2 * Copyright (C) 2012 Samsung Electronics Co., LTD
3 * Copyright (C) 2012 The Android Open Source Project
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
22 #include <hardware/hardware.h>
23 #include <hardware/keymaster0.h>
25 #include <openssl/evp.h>
26 #include <openssl/bio.h>
27 #include <openssl/rsa.h>
28 #include <openssl/err.h>
29 #include <openssl/x509.h>
31 #include <UniquePtr.h>
33 #define LOG_TAG "ExynosKeyMaster"
34 #include <cutils/log.h>
36 #include <tlcTeeKeymaster_if.h>
38 #define RSA_KEY_BUFFER_SIZE 1536
39 #define RSA_KEY_MAX_SIZE (2048 >> 3)
41 struct BIGNUM_Delete
{
42 void operator()(BIGNUM
* p
) const {
46 typedef UniquePtr
<BIGNUM
, BIGNUM_Delete
> Unique_BIGNUM
;
48 struct EVP_PKEY_Delete
{
49 void operator()(EVP_PKEY
* p
) const {
53 typedef UniquePtr
<EVP_PKEY
, EVP_PKEY_Delete
> Unique_EVP_PKEY
;
55 struct PKCS8_PRIV_KEY_INFO_Delete
{
56 void operator()(PKCS8_PRIV_KEY_INFO
* p
) const {
57 PKCS8_PRIV_KEY_INFO_free(p
);
60 typedef UniquePtr
<PKCS8_PRIV_KEY_INFO
, PKCS8_PRIV_KEY_INFO_Delete
> Unique_PKCS8_PRIV_KEY_INFO
;
63 void operator()(RSA
* p
) const {
67 typedef UniquePtr
<RSA
, RSA_Delete
> Unique_RSA
;
69 typedef UniquePtr
<keymaster0_device_t
> Unique_keymaster0_device_t
;
72 * Many OpenSSL APIs take ownership of an argument on success but don't free the argument
73 * on failure. This means we need to tell our scoped pointers when we've transferred ownership,
74 * without triggering a warning by not using the result of release().
76 #define OWNERSHIP_TRANSFERRED(obj) \
77 typeof (obj.release()) _dummy __attribute__((unused)) = obj.release()
80 * Checks this thread's error queue and logs if necessary.
82 static void logOpenSSLError(const char* location
) {
83 int error
= ERR_get_error();
87 ERR_error_string_n(error
, message
, sizeof(message
));
88 ALOGE("OpenSSL error in %s %d: %s", location
, error
, message
);
95 static int exynos_km_generate_keypair(const keymaster0_device_t
*,
96 const keymaster_keypair_t key_type
, const void* key_params
,
97 uint8_t** keyBlob
, size_t* keyBlobLength
) {
98 teeResult_t ret
= TEE_ERR_NONE
;
100 if (key_type
!= TYPE_RSA
) {
101 ALOGE("Unsupported key type %d", key_type
);
103 } else if (key_params
== NULL
) {
104 ALOGE("key_params == null");
108 keymaster_rsa_keygen_params_t
* rsa_params
= (keymaster_rsa_keygen_params_t
*) key_params
;
110 if ((rsa_params
->modulus_size
!= 512) &&
111 (rsa_params
->modulus_size
!= 1024) &&
112 (rsa_params
->modulus_size
!= 2048)) {
113 ALOGE("key size(%d) is not supported\n", rsa_params
->modulus_size
);
117 UniquePtr
<uint8_t> keyDataPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_BUFFER_SIZE
)));
118 if (keyDataPtr
.get() == NULL
) {
119 ALOGE("memory allocation is failed");
123 ret
= TEE_RSAGenerateKeyPair(TEE_KEYPAIR_RSACRT
, keyDataPtr
.get(), RSA_KEY_BUFFER_SIZE
,
124 rsa_params
->modulus_size
, (uint32_t)rsa_params
->public_exponent
,
125 (uint32_t *)keyBlobLength
);
126 if (ret
!= TEE_ERR_NONE
) {
127 ALOGE("TEE_RSAGenerateKeyPair() is failed: %d", ret
);
131 *keyBlob
= keyDataPtr
.release();
136 static int exynos_km_import_keypair(const keymaster0_device_t
*,
137 const uint8_t* key
, const size_t key_length
,
138 uint8_t** key_blob
, size_t* key_blob_length
) {
139 uint8_t kbuf
[RSA_KEY_BUFFER_SIZE
];
140 teeRsaKeyMeta_t metadata
;
141 uint32_t key_len
= 0;
144 teeResult_t ret
= TEE_ERR_NONE
;
147 ALOGE("input key == NULL");
149 } else if (key_blob
== NULL
|| key_blob_length
== NULL
) {
150 ALOGE("output key blob or length == NULL");
155 Unique_PKCS8_PRIV_KEY_INFO
pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL
, &key
, key_length
));
156 if (pkcs8
.get() == NULL
) {
157 logOpenSSLError("pkcs4.get");
162 Unique_EVP_PKEY
pkey(EVP_PKCS82PKEY(pkcs8
.get()));
163 if (pkey
.get() == NULL
) {
164 logOpenSSLError("pkey.get");
167 OWNERSHIP_TRANSFERRED(pkcs8
);
169 /* change key format */
170 Unique_RSA
rsa(EVP_PKEY_get1_RSA(pkey
.get()));
171 if (rsa
.get() == NULL
) {
172 logOpenSSLError("get rsa key format");
176 if (BN_cmp(rsa
->p
, rsa
->q
) < 0) {
183 rsa
->dmp1
= rsa
->dmq1
;
185 /* calulate inverse of q mod p */
187 if (!BN_mod_inverse(rsa
->iqmp
, rsa
->q
, rsa
->p
, ctx
)) {
188 ALOGE("Calculating inverse of q mod p is failed\n");
195 key_len
+= sizeof(metadata
);
197 metadata
.lenpubmod
= BN_bn2bin(rsa
->n
, kbuf
+ key_len
);
198 key_len
+= metadata
.lenpubmod
;
199 if (metadata
.lenpubmod
== (512 >> 3))
200 metadata
.keysize
= TEE_RSA_KEY_SIZE_512
;
201 else if (metadata
.lenpubmod
== (1024 >> 3))
202 metadata
.keysize
= TEE_RSA_KEY_SIZE_1024
;
203 else if (metadata
.lenpubmod
== (2048 >> 3))
204 metadata
.keysize
= TEE_RSA_KEY_SIZE_2048
;
206 ALOGE("key size(%d) is not supported\n", metadata
.lenpubmod
<< 3);
210 metadata
.lenpubexp
= BN_bn2bin(rsa
->e
, kbuf
+ key_len
);
211 key_len
+= metadata
.lenpubexp
;
213 if ((rsa
->p
!= NULL
) && (rsa
->q
!= NULL
) && (rsa
->dmp1
!= NULL
) &&
214 (rsa
->dmq1
!= NULL
) && (rsa
->iqmp
!= NULL
))
216 metadata
.keytype
= TEE_KEYPAIR_RSACRT
;
217 metadata
.rsacrtpriv
.lenp
= BN_bn2bin(rsa
->p
, kbuf
+ key_len
);
218 key_len
+= metadata
.rsacrtpriv
.lenp
;
219 metadata
.rsacrtpriv
.lenq
= BN_bn2bin(rsa
->q
, kbuf
+ key_len
);
220 key_len
+= metadata
.rsacrtpriv
.lenq
;
221 metadata
.rsacrtpriv
.lendp
= BN_bn2bin(rsa
->dmp1
, kbuf
+ key_len
);
222 key_len
+= metadata
.rsacrtpriv
.lendp
;
223 metadata
.rsacrtpriv
.lendq
= BN_bn2bin(rsa
->dmq1
, kbuf
+ key_len
);
224 key_len
+= metadata
.rsacrtpriv
.lendq
;
225 metadata
.rsacrtpriv
.lenqinv
= BN_bn2bin(rsa
->iqmp
, kbuf
+ key_len
);
226 key_len
+= metadata
.rsacrtpriv
.lenqinv
;
228 metadata
.keytype
= TEE_KEYPAIR_RSA
;
229 metadata
.rsapriv
.lenpriexp
= BN_bn2bin(rsa
->d
, kbuf
+ key_len
);
230 key_len
+= metadata
.rsapriv
.lenpriexp
;
236 memcpy(kbuf
, &metadata
, sizeof(metadata
));
238 UniquePtr
<uint8_t> outPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_BUFFER_SIZE
)));
239 if (outPtr
.get() == NULL
) {
240 ALOGE("memory allocation is failed");
244 *key_blob_length
= RSA_KEY_BUFFER_SIZE
;
246 ret
= TEE_KeyImport(kbuf
, key_len
, outPtr
.get(), (uint32_t *)key_blob_length
);
247 if (ret
!= TEE_ERR_NONE
) {
248 ALOGE("TEE_KeyImport() is failed: %d", ret
);
252 *key_blob
= outPtr
.release();
257 static int exynos_km_get_keypair_public(const struct keymaster0_device
*,
258 const uint8_t* key_blob
, const size_t key_blob_length
,
259 uint8_t** x509_data
, size_t* x509_data_length
) {
260 uint32_t bin_mod_len
;
261 uint32_t bin_exp_len
;
262 teeResult_t ret
= TEE_ERR_NONE
;
264 if (x509_data
== NULL
|| x509_data_length
== NULL
) {
265 ALOGE("output public key buffer == NULL");
269 UniquePtr
<uint8_t> binModPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_MAX_SIZE
)));
270 if (binModPtr
.get() == NULL
) {
271 ALOGE("memory allocation is failed");
275 UniquePtr
<uint8_t> binExpPtr(reinterpret_cast<uint8_t*>(malloc(sizeof(uint32_t))));
276 if (binExpPtr
.get() == NULL
) {
277 ALOGE("memory allocation is failed");
281 bin_mod_len
= RSA_KEY_MAX_SIZE
;
282 bin_exp_len
= sizeof(uint32_t);
284 ret
= TEE_GetPubKey(key_blob
, key_blob_length
, binModPtr
.get(), &bin_mod_len
, binExpPtr
.get(),
286 if (ret
!= TEE_ERR_NONE
) {
287 ALOGE("TEE_GetPubKey() is failed: %d", ret
);
291 Unique_BIGNUM
bn_mod(BN_new());
292 if (bn_mod
.get() == NULL
) {
293 ALOGE("memory allocation is failed");
297 Unique_BIGNUM
bn_exp(BN_new());
298 if (bn_exp
.get() == NULL
) {
299 ALOGE("memory allocation is failed");
303 BN_bin2bn(binModPtr
.get(), bin_mod_len
, bn_mod
.get());
304 BN_bin2bn(binExpPtr
.get(), bin_exp_len
, bn_exp
.get());
307 Unique_RSA
rsa(RSA_new());
308 if (rsa
.get() == NULL
) {
309 logOpenSSLError("rsa.get");
313 RSA
* rsa_tmp
= rsa
.get();
315 rsa_tmp
->n
= bn_mod
.release();
316 rsa_tmp
->e
= bn_exp
.release();
319 Unique_EVP_PKEY
pkey(EVP_PKEY_new());
320 if (pkey
.get() == NULL
) {
321 logOpenSSLError("allocate EVP_PKEY");
325 if (EVP_PKEY_assign_RSA(pkey
.get(), rsa
.get()) == 0) {
326 logOpenSSLError("assing RSA to EVP_PKEY");
329 OWNERSHIP_TRANSFERRED(rsa
);
331 /* change to x.509 format */
332 int len
= i2d_PUBKEY(pkey
.get(), NULL
);
334 logOpenSSLError("i2d_PUBKEY");
338 UniquePtr
<uint8_t> key(static_cast<uint8_t*>(malloc(len
)));
339 if (key
.get() == NULL
) {
340 ALOGE("Could not allocate memory for public key data");
344 unsigned char* tmp
= reinterpret_cast<unsigned char*>(key
.get());
345 if (i2d_PUBKEY(pkey
.get(), &tmp
) != len
) {
346 logOpenSSLError("Compare results");
350 *x509_data_length
= len
;
351 *x509_data
= key
.release();
356 static int exynos_km_sign_data(const keymaster0_device_t
*,
358 const uint8_t* keyBlob
, const size_t keyBlobLength
,
359 const uint8_t* data
, const size_t dataLength
,
360 uint8_t** signedData
, size_t* signedDataLength
) {
361 teeResult_t ret
= TEE_ERR_NONE
;
364 ALOGE("input data to sign == NULL");
366 } else if (signedData
== NULL
|| signedDataLength
== NULL
) {
367 ALOGE("output signature buffer == NULL");
371 keymaster_rsa_sign_params_t
* sign_params
= (keymaster_rsa_sign_params_t
*) params
;
372 if (sign_params
->digest_type
!= DIGEST_NONE
) {
373 ALOGE("Cannot handle digest type %d", sign_params
->digest_type
);
375 } else if (sign_params
->padding_type
!= PADDING_NONE
) {
376 ALOGE("Cannot handle padding type %d", sign_params
->padding_type
);
380 UniquePtr
<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_MAX_SIZE
)));
381 if (signedDataPtr
.get() == NULL
) {
382 ALOGE("memory allocation is failed");
386 *signedDataLength
= RSA_KEY_MAX_SIZE
;
388 /* binder gives us read-only mappings we can't use with mobicore */
389 void *tmpData
= malloc(dataLength
);
390 memcpy(tmpData
, data
, dataLength
);
391 ret
= TEE_RSASign(keyBlob
, keyBlobLength
, (const uint8_t *)tmpData
, dataLength
, signedDataPtr
.get(),
392 (uint32_t *)signedDataLength
, TEE_RSA_NODIGEST_NOPADDING
);
394 if (ret
!= TEE_ERR_NONE
) {
395 ALOGE("TEE_RSASign() is failed: %d", ret
);
399 *signedData
= signedDataPtr
.release();
404 static int exynos_km_verify_data(const keymaster0_device_t
*,
406 const uint8_t* keyBlob
, const size_t keyBlobLength
,
407 const uint8_t* signedData
, const size_t signedDataLength
,
408 const uint8_t* signature
, const size_t signatureLength
) {
410 teeResult_t ret
= TEE_ERR_NONE
;
412 if (signedData
== NULL
|| signature
== NULL
) {
413 ALOGE("data or signature buffers == NULL");
417 keymaster_rsa_sign_params_t
* sign_params
= (keymaster_rsa_sign_params_t
*) params
;
418 if (sign_params
->digest_type
!= DIGEST_NONE
) {
419 ALOGE("Cannot handle digest type %d", sign_params
->digest_type
);
421 } else if (sign_params
->padding_type
!= PADDING_NONE
) {
422 ALOGE("Cannot handle padding type %d", sign_params
->padding_type
);
424 } else if (signatureLength
!= signedDataLength
) {
425 ALOGE("signed data length must be signature length");
429 void *tmpSignedData
= malloc(signedDataLength
);
430 memcpy(tmpSignedData
, signedData
, signedDataLength
);
431 void *tmpSig
= malloc(signatureLength
);
432 memcpy(tmpSig
, signature
, signatureLength
);
433 ret
= TEE_RSAVerify(keyBlob
, keyBlobLength
, (const uint8_t*)tmpSignedData
, signedDataLength
, (const uint8_t *)tmpSig
,
434 signatureLength
, TEE_RSA_NODIGEST_NOPADDING
, &result
);
437 if (ret
!= TEE_ERR_NONE
) {
438 ALOGE("TEE_RSAVerify() is failed: %d", ret
);
442 return (result
== true) ? 0 : -1;
445 /* Close an opened Exynos KM instance */
446 static int exynos_km_close(hw_device_t
*dev
) {
452 * Generic device handling
454 static int exynos_km_open(const hw_module_t
* module
, const char* name
,
455 hw_device_t
** device
) {
456 if (strcmp(name
, KEYSTORE_KEYMASTER
) != 0)
459 Unique_keymaster0_device_t
dev(new keymaster0_device_t
);
460 if (dev
.get() == NULL
)
463 dev
->common
.tag
= HARDWARE_DEVICE_TAG
;
464 dev
->common
.version
= 1;
465 dev
->common
.module
= (struct hw_module_t
*) module
;
466 dev
->common
.close
= exynos_km_close
;
470 dev
->generate_keypair
= exynos_km_generate_keypair
;
471 dev
->import_keypair
= exynos_km_import_keypair
;
472 dev
->get_keypair_public
= exynos_km_get_keypair_public
;
473 dev
->delete_keypair
= NULL
;
474 dev
->delete_all
= NULL
;
475 dev
->sign_data
= exynos_km_sign_data
;
476 dev
->verify_data
= exynos_km_verify_data
;
478 ERR_load_crypto_strings();
479 ERR_load_BIO_strings();
481 *device
= reinterpret_cast<hw_device_t
*>(dev
.release());
486 static struct hw_module_methods_t keystore_module_methods
= {
487 open
: exynos_km_open
,
490 struct keystore_module HAL_MODULE_INFO_SYM
491 __attribute__ ((visibility ("default"))) = {
493 tag
: HARDWARE_MODULE_TAG
,
496 id
: KEYSTORE_HARDWARE_MODULE_ID
,
497 name
: "Keymaster Exynos HAL",
498 author
: "Samsung S.LSI",
499 methods
: &keystore_module_methods
,