12beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden/* 22beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * Copyright 2015 The Android Open Source Project 32beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * 42beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * Licensed under the Apache License, Version 2.0 (the "License"); 52beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * you may not use this file except in compliance with the License. 62beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * You may obtain a copy of the License at 72beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * 82beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * http://www.apache.org/licenses/LICENSE-2.0 92beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * 102beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * Unless required by applicable law or agreed to in writing, software 112beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * distributed under the License is distributed on an "AS IS" BASIS, 122beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 132beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * See the License for the specific language governing permissions and 142beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden * limitations under the License. 152beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden */ 162beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 17f54cc93ccf57a94f9a2c660dbf3e06494adf178dJanis Danisevskis#include <keymaster/legacy_support/rsa_keymaster0_key.h> 182beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 192beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden#include <memory> 202beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 210629810b145187575bc26c910dded0d24c64569dShawn Willden#include <keymaster/android_keymaster_utils.h> 22f54cc93ccf57a94f9a2c660dbf3e06494adf178dJanis Danisevskis#include <keymaster/contexts/soft_keymaster_context.h> 23f54cc93ccf57a94f9a2c660dbf3e06494adf178dJanis Danisevskis#include <keymaster/km_openssl/openssl_utils.h> 24f54cc93ccf57a94f9a2c660dbf3e06494adf178dJanis Danisevskis#include <keymaster/legacy_support/keymaster0_engine.h> 250629810b145187575bc26c910dded0d24c64569dShawn Willden#include <keymaster/logger.h> 262beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 272beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 282beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willdenusing std::unique_ptr; 292beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 302beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willdennamespace keymaster { 312beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 32da157a3b17b315c1c36f346c18037656946755aaJanis DanisevskisRsaKeymaster0KeyFactory::RsaKeymaster0KeyFactory(const SoftwareKeyBlobMaker* blob_maker, 332beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden const Keymaster0Engine* engine) 34da157a3b17b315c1c36f346c18037656946755aaJanis Danisevskis : RsaKeyFactory(blob_maker), engine_(engine) {} 352beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 362beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willdenkeymaster_error_t RsaKeymaster0KeyFactory::GenerateKey(const AuthorizationSet& key_description, 372beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden KeymasterKeyBlob* key_blob, 382beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden AuthorizationSet* hw_enforced, 390629810b145187575bc26c910dded0d24c64569dShawn Willden AuthorizationSet* sw_enforced) const { 402beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden if (!key_blob || !hw_enforced || !sw_enforced) 412beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden return KM_ERROR_OUTPUT_PARAMETER_NULL; 422beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 432beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden uint64_t public_exponent; 442beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden if (!key_description.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent)) { 452beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden LOG_E("%s", "No public exponent specified for RSA key generation"); 462beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden return KM_ERROR_INVALID_ARGUMENT; 472beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden } 482beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 492beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden uint32_t key_size; 502beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden if (!key_description.GetTagValue(TAG_KEY_SIZE, &key_size)) { 512beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden LOG_E("%s", "No key size specified for RSA key generation"); 522beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden return KM_ERROR_UNSUPPORTED_KEY_SIZE; 532beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden } 542beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 552beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden KeymasterKeyBlob key_material; 562beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden if (!engine_->GenerateRsaKey(public_exponent, key_size, &key_material)) 572beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden return KM_ERROR_UNKNOWN_ERROR; 582beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 592beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden // These tags are hardware-enforced. Putting them in the hw_enforced set here will ensure that 60da157a3b17b315c1c36f346c18037656946755aaJanis Danisevskis // blob_maker_->CreateKeyBlob doesn't put them in sw_enforced. 612beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); 622beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent); 632beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden hw_enforced->push_back(TAG_KEY_SIZE, key_size); 6434f09c52b08e654b8b76d9796240a5104c13a4a8Shawn Willden hw_enforced->push_back(TAG_ORIGIN, KM_ORIGIN_UNKNOWN); 652beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 66da157a3b17b315c1c36f346c18037656946755aaJanis Danisevskis return blob_maker_.CreateKeyBlob(key_description, KM_ORIGIN_UNKNOWN, key_material, key_blob, 67da157a3b17b315c1c36f346c18037656946755aaJanis Danisevskis hw_enforced, sw_enforced); 682beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden} 692beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 702beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willdenkeymaster_error_t RsaKeymaster0KeyFactory::ImportKey( 712beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden const AuthorizationSet& key_description, keymaster_key_format_t input_key_material_format, 722beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden const KeymasterKeyBlob& input_key_material, KeymasterKeyBlob* output_key_blob, 730629810b145187575bc26c910dded0d24c64569dShawn Willden AuthorizationSet* hw_enforced, AuthorizationSet* sw_enforced) const { 742beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden if (!output_key_blob || !hw_enforced || !sw_enforced) 752beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden return KM_ERROR_OUTPUT_PARAMETER_NULL; 762beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 772beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden AuthorizationSet authorizations; 782beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden uint64_t public_exponent; 792beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden uint32_t key_size; 802beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden keymaster_error_t error = 812beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden UpdateImportKeyDescription(key_description, input_key_material_format, input_key_material, 822beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden &authorizations, &public_exponent, &key_size); 832beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden if (error != KM_ERROR_OK) 842beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden return error; 852beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 862beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden KeymasterKeyBlob imported_hw_key; 876270aca8571399aca8ea538acd7386ddecdcc112Shawn Willden if (!engine_->ImportKey(input_key_material_format, input_key_material, &imported_hw_key)) 882beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden return KM_ERROR_UNKNOWN_ERROR; 892beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 902beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden // These tags are hardware-enforced. Putting them in the hw_enforced set here will ensure that 91da157a3b17b315c1c36f346c18037656946755aaJanis Danisevskis // blob_maker_->CreateKeyBlob doesn't put them in sw_enforced. 922beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); 932beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent); 942beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden hw_enforced->push_back(TAG_KEY_SIZE, key_size); 9534f09c52b08e654b8b76d9796240a5104c13a4a8Shawn Willden hw_enforced->push_back(TAG_ORIGIN, KM_ORIGIN_UNKNOWN); 962beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 97da157a3b17b315c1c36f346c18037656946755aaJanis Danisevskis return blob_maker_.CreateKeyBlob(authorizations, KM_ORIGIN_UNKNOWN, imported_hw_key, 98da157a3b17b315c1c36f346c18037656946755aaJanis Danisevskis output_key_blob, hw_enforced, sw_enforced); 992beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden} 1002beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 10159c6af81b6b510dd991ab04b8d65f1bab966d0c8Janis Danisevskiskeymaster_error_t RsaKeymaster0KeyFactory::LoadKey(KeymasterKeyBlob&& key_material, 102d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden const AuthorizationSet& additional_params, 10359c6af81b6b510dd991ab04b8d65f1bab966d0c8Janis Danisevskis AuthorizationSet&& hw_enforced, 10459c6af81b6b510dd991ab04b8d65f1bab966d0c8Janis Danisevskis AuthorizationSet&& sw_enforced, 1050629810b145187575bc26c910dded0d24c64569dShawn Willden UniquePtr<Key>* key) const { 1062beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden if (!key) 1072beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden return KM_ERROR_OUTPUT_PARAMETER_NULL; 1082beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 1092beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden if (sw_enforced.GetTagCount(TAG_ALGORITHM) == 1) 11059c6af81b6b510dd991ab04b8d65f1bab966d0c8Janis Danisevskis return super::LoadKey(move(key_material), additional_params, move(hw_enforced), 11159c6af81b6b510dd991ab04b8d65f1bab966d0c8Janis Danisevskis move(sw_enforced), key); 1122beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 1132beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden unique_ptr<RSA, RSA_Delete> rsa(engine_->BlobToRsaKey(key_material)); 1142beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden if (!rsa) 1152beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden return KM_ERROR_UNKNOWN_ERROR; 1162beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 1170f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key->reset(new (std::nothrow) 11859c6af81b6b510dd991ab04b8d65f1bab966d0c8Janis Danisevskis RsaKeymaster0Key(rsa.release(), move(hw_enforced), move(sw_enforced), this)); 11959c6af81b6b510dd991ab04b8d65f1bab966d0c8Janis Danisevskis if (!(*key)) 12059c6af81b6b510dd991ab04b8d65f1bab966d0c8Janis Danisevskis return KM_ERROR_MEMORY_ALLOCATION_FAILED; 1212beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 12259c6af81b6b510dd991ab04b8d65f1bab966d0c8Janis Danisevskis (*key)->key_material() = move(key_material); 1232beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden return KM_ERROR_OK; 1242beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden} 1252beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 1262beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden} // namespace keymaster 127