Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / 437fbd195e7de57b7dc0c449c04458bd90ef50de / . / asymmetric_key.cpp
blob: 8698ff4bce6077af5b2070a0882ba6b291fd08c5 [file] [log] [blame]
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]17#include <openssl/evp.h>
18#include <openssl/x509.h>
19
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]20#include "asymmetric_key.h"
21#include "dsa_operation.h"
22#include "ecdsa_operation.h"
23#include "key_blob.h"
24#include "keymaster_defs.h"
25#include "openssl_utils.h"
26#include "rsa_operation.h"
27
28namespace keymaster {
29
30const uint32_t RSA_DEFAULT_KEY_SIZE = 2048;
31const uint64_t RSA_DEFAULT_EXPONENT = 65537;
32
33const uint32_t DSA_DEFAULT_KEY_SIZE = 2048;
34
35const uint32_t ECDSA_DEFAULT_KEY_SIZE = 192;
36
37keymaster_error_t AsymmetricKey::LoadKey(const KeyBlob& blob) {
38 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> evp_key(EVP_PKEY_new());
39 if (evp_key.get() == NULL)
40 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
41
42 EVP_PKEY* tmp_pkey = evp_key.get();
43 const uint8_t* key_material = blob.key_material();
44 if (d2i_PrivateKey(evp_key_type(), &tmp_pkey, &key_material, blob.key_material_length()) ==
45 NULL) {
46 return KM_ERROR_INVALID_KEY_BLOB;
47 }
48 if (!EvpToInternal(evp_key.get()))
49 return KM_ERROR_UNKNOWN_ERROR;
50
51 return KM_ERROR_OK;
52}
53
54keymaster_error_t AsymmetricKey::key_material(UniquePtr<uint8_t[]>* material, size_t* size) const {
55 if (material == NULL || size == NULL)
56 return KM_ERROR_OUTPUT_PARAMETER_NULL;
57
58 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
59 if (pkey.get() == NULL)
60 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
61
62 if (!InternalToEvp(pkey.get()))
63 return KM_ERROR_UNKNOWN_ERROR;
64
65 *size = i2d_PrivateKey(pkey.get(), NULL /* key_data*/);
66 if (*size <= 0)
67 return KM_ERROR_UNKNOWN_ERROR;
68
69 material->reset(new uint8_t[*size]);
70 uint8_t* tmp = material->get();
71 i2d_PrivateKey(pkey.get(), &tmp);
72
73 return KM_ERROR_OK;
74}
75
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]76keymaster_error_t AsymmetricKey::formatted_key_material(keymaster_key_format_t format,
77 UniquePtr<uint8_t[]>* material,
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]78 size_t* size) const {
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]79 if (format != KM_KEY_FORMAT_X509)
80 return KM_ERROR_UNSUPPORTED_KEY_FORMAT;
81
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]82 if (material == NULL || size == NULL)
83 return KM_ERROR_OUTPUT_PARAMETER_NULL;
84
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]85 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
86 if (!InternalToEvp(pkey.get()))
87 return KM_ERROR_UNKNOWN_ERROR;
88
89 int key_data_length = i2d_PUBKEY(pkey.get(), NULL);
90 if (key_data_length <= 0)
91 return KM_ERROR_UNKNOWN_ERROR;
92
93 material->reset(new uint8_t[key_data_length]);
94 if (material->get() == NULL)
95 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
96
97 uint8_t* tmp = material->get();
98 if (i2d_PUBKEY(pkey.get(), &tmp) != key_data_length) {
99 material->reset();
100 return KM_ERROR_UNKNOWN_ERROR;
101 }
102
103 *size = key_data_length;
104 return KM_ERROR_OK;
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]105}
106
107Operation* AsymmetricKey::CreateOperation(keymaster_purpose_t purpose, keymaster_error_t* error) {
108 keymaster_digest_t digest;
109 if (!authorizations().GetTagValue(TAG_DIGEST, &digest) || digest != KM_DIGEST_NONE) {
110 *error = KM_ERROR_UNSUPPORTED_DIGEST;
111 return NULL;
112 }
113
114 keymaster_padding_t padding;
115 if (!authorizations().GetTagValue(TAG_PADDING, &padding) || padding != KM_PAD_NONE) {
116 *error = KM_ERROR_UNSUPPORTED_PADDING_MODE;
117 return NULL;
118 }
119
120 return CreateOperation(purpose, digest, padding, error);
121}
122
123/* static */
124RsaKey* RsaKey::GenerateKey(const AuthorizationSet& key_description, keymaster_error_t* error) {
125 if (!error)
126 return NULL;
127
128 AuthorizationSet authorizations(key_description);
129
130 uint64_t public_exponent = RSA_DEFAULT_EXPONENT;
131 if (!authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent))
132 authorizations.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent));
133
134 uint32_t key_size = RSA_DEFAULT_KEY_SIZE;
135 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
136 authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
137
138 UniquePtr<BIGNUM, BIGNUM_Delete> exponent(BN_new());
139 UniquePtr<RSA, RSA_Delete> rsa_key(RSA_new());
140 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
141 if (rsa_key.get() == NULL || pkey.get() == NULL) {
142 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
143 return NULL;
144 }
145
146 if (!BN_set_word(exponent.get(), public_exponent) ||
147 !RSA_generate_key_ex(rsa_key.get(), key_size, exponent.get(), NULL /* callback */)) {
148 *error = KM_ERROR_UNKNOWN_ERROR;
149 return NULL;
150 }
151
152 RsaKey* new_key = new RsaKey(rsa_key.release(), authorizations);
153 *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
154 return new_key;
155}
156
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame^]157/* static */
158RsaKey* RsaKey::ImportKey(const AuthorizationSet& key_description, EVP_PKEY* pkey,
159 keymaster_error_t* error) {
160 if (!error)
161 return NULL;
162 *error = KM_ERROR_UNKNOWN_ERROR;
163
164 UniquePtr<RSA, RSA_Delete> rsa_key(EVP_PKEY_get1_RSA(pkey));
165 if (!rsa_key.get())
166 return NULL;
167
168 AuthorizationSet authorizations(key_description);
169
170 uint64_t public_exponent;
171 if (authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent)) {
172 // public_exponent specified, make sure it matches the key
173 UniquePtr<BIGNUM, BIGNUM_Delete> public_exponent_bn(BN_new());
174 if (!BN_set_word(public_exponent_bn.get(), public_exponent))
175 return NULL;
176 if (BN_cmp(public_exponent_bn.get(), rsa_key->e) != 0) {
177 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
178 return NULL;
179 }
180 } else {
181 // public_exponent not specified, use the one from the key.
182 public_exponent = BN_get_word(rsa_key->e);
183 if (public_exponent == 0xffffffffL) {
184 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
185 return NULL;
186 }
187 authorizations.push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
188 }
189
190 uint32_t key_size;
191 if (authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) {
192 // key_size specified, make sure it matches the key.
193 if (RSA_size(rsa_key.get()) != (int)key_size) {
194 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
195 return NULL;
196 }
197 } else {
198 key_size = RSA_size(rsa_key.get()) * 8;
199 authorizations.push_back(TAG_KEY_SIZE, key_size);
200 }
201
202 keymaster_algorithm_t algorithm;
203 if (authorizations.GetTagValue(TAG_ALGORITHM, &algorithm)) {
204 if (algorithm != KM_ALGORITHM_RSA) {
205 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
206 return NULL;
207 }
208 } else {
209 authorizations.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
210 }
211
212 // Don't bother with the other parameters. If the necessary padding, digest, purpose, etc. are
213 // missing, the error will be diagnosed when the key is used (when auth checking is
214 // implemented).
215 *error = KM_ERROR_OK;
216 return new RsaKey(rsa_key.release(), authorizations);
217}
218
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]219RsaKey::RsaKey(const KeyBlob& blob, keymaster_error_t* error) : AsymmetricKey(blob) {
220 if (error)
221 *error = LoadKey(blob);
222}
223
224Operation* RsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
225 keymaster_padding_t padding, keymaster_error_t* error) {
226 Operation* op;
227 switch (purpose) {
228 case KM_PURPOSE_SIGN:
229 op = new RsaSignOperation(purpose, digest, padding, rsa_key_.release());
230 break;
231 case KM_PURPOSE_VERIFY:
232 op = new RsaVerifyOperation(purpose, digest, padding, rsa_key_.release());
233 break;
234 default:
235 *error = KM_ERROR_UNIMPLEMENTED;
236 return NULL;
237 }
238 *error = op ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
239 return op;
240}
241
242bool RsaKey::EvpToInternal(const EVP_PKEY* pkey) {
243 rsa_key_.reset(EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(pkey)));
244 return rsa_key_.get() != NULL;
245}
246
247bool RsaKey::InternalToEvp(EVP_PKEY* pkey) const {
248 return EVP_PKEY_set1_RSA(pkey, rsa_key_.get()) == 1;
249}
250
251template <keymaster_tag_t Tag>
252static void GetDsaParamData(const AuthorizationSet& auths, TypedTag<KM_BIGNUM, Tag> tag,
253 keymaster_blob_t* blob) {
254 if (!auths.GetTagValue(tag, blob))
255 blob->data = NULL;
256}
257
258// Store the specified DSA param in auths
259template <keymaster_tag_t Tag>
260static void SetDsaParamData(AuthorizationSet* auths, TypedTag<KM_BIGNUM, Tag> tag, BIGNUM* number) {
261 keymaster_blob_t blob;
262 convert_bn_to_blob(number, &blob);
263 auths->push_back(Authorization(tag, blob));
264 delete[] blob.data;
265}
266
267DsaKey* DsaKey::GenerateKey(const AuthorizationSet& key_description, keymaster_error_t* error) {
268 if (!error)
269 return NULL;
270
271 AuthorizationSet authorizations(key_description);
272
273 keymaster_blob_t g_blob;
274 GetDsaParamData(authorizations, TAG_DSA_GENERATOR, &g_blob);
275
276 keymaster_blob_t p_blob;
277 GetDsaParamData(authorizations, TAG_DSA_P, &p_blob);
278
279 keymaster_blob_t q_blob;
280 GetDsaParamData(authorizations, TAG_DSA_Q, &q_blob);
281
282 uint32_t key_size = DSA_DEFAULT_KEY_SIZE;
283 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
284 authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
285
286 UniquePtr<uint8_t[]> key_data;
287 size_t key_data_size;
288
289 UniquePtr<DSA, DSA_Delete> dsa_key(DSA_new());
290 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
291 if (dsa_key.get() == NULL || pkey.get() == NULL) {
292 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
293 return NULL;
294 }
295
296 // If anything goes wrong in the next section, it's a param problem.
297 *error = KM_ERROR_INVALID_DSA_PARAMS;
298
299 if (g_blob.data == NULL && p_blob.data == NULL && q_blob.data == NULL) {
300 // No params provided, generate them.
301 if (!DSA_generate_parameters_ex(dsa_key.get(), key_size, NULL /* seed */, 0 /* seed_len */,
302 NULL /* counter_ret */, NULL /* h_ret */,
303 NULL /* callback */))
304 // TODO(swillden): return a more precise error, depending on ERR_get_error();
305 return NULL;
306
307 SetDsaParamData(&authorizations, TAG_DSA_GENERATOR, dsa_key->g);
308 SetDsaParamData(&authorizations, TAG_DSA_P, dsa_key->p);
309 SetDsaParamData(&authorizations, TAG_DSA_Q, dsa_key->q);
310 } else if (g_blob.data == NULL || p_blob.data == NULL || q_blob.data == NULL) {
311 // Some params provided: that's an error. Provide them all or provide none.
312 return NULL;
313 } else {
314 // All params provided. Use them.
315 dsa_key->g = BN_bin2bn(g_blob.data, g_blob.data_length, NULL);
316 dsa_key->p = BN_bin2bn(p_blob.data, p_blob.data_length, NULL);
317 dsa_key->q = BN_bin2bn(q_blob.data, q_blob.data_length, NULL);
318
319 if (dsa_key->g == NULL || dsa_key->p == NULL || dsa_key->q == NULL)
320 return NULL;
321 }
322
323 if (!DSA_generate_key(dsa_key.get())) {
324 *error = KM_ERROR_UNKNOWN_ERROR;
325 return NULL;
326 }
327
328 DsaKey* new_key = new DsaKey(dsa_key.release(), authorizations);
329 *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
330 return new_key;
331}
332
333DsaKey::DsaKey(const KeyBlob& blob, keymaster_error_t* error) : AsymmetricKey(blob) {
334 if (error)
335 *error = LoadKey(blob);
336}
337
338Operation* DsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
339 keymaster_padding_t padding, keymaster_error_t* error) {
340 Operation* op;
341 switch (purpose) {
342 case KM_PURPOSE_SIGN:
343 op = new DsaSignOperation(purpose, digest, padding, dsa_key_.release());
344 break;
345 case KM_PURPOSE_VERIFY:
346 op = new DsaVerifyOperation(purpose, digest, padding, dsa_key_.release());
347 break;
348 default:
349 *error = KM_ERROR_UNIMPLEMENTED;
350 return NULL;
351 }
352 *error = op ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
353 return op;
354}
355
356bool DsaKey::EvpToInternal(const EVP_PKEY* pkey) {
357 dsa_key_.reset(EVP_PKEY_get1_DSA(const_cast<EVP_PKEY*>(pkey)));
358 return dsa_key_.get() != NULL;
359}
360
361bool DsaKey::InternalToEvp(EVP_PKEY* pkey) const {
362 return EVP_PKEY_set1_DSA(pkey, dsa_key_.get()) == 1;
363}
364
365/* static */
366EcdsaKey* EcdsaKey::GenerateKey(const AuthorizationSet& key_description, keymaster_error_t* error) {
367 if (!error)
368 return NULL;
369
370 AuthorizationSet authorizations(key_description);
371
372 uint32_t key_size = ECDSA_DEFAULT_KEY_SIZE;
373 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
374 authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
375
376 UniquePtr<EC_KEY, ECDSA_Delete> ecdsa_key(EC_KEY_new());
377 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
378 if (ecdsa_key.get() == NULL || pkey.get() == NULL) {
379 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
380 return NULL;
381 }
382
383 UniquePtr<EC_GROUP, EC_GROUP_Delete> group(choose_group(key_size));
384 if (group.get() == NULL) {
385 // Technically, could also have been a memory allocation problem.
386 *error = KM_ERROR_UNSUPPORTED_KEY_SIZE;
387 return NULL;
388 }
389
390 EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED);
391 EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE);
392
393 if (EC_KEY_set_group(ecdsa_key.get(), group.get()) != 1 ||
394 EC_KEY_generate_key(ecdsa_key.get()) != 1 || EC_KEY_check_key(ecdsa_key.get()) < 0) {
395 *error = KM_ERROR_UNKNOWN_ERROR;
396 return NULL;
397 }
398
399 EcdsaKey* new_key = new EcdsaKey(ecdsa_key.release(), authorizations);
400 *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
401 return new_key;
402}
403
404/* static */
405EC_GROUP* EcdsaKey::choose_group(size_t key_size_bits) {
406 switch (key_size_bits) {
407 case 192:
408 return EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1);
409 break;
410 case 224:
411 return EC_GROUP_new_by_curve_name(NID_secp224r1);
412 break;
413 case 256:
414 return EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
415 break;
416 case 384:
417 return EC_GROUP_new_by_curve_name(NID_secp384r1);
418 break;
419 case 521:
420 return EC_GROUP_new_by_curve_name(NID_secp521r1);
421 break;
422 default:
423 return NULL;
424 break;
425 }
426}
427
428EcdsaKey::EcdsaKey(const KeyBlob& blob, keymaster_error_t* error) : AsymmetricKey(blob) {
429 if (error)
430 *error = LoadKey(blob);
431}
432
433Operation* EcdsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
434 keymaster_padding_t padding, keymaster_error_t* error) {
435 Operation* op;
436 switch (purpose) {
437 case KM_PURPOSE_SIGN:
438 op = new EcdsaSignOperation(purpose, digest, padding, ecdsa_key_.release());
439 break;
440 case KM_PURPOSE_VERIFY:
441 op = new EcdsaVerifyOperation(purpose, digest, padding, ecdsa_key_.release());
442 break;
443 default:
444 *error = KM_ERROR_UNIMPLEMENTED;
445 return NULL;
446 }
447 *error = op ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
448 return op;
449}
450
451bool EcdsaKey::EvpToInternal(const EVP_PKEY* pkey) {
452 ecdsa_key_.reset(EVP_PKEY_get1_EC_KEY(const_cast<EVP_PKEY*>(pkey)));
453 return ecdsa_key_.get() != NULL;
454}
455
456bool EcdsaKey::InternalToEvp(EVP_PKEY* pkey) const {
457 return EVP_PKEY_set1_EC_KEY(pkey, ecdsa_key_.get()) == 1;
458}
459
460} // namespace keymaster