221 lines
9.9 KiB
C++
221 lines
9.9 KiB
C++
/*
|
|
* Copyright 2015 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include <keymaster/km_openssl/rsa_key_factory.h>
|
|
|
|
#include <keymaster/keymaster_context.h>
|
|
#include <keymaster/km_openssl/openssl_err.h>
|
|
#include <keymaster/km_openssl/openssl_utils.h>
|
|
#include <keymaster/km_openssl/rsa_key.h>
|
|
#include <keymaster/km_openssl/rsa_operation.h>
|
|
|
|
namespace keymaster {
|
|
|
|
const int kMaximumRsaKeySize = 4096; // OpenSSL fails above 4096.
|
|
const int kMinimumRsaKeySize = 16; // OpenSSL goes into an infinite loop if key size < 10
|
|
const int kMinimumRsaExponent = 3;
|
|
|
|
static RsaSigningOperationFactory sign_factory;
|
|
static RsaVerificationOperationFactory verify_factory;
|
|
static RsaEncryptionOperationFactory encrypt_factory;
|
|
static RsaDecryptionOperationFactory decrypt_factory;
|
|
|
|
OperationFactory* RsaKeyFactory::GetOperationFactory(keymaster_purpose_t purpose) const {
|
|
switch (purpose) {
|
|
case KM_PURPOSE_SIGN:
|
|
return &sign_factory;
|
|
case KM_PURPOSE_VERIFY:
|
|
return &verify_factory;
|
|
case KM_PURPOSE_ENCRYPT:
|
|
return &encrypt_factory;
|
|
case KM_PURPOSE_DECRYPT:
|
|
return &decrypt_factory;
|
|
default:
|
|
return nullptr;
|
|
}
|
|
}
|
|
|
|
keymaster_error_t RsaKeyFactory::GenerateKey(const AuthorizationSet& key_description,
|
|
UniquePtr<Key> attest_key, //
|
|
const KeymasterBlob& issuer_subject,
|
|
KeymasterKeyBlob* key_blob,
|
|
AuthorizationSet* hw_enforced,
|
|
AuthorizationSet* sw_enforced,
|
|
CertificateChain* cert_chain) const {
|
|
if (!key_blob || !hw_enforced || !sw_enforced) return KM_ERROR_OUTPUT_PARAMETER_NULL;
|
|
|
|
uint64_t public_exponent;
|
|
if (!key_description.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent)) {
|
|
LOG_E("No public exponent specified for RSA key generation", 0);
|
|
return KM_ERROR_INVALID_ARGUMENT;
|
|
}
|
|
if (public_exponent < kMinimumRsaExponent || public_exponent % 2 != 1) {
|
|
LOG_E("Invalid public exponent specified for RSA key generation", 0);
|
|
return KM_ERROR_INVALID_ARGUMENT;
|
|
}
|
|
|
|
uint32_t key_size;
|
|
if (!key_description.GetTagValue(TAG_KEY_SIZE, &key_size)) {
|
|
LOG_E("No key size specified for RSA key generation", 0);
|
|
return KM_ERROR_UNSUPPORTED_KEY_SIZE;
|
|
}
|
|
if (key_size % 8 != 0 || key_size > kMaximumRsaKeySize || key_size < kMinimumRsaKeySize) {
|
|
LOG_E("Invalid key size of %u bits specified for RSA key generation", key_size);
|
|
return KM_ERROR_UNSUPPORTED_KEY_SIZE;
|
|
}
|
|
|
|
BIGNUM_Ptr exponent(BN_new());
|
|
RSA_Ptr rsa_key(RSA_new());
|
|
EVP_PKEY_Ptr pkey(EVP_PKEY_new());
|
|
if (exponent.get() == nullptr || rsa_key.get() == nullptr || pkey.get() == nullptr) {
|
|
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
|
|
}
|
|
|
|
if (!BN_set_word(exponent.get(), public_exponent) ||
|
|
!RSA_generate_key_ex(rsa_key.get(), key_size, exponent.get(), nullptr /* callback */))
|
|
return TranslateLastOpenSslError();
|
|
|
|
if (EVP_PKEY_set1_RSA(pkey.get(), rsa_key.get()) != 1) return TranslateLastOpenSslError();
|
|
|
|
KeymasterKeyBlob key_material;
|
|
keymaster_error_t error = EvpKeyToKeyMaterial(pkey.get(), &key_material);
|
|
if (error != KM_ERROR_OK) return error;
|
|
|
|
error = blob_maker_.CreateKeyBlob(key_description, KM_ORIGIN_GENERATED, key_material, key_blob,
|
|
hw_enforced, sw_enforced);
|
|
if (error != KM_ERROR_OK) return error;
|
|
|
|
if (context_.GetKmVersion() < KmVersion::KEYMINT_1) return KM_ERROR_OK;
|
|
if (!cert_chain) return KM_ERROR_UNEXPECTED_NULL_POINTER;
|
|
|
|
RsaKey key(*hw_enforced, *sw_enforced, this, move(rsa_key));
|
|
if (key_description.Contains(TAG_ATTESTATION_CHALLENGE)) {
|
|
*cert_chain = context_.GenerateAttestation(key, key_description, move(attest_key),
|
|
issuer_subject, &error);
|
|
} else if (attest_key.get() != nullptr) {
|
|
return KM_ERROR_ATTESTATION_CHALLENGE_MISSING;
|
|
} else {
|
|
bool fake_signature = key_size < 1024 || !IsCertSigningKey(key_description);
|
|
*cert_chain =
|
|
context_.GenerateSelfSignedCertificate(key, key_description, fake_signature, &error);
|
|
}
|
|
|
|
return error;
|
|
}
|
|
|
|
keymaster_error_t RsaKeyFactory::ImportKey(const AuthorizationSet& key_description, //
|
|
keymaster_key_format_t input_key_material_format,
|
|
const KeymasterKeyBlob& input_key_material,
|
|
UniquePtr<Key> attest_key, //
|
|
const KeymasterBlob& issuer_subject,
|
|
KeymasterKeyBlob* output_key_blob,
|
|
AuthorizationSet* hw_enforced,
|
|
AuthorizationSet* sw_enforced,
|
|
CertificateChain* cert_chain) const {
|
|
if (!output_key_blob || !hw_enforced || !sw_enforced) return KM_ERROR_OUTPUT_PARAMETER_NULL;
|
|
|
|
AuthorizationSet authorizations;
|
|
uint64_t public_exponent;
|
|
uint32_t key_size;
|
|
keymaster_error_t error =
|
|
UpdateImportKeyDescription(key_description, input_key_material_format, input_key_material,
|
|
&authorizations, &public_exponent, &key_size);
|
|
if (error != KM_ERROR_OK) return error;
|
|
error = blob_maker_.CreateKeyBlob(authorizations, KM_ORIGIN_IMPORTED, input_key_material,
|
|
output_key_blob, hw_enforced, sw_enforced);
|
|
if (error != KM_ERROR_OK) return error;
|
|
|
|
if (context_.GetKmVersion() < KmVersion::KEYMINT_1) return KM_ERROR_OK;
|
|
if (!cert_chain) return KM_ERROR_UNEXPECTED_NULL_POINTER;
|
|
|
|
EVP_PKEY_Ptr pkey;
|
|
error = KeyMaterialToEvpKey(KM_KEY_FORMAT_PKCS8, input_key_material, KM_ALGORITHM_RSA, &pkey);
|
|
if (error != KM_ERROR_OK) return error;
|
|
|
|
RSA_Ptr rsa_key(EVP_PKEY_get1_RSA(pkey.get()));
|
|
if (!rsa_key.get()) return KM_ERROR_INVALID_ARGUMENT;
|
|
|
|
RsaKey key(*hw_enforced, *sw_enforced, this, move(rsa_key));
|
|
if (key_description.Contains(KM_TAG_ATTESTATION_CHALLENGE)) {
|
|
*cert_chain = context_.GenerateAttestation(key, key_description, move(attest_key),
|
|
issuer_subject, &error);
|
|
} else if (attest_key.get() != nullptr) {
|
|
return KM_ERROR_ATTESTATION_CHALLENGE_MISSING;
|
|
} else {
|
|
bool fake_signature = key_size < 1024 || !IsCertSigningKey(key_description);
|
|
*cert_chain =
|
|
context_.GenerateSelfSignedCertificate(key, key_description, fake_signature, &error);
|
|
}
|
|
|
|
return error;
|
|
}
|
|
|
|
keymaster_error_t RsaKeyFactory::UpdateImportKeyDescription(const AuthorizationSet& key_description,
|
|
keymaster_key_format_t key_format,
|
|
const KeymasterKeyBlob& key_material,
|
|
AuthorizationSet* updated_description,
|
|
uint64_t* public_exponent,
|
|
uint32_t* key_size) const {
|
|
if (!updated_description || !public_exponent || !key_size)
|
|
return KM_ERROR_OUTPUT_PARAMETER_NULL;
|
|
|
|
EVP_PKEY_Ptr pkey;
|
|
keymaster_error_t error =
|
|
KeyMaterialToEvpKey(key_format, key_material, keymaster_key_type(), &pkey);
|
|
if (error != KM_ERROR_OK) return error;
|
|
|
|
RSA_Ptr rsa_key(EVP_PKEY_get1_RSA(pkey.get()));
|
|
if (!rsa_key.get()) return TranslateLastOpenSslError();
|
|
|
|
updated_description->Reinitialize(key_description);
|
|
|
|
*public_exponent = BN_get_word(rsa_key->e);
|
|
if (*public_exponent == 0xffffffffL) return KM_ERROR_INVALID_KEY_BLOB;
|
|
if (!updated_description->GetTagValue(TAG_RSA_PUBLIC_EXPONENT, public_exponent))
|
|
updated_description->push_back(TAG_RSA_PUBLIC_EXPONENT, *public_exponent);
|
|
if (*public_exponent != BN_get_word(rsa_key->e)) {
|
|
LOG_E("Imported public exponent (%u) does not match specified public exponent (%u)",
|
|
*public_exponent, BN_get_word(rsa_key->e));
|
|
return KM_ERROR_IMPORT_PARAMETER_MISMATCH;
|
|
}
|
|
|
|
*key_size = RSA_size(rsa_key.get()) * 8;
|
|
if (!updated_description->GetTagValue(TAG_KEY_SIZE, key_size))
|
|
updated_description->push_back(TAG_KEY_SIZE, *key_size);
|
|
if (RSA_size(rsa_key.get()) * 8 != *key_size) {
|
|
LOG_E("Imported key size (%u bits) does not match specified key size (%u bits)",
|
|
RSA_size(rsa_key.get()) * 8, *key_size);
|
|
return KM_ERROR_IMPORT_PARAMETER_MISMATCH;
|
|
}
|
|
|
|
keymaster_algorithm_t algorithm = KM_ALGORITHM_RSA;
|
|
if (!updated_description->GetTagValue(TAG_ALGORITHM, &algorithm))
|
|
updated_description->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
|
|
if (algorithm != KM_ALGORITHM_RSA) return KM_ERROR_IMPORT_PARAMETER_MISMATCH;
|
|
|
|
return KM_ERROR_OK;
|
|
}
|
|
|
|
keymaster_error_t RsaKeyFactory::CreateEmptyKey(AuthorizationSet&& hw_enforced,
|
|
AuthorizationSet&& sw_enforced,
|
|
UniquePtr<AsymmetricKey>* key) const {
|
|
key->reset(new (std::nothrow) RsaKey(move(hw_enforced), move(sw_enforced), this));
|
|
if (!(*key)) return KM_ERROR_MEMORY_ALLOCATION_FAILED;
|
|
return KM_ERROR_OK;
|
|
}
|
|
|
|
} // namespace keymaster
|