/*
* Copyright 2015 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <keymaster/km_openssl/nist_curve_key_exchange.h>
#include <openssl/ec.h>
#include <openssl/ecdh.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <keymaster/km_openssl/openssl_err.h>
namespace keymaster {
NistCurveKeyExchange::NistCurveKeyExchange(EC_KEY* private_key, keymaster_error_t* error)
: private_key_(private_key) {
if (!private_key_.get() || !EC_KEY_check_key(private_key_.get())) {
*error = KM_ERROR_INVALID_ARGUMENT;
return;
}
*error = ExtractPublicKey();
}
/* static */
NistCurveKeyExchange* NistCurveKeyExchange::GenerateKeyExchange(keymaster_ec_curve_t curve) {
int curve_name;
switch (curve) {
case KM_EC_CURVE_P_224:
curve_name = NID_secp224r1;
break;
case KM_EC_CURVE_P_256:
curve_name = NID_X9_62_prime256v1;
break;
case KM_EC_CURVE_P_384:
curve_name = NID_secp384r1;
break;
case KM_EC_CURVE_P_521:
curve_name = NID_secp521r1;
break;
default:
LOG_E("Not a NIST curve: %d", curve);
return nullptr;
}
UniquePtr<EC_KEY, EC_KEY_Delete> key(EC_KEY_new_by_curve_name(curve_name));
if (!key.get() || !EC_KEY_generate_key(key.get())) {
return nullptr;
}
keymaster_error_t error;
UniquePtr<NistCurveKeyExchange> key_exchange(new (std::nothrow)
NistCurveKeyExchange(key.get(), &error));
if (!key_exchange.get()) error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
if (error != KM_ERROR_OK) return nullptr;
(void)key.release();
return key_exchange.release();
}
keymaster_error_t NistCurveKeyExchange::ExtractPublicKey() {
const EC_GROUP* group = EC_KEY_get0_group(private_key_.get());
size_t field_len_bits;
keymaster_error_t error = ec_get_group_size(group, &field_len_bits);
if (error != KM_ERROR_OK) return error;
shared_secret_len_ = (field_len_bits + 7) / 8;
public_key_len_ = 1 + 2 * shared_secret_len_;
public_key_.reset(new (std::nothrow) uint8_t[public_key_len_]);
if (!public_key_.get()) return KM_ERROR_MEMORY_ALLOCATION_FAILED;
if (EC_POINT_point2oct(group, EC_KEY_get0_public_key(private_key_.get()),
POINT_CONVERSION_UNCOMPRESSED, public_key_.get(), public_key_len_,
nullptr /* ctx */) != public_key_len_) {
return TranslateLastOpenSslError();
}
return KM_ERROR_OK;
}
bool NistCurveKeyExchange::CalculateSharedKey(const Buffer& peer_public_value,
Buffer* out_result) const {
return CalculateSharedKey(peer_public_value.peek_read(), peer_public_value.available_read(),
out_result);
}
bool NistCurveKeyExchange::CalculateSharedKey(const uint8_t* peer_public_value,
size_t peer_public_value_len,
Buffer* out_result) const {
const EC_GROUP* group = EC_KEY_get0_group(private_key_.get());
UniquePtr<EC_POINT, EC_POINT_Delete> point(EC_POINT_new(group));
if (!point.get() ||
!EC_POINT_oct2point(/* also test if point is on curve */
group, point.get(), peer_public_value, peer_public_value_len,
nullptr /* ctx */) ||
!EC_POINT_is_on_curve(group, point.get(), nullptr /* ctx */)) {
LOG_E("Can't convert peer public value to point: %d", TranslateLastOpenSslError());
return false;
}
UniquePtr<uint8_t[]> result(new (std::nothrow) uint8_t[shared_secret_len_]);
if (!result.get()) return false;
if (ECDH_compute_key(result.get(), shared_secret_len_, point.get(), private_key_.get(),
nullptr /* kdf */) != static_cast<int>(shared_secret_len_)) {
LOG_E("Can't compute ECDH shared key: %d", TranslateLastOpenSslError());
return false;
}
out_result->Reinitialize(result.get(), shared_secret_len_);
return true;
}
bool NistCurveKeyExchange::public_value(Buffer* public_value) const {
if (public_key_.get() != nullptr && public_key_len_ != 0) {
return public_value->Reinitialize(public_key_.get(), public_key_len_);
}
return false;
}
} // namespace keymaster