Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 1406b8af2b1490405557561fc88fb70ae17a6b79 / . / softkeymaster / keymaster_openssl.cpp
blob: f81e844b46e53545865017c7f3fac3f3a7204e50 [file] [log] [blame]
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#include <errno.h>
17#include <string.h>
18#include <stdint.h>
19
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <keystore/keystore.h>
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]21
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]22#include <hardware/hardware.h>
23#include <hardware/keymaster.h>
24
25#include <openssl/evp.h>
26#include <openssl/bio.h>
27#include <openssl/rsa.h>
28#include <openssl/err.h>
29#include <openssl/x509.h>
30
Kenny Root26cfc082013-09-11 14:38:56 -0700[diff] [blame]31#include <UniquePtr.h>
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]32
33// For debugging
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]34// #define LOG_NDEBUG 0
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]35
36#define LOG_TAG "OpenSSLKeyMaster"
37#include <cutils/log.h>
38
39struct BIGNUM_Delete {
40 void operator()(BIGNUM* p) const {
41 BN_free(p);
42 }
43};
44typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
45
46struct EVP_PKEY_Delete {
47 void operator()(EVP_PKEY* p) const {
48 EVP_PKEY_free(p);
49 }
50};
51typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
52
53struct PKCS8_PRIV_KEY_INFO_Delete {
54 void operator()(PKCS8_PRIV_KEY_INFO* p) const {
55 PKCS8_PRIV_KEY_INFO_free(p);
56 }
57};
58typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
59
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]60struct DSA_Delete {
61 void operator()(DSA* p) const {
62 DSA_free(p);
63 }
64};
65typedef UniquePtr<DSA, DSA_Delete> Unique_DSA;
66
67struct EC_KEY_Delete {
68 void operator()(EC_KEY* p) const {
69 EC_KEY_free(p);
70 }
71};
72typedef UniquePtr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY;
73
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]74struct RSA_Delete {
75 void operator()(RSA* p) const {
76 RSA_free(p);
77 }
78};
79typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
80
81typedef UniquePtr<keymaster_device_t> Unique_keymaster_device_t;
82
83/**
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]84 * Many OpenSSL APIs take ownership of an argument on success but
85 * don't free the argument on failure. This means we need to tell our
86 * scoped pointers when we've transferred ownership, without
87 * triggering a warning by not using the result of release().
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]88 */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]89#define OWNERSHIP_TRANSFERRED(obj) \
90 typeof(obj.release()) _dummy __attribute__((unused)) = obj.release()
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]91
92/*
93 * Checks this thread's OpenSSL error queue and logs if
94 * necessary.
95 */
96static void logOpenSSLError(const char* location) {
97 int error = ERR_get_error();
98
99 if (error != 0) {
100 char message[256];
101 ERR_error_string_n(error, message, sizeof(message));
102 ALOGE("OpenSSL error in %s %d: %s", location, error, message);
103 }
104
105 ERR_clear_error();
106 ERR_remove_state(0);
107}
108
109static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlobLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]110 /*
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]111 * Find the length of each size. Public key is not needed anymore
112 * but must be kept for alignment purposes.
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]113 */
114 int publicLen = 0;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]115 int privateLen = i2d_PrivateKey(pkey, NULL);
116
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]117 if (privateLen <= 0) {
118 ALOGE("private key size was too big");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]119 return -1;
120 }
121
122 /* int type + int size + private key data + int size + public key data */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]123 *keyBlobLength = get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + privateLen +
124 sizeof(privateLen) + publicLen;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]125
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]126 UniquePtr<unsigned char> derData(new unsigned char[*keyBlobLength]);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]127 if (derData.get() == NULL) {
128 ALOGE("could not allocate memory for key blob");
129 return -1;
130 }
131 unsigned char* p = derData.get();
132
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]133 /* Write the magic value for software keys. */
134 p = add_softkey_header(p, *keyBlobLength);
135
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]136 /* Write key type to allocated buffer */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]137 for (int i = sizeof(type) - 1; i >= 0; i--) {
138 *p++ = (type >> (8 * i)) & 0xFF;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]139 }
140
141 /* Write public key to allocated buffer */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]142 for (int i = sizeof(publicLen) - 1; i >= 0; i--) {
143 *p++ = (publicLen >> (8 * i)) & 0xFF;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]144 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]145
146 /* Write private key to allocated buffer */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]147 for (int i = sizeof(privateLen) - 1; i >= 0; i--) {
148 *p++ = (privateLen >> (8 * i)) & 0xFF;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]149 }
150 if (i2d_PrivateKey(pkey, &p) != privateLen) {
151 logOpenSSLError("wrap_key");
152 return -1;
153 }
154
155 *keyBlob = derData.release();
156
157 return 0;
158}
159
160static EVP_PKEY* unwrap_key(const uint8_t* keyBlob, const size_t keyBlobLength) {
161 long publicLen = 0;
162 long privateLen = 0;
163 const uint8_t* p = keyBlob;
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]164 const uint8_t* const end = keyBlob + keyBlobLength;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]165
166 if (keyBlob == NULL) {
167 ALOGE("supplied key blob was NULL");
168 return NULL;
169 }
170
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]171 int type = 0;
172 if (keyBlobLength < (get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + 1 +
173 sizeof(privateLen) + 1)) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]174 ALOGE("key blob appears to be truncated");
175 return NULL;
176 }
177
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]178 if (!is_softkey(p, keyBlobLength)) {
179 ALOGE("cannot read key; it was not made by this keymaster");
180 return NULL;
181 }
182 p += get_softkey_header_size();
183
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]184 for (size_t i = 0; i < sizeof(type); i++) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]185 type = (type << 8) | *p++;
186 }
187
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]188 for (size_t i = 0; i < sizeof(type); i++) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]189 publicLen = (publicLen << 8) | *p++;
190 }
191 if (p + publicLen > end) {
Matteo Franchin6489e022013-12-02 14:46:29 +0000[diff] [blame]192 ALOGE("public key length encoding error: size=%ld, end=%td", publicLen, end - p);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]193 return NULL;
194 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]195
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]196 p += publicLen;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]197 if (end - p < 2) {
198 ALOGE("private key truncated");
199 return NULL;
200 }
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]201 for (size_t i = 0; i < sizeof(type); i++) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]202 privateLen = (privateLen << 8) | *p++;
203 }
204 if (p + privateLen > end) {
Matteo Franchin6489e022013-12-02 14:46:29 +0000[diff] [blame]205 ALOGE("private key length encoding error: size=%ld, end=%td", privateLen, end - p);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]206 return NULL;
207 }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]208
209 Unique_EVP_PKEY pkey(EVP_PKEY_new());
210 if (pkey.get() == NULL) {
211 logOpenSSLError("unwrap_key");
212 return NULL;
213 }
214 EVP_PKEY* tmp = pkey.get();
215
216 if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) {
217 logOpenSSLError("unwrap_key");
218 return NULL;
219 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]220
221 return pkey.release();
222}
223
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]224static int generate_dsa_keypair(EVP_PKEY* pkey, const keymaster_dsa_keygen_params_t* dsa_params) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]225 if (dsa_params->key_size < 512) {
226 ALOGI("Requested DSA key size is too small (<512)");
227 return -1;
228 }
229
230 Unique_DSA dsa(DSA_new());
231
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]232 if (dsa_params->generator_len == 0 || dsa_params->prime_p_len == 0 ||
233 dsa_params->prime_q_len == 0 || dsa_params->generator == NULL ||
234 dsa_params->prime_p == NULL || dsa_params->prime_q == NULL) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]235 if (DSA_generate_parameters_ex(dsa.get(), dsa_params->key_size, NULL, 0, NULL, NULL,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]236 NULL) != 1) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]237 logOpenSSLError("generate_dsa_keypair");
238 return -1;
239 }
240 } else {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]241 dsa->g = BN_bin2bn(dsa_params->generator, dsa_params->generator_len, NULL);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]242 if (dsa->g == NULL) {
243 logOpenSSLError("generate_dsa_keypair");
244 return -1;
245 }
246
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]247 dsa->p = BN_bin2bn(dsa_params->prime_p, dsa_params->prime_p_len, NULL);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]248 if (dsa->p == NULL) {
249 logOpenSSLError("generate_dsa_keypair");
250 return -1;
251 }
252
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]253 dsa->q = BN_bin2bn(dsa_params->prime_q, dsa_params->prime_q_len, NULL);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]254 if (dsa->q == NULL) {
255 logOpenSSLError("generate_dsa_keypair");
256 return -1;
257 }
258 }
259
260 if (DSA_generate_key(dsa.get()) != 1) {
261 logOpenSSLError("generate_dsa_keypair");
262 return -1;
263 }
264
265 if (EVP_PKEY_assign_DSA(pkey, dsa.get()) == 0) {
266 logOpenSSLError("generate_dsa_keypair");
267 return -1;
268 }
269 OWNERSHIP_TRANSFERRED(dsa);
270
271 return 0;
272}
273
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]274static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]275 EC_GROUP* group;
276 switch (ec_params->field_size) {
277 case 192:
278 group = EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1);
279 break;
280 case 224:
281 group = EC_GROUP_new_by_curve_name(NID_secp224r1);
282 break;
283 case 256:
284 group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
285 break;
286 case 384:
287 group = EC_GROUP_new_by_curve_name(NID_secp384r1);
288 break;
289 case 521:
290 group = EC_GROUP_new_by_curve_name(NID_secp521r1);
291 break;
292 default:
293 group = NULL;
294 break;
295 }
296
297 if (group == NULL) {
298 logOpenSSLError("generate_ec_keypair");
299 return -1;
300 }
301
302 EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
303 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
304
305 /* initialize EC key */
306 Unique_EC_KEY eckey(EC_KEY_new());
307 if (eckey.get() == NULL) {
308 logOpenSSLError("generate_ec_keypair");
309 return -1;
310 }
311
312 if (EC_KEY_set_group(eckey.get(), group) != 1) {
313 logOpenSSLError("generate_ec_keypair");
314 return -1;
315 }
316
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]317 if (EC_KEY_generate_key(eckey.get()) != 1 || EC_KEY_check_key(eckey.get()) < 0) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]318 logOpenSSLError("generate_ec_keypair");
319 return -1;
320 }
321
322 if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) {
323 logOpenSSLError("generate_ec_keypair");
324 return -1;
325 }
326 OWNERSHIP_TRANSFERRED(eckey);
327
328 return 0;
329}
330
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]331static int generate_rsa_keypair(EVP_PKEY* pkey, const keymaster_rsa_keygen_params_t* rsa_params) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]332 Unique_BIGNUM bn(BN_new());
333 if (bn.get() == NULL) {
334 logOpenSSLError("generate_rsa_keypair");
335 return -1;
336 }
337
338 if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) {
339 logOpenSSLError("generate_rsa_keypair");
340 return -1;
341 }
342
343 /* initialize RSA */
344 Unique_RSA rsa(RSA_new());
345 if (rsa.get() == NULL) {
346 logOpenSSLError("generate_rsa_keypair");
347 return -1;
348 }
349
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]350 if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL) ||
351 RSA_check_key(rsa.get()) < 0) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]352 logOpenSSLError("generate_rsa_keypair");
353 return -1;
354 }
355
356 if (EVP_PKEY_assign_RSA(pkey, rsa.get()) == 0) {
357 logOpenSSLError("generate_rsa_keypair");
358 return -1;
359 }
360 OWNERSHIP_TRANSFERRED(rsa);
361
362 return 0;
363}
364
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]365__attribute__((visibility("default"))) int openssl_generate_keypair(
366 const keymaster_device_t*, const keymaster_keypair_t key_type, const void* key_params,
367 uint8_t** keyBlob, size_t* keyBlobLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]368 Unique_EVP_PKEY pkey(EVP_PKEY_new());
369 if (pkey.get() == NULL) {
370 logOpenSSLError("openssl_generate_keypair");
371 return -1;
372 }
373
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]374 if (key_params == NULL) {
375 ALOGW("key_params == null");
376 return -1;
377 } else if (key_type == TYPE_DSA) {
378 const keymaster_dsa_keygen_params_t* dsa_params =
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]379 (const keymaster_dsa_keygen_params_t*)key_params;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]380 generate_dsa_keypair(pkey.get(), dsa_params);
381 } else if (key_type == TYPE_EC) {
382 const keymaster_ec_keygen_params_t* ec_params =
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]383 (const keymaster_ec_keygen_params_t*)key_params;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]384 generate_ec_keypair(pkey.get(), ec_params);
385 } else if (key_type == TYPE_RSA) {
386 const keymaster_rsa_keygen_params_t* rsa_params =
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]387 (const keymaster_rsa_keygen_params_t*)key_params;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]388 generate_rsa_keypair(pkey.get(), rsa_params);
389 } else {
390 ALOGW("Unsupported key type %d", key_type);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]391 return -1;
392 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]393
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]394 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), keyBlob, keyBlobLength)) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]395 return -1;
396 }
397
398 return 0;
399}
400
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]401__attribute__((visibility("default"))) int openssl_import_keypair(const keymaster_device_t*,
402 const uint8_t* key,
403 const size_t key_length,
404 uint8_t** key_blob,
405 size_t* key_blob_length) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]406 if (key == NULL) {
407 ALOGW("input key == NULL");
408 return -1;
409 } else if (key_blob == NULL || key_blob_length == NULL) {
410 ALOGW("output key blob or length == NULL");
411 return -1;
412 }
413
414 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length));
415 if (pkcs8.get() == NULL) {
416 logOpenSSLError("openssl_import_keypair");
417 return -1;
418 }
419
420 /* assign to EVP */
421 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get()));
422 if (pkey.get() == NULL) {
423 logOpenSSLError("openssl_import_keypair");
424 return -1;
425 }
426 OWNERSHIP_TRANSFERRED(pkcs8);
427
428 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), key_blob, key_blob_length)) {
429 return -1;
430 }
431
432 return 0;
433}
434
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]435__attribute__((visibility("default"))) int openssl_get_keypair_public(
436 const struct keymaster_device*, const uint8_t* key_blob, const size_t key_blob_length,
437 uint8_t** x509_data, size_t* x509_data_length) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]438
439 if (x509_data == NULL || x509_data_length == NULL) {
440 ALOGW("output public key buffer == NULL");
441 return -1;
442 }
443
444 Unique_EVP_PKEY pkey(unwrap_key(key_blob, key_blob_length));
445 if (pkey.get() == NULL) {
446 return -1;
447 }
448
449 int len = i2d_PUBKEY(pkey.get(), NULL);
450 if (len <= 0) {
451 logOpenSSLError("openssl_get_keypair_public");
452 return -1;
453 }
454
455 UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len)));
456 if (key.get() == NULL) {
457 ALOGE("Could not allocate memory for public key data");
458 return -1;
459 }
460
461 unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
462 if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
463 logOpenSSLError("openssl_get_keypair_public");
464 return -1;
465 }
466
467 ALOGV("Length of x509 data is %d", len);
468 *x509_data_length = len;
469 *x509_data = key.release();
470
471 return 0;
472}
473
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]474static int sign_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, const uint8_t* data,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]475 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]476 if (sign_params->digest_type != DIGEST_NONE) {
477 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
478 return -1;
479 }
480
481 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
482 if (dsa.get() == NULL) {
483 logOpenSSLError("openssl_sign_dsa");
484 return -1;
485 }
486
487 unsigned int dsaSize = DSA_size(dsa.get());
488 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dsaSize)));
489 if (signedDataPtr.get() == NULL) {
490 logOpenSSLError("openssl_sign_dsa");
491 return -1;
492 }
493
494 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
495 if (DSA_sign(0, data, dataLength, tmp, &dsaSize, dsa.get()) <= 0) {
496 logOpenSSLError("openssl_sign_dsa");
497 return -1;
498 }
499
500 *signedDataLength = dsaSize;
501 *signedData = signedDataPtr.release();
502
503 return 0;
504}
505
506static int sign_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, const uint8_t* data,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]507 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]508 if (sign_params->digest_type != DIGEST_NONE) {
509 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
510 return -1;
511 }
512
513 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
514 if (eckey.get() == NULL) {
515 logOpenSSLError("openssl_sign_ec");
516 return -1;
517 }
518
519 unsigned int ecdsaSize = ECDSA_size(eckey.get());
520 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(ecdsaSize)));
521 if (signedDataPtr.get() == NULL) {
522 logOpenSSLError("openssl_sign_ec");
523 return -1;
524 }
525
526 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
527 if (ECDSA_sign(0, data, dataLength, tmp, &ecdsaSize, eckey.get()) <= 0) {
528 logOpenSSLError("openssl_sign_ec");
529 return -1;
530 }
531
532 *signedDataLength = ecdsaSize;
533 *signedData = signedDataPtr.release();
534
535 return 0;
536}
537
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]538static int sign_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, const uint8_t* data,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]539 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]540 if (sign_params->digest_type != DIGEST_NONE) {
541 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
542 return -1;
543 } else if (sign_params->padding_type != PADDING_NONE) {
544 ALOGW("Cannot handle padding type %d", sign_params->padding_type);
545 return -1;
546 }
547
548 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
549 if (rsa.get() == NULL) {
550 logOpenSSLError("openssl_sign_rsa");
551 return -1;
552 }
553
554 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dataLength)));
555 if (signedDataPtr.get() == NULL) {
556 logOpenSSLError("openssl_sign_rsa");
557 return -1;
558 }
559
560 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
561 if (RSA_private_encrypt(dataLength, data, tmp, rsa.get(), RSA_NO_PADDING) <= 0) {
562 logOpenSSLError("openssl_sign_rsa");
563 return -1;
564 }
565
566 *signedDataLength = dataLength;
567 *signedData = signedDataPtr.release();
568
569 return 0;
570}
571
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]572__attribute__((visibility("default"))) int openssl_sign_data(
573 const keymaster_device_t*, const void* params, const uint8_t* keyBlob,
574 const size_t keyBlobLength, const uint8_t* data, const size_t dataLength, uint8_t** signedData,
575 size_t* signedDataLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]576 if (data == NULL) {
577 ALOGW("input data to sign == NULL");
578 return -1;
579 } else if (signedData == NULL || signedDataLength == NULL) {
580 ALOGW("output signature buffer == NULL");
581 return -1;
582 }
583
584 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
585 if (pkey.get() == NULL) {
586 return -1;
587 }
588
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]589 int type = EVP_PKEY_type(pkey->type);
590 if (type == EVP_PKEY_DSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]591 const keymaster_dsa_sign_params_t* sign_params =
592 reinterpret_cast<const keymaster_dsa_sign_params_t*>(params);
593 return sign_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params), data,
594 dataLength, signedData, signedDataLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]595 } else if (type == EVP_PKEY_EC) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]596 const keymaster_ec_sign_params_t* sign_params =
597 reinterpret_cast<const keymaster_ec_sign_params_t*>(params);
598 return sign_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params), data,
599 dataLength, signedData, signedDataLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]600 } else if (type == EVP_PKEY_RSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]601 const keymaster_rsa_sign_params_t* sign_params =
602 reinterpret_cast<const keymaster_rsa_sign_params_t*>(params);
603 return sign_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params), data,
604 dataLength, signedData, signedDataLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]605 } else {
606 ALOGW("Unsupported key type");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]607 return -1;
608 }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]609}
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]610
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]611static int verify_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]612 const uint8_t* signedData, const size_t signedDataLength,
613 const uint8_t* signature, const size_t signatureLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]614 if (sign_params->digest_type != DIGEST_NONE) {
615 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
616 return -1;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]617 }
618
619 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
620 if (dsa.get() == NULL) {
621 logOpenSSLError("openssl_verify_dsa");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]622 return -1;
623 }
624
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]625 if (DSA_verify(0, signedData, signedDataLength, signature, signatureLength, dsa.get()) <= 0) {
626 logOpenSSLError("openssl_verify_dsa");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]627 return -1;
628 }
629
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]630 return 0;
631}
632
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]633static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]634 const uint8_t* signedData, const size_t signedDataLength,
635 const uint8_t* signature, const size_t signatureLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]636 if (sign_params->digest_type != DIGEST_NONE) {
637 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]638 return -1;
639 }
640
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]641 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
642 if (eckey.get() == NULL) {
643 logOpenSSLError("openssl_verify_ec");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]644 return -1;
645 }
646
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]647 if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <=
648 0) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]649 logOpenSSLError("openssl_verify_ec");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]650 return -1;
651 }
652
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]653 return 0;
654}
655
656static int verify_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]657 const uint8_t* signedData, const size_t signedDataLength,
658 const uint8_t* signature, const size_t signatureLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]659 if (sign_params->digest_type != DIGEST_NONE) {
660 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
661 return -1;
662 } else if (sign_params->padding_type != PADDING_NONE) {
663 ALOGW("Cannot handle padding type %d", sign_params->padding_type);
664 return -1;
665 } else if (signatureLength != signedDataLength) {
666 ALOGW("signed data length must be signature length");
667 return -1;
668 }
669
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]670 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]671 if (rsa.get() == NULL) {
672 logOpenSSLError("openssl_verify_data");
673 return -1;
674 }
675
676 UniquePtr<uint8_t> dataPtr(reinterpret_cast<uint8_t*>(malloc(signedDataLength)));
677 if (dataPtr.get() == NULL) {
678 logOpenSSLError("openssl_verify_data");
679 return -1;
680 }
681
682 unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get());
683 if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) {
684 logOpenSSLError("openssl_verify_data");
685 return -1;
686 }
687
688 int result = 0;
689 for (size_t i = 0; i < signedDataLength; i++) {
690 result |= tmp[i] ^ signedData[i];
691 }
692
693 return result == 0 ? 0 : -1;
694}
695
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]696__attribute__((visibility("default"))) int openssl_verify_data(
697 const keymaster_device_t*, const void* params, const uint8_t* keyBlob,
698 const size_t keyBlobLength, const uint8_t* signedData, const size_t signedDataLength,
699 const uint8_t* signature, const size_t signatureLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]700
701 if (signedData == NULL || signature == NULL) {
702 ALOGW("data or signature buffers == NULL");
703 return -1;
704 }
705
706 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
707 if (pkey.get() == NULL) {
708 return -1;
709 }
710
711 int type = EVP_PKEY_type(pkey->type);
Kenny Rootb4d2e022013-09-04 13:56:03 -0700[diff] [blame]712 if (type == EVP_PKEY_DSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]713 const keymaster_dsa_sign_params_t* sign_params =
714 reinterpret_cast<const keymaster_dsa_sign_params_t*>(params);
715 return verify_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params),
716 signedData, signedDataLength, signature, signatureLength);
Kenny Rootb4d2e022013-09-04 13:56:03 -0700[diff] [blame]717 } else if (type == EVP_PKEY_RSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]718 const keymaster_rsa_sign_params_t* sign_params =
719 reinterpret_cast<const keymaster_rsa_sign_params_t*>(params);
720 return verify_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params),
721 signedData, signedDataLength, signature, signatureLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]722 } else if (type == EVP_PKEY_EC) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame^]723 const keymaster_ec_sign_params_t* sign_params =
724 reinterpret_cast<const keymaster_ec_sign_params_t*>(params);
725 return verify_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params),
726 signedData, signedDataLength, signature, signatureLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]727 } else {
728 ALOGW("Unsupported key type %d", type);
729 return -1;
730 }
731}