748 lines
24 KiB
C++
748 lines
24 KiB
C++
/*
|
|
* Copyright (C) 2012 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
#include <errno.h>
|
|
#include <string.h>
|
|
#include <stdint.h>
|
|
|
|
#include <keystore/keystore.h>
|
|
|
|
#include <hardware/hardware.h>
|
|
#include <hardware/keymaster.h>
|
|
|
|
#include <openssl/evp.h>
|
|
#include <openssl/bio.h>
|
|
#include <openssl/rsa.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/x509.h>
|
|
|
|
#include <UniquePtr.h>
|
|
|
|
// For debugging
|
|
// #define LOG_NDEBUG 0
|
|
|
|
#define LOG_TAG "OpenSSLKeyMaster"
|
|
#include <cutils/log.h>
|
|
|
|
struct BIGNUM_Delete {
|
|
void operator()(BIGNUM* p) const {
|
|
BN_free(p);
|
|
}
|
|
};
|
|
typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
|
|
|
|
struct EVP_PKEY_Delete {
|
|
void operator()(EVP_PKEY* p) const {
|
|
EVP_PKEY_free(p);
|
|
}
|
|
};
|
|
typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
|
|
|
|
struct PKCS8_PRIV_KEY_INFO_Delete {
|
|
void operator()(PKCS8_PRIV_KEY_INFO* p) const {
|
|
PKCS8_PRIV_KEY_INFO_free(p);
|
|
}
|
|
};
|
|
typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
|
|
|
|
struct DSA_Delete {
|
|
void operator()(DSA* p) const {
|
|
DSA_free(p);
|
|
}
|
|
};
|
|
typedef UniquePtr<DSA, DSA_Delete> Unique_DSA;
|
|
|
|
struct EC_KEY_Delete {
|
|
void operator()(EC_KEY* p) const {
|
|
EC_KEY_free(p);
|
|
}
|
|
};
|
|
typedef UniquePtr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY;
|
|
|
|
struct EC_GROUP_Delete {
|
|
void operator()(EC_GROUP* p) const {
|
|
EC_GROUP_free(p);
|
|
}
|
|
};
|
|
typedef UniquePtr<EC_GROUP, EC_GROUP_Delete> Unique_EC_GROUP;
|
|
|
|
struct RSA_Delete {
|
|
void operator()(RSA* p) const {
|
|
RSA_free(p);
|
|
}
|
|
};
|
|
typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
|
|
|
|
struct Malloc_Free {
|
|
void operator()(void* p) const {
|
|
free(p);
|
|
}
|
|
};
|
|
|
|
typedef UniquePtr<keymaster_device_t> Unique_keymaster_device_t;
|
|
|
|
/**
|
|
* Many OpenSSL APIs take ownership of an argument on success but
|
|
* don't free the argument on failure. This means we need to tell our
|
|
* scoped pointers when we've transferred ownership, without
|
|
* triggering a warning by not using the result of release().
|
|
*/
|
|
template <typename T, typename Delete_T>
|
|
inline void release_because_ownership_transferred(UniquePtr<T, Delete_T>& p) {
|
|
T* val __attribute__((unused)) = p.release();
|
|
}
|
|
|
|
/*
|
|
* Checks this thread's OpenSSL error queue and logs if
|
|
* necessary.
|
|
*/
|
|
static void logOpenSSLError(const char* location) {
|
|
int error = ERR_get_error();
|
|
|
|
if (error != 0) {
|
|
char message[256];
|
|
ERR_error_string_n(error, message, sizeof(message));
|
|
ALOGE("OpenSSL error in %s %d: %s", location, error, message);
|
|
}
|
|
|
|
ERR_clear_error();
|
|
ERR_remove_state(0);
|
|
}
|
|
|
|
static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlobLength) {
|
|
/*
|
|
* Find the length of each size. Public key is not needed anymore
|
|
* but must be kept for alignment purposes.
|
|
*/
|
|
int publicLen = 0;
|
|
int privateLen = i2d_PrivateKey(pkey, NULL);
|
|
|
|
if (privateLen <= 0) {
|
|
ALOGE("private key size was too big");
|
|
return -1;
|
|
}
|
|
|
|
/* int type + int size + private key data + int size + public key data */
|
|
*keyBlobLength = get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + privateLen +
|
|
sizeof(privateLen) + publicLen;
|
|
|
|
// derData will be returned to the caller, so allocate it with malloc.
|
|
UniquePtr<unsigned char, Malloc_Free> derData(
|
|
static_cast<unsigned char*>(malloc(*keyBlobLength)));
|
|
if (derData.get() == NULL) {
|
|
ALOGE("could not allocate memory for key blob");
|
|
return -1;
|
|
}
|
|
unsigned char* p = derData.get();
|
|
|
|
/* Write the magic value for software keys. */
|
|
p = add_softkey_header(p, *keyBlobLength);
|
|
|
|
/* Write key type to allocated buffer */
|
|
for (int i = sizeof(type) - 1; i >= 0; i--) {
|
|
*p++ = (type >> (8 * i)) & 0xFF;
|
|
}
|
|
|
|
/* Write public key to allocated buffer */
|
|
for (int i = sizeof(publicLen) - 1; i >= 0; i--) {
|
|
*p++ = (publicLen >> (8 * i)) & 0xFF;
|
|
}
|
|
|
|
/* Write private key to allocated buffer */
|
|
for (int i = sizeof(privateLen) - 1; i >= 0; i--) {
|
|
*p++ = (privateLen >> (8 * i)) & 0xFF;
|
|
}
|
|
if (i2d_PrivateKey(pkey, &p) != privateLen) {
|
|
logOpenSSLError("wrap_key");
|
|
return -1;
|
|
}
|
|
|
|
*keyBlob = derData.release();
|
|
|
|
return 0;
|
|
}
|
|
|
|
static EVP_PKEY* unwrap_key(const uint8_t* keyBlob, const size_t keyBlobLength) {
|
|
long publicLen = 0;
|
|
long privateLen = 0;
|
|
const uint8_t* p = keyBlob;
|
|
const uint8_t* const end = keyBlob + keyBlobLength;
|
|
|
|
if (keyBlob == NULL) {
|
|
ALOGE("supplied key blob was NULL");
|
|
return NULL;
|
|
}
|
|
|
|
int type = 0;
|
|
if (keyBlobLength < (get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + 1 +
|
|
sizeof(privateLen) + 1)) {
|
|
ALOGE("key blob appears to be truncated");
|
|
return NULL;
|
|
}
|
|
|
|
if (!is_softkey(p, keyBlobLength)) {
|
|
ALOGE("cannot read key; it was not made by this keymaster");
|
|
return NULL;
|
|
}
|
|
p += get_softkey_header_size();
|
|
|
|
for (size_t i = 0; i < sizeof(type); i++) {
|
|
type = (type << 8) | *p++;
|
|
}
|
|
|
|
for (size_t i = 0; i < sizeof(type); i++) {
|
|
publicLen = (publicLen << 8) | *p++;
|
|
}
|
|
if (p + publicLen > end) {
|
|
ALOGE("public key length encoding error: size=%ld, end=%td", publicLen, end - p);
|
|
return NULL;
|
|
}
|
|
|
|
p += publicLen;
|
|
if (end - p < 2) {
|
|
ALOGE("private key truncated");
|
|
return NULL;
|
|
}
|
|
for (size_t i = 0; i < sizeof(type); i++) {
|
|
privateLen = (privateLen << 8) | *p++;
|
|
}
|
|
if (p + privateLen > end) {
|
|
ALOGE("private key length encoding error: size=%ld, end=%td", privateLen, end - p);
|
|
return NULL;
|
|
}
|
|
|
|
Unique_EVP_PKEY pkey(EVP_PKEY_new());
|
|
if (pkey.get() == NULL) {
|
|
logOpenSSLError("unwrap_key");
|
|
return NULL;
|
|
}
|
|
EVP_PKEY* tmp = pkey.get();
|
|
|
|
if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) {
|
|
logOpenSSLError("unwrap_key");
|
|
return NULL;
|
|
}
|
|
|
|
return pkey.release();
|
|
}
|
|
|
|
static int generate_dsa_keypair(EVP_PKEY* pkey, const keymaster_dsa_keygen_params_t* dsa_params) {
|
|
if (dsa_params->key_size < 512) {
|
|
ALOGI("Requested DSA key size is too small (<512)");
|
|
return -1;
|
|
}
|
|
|
|
Unique_DSA dsa(DSA_new());
|
|
|
|
if (dsa_params->generator_len == 0 || dsa_params->prime_p_len == 0 ||
|
|
dsa_params->prime_q_len == 0 || dsa_params->generator == NULL ||
|
|
dsa_params->prime_p == NULL || dsa_params->prime_q == NULL) {
|
|
if (DSA_generate_parameters_ex(dsa.get(), dsa_params->key_size, NULL, 0, NULL, NULL,
|
|
NULL) != 1) {
|
|
logOpenSSLError("generate_dsa_keypair");
|
|
return -1;
|
|
}
|
|
} else {
|
|
dsa->g = BN_bin2bn(dsa_params->generator, dsa_params->generator_len, NULL);
|
|
if (dsa->g == NULL) {
|
|
logOpenSSLError("generate_dsa_keypair");
|
|
return -1;
|
|
}
|
|
|
|
dsa->p = BN_bin2bn(dsa_params->prime_p, dsa_params->prime_p_len, NULL);
|
|
if (dsa->p == NULL) {
|
|
logOpenSSLError("generate_dsa_keypair");
|
|
return -1;
|
|
}
|
|
|
|
dsa->q = BN_bin2bn(dsa_params->prime_q, dsa_params->prime_q_len, NULL);
|
|
if (dsa->q == NULL) {
|
|
logOpenSSLError("generate_dsa_keypair");
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
if (DSA_generate_key(dsa.get()) != 1) {
|
|
logOpenSSLError("generate_dsa_keypair");
|
|
return -1;
|
|
}
|
|
|
|
if (EVP_PKEY_assign_DSA(pkey, dsa.get()) == 0) {
|
|
logOpenSSLError("generate_dsa_keypair");
|
|
return -1;
|
|
}
|
|
release_because_ownership_transferred(dsa);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) {
|
|
Unique_EC_GROUP group;
|
|
switch (ec_params->field_size) {
|
|
case 192:
|
|
group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1));
|
|
break;
|
|
case 224:
|
|
group.reset(EC_GROUP_new_by_curve_name(NID_secp224r1));
|
|
break;
|
|
case 256:
|
|
group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
|
|
break;
|
|
case 384:
|
|
group.reset(EC_GROUP_new_by_curve_name(NID_secp384r1));
|
|
break;
|
|
case 521:
|
|
group.reset(EC_GROUP_new_by_curve_name(NID_secp521r1));
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
if (group.get() == NULL) {
|
|
logOpenSSLError("generate_ec_keypair");
|
|
return -1;
|
|
}
|
|
|
|
EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED);
|
|
EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE);
|
|
|
|
/* initialize EC key */
|
|
Unique_EC_KEY eckey(EC_KEY_new());
|
|
if (eckey.get() == NULL) {
|
|
logOpenSSLError("generate_ec_keypair");
|
|
return -1;
|
|
}
|
|
|
|
if (EC_KEY_set_group(eckey.get(), group.get()) != 1) {
|
|
logOpenSSLError("generate_ec_keypair");
|
|
return -1;
|
|
}
|
|
|
|
if (EC_KEY_generate_key(eckey.get()) != 1 || EC_KEY_check_key(eckey.get()) < 0) {
|
|
logOpenSSLError("generate_ec_keypair");
|
|
return -1;
|
|
}
|
|
|
|
if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) {
|
|
logOpenSSLError("generate_ec_keypair");
|
|
return -1;
|
|
}
|
|
release_because_ownership_transferred(eckey);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int generate_rsa_keypair(EVP_PKEY* pkey, const keymaster_rsa_keygen_params_t* rsa_params) {
|
|
Unique_BIGNUM bn(BN_new());
|
|
if (bn.get() == NULL) {
|
|
logOpenSSLError("generate_rsa_keypair");
|
|
return -1;
|
|
}
|
|
|
|
if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) {
|
|
logOpenSSLError("generate_rsa_keypair");
|
|
return -1;
|
|
}
|
|
|
|
/* initialize RSA */
|
|
Unique_RSA rsa(RSA_new());
|
|
if (rsa.get() == NULL) {
|
|
logOpenSSLError("generate_rsa_keypair");
|
|
return -1;
|
|
}
|
|
|
|
if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL) ||
|
|
RSA_check_key(rsa.get()) < 0) {
|
|
logOpenSSLError("generate_rsa_keypair");
|
|
return -1;
|
|
}
|
|
|
|
if (EVP_PKEY_assign_RSA(pkey, rsa.get()) == 0) {
|
|
logOpenSSLError("generate_rsa_keypair");
|
|
return -1;
|
|
}
|
|
release_because_ownership_transferred(rsa);
|
|
|
|
return 0;
|
|
}
|
|
|
|
__attribute__((visibility("default"))) int openssl_generate_keypair(
|
|
const keymaster_device_t*, const keymaster_keypair_t key_type, const void* key_params,
|
|
uint8_t** keyBlob, size_t* keyBlobLength) {
|
|
Unique_EVP_PKEY pkey(EVP_PKEY_new());
|
|
if (pkey.get() == NULL) {
|
|
logOpenSSLError("openssl_generate_keypair");
|
|
return -1;
|
|
}
|
|
|
|
if (key_params == NULL) {
|
|
ALOGW("key_params == null");
|
|
return -1;
|
|
} else if (key_type == TYPE_DSA) {
|
|
const keymaster_dsa_keygen_params_t* dsa_params =
|
|
(const keymaster_dsa_keygen_params_t*)key_params;
|
|
generate_dsa_keypair(pkey.get(), dsa_params);
|
|
} else if (key_type == TYPE_EC) {
|
|
const keymaster_ec_keygen_params_t* ec_params =
|
|
(const keymaster_ec_keygen_params_t*)key_params;
|
|
generate_ec_keypair(pkey.get(), ec_params);
|
|
} else if (key_type == TYPE_RSA) {
|
|
const keymaster_rsa_keygen_params_t* rsa_params =
|
|
(const keymaster_rsa_keygen_params_t*)key_params;
|
|
generate_rsa_keypair(pkey.get(), rsa_params);
|
|
} else {
|
|
ALOGW("Unsupported key type %d", key_type);
|
|
return -1;
|
|
}
|
|
|
|
if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), keyBlob, keyBlobLength)) {
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
__attribute__((visibility("default"))) int openssl_import_keypair(const keymaster_device_t*,
|
|
const uint8_t* key,
|
|
const size_t key_length,
|
|
uint8_t** key_blob,
|
|
size_t* key_blob_length) {
|
|
if (key == NULL) {
|
|
ALOGW("input key == NULL");
|
|
return -1;
|
|
} else if (key_blob == NULL || key_blob_length == NULL) {
|
|
ALOGW("output key blob or length == NULL");
|
|
return -1;
|
|
}
|
|
|
|
Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length));
|
|
if (pkcs8.get() == NULL) {
|
|
logOpenSSLError("openssl_import_keypair");
|
|
return -1;
|
|
}
|
|
|
|
/* assign to EVP */
|
|
Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get()));
|
|
if (pkey.get() == NULL) {
|
|
logOpenSSLError("openssl_import_keypair");
|
|
return -1;
|
|
}
|
|
release_because_ownership_transferred(pkcs8);
|
|
|
|
if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), key_blob, key_blob_length)) {
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
__attribute__((visibility("default"))) int openssl_get_keypair_public(
|
|
const struct keymaster_device*, const uint8_t* key_blob, const size_t key_blob_length,
|
|
uint8_t** x509_data, size_t* x509_data_length) {
|
|
|
|
if (x509_data == NULL || x509_data_length == NULL) {
|
|
ALOGW("output public key buffer == NULL");
|
|
return -1;
|
|
}
|
|
|
|
Unique_EVP_PKEY pkey(unwrap_key(key_blob, key_blob_length));
|
|
if (pkey.get() == NULL) {
|
|
return -1;
|
|
}
|
|
|
|
int len = i2d_PUBKEY(pkey.get(), NULL);
|
|
if (len <= 0) {
|
|
logOpenSSLError("openssl_get_keypair_public");
|
|
return -1;
|
|
}
|
|
|
|
UniquePtr<uint8_t, Malloc_Free> key(static_cast<uint8_t*>(malloc(len)));
|
|
if (key.get() == NULL) {
|
|
ALOGE("Could not allocate memory for public key data");
|
|
return -1;
|
|
}
|
|
|
|
unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
|
|
if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
|
|
logOpenSSLError("openssl_get_keypair_public");
|
|
return -1;
|
|
}
|
|
|
|
ALOGV("Length of x509 data is %d", len);
|
|
*x509_data_length = len;
|
|
*x509_data = key.release();
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int sign_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, const uint8_t* data,
|
|
const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
|
|
if (sign_params->digest_type != DIGEST_NONE) {
|
|
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
|
|
return -1;
|
|
}
|
|
|
|
Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
|
|
if (dsa.get() == NULL) {
|
|
logOpenSSLError("openssl_sign_dsa");
|
|
return -1;
|
|
}
|
|
|
|
unsigned int dsaSize = DSA_size(dsa.get());
|
|
UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dsaSize)));
|
|
if (signedDataPtr.get() == NULL) {
|
|
logOpenSSLError("openssl_sign_dsa");
|
|
return -1;
|
|
}
|
|
|
|
unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
|
|
if (DSA_sign(0, data, dataLength, tmp, &dsaSize, dsa.get()) <= 0) {
|
|
logOpenSSLError("openssl_sign_dsa");
|
|
return -1;
|
|
}
|
|
|
|
*signedDataLength = dsaSize;
|
|
*signedData = signedDataPtr.release();
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int sign_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, const uint8_t* data,
|
|
const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
|
|
if (sign_params->digest_type != DIGEST_NONE) {
|
|
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
|
|
return -1;
|
|
}
|
|
|
|
Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
|
|
if (eckey.get() == NULL) {
|
|
logOpenSSLError("openssl_sign_ec");
|
|
return -1;
|
|
}
|
|
|
|
unsigned int ecdsaSize = ECDSA_size(eckey.get());
|
|
UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(ecdsaSize)));
|
|
if (signedDataPtr.get() == NULL) {
|
|
logOpenSSLError("openssl_sign_ec");
|
|
return -1;
|
|
}
|
|
|
|
unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
|
|
if (ECDSA_sign(0, data, dataLength, tmp, &ecdsaSize, eckey.get()) <= 0) {
|
|
logOpenSSLError("openssl_sign_ec");
|
|
return -1;
|
|
}
|
|
|
|
*signedDataLength = ecdsaSize;
|
|
*signedData = signedDataPtr.release();
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int sign_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, const uint8_t* data,
|
|
const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
|
|
if (sign_params->digest_type != DIGEST_NONE) {
|
|
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
|
|
return -1;
|
|
} else if (sign_params->padding_type != PADDING_NONE) {
|
|
ALOGW("Cannot handle padding type %d", sign_params->padding_type);
|
|
return -1;
|
|
}
|
|
|
|
Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
|
|
if (rsa.get() == NULL) {
|
|
logOpenSSLError("openssl_sign_rsa");
|
|
return -1;
|
|
}
|
|
|
|
UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dataLength)));
|
|
if (signedDataPtr.get() == NULL) {
|
|
logOpenSSLError("openssl_sign_rsa");
|
|
return -1;
|
|
}
|
|
|
|
unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
|
|
if (RSA_private_encrypt(dataLength, data, tmp, rsa.get(), RSA_NO_PADDING) <= 0) {
|
|
logOpenSSLError("openssl_sign_rsa");
|
|
return -1;
|
|
}
|
|
|
|
*signedDataLength = dataLength;
|
|
*signedData = signedDataPtr.release();
|
|
|
|
return 0;
|
|
}
|
|
|
|
__attribute__((visibility("default"))) int openssl_sign_data(
|
|
const keymaster_device_t*, const void* params, const uint8_t* keyBlob,
|
|
const size_t keyBlobLength, const uint8_t* data, const size_t dataLength, uint8_t** signedData,
|
|
size_t* signedDataLength) {
|
|
if (data == NULL) {
|
|
ALOGW("input data to sign == NULL");
|
|
return -1;
|
|
} else if (signedData == NULL || signedDataLength == NULL) {
|
|
ALOGW("output signature buffer == NULL");
|
|
return -1;
|
|
}
|
|
|
|
Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
|
|
if (pkey.get() == NULL) {
|
|
return -1;
|
|
}
|
|
|
|
int type = EVP_PKEY_type(pkey->type);
|
|
if (type == EVP_PKEY_DSA) {
|
|
const keymaster_dsa_sign_params_t* sign_params =
|
|
reinterpret_cast<const keymaster_dsa_sign_params_t*>(params);
|
|
return sign_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params), data,
|
|
dataLength, signedData, signedDataLength);
|
|
} else if (type == EVP_PKEY_EC) {
|
|
const keymaster_ec_sign_params_t* sign_params =
|
|
reinterpret_cast<const keymaster_ec_sign_params_t*>(params);
|
|
return sign_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params), data,
|
|
dataLength, signedData, signedDataLength);
|
|
} else if (type == EVP_PKEY_RSA) {
|
|
const keymaster_rsa_sign_params_t* sign_params =
|
|
reinterpret_cast<const keymaster_rsa_sign_params_t*>(params);
|
|
return sign_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params), data,
|
|
dataLength, signedData, signedDataLength);
|
|
} else {
|
|
ALOGW("Unsupported key type");
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
static int verify_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params,
|
|
const uint8_t* signedData, const size_t signedDataLength,
|
|
const uint8_t* signature, const size_t signatureLength) {
|
|
if (sign_params->digest_type != DIGEST_NONE) {
|
|
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
|
|
return -1;
|
|
}
|
|
|
|
Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
|
|
if (dsa.get() == NULL) {
|
|
logOpenSSLError("openssl_verify_dsa");
|
|
return -1;
|
|
}
|
|
|
|
if (DSA_verify(0, signedData, signedDataLength, signature, signatureLength, dsa.get()) <= 0) {
|
|
logOpenSSLError("openssl_verify_dsa");
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params,
|
|
const uint8_t* signedData, const size_t signedDataLength,
|
|
const uint8_t* signature, const size_t signatureLength) {
|
|
if (sign_params->digest_type != DIGEST_NONE) {
|
|
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
|
|
return -1;
|
|
}
|
|
|
|
Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
|
|
if (eckey.get() == NULL) {
|
|
logOpenSSLError("openssl_verify_ec");
|
|
return -1;
|
|
}
|
|
|
|
if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <=
|
|
0) {
|
|
logOpenSSLError("openssl_verify_ec");
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int verify_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params,
|
|
const uint8_t* signedData, const size_t signedDataLength,
|
|
const uint8_t* signature, const size_t signatureLength) {
|
|
if (sign_params->digest_type != DIGEST_NONE) {
|
|
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
|
|
return -1;
|
|
} else if (sign_params->padding_type != PADDING_NONE) {
|
|
ALOGW("Cannot handle padding type %d", sign_params->padding_type);
|
|
return -1;
|
|
} else if (signatureLength != signedDataLength) {
|
|
ALOGW("signed data length must be signature length");
|
|
return -1;
|
|
}
|
|
|
|
Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
|
|
if (rsa.get() == NULL) {
|
|
logOpenSSLError("openssl_verify_data");
|
|
return -1;
|
|
}
|
|
|
|
UniquePtr<uint8_t[]> dataPtr(new uint8_t[signedDataLength]);
|
|
if (dataPtr.get() == NULL) {
|
|
logOpenSSLError("openssl_verify_data");
|
|
return -1;
|
|
}
|
|
|
|
unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get());
|
|
if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) {
|
|
logOpenSSLError("openssl_verify_data");
|
|
return -1;
|
|
}
|
|
|
|
int result = 0;
|
|
for (size_t i = 0; i < signedDataLength; i++) {
|
|
result |= tmp[i] ^ signedData[i];
|
|
}
|
|
|
|
return result == 0 ? 0 : -1;
|
|
}
|
|
|
|
__attribute__((visibility("default"))) int openssl_verify_data(
|
|
const keymaster_device_t*, const void* params, const uint8_t* keyBlob,
|
|
const size_t keyBlobLength, const uint8_t* signedData, const size_t signedDataLength,
|
|
const uint8_t* signature, const size_t signatureLength) {
|
|
|
|
if (signedData == NULL || signature == NULL) {
|
|
ALOGW("data or signature buffers == NULL");
|
|
return -1;
|
|
}
|
|
|
|
Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
|
|
if (pkey.get() == NULL) {
|
|
return -1;
|
|
}
|
|
|
|
int type = EVP_PKEY_type(pkey->type);
|
|
if (type == EVP_PKEY_DSA) {
|
|
const keymaster_dsa_sign_params_t* sign_params =
|
|
reinterpret_cast<const keymaster_dsa_sign_params_t*>(params);
|
|
return verify_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params),
|
|
signedData, signedDataLength, signature, signatureLength);
|
|
} else if (type == EVP_PKEY_RSA) {
|
|
const keymaster_rsa_sign_params_t* sign_params =
|
|
reinterpret_cast<const keymaster_rsa_sign_params_t*>(params);
|
|
return verify_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params),
|
|
signedData, signedDataLength, signature, signatureLength);
|
|
} else if (type == EVP_PKEY_EC) {
|
|
const keymaster_ec_sign_params_t* sign_params =
|
|
reinterpret_cast<const keymaster_ec_sign_params_t*>(params);
|
|
return verify_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params),
|
|
signedData, signedDataLength, signature, signatureLength);
|
|
} else {
|
|
ALOGW("Unsupported key type %d", type);
|
|
return -1;
|
|
}
|
|
}
|