1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #include <errno.h> 17 #include <string.h> 18 #include <stdint.h> 19 20 #include <keystore/keystore.h> 21 22 #include <hardware/hardware.h> 23 #include <hardware/keymaster.h> 24 25 #include <openssl/evp.h> 26 #include <openssl/bio.h> 27 #include <openssl/rsa.h> 28 #include <openssl/err.h> 29 #include <openssl/x509.h> 30 31 #include <utils/UniquePtr.h> 32 33 // For debugging 34 //#define LOG_NDEBUG 0 35 36 #define LOG_TAG "OpenSSLKeyMaster" 37 #include <cutils/log.h> 38 39 struct BIGNUM_Delete { 40 void operator()(BIGNUM* p) const { 41 BN_free(p); 42 } 43 }; 44 typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 45 46 struct EVP_PKEY_Delete { 47 void operator()(EVP_PKEY* p) const { 48 EVP_PKEY_free(p); 49 } 50 }; 51 typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 52 53 struct PKCS8_PRIV_KEY_INFO_Delete { 54 void operator()(PKCS8_PRIV_KEY_INFO* p) const { 55 PKCS8_PRIV_KEY_INFO_free(p); 56 } 57 }; 58 typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 59 60 struct DSA_Delete { 61 void operator()(DSA* p) const { 62 DSA_free(p); 63 } 64 }; 65 typedef UniquePtr<DSA, DSA_Delete> Unique_DSA; 66 67 struct EC_KEY_Delete { 68 void operator()(EC_KEY* p) const { 69 EC_KEY_free(p); 70 } 71 }; 72 typedef UniquePtr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY; 73 74 struct RSA_Delete { 75 void operator()(RSA* p) const { 76 RSA_free(p); 77 } 78 }; 79 typedef UniquePtr<RSA, RSA_Delete> Unique_RSA; 80 81 typedef UniquePtr<keymaster_device_t> Unique_keymaster_device_t; 82 83 /** 84 * Many OpenSSL APIs take ownership of an argument on success but don't free the argument 85 * on failure. This means we need to tell our scoped pointers when we've transferred ownership, 86 * without triggering a warning by not using the result of release(). 87 */ 88 #define OWNERSHIP_TRANSFERRED(obj) \ 89 typeof (obj.release()) _dummy __attribute__((unused)) = obj.release() 90 91 92 /* 93 * Checks this thread's OpenSSL error queue and logs if 94 * necessary. 95 */ 96 static void logOpenSSLError(const char* location) { 97 int error = ERR_get_error(); 98 99 if (error != 0) { 100 char message[256]; 101 ERR_error_string_n(error, message, sizeof(message)); 102 ALOGE("OpenSSL error in %s %d: %s", location, error, message); 103 } 104 105 ERR_clear_error(); 106 ERR_remove_state(0); 107 } 108 109 static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlobLength) { 110 /* 111 * Find the length of each size. Public key is not needed anymore but must be kept for 112 * alignment purposes. 113 */ 114 int publicLen = 0; 115 int privateLen = i2d_PrivateKey(pkey, NULL); 116 117 if (privateLen <= 0) { 118 ALOGE("private key size was too big"); 119 return -1; 120 } 121 122 /* int type + int size + private key data + int size + public key data */ 123 *keyBlobLength = get_softkey_header_size() + sizeof(int) + sizeof(int) + privateLen 124 + sizeof(int) + publicLen; 125 126 UniquePtr<unsigned char> derData(new unsigned char[*keyBlobLength]); 127 if (derData.get() == NULL) { 128 ALOGE("could not allocate memory for key blob"); 129 return -1; 130 } 131 unsigned char* p = derData.get(); 132 133 /* Write the magic value for software keys. */ 134 p = add_softkey_header(p, *keyBlobLength); 135 136 /* Write key type to allocated buffer */ 137 for (int i = sizeof(int) - 1; i >= 0; i--) { 138 *p++ = (type >> (8*i)) & 0xFF; 139 } 140 141 /* Write public key to allocated buffer */ 142 for (int i = sizeof(int) - 1; i >= 0; i--) { 143 *p++ = (publicLen >> (8*i)) & 0xFF; 144 } 145 146 /* Write private key to allocated buffer */ 147 for (int i = sizeof(int) - 1; i >= 0; i--) { 148 *p++ = (privateLen >> (8*i)) & 0xFF; 149 } 150 if (i2d_PrivateKey(pkey, &p) != privateLen) { 151 logOpenSSLError("wrap_key"); 152 return -1; 153 } 154 155 *keyBlob = derData.release(); 156 157 return 0; 158 } 159 160 static EVP_PKEY* unwrap_key(const uint8_t* keyBlob, const size_t keyBlobLength) { 161 long publicLen = 0; 162 long privateLen = 0; 163 const uint8_t* p = keyBlob; 164 const uint8_t *const end = keyBlob + keyBlobLength; 165 166 if (keyBlob == NULL) { 167 ALOGE("supplied key blob was NULL"); 168 return NULL; 169 } 170 171 // Should be large enough for: 172 // int32 magic, int32 type, int32 pubLen, char* pub, int32 privLen, char* priv 173 if (keyBlobLength < (get_softkey_header_size() + sizeof(int) + sizeof(int) + 1 174 + sizeof(int) + 1)) { 175 ALOGE("key blob appears to be truncated"); 176 return NULL; 177 } 178 179 if (!is_softkey(p, keyBlobLength)) { 180 ALOGE("cannot read key; it was not made by this keymaster"); 181 return NULL; 182 } 183 p += get_softkey_header_size(); 184 185 int type = 0; 186 for (size_t i = 0; i < sizeof(int); i++) { 187 type = (type << 8) | *p++; 188 } 189 190 for (size_t i = 0; i < sizeof(int); i++) { 191 publicLen = (publicLen << 8) | *p++; 192 } 193 if (p + publicLen > end) { 194 ALOGE("public key length encoding error: size=%ld, end=%d", publicLen, end - p); 195 return NULL; 196 } 197 198 p += publicLen; 199 if (end - p < 2) { 200 ALOGE("private key truncated"); 201 return NULL; 202 } 203 for (size_t i = 0; i < sizeof(int); i++) { 204 privateLen = (privateLen << 8) | *p++; 205 } 206 if (p + privateLen > end) { 207 ALOGE("private key length encoding error: size=%ld, end=%d", privateLen, end - p); 208 return NULL; 209 } 210 211 Unique_EVP_PKEY pkey(EVP_PKEY_new()); 212 if (pkey.get() == NULL) { 213 logOpenSSLError("unwrap_key"); 214 return NULL; 215 } 216 EVP_PKEY* tmp = pkey.get(); 217 218 if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) { 219 logOpenSSLError("unwrap_key"); 220 return NULL; 221 } 222 223 return pkey.release(); 224 } 225 226 static int generate_dsa_keypair(EVP_PKEY* pkey, const keymaster_dsa_keygen_params_t* dsa_params) 227 { 228 if (dsa_params->key_size < 512) { 229 ALOGI("Requested DSA key size is too small (<512)"); 230 return -1; 231 } 232 233 Unique_DSA dsa(DSA_new()); 234 235 if (dsa_params->generator_len == 0 || 236 dsa_params->prime_p_len == 0 || 237 dsa_params->prime_q_len == 0 || 238 dsa_params->generator == NULL|| 239 dsa_params->prime_p == NULL || 240 dsa_params->prime_q == NULL) { 241 if (DSA_generate_parameters_ex(dsa.get(), dsa_params->key_size, NULL, 0, NULL, NULL, 242 NULL) != 1) { 243 logOpenSSLError("generate_dsa_keypair"); 244 return -1; 245 } 246 } else { 247 dsa->g = BN_bin2bn(dsa_params->generator, 248 dsa_params->generator_len, 249 NULL); 250 if (dsa->g == NULL) { 251 logOpenSSLError("generate_dsa_keypair"); 252 return -1; 253 } 254 255 dsa->p = BN_bin2bn(dsa_params->prime_p, 256 dsa_params->prime_p_len, 257 NULL); 258 if (dsa->p == NULL) { 259 logOpenSSLError("generate_dsa_keypair"); 260 return -1; 261 } 262 263 dsa->q = BN_bin2bn(dsa_params->prime_q, 264 dsa_params->prime_q_len, 265 NULL); 266 if (dsa->q == NULL) { 267 logOpenSSLError("generate_dsa_keypair"); 268 return -1; 269 } 270 } 271 272 if (DSA_generate_key(dsa.get()) != 1) { 273 logOpenSSLError("generate_dsa_keypair"); 274 return -1; 275 } 276 277 if (EVP_PKEY_assign_DSA(pkey, dsa.get()) == 0) { 278 logOpenSSLError("generate_dsa_keypair"); 279 return -1; 280 } 281 OWNERSHIP_TRANSFERRED(dsa); 282 283 return 0; 284 } 285 286 static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) 287 { 288 EC_GROUP* group; 289 switch (ec_params->field_size) { 290 case 192: 291 group = EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1); 292 break; 293 case 224: 294 group = EC_GROUP_new_by_curve_name(NID_secp224r1); 295 break; 296 case 256: 297 group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); 298 break; 299 case 384: 300 group = EC_GROUP_new_by_curve_name(NID_secp384r1); 301 break; 302 case 521: 303 group = EC_GROUP_new_by_curve_name(NID_secp521r1); 304 break; 305 default: 306 group = NULL; 307 break; 308 } 309 310 if (group == NULL) { 311 logOpenSSLError("generate_ec_keypair"); 312 return -1; 313 } 314 315 EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED); 316 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); 317 318 /* initialize EC key */ 319 Unique_EC_KEY eckey(EC_KEY_new()); 320 if (eckey.get() == NULL) { 321 logOpenSSLError("generate_ec_keypair"); 322 return -1; 323 } 324 325 if (EC_KEY_set_group(eckey.get(), group) != 1) { 326 logOpenSSLError("generate_ec_keypair"); 327 return -1; 328 } 329 330 if (EC_KEY_generate_key(eckey.get()) != 1 331 || EC_KEY_check_key(eckey.get()) < 0) { 332 logOpenSSLError("generate_ec_keypair"); 333 return -1; 334 } 335 336 if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) { 337 logOpenSSLError("generate_ec_keypair"); 338 return -1; 339 } 340 OWNERSHIP_TRANSFERRED(eckey); 341 342 return 0; 343 } 344 345 static int generate_rsa_keypair(EVP_PKEY* pkey, const keymaster_rsa_keygen_params_t* rsa_params) 346 { 347 Unique_BIGNUM bn(BN_new()); 348 if (bn.get() == NULL) { 349 logOpenSSLError("generate_rsa_keypair"); 350 return -1; 351 } 352 353 if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) { 354 logOpenSSLError("generate_rsa_keypair"); 355 return -1; 356 } 357 358 /* initialize RSA */ 359 Unique_RSA rsa(RSA_new()); 360 if (rsa.get() == NULL) { 361 logOpenSSLError("generate_rsa_keypair"); 362 return -1; 363 } 364 365 if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL) 366 || RSA_check_key(rsa.get()) < 0) { 367 logOpenSSLError("generate_rsa_keypair"); 368 return -1; 369 } 370 371 if (EVP_PKEY_assign_RSA(pkey, rsa.get()) == 0) { 372 logOpenSSLError("generate_rsa_keypair"); 373 return -1; 374 } 375 OWNERSHIP_TRANSFERRED(rsa); 376 377 return 0; 378 } 379 380 __attribute__ ((visibility ("default"))) 381 int openssl_generate_keypair(const keymaster_device_t*, 382 const keymaster_keypair_t key_type, const void* key_params, 383 uint8_t** keyBlob, size_t* keyBlobLength) { 384 Unique_EVP_PKEY pkey(EVP_PKEY_new()); 385 if (pkey.get() == NULL) { 386 logOpenSSLError("openssl_generate_keypair"); 387 return -1; 388 } 389 390 if (key_params == NULL) { 391 ALOGW("key_params == null"); 392 return -1; 393 } else if (key_type == TYPE_DSA) { 394 const keymaster_dsa_keygen_params_t* dsa_params = 395 (const keymaster_dsa_keygen_params_t*) key_params; 396 generate_dsa_keypair(pkey.get(), dsa_params); 397 } else if (key_type == TYPE_EC) { 398 const keymaster_ec_keygen_params_t* ec_params = 399 (const keymaster_ec_keygen_params_t*) key_params; 400 generate_ec_keypair(pkey.get(), ec_params); 401 } else if (key_type == TYPE_RSA) { 402 const keymaster_rsa_keygen_params_t* rsa_params = 403 (const keymaster_rsa_keygen_params_t*) key_params; 404 generate_rsa_keypair(pkey.get(), rsa_params); 405 } else { 406 ALOGW("Unsupported key type %d", key_type); 407 return -1; 408 } 409 410 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), keyBlob, keyBlobLength)) { 411 return -1; 412 } 413 414 return 0; 415 } 416 417 __attribute__ ((visibility ("default"))) 418 int openssl_import_keypair(const keymaster_device_t*, 419 const uint8_t* key, const size_t key_length, 420 uint8_t** key_blob, size_t* key_blob_length) { 421 if (key == NULL) { 422 ALOGW("input key == NULL"); 423 return -1; 424 } else if (key_blob == NULL || key_blob_length == NULL) { 425 ALOGW("output key blob or length == NULL"); 426 return -1; 427 } 428 429 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length)); 430 if (pkcs8.get() == NULL) { 431 logOpenSSLError("openssl_import_keypair"); 432 return -1; 433 } 434 435 /* assign to EVP */ 436 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get())); 437 if (pkey.get() == NULL) { 438 logOpenSSLError("openssl_import_keypair"); 439 return -1; 440 } 441 OWNERSHIP_TRANSFERRED(pkcs8); 442 443 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), key_blob, key_blob_length)) { 444 return -1; 445 } 446 447 return 0; 448 } 449 450 __attribute__ ((visibility ("default"))) 451 int openssl_get_keypair_public(const struct keymaster_device*, 452 const uint8_t* key_blob, const size_t key_blob_length, 453 uint8_t** x509_data, size_t* x509_data_length) { 454 455 if (x509_data == NULL || x509_data_length == NULL) { 456 ALOGW("output public key buffer == NULL"); 457 return -1; 458 } 459 460 Unique_EVP_PKEY pkey(unwrap_key(key_blob, key_blob_length)); 461 if (pkey.get() == NULL) { 462 return -1; 463 } 464 465 int len = i2d_PUBKEY(pkey.get(), NULL); 466 if (len <= 0) { 467 logOpenSSLError("openssl_get_keypair_public"); 468 return -1; 469 } 470 471 UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len))); 472 if (key.get() == NULL) { 473 ALOGE("Could not allocate memory for public key data"); 474 return -1; 475 } 476 477 unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get()); 478 if (i2d_PUBKEY(pkey.get(), &tmp) != len) { 479 logOpenSSLError("openssl_get_keypair_public"); 480 return -1; 481 } 482 483 ALOGV("Length of x509 data is %d", len); 484 *x509_data_length = len; 485 *x509_data = key.release(); 486 487 return 0; 488 } 489 490 static int sign_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, const uint8_t* data, 491 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) { 492 if (sign_params->digest_type != DIGEST_NONE) { 493 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 494 return -1; 495 } 496 497 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey)); 498 if (dsa.get() == NULL) { 499 logOpenSSLError("openssl_sign_dsa"); 500 return -1; 501 } 502 503 unsigned int dsaSize = DSA_size(dsa.get()); 504 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dsaSize))); 505 if (signedDataPtr.get() == NULL) { 506 logOpenSSLError("openssl_sign_dsa"); 507 return -1; 508 } 509 510 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get()); 511 if (DSA_sign(0, data, dataLength, tmp, &dsaSize, dsa.get()) <= 0) { 512 logOpenSSLError("openssl_sign_dsa"); 513 return -1; 514 } 515 516 *signedDataLength = dsaSize; 517 *signedData = signedDataPtr.release(); 518 519 return 0; 520 } 521 522 static int sign_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, const uint8_t* data, 523 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) { 524 if (sign_params->digest_type != DIGEST_NONE) { 525 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 526 return -1; 527 } 528 529 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey)); 530 if (eckey.get() == NULL) { 531 logOpenSSLError("openssl_sign_ec"); 532 return -1; 533 } 534 535 unsigned int ecdsaSize = ECDSA_size(eckey.get()); 536 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(ecdsaSize))); 537 if (signedDataPtr.get() == NULL) { 538 logOpenSSLError("openssl_sign_ec"); 539 return -1; 540 } 541 542 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get()); 543 if (ECDSA_sign(0, data, dataLength, tmp, &ecdsaSize, eckey.get()) <= 0) { 544 logOpenSSLError("openssl_sign_ec"); 545 return -1; 546 } 547 548 *signedDataLength = ecdsaSize; 549 *signedData = signedDataPtr.release(); 550 551 return 0; 552 } 553 554 555 static int sign_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, const uint8_t* data, 556 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) { 557 if (sign_params->digest_type != DIGEST_NONE) { 558 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 559 return -1; 560 } else if (sign_params->padding_type != PADDING_NONE) { 561 ALOGW("Cannot handle padding type %d", sign_params->padding_type); 562 return -1; 563 } 564 565 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey)); 566 if (rsa.get() == NULL) { 567 logOpenSSLError("openssl_sign_rsa"); 568 return -1; 569 } 570 571 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dataLength))); 572 if (signedDataPtr.get() == NULL) { 573 logOpenSSLError("openssl_sign_rsa"); 574 return -1; 575 } 576 577 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get()); 578 if (RSA_private_encrypt(dataLength, data, tmp, rsa.get(), RSA_NO_PADDING) <= 0) { 579 logOpenSSLError("openssl_sign_rsa"); 580 return -1; 581 } 582 583 *signedDataLength = dataLength; 584 *signedData = signedDataPtr.release(); 585 586 return 0; 587 } 588 589 __attribute__ ((visibility ("default"))) 590 int openssl_sign_data(const keymaster_device_t*, 591 const void* params, 592 const uint8_t* keyBlob, const size_t keyBlobLength, 593 const uint8_t* data, const size_t dataLength, 594 uint8_t** signedData, size_t* signedDataLength) { 595 if (data == NULL) { 596 ALOGW("input data to sign == NULL"); 597 return -1; 598 } else if (signedData == NULL || signedDataLength == NULL) { 599 ALOGW("output signature buffer == NULL"); 600 return -1; 601 } 602 603 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength)); 604 if (pkey.get() == NULL) { 605 return -1; 606 } 607 608 int type = EVP_PKEY_type(pkey->type); 609 if (type == EVP_PKEY_DSA) { 610 keymaster_dsa_sign_params_t* sign_params = (keymaster_dsa_sign_params_t*) params; 611 return sign_dsa(pkey.get(), sign_params, data, dataLength, signedData, signedDataLength); 612 } else if (type == EVP_PKEY_EC) { 613 keymaster_ec_sign_params_t* sign_params = (keymaster_ec_sign_params_t*) params; 614 return sign_ec(pkey.get(), sign_params, data, dataLength, signedData, signedDataLength); 615 } else if (type == EVP_PKEY_RSA) { 616 keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params; 617 return sign_rsa(pkey.get(), sign_params, data, dataLength, signedData, signedDataLength); 618 } else { 619 ALOGW("Unsupported key type"); 620 return -1; 621 } 622 } 623 624 static int verify_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, 625 const uint8_t* signedData, const size_t signedDataLength, const uint8_t* signature, 626 const size_t signatureLength) { 627 if (sign_params->digest_type != DIGEST_NONE) { 628 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 629 return -1; 630 } 631 632 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey)); 633 if (dsa.get() == NULL) { 634 logOpenSSLError("openssl_verify_dsa"); 635 return -1; 636 } 637 638 if (DSA_verify(0, signedData, signedDataLength, signature, signatureLength, dsa.get()) <= 0) { 639 logOpenSSLError("openssl_verify_dsa"); 640 return -1; 641 } 642 643 return 0; 644 } 645 646 static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, 647 const uint8_t* signedData, const size_t signedDataLength, const uint8_t* signature, 648 const size_t signatureLength) { 649 if (sign_params->digest_type != DIGEST_NONE) { 650 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 651 return -1; 652 } 653 654 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey)); 655 if (eckey.get() == NULL) { 656 logOpenSSLError("openssl_verify_ec"); 657 return -1; 658 } 659 660 if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <= 0) { 661 logOpenSSLError("openssl_verify_ec"); 662 return -1; 663 } 664 665 return 0; 666 } 667 668 static int verify_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, 669 const uint8_t* signedData, const size_t signedDataLength, const uint8_t* signature, 670 const size_t signatureLength) { 671 if (sign_params->digest_type != DIGEST_NONE) { 672 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 673 return -1; 674 } else if (sign_params->padding_type != PADDING_NONE) { 675 ALOGW("Cannot handle padding type %d", sign_params->padding_type); 676 return -1; 677 } else if (signatureLength != signedDataLength) { 678 ALOGW("signed data length must be signature length"); 679 return -1; 680 } 681 682 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey)); 683 if (rsa.get() == NULL) { 684 logOpenSSLError("openssl_verify_data"); 685 return -1; 686 } 687 688 UniquePtr<uint8_t> dataPtr(reinterpret_cast<uint8_t*>(malloc(signedDataLength))); 689 if (dataPtr.get() == NULL) { 690 logOpenSSLError("openssl_verify_data"); 691 return -1; 692 } 693 694 unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get()); 695 if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) { 696 logOpenSSLError("openssl_verify_data"); 697 return -1; 698 } 699 700 int result = 0; 701 for (size_t i = 0; i < signedDataLength; i++) { 702 result |= tmp[i] ^ signedData[i]; 703 } 704 705 return result == 0 ? 0 : -1; 706 } 707 708 __attribute__ ((visibility ("default"))) 709 int openssl_verify_data(const keymaster_device_t*, 710 const void* params, 711 const uint8_t* keyBlob, const size_t keyBlobLength, 712 const uint8_t* signedData, const size_t signedDataLength, 713 const uint8_t* signature, const size_t signatureLength) { 714 715 if (signedData == NULL || signature == NULL) { 716 ALOGW("data or signature buffers == NULL"); 717 return -1; 718 } 719 720 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength)); 721 if (pkey.get() == NULL) { 722 return -1; 723 } 724 725 int type = EVP_PKEY_type(pkey->type); 726 if (type == EVP_PKEY_DSA) { 727 keymaster_dsa_sign_params_t* sign_params = (keymaster_dsa_sign_params_t*) params; 728 return verify_dsa(pkey.get(), sign_params, signedData, signedDataLength, signature, 729 signatureLength); 730 } else if (type == EVP_PKEY_RSA) { 731 keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params; 732 return verify_rsa(pkey.get(), sign_params, signedData, signedDataLength, signature, 733 signatureLength); 734 } else if (type == EVP_PKEY_EC) { 735 keymaster_ec_sign_params_t* sign_params = (keymaster_ec_sign_params_t*) params; 736 return verify_ec(pkey.get(), sign_params, signedData, signedDataLength, signature, 737 signatureLength); 738 } else { 739 ALOGW("Unsupported key type %d", type); 740 return -1; 741 } 742 } 743
