1 /*
2 * Copyright (C) 2012 Samsung Electronics Co., LTD
3 * Copyright (C) 2012 The Android Open Source Project
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 #include <errno.h>
19 #include <string.h>
20 #include <stdint.h>
21
22 #include <keystore.h>
23
24 #include <hardware/hardware.h>
25 #include <hardware/keymaster.h>
26
27 #include <openssl/evp.h>
28 #include <openssl/bio.h>
29 #include <openssl/rsa.h>
30 #include <openssl/err.h>
31 #include <openssl/x509.h>
32
33 #include <utils/UniquePtr.h>
34
35 #define LOG_TAG "ExynosKeyMaster"
36 #include <cutils/log.h>
37
38 #include <tlcTeeKeymaster_if.h>
39
40 #define RSA_KEY_BUFFER_SIZE 1536
41 #define RSA_KEY_MAX_SIZE (2048 >> 3)
42
43 struct BIGNUM_Delete {
operator ()BIGNUM_Delete44 void operator()(BIGNUM* p) const {
45 BN_free(p);
46 }
47 };
48 typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
49
50 struct EVP_PKEY_Delete {
operator ()EVP_PKEY_Delete51 void operator()(EVP_PKEY* p) const {
52 EVP_PKEY_free(p);
53 }
54 };
55 typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
56
57 struct PKCS8_PRIV_KEY_INFO_Delete {
operator ()PKCS8_PRIV_KEY_INFO_Delete58 void operator()(PKCS8_PRIV_KEY_INFO* p) const {
59 PKCS8_PRIV_KEY_INFO_free(p);
60 }
61 };
62 typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
63
64 struct RSA_Delete {
operator ()RSA_Delete65 void operator()(RSA* p) const {
66 RSA_free(p);
67 }
68 };
69 typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
70
71 typedef UniquePtr<keymaster_device_t> Unique_keymaster_device_t;
72
73 /**
74 * Many OpenSSL APIs take ownership of an argument on success but don't free the argument
75 * on failure. This means we need to tell our scoped pointers when we've transferred ownership,
76 * without triggering a warning by not using the result of release().
77 */
78 #define OWNERSHIP_TRANSFERRED(obj) \
79 typeof (obj.release()) _dummy __attribute__((unused)) = obj.release()
80
81 /*
82 * Checks this thread's error queue and logs if necessary.
83 */
logOpenSSLError(const char * location)84 static void logOpenSSLError(const char* location) {
85 int error = ERR_get_error();
86
87 if (error != 0) {
88 char message[256];
89 ERR_error_string_n(error, message, sizeof(message));
90 ALOGE("OpenSSL error in %s %d: %s", location, error, message);
91 }
92
93 ERR_clear_error();
94 ERR_remove_state(0);
95 }
96
exynos_km_generate_keypair(const keymaster_device_t * dev,const keymaster_keypair_t key_type,const void * key_params,uint8_t ** keyBlob,size_t * keyBlobLength)97 static int exynos_km_generate_keypair(const keymaster_device_t* dev,
98 const keymaster_keypair_t key_type, const void* key_params,
99 uint8_t** keyBlob, size_t* keyBlobLength) {
100 teeResult_t ret = TEE_ERR_NONE;
101
102 if (key_type != TYPE_RSA) {
103 ALOGE("Unsupported key type %d", key_type);
104 return -1;
105 } else if (key_params == NULL) {
106 ALOGE("key_params == null");
107 return -1;
108 }
109
110 keymaster_rsa_keygen_params_t* rsa_params = (keymaster_rsa_keygen_params_t*) key_params;
111
112 if ((rsa_params->modulus_size != 512) &&
113 (rsa_params->modulus_size != 1024) &&
114 (rsa_params->modulus_size != 2048)) {
115 ALOGE("key size(%d) is not supported\n", rsa_params->modulus_size);
116 return -1;
117 }
118
119 UniquePtr<uint8_t> keyDataPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_BUFFER_SIZE)));
120 if (keyDataPtr.get() == NULL) {
121 ALOGE("memory allocation is failed");
122 return -1;
123 }
124
125 ret = TEE_RSAGenerateKeyPair(TEE_KEYPAIR_RSACRT, keyDataPtr.get(), RSA_KEY_BUFFER_SIZE,
126 rsa_params->modulus_size, (uint32_t)rsa_params->public_exponent,
127 keyBlobLength);
128 if (ret != TEE_ERR_NONE) {
129 ALOGE("TEE_RSAGenerateKeyPair() is failed: %d", ret);
130 return -1;
131 }
132
133 *keyBlob = keyDataPtr.release();
134
135 return 0;
136 }
137
exynos_km_import_keypair(const keymaster_device_t * dev,const uint8_t * key,const size_t key_length,uint8_t ** key_blob,size_t * key_blob_length)138 static int exynos_km_import_keypair(const keymaster_device_t* dev,
139 const uint8_t* key, const size_t key_length,
140 uint8_t** key_blob, size_t* key_blob_length) {
141 uint8_t kbuf[RSA_KEY_BUFFER_SIZE];
142 teeRsaKeyMeta_t metadata;
143 uint32_t key_len = 0;
144 teeResult_t ret = TEE_ERR_NONE;
145
146 if (key == NULL) {
147 ALOGE("input key == NULL");
148 return -1;
149 } else if (key_blob == NULL || key_blob_length == NULL) {
150 ALOGE("output key blob or length == NULL");
151 return -1;
152 }
153
154 /* decoding */
155 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length));
156 if (pkcs8.get() == NULL) {
157 logOpenSSLError("pkcs4.get");
158 return -1;
159 }
160
161 /* assign to EVP */
162 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get()));
163 if (pkey.get() == NULL) {
164 logOpenSSLError("pkey.get");
165 return -1;
166 }
167 OWNERSHIP_TRANSFERRED(pkcs8);
168
169 /* change key format */
170 RSA* rsa = pkey.get()->pkey.rsa;
171 if (rsa == NULL) {
172 logOpenSSLError("get rsa key format");
173 return -1;
174 }
175
176 key_len += sizeof(metadata);
177
178 metadata.lenpubmod = BN_bn2bin(rsa->n, kbuf + key_len);
179 key_len += metadata.lenpubmod;
180 if (metadata.lenpubmod == (512 >> 3))
181 metadata.keysize = TEE_RSA_KEY_SIZE_512;
182 else if (metadata.lenpubmod == (1024 >> 3))
183 metadata.keysize = TEE_RSA_KEY_SIZE_1024;
184 else if (metadata.lenpubmod == (2048 >> 3))
185 metadata.keysize = TEE_RSA_KEY_SIZE_2048;
186 else {
187 ALOGE("key size(%d) is not supported\n", metadata.lenpubmod << 3);
188 return -1;
189 }
190
191 metadata.lenpubexp = BN_bn2bin(rsa->e, kbuf + key_len);
192 key_len += metadata.lenpubexp;
193
194 if ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) &&
195 (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))
196 {
197 metadata.keytype = TEE_KEYPAIR_RSACRT;
198 metadata.rsacrtpriv.lenp = BN_bn2bin(rsa->p, kbuf + key_len);
199 key_len += metadata.rsacrtpriv.lenp;
200 metadata.rsacrtpriv.lenq = BN_bn2bin(rsa->q, kbuf + key_len);
201 key_len += metadata.rsacrtpriv.lenq;
202 metadata.rsacrtpriv.lendp = BN_bn2bin(rsa->dmp1, kbuf + key_len);
203 key_len += metadata.rsacrtpriv.lendp;
204 metadata.rsacrtpriv.lendq = BN_bn2bin(rsa->dmq1, kbuf + key_len);
205 key_len += metadata.rsacrtpriv.lendq;
206 metadata.rsacrtpriv.lenqinv = BN_bn2bin(rsa->iqmp, kbuf + key_len);
207 key_len += metadata.rsacrtpriv.lenqinv;
208 } else {
209 metadata.keytype = TEE_KEYPAIR_RSA;
210 metadata.rsapriv.lenpriexp = BN_bn2bin(rsa->p, kbuf + key_len);
211 key_len += metadata.rsapriv.lenprimod;
212 }
213 memcpy(kbuf, &metadata, sizeof(metadata));
214
215 UniquePtr<uint8_t> outPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_BUFFER_SIZE)));
216 if (outPtr.get() == NULL) {
217 ALOGE("memory allocation is failed");
218 return -1;
219 }
220
221 *key_blob_length = RSA_KEY_BUFFER_SIZE;
222
223 ret = TEE_KeyImport(kbuf, key_len, outPtr.get(), key_blob_length);
224 if (ret != TEE_ERR_NONE) {
225 ALOGE("TEE_KeyImport() is failed: %d", ret);
226 return -1;
227 }
228
229 *key_blob = outPtr.release();
230
231 return 0;
232 }
233
exynos_km_get_keypair_public(const struct keymaster_device * dev,const uint8_t * key_blob,const size_t key_blob_length,uint8_t ** x509_data,size_t * x509_data_length)234 static int exynos_km_get_keypair_public(const struct keymaster_device* dev,
235 const uint8_t* key_blob, const size_t key_blob_length,
236 uint8_t** x509_data, size_t* x509_data_length) {
237 uint32_t bin_mod_len;
238 uint32_t bin_exp_len;
239 teeResult_t ret = TEE_ERR_NONE;
240
241 if (x509_data == NULL || x509_data_length == NULL) {
242 ALOGE("output public key buffer == NULL");
243 return -1;
244 }
245
246 UniquePtr<uint8_t> binModPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_MAX_SIZE)));
247 if (binModPtr.get() == NULL) {
248 ALOGE("memory allocation is failed");
249 return -1;
250 }
251
252 UniquePtr<uint8_t> binExpPtr(reinterpret_cast<uint8_t*>(malloc(sizeof(uint32_t))));
253 if (binExpPtr.get() == NULL) {
254 ALOGE("memory allocation is failed");
255 return -1;
256 }
257
258 bin_mod_len = RSA_KEY_MAX_SIZE;
259 bin_exp_len = sizeof(uint32_t);
260
261 ret = TEE_GetPubKey(key_blob, key_blob_length, binModPtr.get(), &bin_mod_len, binExpPtr.get(),
262 &bin_exp_len);
263 if (ret != TEE_ERR_NONE) {
264 ALOGE("TEE_GetPubKey() is failed: %d", ret);
265 return -1;
266 }
267
268 Unique_BIGNUM bn_mod(BN_new());
269 if (bn_mod.get() == NULL) {
270 ALOGE("memory allocation is failed");
271 return -1;
272 }
273
274 Unique_BIGNUM bn_exp(BN_new());
275 if (bn_exp.get() == NULL) {
276 ALOGE("memory allocation is failed");
277 return -1;
278 }
279
280 BN_bin2bn(binModPtr.get(), bin_mod_len, bn_mod.get());
281 BN_bin2bn(binExpPtr.get(), bin_exp_len, bn_exp.get());
282
283 /* assign to RSA */
284 Unique_RSA rsa(RSA_new());
285 if (rsa.get() == NULL) {
286 logOpenSSLError("rsa.get");
287 return -1;
288 }
289
290 RSA* rsa_tmp = rsa.get();
291
292 rsa_tmp->n = bn_mod.release();
293 rsa_tmp->e = bn_exp.release();
294
295 /* assign to EVP */
296 Unique_EVP_PKEY pkey(EVP_PKEY_new());
297 if (pkey.get() == NULL) {
298 logOpenSSLError("allocate EVP_PKEY");
299 return -1;
300 }
301
302 if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) == 0) {
303 logOpenSSLError("assing RSA to EVP_PKEY");
304 return -1;
305 }
306 OWNERSHIP_TRANSFERRED(rsa);
307
308 /* change to x.509 format */
309 int len = i2d_PUBKEY(pkey.get(), NULL);
310 if (len <= 0) {
311 logOpenSSLError("i2d_PUBKEY");
312 return -1;
313 }
314
315 UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len)));
316 if (key.get() == NULL) {
317 ALOGE("Could not allocate memory for public key data");
318 return -1;
319 }
320
321 unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
322 if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
323 logOpenSSLError("Compare results");
324 return -1;
325 }
326
327 *x509_data_length = len;
328 *x509_data = key.release();
329
330 return 0;
331 }
332
exynos_km_sign_data(const keymaster_device_t * dev,const void * params,const uint8_t * keyBlob,const size_t keyBlobLength,const uint8_t * data,const size_t dataLength,uint8_t ** signedData,size_t * signedDataLength)333 static int exynos_km_sign_data(const keymaster_device_t* dev,
334 const void* params,
335 const uint8_t* keyBlob, const size_t keyBlobLength,
336 const uint8_t* data, const size_t dataLength,
337 uint8_t** signedData, size_t* signedDataLength) {
338 teeResult_t ret = TEE_ERR_NONE;
339
340 if (data == NULL) {
341 ALOGE("input data to sign == NULL");
342 return -1;
343 } else if (signedData == NULL || signedDataLength == NULL) {
344 ALOGE("output signature buffer == NULL");
345 return -1;
346 }
347
348 keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
349 if (sign_params->digest_type != DIGEST_NONE) {
350 ALOGE("Cannot handle digest type %d", sign_params->digest_type);
351 return -1;
352 } else if (sign_params->padding_type != PADDING_NONE) {
353 ALOGE("Cannot handle padding type %d", sign_params->padding_type);
354 return -1;
355 }
356
357 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_MAX_SIZE)));
358 if (signedDataPtr.get() == NULL) {
359 ALOGE("memory allocation is failed");
360 return -1;
361 }
362
363 *signedDataLength = RSA_KEY_MAX_SIZE;
364
365 ret = TEE_RSASign(keyBlob, keyBlobLength, data, dataLength, signedDataPtr.get(),
366 signedDataLength, TEE_RSA_NODIGEST_NOPADDING);
367 if (ret != TEE_ERR_NONE) {
368 ALOGE("TEE_RSASign() is failed: %d", ret);
369 return -1;
370 }
371
372 *signedData = signedDataPtr.release();
373
374 return 0;
375 }
376
exynos_km_verify_data(const keymaster_device_t * dev,const void * params,const uint8_t * keyBlob,const size_t keyBlobLength,const uint8_t * signedData,const size_t signedDataLength,const uint8_t * signature,const size_t signatureLength)377 static int exynos_km_verify_data(const keymaster_device_t* dev,
378 const void* params,
379 const uint8_t* keyBlob, const size_t keyBlobLength,
380 const uint8_t* signedData, const size_t signedDataLength,
381 const uint8_t* signature, const size_t signatureLength) {
382 bool result;
383 teeResult_t ret = TEE_ERR_NONE;
384
385 if (signedData == NULL || signature == NULL) {
386 ALOGE("data or signature buffers == NULL");
387 return -1;
388 }
389
390 keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
391 if (sign_params->digest_type != DIGEST_NONE) {
392 ALOGE("Cannot handle digest type %d", sign_params->digest_type);
393 return -1;
394 } else if (sign_params->padding_type != PADDING_NONE) {
395 ALOGE("Cannot handle padding type %d", sign_params->padding_type);
396 return -1;
397 } else if (signatureLength != signedDataLength) {
398 ALOGE("signed data length must be signature length");
399 return -1;
400 }
401
402 ret = TEE_RSAVerify(keyBlob, keyBlobLength, signedData, signedDataLength, signature,
403 signatureLength, TEE_RSA_NODIGEST_NOPADDING, &result);
404 if (ret != TEE_ERR_NONE) {
405 ALOGE("TEE_RSAVerify() is failed: %d", ret);
406 return -1;
407 }
408
409 return (result == true) ? 0 : -1;
410 }
411
412 /* Close an opened Exynos KM instance */
exynos_km_close(hw_device_t * dev)413 static int exynos_km_close(hw_device_t *dev) {
414 free(dev);
415 return 0;
416 }
417
418 /*
419 * Generic device handling
420 */
exynos_km_open(const hw_module_t * module,const char * name,hw_device_t ** device)421 static int exynos_km_open(const hw_module_t* module, const char* name,
422 hw_device_t** device) {
423 if (strcmp(name, KEYSTORE_KEYMASTER) != 0)
424 return -EINVAL;
425
426 Unique_keymaster_device_t dev(new keymaster_device_t);
427 if (dev.get() == NULL)
428 return -ENOMEM;
429
430 dev->common.tag = HARDWARE_DEVICE_TAG;
431 dev->common.version = 1;
432 dev->common.module = (struct hw_module_t*) module;
433 dev->common.close = exynos_km_close;
434
435 dev->flags = KEYMASTER_SOFTWARE_ONLY;
436
437 dev->generate_keypair = exynos_km_generate_keypair;
438 dev->import_keypair = exynos_km_import_keypair;
439 dev->get_keypair_public = exynos_km_get_keypair_public;
440 dev->delete_keypair = NULL;
441 dev->delete_all = NULL;
442 dev->sign_data = exynos_km_sign_data;
443 dev->verify_data = exynos_km_verify_data;
444
445 ERR_load_crypto_strings();
446 ERR_load_BIO_strings();
447
448 *device = reinterpret_cast<hw_device_t*>(dev.release());
449
450 return 0;
451 }
452
453 static struct hw_module_methods_t keystore_module_methods = {
454 open: exynos_km_open,
455 };
456
457 struct keystore_module HAL_MODULE_INFO_SYM
458 __attribute__ ((visibility ("default"))) = {
459 common: {
460 tag: HARDWARE_MODULE_TAG,
461 version_major: 1,
462 version_minor: 0,
463 id: KEYSTORE_HARDWARE_MODULE_ID,
464 name: "Keymaster Exynos HAL",
465 author: "Samsung S.LSI",
466 methods: &keystore_module_methods,
467 dso: 0,
468 reserved: {},
469 },
470 };
471