2013-06-27 18:14:46 +02:00
|
|
|
/*
|
|
|
|
* Copyright 2012 The Android Open Source Project
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
|
|
|
|
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
|
|
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
|
|
|
|
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
|
|
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2013-09-11 23:38:56 +02:00
|
|
|
#include <UniquePtr.h>
|
2013-06-27 18:14:46 +02:00
|
|
|
|
|
|
|
//#define LOG_NDEBUG 0
|
|
|
|
#define LOG_TAG "OpenSSL-keystore-rsa"
|
|
|
|
#include <cutils/log.h>
|
|
|
|
|
|
|
|
#include <binder/IServiceManager.h>
|
|
|
|
#include <keystore/IKeystoreService.h>
|
|
|
|
|
|
|
|
#include <openssl/rsa.h>
|
|
|
|
#include <openssl/engine.h>
|
|
|
|
|
|
|
|
#include "methods.h"
|
|
|
|
|
|
|
|
|
|
|
|
using namespace android;
|
|
|
|
|
|
|
|
|
|
|
|
int keystore_rsa_priv_enc(int flen, const unsigned char* from, unsigned char* to, RSA* rsa,
|
|
|
|
int padding) {
|
|
|
|
ALOGV("keystore_rsa_priv_enc(%d, %p, %p, %p, %d)", flen, from, to, rsa, padding);
|
|
|
|
|
|
|
|
int num = RSA_size(rsa);
|
|
|
|
UniquePtr<uint8_t> padded(new uint8_t[num]);
|
|
|
|
if (padded.get() == NULL) {
|
|
|
|
ALOGE("could not allocate padded signature");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (padding) {
|
|
|
|
case RSA_PKCS1_PADDING:
|
|
|
|
if (!RSA_padding_add_PKCS1_type_1(padded.get(), num, from, flen)) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case RSA_X931_PADDING:
|
|
|
|
if (!RSA_padding_add_X931(padded.get(), num, from, flen)) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case RSA_NO_PADDING:
|
|
|
|
if (!RSA_padding_add_none(padded.get(), num, from, flen)) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
ALOGE("Unknown padding type: %d", padding);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
uint8_t* key_id = reinterpret_cast<uint8_t*>(RSA_get_ex_data(rsa, rsa_key_handle));
|
|
|
|
if (key_id == NULL) {
|
|
|
|
ALOGE("key had no key_id!");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
sp<IServiceManager> sm = defaultServiceManager();
|
|
|
|
sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
|
|
|
|
sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
|
|
|
|
|
|
|
|
if (service == NULL) {
|
|
|
|
ALOGE("could not contact keystore");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
uint8_t* reply = NULL;
|
|
|
|
size_t replyLen;
|
|
|
|
int32_t ret = service->sign(String16(reinterpret_cast<const char*>(key_id)), padded.get(),
|
|
|
|
num, &reply, &replyLen);
|
|
|
|
if (ret < 0) {
|
|
|
|
ALOGW("There was an error during signing: could not connect");
|
|
|
|
free(reply);
|
|
|
|
return 0;
|
|
|
|
} else if (ret != 0) {
|
|
|
|
ALOGW("Error during signing from keystore: %d", ret);
|
|
|
|
free(reply);
|
|
|
|
return 0;
|
|
|
|
} else if (replyLen <= 0) {
|
|
|
|
ALOGW("No valid signature returned");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(to, reply, replyLen);
|
|
|
|
free(reply);
|
|
|
|
|
|
|
|
ALOGV("rsa=%p keystore_rsa_priv_enc => returning %p len %llu", rsa, to,
|
|
|
|
(unsigned long long) replyLen);
|
|
|
|
return static_cast<int>(replyLen);
|
|
|
|
}
|
|
|
|
|
|
|
|
int keystore_rsa_priv_dec(int flen, const unsigned char* from, unsigned char* to, RSA* rsa,
|
|
|
|
int padding) {
|
|
|
|
ALOGV("keystore_rsa_priv_dec(%d, %p, %p, %p, %d)", flen, from, to, rsa, padding);
|
|
|
|
|
|
|
|
uint8_t* key_id = reinterpret_cast<uint8_t*>(RSA_get_ex_data(rsa, rsa_key_handle));
|
|
|
|
if (key_id == NULL) {
|
|
|
|
ALOGE("key had no key_id!");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
sp<IServiceManager> sm = defaultServiceManager();
|
|
|
|
sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
|
|
|
|
sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
|
|
|
|
|
|
|
|
if (service == NULL) {
|
|
|
|
ALOGE("could not contact keystore");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int num = RSA_size(rsa);
|
|
|
|
|
|
|
|
uint8_t* reply = NULL;
|
|
|
|
size_t replyLen;
|
|
|
|
int32_t ret = service->sign(String16(reinterpret_cast<const char*>(key_id)), from,
|
|
|
|
flen, &reply, &replyLen);
|
|
|
|
if (ret < 0) {
|
|
|
|
ALOGW("There was an error during rsa_mod_exp: could not connect");
|
|
|
|
return 0;
|
|
|
|
} else if (ret != 0) {
|
|
|
|
ALOGW("Error during sign from keystore: %d", ret);
|
|
|
|
return 0;
|
|
|
|
} else if (replyLen <= 0) {
|
|
|
|
ALOGW("No valid signature returned");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Trim off the top zero if it's there */
|
|
|
|
uint8_t* alignedReply;
|
|
|
|
if (*reply == 0x00) {
|
|
|
|
alignedReply = reply + 1;
|
|
|
|
replyLen--;
|
|
|
|
} else {
|
|
|
|
alignedReply = reply;
|
|
|
|
}
|
|
|
|
|
|
|
|
int outSize;
|
|
|
|
switch (padding) {
|
|
|
|
case RSA_PKCS1_PADDING:
|
|
|
|
outSize = RSA_padding_check_PKCS1_type_2(to, num, alignedReply, replyLen, num);
|
|
|
|
break;
|
|
|
|
case RSA_X931_PADDING:
|
|
|
|
outSize = RSA_padding_check_X931(to, num, alignedReply, replyLen, num);
|
|
|
|
break;
|
|
|
|
case RSA_NO_PADDING:
|
|
|
|
outSize = RSA_padding_check_none(to, num, alignedReply, replyLen, num);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
ALOGE("Unknown padding type: %d", padding);
|
|
|
|
outSize = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
free(reply);
|
|
|
|
|
2014-02-07 05:38:48 +01:00
|
|
|
ALOGV("rsa=%p keystore_rsa_priv_dec => returning %p len %d", rsa, to, outSize);
|
2013-06-27 18:14:46 +02:00
|
|
|
return outSize;
|
|
|
|
}
|
|
|
|
|
|
|
|
static RSA_METHOD keystore_rsa_meth = {
|
|
|
|
kKeystoreEngineId,
|
|
|
|
NULL, /* rsa_pub_enc (wrap) */
|
|
|
|
NULL, /* rsa_pub_dec (verification) */
|
|
|
|
keystore_rsa_priv_enc, /* rsa_priv_enc (signing) */
|
|
|
|
keystore_rsa_priv_dec, /* rsa_priv_dec (unwrap) */
|
|
|
|
NULL, /* rsa_mod_exp */
|
|
|
|
NULL, /* bn_mod_exp */
|
|
|
|
NULL, /* init */
|
|
|
|
NULL, /* finish */
|
|
|
|
RSA_FLAG_EXT_PKEY | RSA_FLAG_NO_BLINDING, /* flags */
|
|
|
|
NULL, /* app_data */
|
|
|
|
NULL, /* rsa_sign */
|
|
|
|
NULL, /* rsa_verify */
|
|
|
|
NULL, /* rsa_keygen */
|
|
|
|
};
|
|
|
|
|
|
|
|
static int register_rsa_methods() {
|
|
|
|
const RSA_METHOD* rsa_meth = RSA_PKCS1_SSLeay();
|
|
|
|
|
|
|
|
keystore_rsa_meth.rsa_pub_enc = rsa_meth->rsa_pub_enc;
|
|
|
|
keystore_rsa_meth.rsa_pub_dec = rsa_meth->rsa_pub_dec;
|
|
|
|
keystore_rsa_meth.rsa_mod_exp = rsa_meth->rsa_mod_exp;
|
|
|
|
keystore_rsa_meth.bn_mod_exp = rsa_meth->bn_mod_exp;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int rsa_pkey_setup(ENGINE *e, EVP_PKEY *pkey, const char *key_id) {
|
|
|
|
Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
|
|
|
|
if (!RSA_set_ex_data(rsa.get(), rsa_key_handle, reinterpret_cast<void*>(strdup(key_id)))) {
|
|
|
|
ALOGW("Could not set ex_data for loaded RSA key");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
RSA_set_method(rsa.get(), &keystore_rsa_meth);
|
|
|
|
RSA_blinding_off(rsa.get());
|
|
|
|
|
|
|
|
/*
|
2013-08-16 23:02:41 +02:00
|
|
|
* "RSA_set_ENGINE()" should probably be an OpenSSL API. Since it isn't,
|
|
|
|
* and EVP_PKEY_free() calls ENGINE_finish(), we need to call ENGINE_init()
|
|
|
|
* here.
|
2013-06-27 18:14:46 +02:00
|
|
|
*/
|
|
|
|
ENGINE_init(e);
|
|
|
|
rsa->engine = e;
|
|
|
|
rsa->flags |= RSA_FLAG_EXT_PKEY;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int rsa_register(ENGINE* e) {
|
|
|
|
if (!ENGINE_set_RSA(e, &keystore_rsa_meth)
|
|
|
|
|| !register_rsa_methods()) {
|
|
|
|
ALOGE("Could not set up keystore RSA methods");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|