• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <keymaster/km_openssl/ecdh_operation.h>
18 
19 #include <utility>
20 #include <vector>
21 
22 #include <keymaster/km_openssl/ec_key.h>
23 #include <keymaster/km_openssl/openssl_err.h>
24 #include <keymaster/km_openssl/openssl_utils.h>
25 #include <keymaster/logger.h>
26 #include <openssl/curve25519.h>
27 #include <openssl/err.h>
28 
29 namespace keymaster {
30 
Begin(const AuthorizationSet &,AuthorizationSet *)31 keymaster_error_t EcdhOperation::Begin(const AuthorizationSet& /*input_params*/,
32                                        AuthorizationSet* /*output_params*/) {
33     auto rc = GenerateRandom(reinterpret_cast<uint8_t*>(&operation_handle_),
34                              (size_t)sizeof(operation_handle_));
35     if (rc != KM_ERROR_OK) {
36         return rc;
37     }
38     return KM_ERROR_OK;
39 }
40 
Update(const AuthorizationSet &,const Buffer &,AuthorizationSet *,Buffer *,size_t *)41 keymaster_error_t EcdhOperation::Update(const AuthorizationSet& /*additional_params*/,
42                                         const Buffer& /*input*/,
43                                         AuthorizationSet* /*output_params*/, Buffer* /*output*/,
44                                         size_t* /*input_consumed*/) {
45     return KM_ERROR_OK;
46 }
47 
Finish(const AuthorizationSet &,const Buffer & input,const Buffer &,AuthorizationSet *,Buffer * output)48 keymaster_error_t EcdhOperation::Finish(const AuthorizationSet& /*additional_params*/,
49                                         const Buffer& input, const Buffer& /*signature*/,
50                                         AuthorizationSet* /*output_params*/, Buffer* output) {
51     const unsigned char* encodedPublicKey = input.begin();
52     EVP_PKEY* pkeyRaw = d2i_PUBKEY(nullptr, &encodedPublicKey, input.available_read());
53     if (pkeyRaw == nullptr) {
54         LOG_E("Error decoding key", 0);
55         return KM_ERROR_INVALID_ARGUMENT;
56     }
57     auto pkey = EVP_PKEY_Ptr(pkeyRaw);
58 
59     auto ctx = EVP_PKEY_CTX_Ptr(EVP_PKEY_CTX_new(ecdh_key_.get(), nullptr));
60     if (ctx.get() == nullptr) {
61         LOG_E("Memory allocation failed", 0);
62         return TranslateLastOpenSslError();
63     }
64     if (EVP_PKEY_derive_init(ctx.get()) != 1) {
65         LOG_E("Context initialization failed", 0);
66         return TranslateLastOpenSslError();
67     }
68     if (EVP_PKEY_derive_set_peer(ctx.get(), pkey.get()) != 1) {
69         LOG_E("Error setting peer key", 0);
70         return KM_ERROR_INVALID_ARGUMENT;
71     }
72     size_t sharedSecretLen = 0;
73     if (EVP_PKEY_derive(ctx.get(), nullptr, &sharedSecretLen) != 1) {
74         LOG_E("Error deriving key", 0);
75         return TranslateLastOpenSslError();
76     }
77     if (!output->reserve(sharedSecretLen)) {
78         LOG_E("Error reserving data in output buffer", 0);
79         return KM_ERROR_MEMORY_ALLOCATION_FAILED;
80     }
81     if (EVP_PKEY_derive(ctx.get(), output->peek_write(), &sharedSecretLen) != 1) {
82         LOG_E("Error deriving key", 0);
83         return TranslateLastOpenSslError();
84     }
85     output->advance_write(sharedSecretLen);
86 
87     return KM_ERROR_OK;
88 }
89 
Finish(const AuthorizationSet &,const Buffer & input,const Buffer &,AuthorizationSet *,Buffer * output)90 keymaster_error_t X25519Operation::Finish(const AuthorizationSet& /*additional_params*/,
91                                           const Buffer& input, const Buffer& /*signature*/,
92                                           AuthorizationSet* /*output_params*/, Buffer* output) {
93     // Retrieve the peer X25519 key from within the ASN.1 SubjectPublicKeyInfo.
94     const unsigned char* encodedPublicKey = input.begin();
95     EVP_PKEY* pkeyRaw = d2i_PUBKEY(nullptr, &encodedPublicKey, input.available_read());
96     if (pkeyRaw == nullptr) {
97         LOG_E("Error decoding key", 0);
98         return KM_ERROR_INVALID_ARGUMENT;
99     }
100     auto pkey = EVP_PKEY_Ptr(pkeyRaw);
101 
102     int pkey_type = EVP_PKEY_id(pkey.get());
103     if (pkey_type != EVP_PKEY_X25519) {
104         LOG_E("Unexpected peer public key type %d", pkey_type);
105         return KM_ERROR_INVALID_ARGUMENT;
106     }
107 
108     size_t pub_key_len = X25519_PUBLIC_VALUE_LEN;
109     uint8_t pub_key[X25519_PUBLIC_VALUE_LEN];
110     if (EVP_PKEY_get_raw_public_key(pkey.get(), pub_key, &pub_key_len) == 0) {
111         LOG_E("Error extracting key", 0);
112         return KM_ERROR_INVALID_ARGUMENT;
113     }
114     if (pub_key_len != X25519_PUBLIC_VALUE_LEN) {
115         LOG_E("Invalid length %d of peer key", pub_key_len);
116         return KM_ERROR_INVALID_ARGUMENT;
117     }
118 
119     size_t key_len = X25519_PRIVATE_KEY_LEN;
120     uint8_t priv_key[X25519_PRIVATE_KEY_LEN];
121     if (EVP_PKEY_get_raw_private_key(ecdh_key_.get(), priv_key, &key_len) == 0) {
122         return TranslateLastOpenSslError();
123     }
124     if (key_len != X25519_PRIVATE_KEY_LEN) {
125         return KM_ERROR_UNKNOWN_ERROR;
126     }
127     if (!output->reserve(X25519_SHARED_KEY_LEN)) {
128         LOG_E("Error reserving data in output buffer", 0);
129         return KM_ERROR_MEMORY_ALLOCATION_FAILED;
130     }
131     if (X25519(output->peek_write(), priv_key, pub_key) != 1) {
132         LOG_E("Error deriving key", 0);
133         return TranslateLastOpenSslError();
134     }
135     output->advance_write(X25519_SHARED_KEY_LEN);
136 
137     return KM_ERROR_OK;
138 }
139 
CreateOperation(Key && key,const AuthorizationSet &,keymaster_error_t * error)140 OperationPtr EcdhOperationFactory::CreateOperation(Key&& key,
141                                                    const AuthorizationSet& /*begin_params*/,
142                                                    keymaster_error_t* error) {
143     const AsymmetricKey& ecdh_key = static_cast<AsymmetricKey&>(key);
144 
145     EVP_PKEY_Ptr pkey(ecdh_key.InternalToEvp());
146     if (pkey.get() == nullptr) {
147         *error = KM_ERROR_UNKNOWN_ERROR;
148         return nullptr;
149     }
150 
151     *error = KM_ERROR_OK;
152 
153     EcdhOperation* op = nullptr;
154     switch (EVP_PKEY_id(pkey.get())) {
155     case EVP_PKEY_X25519:
156         op = new (std::nothrow) X25519Operation(std::move(key.hw_enforced_move()),
157                                                 std::move(key.sw_enforced_move()), pkey.release());
158         break;
159     case EVP_PKEY_EC:
160         op = new (std::nothrow) EcdhOperation(std::move(key.hw_enforced_move()),
161                                               std::move(key.sw_enforced_move()), pkey.release());
162         break;
163     default:
164         *error = KM_ERROR_UNKNOWN_ERROR;
165         return nullptr;
166     }
167 
168     if (!op) {
169         *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
170         return nullptr;
171     }
172     return OperationPtr(op);
173 }
174 
175 }  // namespace keymaster
176