ecdsa_operation.cpp 8.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232
  1. /*
  2. * Copyright 2014 The Android Open Source Project
  3. *
  4. * Licensed under the Apache License, Version 2.0 (the "License");
  5. * you may not use this file except in compliance with the License.
  6. * You may obtain a copy of the License at
  7. *
  8. * http://www.apache.org/licenses/LICENSE-2.0
  9. *
  10. * Unless required by applicable law or agreed to in writing, software
  11. * distributed under the License is distributed on an "AS IS" BASIS,
  12. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. * See the License for the specific language governing permissions and
  14. * limitations under the License.
  15. */
  16. #include <keymaster/km_openssl/ecdsa_operation.h>
  17. #include <openssl/ecdsa.h>
  18. #include <keymaster/km_openssl/ec_key.h>
  19. #include <keymaster/km_openssl/openssl_err.h>
  20. #include <keymaster/km_openssl/openssl_utils.h>
  21. namespace keymaster {
  22. static const keymaster_digest_t supported_digests[] = {KM_DIGEST_NONE, KM_DIGEST_SHA1,
  23. KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256,
  24. KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512};
  25. OperationPtr EcdsaOperationFactory::CreateOperation(Key&& key, const AuthorizationSet& begin_params,
  26. keymaster_error_t* error) const {
  27. const EcKey& ecdsa_key = static_cast<EcKey&>(key);
  28. UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
  29. if (!ecdsa_key.InternalToEvp(pkey.get())) {
  30. *error = KM_ERROR_UNKNOWN_ERROR;
  31. return nullptr;
  32. }
  33. keymaster_digest_t digest;
  34. if (!GetAndValidateDigest(begin_params, ecdsa_key, &digest, error)) return nullptr;
  35. *error = KM_ERROR_OK;
  36. auto op = OperationPtr(InstantiateOperation(key.hw_enforced_move(), key.sw_enforced_move(),
  37. digest, pkey.release()));
  38. if (!op) *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
  39. return op;
  40. }
  41. const keymaster_digest_t* EcdsaOperationFactory::SupportedDigests(size_t* digest_count) const {
  42. *digest_count = array_length(supported_digests);
  43. return supported_digests;
  44. }
  45. EcdsaOperation::~EcdsaOperation() {
  46. if (ecdsa_key_ != nullptr)
  47. EVP_PKEY_free(ecdsa_key_);
  48. EVP_MD_CTX_cleanup(&digest_ctx_);
  49. }
  50. keymaster_error_t EcdsaOperation::InitDigest() {
  51. switch (digest_) {
  52. case KM_DIGEST_NONE:
  53. return KM_ERROR_OK;
  54. case KM_DIGEST_MD5:
  55. return KM_ERROR_UNSUPPORTED_DIGEST;
  56. case KM_DIGEST_SHA1:
  57. digest_algorithm_ = EVP_sha1();
  58. return KM_ERROR_OK;
  59. case KM_DIGEST_SHA_2_224:
  60. digest_algorithm_ = EVP_sha224();
  61. return KM_ERROR_OK;
  62. case KM_DIGEST_SHA_2_256:
  63. digest_algorithm_ = EVP_sha256();
  64. return KM_ERROR_OK;
  65. case KM_DIGEST_SHA_2_384:
  66. digest_algorithm_ = EVP_sha384();
  67. return KM_ERROR_OK;
  68. case KM_DIGEST_SHA_2_512:
  69. digest_algorithm_ = EVP_sha512();
  70. return KM_ERROR_OK;
  71. default:
  72. return KM_ERROR_UNSUPPORTED_DIGEST;
  73. }
  74. }
  75. inline size_t min(size_t a, size_t b) {
  76. return (a < b) ? a : b;
  77. }
  78. keymaster_error_t EcdsaOperation::StoreData(const Buffer& input, size_t* input_consumed) {
  79. if (!data_.reserve((EVP_PKEY_bits(ecdsa_key_) + 7) / 8))
  80. return KM_ERROR_MEMORY_ALLOCATION_FAILED;
  81. if (!data_.write(input.peek_read(), min(data_.available_write(), input.available_read())))
  82. return KM_ERROR_UNKNOWN_ERROR;
  83. *input_consumed = input.available_read();
  84. return KM_ERROR_OK;
  85. }
  86. keymaster_error_t EcdsaSignOperation::Begin(const AuthorizationSet& /* input_params */,
  87. AuthorizationSet* /* output_params */) {
  88. auto rc = GenerateRandom(reinterpret_cast<uint8_t*>(&operation_handle_),
  89. (size_t)sizeof(operation_handle_));
  90. if (rc != KM_ERROR_OK) return rc;
  91. keymaster_error_t error = InitDigest();
  92. if (error != KM_ERROR_OK)
  93. return error;
  94. if (digest_ == KM_DIGEST_NONE)
  95. return KM_ERROR_OK;
  96. EVP_PKEY_CTX* pkey_ctx;
  97. if (EVP_DigestSignInit(&digest_ctx_, &pkey_ctx, digest_algorithm_, nullptr /* engine */,
  98. ecdsa_key_) != 1)
  99. return TranslateLastOpenSslError();
  100. return KM_ERROR_OK;
  101. }
  102. keymaster_error_t EcdsaSignOperation::Update(const AuthorizationSet& /* additional_params */,
  103. const Buffer& input,
  104. AuthorizationSet* /* output_params */,
  105. Buffer* /* output */, size_t* input_consumed) {
  106. if (digest_ == KM_DIGEST_NONE)
  107. return StoreData(input, input_consumed);
  108. if (EVP_DigestSignUpdate(&digest_ctx_, input.peek_read(), input.available_read()) != 1)
  109. return TranslateLastOpenSslError();
  110. *input_consumed = input.available_read();
  111. return KM_ERROR_OK;
  112. }
  113. keymaster_error_t EcdsaSignOperation::Finish(const AuthorizationSet& additional_params,
  114. const Buffer& input, const Buffer& /* signature */,
  115. AuthorizationSet* /* output_params */,
  116. Buffer* output) {
  117. if (!output)
  118. return KM_ERROR_OUTPUT_PARAMETER_NULL;
  119. keymaster_error_t error = UpdateForFinish(additional_params, input);
  120. if (error != KM_ERROR_OK)
  121. return error;
  122. size_t siglen;
  123. if (digest_ == KM_DIGEST_NONE) {
  124. UniquePtr<EC_KEY, EC_KEY_Delete> ecdsa(EVP_PKEY_get1_EC_KEY(ecdsa_key_));
  125. if (!ecdsa.get())
  126. return TranslateLastOpenSslError();
  127. output->Reinitialize(ECDSA_size(ecdsa.get()));
  128. unsigned int siglen_tmp;
  129. if (!ECDSA_sign(0 /* type -- ignored */, data_.peek_read(), data_.available_read(),
  130. output->peek_write(), &siglen_tmp, ecdsa.get()))
  131. return TranslateLastOpenSslError();
  132. siglen = siglen_tmp;
  133. } else {
  134. if (EVP_DigestSignFinal(&digest_ctx_, nullptr /* signature */, &siglen) != 1)
  135. return TranslateLastOpenSslError();
  136. if (!output->Reinitialize(siglen))
  137. return KM_ERROR_MEMORY_ALLOCATION_FAILED;
  138. if (EVP_DigestSignFinal(&digest_ctx_, output->peek_write(), &siglen) <= 0)
  139. return TranslateLastOpenSslError();
  140. }
  141. if (!output->advance_write(siglen))
  142. return KM_ERROR_UNKNOWN_ERROR;
  143. return KM_ERROR_OK;
  144. }
  145. keymaster_error_t EcdsaVerifyOperation::Begin(const AuthorizationSet& /* input_params */,
  146. AuthorizationSet* /* output_params */) {
  147. auto rc = GenerateRandom(reinterpret_cast<uint8_t*>(&operation_handle_),
  148. (size_t)sizeof(operation_handle_));
  149. if (rc != KM_ERROR_OK) return rc;
  150. keymaster_error_t error = InitDigest();
  151. if (error != KM_ERROR_OK)
  152. return error;
  153. if (digest_ == KM_DIGEST_NONE)
  154. return KM_ERROR_OK;
  155. EVP_PKEY_CTX* pkey_ctx;
  156. if (EVP_DigestVerifyInit(&digest_ctx_, &pkey_ctx, digest_algorithm_, nullptr /* engine */,
  157. ecdsa_key_) != 1)
  158. return TranslateLastOpenSslError();
  159. return KM_ERROR_OK;
  160. }
  161. keymaster_error_t EcdsaVerifyOperation::Update(const AuthorizationSet& /* additional_params */,
  162. const Buffer& input,
  163. AuthorizationSet* /* output_params */,
  164. Buffer* /* output */, size_t* input_consumed) {
  165. if (digest_ == KM_DIGEST_NONE)
  166. return StoreData(input, input_consumed);
  167. if (EVP_DigestVerifyUpdate(&digest_ctx_, input.peek_read(), input.available_read()) != 1)
  168. return TranslateLastOpenSslError();
  169. *input_consumed = input.available_read();
  170. return KM_ERROR_OK;
  171. }
  172. keymaster_error_t EcdsaVerifyOperation::Finish(const AuthorizationSet& additional_params,
  173. const Buffer& input, const Buffer& signature,
  174. AuthorizationSet* /* output_params */,
  175. Buffer* /* output */) {
  176. keymaster_error_t error = UpdateForFinish(additional_params, input);
  177. if (error != KM_ERROR_OK)
  178. return error;
  179. if (digest_ == KM_DIGEST_NONE) {
  180. UniquePtr<EC_KEY, EC_KEY_Delete> ecdsa(EVP_PKEY_get1_EC_KEY(ecdsa_key_));
  181. if (!ecdsa.get())
  182. return TranslateLastOpenSslError();
  183. int result =
  184. ECDSA_verify(0 /* type -- ignored */, data_.peek_read(), data_.available_read(),
  185. signature.peek_read(), signature.available_read(), ecdsa.get());
  186. if (result < 0)
  187. return TranslateLastOpenSslError();
  188. else if (result == 0)
  189. return KM_ERROR_VERIFICATION_FAILED;
  190. } else if (!EVP_DigestVerifyFinal(&digest_ctx_, signature.peek_read(),
  191. signature.available_read()))
  192. return KM_ERROR_VERIFICATION_FAILED;
  193. return KM_ERROR_OK;
  194. }
  195. } // namespace keymaster