Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / 2f3be368e5ad911cc0b014421dd3682130260ffc / . / asymmetric_key.cpp
blob: b3bf73316edad9ce5b30839ad896da637d598d53 [file] [log] [blame]
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]17#include <openssl/evp.h>
18#include <openssl/x509.h>
19
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]20#include "asymmetric_key.h"
21#include "dsa_operation.h"
22#include "ecdsa_operation.h"
23#include "key_blob.h"
24#include "keymaster_defs.h"
25#include "openssl_utils.h"
26#include "rsa_operation.h"
27
28namespace keymaster {
29
30const uint32_t RSA_DEFAULT_KEY_SIZE = 2048;
31const uint64_t RSA_DEFAULT_EXPONENT = 65537;
32
33const uint32_t DSA_DEFAULT_KEY_SIZE = 2048;
34
35const uint32_t ECDSA_DEFAULT_KEY_SIZE = 192;
36
37keymaster_error_t AsymmetricKey::LoadKey(const KeyBlob& blob) {
38 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> evp_key(EVP_PKEY_new());
39 if (evp_key.get() == NULL)
40 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
41
42 EVP_PKEY* tmp_pkey = evp_key.get();
43 const uint8_t* key_material = blob.key_material();
44 if (d2i_PrivateKey(evp_key_type(), &tmp_pkey, &key_material, blob.key_material_length()) ==
45 NULL) {
46 return KM_ERROR_INVALID_KEY_BLOB;
47 }
48 if (!EvpToInternal(evp_key.get()))
49 return KM_ERROR_UNKNOWN_ERROR;
50
51 return KM_ERROR_OK;
52}
53
54keymaster_error_t AsymmetricKey::key_material(UniquePtr<uint8_t[]>* material, size_t* size) const {
55 if (material == NULL || size == NULL)
56 return KM_ERROR_OUTPUT_PARAMETER_NULL;
57
58 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
59 if (pkey.get() == NULL)
60 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
61
62 if (!InternalToEvp(pkey.get()))
63 return KM_ERROR_UNKNOWN_ERROR;
64
65 *size = i2d_PrivateKey(pkey.get(), NULL /* key_data*/);
66 if (*size <= 0)
67 return KM_ERROR_UNKNOWN_ERROR;
68
69 material->reset(new uint8_t[*size]);
70 uint8_t* tmp = material->get();
71 i2d_PrivateKey(pkey.get(), &tmp);
72
73 return KM_ERROR_OK;
74}
75
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]76keymaster_error_t AsymmetricKey::formatted_key_material(keymaster_key_format_t format,
77 UniquePtr<uint8_t[]>* material,
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]78 size_t* size) const {
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]79 if (format != KM_KEY_FORMAT_X509)
80 return KM_ERROR_UNSUPPORTED_KEY_FORMAT;
81
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]82 if (material == NULL || size == NULL)
83 return KM_ERROR_OUTPUT_PARAMETER_NULL;
84
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]85 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
86 if (!InternalToEvp(pkey.get()))
87 return KM_ERROR_UNKNOWN_ERROR;
88
89 int key_data_length = i2d_PUBKEY(pkey.get(), NULL);
90 if (key_data_length <= 0)
91 return KM_ERROR_UNKNOWN_ERROR;
92
93 material->reset(new uint8_t[key_data_length]);
94 if (material->get() == NULL)
95 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
96
97 uint8_t* tmp = material->get();
98 if (i2d_PUBKEY(pkey.get(), &tmp) != key_data_length) {
99 material->reset();
100 return KM_ERROR_UNKNOWN_ERROR;
101 }
102
103 *size = key_data_length;
104 return KM_ERROR_OK;
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]105}
106
107Operation* AsymmetricKey::CreateOperation(keymaster_purpose_t purpose, keymaster_error_t* error) {
108 keymaster_digest_t digest;
109 if (!authorizations().GetTagValue(TAG_DIGEST, &digest) || digest != KM_DIGEST_NONE) {
110 *error = KM_ERROR_UNSUPPORTED_DIGEST;
111 return NULL;
112 }
113
114 keymaster_padding_t padding;
115 if (!authorizations().GetTagValue(TAG_PADDING, &padding) || padding != KM_PAD_NONE) {
116 *error = KM_ERROR_UNSUPPORTED_PADDING_MODE;
117 return NULL;
118 }
119
120 return CreateOperation(purpose, digest, padding, error);
121}
122
123/* static */
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]124RsaKey* RsaKey::GenerateKey(const AuthorizationSet& key_description, const Logger& logger,
125 keymaster_error_t* error) {
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]126 if (!error)
127 return NULL;
128
129 AuthorizationSet authorizations(key_description);
130
131 uint64_t public_exponent = RSA_DEFAULT_EXPONENT;
132 if (!authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent))
133 authorizations.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent));
134
135 uint32_t key_size = RSA_DEFAULT_KEY_SIZE;
136 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
137 authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
138
139 UniquePtr<BIGNUM, BIGNUM_Delete> exponent(BN_new());
140 UniquePtr<RSA, RSA_Delete> rsa_key(RSA_new());
141 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
142 if (rsa_key.get() == NULL || pkey.get() == NULL) {
143 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
144 return NULL;
145 }
146
147 if (!BN_set_word(exponent.get(), public_exponent) ||
148 !RSA_generate_key_ex(rsa_key.get(), key_size, exponent.get(), NULL /* callback */)) {
149 *error = KM_ERROR_UNKNOWN_ERROR;
150 return NULL;
151 }
152
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]153 RsaKey* new_key = new RsaKey(rsa_key.release(), authorizations, logger);
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]154 *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
155 return new_key;
156}
157
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]158/* static */
159RsaKey* RsaKey::ImportKey(const AuthorizationSet& key_description, EVP_PKEY* pkey,
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]160 const Logger& logger, keymaster_error_t* error) {
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]161 if (!error)
162 return NULL;
163 *error = KM_ERROR_UNKNOWN_ERROR;
164
165 UniquePtr<RSA, RSA_Delete> rsa_key(EVP_PKEY_get1_RSA(pkey));
166 if (!rsa_key.get())
167 return NULL;
168
169 AuthorizationSet authorizations(key_description);
170
171 uint64_t public_exponent;
172 if (authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent)) {
173 // public_exponent specified, make sure it matches the key
174 UniquePtr<BIGNUM, BIGNUM_Delete> public_exponent_bn(BN_new());
175 if (!BN_set_word(public_exponent_bn.get(), public_exponent))
176 return NULL;
177 if (BN_cmp(public_exponent_bn.get(), rsa_key->e) != 0) {
178 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
179 return NULL;
180 }
181 } else {
182 // public_exponent not specified, use the one from the key.
183 public_exponent = BN_get_word(rsa_key->e);
184 if (public_exponent == 0xffffffffL) {
185 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
186 return NULL;
187 }
188 authorizations.push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
189 }
190
191 uint32_t key_size;
192 if (authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) {
193 // key_size specified, make sure it matches the key.
194 if (RSA_size(rsa_key.get()) != (int)key_size) {
195 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
196 return NULL;
197 }
198 } else {
199 key_size = RSA_size(rsa_key.get()) * 8;
200 authorizations.push_back(TAG_KEY_SIZE, key_size);
201 }
202
203 keymaster_algorithm_t algorithm;
204 if (authorizations.GetTagValue(TAG_ALGORITHM, &algorithm)) {
205 if (algorithm != KM_ALGORITHM_RSA) {
206 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
207 return NULL;
208 }
209 } else {
210 authorizations.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
211 }
212
213 // Don't bother with the other parameters. If the necessary padding, digest, purpose, etc. are
214 // missing, the error will be diagnosed when the key is used (when auth checking is
215 // implemented).
216 *error = KM_ERROR_OK;
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]217 return new RsaKey(rsa_key.release(), authorizations, logger);
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]218}
219
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]220RsaKey::RsaKey(const KeyBlob& blob, const Logger& logger, keymaster_error_t* error)
221 : AsymmetricKey(blob, logger) {
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]222 if (error)
223 *error = LoadKey(blob);
224}
225
226Operation* RsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
227 keymaster_padding_t padding, keymaster_error_t* error) {
228 Operation* op;
229 switch (purpose) {
230 case KM_PURPOSE_SIGN:
231 op = new RsaSignOperation(purpose, digest, padding, rsa_key_.release());
232 break;
233 case KM_PURPOSE_VERIFY:
234 op = new RsaVerifyOperation(purpose, digest, padding, rsa_key_.release());
235 break;
236 default:
237 *error = KM_ERROR_UNIMPLEMENTED;
238 return NULL;
239 }
240 *error = op ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
241 return op;
242}
243
244bool RsaKey::EvpToInternal(const EVP_PKEY* pkey) {
245 rsa_key_.reset(EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(pkey)));
246 return rsa_key_.get() != NULL;
247}
248
249bool RsaKey::InternalToEvp(EVP_PKEY* pkey) const {
250 return EVP_PKEY_set1_RSA(pkey, rsa_key_.get()) == 1;
251}
252
253template <keymaster_tag_t Tag>
254static void GetDsaParamData(const AuthorizationSet& auths, TypedTag<KM_BIGNUM, Tag> tag,
255 keymaster_blob_t* blob) {
256 if (!auths.GetTagValue(tag, blob))
257 blob->data = NULL;
258}
259
260// Store the specified DSA param in auths
261template <keymaster_tag_t Tag>
262static void SetDsaParamData(AuthorizationSet* auths, TypedTag<KM_BIGNUM, Tag> tag, BIGNUM* number) {
263 keymaster_blob_t blob;
264 convert_bn_to_blob(number, &blob);
265 auths->push_back(Authorization(tag, blob));
266 delete[] blob.data;
267}
268
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]269DsaKey* DsaKey::GenerateKey(const AuthorizationSet& key_description, const Logger& logger,
270 keymaster_error_t* error) {
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]271 if (!error)
272 return NULL;
273
274 AuthorizationSet authorizations(key_description);
275
276 keymaster_blob_t g_blob;
277 GetDsaParamData(authorizations, TAG_DSA_GENERATOR, &g_blob);
278
279 keymaster_blob_t p_blob;
280 GetDsaParamData(authorizations, TAG_DSA_P, &p_blob);
281
282 keymaster_blob_t q_blob;
283 GetDsaParamData(authorizations, TAG_DSA_Q, &q_blob);
284
285 uint32_t key_size = DSA_DEFAULT_KEY_SIZE;
286 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
287 authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
288
289 UniquePtr<uint8_t[]> key_data;
290 size_t key_data_size;
291
292 UniquePtr<DSA, DSA_Delete> dsa_key(DSA_new());
293 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
294 if (dsa_key.get() == NULL || pkey.get() == NULL) {
295 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
296 return NULL;
297 }
298
299 // If anything goes wrong in the next section, it's a param problem.
300 *error = KM_ERROR_INVALID_DSA_PARAMS;
301
302 if (g_blob.data == NULL && p_blob.data == NULL && q_blob.data == NULL) {
303 // No params provided, generate them.
304 if (!DSA_generate_parameters_ex(dsa_key.get(), key_size, NULL /* seed */, 0 /* seed_len */,
305 NULL /* counter_ret */, NULL /* h_ret */,
306 NULL /* callback */))
307 // TODO(swillden): return a more precise error, depending on ERR_get_error();
308 return NULL;
309
310 SetDsaParamData(&authorizations, TAG_DSA_GENERATOR, dsa_key->g);
311 SetDsaParamData(&authorizations, TAG_DSA_P, dsa_key->p);
312 SetDsaParamData(&authorizations, TAG_DSA_Q, dsa_key->q);
313 } else if (g_blob.data == NULL || p_blob.data == NULL || q_blob.data == NULL) {
314 // Some params provided: that's an error. Provide them all or provide none.
315 return NULL;
316 } else {
317 // All params provided. Use them.
318 dsa_key->g = BN_bin2bn(g_blob.data, g_blob.data_length, NULL);
319 dsa_key->p = BN_bin2bn(p_blob.data, p_blob.data_length, NULL);
320 dsa_key->q = BN_bin2bn(q_blob.data, q_blob.data_length, NULL);
321
322 if (dsa_key->g == NULL || dsa_key->p == NULL || dsa_key->q == NULL)
323 return NULL;
324 }
325
326 if (!DSA_generate_key(dsa_key.get())) {
327 *error = KM_ERROR_UNKNOWN_ERROR;
328 return NULL;
329 }
330
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]331 DsaKey* new_key = new DsaKey(dsa_key.release(), authorizations, logger);
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]332 *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
333 return new_key;
334}
335
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]336DsaKey::DsaKey(const KeyBlob& blob, const Logger& logger, keymaster_error_t* error)
337 : AsymmetricKey(blob, logger) {
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]338 if (error)
339 *error = LoadKey(blob);
340}
341
342Operation* DsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
343 keymaster_padding_t padding, keymaster_error_t* error) {
344 Operation* op;
345 switch (purpose) {
346 case KM_PURPOSE_SIGN:
347 op = new DsaSignOperation(purpose, digest, padding, dsa_key_.release());
348 break;
349 case KM_PURPOSE_VERIFY:
350 op = new DsaVerifyOperation(purpose, digest, padding, dsa_key_.release());
351 break;
352 default:
353 *error = KM_ERROR_UNIMPLEMENTED;
354 return NULL;
355 }
356 *error = op ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
357 return op;
358}
359
360bool DsaKey::EvpToInternal(const EVP_PKEY* pkey) {
361 dsa_key_.reset(EVP_PKEY_get1_DSA(const_cast<EVP_PKEY*>(pkey)));
362 return dsa_key_.get() != NULL;
363}
364
365bool DsaKey::InternalToEvp(EVP_PKEY* pkey) const {
366 return EVP_PKEY_set1_DSA(pkey, dsa_key_.get()) == 1;
367}
368
369/* static */
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]370EcdsaKey* EcdsaKey::GenerateKey(const AuthorizationSet& key_description, const Logger& logger,
371 keymaster_error_t* error) {
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]372 if (!error)
373 return NULL;
374
375 AuthorizationSet authorizations(key_description);
376
377 uint32_t key_size = ECDSA_DEFAULT_KEY_SIZE;
378 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
379 authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
380
381 UniquePtr<EC_KEY, ECDSA_Delete> ecdsa_key(EC_KEY_new());
382 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
383 if (ecdsa_key.get() == NULL || pkey.get() == NULL) {
384 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
385 return NULL;
386 }
387
388 UniquePtr<EC_GROUP, EC_GROUP_Delete> group(choose_group(key_size));
389 if (group.get() == NULL) {
390 // Technically, could also have been a memory allocation problem.
391 *error = KM_ERROR_UNSUPPORTED_KEY_SIZE;
392 return NULL;
393 }
394
395 EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED);
396 EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE);
397
398 if (EC_KEY_set_group(ecdsa_key.get(), group.get()) != 1 ||
399 EC_KEY_generate_key(ecdsa_key.get()) != 1 || EC_KEY_check_key(ecdsa_key.get()) < 0) {
400 *error = KM_ERROR_UNKNOWN_ERROR;
401 return NULL;
402 }
403
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]404 EcdsaKey* new_key = new EcdsaKey(ecdsa_key.release(), authorizations, logger);
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]405 *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
406 return new_key;
407}
408
409/* static */
410EC_GROUP* EcdsaKey::choose_group(size_t key_size_bits) {
411 switch (key_size_bits) {
412 case 192:
413 return EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1);
414 break;
415 case 224:
416 return EC_GROUP_new_by_curve_name(NID_secp224r1);
417 break;
418 case 256:
419 return EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
420 break;
421 case 384:
422 return EC_GROUP_new_by_curve_name(NID_secp384r1);
423 break;
424 case 521:
425 return EC_GROUP_new_by_curve_name(NID_secp521r1);
426 break;
427 default:
428 return NULL;
429 break;
430 }
431}
432
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]433EcdsaKey::EcdsaKey(const KeyBlob& blob, const Logger& logger, keymaster_error_t* error)
434 : AsymmetricKey(blob, logger) {
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]435 if (error)
436 *error = LoadKey(blob);
437}
438
439Operation* EcdsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
440 keymaster_padding_t padding, keymaster_error_t* error) {
441 Operation* op;
442 switch (purpose) {
443 case KM_PURPOSE_SIGN:
444 op = new EcdsaSignOperation(purpose, digest, padding, ecdsa_key_.release());
445 break;
446 case KM_PURPOSE_VERIFY:
447 op = new EcdsaVerifyOperation(purpose, digest, padding, ecdsa_key_.release());
448 break;
449 default:
450 *error = KM_ERROR_UNIMPLEMENTED;
451 return NULL;
452 }
453 *error = op ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
454 return op;
455}
456
457bool EcdsaKey::EvpToInternal(const EVP_PKEY* pkey) {
458 ecdsa_key_.reset(EVP_PKEY_get1_EC_KEY(const_cast<EVP_PKEY*>(pkey)));
459 return ecdsa_key_.get() != NULL;
460}
461
462bool EcdsaKey::InternalToEvp(EVP_PKEY* pkey) const {
463 return EVP_PKEY_set1_EC_KEY(pkey, ecdsa_key_.get()) == 1;
464}
465
466} // namespace keymaster