1 /* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <keymaster/rsa_key_factory.h> 18 19 #include <new> 20 21 #include <keymaster/keymaster_context.h> 22 23 #include "openssl_err.h" 24 #include "openssl_utils.h" 25 #include "rsa_key.h" 26 #include "rsa_operation.h" 27 28 namespace keymaster { 29 30 const int kMaximumRsaKeySize = 4096; // OpenSSL fails above 4096. 31 const int kMinimumRsaKeySize = 16; // OpenSSL goes into an infinite loop if key size < 10 32 const int kMinimumRsaExponent = 3; 33 34 static RsaSigningOperationFactory sign_factory; 35 static RsaVerificationOperationFactory verify_factory; 36 static RsaEncryptionOperationFactory encrypt_factory; 37 static RsaDecryptionOperationFactory decrypt_factory; 38 39 OperationFactory* RsaKeyFactory::GetOperationFactory(keymaster_purpose_t purpose) const { 40 switch (purpose) { 41 case KM_PURPOSE_SIGN: 42 return &sign_factory; 43 case KM_PURPOSE_VERIFY: 44 return &verify_factory; 45 case KM_PURPOSE_ENCRYPT: 46 return &encrypt_factory; 47 case KM_PURPOSE_DECRYPT: 48 return &decrypt_factory; 49 default: 50 return nullptr; 51 } 52 } 53 54 keymaster_error_t RsaKeyFactory::GenerateKey(const AuthorizationSet& key_description, 55 KeymasterKeyBlob* key_blob, 56 AuthorizationSet* hw_enforced, 57 AuthorizationSet* sw_enforced) const { 58 if (!key_blob || !hw_enforced || !sw_enforced) 59 return KM_ERROR_OUTPUT_PARAMETER_NULL; 60 61 const AuthorizationSet& authorizations(key_description); 62 63 uint64_t public_exponent; 64 if (!authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent)) { 65 LOG_E("No public exponent specified for RSA key generation", 0); 66 return KM_ERROR_INVALID_ARGUMENT; 67 } 68 if (public_exponent < kMinimumRsaExponent || public_exponent % 2 != 1) { 69 LOG_E("Invalid public exponent specified for RSA key generation", 0); 70 return KM_ERROR_INVALID_ARGUMENT; 71 } 72 73 uint32_t key_size; 74 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) { 75 LOG_E("No key size specified for RSA key generation", 0); 76 return KM_ERROR_UNSUPPORTED_KEY_SIZE; 77 } 78 if (key_size % 8 != 0 || key_size > kMaximumRsaKeySize || key_size < kMinimumRsaKeySize) { 79 LOG_E("Invalid key size of %u bits specified for RSA key generation", key_size); 80 return KM_ERROR_UNSUPPORTED_KEY_SIZE; 81 } 82 83 UniquePtr<BIGNUM, BIGNUM_Delete> exponent(BN_new()); 84 UniquePtr<RSA, RsaKey::RSA_Delete> rsa_key(RSA_new()); 85 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new()); 86 if (exponent.get() == NULL || rsa_key.get() == NULL || pkey.get() == NULL) 87 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 88 89 if (!BN_set_word(exponent.get(), public_exponent) || 90 !RSA_generate_key_ex(rsa_key.get(), key_size, exponent.get(), NULL /* callback */)) 91 return TranslateLastOpenSslError(); 92 93 if (EVP_PKEY_set1_RSA(pkey.get(), rsa_key.get()) != 1) 94 return TranslateLastOpenSslError(); 95 96 KeymasterKeyBlob key_material; 97 keymaster_error_t error = EvpKeyToKeyMaterial(pkey.get(), &key_material); 98 if (error != KM_ERROR_OK) 99 return error; 100 101 return context_->CreateKeyBlob(authorizations, KM_ORIGIN_GENERATED, key_material, key_blob, 102 hw_enforced, sw_enforced); 103 } 104 105 keymaster_error_t RsaKeyFactory::ImportKey(const AuthorizationSet& key_description, 106 keymaster_key_format_t input_key_material_format, 107 const KeymasterKeyBlob& input_key_material, 108 KeymasterKeyBlob* output_key_blob, 109 AuthorizationSet* hw_enforced, 110 AuthorizationSet* sw_enforced) const { 111 if (!output_key_blob || !hw_enforced || !sw_enforced) 112 return KM_ERROR_OUTPUT_PARAMETER_NULL; 113 114 AuthorizationSet authorizations; 115 uint64_t public_exponent; 116 uint32_t key_size; 117 keymaster_error_t error = 118 UpdateImportKeyDescription(key_description, input_key_material_format, input_key_material, 119 &authorizations, &public_exponent, &key_size); 120 if (error != KM_ERROR_OK) 121 return error; 122 return context_->CreateKeyBlob(authorizations, KM_ORIGIN_IMPORTED, input_key_material, 123 output_key_blob, hw_enforced, sw_enforced); 124 } 125 126 keymaster_error_t RsaKeyFactory::UpdateImportKeyDescription(const AuthorizationSet& key_description, 127 keymaster_key_format_t key_format, 128 const KeymasterKeyBlob& key_material, 129 AuthorizationSet* updated_description, 130 uint64_t* public_exponent, 131 uint32_t* key_size) const { 132 if (!updated_description || !public_exponent || !key_size) 133 return KM_ERROR_OUTPUT_PARAMETER_NULL; 134 135 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey; 136 keymaster_error_t error = 137 KeyMaterialToEvpKey(key_format, key_material, keymaster_key_type(), &pkey); 138 if (error != KM_ERROR_OK) 139 return error; 140 141 UniquePtr<RSA, RsaKey::RSA_Delete> rsa_key(EVP_PKEY_get1_RSA(pkey.get())); 142 if (!rsa_key.get()) 143 return TranslateLastOpenSslError(); 144 145 updated_description->Reinitialize(key_description); 146 147 *public_exponent = BN_get_word(rsa_key->e); 148 if (*public_exponent == 0xffffffffL) 149 return KM_ERROR_INVALID_KEY_BLOB; 150 if (!updated_description->GetTagValue(TAG_RSA_PUBLIC_EXPONENT, public_exponent)) 151 updated_description->push_back(TAG_RSA_PUBLIC_EXPONENT, *public_exponent); 152 if (*public_exponent != BN_get_word(rsa_key->e)) { 153 LOG_E("Imported public exponent (%u) does not match specified public exponent (%u)", 154 *public_exponent, BN_get_word(rsa_key->e)); 155 return KM_ERROR_IMPORT_PARAMETER_MISMATCH; 156 } 157 158 *key_size = RSA_size(rsa_key.get()) * 8; 159 if (!updated_description->GetTagValue(TAG_KEY_SIZE, key_size)) 160 updated_description->push_back(TAG_KEY_SIZE, *key_size); 161 if (RSA_size(rsa_key.get()) * 8 != *key_size) { 162 LOG_E("Imported key size (%u bits) does not match specified key size (%u bits)", 163 RSA_size(rsa_key.get()) * 8, *key_size); 164 return KM_ERROR_IMPORT_PARAMETER_MISMATCH; 165 } 166 167 keymaster_algorithm_t algorithm = KM_ALGORITHM_RSA; 168 if (!updated_description->GetTagValue(TAG_ALGORITHM, &algorithm)) 169 updated_description->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); 170 if (algorithm != KM_ALGORITHM_RSA) 171 return KM_ERROR_IMPORT_PARAMETER_MISMATCH; 172 173 return KM_ERROR_OK; 174 } 175 176 keymaster_error_t RsaKeyFactory::CreateEmptyKey(const AuthorizationSet& hw_enforced, 177 const AuthorizationSet& sw_enforced, 178 UniquePtr<AsymmetricKey>* key) const { 179 keymaster_error_t error; 180 key->reset(new (std::nothrow) RsaKey(hw_enforced, sw_enforced, &error)); 181 if (!key->get()) 182 error = KM_ERROR_MEMORY_ALLOCATION_FAILED; 183 return error; 184 } 185 186 } // namespace keymaster 187