Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / c24c110db36b01b737f51c16ae479650635f6324 / . / rsa_key.cpp
blob: 2e2788332beea01d93c81fbb042412a4d96b1971 [file] [log] [blame]
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "openssl_utils.h"
18#include "rsa_key.h"
19#include "rsa_operation.h"
20#include "unencrypted_key_blob.h"
21
Adam Langleya550fba2015-02-13 14:44:14 -0800[diff] [blame]22#if defined(OPENSSL_IS_BORINGSSL)
23typedef size_t openssl_size_t;
24#else
25typedef int openssl_size_t;
26#endif
27
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]28namespace keymaster {
29
30const uint32_t RSA_DEFAULT_KEY_SIZE = 2048;
31const uint64_t RSA_DEFAULT_EXPONENT = 65537;
32
33/* static */
34RsaKey* RsaKey::GenerateKey(const AuthorizationSet& key_description, const Logger& logger,
35 keymaster_error_t* error) {
36 if (!error)
37 return NULL;
38
39 AuthorizationSet authorizations(key_description);
40
41 uint64_t public_exponent = RSA_DEFAULT_EXPONENT;
42 if (!authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent))
43 authorizations.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent));
44
45 uint32_t key_size = RSA_DEFAULT_KEY_SIZE;
46 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
47 authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
48
49 UniquePtr<BIGNUM, BIGNUM_Delete> exponent(BN_new());
50 UniquePtr<RSA, RSA_Delete> rsa_key(RSA_new());
51 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
52 if (rsa_key.get() == NULL || pkey.get() == NULL) {
53 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
54 return NULL;
55 }
56
57 if (!BN_set_word(exponent.get(), public_exponent) ||
58 !RSA_generate_key_ex(rsa_key.get(), key_size, exponent.get(), NULL /* callback */)) {
59 *error = KM_ERROR_UNKNOWN_ERROR;
60 return NULL;
61 }
62
63 RsaKey* new_key = new RsaKey(rsa_key.release(), authorizations, logger);
64 *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
65 return new_key;
66}
67
68/* static */
69RsaKey* RsaKey::ImportKey(const AuthorizationSet& key_description, EVP_PKEY* pkey,
70 const Logger& logger, keymaster_error_t* error) {
71 if (!error)
72 return NULL;
73 *error = KM_ERROR_UNKNOWN_ERROR;
74
75 UniquePtr<RSA, RSA_Delete> rsa_key(EVP_PKEY_get1_RSA(pkey));
76 if (!rsa_key.get())
77 return NULL;
78
79 AuthorizationSet authorizations(key_description);
80
81 uint64_t public_exponent;
82 if (authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent)) {
83 // public_exponent specified, make sure it matches the key
84 UniquePtr<BIGNUM, BIGNUM_Delete> public_exponent_bn(BN_new());
85 if (!BN_set_word(public_exponent_bn.get(), public_exponent))
86 return NULL;
87 if (BN_cmp(public_exponent_bn.get(), rsa_key->e) != 0) {
88 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
89 return NULL;
90 }
91 } else {
92 // public_exponent not specified, use the one from the key.
93 public_exponent = BN_get_word(rsa_key->e);
94 if (public_exponent == 0xffffffffL) {
95 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
96 return NULL;
97 }
98 authorizations.push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
99 }
100
101 uint32_t key_size;
102 if (authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) {
103 // key_size specified, make sure it matches the key.
Adam Langleya550fba2015-02-13 14:44:14 -0800[diff] [blame]104 if (RSA_size(rsa_key.get()) != (openssl_size_t)key_size) {
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]105 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
106 return NULL;
107 }
108 } else {
109 key_size = RSA_size(rsa_key.get()) * 8;
110 authorizations.push_back(TAG_KEY_SIZE, key_size);
111 }
112
113 keymaster_algorithm_t algorithm;
114 if (authorizations.GetTagValue(TAG_ALGORITHM, &algorithm)) {
115 if (algorithm != KM_ALGORITHM_RSA) {
116 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
117 return NULL;
118 }
119 } else {
120 authorizations.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
121 }
122
123 // Don't bother with the other parameters. If the necessary padding, digest, purpose, etc. are
124 // missing, the error will be diagnosed when the key is used (when auth checking is
125 // implemented).
126 *error = KM_ERROR_OK;
127 return new RsaKey(rsa_key.release(), authorizations, logger);
128}
129
130RsaKey::RsaKey(const UnencryptedKeyBlob& blob, const Logger& logger, keymaster_error_t* error)
131 : AsymmetricKey(blob, logger) {
132 if (error)
133 *error = LoadKey(blob);
134}
135
Shawn Willden96599212014-09-26 12:07:44 -0600[diff] [blame]136Operation* RsaKey::CreateOperation(keymaster_purpose_t purpose, keymaster_error_t* error) {
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]137 *error = KM_ERROR_OK;
138
139 keymaster_padding_t padding = static_cast<keymaster_padding_t>(-1);
140 authorizations().GetTagValue(TAG_PADDING, &padding);
141 if (!SupportedMode(purpose, padding)) {
Shawn Willden96599212014-09-26 12:07:44 -0600[diff] [blame]142 *error = KM_ERROR_UNSUPPORTED_PADDING_MODE;
143 return NULL;
144 }
145
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]146 keymaster_digest_t digest = static_cast<keymaster_digest_t>(-1);
147 authorizations().GetTagValue(TAG_DIGEST, &digest);
148 if (!SupportedMode(purpose, digest)) {
149 *error = KM_ERROR_UNSUPPORTED_DIGEST;
Shawn Willden46a420d2014-12-02 07:01:21 -0700[diff] [blame]150 return NULL;
151 }
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]152
153 Operation* op = NULL;
154 switch (purpose) {
155 case KM_PURPOSE_SIGN:
156 op = new RsaSignOperation(logger_, digest, padding, rsa_key_.release());
157 break;
158 case KM_PURPOSE_VERIFY:
159 op = new RsaVerifyOperation(logger_, digest, padding, rsa_key_.release());
160 break;
161 case KM_PURPOSE_ENCRYPT:
162 op = new RsaEncryptOperation(logger_, padding, rsa_key_.release());
163 break;
164 case KM_PURPOSE_DECRYPT:
165 op = new RsaDecryptOperation(logger_, padding, rsa_key_.release());
166 break;
167 default:
168 *error = KM_ERROR_UNSUPPORTED_PURPOSE;
169 return NULL;
170 }
171
172 if (!op)
173 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
174
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]175 return op;
176}
177
178bool RsaKey::EvpToInternal(const EVP_PKEY* pkey) {
179 rsa_key_.reset(EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(pkey)));
180 return rsa_key_.get() != NULL;
181}
182
183bool RsaKey::InternalToEvp(EVP_PKEY* pkey) const {
184 return EVP_PKEY_set1_RSA(pkey, rsa_key_.get()) == 1;
185}
186
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]187bool RsaKey::SupportedMode(keymaster_purpose_t purpose, keymaster_padding_t padding) {
188 switch (purpose) {
189 case KM_PURPOSE_SIGN:
190 case KM_PURPOSE_VERIFY:
191 return padding == KM_PAD_NONE;
192 break;
193 case KM_PURPOSE_ENCRYPT:
194 case KM_PURPOSE_DECRYPT:
195 return padding == KM_PAD_RSA_OAEP || padding == KM_PAD_RSA_PKCS1_1_5_ENCRYPT;
196 break;
197 };
198 return false;
199}
200
201bool RsaKey::SupportedMode(keymaster_purpose_t purpose, keymaster_digest_t digest) {
202 switch (purpose) {
203 case KM_PURPOSE_SIGN:
204 case KM_PURPOSE_VERIFY:
205 return digest == KM_DIGEST_NONE;
206 break;
207 case KM_PURPOSE_ENCRYPT:
208 case KM_PURPOSE_DECRYPT:
209 /* Don't care */
210 break;
211 };
212 return true;
213}
214
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]215} // namespace keymaster