/* * Copyright 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include namespace keymaster { static EcdsaSignOperationFactory sign_factory; static EcdsaVerifyOperationFactory verify_factory; static EcdhOperationFactory agree_key_factory; OperationFactory* EcKeyFactory::GetOperationFactory(keymaster_purpose_t purpose) const { switch (purpose) { case KM_PURPOSE_SIGN: return &sign_factory; case KM_PURPOSE_VERIFY: return &verify_factory; case KM_PURPOSE_AGREE_KEY: return &agree_key_factory; default: return nullptr; } } /* static */ keymaster_error_t EcKeyFactory::GetCurveAndSize(const AuthorizationSet& key_description, keymaster_ec_curve_t* curve, uint32_t* key_size_bits) { if (!key_description.GetTagValue(TAG_EC_CURVE, curve)) { // Curve not specified. Fall back to deducing curve from key size. if (!key_description.GetTagValue(TAG_KEY_SIZE, key_size_bits)) { LOG_E("%s", "No curve or key size specified for EC key generation"); return KM_ERROR_UNSUPPORTED_KEY_SIZE; } keymaster_error_t error = EcKeySizeToCurve(*key_size_bits, curve); if (error != KM_ERROR_OK) { return KM_ERROR_UNSUPPORTED_KEY_SIZE; } } else { keymaster_error_t error = EcCurveToKeySize(*curve, key_size_bits); if (error != KM_ERROR_OK) { return error; } uint32_t tag_key_size_bits; if (key_description.GetTagValue(TAG_KEY_SIZE, &tag_key_size_bits) && *key_size_bits != tag_key_size_bits) { LOG_E("Curve key size %d and specified key size %d don't match", key_size_bits, tag_key_size_bits); return KM_ERROR_INVALID_ARGUMENT; } } return KM_ERROR_OK; } keymaster_error_t EcKeyFactory::GenerateKey(const AuthorizationSet& key_description, UniquePtr attest_key, // const KeymasterBlob& issuer_subject, KeymasterKeyBlob* key_blob, AuthorizationSet* hw_enforced, AuthorizationSet* sw_enforced, CertificateChain* cert_chain) const { if (!key_blob || !hw_enforced || !sw_enforced) return KM_ERROR_OUTPUT_PARAMETER_NULL; AuthorizationSet authorizations(key_description); keymaster_ec_curve_t ec_curve; uint32_t key_size; keymaster_error_t error = GetCurveAndSize(authorizations, &ec_curve, &key_size); if (error != KM_ERROR_OK) { return error; } else if (!authorizations.Contains(TAG_KEY_SIZE, key_size)) { authorizations.push_back(TAG_KEY_SIZE, key_size); } else if (!authorizations.Contains(TAG_EC_CURVE, ec_curve)) { authorizations.push_back(TAG_EC_CURVE, ec_curve); } UniquePtr ec_key(EC_KEY_new()); UniquePtr pkey(EVP_PKEY_new()); if (ec_key.get() == nullptr || pkey.get() == nullptr) return KM_ERROR_MEMORY_ALLOCATION_FAILED; UniquePtr group(ChooseGroup(ec_curve)); if (group.get() == nullptr) { LOG_E("Unable to get EC group for curve %d", ec_curve); return KM_ERROR_UNSUPPORTED_KEY_SIZE; } #if !defined(OPENSSL_IS_BORINGSSL) EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED); EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE); #endif if (EC_KEY_set_group(ec_key.get(), group.get()) != 1 || EC_KEY_generate_key(ec_key.get()) != 1 || EC_KEY_check_key(ec_key.get()) < 0) { return TranslateLastOpenSslError(); } if (EVP_PKEY_set1_EC_KEY(pkey.get(), ec_key.get()) != 1) return TranslateLastOpenSslError(); KeymasterKeyBlob key_material; error = EvpKeyToKeyMaterial(pkey.get(), &key_material); if (error != KM_ERROR_OK) return error; error = blob_maker_.CreateKeyBlob(authorizations, KM_ORIGIN_GENERATED, key_material, key_blob, hw_enforced, sw_enforced); if (error != KM_ERROR_OK) return error; if (context_.GetKmVersion() < KmVersion::KEYMINT_1) return KM_ERROR_OK; if (!cert_chain) return KM_ERROR_UNEXPECTED_NULL_POINTER; EcKey key(*hw_enforced, *sw_enforced, this, move(ec_key)); if (key_description.Contains(TAG_ATTESTATION_CHALLENGE)) { *cert_chain = context_.GenerateAttestation(key, key_description, move(attest_key), issuer_subject, &error); } else if (attest_key.get() != nullptr) { return KM_ERROR_ATTESTATION_CHALLENGE_MISSING; } else { *cert_chain = context_.GenerateSelfSignedCertificate( key, key_description, !key_description.Contains(TAG_PURPOSE, KM_PURPOSE_SIGN) /* fake_signature */, &error); } return error; } keymaster_error_t EcKeyFactory::ImportKey(const AuthorizationSet& key_description, // keymaster_key_format_t input_key_material_format, const KeymasterKeyBlob& input_key_material, UniquePtr attest_key, // const KeymasterBlob& issuer_subject, KeymasterKeyBlob* output_key_blob, AuthorizationSet* hw_enforced, AuthorizationSet* sw_enforced, CertificateChain* cert_chain) const { if (!output_key_blob || !hw_enforced || !sw_enforced) return KM_ERROR_OUTPUT_PARAMETER_NULL; AuthorizationSet authorizations; uint32_t key_size; keymaster_error_t error = UpdateImportKeyDescription( key_description, input_key_material_format, input_key_material, &authorizations, &key_size); if (error != KM_ERROR_OK) return error; error = blob_maker_.CreateKeyBlob(authorizations, KM_ORIGIN_IMPORTED, input_key_material, output_key_blob, hw_enforced, sw_enforced); if (error != KM_ERROR_OK) return error; if (context_.GetKmVersion() < KmVersion::KEYMINT_1) return KM_ERROR_OK; if (!cert_chain) return KM_ERROR_UNEXPECTED_NULL_POINTER; EVP_PKEY_Ptr pkey; error = KeyMaterialToEvpKey(KM_KEY_FORMAT_PKCS8, input_key_material, KM_ALGORITHM_EC, &pkey); if (error != KM_ERROR_OK) return error; EC_KEY_Ptr ec_key(EVP_PKEY_get1_EC_KEY(pkey.get())); if (!ec_key.get()) return KM_ERROR_INVALID_ARGUMENT; EcKey key(*hw_enforced, *sw_enforced, this, move(ec_key)); if (key_description.Contains(KM_TAG_ATTESTATION_CHALLENGE)) { *cert_chain = context_.GenerateAttestation(key, key_description, move(attest_key), issuer_subject, &error); } else if (attest_key.get() != nullptr) { return KM_ERROR_ATTESTATION_CHALLENGE_MISSING; } else { *cert_chain = context_.GenerateSelfSignedCertificate( key, key_description, !key_description.Contains(TAG_PURPOSE, KM_PURPOSE_SIGN) /* fake_signature */, &error); } return error; } keymaster_error_t EcKeyFactory::UpdateImportKeyDescription(const AuthorizationSet& key_description, keymaster_key_format_t key_format, const KeymasterKeyBlob& key_material, AuthorizationSet* updated_description, uint32_t* key_size_bits) const { if (!updated_description || !key_size_bits) return KM_ERROR_OUTPUT_PARAMETER_NULL; UniquePtr pkey; keymaster_error_t error = KeyMaterialToEvpKey(key_format, key_material, keymaster_key_type(), &pkey); if (error != KM_ERROR_OK) return error; UniquePtr ec_key(EVP_PKEY_get1_EC_KEY(pkey.get())); if (!ec_key.get()) return TranslateLastOpenSslError(); updated_description->Reinitialize(key_description); size_t extracted_key_size_bits; error = ec_get_group_size(EC_KEY_get0_group(ec_key.get()), &extracted_key_size_bits); if (error != KM_ERROR_OK) return error; *key_size_bits = extracted_key_size_bits; if (!updated_description->GetTagValue(TAG_KEY_SIZE, key_size_bits)) { updated_description->push_back(TAG_KEY_SIZE, extracted_key_size_bits); } else if (*key_size_bits != extracted_key_size_bits) { return KM_ERROR_IMPORT_PARAMETER_MISMATCH; } keymaster_ec_curve_t curve_from_size; error = EcKeySizeToCurve(*key_size_bits, &curve_from_size); if (error != KM_ERROR_OK) return error; keymaster_ec_curve_t curve; if (!updated_description->GetTagValue(TAG_EC_CURVE, &curve)) { updated_description->push_back(TAG_EC_CURVE, curve_from_size); } else if (curve_from_size != curve) { return KM_ERROR_IMPORT_PARAMETER_MISMATCH; } keymaster_algorithm_t algorithm = KM_ALGORITHM_EC; if (!updated_description->GetTagValue(TAG_ALGORITHM, &algorithm)) { updated_description->push_back(TAG_ALGORITHM, KM_ALGORITHM_EC); } else if (algorithm != KM_ALGORITHM_EC) { return KM_ERROR_IMPORT_PARAMETER_MISMATCH; } return KM_ERROR_OK; } /* static */ EC_GROUP* EcKeyFactory::ChooseGroup(size_t key_size_bits) { switch (key_size_bits) { case 224: return EC_GROUP_new_by_curve_name(NID_secp224r1); break; case 256: return EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); break; case 384: return EC_GROUP_new_by_curve_name(NID_secp384r1); break; case 521: return EC_GROUP_new_by_curve_name(NID_secp521r1); break; default: return nullptr; break; } } /* static */ EC_GROUP* EcKeyFactory::ChooseGroup(keymaster_ec_curve_t ec_curve) { switch (ec_curve) { case KM_EC_CURVE_P_224: return EC_GROUP_new_by_curve_name(NID_secp224r1); break; case KM_EC_CURVE_P_256: return EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); break; case KM_EC_CURVE_P_384: return EC_GROUP_new_by_curve_name(NID_secp384r1); break; case KM_EC_CURVE_P_521: return EC_GROUP_new_by_curve_name(NID_secp521r1); break; default: return nullptr; break; } } keymaster_error_t EcKeyFactory::CreateEmptyKey(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, UniquePtr* key) const { key->reset(new (std::nothrow) EcKey(move(hw_enforced), move(sw_enforced), this)); if (!(*key)) return KM_ERROR_MEMORY_ALLOCATION_FAILED; return KM_ERROR_OK; } } // namespace keymaster