Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / ccfff10f66d568b91ed155a798c5eaac2551f160 / . / softkeymaster / keymaster_openssl.cpp
blob: f4d55bd4da97bedfb92b345c2b4e3126a3d3bdb3 [file] [log] [blame]
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#include <errno.h>
17#include <string.h>
18#include <stdint.h>
19
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <keystore/keystore.h>
Shawn Willden461d97e2015-03-17 20:44:39 -0600[diff] [blame]21#include <keymaster/softkeymaster.h>
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]22
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]23#include <hardware/hardware.h>
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]24#include <hardware/keymaster0.h>
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]25
26#include <openssl/evp.h>
27#include <openssl/bio.h>
28#include <openssl/rsa.h>
29#include <openssl/err.h>
30#include <openssl/x509.h>
31
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]32#include <memory>
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]33
34// For debugging
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]35// #define LOG_NDEBUG 0
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]36
37#define LOG_TAG "OpenSSLKeyMaster"
38#include <cutils/log.h>
39
40struct BIGNUM_Delete {
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]41 void operator()(BIGNUM* p) const { BN_free(p); }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]42};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]43typedef std::unique_ptr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]44
45struct EVP_PKEY_Delete {
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]46 void operator()(EVP_PKEY* p) const { EVP_PKEY_free(p); }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]47};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]48typedef std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]49
50struct PKCS8_PRIV_KEY_INFO_Delete {
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]51 void operator()(PKCS8_PRIV_KEY_INFO* p) const { PKCS8_PRIV_KEY_INFO_free(p); }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]52};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]53typedef std::unique_ptr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]54
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]55struct DSA_Delete {
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]56 void operator()(DSA* p) const { DSA_free(p); }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]57};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]58typedef std::unique_ptr<DSA, DSA_Delete> Unique_DSA;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]59
60struct EC_KEY_Delete {
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]61 void operator()(EC_KEY* p) const { EC_KEY_free(p); }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]62};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]63typedef std::unique_ptr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]64
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]65struct EC_GROUP_Delete {
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]66 void operator()(EC_GROUP* p) const { EC_GROUP_free(p); }
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]67};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]68typedef std::unique_ptr<EC_GROUP, EC_GROUP_Delete> Unique_EC_GROUP;
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]69
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]70struct RSA_Delete {
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]71 void operator()(RSA* p) const { RSA_free(p); }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]72};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]73typedef std::unique_ptr<RSA, RSA_Delete> Unique_RSA;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]74
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame]75struct Malloc_Free {
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]76 void operator()(void* p) const { free(p); }
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame]77};
78
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]79typedef std::unique_ptr<keymaster0_device_t> Unique_keymaster_device_t;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]80
81/**
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]82 * Many OpenSSL APIs take ownership of an argument on success but
83 * don't free the argument on failure. This means we need to tell our
84 * scoped pointers when we've transferred ownership, without
85 * triggering a warning by not using the result of release().
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]86 */
Shawn Willden2cd28fa2014-06-13 11:51:08 -0600[diff] [blame]87template <typename T, typename Delete_T>
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]88inline void release_because_ownership_transferred(std::unique_ptr<T, Delete_T>& p) {
Shawn Willden2cd28fa2014-06-13 11:51:08 -0600[diff] [blame]89 T* val __attribute__((unused)) = p.release();
90}
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]91
92/*
93 * Checks this thread's OpenSSL error queue and logs if
94 * necessary.
95 */
96static void logOpenSSLError(const char* location) {
97 int error = ERR_get_error();
98
99 if (error != 0) {
100 char message[256];
101 ERR_error_string_n(error, message, sizeof(message));
102 ALOGE("OpenSSL error in %s %d: %s", location, error, message);
103 }
104
105 ERR_clear_error();
Adam Langley53d13c52014-09-23 17:40:53 -0700[diff] [blame]106 ERR_remove_thread_state(NULL);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]107}
108
109static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlobLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]110 /*
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]111 * Find the length of each size. Public key is not needed anymore
112 * but must be kept for alignment purposes.
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]113 */
114 int publicLen = 0;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]115 int privateLen = i2d_PrivateKey(pkey, NULL);
116
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]117 if (privateLen <= 0) {
118 ALOGE("private key size was too big");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]119 return -1;
120 }
121
122 /* int type + int size + private key data + int size + public key data */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]123 *keyBlobLength = get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + privateLen +
124 sizeof(privateLen) + publicLen;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]125
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame]126 // derData will be returned to the caller, so allocate it with malloc.
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]127 std::unique_ptr<unsigned char, Malloc_Free> derData(
Shawn Willden8d0531e2014-06-17 11:45:07 -0600[diff] [blame]128 static_cast<unsigned char*>(malloc(*keyBlobLength)));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]129 if (derData.get() == NULL) {
130 ALOGE("could not allocate memory for key blob");
131 return -1;
132 }
133 unsigned char* p = derData.get();
134
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]135 /* Write the magic value for software keys. */
136 p = add_softkey_header(p, *keyBlobLength);
137
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]138 /* Write key type to allocated buffer */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]139 for (int i = sizeof(type) - 1; i >= 0; i--) {
140 *p++ = (type >> (8 * i)) & 0xFF;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]141 }
142
143 /* Write public key to allocated buffer */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]144 for (int i = sizeof(publicLen) - 1; i >= 0; i--) {
145 *p++ = (publicLen >> (8 * i)) & 0xFF;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]146 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]147
148 /* Write private key to allocated buffer */
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]149 for (int i = sizeof(privateLen) - 1; i >= 0; i--) {
150 *p++ = (privateLen >> (8 * i)) & 0xFF;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]151 }
152 if (i2d_PrivateKey(pkey, &p) != privateLen) {
153 logOpenSSLError("wrap_key");
154 return -1;
155 }
156
157 *keyBlob = derData.release();
158
159 return 0;
160}
161
162static EVP_PKEY* unwrap_key(const uint8_t* keyBlob, const size_t keyBlobLength) {
163 long publicLen = 0;
164 long privateLen = 0;
165 const uint8_t* p = keyBlob;
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]166 const uint8_t* const end = keyBlob + keyBlobLength;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]167
168 if (keyBlob == NULL) {
169 ALOGE("supplied key blob was NULL");
170 return NULL;
171 }
172
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]173 int type = 0;
174 if (keyBlobLength < (get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + 1 +
175 sizeof(privateLen) + 1)) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]176 ALOGE("key blob appears to be truncated");
177 return NULL;
178 }
179
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]180 if (!is_softkey(p, keyBlobLength)) {
181 ALOGE("cannot read key; it was not made by this keymaster");
182 return NULL;
183 }
184 p += get_softkey_header_size();
185
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]186 for (size_t i = 0; i < sizeof(type); i++) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]187 type = (type << 8) | *p++;
188 }
189
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]190 for (size_t i = 0; i < sizeof(type); i++) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]191 publicLen = (publicLen << 8) | *p++;
192 }
193 if (p + publicLen > end) {
Matteo Franchin6489e022013-12-02 14:46:29 +0000[diff] [blame]194 ALOGE("public key length encoding error: size=%ld, end=%td", publicLen, end - p);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]195 return NULL;
196 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]197
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]198 p += publicLen;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]199 if (end - p < 2) {
200 ALOGE("private key truncated");
201 return NULL;
202 }
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]203 for (size_t i = 0; i < sizeof(type); i++) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]204 privateLen = (privateLen << 8) | *p++;
205 }
206 if (p + privateLen > end) {
Matteo Franchin6489e022013-12-02 14:46:29 +0000[diff] [blame]207 ALOGE("private key length encoding error: size=%ld, end=%td", privateLen, end - p);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]208 return NULL;
209 }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]210
Adam Langley44ee6262016-01-14 10:01:50 -0800[diff] [blame]211 Unique_EVP_PKEY pkey(d2i_PrivateKey(type, nullptr, &p, privateLen));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]212 if (pkey.get() == NULL) {
213 logOpenSSLError("unwrap_key");
214 return NULL;
215 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]216
217 return pkey.release();
218}
219
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]220static int generate_dsa_keypair(EVP_PKEY* pkey, const keymaster_dsa_keygen_params_t* dsa_params) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]221 if (dsa_params->key_size < 512) {
222 ALOGI("Requested DSA key size is too small (<512)");
223 return -1;
224 }
225
226 Unique_DSA dsa(DSA_new());
227
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]228 if (dsa_params->generator_len == 0 || dsa_params->prime_p_len == 0 ||
229 dsa_params->prime_q_len == 0 || dsa_params->generator == NULL ||
230 dsa_params->prime_p == NULL || dsa_params->prime_q == NULL) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]231 if (DSA_generate_parameters_ex(dsa.get(), dsa_params->key_size, NULL, 0, NULL, NULL,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]232 NULL) != 1) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]233 logOpenSSLError("generate_dsa_keypair");
234 return -1;
235 }
236 } else {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]237 dsa->g = BN_bin2bn(dsa_params->generator, dsa_params->generator_len, NULL);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]238 if (dsa->g == NULL) {
239 logOpenSSLError("generate_dsa_keypair");
240 return -1;
241 }
242
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]243 dsa->p = BN_bin2bn(dsa_params->prime_p, dsa_params->prime_p_len, NULL);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]244 if (dsa->p == NULL) {
245 logOpenSSLError("generate_dsa_keypair");
246 return -1;
247 }
248
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]249 dsa->q = BN_bin2bn(dsa_params->prime_q, dsa_params->prime_q_len, NULL);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]250 if (dsa->q == NULL) {
251 logOpenSSLError("generate_dsa_keypair");
252 return -1;
253 }
254 }
255
256 if (DSA_generate_key(dsa.get()) != 1) {
257 logOpenSSLError("generate_dsa_keypair");
258 return -1;
259 }
260
261 if (EVP_PKEY_assign_DSA(pkey, dsa.get()) == 0) {
262 logOpenSSLError("generate_dsa_keypair");
263 return -1;
264 }
Shawn Willden2cd28fa2014-06-13 11:51:08 -0600[diff] [blame]265 release_because_ownership_transferred(dsa);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]266
267 return 0;
268}
269
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]270static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) {
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]271 Unique_EC_GROUP group;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]272 switch (ec_params->field_size) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]273 case 224:
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]274 group.reset(EC_GROUP_new_by_curve_name(NID_secp224r1));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]275 break;
276 case 256:
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]277 group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]278 break;
279 case 384:
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]280 group.reset(EC_GROUP_new_by_curve_name(NID_secp384r1));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]281 break;
282 case 521:
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]283 group.reset(EC_GROUP_new_by_curve_name(NID_secp521r1));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]284 break;
285 default:
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]286 break;
287 }
288
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]289 if (group.get() == NULL) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]290 logOpenSSLError("generate_ec_keypair");
291 return -1;
292 }
293
Adam Langley53d13c52014-09-23 17:40:53 -0700[diff] [blame]294#if !defined(OPENSSL_IS_BORINGSSL)
Adam Langleyb2747fe2014-12-11 17:19:31 -0800[diff] [blame]295 EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED);
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]296 EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE);
Adam Langley53d13c52014-09-23 17:40:53 -0700[diff] [blame]297#endif
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]298
299 /* initialize EC key */
300 Unique_EC_KEY eckey(EC_KEY_new());
301 if (eckey.get() == NULL) {
302 logOpenSSLError("generate_ec_keypair");
303 return -1;
304 }
305
Shawn Willden18a00e12014-06-17 10:50:03 -0600[diff] [blame]306 if (EC_KEY_set_group(eckey.get(), group.get()) != 1) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]307 logOpenSSLError("generate_ec_keypair");
308 return -1;
309 }
310
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]311 if (EC_KEY_generate_key(eckey.get()) != 1 || EC_KEY_check_key(eckey.get()) < 0) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]312 logOpenSSLError("generate_ec_keypair");
313 return -1;
314 }
315
316 if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) {
317 logOpenSSLError("generate_ec_keypair");
318 return -1;
319 }
Shawn Willden2cd28fa2014-06-13 11:51:08 -0600[diff] [blame]320 release_because_ownership_transferred(eckey);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]321
322 return 0;
323}
324
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]325static int generate_rsa_keypair(EVP_PKEY* pkey, const keymaster_rsa_keygen_params_t* rsa_params) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]326 Unique_BIGNUM bn(BN_new());
327 if (bn.get() == NULL) {
328 logOpenSSLError("generate_rsa_keypair");
329 return -1;
330 }
331
332 if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) {
333 logOpenSSLError("generate_rsa_keypair");
334 return -1;
335 }
336
337 /* initialize RSA */
338 Unique_RSA rsa(RSA_new());
339 if (rsa.get() == NULL) {
340 logOpenSSLError("generate_rsa_keypair");
341 return -1;
342 }
343
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]344 if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL) ||
345 RSA_check_key(rsa.get()) < 0) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]346 logOpenSSLError("generate_rsa_keypair");
347 return -1;
348 }
349
350 if (EVP_PKEY_assign_RSA(pkey, rsa.get()) == 0) {
351 logOpenSSLError("generate_rsa_keypair");
352 return -1;
353 }
Shawn Willden2cd28fa2014-06-13 11:51:08 -0600[diff] [blame]354 release_because_ownership_transferred(rsa);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]355
356 return 0;
357}
358
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]359__attribute__((visibility("default"))) int openssl_generate_keypair(
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]360 const keymaster0_device_t*, const keymaster_keypair_t key_type, const void* key_params,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]361 uint8_t** keyBlob, size_t* keyBlobLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]362 Unique_EVP_PKEY pkey(EVP_PKEY_new());
363 if (pkey.get() == NULL) {
364 logOpenSSLError("openssl_generate_keypair");
365 return -1;
366 }
367
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]368 if (key_params == NULL) {
369 ALOGW("key_params == null");
370 return -1;
371 } else if (key_type == TYPE_DSA) {
372 const keymaster_dsa_keygen_params_t* dsa_params =
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]373 (const keymaster_dsa_keygen_params_t*)key_params;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]374 generate_dsa_keypair(pkey.get(), dsa_params);
375 } else if (key_type == TYPE_EC) {
376 const keymaster_ec_keygen_params_t* ec_params =
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]377 (const keymaster_ec_keygen_params_t*)key_params;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]378 generate_ec_keypair(pkey.get(), ec_params);
379 } else if (key_type == TYPE_RSA) {
380 const keymaster_rsa_keygen_params_t* rsa_params =
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]381 (const keymaster_rsa_keygen_params_t*)key_params;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]382 generate_rsa_keypair(pkey.get(), rsa_params);
383 } else {
384 ALOGW("Unsupported key type %d", key_type);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]385 return -1;
386 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]387
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]388 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), keyBlob, keyBlobLength)) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]389 return -1;
390 }
391
392 return 0;
393}
394
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]395__attribute__((visibility("default"))) int openssl_import_keypair(const keymaster0_device_t*,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]396 const uint8_t* key,
397 const size_t key_length,
398 uint8_t** key_blob,
399 size_t* key_blob_length) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]400 if (key == NULL) {
401 ALOGW("input key == NULL");
402 return -1;
403 } else if (key_blob == NULL || key_blob_length == NULL) {
404 ALOGW("output key blob or length == NULL");
405 return -1;
406 }
407
408 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length));
409 if (pkcs8.get() == NULL) {
410 logOpenSSLError("openssl_import_keypair");
411 return -1;
412 }
413
414 /* assign to EVP */
415 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get()));
416 if (pkey.get() == NULL) {
417 logOpenSSLError("openssl_import_keypair");
418 return -1;
419 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]420
421 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), key_blob, key_blob_length)) {
422 return -1;
423 }
424
425 return 0;
426}
427
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]428__attribute__((visibility("default"))) int openssl_get_keypair_public(const keymaster0_device_t*,
429 const uint8_t* key_blob,
430 const size_t key_blob_length,
431 uint8_t** x509_data,
432 size_t* x509_data_length) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]433 if (x509_data == NULL || x509_data_length == NULL) {
434 ALOGW("output public key buffer == NULL");
435 return -1;
436 }
437
438 Unique_EVP_PKEY pkey(unwrap_key(key_blob, key_blob_length));
439 if (pkey.get() == NULL) {
440 return -1;
441 }
442
443 int len = i2d_PUBKEY(pkey.get(), NULL);
444 if (len <= 0) {
445 logOpenSSLError("openssl_get_keypair_public");
446 return -1;
447 }
448
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]449 std::unique_ptr<uint8_t, Malloc_Free> key(static_cast<uint8_t*>(malloc(len)));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]450 if (key.get() == NULL) {
451 ALOGE("Could not allocate memory for public key data");
452 return -1;
453 }
454
455 unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
456 if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
457 logOpenSSLError("openssl_get_keypair_public");
458 return -1;
459 }
460
461 ALOGV("Length of x509 data is %d", len);
462 *x509_data_length = len;
463 *x509_data = key.release();
464
465 return 0;
466}
467
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]468static int sign_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, const uint8_t* data,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]469 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]470 if (sign_params->digest_type != DIGEST_NONE) {
471 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
472 return -1;
473 }
474
475 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
476 if (dsa.get() == NULL) {
477 logOpenSSLError("openssl_sign_dsa");
478 return -1;
479 }
480
481 unsigned int dsaSize = DSA_size(dsa.get());
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]482 std::unique_ptr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dsaSize)));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]483 if (signedDataPtr.get() == NULL) {
484 logOpenSSLError("openssl_sign_dsa");
485 return -1;
486 }
487
488 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
489 if (DSA_sign(0, data, dataLength, tmp, &dsaSize, dsa.get()) <= 0) {
490 logOpenSSLError("openssl_sign_dsa");
491 return -1;
492 }
493
494 *signedDataLength = dsaSize;
495 *signedData = signedDataPtr.release();
496
497 return 0;
498}
499
500static int sign_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, const uint8_t* data,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]501 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]502 if (sign_params->digest_type != DIGEST_NONE) {
503 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
504 return -1;
505 }
506
507 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
508 if (eckey.get() == NULL) {
509 logOpenSSLError("openssl_sign_ec");
510 return -1;
511 }
512
513 unsigned int ecdsaSize = ECDSA_size(eckey.get());
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]514 std::unique_ptr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(ecdsaSize)));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]515 if (signedDataPtr.get() == NULL) {
516 logOpenSSLError("openssl_sign_ec");
517 return -1;
518 }
519
520 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
521 if (ECDSA_sign(0, data, dataLength, tmp, &ecdsaSize, eckey.get()) <= 0) {
522 logOpenSSLError("openssl_sign_ec");
523 return -1;
524 }
525
526 *signedDataLength = ecdsaSize;
527 *signedData = signedDataPtr.release();
528
529 return 0;
530}
531
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]532static int sign_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, const uint8_t* data,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]533 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]534 if (sign_params->digest_type != DIGEST_NONE) {
535 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
536 return -1;
537 } else if (sign_params->padding_type != PADDING_NONE) {
538 ALOGW("Cannot handle padding type %d", sign_params->padding_type);
539 return -1;
540 }
541
542 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
543 if (rsa.get() == NULL) {
544 logOpenSSLError("openssl_sign_rsa");
545 return -1;
546 }
547
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]548 std::unique_ptr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dataLength)));
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]549 if (signedDataPtr.get() == NULL) {
550 logOpenSSLError("openssl_sign_rsa");
551 return -1;
552 }
553
554 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
555 if (RSA_private_encrypt(dataLength, data, tmp, rsa.get(), RSA_NO_PADDING) <= 0) {
556 logOpenSSLError("openssl_sign_rsa");
557 return -1;
558 }
559
560 *signedDataLength = dataLength;
561 *signedData = signedDataPtr.release();
562
563 return 0;
564}
565
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]566__attribute__((visibility("default"))) int openssl_sign_data(
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]567 const keymaster0_device_t*, const void* params, const uint8_t* keyBlob,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]568 const size_t keyBlobLength, const uint8_t* data, const size_t dataLength, uint8_t** signedData,
569 size_t* signedDataLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]570 if (data == NULL) {
571 ALOGW("input data to sign == NULL");
572 return -1;
573 } else if (signedData == NULL || signedDataLength == NULL) {
574 ALOGW("output signature buffer == NULL");
575 return -1;
576 }
577
578 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
579 if (pkey.get() == NULL) {
580 return -1;
581 }
582
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]583 int type = EVP_PKEY_type(pkey->type);
584 if (type == EVP_PKEY_DSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]585 const keymaster_dsa_sign_params_t* sign_params =
586 reinterpret_cast<const keymaster_dsa_sign_params_t*>(params);
587 return sign_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params), data,
588 dataLength, signedData, signedDataLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]589 } else if (type == EVP_PKEY_EC) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]590 const keymaster_ec_sign_params_t* sign_params =
591 reinterpret_cast<const keymaster_ec_sign_params_t*>(params);
592 return sign_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params), data,
593 dataLength, signedData, signedDataLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]594 } else if (type == EVP_PKEY_RSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]595 const keymaster_rsa_sign_params_t* sign_params =
596 reinterpret_cast<const keymaster_rsa_sign_params_t*>(params);
597 return sign_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params), data,
598 dataLength, signedData, signedDataLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]599 } else {
600 ALOGW("Unsupported key type");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]601 return -1;
602 }
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]603}
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]604
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]605static int verify_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]606 const uint8_t* signedData, const size_t signedDataLength,
607 const uint8_t* signature, const size_t signatureLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]608 if (sign_params->digest_type != DIGEST_NONE) {
609 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
610 return -1;
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]611 }
612
613 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
614 if (dsa.get() == NULL) {
615 logOpenSSLError("openssl_verify_dsa");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]616 return -1;
617 }
618
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]619 if (DSA_verify(0, signedData, signedDataLength, signature, signatureLength, dsa.get()) <= 0) {
620 logOpenSSLError("openssl_verify_dsa");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]621 return -1;
622 }
623
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]624 return 0;
625}
626
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]627static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]628 const uint8_t* signedData, const size_t signedDataLength,
629 const uint8_t* signature, const size_t signatureLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]630 if (sign_params->digest_type != DIGEST_NONE) {
631 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]632 return -1;
633 }
634
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]635 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
636 if (eckey.get() == NULL) {
637 logOpenSSLError("openssl_verify_ec");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]638 return -1;
639 }
640
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]641 if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <=
642 0) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]643 logOpenSSLError("openssl_verify_ec");
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]644 return -1;
645 }
646
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]647 return 0;
648}
649
650static int verify_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]651 const uint8_t* signedData, const size_t signedDataLength,
652 const uint8_t* signature, const size_t signatureLength) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]653 if (sign_params->digest_type != DIGEST_NONE) {
654 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
655 return -1;
656 } else if (sign_params->padding_type != PADDING_NONE) {
657 ALOGW("Cannot handle padding type %d", sign_params->padding_type);
658 return -1;
659 } else if (signatureLength != signedDataLength) {
660 ALOGW("signed data length must be signature length");
661 return -1;
662 }
663
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]664 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]665 if (rsa.get() == NULL) {
666 logOpenSSLError("openssl_verify_data");
667 return -1;
668 }
669
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame^]670 std::unique_ptr<uint8_t[]> dataPtr(new uint8_t[signedDataLength]);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]671 if (dataPtr.get() == NULL) {
672 logOpenSSLError("openssl_verify_data");
673 return -1;
674 }
675
676 unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get());
677 if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) {
678 logOpenSSLError("openssl_verify_data");
679 return -1;
680 }
681
682 int result = 0;
683 for (size_t i = 0; i < signedDataLength; i++) {
684 result |= tmp[i] ^ signedData[i];
685 }
686
687 return result == 0 ? 0 : -1;
688}
689
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]690__attribute__((visibility("default"))) int openssl_verify_data(
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]691 const keymaster0_device_t*, const void* params, const uint8_t* keyBlob,
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]692 const size_t keyBlobLength, const uint8_t* signedData, const size_t signedDataLength,
693 const uint8_t* signature, const size_t signatureLength) {
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]694 if (signedData == NULL || signature == NULL) {
695 ALOGW("data or signature buffers == NULL");
696 return -1;
697 }
698
699 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
700 if (pkey.get() == NULL) {
701 return -1;
702 }
703
704 int type = EVP_PKEY_type(pkey->type);
Kenny Rootb4d2e022013-09-04 13:56:03 -0700[diff] [blame]705 if (type == EVP_PKEY_DSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]706 const keymaster_dsa_sign_params_t* sign_params =
707 reinterpret_cast<const keymaster_dsa_sign_params_t*>(params);
708 return verify_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params),
709 signedData, signedDataLength, signature, signatureLength);
Kenny Rootb4d2e022013-09-04 13:56:03 -0700[diff] [blame]710 } else if (type == EVP_PKEY_RSA) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]711 const keymaster_rsa_sign_params_t* sign_params =
712 reinterpret_cast<const keymaster_rsa_sign_params_t*>(params);
713 return verify_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params),
714 signedData, signedDataLength, signature, signatureLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]715 } else if (type == EVP_PKEY_EC) {
Shawn Willden1406b8a2014-06-12 11:39:48 -0600[diff] [blame]716 const keymaster_ec_sign_params_t* sign_params =
717 reinterpret_cast<const keymaster_ec_sign_params_t*>(params);
718 return verify_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params),
719 signedData, signedDataLength, signature, signatureLength);
Kenny Root60711792013-08-16 14:02:41 -0700[diff] [blame]720 } else {
721 ALOGW("Unsupported key type %d", type);
722 return -1;
723 }
724}
Chad Brubakerc0703ac2015-01-12 14:13:14 -0800[diff] [blame]725
726/* Close an opened OpenSSL instance */
727static int openssl_close(hw_device_t* dev) {
728 delete dev;
729 return 0;
730}
731
732/*
733 * Generic device handling
734 */
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]735__attribute__((visibility("default"))) int openssl_open(const hw_module_t* module, const char* name,
736 hw_device_t** device) {
Chad Brubakerc0703ac2015-01-12 14:13:14 -0800[diff] [blame]737 if (strcmp(name, KEYSTORE_KEYMASTER) != 0)
738 return -EINVAL;
739
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]740 Unique_keymaster_device_t dev(new keymaster0_device_t);
Chad Brubakerc0703ac2015-01-12 14:13:14 -0800[diff] [blame]741 if (dev.get() == NULL)
742 return -ENOMEM;
743
744 dev->common.tag = HARDWARE_DEVICE_TAG;
745 dev->common.version = 1;
746 dev->common.module = (struct hw_module_t*)module;
747 dev->common.close = openssl_close;
748
Shawn Willdene1faa9f2015-05-11 07:12:50 -0600[diff] [blame]749 dev->flags = KEYMASTER_SOFTWARE_ONLY | KEYMASTER_BLOBS_ARE_STANDALONE | KEYMASTER_SUPPORTS_DSA |
750 KEYMASTER_SUPPORTS_EC;
Chad Brubakerc0703ac2015-01-12 14:13:14 -0800[diff] [blame]751
752 dev->generate_keypair = openssl_generate_keypair;
753 dev->import_keypair = openssl_import_keypair;
754 dev->get_keypair_public = openssl_get_keypair_public;
755 dev->delete_keypair = NULL;
756 dev->delete_all = NULL;
757 dev->sign_data = openssl_sign_data;
758 dev->verify_data = openssl_verify_data;
759
760 ERR_load_crypto_strings();
761 ERR_load_BIO_strings();
762
763 *device = reinterpret_cast<hw_device_t*>(dev.release());
764
765 return 0;
766}
767
768static struct hw_module_methods_t keystore_module_methods = {
769 .open = openssl_open,
770};
771
772struct keystore_module softkeymaster_module __attribute__((visibility("default"))) = {
Shawn Willdena5bbf2f2015-02-24 09:31:25 -0700[diff] [blame]773 .common =
774 {
775 .tag = HARDWARE_MODULE_TAG,
776 .module_api_version = KEYMASTER_MODULE_API_VERSION_0_2,
777 .hal_api_version = HARDWARE_HAL_API_VERSION,
778 .id = KEYSTORE_HARDWARE_MODULE_ID,
779 .name = "Keymaster OpenSSL HAL",
780 .author = "The Android Open Source Project",
781 .methods = &keystore_module_methods,
782 .dso = 0,
783 .reserved = {},
784 },
Chad Brubakerc0703ac2015-01-12 14:13:14 -0800[diff] [blame]785};