1 /* 2 * Copyright (C) 2012 Samsung Electronics Co., LTD 3 * Copyright (C) 2012 The Android Open Source Project 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 #include <errno.h> 19 #include <string.h> 20 #include <stdint.h> 21 22 #include <keystore.h> 23 24 #include <hardware/hardware.h> 25 #include <hardware/keymaster.h> 26 27 #include <openssl/evp.h> 28 #include <openssl/bio.h> 29 #include <openssl/rsa.h> 30 #include <openssl/err.h> 31 #include <openssl/x509.h> 32 33 #include <utils/UniquePtr.h> 34 35 #define LOG_TAG "ExynosKeyMaster" 36 #include <cutils/log.h> 37 38 #include <tlcTeeKeymaster_if.h> 39 40 #define RSA_KEY_BUFFER_SIZE 1536 41 #define RSA_KEY_MAX_SIZE (2048 >> 3) 42 43 struct BIGNUM_Delete { 44 void operator()(BIGNUM* p) const { 45 BN_free(p); 46 } 47 }; 48 typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 49 50 struct EVP_PKEY_Delete { 51 void operator()(EVP_PKEY* p) const { 52 EVP_PKEY_free(p); 53 } 54 }; 55 typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 56 57 struct PKCS8_PRIV_KEY_INFO_Delete { 58 void operator()(PKCS8_PRIV_KEY_INFO* p) const { 59 PKCS8_PRIV_KEY_INFO_free(p); 60 } 61 }; 62 typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 63 64 struct RSA_Delete { 65 void operator()(RSA* p) const { 66 RSA_free(p); 67 } 68 }; 69 typedef UniquePtr<RSA, RSA_Delete> Unique_RSA; 70 71 typedef UniquePtr<keymaster_device_t> Unique_keymaster_device_t; 72 73 /** 74 * Many OpenSSL APIs take ownership of an argument on success but don't free the argument 75 * on failure. This means we need to tell our scoped pointers when we've transferred ownership, 76 * without triggering a warning by not using the result of release(). 77 */ 78 #define OWNERSHIP_TRANSFERRED(obj) \ 79 typeof (obj.release()) _dummy __attribute__((unused)) = obj.release() 80 81 /* 82 * Checks this thread's error queue and logs if necessary. 83 */ 84 static void logOpenSSLError(const char* location) { 85 int error = ERR_get_error(); 86 87 if (error != 0) { 88 char message[256]; 89 ERR_error_string_n(error, message, sizeof(message)); 90 ALOGE("OpenSSL error in %s %d: %s", location, error, message); 91 } 92 93 ERR_clear_error(); 94 ERR_remove_state(0); 95 } 96 97 static int exynos_km_generate_keypair(const keymaster_device_t* dev, 98 const keymaster_keypair_t key_type, const void* key_params, 99 uint8_t** keyBlob, size_t* keyBlobLength) { 100 teeResult_t ret = TEE_ERR_NONE; 101 102 if (key_type != TYPE_RSA) { 103 ALOGE("Unsupported key type %d", key_type); 104 return -1; 105 } else if (key_params == NULL) { 106 ALOGE("key_params == null"); 107 return -1; 108 } 109 110 keymaster_rsa_keygen_params_t* rsa_params = (keymaster_rsa_keygen_params_t*) key_params; 111 112 if ((rsa_params->modulus_size != 512) && 113 (rsa_params->modulus_size != 1024) && 114 (rsa_params->modulus_size != 2048)) { 115 ALOGE("key size(%d) is not supported\n", rsa_params->modulus_size); 116 return -1; 117 } 118 119 UniquePtr<uint8_t> keyDataPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_BUFFER_SIZE))); 120 if (keyDataPtr.get() == NULL) { 121 ALOGE("memory allocation is failed"); 122 return -1; 123 } 124 125 ret = TEE_RSAGenerateKeyPair(TEE_KEYPAIR_RSACRT, keyDataPtr.get(), RSA_KEY_BUFFER_SIZE, 126 rsa_params->modulus_size, (uint32_t)rsa_params->public_exponent, 127 keyBlobLength); 128 if (ret != TEE_ERR_NONE) { 129 ALOGE("TEE_RSAGenerateKeyPair() is failed: %d", ret); 130 return -1; 131 } 132 133 *keyBlob = keyDataPtr.release(); 134 135 return 0; 136 } 137 138 static int exynos_km_import_keypair(const keymaster_device_t* dev, 139 const uint8_t* key, const size_t key_length, 140 uint8_t** key_blob, size_t* key_blob_length) { 141 uint8_t kbuf[RSA_KEY_BUFFER_SIZE]; 142 teeRsaKeyMeta_t metadata; 143 uint32_t key_len = 0; 144 teeResult_t ret = TEE_ERR_NONE; 145 146 if (key == NULL) { 147 ALOGE("input key == NULL"); 148 return -1; 149 } else if (key_blob == NULL || key_blob_length == NULL) { 150 ALOGE("output key blob or length == NULL"); 151 return -1; 152 } 153 154 /* decoding */ 155 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length)); 156 if (pkcs8.get() == NULL) { 157 logOpenSSLError("pkcs4.get"); 158 return -1; 159 } 160 161 /* assign to EVP */ 162 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get())); 163 if (pkey.get() == NULL) { 164 logOpenSSLError("pkey.get"); 165 return -1; 166 } 167 OWNERSHIP_TRANSFERRED(pkcs8); 168 169 /* change key format */ 170 RSA* rsa = pkey.get()->pkey.rsa; 171 if (rsa == NULL) { 172 logOpenSSLError("get rsa key format"); 173 return -1; 174 } 175 176 key_len += sizeof(metadata); 177 178 metadata.lenpubmod = BN_bn2bin(rsa->n, kbuf + key_len); 179 key_len += metadata.lenpubmod; 180 if (metadata.lenpubmod == (512 >> 3)) 181 metadata.keysize = TEE_RSA_KEY_SIZE_512; 182 else if (metadata.lenpubmod == (1024 >> 3)) 183 metadata.keysize = TEE_RSA_KEY_SIZE_1024; 184 else if (metadata.lenpubmod == (2048 >> 3)) 185 metadata.keysize = TEE_RSA_KEY_SIZE_2048; 186 else { 187 ALOGE("key size(%d) is not supported\n", metadata.lenpubmod << 3); 188 return -1; 189 } 190 191 metadata.lenpubexp = BN_bn2bin(rsa->e, kbuf + key_len); 192 key_len += metadata.lenpubexp; 193 194 if ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && 195 (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) 196 { 197 metadata.keytype = TEE_KEYPAIR_RSACRT; 198 metadata.rsacrtpriv.lenp = BN_bn2bin(rsa->p, kbuf + key_len); 199 key_len += metadata.rsacrtpriv.lenp; 200 metadata.rsacrtpriv.lenq = BN_bn2bin(rsa->q, kbuf + key_len); 201 key_len += metadata.rsacrtpriv.lenq; 202 metadata.rsacrtpriv.lendp = BN_bn2bin(rsa->dmp1, kbuf + key_len); 203 key_len += metadata.rsacrtpriv.lendp; 204 metadata.rsacrtpriv.lendq = BN_bn2bin(rsa->dmq1, kbuf + key_len); 205 key_len += metadata.rsacrtpriv.lendq; 206 metadata.rsacrtpriv.lenqinv = BN_bn2bin(rsa->iqmp, kbuf + key_len); 207 key_len += metadata.rsacrtpriv.lenqinv; 208 } else { 209 metadata.keytype = TEE_KEYPAIR_RSA; 210 metadata.rsapriv.lenpriexp = BN_bn2bin(rsa->p, kbuf + key_len); 211 key_len += metadata.rsapriv.lenprimod; 212 } 213 memcpy(kbuf, &metadata, sizeof(metadata)); 214 215 UniquePtr<uint8_t> outPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_BUFFER_SIZE))); 216 if (outPtr.get() == NULL) { 217 ALOGE("memory allocation is failed"); 218 return -1; 219 } 220 221 *key_blob_length = RSA_KEY_BUFFER_SIZE; 222 223 ret = TEE_KeyImport(kbuf, key_len, outPtr.get(), key_blob_length); 224 if (ret != TEE_ERR_NONE) { 225 ALOGE("TEE_KeyImport() is failed: %d", ret); 226 return -1; 227 } 228 229 *key_blob = outPtr.release(); 230 231 return 0; 232 } 233 234 static int exynos_km_get_keypair_public(const struct keymaster_device* dev, 235 const uint8_t* key_blob, const size_t key_blob_length, 236 uint8_t** x509_data, size_t* x509_data_length) { 237 uint32_t bin_mod_len; 238 uint32_t bin_exp_len; 239 teeResult_t ret = TEE_ERR_NONE; 240 241 if (x509_data == NULL || x509_data_length == NULL) { 242 ALOGE("output public key buffer == NULL"); 243 return -1; 244 } 245 246 UniquePtr<uint8_t> binModPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_MAX_SIZE))); 247 if (binModPtr.get() == NULL) { 248 ALOGE("memory allocation is failed"); 249 return -1; 250 } 251 252 UniquePtr<uint8_t> binExpPtr(reinterpret_cast<uint8_t*>(malloc(sizeof(uint32_t)))); 253 if (binExpPtr.get() == NULL) { 254 ALOGE("memory allocation is failed"); 255 return -1; 256 } 257 258 bin_mod_len = RSA_KEY_MAX_SIZE; 259 bin_exp_len = sizeof(uint32_t); 260 261 ret = TEE_GetPubKey(key_blob, key_blob_length, binModPtr.get(), &bin_mod_len, binExpPtr.get(), 262 &bin_exp_len); 263 if (ret != TEE_ERR_NONE) { 264 ALOGE("TEE_GetPubKey() is failed: %d", ret); 265 return -1; 266 } 267 268 Unique_BIGNUM bn_mod(BN_new()); 269 if (bn_mod.get() == NULL) { 270 ALOGE("memory allocation is failed"); 271 return -1; 272 } 273 274 Unique_BIGNUM bn_exp(BN_new()); 275 if (bn_exp.get() == NULL) { 276 ALOGE("memory allocation is failed"); 277 return -1; 278 } 279 280 BN_bin2bn(binModPtr.get(), bin_mod_len, bn_mod.get()); 281 BN_bin2bn(binExpPtr.get(), bin_exp_len, bn_exp.get()); 282 283 /* assign to RSA */ 284 Unique_RSA rsa(RSA_new()); 285 if (rsa.get() == NULL) { 286 logOpenSSLError("rsa.get"); 287 return -1; 288 } 289 290 RSA* rsa_tmp = rsa.get(); 291 292 rsa_tmp->n = bn_mod.release(); 293 rsa_tmp->e = bn_exp.release(); 294 295 /* assign to EVP */ 296 Unique_EVP_PKEY pkey(EVP_PKEY_new()); 297 if (pkey.get() == NULL) { 298 logOpenSSLError("allocate EVP_PKEY"); 299 return -1; 300 } 301 302 if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) == 0) { 303 logOpenSSLError("assing RSA to EVP_PKEY"); 304 return -1; 305 } 306 OWNERSHIP_TRANSFERRED(rsa); 307 308 /* change to x.509 format */ 309 int len = i2d_PUBKEY(pkey.get(), NULL); 310 if (len <= 0) { 311 logOpenSSLError("i2d_PUBKEY"); 312 return -1; 313 } 314 315 UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len))); 316 if (key.get() == NULL) { 317 ALOGE("Could not allocate memory for public key data"); 318 return -1; 319 } 320 321 unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get()); 322 if (i2d_PUBKEY(pkey.get(), &tmp) != len) { 323 logOpenSSLError("Compare results"); 324 return -1; 325 } 326 327 *x509_data_length = len; 328 *x509_data = key.release(); 329 330 return 0; 331 } 332 333 static int exynos_km_sign_data(const keymaster_device_t* dev, 334 const void* params, 335 const uint8_t* keyBlob, const size_t keyBlobLength, 336 const uint8_t* data, const size_t dataLength, 337 uint8_t** signedData, size_t* signedDataLength) { 338 teeResult_t ret = TEE_ERR_NONE; 339 340 if (data == NULL) { 341 ALOGE("input data to sign == NULL"); 342 return -1; 343 } else if (signedData == NULL || signedDataLength == NULL) { 344 ALOGE("output signature buffer == NULL"); 345 return -1; 346 } 347 348 keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params; 349 if (sign_params->digest_type != DIGEST_NONE) { 350 ALOGE("Cannot handle digest type %d", sign_params->digest_type); 351 return -1; 352 } else if (sign_params->padding_type != PADDING_NONE) { 353 ALOGE("Cannot handle padding type %d", sign_params->padding_type); 354 return -1; 355 } 356 357 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_MAX_SIZE))); 358 if (signedDataPtr.get() == NULL) { 359 ALOGE("memory allocation is failed"); 360 return -1; 361 } 362 363 *signedDataLength = RSA_KEY_MAX_SIZE; 364 365 ret = TEE_RSASign(keyBlob, keyBlobLength, data, dataLength, signedDataPtr.get(), 366 signedDataLength, TEE_RSA_NODIGEST_NOPADDING); 367 if (ret != TEE_ERR_NONE) { 368 ALOGE("TEE_RSASign() is failed: %d", ret); 369 return -1; 370 } 371 372 *signedData = signedDataPtr.release(); 373 374 return 0; 375 } 376 377 static int exynos_km_verify_data(const keymaster_device_t* dev, 378 const void* params, 379 const uint8_t* keyBlob, const size_t keyBlobLength, 380 const uint8_t* signedData, const size_t signedDataLength, 381 const uint8_t* signature, const size_t signatureLength) { 382 bool result; 383 teeResult_t ret = TEE_ERR_NONE; 384 385 if (signedData == NULL || signature == NULL) { 386 ALOGE("data or signature buffers == NULL"); 387 return -1; 388 } 389 390 keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params; 391 if (sign_params->digest_type != DIGEST_NONE) { 392 ALOGE("Cannot handle digest type %d", sign_params->digest_type); 393 return -1; 394 } else if (sign_params->padding_type != PADDING_NONE) { 395 ALOGE("Cannot handle padding type %d", sign_params->padding_type); 396 return -1; 397 } else if (signatureLength != signedDataLength) { 398 ALOGE("signed data length must be signature length"); 399 return -1; 400 } 401 402 ret = TEE_RSAVerify(keyBlob, keyBlobLength, signedData, signedDataLength, signature, 403 signatureLength, TEE_RSA_NODIGEST_NOPADDING, &result); 404 if (ret != TEE_ERR_NONE) { 405 ALOGE("TEE_RSAVerify() is failed: %d", ret); 406 return -1; 407 } 408 409 return (result == true) ? 0 : -1; 410 } 411 412 /* Close an opened Exynos KM instance */ 413 static int exynos_km_close(hw_device_t *dev) { 414 free(dev); 415 return 0; 416 } 417 418 /* 419 * Generic device handling 420 */ 421 static int exynos_km_open(const hw_module_t* module, const char* name, 422 hw_device_t** device) { 423 if (strcmp(name, KEYSTORE_KEYMASTER) != 0) 424 return -EINVAL; 425 426 Unique_keymaster_device_t dev(new keymaster_device_t); 427 if (dev.get() == NULL) 428 return -ENOMEM; 429 430 dev->common.tag = HARDWARE_DEVICE_TAG; 431 dev->common.version = 1; 432 dev->common.module = (struct hw_module_t*) module; 433 dev->common.close = exynos_km_close; 434 435 dev->flags = KEYMASTER_SOFTWARE_ONLY; 436 437 dev->generate_keypair = exynos_km_generate_keypair; 438 dev->import_keypair = exynos_km_import_keypair; 439 dev->get_keypair_public = exynos_km_get_keypair_public; 440 dev->delete_keypair = NULL; 441 dev->delete_all = NULL; 442 dev->sign_data = exynos_km_sign_data; 443 dev->verify_data = exynos_km_verify_data; 444 445 ERR_load_crypto_strings(); 446 ERR_load_BIO_strings(); 447 448 *device = reinterpret_cast<hw_device_t*>(dev.release()); 449 450 return 0; 451 } 452 453 static struct hw_module_methods_t keystore_module_methods = { 454 open: exynos_km_open, 455 }; 456 457 struct keystore_module HAL_MODULE_INFO_SYM 458 __attribute__ ((visibility ("default"))) = { 459 common: { 460 tag: HARDWARE_MODULE_TAG, 461 version_major: 1, 462 version_minor: 0, 463 id: KEYSTORE_HARDWARE_MODULE_ID, 464 name: "Keymaster Exynos HAL", 465 author: "Samsung S.LSI", 466 methods: &keystore_module_methods, 467 dso: 0, 468 reserved: {}, 469 }, 470 }; 471