Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / 3745efd184f9989137289b8a6fcb32afc308f94a / . / rsa_key.cpp
blob: 35fe82ed1c2721464fdaf36dcca06d7778231946 [file] [log] [blame]
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "openssl_utils.h"
18#include "rsa_key.h"
19#include "rsa_operation.h"
20#include "unencrypted_key_blob.h"
21
Adam Langleya550fba2015-02-13 14:44:14 -0800[diff] [blame]22#if defined(OPENSSL_IS_BORINGSSL)
23typedef size_t openssl_size_t;
24#else
25typedef int openssl_size_t;
26#endif
27
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]28namespace keymaster {
29
30const uint32_t RSA_DEFAULT_KEY_SIZE = 2048;
31const uint64_t RSA_DEFAULT_EXPONENT = 65537;
32
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]33class RsaKeyFactory : public AsymmetricKeyFactory {
34 public:
35 virtual keymaster_algorithm_t registry_key() const { return KM_ALGORITHM_RSA; }
36 virtual Key* GenerateKey(const AuthorizationSet& key_description, const Logger& logger,
37 keymaster_error_t* error);
38 virtual Key* ImportKey(const AuthorizationSet& key_description,
39 keymaster_key_format_t key_format, const uint8_t* key_data,
40 size_t key_data_length, const Logger& logger, keymaster_error_t* error);
41 virtual Key* LoadKey(const UnencryptedKeyBlob& blob, const Logger& logger,
42 keymaster_error_t* error) {
43 return new RsaKey(blob, logger, error);
44 }
45};
46static KeyFactoryRegistry::Registration<RsaKeyFactory> registration;
47
48Key* RsaKeyFactory::GenerateKey(const AuthorizationSet& key_description, const Logger& logger,
49 keymaster_error_t* error) {
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]50 if (!error)
51 return NULL;
52
53 AuthorizationSet authorizations(key_description);
54
55 uint64_t public_exponent = RSA_DEFAULT_EXPONENT;
56 if (!authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent))
57 authorizations.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent));
58
59 uint32_t key_size = RSA_DEFAULT_KEY_SIZE;
60 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
61 authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
62
63 UniquePtr<BIGNUM, BIGNUM_Delete> exponent(BN_new());
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]64 UniquePtr<RSA, RsaKey::RSA_Delete> rsa_key(RSA_new());
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]65 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
66 if (rsa_key.get() == NULL || pkey.get() == NULL) {
67 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
68 return NULL;
69 }
70
71 if (!BN_set_word(exponent.get(), public_exponent) ||
72 !RSA_generate_key_ex(rsa_key.get(), key_size, exponent.get(), NULL /* callback */)) {
73 *error = KM_ERROR_UNKNOWN_ERROR;
74 return NULL;
75 }
76
77 RsaKey* new_key = new RsaKey(rsa_key.release(), authorizations, logger);
78 *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
79 return new_key;
80}
81
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]82Key* RsaKeyFactory::ImportKey(const AuthorizationSet& key_description,
83 keymaster_key_format_t key_format, const uint8_t* key_data,
84 size_t key_data_length, const Logger& logger,
85 keymaster_error_t* error) {
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]86 if (!error)
87 return NULL;
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]88
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]89 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(
90 ExtractEvpKey(key_format, KM_ALGORITHM_RSA, key_data, key_data_length, error));
91 if (*error != KM_ERROR_OK)
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]92 return NULL;
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]93 assert(pkey.get());
94
95 UniquePtr<RSA, RsaKey::RSA_Delete> rsa_key(EVP_PKEY_get1_RSA(pkey.get()));
96 if (!rsa_key.get()) {
97 *error = KM_ERROR_UNKNOWN_ERROR;
98 return NULL;
99 }
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]100
101 AuthorizationSet authorizations(key_description);
102
103 uint64_t public_exponent;
104 if (authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent)) {
105 // public_exponent specified, make sure it matches the key
106 UniquePtr<BIGNUM, BIGNUM_Delete> public_exponent_bn(BN_new());
107 if (!BN_set_word(public_exponent_bn.get(), public_exponent))
108 return NULL;
109 if (BN_cmp(public_exponent_bn.get(), rsa_key->e) != 0) {
110 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
111 return NULL;
112 }
113 } else {
114 // public_exponent not specified, use the one from the key.
115 public_exponent = BN_get_word(rsa_key->e);
116 if (public_exponent == 0xffffffffL) {
117 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
118 return NULL;
119 }
120 authorizations.push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
121 }
122
123 uint32_t key_size;
124 if (authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) {
125 // key_size specified, make sure it matches the key.
Adam Langleya550fba2015-02-13 14:44:14 -0800[diff] [blame]126 if (RSA_size(rsa_key.get()) != (openssl_size_t)key_size) {
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]127 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
128 return NULL;
129 }
130 } else {
131 key_size = RSA_size(rsa_key.get()) * 8;
132 authorizations.push_back(TAG_KEY_SIZE, key_size);
133 }
134
135 keymaster_algorithm_t algorithm;
136 if (authorizations.GetTagValue(TAG_ALGORITHM, &algorithm)) {
137 if (algorithm != KM_ALGORITHM_RSA) {
138 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
139 return NULL;
140 }
141 } else {
142 authorizations.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
143 }
144
145 // Don't bother with the other parameters. If the necessary padding, digest, purpose, etc. are
146 // missing, the error will be diagnosed when the key is used (when auth checking is
147 // implemented).
148 *error = KM_ERROR_OK;
149 return new RsaKey(rsa_key.release(), authorizations, logger);
150}
151
152RsaKey::RsaKey(const UnencryptedKeyBlob& blob, const Logger& logger, keymaster_error_t* error)
153 : AsymmetricKey(blob, logger) {
154 if (error)
155 *error = LoadKey(blob);
156}
157
Shawn Willden96599212014-09-26 12:07:44 -0600[diff] [blame]158Operation* RsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_error_t* error) {
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]159 *error = KM_ERROR_OK;
160
161 keymaster_padding_t padding = static_cast<keymaster_padding_t>(-1);
162 authorizations().GetTagValue(TAG_PADDING, &padding);
163 if (!SupportedMode(purpose, padding)) {
Shawn Willden96599212014-09-26 12:07:44 -0600[diff] [blame]164 *error = KM_ERROR_UNSUPPORTED_PADDING_MODE;
165 return NULL;
166 }
167
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]168 keymaster_digest_t digest = static_cast<keymaster_digest_t>(-1);
169 authorizations().GetTagValue(TAG_DIGEST, &digest);
170 if (!SupportedMode(purpose, digest)) {
171 *error = KM_ERROR_UNSUPPORTED_DIGEST;
Shawn Willden46a420d2014-12-02 07:01:21 -0700[diff] [blame]172 return NULL;
173 }
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]174
175 Operation* op = NULL;
176 switch (purpose) {
177 case KM_PURPOSE_SIGN:
178 op = new RsaSignOperation(logger_, digest, padding, rsa_key_.release());
179 break;
180 case KM_PURPOSE_VERIFY:
181 op = new RsaVerifyOperation(logger_, digest, padding, rsa_key_.release());
182 break;
183 case KM_PURPOSE_ENCRYPT:
184 op = new RsaEncryptOperation(logger_, padding, rsa_key_.release());
185 break;
186 case KM_PURPOSE_DECRYPT:
187 op = new RsaDecryptOperation(logger_, padding, rsa_key_.release());
188 break;
189 default:
190 *error = KM_ERROR_UNSUPPORTED_PURPOSE;
191 return NULL;
192 }
193
194 if (!op)
195 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
196
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]197 return op;
198}
199
200bool RsaKey::EvpToInternal(const EVP_PKEY* pkey) {
201 rsa_key_.reset(EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(pkey)));
202 return rsa_key_.get() != NULL;
203}
204
205bool RsaKey::InternalToEvp(EVP_PKEY* pkey) const {
206 return EVP_PKEY_set1_RSA(pkey, rsa_key_.get()) == 1;
207}
208
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]209bool RsaKey::SupportedMode(keymaster_purpose_t purpose, keymaster_padding_t padding) {
210 switch (purpose) {
211 case KM_PURPOSE_SIGN:
212 case KM_PURPOSE_VERIFY:
213 return padding == KM_PAD_NONE;
214 break;
215 case KM_PURPOSE_ENCRYPT:
216 case KM_PURPOSE_DECRYPT:
217 return padding == KM_PAD_RSA_OAEP || padding == KM_PAD_RSA_PKCS1_1_5_ENCRYPT;
218 break;
219 };
220 return false;
221}
222
223bool RsaKey::SupportedMode(keymaster_purpose_t purpose, keymaster_digest_t digest) {
224 switch (purpose) {
225 case KM_PURPOSE_SIGN:
226 case KM_PURPOSE_VERIFY:
227 return digest == KM_DIGEST_NONE;
228 break;
229 case KM_PURPOSE_ENCRYPT:
230 case KM_PURPOSE_DECRYPT:
231 /* Don't care */
232 break;
233 };
234 return true;
235}
236
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]237} // namespace keymaster