Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 8d0531e9748aa5e4860d3b52c6b0c88cea52f8bd / . / softkeymaster / keymaster_openssl.cpp
blob: 3bf4cecd13b8e3cc3dba1a53abea8471f8c8a7f4 [file] [log] [blame]
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#include <errno.h>
17#include <string.h>
18#include <stdint.h>
19
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <keystore/keystore.h>
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]21
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]22#include <hardware/hardware.h>
23#include <hardware/keymaster.h>
24
25#include <openssl/evp.h>
26#include <openssl/bio.h>
27#include <openssl/rsa.h>
28#include <openssl/err.h>
29#include <openssl/x509.h>
30
Kenny Root26cfc082013-09-11 14:38:56 -0700[diff] [blame]31#include <UniquePtr.h>
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]32
33// For debugging
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]34// #define LOG_NDEBUG 0
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]35
36#define LOG_TAG "OpenSSLKeyMaster"
37#include <cutils/log.h>
38
39struct BIGNUM_Delete {
40 void operator()(BIGNUM* p) const {
41 BN_free(p);
42 }
43};
44typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
45
46struct EVP_PKEY_Delete {
47 void operator()(EVP_PKEY* p) const {
48 EVP_PKEY_free(p);
49 }
50};
51typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
52
53struct PKCS8_PRIV_KEY_INFO_Delete {
54 void operator()(PKCS8_PRIV_KEY_INFO* p) const {
55 PKCS8_PRIV_KEY_INFO_free(p);
56 }
57};
58typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
59
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]60struct DSA_Delete {
61 void operator()(DSA* p) const {
62 DSA_free(p);
63 }
64};
65typedef UniquePtr<DSA, DSA_Delete> Unique_DSA;
66
67struct EC_KEY_Delete {
68 void operator()(EC_KEY* p) const {
69 EC_KEY_free(p);
70 }
71};
72typedef UniquePtr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY;
73
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]74struct RSA_Delete {
75 void operator()(RSA* p) const {
76 RSA_free(p);
77 }
78};
79typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
80
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame^]81struct Malloc_Free {
82 void operator()(void* p) const {
83 free(p);
84 }
85};
86
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]87typedef UniquePtr<keymaster_device_t> Unique_keymaster_device_t;
88
89/**
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]90 * Many OpenSSL APIs take ownership of an argument on success but
91 * don't free the argument on failure. This means we need to tell our
92 * scoped pointers when we've transferred ownership, without
93 * triggering a warning by not using the result of release().
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]94 */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]95#define OWNERSHIP_TRANSFERRED(obj) \
96 typeof(obj.release()) _dummy __attribute__((unused)) = obj.release()
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]97
98/*
99 * Checks this thread's OpenSSL error queue and logs if
100 * necessary.
101 */
102static void logOpenSSLError(const char* location) {
103 int error = ERR_get_error();
104
105 if (error != 0) {
106 char message[256];
107 ERR_error_string_n(error, message, sizeof(message));
108 ALOGE("OpenSSL error in %s %d: %s", location, error, message);
109 }
110
111 ERR_clear_error();
112 ERR_remove_state(0);
113}
114
115static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlobLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]116 /*
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]117 * Find the length of each size. Public key is not needed anymore
118 * but must be kept for alignment purposes.
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]119 */
120 int publicLen = 0;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]121 int privateLen = i2d_PrivateKey(pkey, NULL);
122
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]123 if (privateLen <= 0) {
124 ALOGE("private key size was too big");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]125 return -1;
126 }
127
128 /* int type + int size + private key data + int size + public key data */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]129 *keyBlobLength = get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + privateLen +
130 sizeof(privateLen) + publicLen;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]131
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame^]132 // derData will be returned to the caller, so allocate it with malloc.
133 UniquePtr<unsigned char, Malloc_Free> derData(
134 static_cast<unsigned char*>(malloc(*keyBlobLength)));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]135 if (derData.get() == NULL) {
136 ALOGE("could not allocate memory for key blob");
137 return -1;
138 }
139 unsigned char* p = derData.get();
140
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]141 /* Write the magic value for software keys. */
142 p = add_softkey_header(p, *keyBlobLength);
143
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]144 /* Write key type to allocated buffer */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]145 for (int i = sizeof(type) - 1; i >= 0; i--) {
146 *p++ = (type >> (8 * i)) & 0xFF;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]147 }
148
149 /* Write public key to allocated buffer */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]150 for (int i = sizeof(publicLen) - 1; i >= 0; i--) {
151 *p++ = (publicLen >> (8 * i)) & 0xFF;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]152 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]153
154 /* Write private key to allocated buffer */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]155 for (int i = sizeof(privateLen) - 1; i >= 0; i--) {
156 *p++ = (privateLen >> (8 * i)) & 0xFF;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]157 }
158 if (i2d_PrivateKey(pkey, &p) != privateLen) {
159 logOpenSSLError("wrap_key");
160 return -1;
161 }
162
163 *keyBlob = derData.release();
164
165 return 0;
166}
167
168static EVP_PKEY* unwrap_key(const uint8_t* keyBlob, const size_t keyBlobLength) {
169 long publicLen = 0;
170 long privateLen = 0;
171 const uint8_t* p = keyBlob;
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]172 const uint8_t* const end = keyBlob + keyBlobLength;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]173
174 if (keyBlob == NULL) {
175 ALOGE("supplied key blob was NULL");
176 return NULL;
177 }
178
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]179 int type = 0;
180 if (keyBlobLength < (get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + 1 +
181 sizeof(privateLen) + 1)) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]182 ALOGE("key blob appears to be truncated");
183 return NULL;
184 }
185
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]186 if (!is_softkey(p, keyBlobLength)) {
187 ALOGE("cannot read key; it was not made by this keymaster");
188 return NULL;
189 }
190 p += get_softkey_header_size();
191
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]192 for (size_t i = 0; i < sizeof(type); i++) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]193 type = (type << 8) | *p++;
194 }
195
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]196 for (size_t i = 0; i < sizeof(type); i++) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]197 publicLen = (publicLen << 8) | *p++;
198 }
199 if (p + publicLen > end) {
Matteo Franchin6489e022013-12-02 14:46:29 +0000[diff] [blame]200 ALOGE("public key length encoding error: size=%ld, end=%td", publicLen, end - p);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]201 return NULL;
202 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]203
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]204 p += publicLen;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]205 if (end - p < 2) {
206 ALOGE("private key truncated");
207 return NULL;
208 }
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]209 for (size_t i = 0; i < sizeof(type); i++) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]210 privateLen = (privateLen << 8) | *p++;
211 }
212 if (p + privateLen > end) {
Matteo Franchin6489e022013-12-02 14:46:29 +0000[diff] [blame]213 ALOGE("private key length encoding error: size=%ld, end=%td", privateLen, end - p);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]214 return NULL;
215 }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]216
217 Unique_EVP_PKEY pkey(EVP_PKEY_new());
218 if (pkey.get() == NULL) {
219 logOpenSSLError("unwrap_key");
220 return NULL;
221 }
222 EVP_PKEY* tmp = pkey.get();
223
224 if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) {
225 logOpenSSLError("unwrap_key");
226 return NULL;
227 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]228
229 return pkey.release();
230}
231
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]232static int generate_dsa_keypair(EVP_PKEY* pkey, const keymaster_dsa_keygen_params_t* dsa_params) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]233 if (dsa_params->key_size < 512) {
234 ALOGI("Requested DSA key size is too small (<512)");
235 return -1;
236 }
237
238 Unique_DSA dsa(DSA_new());
239
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]240 if (dsa_params->generator_len == 0 || dsa_params->prime_p_len == 0 ||
241 dsa_params->prime_q_len == 0 || dsa_params->generator == NULL ||
242 dsa_params->prime_p == NULL || dsa_params->prime_q == NULL) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]243 if (DSA_generate_parameters_ex(dsa.get(), dsa_params->key_size, NULL, 0, NULL, NULL,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]244 NULL) != 1) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]245 logOpenSSLError("generate_dsa_keypair");
246 return -1;
247 }
248 } else {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]249 dsa->g = BN_bin2bn(dsa_params->generator, dsa_params->generator_len, NULL);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]250 if (dsa->g == NULL) {
251 logOpenSSLError("generate_dsa_keypair");
252 return -1;
253 }
254
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]255 dsa->p = BN_bin2bn(dsa_params->prime_p, dsa_params->prime_p_len, NULL);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]256 if (dsa->p == NULL) {
257 logOpenSSLError("generate_dsa_keypair");
258 return -1;
259 }
260
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]261 dsa->q = BN_bin2bn(dsa_params->prime_q, dsa_params->prime_q_len, NULL);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]262 if (dsa->q == NULL) {
263 logOpenSSLError("generate_dsa_keypair");
264 return -1;
265 }
266 }
267
268 if (DSA_generate_key(dsa.get()) != 1) {
269 logOpenSSLError("generate_dsa_keypair");
270 return -1;
271 }
272
273 if (EVP_PKEY_assign_DSA(pkey, dsa.get()) == 0) {
274 logOpenSSLError("generate_dsa_keypair");
275 return -1;
276 }
277 OWNERSHIP_TRANSFERRED(dsa);
278
279 return 0;
280}
281
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]282static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]283 EC_GROUP* group;
284 switch (ec_params->field_size) {
285 case 192:
286 group = EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1);
287 break;
288 case 224:
289 group = EC_GROUP_new_by_curve_name(NID_secp224r1);
290 break;
291 case 256:
292 group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
293 break;
294 case 384:
295 group = EC_GROUP_new_by_curve_name(NID_secp384r1);
296 break;
297 case 521:
298 group = EC_GROUP_new_by_curve_name(NID_secp521r1);
299 break;
300 default:
301 group = NULL;
302 break;
303 }
304
305 if (group == NULL) {
306 logOpenSSLError("generate_ec_keypair");
307 return -1;
308 }
309
310 EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
311 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
312
313 /* initialize EC key */
314 Unique_EC_KEY eckey(EC_KEY_new());
315 if (eckey.get() == NULL) {
316 logOpenSSLError("generate_ec_keypair");
317 return -1;
318 }
319
320 if (EC_KEY_set_group(eckey.get(), group) != 1) {
321 logOpenSSLError("generate_ec_keypair");
322 return -1;
323 }
324
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]325 if (EC_KEY_generate_key(eckey.get()) != 1 || EC_KEY_check_key(eckey.get()) < 0) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]326 logOpenSSLError("generate_ec_keypair");
327 return -1;
328 }
329
330 if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) {
331 logOpenSSLError("generate_ec_keypair");
332 return -1;
333 }
334 OWNERSHIP_TRANSFERRED(eckey);
335
336 return 0;
337}
338
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]339static int generate_rsa_keypair(EVP_PKEY* pkey, const keymaster_rsa_keygen_params_t* rsa_params) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]340 Unique_BIGNUM bn(BN_new());
341 if (bn.get() == NULL) {
342 logOpenSSLError("generate_rsa_keypair");
343 return -1;
344 }
345
346 if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) {
347 logOpenSSLError("generate_rsa_keypair");
348 return -1;
349 }
350
351 /* initialize RSA */
352 Unique_RSA rsa(RSA_new());
353 if (rsa.get() == NULL) {
354 logOpenSSLError("generate_rsa_keypair");
355 return -1;
356 }
357
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]358 if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL) ||
359 RSA_check_key(rsa.get()) < 0) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]360 logOpenSSLError("generate_rsa_keypair");
361 return -1;
362 }
363
364 if (EVP_PKEY_assign_RSA(pkey, rsa.get()) == 0) {
365 logOpenSSLError("generate_rsa_keypair");
366 return -1;
367 }
368 OWNERSHIP_TRANSFERRED(rsa);
369
370 return 0;
371}
372
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]373__attribute__((visibility("default"))) int openssl_generate_keypair(
374 const keymaster_device_t*, const keymaster_keypair_t key_type, const void* key_params,
375 uint8_t** keyBlob, size_t* keyBlobLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]376 Unique_EVP_PKEY pkey(EVP_PKEY_new());
377 if (pkey.get() == NULL) {
378 logOpenSSLError("openssl_generate_keypair");
379 return -1;
380 }
381
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]382 if (key_params == NULL) {
383 ALOGW("key_params == null");
384 return -1;
385 } else if (key_type == TYPE_DSA) {
386 const keymaster_dsa_keygen_params_t* dsa_params =
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]387 (const keymaster_dsa_keygen_params_t*)key_params;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]388 generate_dsa_keypair(pkey.get(), dsa_params);
389 } else if (key_type == TYPE_EC) {
390 const keymaster_ec_keygen_params_t* ec_params =
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]391 (const keymaster_ec_keygen_params_t*)key_params;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]392 generate_ec_keypair(pkey.get(), ec_params);
393 } else if (key_type == TYPE_RSA) {
394 const keymaster_rsa_keygen_params_t* rsa_params =
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]395 (const keymaster_rsa_keygen_params_t*)key_params;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]396 generate_rsa_keypair(pkey.get(), rsa_params);
397 } else {
398 ALOGW("Unsupported key type %d", key_type);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]399 return -1;
400 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]401
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]402 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), keyBlob, keyBlobLength)) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]403 return -1;
404 }
405
406 return 0;
407}
408
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]409__attribute__((visibility("default"))) int openssl_import_keypair(const keymaster_device_t*,
410 const uint8_t* key,
411 const size_t key_length,
412 uint8_t** key_blob,
413 size_t* key_blob_length) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]414 if (key == NULL) {
415 ALOGW("input key == NULL");
416 return -1;
417 } else if (key_blob == NULL || key_blob_length == NULL) {
418 ALOGW("output key blob or length == NULL");
419 return -1;
420 }
421
422 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length));
423 if (pkcs8.get() == NULL) {
424 logOpenSSLError("openssl_import_keypair");
425 return -1;
426 }
427
428 /* assign to EVP */
429 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get()));
430 if (pkey.get() == NULL) {
431 logOpenSSLError("openssl_import_keypair");
432 return -1;
433 }
434 OWNERSHIP_TRANSFERRED(pkcs8);
435
436 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), key_blob, key_blob_length)) {
437 return -1;
438 }
439
440 return 0;
441}
442
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]443__attribute__((visibility("default"))) int openssl_get_keypair_public(
444 const struct keymaster_device*, const uint8_t* key_blob, const size_t key_blob_length,
445 uint8_t** x509_data, size_t* x509_data_length) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]446
447 if (x509_data == NULL || x509_data_length == NULL) {
448 ALOGW("output public key buffer == NULL");
449 return -1;
450 }
451
452 Unique_EVP_PKEY pkey(unwrap_key(key_blob, key_blob_length));
453 if (pkey.get() == NULL) {
454 return -1;
455 }
456
457 int len = i2d_PUBKEY(pkey.get(), NULL);
458 if (len <= 0) {
459 logOpenSSLError("openssl_get_keypair_public");
460 return -1;
461 }
462
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame^]463 UniquePtr<uint8_t, Malloc_Free> key(static_cast<uint8_t*>(malloc(len)));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]464 if (key.get() == NULL) {
465 ALOGE("Could not allocate memory for public key data");
466 return -1;
467 }
468
469 unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
470 if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
471 logOpenSSLError("openssl_get_keypair_public");
472 return -1;
473 }
474
475 ALOGV("Length of x509 data is %d", len);
476 *x509_data_length = len;
477 *x509_data = key.release();
478
479 return 0;
480}
481
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]482static int sign_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, const uint8_t* data,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]483 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]484 if (sign_params->digest_type != DIGEST_NONE) {
485 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
486 return -1;
487 }
488
489 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
490 if (dsa.get() == NULL) {
491 logOpenSSLError("openssl_sign_dsa");
492 return -1;
493 }
494
495 unsigned int dsaSize = DSA_size(dsa.get());
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame^]496 UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dsaSize)));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]497 if (signedDataPtr.get() == NULL) {
498 logOpenSSLError("openssl_sign_dsa");
499 return -1;
500 }
501
502 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
503 if (DSA_sign(0, data, dataLength, tmp, &dsaSize, dsa.get()) <= 0) {
504 logOpenSSLError("openssl_sign_dsa");
505 return -1;
506 }
507
508 *signedDataLength = dsaSize;
509 *signedData = signedDataPtr.release();
510
511 return 0;
512}
513
514static int sign_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, const uint8_t* data,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]515 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]516 if (sign_params->digest_type != DIGEST_NONE) {
517 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
518 return -1;
519 }
520
521 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
522 if (eckey.get() == NULL) {
523 logOpenSSLError("openssl_sign_ec");
524 return -1;
525 }
526
527 unsigned int ecdsaSize = ECDSA_size(eckey.get());
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame^]528 UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(ecdsaSize)));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]529 if (signedDataPtr.get() == NULL) {
530 logOpenSSLError("openssl_sign_ec");
531 return -1;
532 }
533
534 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
535 if (ECDSA_sign(0, data, dataLength, tmp, &ecdsaSize, eckey.get()) <= 0) {
536 logOpenSSLError("openssl_sign_ec");
537 return -1;
538 }
539
540 *signedDataLength = ecdsaSize;
541 *signedData = signedDataPtr.release();
542
543 return 0;
544}
545
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]546static int sign_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, const uint8_t* data,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]547 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]548 if (sign_params->digest_type != DIGEST_NONE) {
549 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
550 return -1;
551 } else if (sign_params->padding_type != PADDING_NONE) {
552 ALOGW("Cannot handle padding type %d", sign_params->padding_type);
553 return -1;
554 }
555
556 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
557 if (rsa.get() == NULL) {
558 logOpenSSLError("openssl_sign_rsa");
559 return -1;
560 }
561
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame^]562 UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dataLength)));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]563 if (signedDataPtr.get() == NULL) {
564 logOpenSSLError("openssl_sign_rsa");
565 return -1;
566 }
567
568 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
569 if (RSA_private_encrypt(dataLength, data, tmp, rsa.get(), RSA_NO_PADDING) <= 0) {
570 logOpenSSLError("openssl_sign_rsa");
571 return -1;
572 }
573
574 *signedDataLength = dataLength;
575 *signedData = signedDataPtr.release();
576
577 return 0;
578}
579
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]580__attribute__((visibility("default"))) int openssl_sign_data(
581 const keymaster_device_t*, const void* params, const uint8_t* keyBlob,
582 const size_t keyBlobLength, const uint8_t* data, const size_t dataLength, uint8_t** signedData,
583 size_t* signedDataLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]584 if (data == NULL) {
585 ALOGW("input data to sign == NULL");
586 return -1;
587 } else if (signedData == NULL || signedDataLength == NULL) {
588 ALOGW("output signature buffer == NULL");
589 return -1;
590 }
591
592 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
593 if (pkey.get() == NULL) {
594 return -1;
595 }
596
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]597 int type = EVP_PKEY_type(pkey->type);
598 if (type == EVP_PKEY_DSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]599 const keymaster_dsa_sign_params_t* sign_params =
600 reinterpret_cast<const keymaster_dsa_sign_params_t*>(params);
601 return sign_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params), data,
602 dataLength, signedData, signedDataLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]603 } else if (type == EVP_PKEY_EC) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]604 const keymaster_ec_sign_params_t* sign_params =
605 reinterpret_cast<const keymaster_ec_sign_params_t*>(params);
606 return sign_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params), data,
607 dataLength, signedData, signedDataLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]608 } else if (type == EVP_PKEY_RSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]609 const keymaster_rsa_sign_params_t* sign_params =
610 reinterpret_cast<const keymaster_rsa_sign_params_t*>(params);
611 return sign_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params), data,
612 dataLength, signedData, signedDataLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]613 } else {
614 ALOGW("Unsupported key type");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]615 return -1;
616 }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]617}
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]618
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]619static int verify_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]620 const uint8_t* signedData, const size_t signedDataLength,
621 const uint8_t* signature, const size_t signatureLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]622 if (sign_params->digest_type != DIGEST_NONE) {
623 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
624 return -1;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]625 }
626
627 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
628 if (dsa.get() == NULL) {
629 logOpenSSLError("openssl_verify_dsa");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]630 return -1;
631 }
632
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]633 if (DSA_verify(0, signedData, signedDataLength, signature, signatureLength, dsa.get()) <= 0) {
634 logOpenSSLError("openssl_verify_dsa");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]635 return -1;
636 }
637
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]638 return 0;
639}
640
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]641static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]642 const uint8_t* signedData, const size_t signedDataLength,
643 const uint8_t* signature, const size_t signatureLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]644 if (sign_params->digest_type != DIGEST_NONE) {
645 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]646 return -1;
647 }
648
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]649 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
650 if (eckey.get() == NULL) {
651 logOpenSSLError("openssl_verify_ec");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]652 return -1;
653 }
654
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]655 if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <=
656 0) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]657 logOpenSSLError("openssl_verify_ec");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]658 return -1;
659 }
660
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]661 return 0;
662}
663
664static int verify_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]665 const uint8_t* signedData, const size_t signedDataLength,
666 const uint8_t* signature, const size_t signatureLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]667 if (sign_params->digest_type != DIGEST_NONE) {
668 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
669 return -1;
670 } else if (sign_params->padding_type != PADDING_NONE) {
671 ALOGW("Cannot handle padding type %d", sign_params->padding_type);
672 return -1;
673 } else if (signatureLength != signedDataLength) {
674 ALOGW("signed data length must be signature length");
675 return -1;
676 }
677
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]678 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]679 if (rsa.get() == NULL) {
680 logOpenSSLError("openssl_verify_data");
681 return -1;
682 }
683
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame^]684 UniquePtr<uint8_t[]> dataPtr(new uint8_t[signedDataLength]);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]685 if (dataPtr.get() == NULL) {
686 logOpenSSLError("openssl_verify_data");
687 return -1;
688 }
689
690 unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get());
691 if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) {
692 logOpenSSLError("openssl_verify_data");
693 return -1;
694 }
695
696 int result = 0;
697 for (size_t i = 0; i < signedDataLength; i++) {
698 result |= tmp[i] ^ signedData[i];
699 }
700
701 return result == 0 ? 0 : -1;
702}
703
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]704__attribute__((visibility("default"))) int openssl_verify_data(
705 const keymaster_device_t*, const void* params, const uint8_t* keyBlob,
706 const size_t keyBlobLength, const uint8_t* signedData, const size_t signedDataLength,
707 const uint8_t* signature, const size_t signatureLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]708
709 if (signedData == NULL || signature == NULL) {
710 ALOGW("data or signature buffers == NULL");
711 return -1;
712 }
713
714 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
715 if (pkey.get() == NULL) {
716 return -1;
717 }
718
719 int type = EVP_PKEY_type(pkey->type);
Kenny Rootb4d2e022013-09-04 13:56:03 -0700[diff] [blame]720 if (type == EVP_PKEY_DSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]721 const keymaster_dsa_sign_params_t* sign_params =
722 reinterpret_cast<const keymaster_dsa_sign_params_t*>(params);
723 return verify_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params),
724 signedData, signedDataLength, signature, signatureLength);
Kenny Rootb4d2e022013-09-04 13:56:03 -0700[diff] [blame]725 } else if (type == EVP_PKEY_RSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]726 const keymaster_rsa_sign_params_t* sign_params =
727 reinterpret_cast<const keymaster_rsa_sign_params_t*>(params);
728 return verify_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params),
729 signedData, signedDataLength, signature, signatureLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]730 } else if (type == EVP_PKEY_EC) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]731 const keymaster_ec_sign_params_t* sign_params =
732 reinterpret_cast<const keymaster_ec_sign_params_t*>(params);
733 return verify_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params),
734 signedData, signedDataLength, signature, signatureLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]735 } else {
736 ALOGW("Unsupported key type %d", type);
737 return -1;
738 }
739}