Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 6071179a371fcd4c238375068ffd7d3cedea615d / . / softkeymaster / keymaster_openssl.cpp
blob: 19ec9993d2a467fbaca37478549630492be43f9c [file] [log] [blame]
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#include <errno.h>
17#include <string.h>
18#include <stdint.h>
19
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <keystore/keystore.h>
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]21
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]22#include <hardware/hardware.h>
23#include <hardware/keymaster.h>
24
25#include <openssl/evp.h>
26#include <openssl/bio.h>
27#include <openssl/rsa.h>
28#include <openssl/err.h>
29#include <openssl/x509.h>
30
Colin Cross98c2f8f2012-03-28 09:44:09 -0700[diff] [blame]31#include <utils/UniquePtr.h>
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]32
33// For debugging
34//#define LOG_NDEBUG 0
35
36#define LOG_TAG "OpenSSLKeyMaster"
37#include <cutils/log.h>
38
39struct BIGNUM_Delete {
40 void operator()(BIGNUM* p) const {
41 BN_free(p);
42 }
43};
44typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
45
46struct EVP_PKEY_Delete {
47 void operator()(EVP_PKEY* p) const {
48 EVP_PKEY_free(p);
49 }
50};
51typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
52
53struct PKCS8_PRIV_KEY_INFO_Delete {
54 void operator()(PKCS8_PRIV_KEY_INFO* p) const {
55 PKCS8_PRIV_KEY_INFO_free(p);
56 }
57};
58typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
59
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]60struct DSA_Delete {
61 void operator()(DSA* p) const {
62 DSA_free(p);
63 }
64};
65typedef UniquePtr<DSA, DSA_Delete> Unique_DSA;
66
67struct EC_KEY_Delete {
68 void operator()(EC_KEY* p) const {
69 EC_KEY_free(p);
70 }
71};
72typedef UniquePtr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY;
73
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]74struct RSA_Delete {
75 void operator()(RSA* p) const {
76 RSA_free(p);
77 }
78};
79typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
80
81typedef UniquePtr<keymaster_device_t> Unique_keymaster_device_t;
82
83/**
84 * Many OpenSSL APIs take ownership of an argument on success but don't free the argument
85 * on failure. This means we need to tell our scoped pointers when we've transferred ownership,
86 * without triggering a warning by not using the result of release().
87 */
88#define OWNERSHIP_TRANSFERRED(obj) \
89 typeof (obj.release()) _dummy __attribute__((unused)) = obj.release()
90
91
92/*
93 * Checks this thread's OpenSSL error queue and logs if
94 * necessary.
95 */
96static void logOpenSSLError(const char* location) {
97 int error = ERR_get_error();
98
99 if (error != 0) {
100 char message[256];
101 ERR_error_string_n(error, message, sizeof(message));
102 ALOGE("OpenSSL error in %s %d: %s", location, error, message);
103 }
104
105 ERR_clear_error();
106 ERR_remove_state(0);
107}
108
109static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlobLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]110 /*
111 * Find the length of each size. Public key is not needed anymore but must be kept for
112 * alignment purposes.
113 */
114 int publicLen = 0;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]115 int privateLen = i2d_PrivateKey(pkey, NULL);
116
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]117 if (privateLen <= 0) {
118 ALOGE("private key size was too big");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]119 return -1;
120 }
121
122 /* int type + int size + private key data + int size + public key data */
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]123 *keyBlobLength = get_softkey_header_size() + sizeof(int) + sizeof(int) + privateLen
124 + sizeof(int) + publicLen;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]125
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]126 UniquePtr<unsigned char> derData(new unsigned char[*keyBlobLength]);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]127 if (derData.get() == NULL) {
128 ALOGE("could not allocate memory for key blob");
129 return -1;
130 }
131 unsigned char* p = derData.get();
132
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]133 /* Write the magic value for software keys. */
134 p = add_softkey_header(p, *keyBlobLength);
135
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]136 /* Write key type to allocated buffer */
137 for (int i = sizeof(int) - 1; i >= 0; i--) {
138 *p++ = (type >> (8*i)) & 0xFF;
139 }
140
141 /* Write public key to allocated buffer */
142 for (int i = sizeof(int) - 1; i >= 0; i--) {
143 *p++ = (publicLen >> (8*i)) & 0xFF;
144 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]145
146 /* Write private key to allocated buffer */
147 for (int i = sizeof(int) - 1; i >= 0; i--) {
148 *p++ = (privateLen >> (8*i)) & 0xFF;
149 }
150 if (i2d_PrivateKey(pkey, &p) != privateLen) {
151 logOpenSSLError("wrap_key");
152 return -1;
153 }
154
155 *keyBlob = derData.release();
156
157 return 0;
158}
159
160static EVP_PKEY* unwrap_key(const uint8_t* keyBlob, const size_t keyBlobLength) {
161 long publicLen = 0;
162 long privateLen = 0;
163 const uint8_t* p = keyBlob;
164 const uint8_t *const end = keyBlob + keyBlobLength;
165
166 if (keyBlob == NULL) {
167 ALOGE("supplied key blob was NULL");
168 return NULL;
169 }
170
171 // Should be large enough for:
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]172 // int32 magic, int32 type, int32 pubLen, char* pub, int32 privLen, char* priv
173 if (keyBlobLength < (get_softkey_header_size() + sizeof(int) + sizeof(int) + 1
174 + sizeof(int) + 1)) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]175 ALOGE("key blob appears to be truncated");
176 return NULL;
177 }
178
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]179 if (!is_softkey(p, keyBlobLength)) {
180 ALOGE("cannot read key; it was not made by this keymaster");
181 return NULL;
182 }
183 p += get_softkey_header_size();
184
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]185 int type = 0;
186 for (size_t i = 0; i < sizeof(int); i++) {
187 type = (type << 8) | *p++;
188 }
189
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]190 for (size_t i = 0; i < sizeof(int); i++) {
191 publicLen = (publicLen << 8) | *p++;
192 }
193 if (p + publicLen > end) {
194 ALOGE("public key length encoding error: size=%ld, end=%d", publicLen, end - p);
195 return NULL;
196 }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]197 const uint8_t *pubKey = p;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]198
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]199 p += publicLen;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]200 if (end - p < 2) {
201 ALOGE("private key truncated");
202 return NULL;
203 }
204 for (size_t i = 0; i < sizeof(int); i++) {
205 privateLen = (privateLen << 8) | *p++;
206 }
207 if (p + privateLen > end) {
208 ALOGE("private key length encoding error: size=%ld, end=%d", privateLen, end - p);
209 return NULL;
210 }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]211
212 Unique_EVP_PKEY pkey(EVP_PKEY_new());
213 if (pkey.get() == NULL) {
214 logOpenSSLError("unwrap_key");
215 return NULL;
216 }
217 EVP_PKEY* tmp = pkey.get();
218
219 if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) {
220 logOpenSSLError("unwrap_key");
221 return NULL;
222 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]223
224 return pkey.release();
225}
226
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]227static int generate_dsa_keypair(EVP_PKEY* pkey, const keymaster_dsa_keygen_params_t* dsa_params)
228{
229 if (dsa_params->key_size < 512) {
230 ALOGI("Requested DSA key size is too small (<512)");
231 return -1;
232 }
233
234 Unique_DSA dsa(DSA_new());
235
236 if (dsa_params->generator_len == 0 ||
237 dsa_params->prime_p_len == 0 ||
238 dsa_params->prime_q_len == 0 ||
239 dsa_params->generator == NULL||
240 dsa_params->prime_p == NULL ||
241 dsa_params->prime_q == NULL) {
242 if (DSA_generate_parameters_ex(dsa.get(), dsa_params->key_size, NULL, 0, NULL, NULL,
243 NULL) != 1) {
244 logOpenSSLError("generate_dsa_keypair");
245 return -1;
246 }
247 } else {
248 dsa->g = BN_bin2bn(dsa_params->generator,
249 dsa_params->generator_len,
250 NULL);
251 if (dsa->g == NULL) {
252 logOpenSSLError("generate_dsa_keypair");
253 return -1;
254 }
255
256 dsa->p = BN_bin2bn(dsa_params->prime_p,
257 dsa_params->prime_p_len,
258 NULL);
259 if (dsa->p == NULL) {
260 logOpenSSLError("generate_dsa_keypair");
261 return -1;
262 }
263
264 dsa->q = BN_bin2bn(dsa_params->prime_q,
265 dsa_params->prime_q_len,
266 NULL);
267 if (dsa->q == NULL) {
268 logOpenSSLError("generate_dsa_keypair");
269 return -1;
270 }
271 }
272
273 if (DSA_generate_key(dsa.get()) != 1) {
274 logOpenSSLError("generate_dsa_keypair");
275 return -1;
276 }
277
278 if (EVP_PKEY_assign_DSA(pkey, dsa.get()) == 0) {
279 logOpenSSLError("generate_dsa_keypair");
280 return -1;
281 }
282 OWNERSHIP_TRANSFERRED(dsa);
283
284 return 0;
285}
286
287static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params)
288{
289 EC_GROUP* group;
290 switch (ec_params->field_size) {
291 case 192:
292 group = EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1);
293 break;
294 case 224:
295 group = EC_GROUP_new_by_curve_name(NID_secp224r1);
296 break;
297 case 256:
298 group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
299 break;
300 case 384:
301 group = EC_GROUP_new_by_curve_name(NID_secp384r1);
302 break;
303 case 521:
304 group = EC_GROUP_new_by_curve_name(NID_secp521r1);
305 break;
306 default:
307 group = NULL;
308 break;
309 }
310
311 if (group == NULL) {
312 logOpenSSLError("generate_ec_keypair");
313 return -1;
314 }
315
316 EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
317 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
318
319 /* initialize EC key */
320 Unique_EC_KEY eckey(EC_KEY_new());
321 if (eckey.get() == NULL) {
322 logOpenSSLError("generate_ec_keypair");
323 return -1;
324 }
325
326 if (EC_KEY_set_group(eckey.get(), group) != 1) {
327 logOpenSSLError("generate_ec_keypair");
328 return -1;
329 }
330
331 if (EC_KEY_generate_key(eckey.get()) != 1
332 || EC_KEY_check_key(eckey.get()) < 0) {
333 logOpenSSLError("generate_ec_keypair");
334 return -1;
335 }
336
337 if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) {
338 logOpenSSLError("generate_ec_keypair");
339 return -1;
340 }
341 OWNERSHIP_TRANSFERRED(eckey);
342
343 return 0;
344}
345
346static int generate_rsa_keypair(EVP_PKEY* pkey, const keymaster_rsa_keygen_params_t* rsa_params)
347{
348 Unique_BIGNUM bn(BN_new());
349 if (bn.get() == NULL) {
350 logOpenSSLError("generate_rsa_keypair");
351 return -1;
352 }
353
354 if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) {
355 logOpenSSLError("generate_rsa_keypair");
356 return -1;
357 }
358
359 /* initialize RSA */
360 Unique_RSA rsa(RSA_new());
361 if (rsa.get() == NULL) {
362 logOpenSSLError("generate_rsa_keypair");
363 return -1;
364 }
365
366 if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL)
367 || RSA_check_key(rsa.get()) < 0) {
368 logOpenSSLError("generate_rsa_keypair");
369 return -1;
370 }
371
372 if (EVP_PKEY_assign_RSA(pkey, rsa.get()) == 0) {
373 logOpenSSLError("generate_rsa_keypair");
374 return -1;
375 }
376 OWNERSHIP_TRANSFERRED(rsa);
377
378 return 0;
379}
380
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]381static int openssl_generate_keypair(const keymaster_device_t* dev,
382 const keymaster_keypair_t key_type, const void* key_params,
383 uint8_t** keyBlob, size_t* keyBlobLength) {
384 ssize_t privateLen, publicLen;
385
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]386 Unique_EVP_PKEY pkey(EVP_PKEY_new());
387 if (pkey.get() == NULL) {
388 logOpenSSLError("openssl_generate_keypair");
389 return -1;
390 }
391
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]392 if (key_params == NULL) {
393 ALOGW("key_params == null");
394 return -1;
395 } else if (key_type == TYPE_DSA) {
396 const keymaster_dsa_keygen_params_t* dsa_params =
397 (const keymaster_dsa_keygen_params_t*) key_params;
398 generate_dsa_keypair(pkey.get(), dsa_params);
399 } else if (key_type == TYPE_EC) {
400 const keymaster_ec_keygen_params_t* ec_params =
401 (const keymaster_ec_keygen_params_t*) key_params;
402 generate_ec_keypair(pkey.get(), ec_params);
403 } else if (key_type == TYPE_RSA) {
404 const keymaster_rsa_keygen_params_t* rsa_params =
405 (const keymaster_rsa_keygen_params_t*) key_params;
406 generate_rsa_keypair(pkey.get(), rsa_params);
407 } else {
408 ALOGW("Unsupported key type %d", key_type);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]409 return -1;
410 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]411
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]412 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), keyBlob, keyBlobLength)) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]413 return -1;
414 }
415
416 return 0;
417}
418
419static int openssl_import_keypair(const keymaster_device_t* dev,
420 const uint8_t* key, const size_t key_length,
421 uint8_t** key_blob, size_t* key_blob_length) {
422 int response = -1;
423
424 if (key == NULL) {
425 ALOGW("input key == NULL");
426 return -1;
427 } else if (key_blob == NULL || key_blob_length == NULL) {
428 ALOGW("output key blob or length == NULL");
429 return -1;
430 }
431
432 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length));
433 if (pkcs8.get() == NULL) {
434 logOpenSSLError("openssl_import_keypair");
435 return -1;
436 }
437
438 /* assign to EVP */
439 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get()));
440 if (pkey.get() == NULL) {
441 logOpenSSLError("openssl_import_keypair");
442 return -1;
443 }
444 OWNERSHIP_TRANSFERRED(pkcs8);
445
446 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), key_blob, key_blob_length)) {
447 return -1;
448 }
449
450 return 0;
451}
452
453static int openssl_get_keypair_public(const struct keymaster_device* dev,
454 const uint8_t* key_blob, const size_t key_blob_length,
455 uint8_t** x509_data, size_t* x509_data_length) {
456
457 if (x509_data == NULL || x509_data_length == NULL) {
458 ALOGW("output public key buffer == NULL");
459 return -1;
460 }
461
462 Unique_EVP_PKEY pkey(unwrap_key(key_blob, key_blob_length));
463 if (pkey.get() == NULL) {
464 return -1;
465 }
466
467 int len = i2d_PUBKEY(pkey.get(), NULL);
468 if (len <= 0) {
469 logOpenSSLError("openssl_get_keypair_public");
470 return -1;
471 }
472
473 UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len)));
474 if (key.get() == NULL) {
475 ALOGE("Could not allocate memory for public key data");
476 return -1;
477 }
478
479 unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
480 if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
481 logOpenSSLError("openssl_get_keypair_public");
482 return -1;
483 }
484
485 ALOGV("Length of x509 data is %d", len);
486 *x509_data_length = len;
487 *x509_data = key.release();
488
489 return 0;
490}
491
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]492static int sign_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, const uint8_t* data,
493 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
494 if (sign_params->digest_type != DIGEST_NONE) {
495 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
496 return -1;
497 }
498
499 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
500 if (dsa.get() == NULL) {
501 logOpenSSLError("openssl_sign_dsa");
502 return -1;
503 }
504
505 unsigned int dsaSize = DSA_size(dsa.get());
506 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dsaSize)));
507 if (signedDataPtr.get() == NULL) {
508 logOpenSSLError("openssl_sign_dsa");
509 return -1;
510 }
511
512 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
513 if (DSA_sign(0, data, dataLength, tmp, &dsaSize, dsa.get()) <= 0) {
514 logOpenSSLError("openssl_sign_dsa");
515 return -1;
516 }
517
518 *signedDataLength = dsaSize;
519 *signedData = signedDataPtr.release();
520
521 return 0;
522}
523
524static int sign_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, const uint8_t* data,
525 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
526 if (sign_params->digest_type != DIGEST_NONE) {
527 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
528 return -1;
529 }
530
531 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
532 if (eckey.get() == NULL) {
533 logOpenSSLError("openssl_sign_ec");
534 return -1;
535 }
536
537 unsigned int ecdsaSize = ECDSA_size(eckey.get());
538 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(ecdsaSize)));
539 if (signedDataPtr.get() == NULL) {
540 logOpenSSLError("openssl_sign_ec");
541 return -1;
542 }
543
544 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
545 if (ECDSA_sign(0, data, dataLength, tmp, &ecdsaSize, eckey.get()) <= 0) {
546 logOpenSSLError("openssl_sign_ec");
547 return -1;
548 }
549
550 *signedDataLength = ecdsaSize;
551 *signedData = signedDataPtr.release();
552
553 return 0;
554}
555
556
557static int sign_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, const uint8_t* data,
558 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
559 if (sign_params->digest_type != DIGEST_NONE) {
560 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
561 return -1;
562 } else if (sign_params->padding_type != PADDING_NONE) {
563 ALOGW("Cannot handle padding type %d", sign_params->padding_type);
564 return -1;
565 }
566
567 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
568 if (rsa.get() == NULL) {
569 logOpenSSLError("openssl_sign_rsa");
570 return -1;
571 }
572
573 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dataLength)));
574 if (signedDataPtr.get() == NULL) {
575 logOpenSSLError("openssl_sign_rsa");
576 return -1;
577 }
578
579 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
580 if (RSA_private_encrypt(dataLength, data, tmp, rsa.get(), RSA_NO_PADDING) <= 0) {
581 logOpenSSLError("openssl_sign_rsa");
582 return -1;
583 }
584
585 *signedDataLength = dataLength;
586 *signedData = signedDataPtr.release();
587
588 return 0;
589}
590
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]591static int openssl_sign_data(const keymaster_device_t* dev,
592 const void* params,
593 const uint8_t* keyBlob, const size_t keyBlobLength,
594 const uint8_t* data, const size_t dataLength,
595 uint8_t** signedData, size_t* signedDataLength) {
596
597 int result = -1;
598 EVP_MD_CTX ctx;
599 size_t maxSize;
600
601 if (data == NULL) {
602 ALOGW("input data to sign == NULL");
603 return -1;
604 } else if (signedData == NULL || signedDataLength == NULL) {
605 ALOGW("output signature buffer == NULL");
606 return -1;
607 }
608
609 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
610 if (pkey.get() == NULL) {
611 return -1;
612 }
613
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]614 int type = EVP_PKEY_type(pkey->type);
615 if (type == EVP_PKEY_DSA) {
616 keymaster_dsa_sign_params_t* sign_params = (keymaster_dsa_sign_params_t*) params;
617 return sign_dsa(pkey.get(), sign_params, data, dataLength, signedData, signedDataLength);
618 } else if (type == EVP_PKEY_EC) {
619 keymaster_ec_sign_params_t* sign_params = (keymaster_ec_sign_params_t*) params;
620 return sign_ec(pkey.get(), sign_params, data, dataLength, signedData, signedDataLength);
621 } else if (type == EVP_PKEY_RSA) {
622 keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
623 return sign_rsa(pkey.get(), sign_params, data, dataLength, signedData, signedDataLength);
624 } else {
625 ALOGW("Unsupported key type");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]626 return -1;
627 }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]628}
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]629
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]630static int verify_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params,
631 const uint8_t* signedData, const size_t signedDataLength, const uint8_t* signature,
632 const size_t signatureLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]633 if (sign_params->digest_type != DIGEST_NONE) {
634 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
635 return -1;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]636 }
637
638 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
639 if (dsa.get() == NULL) {
640 logOpenSSLError("openssl_verify_dsa");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]641 return -1;
642 }
643
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]644 if (DSA_verify(0, signedData, signedDataLength, signature, signatureLength, dsa.get()) <= 0) {
645 logOpenSSLError("openssl_verify_dsa");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]646 return -1;
647 }
648
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]649 return 0;
650}
651
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]652static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params,
653 const uint8_t* signedData, const size_t signedDataLength, const uint8_t* signature,
654 const size_t signatureLength) {
655 if (sign_params->digest_type != DIGEST_NONE) {
656 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]657 return -1;
658 }
659
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]660 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
661 if (eckey.get() == NULL) {
662 logOpenSSLError("openssl_verify_ec");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]663 return -1;
664 }
665
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]666 if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <= 0) {
667 logOpenSSLError("openssl_verify_ec");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]668 return -1;
669 }
670
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]671 return 0;
672}
673
674static int verify_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params,
675 const uint8_t* signedData, const size_t signedDataLength, const uint8_t* signature,
676 const size_t signatureLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]677 if (sign_params->digest_type != DIGEST_NONE) {
678 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
679 return -1;
680 } else if (sign_params->padding_type != PADDING_NONE) {
681 ALOGW("Cannot handle padding type %d", sign_params->padding_type);
682 return -1;
683 } else if (signatureLength != signedDataLength) {
684 ALOGW("signed data length must be signature length");
685 return -1;
686 }
687
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]688 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]689 if (rsa.get() == NULL) {
690 logOpenSSLError("openssl_verify_data");
691 return -1;
692 }
693
694 UniquePtr<uint8_t> dataPtr(reinterpret_cast<uint8_t*>(malloc(signedDataLength)));
695 if (dataPtr.get() == NULL) {
696 logOpenSSLError("openssl_verify_data");
697 return -1;
698 }
699
700 unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get());
701 if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) {
702 logOpenSSLError("openssl_verify_data");
703 return -1;
704 }
705
706 int result = 0;
707 for (size_t i = 0; i < signedDataLength; i++) {
708 result |= tmp[i] ^ signedData[i];
709 }
710
711 return result == 0 ? 0 : -1;
712}
713
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]714static int openssl_verify_data(const keymaster_device_t* dev,
715 const void* params,
716 const uint8_t* keyBlob, const size_t keyBlobLength,
717 const uint8_t* signedData, const size_t signedDataLength,
718 const uint8_t* signature, const size_t signatureLength) {
719
720 if (signedData == NULL || signature == NULL) {
721 ALOGW("data or signature buffers == NULL");
722 return -1;
723 }
724
725 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
726 if (pkey.get() == NULL) {
727 return -1;
728 }
729
730 int type = EVP_PKEY_type(pkey->type);
731 if (type == EVP_PKEY_RSA) {
732 keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
733 return verify_rsa(pkey.get(), sign_params, signedData, signedDataLength, signature,
734 signatureLength);
735 } else if (type == EVP_PKEY_EC) {
736 keymaster_ec_sign_params_t* sign_params = (keymaster_ec_sign_params_t*) params;
737 return verify_ec(pkey.get(), sign_params, signedData, signedDataLength, signature,
738 signatureLength);
739 } else {
740 ALOGW("Unsupported key type %d", type);
741 return -1;
742 }
743}
744
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]745/* Close an opened OpenSSL instance */
746static int openssl_close(hw_device_t *dev) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame^]747 delete dev;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]748 return 0;
749}
750
751/*
752 * Generic device handling
753 */
754static int openssl_open(const hw_module_t* module, const char* name,
755 hw_device_t** device) {
756 if (strcmp(name, KEYSTORE_KEYMASTER) != 0)
757 return -EINVAL;
758
759 Unique_keymaster_device_t dev(new keymaster_device_t);
760 if (dev.get() == NULL)
761 return -ENOMEM;
762
763 dev->common.tag = HARDWARE_DEVICE_TAG;
764 dev->common.version = 1;
765 dev->common.module = (struct hw_module_t*) module;
766 dev->common.close = openssl_close;
767
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]768 dev->flags = KEYMASTER_SOFTWARE_ONLY;
769
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]770 dev->generate_keypair = openssl_generate_keypair;
771 dev->import_keypair = openssl_import_keypair;
772 dev->get_keypair_public = openssl_get_keypair_public;
773 dev->delete_keypair = NULL;
Kenny Rootc0ff10d2012-05-17 12:42:15 -0700[diff] [blame]774 dev->delete_all = NULL;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]775 dev->sign_data = openssl_sign_data;
776 dev->verify_data = openssl_verify_data;
777
778 ERR_load_crypto_strings();
779 ERR_load_BIO_strings();
780
781 *device = reinterpret_cast<hw_device_t*>(dev.release());
782
783 return 0;
784}
785
786static struct hw_module_methods_t keystore_module_methods = {
787 open: openssl_open,
788};
789
790struct keystore_module HAL_MODULE_INFO_SYM
791__attribute__ ((visibility ("default"))) = {
792 common: {
793 tag: HARDWARE_MODULE_TAG,
794 version_major: 1,
795 version_minor: 0,
796 id: KEYSTORE_HARDWARE_MODULE_ID,
797 name: "Keymaster OpenSSL HAL",
798 author: "The Android Open Source Project",
799 methods: &keystore_module_methods,
800 dso: 0,
801 reserved: {},
802 },
803};