king
/
v811_spc009
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8f4c154c05'
${ noResults }
v811_spc009/system/keymaster/km_openssl/openssl_utils.cpp

176 lines
6.3 KiB
Raw Blame History

/*
* Copyright 2015 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <keymaster/km_openssl/openssl_utils.h>
#include <keymaster/android_keymaster_utils.h>
#include <openssl/rand.h>
#include <keymaster/km_openssl/openssl_err.h>
namespace keymaster {
constexpr uint32_t kAffinePointLength = 32;
keymaster_error_t ec_get_group_size(const EC_GROUP* group, size_t* key_size_bits) {
switch (EC_GROUP_get_curve_name(group)) {
case NID_secp224r1:
*key_size_bits = 224;
break;
case NID_X9_62_prime256v1:
*key_size_bits = 256;
break;
case NID_secp384r1:
*key_size_bits = 384;
break;
case NID_secp521r1:
*key_size_bits = 521;
break;
default:
return KM_ERROR_UNSUPPORTED_EC_FIELD;
}
return KM_ERROR_OK;
}
EC_GROUP* ec_get_group(keymaster_ec_curve_t curve) {
switch (curve) {
case KM_EC_CURVE_P_224:
return EC_GROUP_new_by_curve_name(NID_secp224r1);
break;
case KM_EC_CURVE_P_256:
return EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
break;
case KM_EC_CURVE_P_384:
return EC_GROUP_new_by_curve_name(NID_secp384r1);
break;
case KM_EC_CURVE_P_521:
return EC_GROUP_new_by_curve_name(NID_secp521r1);
break;
default:
return nullptr;
break;
}
}
static int convert_to_evp(keymaster_algorithm_t algorithm) {
switch (algorithm) {
case KM_ALGORITHM_RSA:
return EVP_PKEY_RSA;
case KM_ALGORITHM_EC:
return EVP_PKEY_EC;
default:
return -1;
};
}
keymaster_error_t convert_pkcs8_blob_to_evp(const uint8_t* key_data, size_t key_length,
keymaster_algorithm_t expected_algorithm,
UniquePtr<EVP_PKEY, EVP_PKEY_Delete>* pkey) {
if (key_data == nullptr || key_length <= 0) return KM_ERROR_INVALID_KEY_BLOB;
UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> pkcs8(
d2i_PKCS8_PRIV_KEY_INFO(nullptr, &key_data, key_length));
if (pkcs8.get() == nullptr) return TranslateLastOpenSslError(true /* log_message */);
pkey->reset(EVP_PKCS82PKEY(pkcs8.get()));
if (!pkey->get()) return TranslateLastOpenSslError(true /* log_message */);
if (EVP_PKEY_type((*pkey)->type) != convert_to_evp(expected_algorithm)) {
LOG_E("EVP key algorithm was %d, not the expected %d", EVP_PKEY_type((*pkey)->type),
convert_to_evp(expected_algorithm));
return KM_ERROR_INVALID_KEY_BLOB;
}
return KM_ERROR_OK;
}
keymaster_error_t KeyMaterialToEvpKey(keymaster_key_format_t key_format,
const KeymasterKeyBlob& key_material,
keymaster_algorithm_t expected_algorithm,
EVP_PKEY_Ptr* pkey) {
if (key_format != KM_KEY_FORMAT_PKCS8) return KM_ERROR_UNSUPPORTED_KEY_FORMAT;
return convert_pkcs8_blob_to_evp(key_material.key_material, key_material.key_material_size,
expected_algorithm, pkey);
}
keymaster_error_t EvpKeyToKeyMaterial(const EVP_PKEY* pkey, KeymasterKeyBlob* key_blob) {
int key_data_size = i2d_PrivateKey(pkey, nullptr /* key_data*/);
if (key_data_size <= 0) return TranslateLastOpenSslError();
if (!key_blob->Reset(key_data_size)) return KM_ERROR_MEMORY_ALLOCATION_FAILED;
uint8_t* tmp = key_blob->writable_data();
i2d_PrivateKey(pkey, &tmp);
return KM_ERROR_OK;
}
// Remote provisioning helper function
keymaster_error_t GetEcdsa256KeyFromCert(const keymaster_blob_t* km_cert, uint8_t* x_coord,
size_t x_length, uint8_t* y_coord, size_t y_length) {
if (km_cert == nullptr || x_coord == nullptr || y_coord == nullptr) {
return KM_ERROR_UNEXPECTED_NULL_POINTER;
}
if (x_length != kAffinePointLength || y_length != kAffinePointLength) {
return KM_ERROR_INVALID_ARGUMENT;
}
const uint8_t* temp = km_cert->data;
X509_Ptr cert(d2i_X509(NULL, &temp, km_cert->data_length));
if (!cert.get()) return TranslateLastOpenSslError();
EVP_PKEY_Ptr pubKey(X509_get_pubkey(cert.get()));
if (!pubKey.get()) return TranslateLastOpenSslError();
EC_KEY* ecKey = EVP_PKEY_get0_EC_KEY(pubKey.get());
if (!ecKey) return TranslateLastOpenSslError();
const EC_POINT* jacobian_coords = EC_KEY_get0_public_key(ecKey);
if (!jacobian_coords) return TranslateLastOpenSslError();
bssl::UniquePtr<BIGNUM> x(BN_new());
bssl::UniquePtr<BIGNUM> y(BN_new());
BN_CTX_Ptr ctx(BN_CTX_new());
if (!ctx.get()) return TranslateLastOpenSslError();
if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ecKey), jacobian_coords, x.get(),
y.get(), ctx.get())) {
return TranslateLastOpenSslError();
}
uint8_t* tmp_x = x_coord;
if (BN_bn2binpad(x.get(), tmp_x, kAffinePointLength) != kAffinePointLength) {
return TranslateLastOpenSslError();
}
uint8_t* tmp_y = y_coord;
if (BN_bn2binpad(y.get(), tmp_y, kAffinePointLength) != kAffinePointLength) {
return TranslateLastOpenSslError();
}
return KM_ERROR_OK;
}
size_t ec_group_size_bits(EC_KEY* ec_key) {
const EC_GROUP* group = EC_KEY_get0_group(ec_key);
UniquePtr<BN_CTX, BN_CTX_Delete> bn_ctx(BN_CTX_new());
UniquePtr<BIGNUM, BIGNUM_Delete> order(BN_new());
if (!EC_GROUP_get_order(group, order.get(), bn_ctx.get())) {
LOG_E("Failed to get EC group order", 0);
return 0;
}
return BN_num_bits(order.get());
}
keymaster_error_t GenerateRandom(uint8_t* buf, size_t length) {
if (RAND_bytes(buf, length) != 1) return KM_ERROR_UNKNOWN_ERROR;
return KM_ERROR_OK;
}
} // namespace keymaster
Reference in new issue View Git Blame Copy Permalink