Finish key import implementation.
This is the last bit of GoogleKeymaster that remained incomplete (for
the v0.3 functionality).
Change-Id: I27be52ae032883c004b2df21f0c7b229af512922
diff --git a/asymmetric_key.cpp b/asymmetric_key.cpp
index 297fb38..a06515b 100644
--- a/asymmetric_key.cpp
+++ b/asymmetric_key.cpp
@@ -333,6 +333,95 @@
return new_key;
}
+template <keymaster_tag_t T>
+keymaster_error_t GetOrCheckDsaParam(TypedTag<KM_BIGNUM, T> tag, BIGNUM* bn,
+ AuthorizationSet* auths) {
+ keymaster_blob_t blob;
+ if (auths->GetTagValue(tag, &blob)) {
+ // value specified, make sure it matches
+ UniquePtr<BIGNUM, BIGNUM_Delete> extracted_bn(BN_bin2bn(blob.data, blob.data_length, NULL));
+ if (extracted_bn.get() == NULL)
+ return KM_ERROR_MEMORY_ALLOCATION_FAILED;
+ if (BN_cmp(extracted_bn.get(), bn) != 0)
+ return KM_ERROR_IMPORT_PARAMETER_MISMATCH;
+ } else {
+ // value not specified, add it
+ UniquePtr<uint8_t[]> data(new uint8_t[BN_num_bytes(bn)]);
+ BN_bn2bin(bn, data.get());
+ auths->push_back(tag, data.get(), BN_num_bytes(bn));
+ }
+ return KM_ERROR_OK;
+}
+
+/* static */
+size_t DsaKey::key_size_bits(DSA* dsa_key) {
+ // Openssl provides no convenient way to get a DSA key size, but dsa_key->p is L bits long.
+ // There may be some leading zeros that mess up this calculation, but DSA key sizes are also
+ // constrained to be multiples of 64 bits. So the key size is the bit length of p rounded up to
+ // the nearest 64.
+ return ((BN_num_bytes(dsa_key->p) * 8) + 63) / 64 * 64;
+}
+
+/* static */
+DsaKey* DsaKey::ImportKey(const AuthorizationSet& key_description, EVP_PKEY* pkey,
+ const Logger& logger, keymaster_error_t* error) {
+ if (!error)
+ return NULL;
+ *error = KM_ERROR_UNKNOWN_ERROR;
+
+ UniquePtr<DSA, DSA_Delete> dsa_key(EVP_PKEY_get1_DSA(pkey));
+ if (!dsa_key.get())
+ return NULL;
+
+ AuthorizationSet authorizations(key_description);
+
+ *error = GetOrCheckDsaParam(TAG_DSA_GENERATOR, dsa_key->g, &authorizations);
+ if (*error != KM_ERROR_OK)
+ return NULL;
+
+ *error = GetOrCheckDsaParam(TAG_DSA_P, dsa_key->p, &authorizations);
+ if (*error != KM_ERROR_OK)
+ return NULL;
+
+ *error = GetOrCheckDsaParam(TAG_DSA_Q, dsa_key->q, &authorizations);
+ if (*error != KM_ERROR_OK)
+ return NULL;
+
+ // There's no convenient way to get a DSA key size, but dsa_key->p is L bits long. There may be
+ // some leading zeros that mess up this calculation, but DSA key sizes are also constrained to
+ // be multiples of 64 bits. So the bit length of p, rounded up to the nearest 64 bits, is the
+ // key size.
+ uint32_t extracted_key_size_bits = ((BN_num_bytes(dsa_key->p) * 8) + 63) / 64 * 64;
+
+ uint32_t key_size_bits;
+ if (authorizations.GetTagValue(TAG_KEY_SIZE, &key_size_bits)) {
+ // key_size_bits specified, make sure it matches the key.
+ if (key_size_bits != extracted_key_size_bits) {
+ *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
+ return NULL;
+ }
+ } else {
+ // key_size_bits not specified, add it.
+ authorizations.push_back(TAG_KEY_SIZE, extracted_key_size_bits);
+ }
+
+ keymaster_algorithm_t algorithm;
+ if (authorizations.GetTagValue(TAG_ALGORITHM, &algorithm)) {
+ if (algorithm != KM_ALGORITHM_DSA) {
+ *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
+ return NULL;
+ }
+ } else {
+ authorizations.push_back(TAG_ALGORITHM, KM_ALGORITHM_DSA);
+ }
+
+ // Don't bother with the other parameters. If the necessary padding, digest, purpose, etc. are
+ // missing, the error will be diagnosed when the key is used (when auth checking is
+ // implemented).
+ *error = KM_ERROR_OK;
+ return new DsaKey(dsa_key.release(), authorizations, logger);
+}
+
DsaKey::DsaKey(const KeyBlob& blob, const Logger& logger, keymaster_error_t* error)
: AsymmetricKey(blob, logger) {
if (error)
@@ -407,6 +496,53 @@
}
/* static */
+EcdsaKey* EcdsaKey::ImportKey(const AuthorizationSet& key_description, EVP_PKEY* pkey,
+ const Logger& logger, keymaster_error_t* error) {
+ if (!error)
+ return NULL;
+ *error = KM_ERROR_UNKNOWN_ERROR;
+
+ UniquePtr<EC_KEY, ECDSA_Delete> ecdsa_key(EVP_PKEY_get1_EC_KEY(pkey));
+ if (!ecdsa_key.get())
+ return NULL;
+
+ AuthorizationSet authorizations(key_description);
+
+ size_t extracted_key_size_bits;
+ *error = get_group_size(*EC_KEY_get0_group(ecdsa_key.get()), &extracted_key_size_bits);
+ if (*error != KM_ERROR_OK)
+ return NULL;
+
+ uint32_t key_size_bits;
+ if (authorizations.GetTagValue(TAG_KEY_SIZE, &key_size_bits)) {
+ // key_size_bits specified, make sure it matches the key.
+ if (key_size_bits != extracted_key_size_bits) {
+ *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
+ return NULL;
+ }
+ } else {
+ // key_size_bits not specified, add it.
+ authorizations.push_back(TAG_KEY_SIZE, extracted_key_size_bits);
+ }
+
+ keymaster_algorithm_t algorithm;
+ if (authorizations.GetTagValue(TAG_ALGORITHM, &algorithm)) {
+ if (algorithm != KM_ALGORITHM_ECDSA) {
+ *error = KM_ERROR_IMPORT_PARAMETER_MISMATCH;
+ return NULL;
+ }
+ } else {
+ authorizations.push_back(TAG_ALGORITHM, KM_ALGORITHM_ECDSA);
+ }
+
+ // Don't bother with the other parameters. If the necessary padding, digest, purpose, etc. are
+ // missing, the error will be diagnosed when the key is used (when auth checking is
+ // implemented).
+ *error = KM_ERROR_OK;
+ return new EcdsaKey(ecdsa_key.release(), authorizations, logger);
+}
+
+/* static */
EC_GROUP* EcdsaKey::choose_group(size_t key_size_bits) {
switch (key_size_bits) {
case 192:
@@ -430,6 +566,30 @@
}
}
+/* static */
+keymaster_error_t EcdsaKey::get_group_size(const EC_GROUP& group, size_t* key_size_bits) {
+ switch (EC_GROUP_get_curve_name(&group)) {
+ case NID_X9_62_prime192v1:
+ *key_size_bits = 192;
+ break;
+ case NID_secp224r1:
+ *key_size_bits = 224;
+ break;
+ case NID_X9_62_prime256v1:
+ *key_size_bits = 256;
+ break;
+ case NID_secp384r1:
+ *key_size_bits = 384;
+ break;
+ case NID_secp521r1:
+ *key_size_bits = 521;
+ break;
+ default:
+ return KM_ERROR_UNSUPPORTED_EC_FIELD;
+ }
+ return KM_ERROR_OK;
+}
+
EcdsaKey::EcdsaKey(const KeyBlob& blob, const Logger& logger, keymaster_error_t* error)
: AsymmetricKey(blob, logger) {
if (error)
diff --git a/asymmetric_key.h b/asymmetric_key.h
index 17201e6..6279ff4 100644
--- a/asymmetric_key.h
+++ b/asymmetric_key.h
@@ -87,12 +87,16 @@
public:
static DsaKey* GenerateKey(const AuthorizationSet& key_description, const Logger& logger,
keymaster_error_t* error);
+ static DsaKey* ImportKey(const AuthorizationSet& key_description, EVP_PKEY* pkey,
+ const Logger& logger, keymaster_error_t* error);
DsaKey(const KeyBlob& blob, const Logger& logger, keymaster_error_t* error);
virtual Operation* CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
keymaster_padding_t padding, keymaster_error_t* error);
+ static size_t key_size_bits(DSA* dsa_key);
private:
+
DsaKey(DSA* dsa_key, const AuthorizationSet auths, const Logger& logger)
: AsymmetricKey(auths, logger), dsa_key_(dsa_key) {}
@@ -111,6 +115,8 @@
public:
static EcdsaKey* GenerateKey(const AuthorizationSet& key_description, const Logger& logger,
keymaster_error_t* error);
+ static EcdsaKey* ImportKey(const AuthorizationSet& key_description, EVP_PKEY* pkey,
+ const Logger& logger, keymaster_error_t* error);
EcdsaKey(const KeyBlob& blob, const Logger& logger, keymaster_error_t* error);
virtual Operation* CreateOperation(keymaster_purpose_t purpose, keymaster_digest_t digest,
@@ -121,6 +127,7 @@
: AsymmetricKey(auths, logger), ecdsa_key_(ecdsa_key) {}
static EC_GROUP* choose_group(size_t key_size_bits);
+ static keymaster_error_t get_group_size(const EC_GROUP& group, size_t* key_size_bits);
virtual int evp_key_type() { return EVP_PKEY_EC; }
virtual bool InternalToEvp(EVP_PKEY* pkey) const;
diff --git a/dsa_privkey_pk8.der b/dsa_privkey_pk8.der
new file mode 100644
index 0000000..2786bc7
--- /dev/null
+++ b/dsa_privkey_pk8.der
Binary files differ
diff --git a/ec_privkey_pk8.der b/ec_privkey_pk8.der
new file mode 100644
index 0000000..a4af673
--- /dev/null
+++ b/ec_privkey_pk8.der
Binary files differ
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index 3ed0129..7121f9d 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -865,7 +865,7 @@
Authorization(TAG_AUTH_TIMEOUT, 300),
};
- string pk8_key = read_file("privkey_pk8.der");
+ string pk8_key = read_file("rsa_privkey_pk8.der");
ASSERT_EQ(633U, pk8_key.size());
ImportKeyRequest import_request;
@@ -924,5 +924,145 @@
EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
}
+TEST_F(ImportKeyTest, DsaSuccess) {
+ keymaster_key_param_t params[] = {
+ Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
+ Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
+ Authorization(TAG_DIGEST, KM_DIGEST_NONE),
+ Authorization(TAG_PADDING, KM_PAD_NONE),
+ Authorization(TAG_USER_ID, 7),
+ Authorization(TAG_USER_AUTH_ID, 8),
+ Authorization(TAG_APPLICATION_ID, "app_id", 6),
+ Authorization(TAG_AUTH_TIMEOUT, 300),
+ };
+
+ string pk8_key = read_file("dsa_privkey_pk8.der");
+ ASSERT_EQ(335U, pk8_key.size());
+
+ ImportKeyRequest import_request;
+ import_request.key_description.Reinitialize(params, array_length(params));
+ import_request.key_format = KM_KEY_FORMAT_PKCS8;
+ import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
+
+ ImportKeyResponse import_response;
+ device.ImportKey(import_request, &import_response);
+ ASSERT_EQ(KM_ERROR_OK, import_response.error);
+ EXPECT_EQ(0U, import_response.enforced.size());
+ EXPECT_GT(import_response.unenforced.size(), 0U);
+
+ // Check values derived from the key.
+ EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
+ EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
+
+ // And values provided by GoogleKeymaster
+ EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
+ EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
+
+ size_t message_len = 48;
+ UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
+ std::fill(message.get(), message.get() + message_len, 'a');
+ SignMessage(import_response.key_blob, message.get(), message_len);
+ ASSERT_TRUE(signature() != NULL);
+
+ BeginOperationRequest begin_request;
+ BeginOperationResponse begin_response;
+ begin_request.SetKeyMaterial(import_response.key_blob);
+ begin_request.purpose = KM_PURPOSE_VERIFY;
+ AddClientParams(&begin_request.additional_params);
+
+ device.BeginOperation(begin_request, &begin_response);
+ ASSERT_EQ(KM_ERROR_OK, begin_response.error);
+
+ UpdateOperationRequest update_request;
+ UpdateOperationResponse update_response;
+ update_request.op_handle = begin_response.op_handle;
+ update_request.input.Reinitialize(message.get(), message_len);
+ EXPECT_EQ(message_len, update_request.input.available_read());
+
+ device.UpdateOperation(update_request, &update_response);
+ ASSERT_EQ(KM_ERROR_OK, update_response.error);
+ EXPECT_EQ(0U, update_response.output.available_read());
+
+ FinishOperationRequest finish_request;
+ finish_request.op_handle = begin_response.op_handle;
+ finish_request.signature.Reinitialize(*signature());
+ FinishOperationResponse finish_response;
+ device.FinishOperation(finish_request, &finish_response);
+ ASSERT_EQ(KM_ERROR_OK, finish_response.error);
+ EXPECT_EQ(0U, finish_response.output.available_read());
+
+ EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
+}
+
+TEST_F(ImportKeyTest, EcdsaSuccess) {
+ keymaster_key_param_t params[] = {
+ Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
+ Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
+ Authorization(TAG_DIGEST, KM_DIGEST_NONE),
+ Authorization(TAG_PADDING, KM_PAD_NONE),
+ Authorization(TAG_USER_ID, 7),
+ Authorization(TAG_USER_AUTH_ID, 8),
+ Authorization(TAG_APPLICATION_ID, "app_id", 6),
+ Authorization(TAG_AUTH_TIMEOUT, 300),
+ };
+
+ string pk8_key = read_file("ec_privkey_pk8.der");
+ ASSERT_EQ(138U, pk8_key.size());
+
+ ImportKeyRequest import_request;
+ import_request.key_description.Reinitialize(params, array_length(params));
+ import_request.key_format = KM_KEY_FORMAT_PKCS8;
+ import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
+
+ ImportKeyResponse import_response;
+ device.ImportKey(import_request, &import_response);
+ ASSERT_EQ(KM_ERROR_OK, import_response.error);
+ EXPECT_EQ(0U, import_response.enforced.size());
+ EXPECT_GT(import_response.unenforced.size(), 0U);
+
+ // Check values derived from the key.
+ EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+ EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 256));
+
+ // And values provided by GoogleKeymaster
+ EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
+ EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
+
+ size_t message_len = 1024 / 8;
+ UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
+ std::fill(message.get(), message.get() + message_len, 'a');
+ SignMessage(import_response.key_blob, message.get(), message_len);
+ ASSERT_TRUE(signature() != NULL);
+
+ BeginOperationRequest begin_request;
+ BeginOperationResponse begin_response;
+ begin_request.SetKeyMaterial(import_response.key_blob);
+ begin_request.purpose = KM_PURPOSE_VERIFY;
+ AddClientParams(&begin_request.additional_params);
+
+ device.BeginOperation(begin_request, &begin_response);
+ ASSERT_EQ(KM_ERROR_OK, begin_response.error);
+
+ UpdateOperationRequest update_request;
+ UpdateOperationResponse update_response;
+ update_request.op_handle = begin_response.op_handle;
+ update_request.input.Reinitialize(message.get(), message_len);
+ EXPECT_EQ(message_len, update_request.input.available_read());
+
+ device.UpdateOperation(update_request, &update_response);
+ ASSERT_EQ(KM_ERROR_OK, update_response.error);
+ EXPECT_EQ(0U, update_response.output.available_read());
+
+ FinishOperationRequest finish_request;
+ finish_request.op_handle = begin_response.op_handle;
+ finish_request.signature.Reinitialize(*signature());
+ FinishOperationResponse finish_response;
+ device.FinishOperation(finish_request, &finish_response);
+ ASSERT_EQ(KM_ERROR_OK, finish_response.error);
+ EXPECT_EQ(0U, finish_response.output.available_read());
+
+ EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
+}
+
} // namespace test
} // namespace keymaster
diff --git a/include/keymaster/keymaster_defs.h b/include/keymaster/keymaster_defs.h
index 371f72c..ab0676f 100644
--- a/include/keymaster/keymaster_defs.h
+++ b/include/keymaster/keymaster_defs.h
@@ -366,6 +366,7 @@
KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47,
KM_ERROR_SECURE_HW_BUSY =-48,
KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49,
+ KM_ERROR_UNSUPPORTED_EC_FIELD = -50,
KM_ERROR_UNIMPLEMENTED = -100,
/* Additional error codes may be added by implementations, but implementers should coordinate
diff --git a/key.cpp b/key.cpp
index 2424800..74cb508 100644
--- a/key.cpp
+++ b/key.cpp
@@ -105,7 +105,9 @@
case EVP_PKEY_RSA:
return RsaKey::ImportKey(key_description, pkey.get(), logger, error);
case EVP_PKEY_DSA:
+ return DsaKey::ImportKey(key_description, pkey.get(), logger, error);
case EVP_PKEY_EC:
+ return EcdsaKey::ImportKey(key_description, pkey.get(), logger, error);
default:
*error = KM_ERROR_UNSUPPORTED_ALGORITHM;
return NULL;
diff --git a/privkey_pk8.der b/rsa_privkey_pk8.der
similarity index 100%
rename from privkey_pk8.der
rename to rsa_privkey_pk8.der
Binary files differ