1 /*
2 * Copyright 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymaster/km_openssl/ec_key_factory.h>
18
19 #include <openssl/evp.h>
20
21 #include <keymaster/keymaster_context.h>
22 #include <keymaster/km_openssl/ec_key.h>
23 #include <keymaster/km_openssl/ecdh_operation.h>
24 #include <keymaster/km_openssl/ecdsa_operation.h>
25 #include <keymaster/km_openssl/openssl_err.h>
26
27 #include <keymaster/operation.h>
28
29 namespace keymaster {
30
31 static EcdsaSignOperationFactory sign_factory;
32 static EcdsaVerifyOperationFactory verify_factory;
33 static EcdhOperationFactory agree_key_factory;
34
GetOperationFactory(keymaster_purpose_t purpose) const35 OperationFactory* EcKeyFactory::GetOperationFactory(keymaster_purpose_t purpose) const {
36 switch (purpose) {
37 case KM_PURPOSE_SIGN:
38 return &sign_factory;
39 case KM_PURPOSE_VERIFY:
40 return &verify_factory;
41 case KM_PURPOSE_AGREE_KEY:
42 return &agree_key_factory;
43 default:
44 return nullptr;
45 }
46 }
47
48 /* static */
GetCurveAndSize(const AuthorizationSet & key_description,keymaster_ec_curve_t * curve,uint32_t * key_size_bits)49 keymaster_error_t EcKeyFactory::GetCurveAndSize(const AuthorizationSet& key_description,
50 keymaster_ec_curve_t* curve,
51 uint32_t* key_size_bits) {
52 if (!key_description.GetTagValue(TAG_EC_CURVE, curve)) {
53 // Curve not specified. Fall back to deducing curve from key size.
54 if (!key_description.GetTagValue(TAG_KEY_SIZE, key_size_bits)) {
55 LOG_E("%s", "No curve or key size specified for EC key generation");
56 return KM_ERROR_UNSUPPORTED_KEY_SIZE;
57 }
58 keymaster_error_t error = EcKeySizeToCurve(*key_size_bits, curve);
59 if (error != KM_ERROR_OK) {
60 return KM_ERROR_UNSUPPORTED_KEY_SIZE;
61 }
62 } else {
63 keymaster_error_t error = EcCurveToKeySize(*curve, key_size_bits);
64 if (error != KM_ERROR_OK) {
65 return error;
66 }
67 uint32_t tag_key_size_bits;
68 if (key_description.GetTagValue(TAG_KEY_SIZE, &tag_key_size_bits) &&
69 *key_size_bits != tag_key_size_bits) {
70 LOG_E("Curve key size %d and specified key size %d don't match", key_size_bits,
71 tag_key_size_bits);
72 return KM_ERROR_INVALID_ARGUMENT;
73 }
74 }
75
76 return KM_ERROR_OK;
77 }
78
GenerateKey(const AuthorizationSet & key_description,UniquePtr<Key> attest_key,const KeymasterBlob & issuer_subject,KeymasterKeyBlob * key_blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced,CertificateChain * cert_chain) const79 keymaster_error_t EcKeyFactory::GenerateKey(const AuthorizationSet& key_description,
80 UniquePtr<Key> attest_key, //
81 const KeymasterBlob& issuer_subject,
82 KeymasterKeyBlob* key_blob,
83 AuthorizationSet* hw_enforced,
84 AuthorizationSet* sw_enforced,
85 CertificateChain* cert_chain) const {
86 if (!key_blob || !hw_enforced || !sw_enforced) return KM_ERROR_OUTPUT_PARAMETER_NULL;
87
88 AuthorizationSet authorizations(key_description);
89
90 keymaster_ec_curve_t ec_curve;
91 uint32_t key_size;
92 keymaster_error_t error = GetCurveAndSize(authorizations, &ec_curve, &key_size);
93 if (error != KM_ERROR_OK) {
94 return error;
95 } else if (!authorizations.Contains(TAG_KEY_SIZE, key_size)) {
96 authorizations.push_back(TAG_KEY_SIZE, key_size);
97 } else if (!authorizations.Contains(TAG_EC_CURVE, ec_curve)) {
98 authorizations.push_back(TAG_EC_CURVE, ec_curve);
99 }
100
101 UniquePtr<EC_KEY, EC_KEY_Delete> ec_key(EC_KEY_new());
102 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
103 if (ec_key.get() == nullptr || pkey.get() == nullptr) return KM_ERROR_MEMORY_ALLOCATION_FAILED;
104
105 UniquePtr<EC_GROUP, EC_GROUP_Delete> group(ChooseGroup(ec_curve));
106 if (group.get() == nullptr) {
107 LOG_E("Unable to get EC group for curve %d", ec_curve);
108 return KM_ERROR_UNSUPPORTED_KEY_SIZE;
109 }
110
111 #if !defined(OPENSSL_IS_BORINGSSL)
112 EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED);
113 EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE);
114 #endif
115
116 if (EC_KEY_set_group(ec_key.get(), group.get()) != 1 ||
117 EC_KEY_generate_key(ec_key.get()) != 1 || EC_KEY_check_key(ec_key.get()) < 0) {
118 return TranslateLastOpenSslError();
119 }
120
121 if (EVP_PKEY_set1_EC_KEY(pkey.get(), ec_key.get()) != 1) return TranslateLastOpenSslError();
122
123 KeymasterKeyBlob key_material;
124 error = EvpKeyToKeyMaterial(pkey.get(), &key_material);
125 if (error != KM_ERROR_OK) return error;
126
127 error = blob_maker_.CreateKeyBlob(authorizations, KM_ORIGIN_GENERATED, key_material, key_blob,
128 hw_enforced, sw_enforced);
129 if (error != KM_ERROR_OK) return error;
130
131 if (context_.GetKmVersion() < KmVersion::KEYMINT_1) return KM_ERROR_OK;
132 if (!cert_chain) return KM_ERROR_UNEXPECTED_NULL_POINTER;
133
134 EcKey key(*hw_enforced, *sw_enforced, this, move(ec_key));
135 if (key_description.Contains(TAG_ATTESTATION_CHALLENGE)) {
136 *cert_chain = context_.GenerateAttestation(key, key_description, move(attest_key),
137 issuer_subject, &error);
138 } else if (attest_key.get() != nullptr) {
139 return KM_ERROR_ATTESTATION_CHALLENGE_MISSING;
140 } else {
141 *cert_chain = context_.GenerateSelfSignedCertificate(
142 key, key_description, !IsCertSigningKey(key_description) /* fake_signature */, &error);
143 }
144
145 return error;
146 }
147
ImportKey(const AuthorizationSet & key_description,keymaster_key_format_t input_key_material_format,const KeymasterKeyBlob & input_key_material,UniquePtr<Key> attest_key,const KeymasterBlob & issuer_subject,KeymasterKeyBlob * output_key_blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced,CertificateChain * cert_chain) const148 keymaster_error_t EcKeyFactory::ImportKey(const AuthorizationSet& key_description, //
149 keymaster_key_format_t input_key_material_format,
150 const KeymasterKeyBlob& input_key_material,
151 UniquePtr<Key> attest_key, //
152 const KeymasterBlob& issuer_subject,
153 KeymasterKeyBlob* output_key_blob,
154 AuthorizationSet* hw_enforced,
155 AuthorizationSet* sw_enforced,
156 CertificateChain* cert_chain) const {
157 if (!output_key_blob || !hw_enforced || !sw_enforced) return KM_ERROR_OUTPUT_PARAMETER_NULL;
158
159 AuthorizationSet authorizations;
160 uint32_t key_size;
161 keymaster_error_t error = UpdateImportKeyDescription(
162 key_description, input_key_material_format, input_key_material, &authorizations, &key_size);
163 if (error != KM_ERROR_OK) return error;
164
165 error = blob_maker_.CreateKeyBlob(authorizations, KM_ORIGIN_IMPORTED, input_key_material,
166 output_key_blob, hw_enforced, sw_enforced);
167 if (error != KM_ERROR_OK) return error;
168
169 if (context_.GetKmVersion() < KmVersion::KEYMINT_1) return KM_ERROR_OK;
170 if (!cert_chain) return KM_ERROR_UNEXPECTED_NULL_POINTER;
171
172 EVP_PKEY_Ptr pkey;
173 error = KeyMaterialToEvpKey(KM_KEY_FORMAT_PKCS8, input_key_material, KM_ALGORITHM_EC, &pkey);
174 if (error != KM_ERROR_OK) return error;
175
176 EC_KEY_Ptr ec_key(EVP_PKEY_get1_EC_KEY(pkey.get()));
177 if (!ec_key.get()) return KM_ERROR_INVALID_ARGUMENT;
178
179 EcKey key(*hw_enforced, *sw_enforced, this, move(ec_key));
180 if (key_description.Contains(KM_TAG_ATTESTATION_CHALLENGE)) {
181 *cert_chain = context_.GenerateAttestation(key, key_description, move(attest_key),
182 issuer_subject, &error);
183 } else if (attest_key.get() != nullptr) {
184 return KM_ERROR_ATTESTATION_CHALLENGE_MISSING;
185 } else {
186 *cert_chain = context_.GenerateSelfSignedCertificate(
187 key, key_description, !IsCertSigningKey(key_description) /* fake_signature */, &error);
188 }
189
190 return error;
191 }
192
UpdateImportKeyDescription(const AuthorizationSet & key_description,keymaster_key_format_t key_format,const KeymasterKeyBlob & key_material,AuthorizationSet * updated_description,uint32_t * key_size_bits) const193 keymaster_error_t EcKeyFactory::UpdateImportKeyDescription(const AuthorizationSet& key_description,
194 keymaster_key_format_t key_format,
195 const KeymasterKeyBlob& key_material,
196 AuthorizationSet* updated_description,
197 uint32_t* key_size_bits) const {
198 if (!updated_description || !key_size_bits) return KM_ERROR_OUTPUT_PARAMETER_NULL;
199
200 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey;
201 keymaster_error_t error =
202 KeyMaterialToEvpKey(key_format, key_material, keymaster_key_type(), &pkey);
203 if (error != KM_ERROR_OK) return error;
204
205 UniquePtr<EC_KEY, EC_KEY_Delete> ec_key(EVP_PKEY_get1_EC_KEY(pkey.get()));
206 if (!ec_key.get()) return TranslateLastOpenSslError();
207
208 updated_description->Reinitialize(key_description);
209
210 size_t extracted_key_size_bits;
211 error = ec_get_group_size(EC_KEY_get0_group(ec_key.get()), &extracted_key_size_bits);
212 if (error != KM_ERROR_OK) return error;
213
214 *key_size_bits = extracted_key_size_bits;
215 if (!updated_description->GetTagValue(TAG_KEY_SIZE, key_size_bits)) {
216 updated_description->push_back(TAG_KEY_SIZE, extracted_key_size_bits);
217 } else if (*key_size_bits != extracted_key_size_bits) {
218 return KM_ERROR_IMPORT_PARAMETER_MISMATCH;
219 }
220
221 keymaster_ec_curve_t curve_from_size;
222 error = EcKeySizeToCurve(*key_size_bits, &curve_from_size);
223 if (error != KM_ERROR_OK) return error;
224 keymaster_ec_curve_t curve;
225 if (!updated_description->GetTagValue(TAG_EC_CURVE, &curve)) {
226 updated_description->push_back(TAG_EC_CURVE, curve_from_size);
227 } else if (curve_from_size != curve) {
228 return KM_ERROR_IMPORT_PARAMETER_MISMATCH;
229 }
230
231 keymaster_algorithm_t algorithm = KM_ALGORITHM_EC;
232 if (!updated_description->GetTagValue(TAG_ALGORITHM, &algorithm)) {
233 updated_description->push_back(TAG_ALGORITHM, KM_ALGORITHM_EC);
234 } else if (algorithm != KM_ALGORITHM_EC) {
235 return KM_ERROR_IMPORT_PARAMETER_MISMATCH;
236 }
237
238 return KM_ERROR_OK;
239 }
240
241 /* static */
ChooseGroup(size_t key_size_bits)242 EC_GROUP* EcKeyFactory::ChooseGroup(size_t key_size_bits) {
243 switch (key_size_bits) {
244 case 224:
245 return EC_GROUP_new_by_curve_name(NID_secp224r1);
246 break;
247 case 256:
248 return EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
249 break;
250 case 384:
251 return EC_GROUP_new_by_curve_name(NID_secp384r1);
252 break;
253 case 521:
254 return EC_GROUP_new_by_curve_name(NID_secp521r1);
255 break;
256 default:
257 return nullptr;
258 break;
259 }
260 }
261
262 /* static */
ChooseGroup(keymaster_ec_curve_t ec_curve)263 EC_GROUP* EcKeyFactory::ChooseGroup(keymaster_ec_curve_t ec_curve) {
264 switch (ec_curve) {
265 case KM_EC_CURVE_P_224:
266 return EC_GROUP_new_by_curve_name(NID_secp224r1);
267 break;
268 case KM_EC_CURVE_P_256:
269 return EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
270 break;
271 case KM_EC_CURVE_P_384:
272 return EC_GROUP_new_by_curve_name(NID_secp384r1);
273 break;
274 case KM_EC_CURVE_P_521:
275 return EC_GROUP_new_by_curve_name(NID_secp521r1);
276 break;
277 default:
278 return nullptr;
279 break;
280 }
281 }
282
CreateEmptyKey(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,UniquePtr<AsymmetricKey> * key) const283 keymaster_error_t EcKeyFactory::CreateEmptyKey(AuthorizationSet&& hw_enforced,
284 AuthorizationSet&& sw_enforced,
285 UniquePtr<AsymmetricKey>* key) const {
286 key->reset(new (std::nothrow) EcKey(move(hw_enforced), move(sw_enforced), this));
287 if (!(*key)) return KM_ERROR_MEMORY_ALLOCATION_FAILED;
288 return KM_ERROR_OK;
289 }
290
291 } // namespace keymaster
292