1*789431f2SAndroid Build Coastguard Worker /* 2*789431f2SAndroid Build Coastguard Worker * Copyright 2014 The Android Open Source Project 3*789431f2SAndroid Build Coastguard Worker * 4*789431f2SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*789431f2SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*789431f2SAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*789431f2SAndroid Build Coastguard Worker * 8*789431f2SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*789431f2SAndroid Build Coastguard Worker * 10*789431f2SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*789431f2SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*789431f2SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*789431f2SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*789431f2SAndroid Build Coastguard Worker * limitations under the License. 15*789431f2SAndroid Build Coastguard Worker */ 16*789431f2SAndroid Build Coastguard Worker 17*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/rsa_key.h> 18*789431f2SAndroid Build Coastguard Worker 19*789431f2SAndroid Build Coastguard Worker #include <keymaster/keymaster_context.h> 20*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/openssl_err.h> 21*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/openssl_utils.h> 22*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/rsa_operation.h> 23*789431f2SAndroid Build Coastguard Worker 24*789431f2SAndroid Build Coastguard Worker namespace keymaster { 25*789431f2SAndroid Build Coastguard Worker EvpToInternal(const EVP_PKEY * pkey)26*789431f2SAndroid Build Coastguard Workerbool RsaKey::EvpToInternal(const EVP_PKEY* pkey) { 27*789431f2SAndroid Build Coastguard Worker rsa_key_.reset(EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(pkey))); 28*789431f2SAndroid Build Coastguard Worker return rsa_key_.get() != nullptr; 29*789431f2SAndroid Build Coastguard Worker } 30*789431f2SAndroid Build Coastguard Worker InternalToEvp() const31*789431f2SAndroid Build Coastguard WorkerEVP_PKEY_Ptr RsaKey::InternalToEvp() const { 32*789431f2SAndroid Build Coastguard Worker EVP_PKEY_Ptr pkey(EVP_PKEY_new()); 33*789431f2SAndroid Build Coastguard Worker if (pkey.get() != nullptr) { 34*789431f2SAndroid Build Coastguard Worker if (EVP_PKEY_set1_RSA(pkey.get(), rsa_key_.get()) != 1) { 35*789431f2SAndroid Build Coastguard Worker return {}; 36*789431f2SAndroid Build Coastguard Worker } 37*789431f2SAndroid Build Coastguard Worker } 38*789431f2SAndroid Build Coastguard Worker return pkey; 39*789431f2SAndroid Build Coastguard Worker } 40*789431f2SAndroid Build Coastguard Worker SupportedMode(keymaster_purpose_t purpose,keymaster_padding_t padding)41*789431f2SAndroid Build Coastguard Workerbool RsaKey::SupportedMode(keymaster_purpose_t purpose, keymaster_padding_t padding) { 42*789431f2SAndroid Build Coastguard Worker switch (purpose) { 43*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_ATTEST_KEY: 44*789431f2SAndroid Build Coastguard Worker return true; 45*789431f2SAndroid Build Coastguard Worker 46*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_SIGN: 47*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_VERIFY: 48*789431f2SAndroid Build Coastguard Worker return padding == KM_PAD_NONE || padding == KM_PAD_RSA_PSS || 49*789431f2SAndroid Build Coastguard Worker padding == KM_PAD_RSA_PKCS1_1_5_SIGN; 50*789431f2SAndroid Build Coastguard Worker 51*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_ENCRYPT: 52*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_DECRYPT: 53*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_WRAP: 54*789431f2SAndroid Build Coastguard Worker return padding == KM_PAD_RSA_OAEP || padding == KM_PAD_RSA_PKCS1_1_5_ENCRYPT; 55*789431f2SAndroid Build Coastguard Worker 56*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_DERIVE_KEY: 57*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_AGREE_KEY: 58*789431f2SAndroid Build Coastguard Worker return false; 59*789431f2SAndroid Build Coastguard Worker }; 60*789431f2SAndroid Build Coastguard Worker return false; 61*789431f2SAndroid Build Coastguard Worker } 62*789431f2SAndroid Build Coastguard Worker SupportedMode(keymaster_purpose_t purpose,keymaster_digest_t digest)63*789431f2SAndroid Build Coastguard Workerbool RsaKey::SupportedMode(keymaster_purpose_t purpose, keymaster_digest_t digest) { 64*789431f2SAndroid Build Coastguard Worker switch (purpose) { 65*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_ATTEST_KEY: 66*789431f2SAndroid Build Coastguard Worker return true; 67*789431f2SAndroid Build Coastguard Worker 68*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_SIGN: 69*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_VERIFY: 70*789431f2SAndroid Build Coastguard Worker return digest == KM_DIGEST_NONE || digest == KM_DIGEST_SHA_2_256; 71*789431f2SAndroid Build Coastguard Worker 72*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_ENCRYPT: 73*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_DECRYPT: 74*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_WRAP: 75*789431f2SAndroid Build Coastguard Worker /* Don't care */ 76*789431f2SAndroid Build Coastguard Worker break; 77*789431f2SAndroid Build Coastguard Worker 78*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_DERIVE_KEY: 79*789431f2SAndroid Build Coastguard Worker case KM_PURPOSE_AGREE_KEY: 80*789431f2SAndroid Build Coastguard Worker return false; 81*789431f2SAndroid Build Coastguard Worker }; 82*789431f2SAndroid Build Coastguard Worker return true; 83*789431f2SAndroid Build Coastguard Worker } 84*789431f2SAndroid Build Coastguard Worker 85*789431f2SAndroid Build Coastguard Worker } // namespace keymaster 86