Blame - keystore-engine/android_engine.cpp - android_system_security

blob: e3525b2af24d5c0413a479fd02d48a83e46f1fb4 [file] [log] [blame]

Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	1	/* Copyright 2014 The Android Open Source Project
				2	*
				3	* Redistribution and use in source and binary forms, with or without
				4	* modification, are permitted provided that the following conditions
				5	* are met:
				6	* 1. Redistributions of source code must retain the above copyright
				7	* notice, this list of conditions and the following disclaimer.
				8	* 2. Redistributions in binary form must reproduce the above copyright
				9	* notice, this list of conditions and the following disclaimer in the
				10	* documentation and/or other materials provided with the distribution.
				11	*
				12	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
				13	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
				14	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
				15	* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
				16	* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
				17	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
				18	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
				19	* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				20	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				21	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
				22
Janis Danisevskis	c7a9fa2	2016-10-13 18:43:45 +0100	[diff] [blame]	23	#define LOG_TAG "keystore-engine"
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	24
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	25	#include <pthread.h>
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	26	#include <sys/socket.h>
				27	#include <stdarg.h>
				28	#include <string.h>
				29	#include <unistd.h>
				30
Logan Chien	cdc813f	2018-04-23 13:52:28 +0800	[diff] [blame]	31	#include <log/log.h>
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	32
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	33	#include <openssl/bn.h>
				34	#include <openssl/ec.h>
				35	#include <openssl/ec_key.h>
				36	#include <openssl/ecdsa.h>
				37	#include <openssl/engine.h>
				38	#include <openssl/evp.h>
				39	#include <openssl/rsa.h>
				40	#include <openssl/x509.h>
				41
Janis Danisevskis	ccfff10	2017-05-01 11:02:51 -0700	[diff] [blame]	42	#include <memory>
				43
Paul Stewart	657356c	2017-03-09 00:00:23 -0800	[diff] [blame]	44	#ifndef BACKEND_WIFI_HIDL
				45	#include "keystore_backend_binder.h"
				46	#else
				47	#include "keystore_backend_hidl.h"
				48	#endif
				49
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	50	namespace {
Robert Sloan	29f72ec	2017-07-14 12:21:26 -0700	[diff] [blame]	51	KeystoreBackend *g_keystore_backend;
				52	void ensure_keystore_engine();
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	53
				54	/* key_id_dup is called when one of the RSA or EC_KEY objects is duplicated. */
Kenny Root	dcca051	2015-04-18 11:21:48 -0700	[diff] [blame]	55	int key_id_dup(CRYPTO_EX_DATA* /* to */,
				56	const CRYPTO_EX_DATA* /* from */,
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	57	void** from_d,
Kenny Root	dcca051	2015-04-18 11:21:48 -0700	[diff] [blame]	58	int /* index */,
				59	long /* argl */,
				60	void* /* argp */) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	61	char key_id = reinterpret_cast<char >(*from_d);
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	62	if (key_id != nullptr) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	63	*from_d = strdup(key_id);
				64	}
				65	return 1;
				66	}
				67
				68	/* key_id_free is called when one of the RSA, DSA or EC_KEY object is freed. */
Kenny Root	dcca051	2015-04-18 11:21:48 -0700	[diff] [blame]	69	void key_id_free(void* /* parent */,
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	70	void* ptr,
Kenny Root	dcca051	2015-04-18 11:21:48 -0700	[diff] [blame]	71	CRYPTO_EX_DATA* /* ad */,
				72	int /* index */,
				73	long /* argl */,
				74	void* /* argp */) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	75	char key_id = reinterpret_cast<char >(ptr);
				76	free(key_id);
				77	}
				78
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	79	/* Many OpenSSL APIs take ownership of an argument on success but don't free
				80	* the argument on failure. This means we need to tell our scoped pointers when
				81	* we've transferred ownership, without triggering a warning by not using the
				82	* result of release(). */
Rob Barnes	bb6cabd	2018-10-04 17:10:37 -0600	[diff] [blame]	83	#define OWNERSHIP_TRANSFERRED(obj) auto _dummy __attribute__((unused)) = (obj).release()
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	84
Robert Sloan	29f72ec	2017-07-14 12:21:26 -0700	[diff] [blame]	85	const char* rsa_get_key_id(const RSA* rsa);
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	86
				87	/* rsa_private_transform takes a big-endian integer from \|in\|, calculates the
				88	* d'th power of it, modulo the RSA modulus, and writes the result as a
				89	* big-endian integer to \|out\|. Both \|in\| and \|out\| are \|len\| bytes long. It
				90	* returns one on success and zero otherwise. */
				91	int rsa_private_transform(RSA rsa, uint8_t out, const uint8_t *in, size_t len) {
				92	ALOGV("rsa_private_transform(%p, %p, %p, %u)", rsa, out, in, (unsigned) len);
				93
Roshan Pius	30b220e	2017-03-31 16:47:04 -0700	[diff] [blame]	94	ensure_keystore_engine();
				95
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	96	const char *key_id = rsa_get_key_id(rsa);
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	97	if (key_id == nullptr) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	98	ALOGE("key had no key_id!");
				99	return 0;
				100	}
				101
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	102	uint8_t* reply = nullptr;
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	103	size_t reply_len;
				104	int32_t ret = g_keystore_backend->sign(key_id, in, len, &reply, &reply_len);
				105	if (ret < 0) {
				106	ALOGW("There was an error during rsa_decrypt: could not connect");
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	107	return 0;
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	108	} else if (ret != 0) {
				109	ALOGW("Error during sign from keystore: %d", ret);
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	110	return 0;
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	111	} else if (reply_len == 0 \|\| reply == nullptr) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	112	ALOGW("No valid signature returned");
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	113	return 0;
				114	}
				115
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	116	if (reply_len > len) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	117	/* The result of the RSA operation can never be larger than the size of
				118	* the modulus so we assume that the result has extra zeros on the
				119	* left. This provides attackers with an oracle, but there's nothing
				120	* that we can do about it here. */
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	121	ALOGW("Reply len %zu greater than expected %zu", reply_len, len);
				122	memcpy(out, &reply[reply_len - len], len);
				123	} else if (reply_len < len) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	124	/* If the Keystore implementation returns a short value we assume that
				125	* it's because it removed leading zeros from the left side. This is
				126	* bad because it provides attackers with an oracle but we cannot do
				127	* anything about a broken Keystore implementation here. */
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	128	ALOGW("Reply len %zu lesser than expected %zu", reply_len, len);
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	129	memset(out, 0, len);
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	130	memcpy(out + len - reply_len, &reply[0], reply_len);
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	131	} else {
Janis Danisevskis	c7a9fa2	2016-10-13 18:43:45 +0100	[diff] [blame]	132	memcpy(out, &reply[0], len);
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	133	}
				134
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	135	ALOGV("rsa=%p keystore_rsa_priv_dec successful", rsa);
				136	return 1;
				137	}
				138
Robert Sloan	29f72ec	2017-07-14 12:21:26 -0700	[diff] [blame]	139	const char* ecdsa_get_key_id(const EC_KEY* ec_key);
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	140
				141	/* ecdsa_sign signs \|digest_len\| bytes from \|digest\| with \|ec_key\| and writes
				142	* the resulting signature (an ASN.1 encoded blob) to \|sig\|. It returns one on
				143	* success and zero otherwise. */
				144	static int ecdsa_sign(const uint8_t* digest, size_t digest_len, uint8_t* sig,
				145	unsigned int* sig_len, EC_KEY* ec_key) {
				146	ALOGV("ecdsa_sign(%p, %u, %p)", digest, (unsigned) digest_len, ec_key);
				147
Roshan Pius	30b220e	2017-03-31 16:47:04 -0700	[diff] [blame]	148	ensure_keystore_engine();
				149
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	150	const char *key_id = ecdsa_get_key_id(ec_key);
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	151	if (key_id == nullptr) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	152	ALOGE("key had no key_id!");
				153	return 0;
				154	}
				155
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	156	size_t ecdsa_size = ECDSA_size(ec_key);
				157
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	158	uint8_t* reply = nullptr;
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	159	size_t reply_len;
				160	int32_t ret = g_keystore_backend->sign(
				161	key_id, digest, digest_len, &reply, &reply_len);
				162	if (ret < 0) {
				163	ALOGW("There was an error during ecdsa_sign: could not connect");
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	164	return 0;
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	165	} else if (reply_len == 0 \|\| reply == nullptr) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	166	ALOGW("No valid signature returned");
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	167	return 0;
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	168	} else if (reply_len > ecdsa_size) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	169	ALOGW("Signature is too large");
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	170	return 0;
				171	}
				172
Janis Danisevskis	c7a9fa2	2016-10-13 18:43:45 +0100	[diff] [blame]	173	// Reviewer: should't sig_len be checked here? Or is it just assumed that it is at least ecdsa_size?
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	174	memcpy(sig, &reply[0], reply_len);
				175	*sig_len = reply_len;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	176
				177	ALOGV("ecdsa_sign(%p, %u, %p) => success", digest, (unsigned)digest_len,
				178	ec_key);
				179	return 1;
				180	}
				181
Robert Sloan	29f72ec	2017-07-14 12:21:26 -0700	[diff] [blame]	182	/* KeystoreEngine is a BoringSSL ENGINE that implements RSA and ECDSA by
				183	* forwarding the requested operations to Keystore. */
				184	class KeystoreEngine {
				185	public:
				186	KeystoreEngine()
				187	: rsa_index_(RSA_get_ex_new_index(0 /* argl */,
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	188	nullptr /* argp */,
				189	nullptr /* new_func */,
Robert Sloan	29f72ec	2017-07-14 12:21:26 -0700	[diff] [blame]	190	key_id_dup,
				191	key_id_free)),
				192	ec_key_index_(EC_KEY_get_ex_new_index(0 /* argl */,
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	193	nullptr /* argp */,
				194	nullptr /* new_func */,
Robert Sloan	29f72ec	2017-07-14 12:21:26 -0700	[diff] [blame]	195	key_id_dup,
				196	key_id_free)),
				197	engine_(ENGINE_new()) {
				198	memset(&rsa_method_, 0, sizeof(rsa_method_));
				199	rsa_method_.common.is_static = 1;
				200	rsa_method_.private_transform = rsa_private_transform;
David Benjamin	48d2ea9	2017-12-15 18:35:49 -0500	[diff] [blame]	201	rsa_method_.flags = RSA_FLAG_OPAQUE;
Robert Sloan	29f72ec	2017-07-14 12:21:26 -0700	[diff] [blame]	202	ENGINE_set_RSA_method(engine_, &rsa_method_, sizeof(rsa_method_));
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	203
Robert Sloan	29f72ec	2017-07-14 12:21:26 -0700	[diff] [blame]	204	memset(&ecdsa_method_, 0, sizeof(ecdsa_method_));
				205	ecdsa_method_.common.is_static = 1;
				206	ecdsa_method_.sign = ecdsa_sign;
				207	ecdsa_method_.flags = ECDSA_FLAG_OPAQUE;
				208	ENGINE_set_ECDSA_method(engine_, &ecdsa_method_, sizeof(ecdsa_method_));
				209	}
				210
				211	int rsa_ex_index() const { return rsa_index_; }
				212	int ec_key_ex_index() const { return ec_key_index_; }
				213
				214	const ENGINE* engine() const { return engine_; }
				215
				216	private:
				217	const int rsa_index_;
				218	const int ec_key_index_;
				219	RSA_METHOD rsa_method_;
				220	ECDSA_METHOD ecdsa_method_;
				221	ENGINE* const engine_;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	222	};
				223
Robert Sloan	29f72ec	2017-07-14 12:21:26 -0700	[diff] [blame]	224	pthread_once_t g_keystore_engine_once = PTHREAD_ONCE_INIT;
				225	KeystoreEngine *g_keystore_engine;
				226
				227	/* init_keystore_engine is called to initialize \|g_keystore_engine\|. This
				228	* should only be called by \|pthread_once\|. */
				229	void init_keystore_engine() {
				230	g_keystore_engine = new KeystoreEngine;
				231	#ifndef BACKEND_WIFI_HIDL
				232	g_keystore_backend = new KeystoreBackendBinder;
				233	#else
				234	g_keystore_backend = new KeystoreBackendHidl;
				235	#endif
				236	}
				237
				238	/* ensure_keystore_engine ensures that \|g_keystore_engine\| is pointing to a
				239	* valid \|KeystoreEngine\| object and creates one if not. */
				240	void ensure_keystore_engine() {
				241	pthread_once(&g_keystore_engine_once, init_keystore_engine);
				242	}
				243
				244	const char* rsa_get_key_id(const RSA* rsa) {
				245	return reinterpret_cast<char*>(
				246	RSA_get_ex_data(rsa, g_keystore_engine->rsa_ex_index()));
				247	}
				248
				249	const char* ecdsa_get_key_id(const EC_KEY* ec_key) {
				250	return reinterpret_cast<char*>(
				251	EC_KEY_get_ex_data(ec_key, g_keystore_engine->ec_key_ex_index()));
				252	}
				253
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	254	/* wrap_rsa returns an \|EVP_PKEY\| that contains an RSA key where the public
				255	* part is taken from \|public_rsa\| and the private operations are forwarded to
				256	* KeyStore and operate on the key named \|key_id\|. */
				257	static EVP_PKEY wrap_rsa(const char key_id, const RSA *public_rsa) {
David Benjamin	dc4d142	2019-08-08 12:50:38 -0400	[diff] [blame]	258	bssl::UniquePtr<RSA> rsa(RSA_new_method(g_keystore_engine->engine()));
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	259	if (rsa.get() == nullptr) {
				260	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	261	}
				262
				263	char *key_id_copy = strdup(key_id);
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	264	if (key_id_copy == nullptr) {
				265	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	266	}
				267
				268	if (!RSA_set_ex_data(rsa.get(), g_keystore_engine->rsa_ex_index(),
				269	key_id_copy)) {
				270	free(key_id_copy);
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	271	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	272	}
				273
				274	rsa->n = BN_dup(public_rsa->n);
				275	rsa->e = BN_dup(public_rsa->e);
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	276	if (rsa->n == nullptr \|\| rsa->e == nullptr) {
				277	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	278	}
				279
David Benjamin	dc4d142	2019-08-08 12:50:38 -0400	[diff] [blame]	280	bssl::UniquePtr<EVP_PKEY> result(EVP_PKEY_new());
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	281	if (result.get() == nullptr \|\|
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	282	!EVP_PKEY_assign_RSA(result.get(), rsa.get())) {
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	283	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	284	}
				285	OWNERSHIP_TRANSFERRED(rsa);
				286
				287	return result.release();
				288	}
				289
				290	/* wrap_ecdsa returns an \|EVP_PKEY\| that contains an ECDSA key where the public
				291	* part is taken from \|public_rsa\| and the private operations are forwarded to
				292	* KeyStore and operate on the key named \|key_id\|. */
				293	static EVP_PKEY wrap_ecdsa(const char key_id, const EC_KEY *public_ecdsa) {
David Benjamin	dc4d142	2019-08-08 12:50:38 -0400	[diff] [blame]	294	bssl::UniquePtr<EC_KEY> ec(EC_KEY_new_method(g_keystore_engine->engine()));
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	295	if (ec.get() == nullptr) {
				296	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	297	}
				298
				299	if (!EC_KEY_set_group(ec.get(), EC_KEY_get0_group(public_ecdsa)) \|\|
				300	!EC_KEY_set_public_key(ec.get(), EC_KEY_get0_public_key(public_ecdsa))) {
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	301	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	302	}
				303
				304	char *key_id_copy = strdup(key_id);
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	305	if (key_id_copy == nullptr) {
				306	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	307	}
				308
				309	if (!EC_KEY_set_ex_data(ec.get(), g_keystore_engine->ec_key_ex_index(),
				310	key_id_copy)) {
				311	free(key_id_copy);
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	312	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	313	}
				314
David Benjamin	dc4d142	2019-08-08 12:50:38 -0400	[diff] [blame]	315	bssl::UniquePtr<EVP_PKEY> result(EVP_PKEY_new());
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	316	if (result.get() == nullptr \|\|
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	317	!EVP_PKEY_assign_EC_KEY(result.get(), ec.get())) {
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	318	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	319	}
				320	OWNERSHIP_TRANSFERRED(ec);
				321
				322	return result.release();
				323	}
				324
				325	} /* anonymous namespace */
				326
				327	extern "C" {
				328
				329	EVP_PKEY* EVP_PKEY_from_keystore(const char* key_id) __attribute__((visibility("default")));
				330
				331	/* EVP_PKEY_from_keystore returns an \|EVP_PKEY\| that contains either an RSA or
				332	* ECDSA key where the public part of the key reflects the value of the key
				333	* named \|key_id\| in Keystore and the private operations are forwarded onto
				334	* KeyStore. */
				335	EVP_PKEY* EVP_PKEY_from_keystore(const char* key_id) {
				336	ALOGV("EVP_PKEY_from_keystore(\"%s\")", key_id);
				337
Roshan Pius	30b220e	2017-03-31 16:47:04 -0700	[diff] [blame]	338	ensure_keystore_engine();
				339
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	340	uint8_t *pubkey = nullptr;
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	341	size_t pubkey_len;
				342	int32_t ret = g_keystore_backend->get_pubkey(key_id, &pubkey, &pubkey_len);
				343	if (ret < 0) {
				344	ALOGW("could not contact keystore");
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	345	return nullptr;
				346	} else if (ret != 0 \|\| pubkey == nullptr) {
Paul Stewart	ac0ffbf	2017-03-03 16:43:33 -0800	[diff] [blame]	347	ALOGW("keystore reports error: %d", ret);
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	348	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	349	}
				350
Roshan Pius	30b220e	2017-03-31 16:47:04 -0700	[diff] [blame]	351	const uint8_t *inp = pubkey;
David Benjamin	dc4d142	2019-08-08 12:50:38 -0400	[diff] [blame]	352	bssl::UniquePtr<EVP_PKEY> pkey(d2i_PUBKEY(nullptr, &inp, pubkey_len));
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	353	if (pkey.get() == nullptr) {
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	354	ALOGW("Cannot convert pubkey");
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	355	return nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	356	}
				357
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	358	EVP_PKEY *result;
				359	switch (EVP_PKEY_type(pkey->type)) {
				360	case EVP_PKEY_RSA: {
David Benjamin	dc4d142	2019-08-08 12:50:38 -0400	[diff] [blame]	361	bssl::UniquePtr<RSA> public_rsa(EVP_PKEY_get1_RSA(pkey.get()));
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	362	result = wrap_rsa(key_id, public_rsa.get());
				363	break;
				364	}
				365	case EVP_PKEY_EC: {
David Benjamin	dc4d142	2019-08-08 12:50:38 -0400	[diff] [blame]	366	bssl::UniquePtr<EC_KEY> public_ecdsa(EVP_PKEY_get1_EC_KEY(pkey.get()));
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	367	result = wrap_ecdsa(key_id, public_ecdsa.get());
				368	break;
				369	}
				370	default:
				371	ALOGE("Unsupported key type %d", EVP_PKEY_type(pkey->type));
Yi Kong	d291675	2018-07-26 17:44:27 -0700	[diff] [blame]	372	result = nullptr;
Adam Langley	1fb0583	2014-09-23 17:42:36 -0700	[diff] [blame]	373	}
				374
				375	return result;
				376	}
				377
				378	} // extern "C"