Shawn Willden | d67afae | 2014-08-19 12:36:27 -0600 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame^] | 17 | #include <openssl/evp.h> |
| 18 | #include <openssl/x509.h> |
| 19 | |
Shawn Willden | d67afae | 2014-08-19 12:36:27 -0600 | [diff] [blame] | 20 | #include "asymmetric_key.h" |
| 21 | #include "dsa_operation.h" |
| 22 | #include "ecdsa_operation.h" |
| 23 | #include "key_blob.h" |
| 24 | #include "keymaster_defs.h" |
| 25 | #include "openssl_utils.h" |
| 26 | #include "rsa_operation.h" |
| 27 | |
| 28 | namespace keymaster { |
| 29 | |
| 30 | const uint32_t RSA_DEFAULT_KEY_SIZE = 2048; |
| 31 | const uint64_t RSA_DEFAULT_EXPONENT = 65537; |
| 32 | |
| 33 | const uint32_t DSA_DEFAULT_KEY_SIZE = 2048; |
| 34 | |
| 35 | const uint32_t ECDSA_DEFAULT_KEY_SIZE = 192; |
| 36 | |
| 37 | keymaster_error_t AsymmetricKey::LoadKey(const KeyBlob& blob) { |
| 38 | UniquePtr<EVP_PKEY, EVP_PKEY_Delete> evp_key(EVP_PKEY_new()); |
| 39 | if (evp_key.get() == NULL) |
| 40 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 41 | |
| 42 | EVP_PKEY* tmp_pkey = evp_key.get(); |
| 43 | const uint8_t* key_material = blob.key_material(); |
| 44 | if (d2i_PrivateKey(evp_key_type(), &tmp_pkey, &key_material, blob.key_material_length()) == |
| 45 | NULL) { |
| 46 | return KM_ERROR_INVALID_KEY_BLOB; |
| 47 | } |
| 48 | if (!EvpToInternal(evp_key.get())) |
| 49 | return KM_ERROR_UNKNOWN_ERROR; |
| 50 | |
| 51 | return KM_ERROR_OK; |
| 52 | } |
| 53 | |
| 54 | keymaster_error_t AsymmetricKey::key_material(UniquePtr<uint8_t[]>* material, size_t* size) const { |
| 55 | if (material == NULL || size == NULL) |
| 56 | return KM_ERROR_OUTPUT_PARAMETER_NULL; |
| 57 | |
| 58 | UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new()); |
| 59 | if (pkey.get() == NULL) |
| 60 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 61 | |
| 62 | if (!InternalToEvp(pkey.get())) |
| 63 | return KM_ERROR_UNKNOWN_ERROR; |
| 64 | |
| 65 | *size = i2d_PrivateKey(pkey.get(), NULL /* key_data*/); |
| 66 | if (*size <= 0) |
| 67 | return KM_ERROR_UNKNOWN_ERROR; |
| 68 | |
| 69 | material->reset(new uint8_t[*size]); |
| 70 | uint8_t* tmp = material->get(); |
| 71 | i2d_PrivateKey(pkey.get(), &tmp); |
| 72 | |
| 73 | return KM_ERROR_OK; |
| 74 | } |
| 75 | |
Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame^] | 76 | keymaster_error_t AsymmetricKey::formatted_key_material(keymaster_key_format_t format, |
| 77 | UniquePtr<uint8_t[]>* material, |
Shawn Willden | d67afae | 2014-08-19 12:36:27 -0600 | [diff] [blame] | 78 | size_t* size) const { |
Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame^] | 79 | if (format != KM_KEY_FORMAT_X509) |
| 80 | return KM_ERROR_UNSUPPORTED_KEY_FORMAT; |
| 81 | |
Shawn Willden | d67afae | 2014-08-19 12:36:27 -0600 | [diff] [blame] | 82 | if (material == NULL || size == NULL) |
| 83 | return KM_ERROR_OUTPUT_PARAMETER_NULL; |
| 84 | |
Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame^] | 85 | UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new()); |
| 86 | if (!InternalToEvp(pkey.get())) |
| 87 | return KM_ERROR_UNKNOWN_ERROR; |
| 88 | |
| 89 | int key_data_length = i2d_PUBKEY(pkey.get(), NULL); |
| 90 | if (key_data_length <= 0) |
| 91 | return KM_ERROR_UNKNOWN_ERROR; |
| 92 | |
| 93 | material->reset(new uint8_t[key_data_length]); |
| 94 | if (material->get() == NULL) |
| 95 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 96 | |
| 97 | uint8_t* tmp = material->get(); |
| 98 | if (i2d_PUBKEY(pkey.get(), &tmp) != key_data_length) { |
| 99 | material->reset(); |
| 100 | return KM_ERROR_UNKNOWN_ERROR; |
| 101 | } |
| 102 | |
| 103 | *size = key_data_length; |
| 104 | return KM_ERROR_OK; |
Shawn Willden | d67afae | 2014-08-19 12:36:27 -0600 | [diff] [blame] | 105 | } |
| 106 | |
| 107 | Operation* AsymmetricKey::CreateOperation(keymaster_purpose_t purpose, keymaster_error_t* error) { |
| 108 | keymaster_digest_t digest; |
| 109 | if (!authorizations().GetTagValue(TAG_DIGEST, &digest) || digest != KM_DIGEST_NONE) { |
| 110 | *error = KM_ERROR_UNSUPPORTED_DIGEST; |
| 111 | return NULL; |
| 112 | } |
| 113 | |
| 114 | keymaster_padding_t padding; |
| 115 | if (!authorizations().GetTagValue(TAG_PADDING, &padding) || padding != KM_PAD_NONE) { |
| 116 | *error = KM_ERROR_UNSUPPORTED_PADDING_MODE; |
| 117 | return NULL; |
| 118 | } |
| 119 | |
| 120 | return CreateOperation(purpose, digest, padding, error); |
| 121 | } |
| 122 | |
| 123 | /* static */ |
| 124 | RsaKey* RsaKey::GenerateKey(const AuthorizationSet& key_description, keymaster_error_t* error) { |
| 125 | if (!error) |
| 126 | return NULL; |
| 127 | |
| 128 | AuthorizationSet authorizations(key_description); |
| 129 | |
| 130 | uint64_t public_exponent = RSA_DEFAULT_EXPONENT; |
| 131 | if (!authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent)) |
| 132 | authorizations.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent)); |
| 133 | |
| 134 | uint32_t key_size = RSA_DEFAULT_KEY_SIZE; |
| 135 | if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) |
| 136 | authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size)); |
| 137 | |
| 138 | UniquePtr<BIGNUM, BIGNUM_Delete> exponent(BN_new()); |
| 139 | UniquePtr<RSA, RSA_Delete> rsa_key(RSA_new()); |
| 140 | UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new()); |
| 141 | if (rsa_key.get() == NULL || pkey.get() == NULL) { |
| 142 | *error = KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 143 | return NULL; |
| 144 | } |
| 145 | |
| 146 | if (!BN_set_word(exponent.get(), public_exponent) || |
| 147 | !RSA_generate_key_ex(rsa_key.get(), key_size, exponent.get(), NULL /* callback */)) { |
| 148 | *error = KM_ERROR_UNKNOWN_ERROR; |
| 149 | return NULL; |
| 150 | } |
| 151 | |
| 152 | RsaKey* new_key = new RsaKey(rsa_key.release(), authorizations); |
| 153 | *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 154 | return new_key; |
| 155 | } |
| 156 | |
| 157 | RsaKey::RsaKey(const KeyBlob& blob, keymaster_error_t* error) : AsymmetricKey(blob) { |
| 158 | if (error) |
| 159 | *error = LoadKey(blob); |
| 160 | } |
| 161 | |
| 162 | Operation* RsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, |
| 163 | keymaster_padding_t padding, keymaster_error_t* error) { |
| 164 | Operation* op; |
| 165 | switch (purpose) { |
| 166 | case KM_PURPOSE_SIGN: |
| 167 | op = new RsaSignOperation(purpose, digest, padding, rsa_key_.release()); |
| 168 | break; |
| 169 | case KM_PURPOSE_VERIFY: |
| 170 | op = new RsaVerifyOperation(purpose, digest, padding, rsa_key_.release()); |
| 171 | break; |
| 172 | default: |
| 173 | *error = KM_ERROR_UNIMPLEMENTED; |
| 174 | return NULL; |
| 175 | } |
| 176 | *error = op ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 177 | return op; |
| 178 | } |
| 179 | |
| 180 | bool RsaKey::EvpToInternal(const EVP_PKEY* pkey) { |
| 181 | rsa_key_.reset(EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(pkey))); |
| 182 | return rsa_key_.get() != NULL; |
| 183 | } |
| 184 | |
| 185 | bool RsaKey::InternalToEvp(EVP_PKEY* pkey) const { |
| 186 | return EVP_PKEY_set1_RSA(pkey, rsa_key_.get()) == 1; |
| 187 | } |
| 188 | |
| 189 | template <keymaster_tag_t Tag> |
| 190 | static void GetDsaParamData(const AuthorizationSet& auths, TypedTag<KM_BIGNUM, Tag> tag, |
| 191 | keymaster_blob_t* blob) { |
| 192 | if (!auths.GetTagValue(tag, blob)) |
| 193 | blob->data = NULL; |
| 194 | } |
| 195 | |
| 196 | // Store the specified DSA param in auths |
| 197 | template <keymaster_tag_t Tag> |
| 198 | static void SetDsaParamData(AuthorizationSet* auths, TypedTag<KM_BIGNUM, Tag> tag, BIGNUM* number) { |
| 199 | keymaster_blob_t blob; |
| 200 | convert_bn_to_blob(number, &blob); |
| 201 | auths->push_back(Authorization(tag, blob)); |
| 202 | delete[] blob.data; |
| 203 | } |
| 204 | |
| 205 | DsaKey* DsaKey::GenerateKey(const AuthorizationSet& key_description, keymaster_error_t* error) { |
| 206 | if (!error) |
| 207 | return NULL; |
| 208 | |
| 209 | AuthorizationSet authorizations(key_description); |
| 210 | |
| 211 | keymaster_blob_t g_blob; |
| 212 | GetDsaParamData(authorizations, TAG_DSA_GENERATOR, &g_blob); |
| 213 | |
| 214 | keymaster_blob_t p_blob; |
| 215 | GetDsaParamData(authorizations, TAG_DSA_P, &p_blob); |
| 216 | |
| 217 | keymaster_blob_t q_blob; |
| 218 | GetDsaParamData(authorizations, TAG_DSA_Q, &q_blob); |
| 219 | |
| 220 | uint32_t key_size = DSA_DEFAULT_KEY_SIZE; |
| 221 | if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) |
| 222 | authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size)); |
| 223 | |
| 224 | UniquePtr<uint8_t[]> key_data; |
| 225 | size_t key_data_size; |
| 226 | |
| 227 | UniquePtr<DSA, DSA_Delete> dsa_key(DSA_new()); |
| 228 | UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new()); |
| 229 | if (dsa_key.get() == NULL || pkey.get() == NULL) { |
| 230 | *error = KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 231 | return NULL; |
| 232 | } |
| 233 | |
| 234 | // If anything goes wrong in the next section, it's a param problem. |
| 235 | *error = KM_ERROR_INVALID_DSA_PARAMS; |
| 236 | |
| 237 | if (g_blob.data == NULL && p_blob.data == NULL && q_blob.data == NULL) { |
| 238 | // No params provided, generate them. |
| 239 | if (!DSA_generate_parameters_ex(dsa_key.get(), key_size, NULL /* seed */, 0 /* seed_len */, |
| 240 | NULL /* counter_ret */, NULL /* h_ret */, |
| 241 | NULL /* callback */)) |
| 242 | // TODO(swillden): return a more precise error, depending on ERR_get_error(); |
| 243 | return NULL; |
| 244 | |
| 245 | SetDsaParamData(&authorizations, TAG_DSA_GENERATOR, dsa_key->g); |
| 246 | SetDsaParamData(&authorizations, TAG_DSA_P, dsa_key->p); |
| 247 | SetDsaParamData(&authorizations, TAG_DSA_Q, dsa_key->q); |
| 248 | } else if (g_blob.data == NULL || p_blob.data == NULL || q_blob.data == NULL) { |
| 249 | // Some params provided: that's an error. Provide them all or provide none. |
| 250 | return NULL; |
| 251 | } else { |
| 252 | // All params provided. Use them. |
| 253 | dsa_key->g = BN_bin2bn(g_blob.data, g_blob.data_length, NULL); |
| 254 | dsa_key->p = BN_bin2bn(p_blob.data, p_blob.data_length, NULL); |
| 255 | dsa_key->q = BN_bin2bn(q_blob.data, q_blob.data_length, NULL); |
| 256 | |
| 257 | if (dsa_key->g == NULL || dsa_key->p == NULL || dsa_key->q == NULL) |
| 258 | return NULL; |
| 259 | } |
| 260 | |
| 261 | if (!DSA_generate_key(dsa_key.get())) { |
| 262 | *error = KM_ERROR_UNKNOWN_ERROR; |
| 263 | return NULL; |
| 264 | } |
| 265 | |
| 266 | DsaKey* new_key = new DsaKey(dsa_key.release(), authorizations); |
| 267 | *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 268 | return new_key; |
| 269 | } |
| 270 | |
| 271 | DsaKey::DsaKey(const KeyBlob& blob, keymaster_error_t* error) : AsymmetricKey(blob) { |
| 272 | if (error) |
| 273 | *error = LoadKey(blob); |
| 274 | } |
| 275 | |
| 276 | Operation* DsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, |
| 277 | keymaster_padding_t padding, keymaster_error_t* error) { |
| 278 | Operation* op; |
| 279 | switch (purpose) { |
| 280 | case KM_PURPOSE_SIGN: |
| 281 | op = new DsaSignOperation(purpose, digest, padding, dsa_key_.release()); |
| 282 | break; |
| 283 | case KM_PURPOSE_VERIFY: |
| 284 | op = new DsaVerifyOperation(purpose, digest, padding, dsa_key_.release()); |
| 285 | break; |
| 286 | default: |
| 287 | *error = KM_ERROR_UNIMPLEMENTED; |
| 288 | return NULL; |
| 289 | } |
| 290 | *error = op ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 291 | return op; |
| 292 | } |
| 293 | |
| 294 | bool DsaKey::EvpToInternal(const EVP_PKEY* pkey) { |
| 295 | dsa_key_.reset(EVP_PKEY_get1_DSA(const_cast<EVP_PKEY*>(pkey))); |
| 296 | return dsa_key_.get() != NULL; |
| 297 | } |
| 298 | |
| 299 | bool DsaKey::InternalToEvp(EVP_PKEY* pkey) const { |
| 300 | return EVP_PKEY_set1_DSA(pkey, dsa_key_.get()) == 1; |
| 301 | } |
| 302 | |
| 303 | /* static */ |
| 304 | EcdsaKey* EcdsaKey::GenerateKey(const AuthorizationSet& key_description, keymaster_error_t* error) { |
| 305 | if (!error) |
| 306 | return NULL; |
| 307 | |
| 308 | AuthorizationSet authorizations(key_description); |
| 309 | |
| 310 | uint32_t key_size = ECDSA_DEFAULT_KEY_SIZE; |
| 311 | if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) |
| 312 | authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size)); |
| 313 | |
| 314 | UniquePtr<EC_KEY, ECDSA_Delete> ecdsa_key(EC_KEY_new()); |
| 315 | UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new()); |
| 316 | if (ecdsa_key.get() == NULL || pkey.get() == NULL) { |
| 317 | *error = KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 318 | return NULL; |
| 319 | } |
| 320 | |
| 321 | UniquePtr<EC_GROUP, EC_GROUP_Delete> group(choose_group(key_size)); |
| 322 | if (group.get() == NULL) { |
| 323 | // Technically, could also have been a memory allocation problem. |
| 324 | *error = KM_ERROR_UNSUPPORTED_KEY_SIZE; |
| 325 | return NULL; |
| 326 | } |
| 327 | |
| 328 | EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED); |
| 329 | EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE); |
| 330 | |
| 331 | if (EC_KEY_set_group(ecdsa_key.get(), group.get()) != 1 || |
| 332 | EC_KEY_generate_key(ecdsa_key.get()) != 1 || EC_KEY_check_key(ecdsa_key.get()) < 0) { |
| 333 | *error = KM_ERROR_UNKNOWN_ERROR; |
| 334 | return NULL; |
| 335 | } |
| 336 | |
| 337 | EcdsaKey* new_key = new EcdsaKey(ecdsa_key.release(), authorizations); |
| 338 | *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 339 | return new_key; |
| 340 | } |
| 341 | |
| 342 | /* static */ |
| 343 | EC_GROUP* EcdsaKey::choose_group(size_t key_size_bits) { |
| 344 | switch (key_size_bits) { |
| 345 | case 192: |
| 346 | return EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1); |
| 347 | break; |
| 348 | case 224: |
| 349 | return EC_GROUP_new_by_curve_name(NID_secp224r1); |
| 350 | break; |
| 351 | case 256: |
| 352 | return EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); |
| 353 | break; |
| 354 | case 384: |
| 355 | return EC_GROUP_new_by_curve_name(NID_secp384r1); |
| 356 | break; |
| 357 | case 521: |
| 358 | return EC_GROUP_new_by_curve_name(NID_secp521r1); |
| 359 | break; |
| 360 | default: |
| 361 | return NULL; |
| 362 | break; |
| 363 | } |
| 364 | } |
| 365 | |
| 366 | EcdsaKey::EcdsaKey(const KeyBlob& blob, keymaster_error_t* error) : AsymmetricKey(blob) { |
| 367 | if (error) |
| 368 | *error = LoadKey(blob); |
| 369 | } |
| 370 | |
| 371 | Operation* EcdsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest, |
| 372 | keymaster_padding_t padding, keymaster_error_t* error) { |
| 373 | Operation* op; |
| 374 | switch (purpose) { |
| 375 | case KM_PURPOSE_SIGN: |
| 376 | op = new EcdsaSignOperation(purpose, digest, padding, ecdsa_key_.release()); |
| 377 | break; |
| 378 | case KM_PURPOSE_VERIFY: |
| 379 | op = new EcdsaVerifyOperation(purpose, digest, padding, ecdsa_key_.release()); |
| 380 | break; |
| 381 | default: |
| 382 | *error = KM_ERROR_UNIMPLEMENTED; |
| 383 | return NULL; |
| 384 | } |
| 385 | *error = op ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| 386 | return op; |
| 387 | } |
| 388 | |
| 389 | bool EcdsaKey::EvpToInternal(const EVP_PKEY* pkey) { |
| 390 | ecdsa_key_.reset(EVP_PKEY_get1_EC_KEY(const_cast<EVP_PKEY*>(pkey))); |
| 391 | return ecdsa_key_.get() != NULL; |
| 392 | } |
| 393 | |
| 394 | bool EcdsaKey::InternalToEvp(EVP_PKEY* pkey) const { |
| 395 | return EVP_PKEY_set1_EC_KEY(pkey, ecdsa_key_.get()) == 1; |
| 396 | } |
| 397 | |
| 398 | } // namespace keymaster |