Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / f90f235636cc3cbfb393e5006b673aef00df825a / . / rsa_key.cpp
blob: f10b51b15840a668ad0a592e2d134c7d98f65cdf [file] [log] [blame]
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]17#include "rsa_key.h"
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]18
19#include "openssl_err.h"
20#include "openssl_utils.h"
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]21#include "rsa_operation.h"
22#include "unencrypted_key_blob.h"
23
Adam Langleya550fba2015-02-13 14:44:14 -0800[diff] [blame]24#if defined(OPENSSL_IS_BORINGSSL)
25typedef size_t openssl_size_t;
26#else
27typedef int openssl_size_t;
28#endif
29
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]30namespace keymaster {
31
32const uint32_t RSA_DEFAULT_KEY_SIZE = 2048;
33const uint64_t RSA_DEFAULT_EXPONENT = 65537;
34
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]35class RsaKeyFactory : public AsymmetricKeyFactory {
36 public:
37 virtual keymaster_algorithm_t registry_key() const { return KM_ALGORITHM_RSA; }
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]38 virtual Key* GenerateKey(const AuthorizationSet& key_description, keymaster_error_t* error);
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]39 virtual Key* ImportKey(const AuthorizationSet& key_description,
40 keymaster_key_format_t key_format, const uint8_t* key_data,
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]41 size_t key_data_length, keymaster_error_t* error);
42 virtual Key* LoadKey(const UnencryptedKeyBlob& blob, keymaster_error_t* error) {
43 return new RsaKey(blob, error);
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]44 }
45};
46static KeyFactoryRegistry::Registration<RsaKeyFactory> registration;
47
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]48Key* RsaKeyFactory::GenerateKey(const AuthorizationSet& key_description, keymaster_error_t* error) {
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]49 if (!error)
50 return NULL;
51
52 AuthorizationSet authorizations(key_description);
53
54 uint64_t public_exponent = RSA_DEFAULT_EXPONENT;
55 if (!authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent))
56 authorizations.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent));
57
58 uint32_t key_size = RSA_DEFAULT_KEY_SIZE;
59 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
60 authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
61
62 UniquePtr<BIGNUM, BIGNUM_Delete> exponent(BN_new());
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]63 UniquePtr<RSA, RsaKey::RSA_Delete> rsa_key(RSA_new());
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]64 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
65 if (rsa_key.get() == NULL || pkey.get() == NULL) {
66 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
67 return NULL;
68 }
69
70 if (!BN_set_word(exponent.get(), public_exponent) ||
71 !RSA_generate_key_ex(rsa_key.get(), key_size, exponent.get(), NULL /* callback */)) {
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]72 *error = TranslateLastOpenSslError();
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]73 return NULL;
74 }
75
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]76 RsaKey* new_key = new RsaKey(rsa_key.release(), authorizations);
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]77 *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
78 return new_key;
79}
80
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]81Key* RsaKeyFactory::ImportKey(const AuthorizationSet& key_description,
82 keymaster_key_format_t key_format, const uint8_t* key_data,
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]83 size_t key_data_length, keymaster_error_t* error) {
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]84 if (!error)
85 return NULL;
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]86
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]87 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(
88 ExtractEvpKey(key_format, KM_ALGORITHM_RSA, key_data, key_data_length, error));
89 if (*error != KM_ERROR_OK)
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]90 return NULL;
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]91 assert(pkey.get());
92
93 UniquePtr<RSA, RsaKey::RSA_Delete> rsa_key(EVP_PKEY_get1_RSA(pkey.get()));
94 if (!rsa_key.get()) {
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]95 *error = TranslateLastOpenSslError();
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]96 return NULL;
97 }
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]98
99 AuthorizationSet authorizations(key_description);
100
101 uint64_t public_exponent;
102 if (authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent)) {
103 // public_exponent specified, make sure it matches the key
104 UniquePtr<BIGNUM, BIGNUM_Delete> public_exponent_bn(BN_new());
105 if (!BN_set_word(public_exponent_bn.get(), public_exponent))
106 return NULL;
107 if (BN_cmp(public_exponent_bn.get(), rsa_key->e) != 0) {
108 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
109 return NULL;
110 }
111 } else {
112 // public_exponent not specified, use the one from the key.
113 public_exponent = BN_get_word(rsa_key->e);
114 if (public_exponent == 0xffffffffL) {
115 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
116 return NULL;
117 }
118 authorizations.push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
119 }
120
121 uint32_t key_size;
122 if (authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) {
123 // key_size specified, make sure it matches the key.
Adam Langleya550fba2015-02-13 14:44:14 -0800[diff] [blame]124 if (RSA_size(rsa_key.get()) != (openssl_size_t)key_size) {
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]125 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
126 return NULL;
127 }
128 } else {
129 key_size = RSA_size(rsa_key.get()) * 8;
130 authorizations.push_back(TAG_KEY_SIZE, key_size);
131 }
132
133 keymaster_algorithm_t algorithm;
134 if (authorizations.GetTagValue(TAG_ALGORITHM, &algorithm)) {
135 if (algorithm != KM_ALGORITHM_RSA) {
136 *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
137 return NULL;
138 }
139 } else {
140 authorizations.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
141 }
142
143 // Don't bother with the other parameters. If the necessary padding, digest, purpose, etc. are
144 // missing, the error will be diagnosed when the key is used (when auth checking is
145 // implemented).
146 *error = KM_ERROR_OK;
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]147 return new RsaKey(rsa_key.release(), authorizations);
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]148}
149
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]150RsaKey::RsaKey(const UnencryptedKeyBlob& blob, keymaster_error_t* error) : AsymmetricKey(blob) {
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]151 if (error)
152 *error = LoadKey(blob);
153}
154
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]155RSA* RsaKey::key() const {
156 return rsa_key_.get();
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]157}
158
159bool RsaKey::EvpToInternal(const EVP_PKEY* pkey) {
160 rsa_key_.reset(EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(pkey)));
161 return rsa_key_.get() != NULL;
162}
163
164bool RsaKey::InternalToEvp(EVP_PKEY* pkey) const {
165 return EVP_PKEY_set1_RSA(pkey, rsa_key_.get()) == 1;
166}
167
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]168bool RsaKey::SupportedMode(keymaster_purpose_t purpose, keymaster_padding_t padding) {
169 switch (purpose) {
170 case KM_PURPOSE_SIGN:
171 case KM_PURPOSE_VERIFY:
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]172 return padding == KM_PAD_NONE || padding == KM_PAD_RSA_PSS ||
173 padding == KM_PAD_RSA_PKCS1_1_5_SIGN;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]174 break;
175 case KM_PURPOSE_ENCRYPT:
176 case KM_PURPOSE_DECRYPT:
177 return padding == KM_PAD_RSA_OAEP || padding == KM_PAD_RSA_PKCS1_1_5_ENCRYPT;
178 break;
179 };
180 return false;
181}
182
183bool RsaKey::SupportedMode(keymaster_purpose_t purpose, keymaster_digest_t digest) {
184 switch (purpose) {
185 case KM_PURPOSE_SIGN:
186 case KM_PURPOSE_VERIFY:
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]187 return digest == KM_DIGEST_NONE || digest == KM_DIGEST_SHA_2_256;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]188 break;
189 case KM_PURPOSE_ENCRYPT:
190 case KM_PURPOSE_DECRYPT:
191 /* Don't care */
192 break;
193 };
194 return true;
195}
196
Shawn Willden2c8dd3e2014-09-18 15:16:31 -0600[diff] [blame]197} // namespace keymaster