• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <keymaster/km_openssl/ecdh_operation.h>
18 
19 #include <keymaster/km_openssl/ec_key.h>
20 #include <keymaster/km_openssl/openssl_err.h>
21 #include <keymaster/km_openssl/openssl_utils.h>
22 #include <keymaster/logger.h>
23 #include <openssl/curve25519.h>
24 #include <openssl/err.h>
25 #include <vector>
26 
27 namespace keymaster {
28 
Begin(const AuthorizationSet &,AuthorizationSet *)29 keymaster_error_t EcdhOperation::Begin(const AuthorizationSet& /*input_params*/,
30                                        AuthorizationSet* /*output_params*/) {
31     auto rc = GenerateRandom(reinterpret_cast<uint8_t*>(&operation_handle_),
32                              (size_t)sizeof(operation_handle_));
33     if (rc != KM_ERROR_OK) {
34         return rc;
35     }
36     return KM_ERROR_OK;
37 }
38 
Update(const AuthorizationSet &,const Buffer &,AuthorizationSet *,Buffer *,size_t *)39 keymaster_error_t EcdhOperation::Update(const AuthorizationSet& /*additional_params*/,
40                                         const Buffer& /*input*/,
41                                         AuthorizationSet* /*output_params*/, Buffer* /*output*/,
42                                         size_t* /*input_consumed*/) {
43     return KM_ERROR_OK;
44 }
45 
Finish(const AuthorizationSet &,const Buffer & input,const Buffer &,AuthorizationSet *,Buffer * output)46 keymaster_error_t EcdhOperation::Finish(const AuthorizationSet& /*additional_params*/,
47                                         const Buffer& input, const Buffer& /*signature*/,
48                                         AuthorizationSet* /*output_params*/, Buffer* output) {
49     const unsigned char* encodedPublicKey = input.begin();
50     EVP_PKEY* pkeyRaw = d2i_PUBKEY(nullptr, &encodedPublicKey, input.available_read());
51     if (pkeyRaw == nullptr) {
52         LOG_E("Error decoding key", 0);
53         return KM_ERROR_INVALID_ARGUMENT;
54     }
55     auto pkey = EVP_PKEY_Ptr(pkeyRaw);
56 
57     auto ctx = EVP_PKEY_CTX_Ptr(EVP_PKEY_CTX_new(ecdh_key_.get(), nullptr));
58     if (ctx.get() == nullptr) {
59         LOG_E("Memory allocation failed", 0);
60         return TranslateLastOpenSslError();
61     }
62     if (EVP_PKEY_derive_init(ctx.get()) != 1) {
63         LOG_E("Context initialization failed", 0);
64         return TranslateLastOpenSslError();
65     }
66     if (EVP_PKEY_derive_set_peer(ctx.get(), pkey.get()) != 1) {
67         LOG_E("Error setting peer key", 0);
68         return KM_ERROR_INVALID_ARGUMENT;
69     }
70     size_t sharedSecretLen = 0;
71     if (EVP_PKEY_derive(ctx.get(), nullptr, &sharedSecretLen) != 1) {
72         LOG_E("Error deriving key", 0);
73         return TranslateLastOpenSslError();
74     }
75     if (!output->reserve(sharedSecretLen)) {
76         LOG_E("Error reserving data in output buffer", 0);
77         return KM_ERROR_MEMORY_ALLOCATION_FAILED;
78     }
79     if (EVP_PKEY_derive(ctx.get(), output->peek_write(), &sharedSecretLen) != 1) {
80         LOG_E("Error deriving key", 0);
81         return TranslateLastOpenSslError();
82     }
83     output->advance_write(sharedSecretLen);
84 
85     return KM_ERROR_OK;
86 }
87 
Finish(const AuthorizationSet &,const Buffer & input,const Buffer &,AuthorizationSet *,Buffer * output)88 keymaster_error_t X25519Operation::Finish(const AuthorizationSet& /*additional_params*/,
89                                           const Buffer& input, const Buffer& /*signature*/,
90                                           AuthorizationSet* /*output_params*/, Buffer* output) {
91     // Retrieve the peer X25519 key from within the ASN.1 SubjectPublicKeyInfo.
92     const unsigned char* encodedPublicKey = input.begin();
93     EVP_PKEY* pkeyRaw = d2i_PUBKEY(nullptr, &encodedPublicKey, input.available_read());
94     if (pkeyRaw == nullptr) {
95         LOG_E("Error decoding key", 0);
96         return KM_ERROR_INVALID_ARGUMENT;
97     }
98     auto pkey = EVP_PKEY_Ptr(pkeyRaw);
99 
100     int pkey_type = EVP_PKEY_id(pkey.get());
101     if (pkey_type != EVP_PKEY_X25519) {
102         LOG_E("Unexpected peer public key type %d", pkey_type);
103         return KM_ERROR_INVALID_ARGUMENT;
104     }
105 
106     size_t pub_key_len = X25519_PUBLIC_VALUE_LEN;
107     uint8_t pub_key[X25519_PUBLIC_VALUE_LEN];
108     if (EVP_PKEY_get_raw_public_key(pkey.get(), pub_key, &pub_key_len) == 0) {
109         LOG_E("Error extracting key", 0);
110         return KM_ERROR_INVALID_ARGUMENT;
111     }
112     if (pub_key_len != X25519_PUBLIC_VALUE_LEN) {
113         LOG_E("Invalid length %d of peer key", pub_key_len);
114         return KM_ERROR_INVALID_ARGUMENT;
115     }
116 
117     size_t key_len = X25519_PRIVATE_KEY_LEN;
118     uint8_t priv_key[X25519_PRIVATE_KEY_LEN];
119     if (EVP_PKEY_get_raw_private_key(ecdh_key_.get(), priv_key, &key_len) == 0) {
120         return TranslateLastOpenSslError();
121     }
122     if (key_len != X25519_PRIVATE_KEY_LEN) {
123         return KM_ERROR_UNKNOWN_ERROR;
124     }
125     if (!output->reserve(X25519_SHARED_KEY_LEN)) {
126         LOG_E("Error reserving data in output buffer", 0);
127         return KM_ERROR_MEMORY_ALLOCATION_FAILED;
128     }
129     if (X25519(output->peek_write(), priv_key, pub_key) != 1) {
130         LOG_E("Error deriving key", 0);
131         return TranslateLastOpenSslError();
132     }
133     output->advance_write(X25519_SHARED_KEY_LEN);
134 
135     return KM_ERROR_OK;
136 }
137 
CreateOperation(Key && key,const AuthorizationSet &,keymaster_error_t * error)138 OperationPtr EcdhOperationFactory::CreateOperation(Key&& key,
139                                                    const AuthorizationSet& /*begin_params*/,
140                                                    keymaster_error_t* error) {
141     const AsymmetricKey& ecdh_key = static_cast<AsymmetricKey&>(key);
142 
143     EVP_PKEY_Ptr pkey(ecdh_key.InternalToEvp());
144     if (pkey.get() == nullptr) {
145         *error = KM_ERROR_UNKNOWN_ERROR;
146         return nullptr;
147     }
148 
149     *error = KM_ERROR_OK;
150 
151     EcdhOperation* op = nullptr;
152     switch (EVP_PKEY_type(pkey->type)) {
153     case EVP_PKEY_X25519:
154         op = new (std::nothrow) X25519Operation(move(key.hw_enforced_move()),
155                                                 move(key.sw_enforced_move()), pkey.release());
156         break;
157     case EVP_PKEY_EC:
158         op = new (std::nothrow) EcdhOperation(move(key.hw_enforced_move()),
159                                               move(key.sw_enforced_move()), pkey.release());
160         break;
161     default:
162         *error = KM_ERROR_UNKNOWN_ERROR;
163         return nullptr;
164     }
165 
166     if (!op) {
167         *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
168         return nullptr;
169     }
170     return OperationPtr(op);
171 }
172 
173 }  // namespace keymaster
174