Home | History | Annotate | Download | only in keystore-engine
      1 /*
      2  * Copyright 2012 The Android Open Source Project
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions
      6  * are met:
      7  * 1. Redistributions of source code must retain the above copyright
      8  *    notice, this list of conditions and the following disclaimer.
      9  * 2. Redistributions in binary form must reproduce the above copyright
     10  *    notice, this list of conditions and the following disclaimer in the
     11  *    documentation and/or other materials provided with the distribution.
     12  *
     13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
     14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
     15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
     16  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
     17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
     18  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     19  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
     20  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     21  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     22  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     23  *
     24  */
     25 
     26 #include <utils/UniquePtr.h>
     27 
     28 //#define LOG_NDEBUG 0
     29 #define LOG_TAG "OpenSSL-keystore-rsa"
     30 #include <cutils/log.h>
     31 
     32 #include <binder/IServiceManager.h>
     33 #include <keystore/IKeystoreService.h>
     34 
     35 #include <openssl/rsa.h>
     36 #include <openssl/engine.h>
     37 
     38 #include "methods.h"
     39 
     40 
     41 using namespace android;
     42 
     43 
     44 int keystore_rsa_priv_enc(int flen, const unsigned char* from, unsigned char* to, RSA* rsa,
     45         int padding) {
     46     ALOGV("keystore_rsa_priv_enc(%d, %p, %p, %p, %d)", flen, from, to, rsa, padding);
     47 
     48     int num = RSA_size(rsa);
     49     UniquePtr<uint8_t> padded(new uint8_t[num]);
     50     if (padded.get() == NULL) {
     51         ALOGE("could not allocate padded signature");
     52         return 0;
     53     }
     54 
     55     switch (padding) {
     56     case RSA_PKCS1_PADDING:
     57         if (!RSA_padding_add_PKCS1_type_1(padded.get(), num, from, flen)) {
     58             return 0;
     59         }
     60         break;
     61     case RSA_X931_PADDING:
     62         if (!RSA_padding_add_X931(padded.get(), num, from, flen)) {
     63             return 0;
     64         }
     65         break;
     66     case RSA_NO_PADDING:
     67         if (!RSA_padding_add_none(padded.get(), num, from, flen)) {
     68             return 0;
     69         }
     70         break;
     71     default:
     72         ALOGE("Unknown padding type: %d", padding);
     73         return 0;
     74     }
     75 
     76     uint8_t* key_id = reinterpret_cast<uint8_t*>(RSA_get_ex_data(rsa, rsa_key_handle));
     77     if (key_id == NULL) {
     78         ALOGE("key had no key_id!");
     79         return 0;
     80     }
     81 
     82     sp<IServiceManager> sm = defaultServiceManager();
     83     sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
     84     sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
     85 
     86     if (service == NULL) {
     87         ALOGE("could not contact keystore");
     88         return 0;
     89     }
     90 
     91     uint8_t* reply = NULL;
     92     size_t replyLen;
     93     int32_t ret = service->sign(String16(reinterpret_cast<const char*>(key_id)), padded.get(),
     94             num, &reply, &replyLen);
     95     if (ret < 0) {
     96         ALOGW("There was an error during signing: could not connect");
     97         free(reply);
     98         return 0;
     99     } else if (ret != 0) {
    100         ALOGW("Error during signing from keystore: %d", ret);
    101         free(reply);
    102         return 0;
    103     } else if (replyLen <= 0) {
    104         ALOGW("No valid signature returned");
    105         return 0;
    106     }
    107 
    108     memcpy(to, reply, replyLen);
    109     free(reply);
    110 
    111     ALOGV("rsa=%p keystore_rsa_priv_enc => returning %p len %llu", rsa, to,
    112             (unsigned long long) replyLen);
    113     return static_cast<int>(replyLen);
    114 }
    115 
    116 int keystore_rsa_priv_dec(int flen, const unsigned char* from, unsigned char* to, RSA* rsa,
    117         int padding) {
    118     ALOGV("keystore_rsa_priv_dec(%d, %p, %p, %p, %d)", flen, from, to, rsa, padding);
    119 
    120     uint8_t* key_id = reinterpret_cast<uint8_t*>(RSA_get_ex_data(rsa, rsa_key_handle));
    121     if (key_id == NULL) {
    122         ALOGE("key had no key_id!");
    123         return 0;
    124     }
    125 
    126     sp<IServiceManager> sm = defaultServiceManager();
    127     sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
    128     sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
    129 
    130     if (service == NULL) {
    131         ALOGE("could not contact keystore");
    132         return 0;
    133     }
    134 
    135     int num = RSA_size(rsa);
    136 
    137     uint8_t* reply = NULL;
    138     size_t replyLen;
    139     int32_t ret = service->sign(String16(reinterpret_cast<const char*>(key_id)), from,
    140             flen, &reply, &replyLen);
    141     if (ret < 0) {
    142         ALOGW("There was an error during rsa_mod_exp: could not connect");
    143         return 0;
    144     } else if (ret != 0) {
    145         ALOGW("Error during sign from keystore: %d", ret);
    146         return 0;
    147     } else if (replyLen <= 0) {
    148         ALOGW("No valid signature returned");
    149         return 0;
    150     }
    151 
    152     /* Trim off the top zero if it's there */
    153     uint8_t* alignedReply;
    154     if (*reply == 0x00) {
    155         alignedReply = reply + 1;
    156         replyLen--;
    157     } else {
    158         alignedReply = reply;
    159     }
    160 
    161     int outSize;
    162     switch (padding) {
    163     case RSA_PKCS1_PADDING:
    164         outSize = RSA_padding_check_PKCS1_type_2(to, num, alignedReply, replyLen, num);
    165         break;
    166     case RSA_X931_PADDING:
    167         outSize = RSA_padding_check_X931(to, num, alignedReply, replyLen, num);
    168         break;
    169     case RSA_NO_PADDING:
    170         outSize = RSA_padding_check_none(to, num, alignedReply, replyLen, num);
    171         break;
    172     default:
    173         ALOGE("Unknown padding type: %d", padding);
    174         outSize = -1;
    175         break;
    176     }
    177 
    178     free(reply);
    179 
    180     ALOGV("rsa=%p keystore_rsa_priv_dec => returning %p len %llu", rsa, to, outSize);
    181     return outSize;
    182 }
    183 
    184 static RSA_METHOD keystore_rsa_meth = {
    185         kKeystoreEngineId,
    186         NULL, /* rsa_pub_enc (wrap) */
    187         NULL, /* rsa_pub_dec (verification) */
    188         keystore_rsa_priv_enc, /* rsa_priv_enc (signing) */
    189         keystore_rsa_priv_dec, /* rsa_priv_dec (unwrap) */
    190         NULL, /* rsa_mod_exp */
    191         NULL, /* bn_mod_exp */
    192         NULL, /* init */
    193         NULL, /* finish */
    194         RSA_FLAG_EXT_PKEY | RSA_FLAG_NO_BLINDING, /* flags */
    195         NULL, /* app_data */
    196         NULL, /* rsa_sign */
    197         NULL, /* rsa_verify */
    198         NULL, /* rsa_keygen */
    199 };
    200 
    201 static int register_rsa_methods() {
    202     const RSA_METHOD* rsa_meth = RSA_PKCS1_SSLeay();
    203 
    204     keystore_rsa_meth.rsa_pub_enc = rsa_meth->rsa_pub_enc;
    205     keystore_rsa_meth.rsa_pub_dec = rsa_meth->rsa_pub_dec;
    206     keystore_rsa_meth.rsa_mod_exp = rsa_meth->rsa_mod_exp;
    207     keystore_rsa_meth.bn_mod_exp = rsa_meth->bn_mod_exp;
    208 
    209     return 1;
    210 }
    211 
    212 int rsa_pkey_setup(ENGINE *e, EVP_PKEY *pkey, const char *key_id) {
    213     Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
    214     if (!RSA_set_ex_data(rsa.get(), rsa_key_handle, reinterpret_cast<void*>(strdup(key_id)))) {
    215         ALOGW("Could not set ex_data for loaded RSA key");
    216         return 0;
    217     }
    218 
    219     RSA_set_method(rsa.get(), &keystore_rsa_meth);
    220     RSA_blinding_off(rsa.get());
    221 
    222     /*
    223      * "RSA_set_ENGINE()" should probably be an OpenSSL API. Since it isn't,
    224      * and EVP_PKEY_free() calls ENGINE_finish(), we need to call ENGINE_init()
    225      * here.
    226      */
    227     ENGINE_init(e);
    228     rsa->engine = e;
    229     rsa->flags |= RSA_FLAG_EXT_PKEY;
    230 
    231     return 1;
    232 }
    233 
    234 int rsa_register(ENGINE* e) {
    235     if (!ENGINE_set_RSA(e, &keystore_rsa_meth)
    236             || !register_rsa_methods()) {
    237         ALOGE("Could not set up keystore RSA methods");
    238         return 0;
    239     }
    240 
    241     return 1;
    242 }
    243