1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #include <errno.h> 17 #include <string.h> 18 #include <stdint.h> 19 20 #include <keystore/keystore.h> 21 22 #include <hardware/hardware.h> 23 #include <hardware/keymaster.h> 24 25 #include <openssl/evp.h> 26 #include <openssl/bio.h> 27 #include <openssl/rsa.h> 28 #include <openssl/err.h> 29 #include <openssl/x509.h> 30 31 #include <UniquePtr.h> 32 33 // For debugging 34 // #define LOG_NDEBUG 0 35 36 #define LOG_TAG "OpenSSLKeyMaster" 37 #include <cutils/log.h> 38 39 struct BIGNUM_Delete { 40 void operator()(BIGNUM* p) const { 41 BN_free(p); 42 } 43 }; 44 typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 45 46 struct EVP_PKEY_Delete { 47 void operator()(EVP_PKEY* p) const { 48 EVP_PKEY_free(p); 49 } 50 }; 51 typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 52 53 struct PKCS8_PRIV_KEY_INFO_Delete { 54 void operator()(PKCS8_PRIV_KEY_INFO* p) const { 55 PKCS8_PRIV_KEY_INFO_free(p); 56 } 57 }; 58 typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 59 60 struct DSA_Delete { 61 void operator()(DSA* p) const { 62 DSA_free(p); 63 } 64 }; 65 typedef UniquePtr<DSA, DSA_Delete> Unique_DSA; 66 67 struct EC_KEY_Delete { 68 void operator()(EC_KEY* p) const { 69 EC_KEY_free(p); 70 } 71 }; 72 typedef UniquePtr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY; 73 74 struct EC_GROUP_Delete { 75 void operator()(EC_GROUP* p) const { 76 EC_GROUP_free(p); 77 } 78 }; 79 typedef UniquePtr<EC_GROUP, EC_GROUP_Delete> Unique_EC_GROUP; 80 81 struct RSA_Delete { 82 void operator()(RSA* p) const { 83 RSA_free(p); 84 } 85 }; 86 typedef UniquePtr<RSA, RSA_Delete> Unique_RSA; 87 88 struct Malloc_Free { 89 void operator()(void* p) const { 90 free(p); 91 } 92 }; 93 94 typedef UniquePtr<keymaster_device_t> Unique_keymaster_device_t; 95 96 /** 97 * Many OpenSSL APIs take ownership of an argument on success but 98 * don't free the argument on failure. This means we need to tell our 99 * scoped pointers when we've transferred ownership, without 100 * triggering a warning by not using the result of release(). 101 */ 102 template <typename T, typename Delete_T> 103 inline void release_because_ownership_transferred(UniquePtr<T, Delete_T>& p) { 104 T* val __attribute__((unused)) = p.release(); 105 } 106 107 /* 108 * Checks this thread's OpenSSL error queue and logs if 109 * necessary. 110 */ 111 static void logOpenSSLError(const char* location) { 112 int error = ERR_get_error(); 113 114 if (error != 0) { 115 char message[256]; 116 ERR_error_string_n(error, message, sizeof(message)); 117 ALOGE("OpenSSL error in %s %d: %s", location, error, message); 118 } 119 120 ERR_clear_error(); 121 ERR_remove_state(0); 122 } 123 124 static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlobLength) { 125 /* 126 * Find the length of each size. Public key is not needed anymore 127 * but must be kept for alignment purposes. 128 */ 129 int publicLen = 0; 130 int privateLen = i2d_PrivateKey(pkey, NULL); 131 132 if (privateLen <= 0) { 133 ALOGE("private key size was too big"); 134 return -1; 135 } 136 137 /* int type + int size + private key data + int size + public key data */ 138 *keyBlobLength = get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + privateLen + 139 sizeof(privateLen) + publicLen; 140 141 // derData will be returned to the caller, so allocate it with malloc. 142 UniquePtr<unsigned char, Malloc_Free> derData( 143 static_cast<unsigned char*>(malloc(*keyBlobLength))); 144 if (derData.get() == NULL) { 145 ALOGE("could not allocate memory for key blob"); 146 return -1; 147 } 148 unsigned char* p = derData.get(); 149 150 /* Write the magic value for software keys. */ 151 p = add_softkey_header(p, *keyBlobLength); 152 153 /* Write key type to allocated buffer */ 154 for (int i = sizeof(type) - 1; i >= 0; i--) { 155 *p++ = (type >> (8 * i)) & 0xFF; 156 } 157 158 /* Write public key to allocated buffer */ 159 for (int i = sizeof(publicLen) - 1; i >= 0; i--) { 160 *p++ = (publicLen >> (8 * i)) & 0xFF; 161 } 162 163 /* Write private key to allocated buffer */ 164 for (int i = sizeof(privateLen) - 1; i >= 0; i--) { 165 *p++ = (privateLen >> (8 * i)) & 0xFF; 166 } 167 if (i2d_PrivateKey(pkey, &p) != privateLen) { 168 logOpenSSLError("wrap_key"); 169 return -1; 170 } 171 172 *keyBlob = derData.release(); 173 174 return 0; 175 } 176 177 static EVP_PKEY* unwrap_key(const uint8_t* keyBlob, const size_t keyBlobLength) { 178 long publicLen = 0; 179 long privateLen = 0; 180 const uint8_t* p = keyBlob; 181 const uint8_t* const end = keyBlob + keyBlobLength; 182 183 if (keyBlob == NULL) { 184 ALOGE("supplied key blob was NULL"); 185 return NULL; 186 } 187 188 int type = 0; 189 if (keyBlobLength < (get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + 1 + 190 sizeof(privateLen) + 1)) { 191 ALOGE("key blob appears to be truncated"); 192 return NULL; 193 } 194 195 if (!is_softkey(p, keyBlobLength)) { 196 ALOGE("cannot read key; it was not made by this keymaster"); 197 return NULL; 198 } 199 p += get_softkey_header_size(); 200 201 for (size_t i = 0; i < sizeof(type); i++) { 202 type = (type << 8) | *p++; 203 } 204 205 for (size_t i = 0; i < sizeof(type); i++) { 206 publicLen = (publicLen << 8) | *p++; 207 } 208 if (p + publicLen > end) { 209 ALOGE("public key length encoding error: size=%ld, end=%td", publicLen, end - p); 210 return NULL; 211 } 212 213 p += publicLen; 214 if (end - p < 2) { 215 ALOGE("private key truncated"); 216 return NULL; 217 } 218 for (size_t i = 0; i < sizeof(type); i++) { 219 privateLen = (privateLen << 8) | *p++; 220 } 221 if (p + privateLen > end) { 222 ALOGE("private key length encoding error: size=%ld, end=%td", privateLen, end - p); 223 return NULL; 224 } 225 226 Unique_EVP_PKEY pkey(EVP_PKEY_new()); 227 if (pkey.get() == NULL) { 228 logOpenSSLError("unwrap_key"); 229 return NULL; 230 } 231 EVP_PKEY* tmp = pkey.get(); 232 233 if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) { 234 logOpenSSLError("unwrap_key"); 235 return NULL; 236 } 237 238 return pkey.release(); 239 } 240 241 static int generate_dsa_keypair(EVP_PKEY* pkey, const keymaster_dsa_keygen_params_t* dsa_params) { 242 if (dsa_params->key_size < 512) { 243 ALOGI("Requested DSA key size is too small (<512)"); 244 return -1; 245 } 246 247 Unique_DSA dsa(DSA_new()); 248 249 if (dsa_params->generator_len == 0 || dsa_params->prime_p_len == 0 || 250 dsa_params->prime_q_len == 0 || dsa_params->generator == NULL || 251 dsa_params->prime_p == NULL || dsa_params->prime_q == NULL) { 252 if (DSA_generate_parameters_ex(dsa.get(), dsa_params->key_size, NULL, 0, NULL, NULL, 253 NULL) != 1) { 254 logOpenSSLError("generate_dsa_keypair"); 255 return -1; 256 } 257 } else { 258 dsa->g = BN_bin2bn(dsa_params->generator, dsa_params->generator_len, NULL); 259 if (dsa->g == NULL) { 260 logOpenSSLError("generate_dsa_keypair"); 261 return -1; 262 } 263 264 dsa->p = BN_bin2bn(dsa_params->prime_p, dsa_params->prime_p_len, NULL); 265 if (dsa->p == NULL) { 266 logOpenSSLError("generate_dsa_keypair"); 267 return -1; 268 } 269 270 dsa->q = BN_bin2bn(dsa_params->prime_q, dsa_params->prime_q_len, NULL); 271 if (dsa->q == NULL) { 272 logOpenSSLError("generate_dsa_keypair"); 273 return -1; 274 } 275 } 276 277 if (DSA_generate_key(dsa.get()) != 1) { 278 logOpenSSLError("generate_dsa_keypair"); 279 return -1; 280 } 281 282 if (EVP_PKEY_assign_DSA(pkey, dsa.get()) == 0) { 283 logOpenSSLError("generate_dsa_keypair"); 284 return -1; 285 } 286 release_because_ownership_transferred(dsa); 287 288 return 0; 289 } 290 291 static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) { 292 Unique_EC_GROUP group; 293 switch (ec_params->field_size) { 294 case 192: 295 group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1)); 296 break; 297 case 224: 298 group.reset(EC_GROUP_new_by_curve_name(NID_secp224r1)); 299 break; 300 case 256: 301 group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); 302 break; 303 case 384: 304 group.reset(EC_GROUP_new_by_curve_name(NID_secp384r1)); 305 break; 306 case 521: 307 group.reset(EC_GROUP_new_by_curve_name(NID_secp521r1)); 308 break; 309 default: 310 break; 311 } 312 313 if (group.get() == NULL) { 314 logOpenSSLError("generate_ec_keypair"); 315 return -1; 316 } 317 318 EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED); 319 EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE); 320 321 /* initialize EC key */ 322 Unique_EC_KEY eckey(EC_KEY_new()); 323 if (eckey.get() == NULL) { 324 logOpenSSLError("generate_ec_keypair"); 325 return -1; 326 } 327 328 if (EC_KEY_set_group(eckey.get(), group.get()) != 1) { 329 logOpenSSLError("generate_ec_keypair"); 330 return -1; 331 } 332 333 if (EC_KEY_generate_key(eckey.get()) != 1 || EC_KEY_check_key(eckey.get()) < 0) { 334 logOpenSSLError("generate_ec_keypair"); 335 return -1; 336 } 337 338 if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) { 339 logOpenSSLError("generate_ec_keypair"); 340 return -1; 341 } 342 release_because_ownership_transferred(eckey); 343 344 return 0; 345 } 346 347 static int generate_rsa_keypair(EVP_PKEY* pkey, const keymaster_rsa_keygen_params_t* rsa_params) { 348 Unique_BIGNUM bn(BN_new()); 349 if (bn.get() == NULL) { 350 logOpenSSLError("generate_rsa_keypair"); 351 return -1; 352 } 353 354 if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) { 355 logOpenSSLError("generate_rsa_keypair"); 356 return -1; 357 } 358 359 /* initialize RSA */ 360 Unique_RSA rsa(RSA_new()); 361 if (rsa.get() == NULL) { 362 logOpenSSLError("generate_rsa_keypair"); 363 return -1; 364 } 365 366 if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL) || 367 RSA_check_key(rsa.get()) < 0) { 368 logOpenSSLError("generate_rsa_keypair"); 369 return -1; 370 } 371 372 if (EVP_PKEY_assign_RSA(pkey, rsa.get()) == 0) { 373 logOpenSSLError("generate_rsa_keypair"); 374 return -1; 375 } 376 release_because_ownership_transferred(rsa); 377 378 return 0; 379 } 380 381 __attribute__((visibility("default"))) int openssl_generate_keypair( 382 const keymaster_device_t*, const keymaster_keypair_t key_type, const void* key_params, 383 uint8_t** keyBlob, size_t* keyBlobLength) { 384 Unique_EVP_PKEY pkey(EVP_PKEY_new()); 385 if (pkey.get() == NULL) { 386 logOpenSSLError("openssl_generate_keypair"); 387 return -1; 388 } 389 390 if (key_params == NULL) { 391 ALOGW("key_params == null"); 392 return -1; 393 } else if (key_type == TYPE_DSA) { 394 const keymaster_dsa_keygen_params_t* dsa_params = 395 (const keymaster_dsa_keygen_params_t*)key_params; 396 generate_dsa_keypair(pkey.get(), dsa_params); 397 } else if (key_type == TYPE_EC) { 398 const keymaster_ec_keygen_params_t* ec_params = 399 (const keymaster_ec_keygen_params_t*)key_params; 400 generate_ec_keypair(pkey.get(), ec_params); 401 } else if (key_type == TYPE_RSA) { 402 const keymaster_rsa_keygen_params_t* rsa_params = 403 (const keymaster_rsa_keygen_params_t*)key_params; 404 generate_rsa_keypair(pkey.get(), rsa_params); 405 } else { 406 ALOGW("Unsupported key type %d", key_type); 407 return -1; 408 } 409 410 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), keyBlob, keyBlobLength)) { 411 return -1; 412 } 413 414 return 0; 415 } 416 417 __attribute__((visibility("default"))) int openssl_import_keypair(const keymaster_device_t*, 418 const uint8_t* key, 419 const size_t key_length, 420 uint8_t** key_blob, 421 size_t* key_blob_length) { 422 if (key == NULL) { 423 ALOGW("input key == NULL"); 424 return -1; 425 } else if (key_blob == NULL || key_blob_length == NULL) { 426 ALOGW("output key blob or length == NULL"); 427 return -1; 428 } 429 430 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length)); 431 if (pkcs8.get() == NULL) { 432 logOpenSSLError("openssl_import_keypair"); 433 return -1; 434 } 435 436 /* assign to EVP */ 437 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get())); 438 if (pkey.get() == NULL) { 439 logOpenSSLError("openssl_import_keypair"); 440 return -1; 441 } 442 release_because_ownership_transferred(pkcs8); 443 444 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), key_blob, key_blob_length)) { 445 return -1; 446 } 447 448 return 0; 449 } 450 451 __attribute__((visibility("default"))) int openssl_get_keypair_public( 452 const struct keymaster_device*, const uint8_t* key_blob, const size_t key_blob_length, 453 uint8_t** x509_data, size_t* x509_data_length) { 454 455 if (x509_data == NULL || x509_data_length == NULL) { 456 ALOGW("output public key buffer == NULL"); 457 return -1; 458 } 459 460 Unique_EVP_PKEY pkey(unwrap_key(key_blob, key_blob_length)); 461 if (pkey.get() == NULL) { 462 return -1; 463 } 464 465 int len = i2d_PUBKEY(pkey.get(), NULL); 466 if (len <= 0) { 467 logOpenSSLError("openssl_get_keypair_public"); 468 return -1; 469 } 470 471 UniquePtr<uint8_t, Malloc_Free> key(static_cast<uint8_t*>(malloc(len))); 472 if (key.get() == NULL) { 473 ALOGE("Could not allocate memory for public key data"); 474 return -1; 475 } 476 477 unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get()); 478 if (i2d_PUBKEY(pkey.get(), &tmp) != len) { 479 logOpenSSLError("openssl_get_keypair_public"); 480 return -1; 481 } 482 483 ALOGV("Length of x509 data is %d", len); 484 *x509_data_length = len; 485 *x509_data = key.release(); 486 487 return 0; 488 } 489 490 static int sign_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, const uint8_t* data, 491 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) { 492 if (sign_params->digest_type != DIGEST_NONE) { 493 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 494 return -1; 495 } 496 497 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey)); 498 if (dsa.get() == NULL) { 499 logOpenSSLError("openssl_sign_dsa"); 500 return -1; 501 } 502 503 unsigned int dsaSize = DSA_size(dsa.get()); 504 UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dsaSize))); 505 if (signedDataPtr.get() == NULL) { 506 logOpenSSLError("openssl_sign_dsa"); 507 return -1; 508 } 509 510 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get()); 511 if (DSA_sign(0, data, dataLength, tmp, &dsaSize, dsa.get()) <= 0) { 512 logOpenSSLError("openssl_sign_dsa"); 513 return -1; 514 } 515 516 *signedDataLength = dsaSize; 517 *signedData = signedDataPtr.release(); 518 519 return 0; 520 } 521 522 static int sign_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, const uint8_t* data, 523 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) { 524 if (sign_params->digest_type != DIGEST_NONE) { 525 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 526 return -1; 527 } 528 529 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey)); 530 if (eckey.get() == NULL) { 531 logOpenSSLError("openssl_sign_ec"); 532 return -1; 533 } 534 535 unsigned int ecdsaSize = ECDSA_size(eckey.get()); 536 UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(ecdsaSize))); 537 if (signedDataPtr.get() == NULL) { 538 logOpenSSLError("openssl_sign_ec"); 539 return -1; 540 } 541 542 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get()); 543 if (ECDSA_sign(0, data, dataLength, tmp, &ecdsaSize, eckey.get()) <= 0) { 544 logOpenSSLError("openssl_sign_ec"); 545 return -1; 546 } 547 548 *signedDataLength = ecdsaSize; 549 *signedData = signedDataPtr.release(); 550 551 return 0; 552 } 553 554 static int sign_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, const uint8_t* data, 555 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) { 556 if (sign_params->digest_type != DIGEST_NONE) { 557 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 558 return -1; 559 } else if (sign_params->padding_type != PADDING_NONE) { 560 ALOGW("Cannot handle padding type %d", sign_params->padding_type); 561 return -1; 562 } 563 564 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey)); 565 if (rsa.get() == NULL) { 566 logOpenSSLError("openssl_sign_rsa"); 567 return -1; 568 } 569 570 UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dataLength))); 571 if (signedDataPtr.get() == NULL) { 572 logOpenSSLError("openssl_sign_rsa"); 573 return -1; 574 } 575 576 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get()); 577 if (RSA_private_encrypt(dataLength, data, tmp, rsa.get(), RSA_NO_PADDING) <= 0) { 578 logOpenSSLError("openssl_sign_rsa"); 579 return -1; 580 } 581 582 *signedDataLength = dataLength; 583 *signedData = signedDataPtr.release(); 584 585 return 0; 586 } 587 588 __attribute__((visibility("default"))) int openssl_sign_data( 589 const keymaster_device_t*, const void* params, const uint8_t* keyBlob, 590 const size_t keyBlobLength, const uint8_t* data, const size_t dataLength, uint8_t** signedData, 591 size_t* signedDataLength) { 592 if (data == NULL) { 593 ALOGW("input data to sign == NULL"); 594 return -1; 595 } else if (signedData == NULL || signedDataLength == NULL) { 596 ALOGW("output signature buffer == NULL"); 597 return -1; 598 } 599 600 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength)); 601 if (pkey.get() == NULL) { 602 return -1; 603 } 604 605 int type = EVP_PKEY_type(pkey->type); 606 if (type == EVP_PKEY_DSA) { 607 const keymaster_dsa_sign_params_t* sign_params = 608 reinterpret_cast<const keymaster_dsa_sign_params_t*>(params); 609 return sign_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params), data, 610 dataLength, signedData, signedDataLength); 611 } else if (type == EVP_PKEY_EC) { 612 const keymaster_ec_sign_params_t* sign_params = 613 reinterpret_cast<const keymaster_ec_sign_params_t*>(params); 614 return sign_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params), data, 615 dataLength, signedData, signedDataLength); 616 } else if (type == EVP_PKEY_RSA) { 617 const keymaster_rsa_sign_params_t* sign_params = 618 reinterpret_cast<const keymaster_rsa_sign_params_t*>(params); 619 return sign_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params), data, 620 dataLength, signedData, signedDataLength); 621 } else { 622 ALOGW("Unsupported key type"); 623 return -1; 624 } 625 } 626 627 static int verify_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, 628 const uint8_t* signedData, const size_t signedDataLength, 629 const uint8_t* signature, const size_t signatureLength) { 630 if (sign_params->digest_type != DIGEST_NONE) { 631 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 632 return -1; 633 } 634 635 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey)); 636 if (dsa.get() == NULL) { 637 logOpenSSLError("openssl_verify_dsa"); 638 return -1; 639 } 640 641 if (DSA_verify(0, signedData, signedDataLength, signature, signatureLength, dsa.get()) <= 0) { 642 logOpenSSLError("openssl_verify_dsa"); 643 return -1; 644 } 645 646 return 0; 647 } 648 649 static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, 650 const uint8_t* signedData, const size_t signedDataLength, 651 const uint8_t* signature, const size_t signatureLength) { 652 if (sign_params->digest_type != DIGEST_NONE) { 653 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 654 return -1; 655 } 656 657 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey)); 658 if (eckey.get() == NULL) { 659 logOpenSSLError("openssl_verify_ec"); 660 return -1; 661 } 662 663 if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <= 664 0) { 665 logOpenSSLError("openssl_verify_ec"); 666 return -1; 667 } 668 669 return 0; 670 } 671 672 static int verify_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, 673 const uint8_t* signedData, const size_t signedDataLength, 674 const uint8_t* signature, const size_t signatureLength) { 675 if (sign_params->digest_type != DIGEST_NONE) { 676 ALOGW("Cannot handle digest type %d", sign_params->digest_type); 677 return -1; 678 } else if (sign_params->padding_type != PADDING_NONE) { 679 ALOGW("Cannot handle padding type %d", sign_params->padding_type); 680 return -1; 681 } else if (signatureLength != signedDataLength) { 682 ALOGW("signed data length must be signature length"); 683 return -1; 684 } 685 686 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey)); 687 if (rsa.get() == NULL) { 688 logOpenSSLError("openssl_verify_data"); 689 return -1; 690 } 691 692 UniquePtr<uint8_t[]> dataPtr(new uint8_t[signedDataLength]); 693 if (dataPtr.get() == NULL) { 694 logOpenSSLError("openssl_verify_data"); 695 return -1; 696 } 697 698 unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get()); 699 if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) { 700 logOpenSSLError("openssl_verify_data"); 701 return -1; 702 } 703 704 int result = 0; 705 for (size_t i = 0; i < signedDataLength; i++) { 706 result |= tmp[i] ^ signedData[i]; 707 } 708 709 return result == 0 ? 0 : -1; 710 } 711 712 __attribute__((visibility("default"))) int openssl_verify_data( 713 const keymaster_device_t*, const void* params, const uint8_t* keyBlob, 714 const size_t keyBlobLength, const uint8_t* signedData, const size_t signedDataLength, 715 const uint8_t* signature, const size_t signatureLength) { 716 717 if (signedData == NULL || signature == NULL) { 718 ALOGW("data or signature buffers == NULL"); 719 return -1; 720 } 721 722 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength)); 723 if (pkey.get() == NULL) { 724 return -1; 725 } 726 727 int type = EVP_PKEY_type(pkey->type); 728 if (type == EVP_PKEY_DSA) { 729 const keymaster_dsa_sign_params_t* sign_params = 730 reinterpret_cast<const keymaster_dsa_sign_params_t*>(params); 731 return verify_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params), 732 signedData, signedDataLength, signature, signatureLength); 733 } else if (type == EVP_PKEY_RSA) { 734 const keymaster_rsa_sign_params_t* sign_params = 735 reinterpret_cast<const keymaster_rsa_sign_params_t*>(params); 736 return verify_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params), 737 signedData, signedDataLength, signature, signatureLength); 738 } else if (type == EVP_PKEY_EC) { 739 const keymaster_ec_sign_params_t* sign_params = 740 reinterpret_cast<const keymaster_ec_sign_params_t*>(params); 741 return verify_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params), 742 signedData, signedDataLength, signature, signatureLength); 743 } else { 744 ALOGW("Unsupported key type %d", type); 745 return -1; 746 } 747 } 748