C++程序  |  194行  |  6.45 KB

/*
 * Copyright 2014 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include "hmac_operation.h"

#include <new>

#include <openssl/evp.h>
#include <openssl/hmac.h>

#include "hmac_key.h"
#include "openssl_err.h"

#if defined(OPENSSL_IS_BORINGSSL)
#include <openssl/mem.h>
typedef size_t openssl_size_t;
#else
typedef int openssl_size_t;
#endif

namespace keymaster {

Operation* HmacOperationFactory::CreateOperation(const Key& key,
                                                 const AuthorizationSet& begin_params,
                                                 keymaster_error_t* error) {
    uint32_t min_mac_length_bits;
    if (!key.authorizations().GetTagValue(TAG_MIN_MAC_LENGTH, &min_mac_length_bits)) {
        LOG_E("HMAC key must have KM_TAG_MIN_MAC_LENGTH", 0);
        *error = KM_ERROR_INVALID_KEY_BLOB;
        return nullptr;
    }

    uint32_t mac_length_bits = UINT32_MAX;
    if (begin_params.GetTagValue(TAG_MAC_LENGTH, &mac_length_bits)) {
        if (purpose() == KM_PURPOSE_VERIFY) {
            LOG_E("MAC length may not be specified for verify", 0);
            *error = KM_ERROR_INVALID_ARGUMENT;
            return nullptr;
        }
    } else {
        if (purpose() == KM_PURPOSE_SIGN) {
            *error = KM_ERROR_MISSING_MAC_LENGTH;
            return nullptr;
        }
    }

    keymaster_digest_t digest;
    if (!key.authorizations().GetTagValue(TAG_DIGEST, &digest)) {
        LOG_E("%d digests found in HMAC key authorizations; must be exactly 1",
              begin_params.GetTagCount(TAG_DIGEST));
        *error = KM_ERROR_INVALID_KEY_BLOB;
        return nullptr;
    }

    const SymmetricKey* symmetric_key = static_cast<const SymmetricKey*>(&key);
    UniquePtr<HmacOperation> op(new (std::nothrow) HmacOperation(
        purpose(), symmetric_key->key_data(), symmetric_key->key_data_size(), digest,
        mac_length_bits / 8, min_mac_length_bits / 8));
    if (!op.get())
        *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
    else
        *error = op->error();

    if (*error != KM_ERROR_OK)
        return nullptr;

    return op.release();
}

static keymaster_digest_t supported_digests[] = {KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
                                                 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
                                                 KM_DIGEST_SHA_2_512};
const keymaster_digest_t* HmacOperationFactory::SupportedDigests(size_t* digest_count) const {
    *digest_count = array_length(supported_digests);
    return supported_digests;
}

HmacOperation::HmacOperation(keymaster_purpose_t purpose, const uint8_t* key_data,
                             size_t key_data_size, keymaster_digest_t digest, size_t mac_length,
                             size_t min_mac_length)
    : Operation(purpose), error_(KM_ERROR_OK), mac_length_(mac_length),
      min_mac_length_(min_mac_length) {
    // Initialize CTX first, so dtor won't crash even if we error out later.
    HMAC_CTX_init(&ctx_);

    const EVP_MD* md = nullptr;
    switch (digest) {
    case KM_DIGEST_NONE:
    case KM_DIGEST_MD5:
        error_ = KM_ERROR_UNSUPPORTED_DIGEST;
        break;
    case KM_DIGEST_SHA1:
        md = EVP_sha1();
        break;
    case KM_DIGEST_SHA_2_224:
        md = EVP_sha224();
        break;
    case KM_DIGEST_SHA_2_256:
        md = EVP_sha256();
        break;
    case KM_DIGEST_SHA_2_384:
        md = EVP_sha384();
        break;
    case KM_DIGEST_SHA_2_512:
        md = EVP_sha512();
        break;
    }

    if (md == nullptr) {
        error_ = KM_ERROR_UNSUPPORTED_DIGEST;
        return;
    }

    if (purpose == KM_PURPOSE_SIGN) {
        if (mac_length > EVP_MD_size(md) || mac_length < kMinHmacLengthBits / 8) {
            error_ = KM_ERROR_UNSUPPORTED_MAC_LENGTH;
            return;
        }
        if (mac_length < min_mac_length) {
            error_ = KM_ERROR_INVALID_MAC_LENGTH;
            return;
        }
    }

    HMAC_Init_ex(&ctx_, key_data, key_data_size, md, NULL /* engine */);
}

HmacOperation::~HmacOperation() {
    HMAC_CTX_cleanup(&ctx_);
}

keymaster_error_t HmacOperation::Begin(const AuthorizationSet& /* input_params */,
                                       AuthorizationSet* /* output_params */) {
    return error_;
}

keymaster_error_t HmacOperation::Update(const AuthorizationSet& /* additional_params */,
                                        const Buffer& input, AuthorizationSet* /* output_params */,
                                        Buffer* /* output */, size_t* input_consumed) {
    if (!HMAC_Update(&ctx_, input.peek_read(), input.available_read()))
        return TranslateLastOpenSslError();
    *input_consumed = input.available_read();
    return KM_ERROR_OK;
}

keymaster_error_t HmacOperation::Abort() {
    return KM_ERROR_OK;
}

keymaster_error_t HmacOperation::Finish(const AuthorizationSet& /* additional_params */,
                                        const Buffer& signature,
                                        AuthorizationSet* /* output_params */, Buffer* output) {
    uint8_t digest[EVP_MAX_MD_SIZE];
    unsigned int digest_len;
    if (!HMAC_Final(&ctx_, digest, &digest_len))
        return TranslateLastOpenSslError();

    switch (purpose()) {
    case KM_PURPOSE_SIGN:
        if (mac_length_ > digest_len)
            return KM_ERROR_UNSUPPORTED_MAC_LENGTH;
        if (!output->reserve(mac_length_) || !output->write(digest, mac_length_))
            return KM_ERROR_MEMORY_ALLOCATION_FAILED;
        return KM_ERROR_OK;
    case KM_PURPOSE_VERIFY: {
        size_t siglen = signature.available_read();
        if (siglen > digest_len || siglen < kMinHmacLengthBits / 8)
            return KM_ERROR_UNSUPPORTED_MAC_LENGTH;
        if (siglen < min_mac_length_)
            return KM_ERROR_INVALID_MAC_LENGTH;
        if (CRYPTO_memcmp(signature.peek_read(), digest, siglen) != 0)
            return KM_ERROR_VERIFICATION_FAILED;
        return KM_ERROR_OK;
    }
    default:
        return KM_ERROR_UNSUPPORTED_PURPOSE;
    }
}

}  // namespace keymaster