) {
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]313 assert(output);
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]314 output->Reinitialize(RSA_size(rsa_key_));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame^]315
316 int bytes_encrypted =
317 (digest_ == KM_DIGEST_NONE) ? SignUndigested(output) : SignDigested(output);
318
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]319 if (bytes_encrypted < 0)
320 return KM_ERROR_UNKNOWN_ERROR;
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame^]321
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]322 assert(bytes_encrypted == RSA_size(rsa_key_));
323 output->advance_write(bytes_encrypted);
324 return KM_ERROR_OK;
325}
326
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame^]327int RsaSignOperation::SignUndigested(Buffer* output) {
328 return RSA_private_encrypt(data_.available_read(), data_.peek_read(), output->peek_write(),
329 rsa_key_, RSA_NO_PADDING);
330}
331
332int RsaSignOperation::SignDigested(Buffer* output) {
333 unsigned digest_size = 0;
334 UniquePtr<uint8_t[]> digest(FinishDigest(&digest_size));
335 if (!digest.get())
336 return KM_ERROR_UNKNOWN_ERROR;
337 return RSA_private_encrypt(digest_size, digest.get(), output->peek_write(), rsa_key_,
338 RSA_NO_PADDING);
339}
340
Shawn Willden6bfbff02015-02-06 19:48:24 -0700[diff] [blame]341keymaster_error_t RsaVerifyOperation::Finish(const AuthorizationSet& /* additional_params */,
342 const Buffer& signature, Buffer* /* output */) {
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]343 UniquePtr<uint8_t[]> decrypted_data(new uint8_t[RSA_size(rsa_key_)]);
344 int bytes_decrypted = RSA_public_decrypt(signature.available_read(), signature.peek_read(),
345 decrypted_data.get(), rsa_key_, RSA_NO_PADDING);
346 if (bytes_decrypted < 0)
347 return KM_ERROR_UNKNOWN_ERROR;
348 assert(bytes_decrypted == RSA_size(rsa_key_));
349
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame^]350 if (digest_ == KM_DIGEST_NONE) {
351 if (data_.available_read() != signature.available_read())
352 return KM_ERROR_VERIFICATION_FAILED;
353 return VerifyUndigested(decrypted_data.get());
354 }
355 return VerifyDigested(decrypted_data.get());
356}
357
358keymaster_error_t RsaVerifyOperation::VerifyUndigested(uint8_t* decrypted_data) {
359#if defined(OPENSSL_IS_BORINGSSL)
360 size_t message_size = data_.available_read();
361#else
362 if (data_.available_read() > INT_MAX)
363 return KM_ERROR_INVALID_INPUT_LENGTH;
364 int message_size = (int)data_.available_read();
365#endif
366 if (message_size != RSA_size(rsa_key_))
367 return KM_ERROR_INVALID_INPUT_LENGTH;
368
369 if (memcmp_s(decrypted_data, data_.peek_read(), data_.available_read()) == 0)
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]370 return KM_ERROR_OK;
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame^]371
372 return KM_ERROR_VERIFICATION_FAILED;
373}
374
375keymaster_error_t RsaVerifyOperation::VerifyDigested(uint8_t* decrypted_data) {
376 unsigned digest_size = 0;
377 UniquePtr<uint8_t[]> digest(FinishDigest(&digest_size));
378 if (!digest.get())
379 return KM_ERROR_UNKNOWN_ERROR;
380
381 if (memcmp_s(decrypted_data, digest.get(), digest_size) == 0)
382 return KM_ERROR_OK;
383
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]384 return KM_ERROR_VERIFICATION_FAILED;
385}
386
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]387const int OAEP_PADDING_OVERHEAD = 41;
388const int PKCS1_PADDING_OVERHEAD = 11;
389
Shawn Willden6bfbff02015-02-06 19:48:24 -0700[diff] [blame]390keymaster_error_t RsaEncryptOperation::Finish(const AuthorizationSet& /* additional_params */,
391 const Buffer& /* signature */, Buffer* output) {
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]392 assert(output);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]393 int openssl_padding;
394
395#if defined(OPENSSL_IS_BORINGSSL)
396 size_t message_size = data_.available_read();
397#else
398 if (data_.available_read() > INT_MAX)
399 return KM_ERROR_INVALID_INPUT_LENGTH;
400 int message_size = (int)data_.available_read();
401#endif
402
403 switch (padding_) {
404 case KM_PAD_RSA_OAEP:
405 openssl_padding = RSA_PKCS1_OAEP_PADDING;
406 if (message_size >= RSA_size(rsa_key_) - OAEP_PADDING_OVERHEAD) {
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]407 LOG_E("Cannot encrypt %d bytes with %d-byte key and OAEP padding",
408 data_.available_read(), RSA_size(rsa_key_));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]409 return KM_ERROR_INVALID_INPUT_LENGTH;
410 }
411 break;
412 case KM_PAD_RSA_PKCS1_1_5_ENCRYPT:
413 openssl_padding = RSA_PKCS1_PADDING;
414 if (message_size >= RSA_size(rsa_key_) - PKCS1_PADDING_OVERHEAD) {
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]415 LOG_E("Cannot encrypt %d bytes with %d-byte key and PKCS1 padding",
416 data_.available_read(), RSA_size(rsa_key_));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]417 return KM_ERROR_INVALID_INPUT_LENGTH;
418 }
419 break;
420 default:
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]421 LOG_E("Padding mode %d not supported", padding_);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]422 return KM_ERROR_UNSUPPORTED_PADDING_MODE;
423 }
424
425 output->Reinitialize(RSA_size(rsa_key_));
426 int bytes_encrypted = RSA_public_encrypt(data_.available_read(), data_.peek_read(),
427 output->peek_write(), rsa_key_, openssl_padding);
428
429 if (bytes_encrypted < 0) {
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]430 LOG_E("Error %d encrypting data with RSA", ERR_get_error());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]431 return KM_ERROR_UNKNOWN_ERROR;
432 }
433 assert(bytes_encrypted == RSA_size(rsa_key_));
434 output->advance_write(bytes_encrypted);
435
436 return KM_ERROR_OK;
437}
438
Shawn Willden6bfbff02015-02-06 19:48:24 -0700[diff] [blame]439keymaster_error_t RsaDecryptOperation::Finish(const AuthorizationSet& /* additional_params */,
440 const Buffer& /* signature */, Buffer* output) {
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]441 assert(output);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]442 int openssl_padding;
443 switch (padding_) {
444 case KM_PAD_RSA_OAEP:
445 openssl_padding = RSA_PKCS1_OAEP_PADDING;
446 break;
447 case KM_PAD_RSA_PKCS1_1_5_ENCRYPT:
448 openssl_padding = RSA_PKCS1_PADDING;
449 break;
450 default:
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]451 LOG_E("Padding mode %d not supported", padding_);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]452 return KM_ERROR_UNSUPPORTED_PADDING_MODE;
453 }
454
455 output->Reinitialize(RSA_size(rsa_key_));
456 int bytes_decrypted = RSA_private_decrypt(data_.available_read(), data_.peek_read(),
457 output->peek_write(), rsa_key_, openssl_padding);
458
459 if (bytes_decrypted < 0) {
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]460 LOG_E("Error %d decrypting data with RSA", ERR_get_error());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]461 return KM_ERROR_UNKNOWN_ERROR;
462 }
463 output->advance_write(bytes_decrypted);
464
465 return KM_ERROR_OK;
466}
467
Shawn Willden0a4df7e2014-08-28 16:09:05 -0600[diff] [blame]468} // namespace keymaster