2 * Copyright (C) 2012 Samsung Electronics Co., LTD
3 * Copyright (C) 2012 The Android Open Source Project
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
22 #include <hardware/hardware.h>
23 #include <hardware/keymaster0.h>
25 #include <openssl/evp.h>
26 #include <openssl/bio.h>
27 #include <openssl/rsa.h>
28 #include <openssl/err.h>
29 #include <openssl/x509.h>
31 #include <UniquePtr.h>
33 #define LOG_TAG "ExynosKeyMaster"
34 #include <cutils/log.h>
36 #include <tlcTeeKeymaster_if.h>
38 #define RSA_KEY_BUFFER_SIZE 1536
39 #define RSA_KEY_MAX_SIZE (2048 >> 3)
41 struct BIGNUM_Delete
{
42 void operator()(BIGNUM
* p
) const {
46 typedef UniquePtr
<BIGNUM
, BIGNUM_Delete
> Unique_BIGNUM
;
48 struct EVP_PKEY_Delete
{
49 void operator()(EVP_PKEY
* p
) const {
53 typedef UniquePtr
<EVP_PKEY
, EVP_PKEY_Delete
> Unique_EVP_PKEY
;
55 struct PKCS8_PRIV_KEY_INFO_Delete
{
56 void operator()(PKCS8_PRIV_KEY_INFO
* p
) const {
57 PKCS8_PRIV_KEY_INFO_free(p
);
60 typedef UniquePtr
<PKCS8_PRIV_KEY_INFO
, PKCS8_PRIV_KEY_INFO_Delete
> Unique_PKCS8_PRIV_KEY_INFO
;
63 void operator()(RSA
* p
) const {
67 typedef UniquePtr
<RSA
, RSA_Delete
> Unique_RSA
;
69 typedef UniquePtr
<keymaster0_device_t
> Unique_keymaster0_device_t
;
72 * Many OpenSSL APIs take ownership of an argument on success but don't free the argument
73 * on failure. This means we need to tell our scoped pointers when we've transferred ownership,
74 * without triggering a warning by not using the result of release().
76 #define OWNERSHIP_TRANSFERRED(obj) \
77 typeof (obj.release()) _dummy __attribute__((unused)) = obj.release()
80 * Checks this thread's error queue and logs if necessary.
82 static void logOpenSSLError(const char* location
) {
83 int error
= ERR_get_error();
87 ERR_error_string_n(error
, message
, sizeof(message
));
88 ALOGE("OpenSSL error in %s %d: %s", location
, error
, message
);
95 static int exynos_km_generate_keypair(const keymaster0_device_t
* dev
,
96 const keymaster_keypair_t key_type
, const void* key_params
,
97 uint8_t** keyBlob
, size_t* keyBlobLength
) {
98 teeResult_t ret
= TEE_ERR_NONE
;
100 if (key_type
!= TYPE_RSA
) {
101 ALOGE("Unsupported key type %d", key_type
);
103 } else if (key_params
== NULL
) {
104 ALOGE("key_params == null");
108 keymaster_rsa_keygen_params_t
* rsa_params
= (keymaster_rsa_keygen_params_t
*) key_params
;
110 if ((rsa_params
->modulus_size
!= 512) &&
111 (rsa_params
->modulus_size
!= 1024) &&
112 (rsa_params
->modulus_size
!= 2048)) {
113 ALOGE("key size(%d) is not supported\n", rsa_params
->modulus_size
);
117 UniquePtr
<uint8_t> keyDataPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_BUFFER_SIZE
)));
118 if (keyDataPtr
.get() == NULL
) {
119 ALOGE("memory allocation is failed");
123 ret
= TEE_RSAGenerateKeyPair(TEE_KEYPAIR_RSACRT
, keyDataPtr
.get(), RSA_KEY_BUFFER_SIZE
,
124 rsa_params
->modulus_size
, (uint32_t)rsa_params
->public_exponent
,
126 if (ret
!= TEE_ERR_NONE
) {
127 ALOGE("TEE_RSAGenerateKeyPair() is failed: %d", ret
);
131 *keyBlob
= keyDataPtr
.release();
136 static int exynos_km_import_keypair(const keymaster0_device_t
* dev
,
137 const uint8_t* key
, const size_t key_length
,
138 uint8_t** key_blob
, size_t* key_blob_length
) {
139 uint8_t kbuf
[RSA_KEY_BUFFER_SIZE
];
140 teeRsaKeyMeta_t metadata
;
141 uint32_t key_len
= 0;
142 teeResult_t ret
= TEE_ERR_NONE
;
145 ALOGE("input key == NULL");
147 } else if (key_blob
== NULL
|| key_blob_length
== NULL
) {
148 ALOGE("output key blob or length == NULL");
153 Unique_PKCS8_PRIV_KEY_INFO
pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL
, &key
, key_length
));
154 if (pkcs8
.get() == NULL
) {
155 logOpenSSLError("pkcs4.get");
160 Unique_EVP_PKEY
pkey(EVP_PKCS82PKEY(pkcs8
.get()));
161 if (pkey
.get() == NULL
) {
162 logOpenSSLError("pkey.get");
165 OWNERSHIP_TRANSFERRED(pkcs8
);
167 /* change key format */
168 Unique_RSA
rsa(EVP_PKEY_get1_RSA(pkey
.get()));
169 if (rsa
.get() == NULL
) {
170 logOpenSSLError("get rsa key format");
174 key_len
+= sizeof(metadata
);
176 metadata
.lenpubmod
= BN_bn2bin(rsa
->n
, kbuf
+ key_len
);
177 key_len
+= metadata
.lenpubmod
;
178 if (metadata
.lenpubmod
== (512 >> 3))
179 metadata
.keysize
= TEE_RSA_KEY_SIZE_512
;
180 else if (metadata
.lenpubmod
== (1024 >> 3))
181 metadata
.keysize
= TEE_RSA_KEY_SIZE_1024
;
182 else if (metadata
.lenpubmod
== (2048 >> 3))
183 metadata
.keysize
= TEE_RSA_KEY_SIZE_2048
;
185 ALOGE("key size(%d) is not supported\n", metadata
.lenpubmod
<< 3);
189 metadata
.lenpubexp
= BN_bn2bin(rsa
->e
, kbuf
+ key_len
);
190 key_len
+= metadata
.lenpubexp
;
192 if ((rsa
->p
!= NULL
) && (rsa
->q
!= NULL
) && (rsa
->dmp1
!= NULL
) &&
193 (rsa
->dmq1
!= NULL
) && (rsa
->iqmp
!= NULL
))
195 metadata
.keytype
= TEE_KEYPAIR_RSACRT
;
196 metadata
.rsacrtpriv
.lenp
= BN_bn2bin(rsa
->p
, kbuf
+ key_len
);
197 key_len
+= metadata
.rsacrtpriv
.lenp
;
198 metadata
.rsacrtpriv
.lenq
= BN_bn2bin(rsa
->q
, kbuf
+ key_len
);
199 key_len
+= metadata
.rsacrtpriv
.lenq
;
200 metadata
.rsacrtpriv
.lendp
= BN_bn2bin(rsa
->dmp1
, kbuf
+ key_len
);
201 key_len
+= metadata
.rsacrtpriv
.lendp
;
202 metadata
.rsacrtpriv
.lendq
= BN_bn2bin(rsa
->dmq1
, kbuf
+ key_len
);
203 key_len
+= metadata
.rsacrtpriv
.lendq
;
204 metadata
.rsacrtpriv
.lenqinv
= BN_bn2bin(rsa
->iqmp
, kbuf
+ key_len
);
205 key_len
+= metadata
.rsacrtpriv
.lenqinv
;
207 metadata
.keytype
= TEE_KEYPAIR_RSA
;
208 metadata
.rsapriv
.lenpriexp
= BN_bn2bin(rsa
->p
, kbuf
+ key_len
);
209 key_len
+= metadata
.rsapriv
.lenprimod
;
211 memcpy(kbuf
, &metadata
, sizeof(metadata
));
213 UniquePtr
<uint8_t> outPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_BUFFER_SIZE
)));
214 if (outPtr
.get() == NULL
) {
215 ALOGE("memory allocation is failed");
219 *key_blob_length
= RSA_KEY_BUFFER_SIZE
;
221 ret
= TEE_KeyImport(kbuf
, key_len
, outPtr
.get(), key_blob_length
);
222 if (ret
!= TEE_ERR_NONE
) {
223 ALOGE("TEE_KeyImport() is failed: %d", ret
);
227 *key_blob
= outPtr
.release();
232 static int exynos_km_get_keypair_public(const struct keymaster0_device
* dev
,
233 const uint8_t* key_blob
, const size_t key_blob_length
,
234 uint8_t** x509_data
, size_t* x509_data_length
) {
235 uint32_t bin_mod_len
;
236 uint32_t bin_exp_len
;
237 teeResult_t ret
= TEE_ERR_NONE
;
239 if (x509_data
== NULL
|| x509_data_length
== NULL
) {
240 ALOGE("output public key buffer == NULL");
244 UniquePtr
<uint8_t> binModPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_MAX_SIZE
)));
245 if (binModPtr
.get() == NULL
) {
246 ALOGE("memory allocation is failed");
250 UniquePtr
<uint8_t> binExpPtr(reinterpret_cast<uint8_t*>(malloc(sizeof(uint32_t))));
251 if (binExpPtr
.get() == NULL
) {
252 ALOGE("memory allocation is failed");
256 bin_mod_len
= RSA_KEY_MAX_SIZE
;
257 bin_exp_len
= sizeof(uint32_t);
259 ret
= TEE_GetPubKey(key_blob
, key_blob_length
, binModPtr
.get(), &bin_mod_len
, binExpPtr
.get(),
261 if (ret
!= TEE_ERR_NONE
) {
262 ALOGE("TEE_GetPubKey() is failed: %d", ret
);
266 Unique_BIGNUM
bn_mod(BN_new());
267 if (bn_mod
.get() == NULL
) {
268 ALOGE("memory allocation is failed");
272 Unique_BIGNUM
bn_exp(BN_new());
273 if (bn_exp
.get() == NULL
) {
274 ALOGE("memory allocation is failed");
278 BN_bin2bn(binModPtr
.get(), bin_mod_len
, bn_mod
.get());
279 BN_bin2bn(binExpPtr
.get(), bin_exp_len
, bn_exp
.get());
282 Unique_RSA
rsa(RSA_new());
283 if (rsa
.get() == NULL
) {
284 logOpenSSLError("rsa.get");
288 RSA
* rsa_tmp
= rsa
.get();
290 rsa_tmp
->n
= bn_mod
.release();
291 rsa_tmp
->e
= bn_exp
.release();
294 Unique_EVP_PKEY
pkey(EVP_PKEY_new());
295 if (pkey
.get() == NULL
) {
296 logOpenSSLError("allocate EVP_PKEY");
300 if (EVP_PKEY_assign_RSA(pkey
.get(), rsa
.get()) == 0) {
301 logOpenSSLError("assing RSA to EVP_PKEY");
304 OWNERSHIP_TRANSFERRED(rsa
);
306 /* change to x.509 format */
307 int len
= i2d_PUBKEY(pkey
.get(), NULL
);
309 logOpenSSLError("i2d_PUBKEY");
313 UniquePtr
<uint8_t> key(static_cast<uint8_t*>(malloc(len
)));
314 if (key
.get() == NULL
) {
315 ALOGE("Could not allocate memory for public key data");
319 unsigned char* tmp
= reinterpret_cast<unsigned char*>(key
.get());
320 if (i2d_PUBKEY(pkey
.get(), &tmp
) != len
) {
321 logOpenSSLError("Compare results");
325 *x509_data_length
= len
;
326 *x509_data
= key
.release();
331 static int exynos_km_sign_data(const keymaster0_device_t
* dev
,
333 const uint8_t* keyBlob
, const size_t keyBlobLength
,
334 const uint8_t* data
, const size_t dataLength
,
335 uint8_t** signedData
, size_t* signedDataLength
) {
336 teeResult_t ret
= TEE_ERR_NONE
;
339 ALOGE("input data to sign == NULL");
341 } else if (signedData
== NULL
|| signedDataLength
== NULL
) {
342 ALOGE("output signature buffer == NULL");
346 keymaster_rsa_sign_params_t
* sign_params
= (keymaster_rsa_sign_params_t
*) params
;
347 if (sign_params
->digest_type
!= DIGEST_NONE
) {
348 ALOGE("Cannot handle digest type %d", sign_params
->digest_type
);
350 } else if (sign_params
->padding_type
!= PADDING_NONE
) {
351 ALOGE("Cannot handle padding type %d", sign_params
->padding_type
);
355 UniquePtr
<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(RSA_KEY_MAX_SIZE
)));
356 if (signedDataPtr
.get() == NULL
) {
357 ALOGE("memory allocation is failed");
361 *signedDataLength
= RSA_KEY_MAX_SIZE
;
363 /* binder gives us read-only mappings we can't use with mobicore */
364 void *tmpData
= malloc(dataLength
);
365 memcpy(tmpData
, data
, dataLength
);
366 ret
= TEE_RSASign(keyBlob
, keyBlobLength
, (const uint8_t *)tmpData
, dataLength
, signedDataPtr
.get(),
367 signedDataLength
, TEE_RSA_NODIGEST_NOPADDING
);
369 if (ret
!= TEE_ERR_NONE
) {
370 ALOGE("TEE_RSASign() is failed: %d", ret
);
374 *signedData
= signedDataPtr
.release();
379 static int exynos_km_verify_data(const keymaster0_device_t
* dev
,
381 const uint8_t* keyBlob
, const size_t keyBlobLength
,
382 const uint8_t* signedData
, const size_t signedDataLength
,
383 const uint8_t* signature
, const size_t signatureLength
) {
385 teeResult_t ret
= TEE_ERR_NONE
;
387 if (signedData
== NULL
|| signature
== NULL
) {
388 ALOGE("data or signature buffers == NULL");
392 keymaster_rsa_sign_params_t
* sign_params
= (keymaster_rsa_sign_params_t
*) params
;
393 if (sign_params
->digest_type
!= DIGEST_NONE
) {
394 ALOGE("Cannot handle digest type %d", sign_params
->digest_type
);
396 } else if (sign_params
->padding_type
!= PADDING_NONE
) {
397 ALOGE("Cannot handle padding type %d", sign_params
->padding_type
);
399 } else if (signatureLength
!= signedDataLength
) {
400 ALOGE("signed data length must be signature length");
404 void *tmpSignedData
= malloc(signedDataLength
);
405 memcpy(tmpSignedData
, signedData
, signedDataLength
);
406 void *tmpSig
= malloc(signatureLength
);
407 memcpy(tmpSig
, signature
, signatureLength
);
408 ret
= TEE_RSAVerify(keyBlob
, keyBlobLength
, (const uint8_t*)tmpSignedData
, signedDataLength
, (const uint8_t *)tmpSig
,
409 signatureLength
, TEE_RSA_NODIGEST_NOPADDING
, &result
);
412 if (ret
!= TEE_ERR_NONE
) {
413 ALOGE("TEE_RSAVerify() is failed: %d", ret
);
417 return (result
== true) ? 0 : -1;
420 /* Close an opened Exynos KM instance */
421 static int exynos_km_close(hw_device_t
*dev
) {
427 * Generic device handling
429 static int exynos_km_open(const hw_module_t
* module
, const char* name
,
430 hw_device_t
** device
) {
431 if (strcmp(name
, KEYSTORE_KEYMASTER
) != 0)
434 Unique_keymaster0_device_t
dev(new keymaster0_device_t
);
435 if (dev
.get() == NULL
)
438 dev
->common
.tag
= HARDWARE_DEVICE_TAG
;
439 dev
->common
.version
= 1;
440 dev
->common
.module
= (struct hw_module_t
*) module
;
441 dev
->common
.close
= exynos_km_close
;
445 dev
->generate_keypair
= exynos_km_generate_keypair
;
446 dev
->import_keypair
= exynos_km_import_keypair
;
447 dev
->get_keypair_public
= exynos_km_get_keypair_public
;
448 dev
->delete_keypair
= NULL
;
449 dev
->delete_all
= NULL
;
450 dev
->sign_data
= exynos_km_sign_data
;
451 dev
->verify_data
= exynos_km_verify_data
;
453 ERR_load_crypto_strings();
454 ERR_load_BIO_strings();
456 *device
= reinterpret_cast<hw_device_t
*>(dev
.release());
461 static struct hw_module_methods_t keystore_module_methods
= {
462 open
: exynos_km_open
,
465 struct keystore_module HAL_MODULE_INFO_SYM
466 __attribute__ ((visibility ("default"))) = {
468 tag
: HARDWARE_MODULE_TAG
,
471 id
: KEYSTORE_HARDWARE_MODULE_ID
,
472 name
: "Keymaster Exynos HAL",
473 author
: "Samsung S.LSI",
474 methods
: &keystore_module_methods
,