openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge changes from topic \'boringssl_conversion\' am: 52eb93c am: 0781351 

am: 9c4a0e0

* commit '9c4a0e021607f9da6130658530110e84eefc8ed9':
  Switch fs_mgr and adb to libcrypto_utils.
  Add libcrypto_utils.

Change-Id: Ifc84a632bfc58b6d7034d3feb3cc435ef706c54f
This commit is contained in:
Mattias Nissler 2016-04-13 01:50:10 +00:00 committed by android-build-merger
parent ea54f236f1 9c4a0e0216
commit e21165406f
14 changed files with 559 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
adb/Android.mk
View File

@ -108,7 +108,7 @@ LOCAL_SANITIZE := $(adb_target_sanitize)
# Even though we're building a static library (and thus there's no link step for
# this to take effect), this adds the includes to our path.
LOCAL_STATIC_LIBRARIES := libbase
LOCAL_STATIC_LIBRARIES := libcrypto_utils_static libcrypto_static libbase
include $(BUILD_STATIC_LIBRARY)
@ -131,7 +131,7 @@ LOCAL_SANITIZE := $(adb_host_sanitize)
# Even though we're building a static library (and thus there's no link step for
# this to take effect), this adds the includes to our path.
LOCAL_STATIC_LIBRARIES := libcrypto_static libbase
LOCAL_STATIC_LIBRARIES := libcrypto_utils_static libcrypto_static libbase
LOCAL_C_INCLUDES_windows := development/host/windows/usb/api/
LOCAL_MULTILIB := first
@ -151,7 +151,7 @@ LOCAL_SRC_FILES := \
shell_service_test.cpp \
LOCAL_SANITIZE := $(adb_target_sanitize)
LOCAL_STATIC_LIBRARIES := libadbd
LOCAL_STATIC_LIBRARIES := libadbd libcrypto_utils_static libcrypto_static
LOCAL_SHARED_LIBRARIES := liblog libbase libcutils
include $(BUILD_NATIVE_TEST)
@ -191,6 +191,7 @@ LOCAL_SANITIZE := $(adb_host_sanitize)
LOCAL_SHARED_LIBRARIES := libbase
LOCAL_STATIC_LIBRARIES := \
libadb \
libcrypto_utils_static \
libcrypto_static \
libcutils \
libdiagnose_usb \
@ -219,7 +220,7 @@ LOCAL_CFLAGS_darwin := $(LIBADB_darwin_CFLAGS)
LOCAL_SRC_FILES := test_track_devices.cpp
LOCAL_SANITIZE := $(adb_host_sanitize)
LOCAL_SHARED_LIBRARIES := libbase
LOCAL_STATIC_LIBRARIES := libadb libcrypto_static libcutils
LOCAL_STATIC_LIBRARIES := libadb libcrypto_utils_static libcrypto_static libcutils
LOCAL_LDLIBS += -lrt -ldl -lpthread
include $(BUILD_HOST_EXECUTABLE)
endif
@ -271,6 +272,7 @@ LOCAL_SANITIZE := $(adb_host_sanitize)
LOCAL_STATIC_LIBRARIES := \
libadb \
libbase \
libcrypto_utils_static \
libcrypto_static \
libdiagnose_usb \
liblog \
@ -342,11 +344,11 @@ LOCAL_STATIC_LIBRARIES := \
libfec_rs \
libselinux \
liblog \
libmincrypt \
libext4_utils_static \
libsquashfs_utils \
libcutils \
libbase \
libcrypto_utils_static \
libcrypto_static \
libminijail

3
adb/adb.cpp
View File

@ -353,7 +353,8 @@ void handle_packet(apacket *p, atransport *t)
send_auth_publickey(t);
}
} else if (p->msg.arg0 == ADB_AUTH_SIGNATURE) {
if (adb_auth_verify(t->token, p->data, p->msg.data_length)) {
if (adb_auth_verify(t->token, sizeof(t->token),
p->data, p->msg.data_length)) {
adb_auth_verified(t);
t->failed_auth_attempts = 0;
} else {

19
adb/adb_auth.h
View File

@ -43,9 +43,15 @@ int adb_auth_sign(void *key, const unsigned char* token, size_t token_size,
void *adb_auth_nextkey(void *current);
int adb_auth_get_userkey(unsigned char *data, size_t len);
static inline int adb_auth_generate_token(void *token, size_t token_size) { return 0; }
static inline int adb_auth_verify(void *token, void *sig, int siglen) { return 0; }
static inline void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t) { }
static inline int adb_auth_generate_token(void *token, size_t token_size) {
return 0;
}
static inline int adb_auth_verify(void *token, size_t token_size,
void *sig, int siglen) {
return 0;
}
static inline void adb_auth_confirm_key(unsigned char *data, size_t len,
atransport *t) {}
#else // !ADB_HOST
@ -54,12 +60,15 @@ static inline int adb_auth_sign(void* key, const unsigned char* token,
return 0;
}
static inline void *adb_auth_nextkey(void *current) { return NULL; }
static inline int adb_auth_get_userkey(unsigned char *data, size_t len) { return 0; }
static inline int adb_auth_get_userkey(unsigned char *data, size_t len) {
return 0;
}
void adbd_auth_init(void);
void adbd_cloexec_auth_socket();
int adb_auth_generate_token(void *token, size_t token_size);
int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen);
int adb_auth_verify(uint8_t* token, size_t token_size,
uint8_t* sig, int siglen);
void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t);
#endif // ADB_HOST

35
adb/adb_auth_client.cpp
View File

@ -23,10 +23,14 @@
#include <stdio.h>
#include <string.h>
#include <openssl/obj_mac.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
#include <crypto_utils/android_pubkey.h>
#include "cutils/list.h"
#include "cutils/sockets.h"
#include "mincrypt/rsa.h"
#include "mincrypt/sha.h"
#include "adb.h"
#include "fdevent.h"
@ -34,7 +38,7 @@
struct adb_public_key {
struct listnode node;
RSAPublicKey key;
RSA* key;
};
static const char *key_paths[] = {
@ -66,9 +70,8 @@ static void read_keys(const char *file, struct listnode *list)
}
while (fgets(buf, sizeof(buf), f)) {
/* Allocate 4 extra bytes to decode the base64 data in-place */
auto key = reinterpret_cast<adb_public_key*>(
calloc(1, sizeof(adb_public_key) + 4));
calloc(1, sizeof(adb_public_key)));
if (key == nullptr) {
D("Can't malloc key");
break;
@ -78,15 +81,18 @@ static void read_keys(const char *file, struct listnode *list)
if (sep)
*sep = '\0';
ret = __b64_pton(buf, (u_char *)&key->key, sizeof(key->key) + 4);
if (ret != sizeof(key->key)) {
// b64_pton requires one additional byte in the target buffer for
// decoding to succeed. See http://b/28035006 for details.
uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
ret = __b64_pton(buf, keybuf, sizeof(keybuf));
if (ret != ANDROID_PUBKEY_ENCODED_SIZE) {
D("%s: Invalid base64 data ret=%d", file, ret);
free(key);
continue;
}
if (key->key.len != RSANUMWORDS) {
D("%s: Invalid key len %d", file, key->key.len);
if (!android_pubkey_decode(keybuf, ret, &key->key)) {
D("%s: Failed to parse key", file);
free(key);
continue;
}
@ -104,7 +110,9 @@ static void free_keys(struct listnode *list)
while (!list_empty(list)) {
item = list_head(list);
list_remove(item);
free(node_to_item(item, struct adb_public_key, node));
adb_public_key* key = node_to_item(item, struct adb_public_key, node);
RSA_free(key->key);
free(key);
}
}
@ -139,20 +147,17 @@ int adb_auth_generate_token(void *token, size_t token_size)
return ret * token_size;
}
int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen)
int adb_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int siglen)
{
struct listnode *item;
struct listnode key_list;
int ret = 0;
if (siglen != RSANUMBYTES)
return 0;
load_keys(&key_list);
list_for_each(item, &key_list) {
adb_public_key* key = node_to_item(item, struct adb_public_key, node);
ret = RSA_verify(&key->key, sig, siglen, token, SHA_DIGEST_SIZE);
ret = RSA_verify(NID_sha1, token, token_size, sig, siglen, key->key);
if (ret)
break;
}

105
adb/adb_auth_host.cpp
View File

@ -37,14 +37,9 @@
#include "adb.h"
/* HACK: we need the RSAPublicKey struct
* but RSA_verify conflits with openssl */
#define RSA_verify RSA_verify_mincrypt
#include "mincrypt/rsa.h"
#undef RSA_verify
#include <android-base/errors.h>
#include <android-base/strings.h>
#include <crypto_utils/android_pubkey.h>
#include <cutils/list.h>
#include <openssl/evp.h>
@ -68,54 +63,6 @@ struct adb_private_key {
static struct listnode key_list;
/* Convert OpenSSL RSA private key to android pre-computed RSAPublicKey format */
static int RSA_to_RSAPublicKey(RSA *rsa, RSAPublicKey *pkey)
{
int ret = 1;
unsigned int i;
BN_CTX* ctx = BN_CTX_new();
BIGNUM* r32 = BN_new();
BIGNUM* rr = BN_new();
BIGNUM* r = BN_new();
BIGNUM* rem = BN_new();
BIGNUM* n = BN_new();
BIGNUM* n0inv = BN_new();
if (RSA_size(rsa) != RSANUMBYTES) {
ret = 0;
goto out;
}
BN_set_bit(r32, 32);
BN_copy(n, rsa->n);
BN_set_bit(r, RSANUMWORDS * 32);
BN_mod_sqr(rr, r, n, ctx);
BN_div(NULL, rem, n, r32, ctx);
BN_mod_inverse(n0inv, rem, r32, ctx);
pkey->len = RSANUMWORDS;
pkey->n0inv = 0 - BN_get_word(n0inv);
for (i = 0; i < RSANUMWORDS; i++) {
BN_div(rr, rem, rr, r32, ctx);
pkey->rr[i] = BN_get_word(rem);
BN_div(n, rem, n, r32, ctx);
pkey->n[i] = BN_get_word(rem);
}
pkey->exponent = BN_get_word(rsa->e);
out:
BN_free(n0inv);
BN_free(n);
BN_free(rem);
BN_free(r);
BN_free(rr);
BN_free(r32);
BN_CTX_free(ctx);
return ret;
}
static void get_user_info(char *buf, size_t len)
{
char hostname[1024], username[1024];
@ -156,53 +103,55 @@ static void get_user_info(char *buf, size_t len)
static int write_public_keyfile(RSA *private_key, const char *private_key_path)
{
RSAPublicKey pkey;
uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE];
uint8_t* base64_key_data = nullptr;
size_t base64_key_length = 0;
FILE *outfile = NULL;
char path[PATH_MAX], info[MAX_PAYLOAD_V1];
uint8_t* encoded = nullptr;
size_t encoded_length;
int ret = 0;
if (snprintf(path, sizeof(path), "%s.pub", private_key_path) >=
(int)sizeof(path)) {
D("Path too long while writing public key");
return 0;
}
if (!RSA_to_RSAPublicKey(private_key, &pkey)) {
if (!android_pubkey_encode(private_key, binary_key_data,
sizeof(binary_key_data))) {
D("Failed to convert to publickey");
return 0;
}
outfile = fopen(path, "w");
if (!outfile) {
D("Failed to open '%s'", path);
return 0;
goto out;
}
D("Writing public key to '%s'", path);
#if defined(OPENSSL_IS_BORINGSSL)
if (!EVP_EncodedLength(&encoded_length, sizeof(pkey))) {
if (!EVP_EncodedLength(&base64_key_length, sizeof(binary_key_data))) {
D("Public key too large to base64 encode");
goto out;
}
#else
/* While we switch from OpenSSL to BoringSSL we have to implement
* |EVP_EncodedLength| here. */
encoded_length = 1 + ((sizeof(pkey) + 2) / 3 * 4);
base64_key_length = 1 + ((sizeof(binary_key_data) + 2) / 3 * 4);
#endif
encoded = new uint8_t[encoded_length];
if (encoded == nullptr) {
base64_key_data = new uint8_t[base64_key_length];
if (base64_key_data == nullptr) {
D("Allocation failure");
goto out;
}
encoded_length = EVP_EncodeBlock(encoded, (uint8_t*) &pkey, sizeof(pkey));
base64_key_length = EVP_EncodeBlock(base64_key_data, binary_key_data,
sizeof(binary_key_data));
get_user_info(info, sizeof(info));
if (fwrite(encoded, encoded_length, 1, outfile) != 1 ||
if (snprintf(path, sizeof(path), "%s.pub", private_key_path) >=
(int)sizeof(path)) {
D("Path too long while writing public key");
goto out;
}
outfile = fopen(path, "w");
if (!outfile) {
D("Failed to open '%s'", path);
goto out;
}
if (fwrite(base64_key_data, base64_key_length, 1, outfile) != 1 ||
fwrite(info, strlen(info), 1, outfile) != 1) {
D("Write error while writing public key");
goto out;
@ -214,7 +163,7 @@ static int write_public_keyfile(RSA *private_key, const char *private_key_path)
if (outfile != NULL) {
fclose(outfile);
}
delete[] encoded;
delete[] base64_key_data;
return ret;
}

2
fs_mgr/Android.mk
View File

@ -7,7 +7,7 @@ common_static_libraries := \
libfec \
libfec_rs \
libbase \
libmincrypt \
libcrypto_utils_static \
libcrypto_static \
libext4_utils_static \
libsquashfs_utils

29
fs_mgr/fs_mgr.c
View File

@ -14,35 +14,32 @@
* limitations under the License.
*/
#include <ctype.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <libgen.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <errno.h>
#include <sys/swap.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <libgen.h>
#include <time.h>
#include <sys/swap.h>
#include <dirent.h>
#include <ext4.h>
#include <ext4_sb.h>
#include <ext4_crypt_init_extensions.h>
#include <unistd.h>
#include <ext4.h>
#include <ext4_crypt_init_extensions.h>
#include <ext4_sb.h>
#include <linux/loop.h>
#include <private/android_filesystem_config.h>
#include <cutils/android_reboot.h>
#include <cutils/partition_utils.h>
#include <cutils/properties.h>
#include <linux/loop.h>
#include <logwrap/logwrap.h>
#include "mincrypt/rsa.h"
#include "mincrypt/sha.h"
#include "mincrypt/sha256.h"
#include <private/android_filesystem_config.h>
#include "ext4_utils.h"
#include "wipe.h"

80
fs_mgr/fs_mgr_verity.cpp
View File

@ -14,29 +14,29 @@
* limitations under the License.
*/
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <inttypes.h>
#include <libgen.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <libgen.h>
#include <time.h>
#include <unistd.h>
#include <android-base/file.h>
#include <private/android_filesystem_config.h>
#include <crypto_utils/android_pubkey.h>
#include <cutils/properties.h>
#include <logwrap/logwrap.h>
#include "mincrypt/rsa.h"
#include "mincrypt/sha.h"
#include "mincrypt/sha256.h"
#include <openssl/obj_mac.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
#include <private/android_filesystem_config.h>
#include "fec/io.h"
@ -83,48 +83,45 @@ struct verity_state {
extern struct fs_info info;
static RSAPublicKey *load_key(const char *path)
static RSA *load_key(const char *path)
{
RSAPublicKey* key = static_cast<RSAPublicKey*>(malloc(sizeof(RSAPublicKey)));
if (!key) {
ERROR("Can't malloc key\n");
return NULL;
}
uint8_t key_data[ANDROID_PUBKEY_ENCODED_SIZE];
FILE* f = fopen(path, "r");
if (!f) {
ERROR("Can't open '%s'\n", path);
free(key);
free(key_data);
return NULL;
}
if (!fread(key, sizeof(*key), 1, f)) {
if (!fread(key_data, sizeof(key_data), 1, f)) {
ERROR("Could not read key!\n");
fclose(f);
free(key);
return NULL;
}
if (key->len != RSANUMWORDS) {
ERROR("Invalid key length %d\n", key->len);
fclose(f);
free(key);
free(key_data);
return NULL;
}
fclose(f);
RSA* key = NULL;
if (!android_pubkey_decode(key_data, sizeof(key_data), &key)) {
ERROR("Could not parse key!\n");
free(key_data);
return NULL;
}
return key;
}
static int verify_table(const uint8_t *signature, const char *table,
uint32_t table_length)
static int verify_table(const uint8_t *signature, size_t signature_size,
const char *table, uint32_t table_length)
{
RSAPublicKey *key;
uint8_t hash_buf[SHA256_DIGEST_SIZE];
RSA *key;
uint8_t hash_buf[SHA256_DIGEST_LENGTH];
int retval = -1;
// Hash the table
SHA256_hash((uint8_t*)table, table_length, hash_buf);
SHA256((uint8_t*)table, table_length, hash_buf);
// Now get the public key from the keyfile
key = load_key(VERITY_TABLE_RSA_KEY);
@ -134,11 +131,8 @@ static int verify_table(const uint8_t *signature, const char *table,
}
// verify the result
if (!RSA_verify(key,
signature,
RSANUMBYTES,
(uint8_t*) hash_buf,
SHA256_DIGEST_SIZE)) {
if (!RSA_verify(NID_sha256, hash_buf, sizeof(hash_buf), signature,
signature_size, key)) {
ERROR("Couldn't verify table\n");
goto out;
}
@ -146,7 +140,7 @@ static int verify_table(const uint8_t *signature, const char *table,
retval = 0;
out:
free(key);
RSA_free(key);
return retval;
}
@ -610,8 +604,8 @@ static int compare_last_signature(struct fstab_rec *fstab, int *match)
off64_t offset = 0;
struct fec_handle *f = NULL;
struct fec_verity_metadata verity;
uint8_t curr[SHA256_DIGEST_SIZE];
uint8_t prev[SHA256_DIGEST_SIZE];
uint8_t curr[SHA256_DIGEST_LENGTH];
uint8_t prev[SHA256_DIGEST_LENGTH];
*match = 1;
@ -629,7 +623,7 @@ static int compare_last_signature(struct fstab_rec *fstab, int *match)
goto out;
}
SHA256_hash(verity.signature, RSANUMBYTES, curr);
SHA256(verity.signature, sizeof(verity.signature), curr);
if (snprintf(tag, sizeof(tag), VERITY_LASTSIG_TAG "_%s",
basename(fstab->mount_point)) >= (int)sizeof(tag)) {
@ -637,7 +631,7 @@ static int compare_last_signature(struct fstab_rec *fstab, int *match)
goto out;
}
if (metadata_find(fstab->verity_loc, tag, SHA256_DIGEST_SIZE,
if (metadata_find(fstab->verity_loc, tag, SHA256_DIGEST_LENGTH,
&offset) < 0) {
goto out;
}
@ -656,7 +650,7 @@ static int compare_last_signature(struct fstab_rec *fstab, int *match)
goto out;
}
*match = !memcmp(curr, prev, SHA256_DIGEST_SIZE);
*match = !memcmp(curr, prev, SHA256_DIGEST_LENGTH);
if (!*match) {
/* update current signature hash */
@ -919,7 +913,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab)
}
// verify the signature on the table
if (verify_table(verity.signature, verity.table,
if (verify_table(verity.signature, sizeof(verity.signature), verity.table,
verity.table_length) < 0) {
if (params.mode == VERITY_MODE_LOGGING) {
// the user has been warned, allow mounting without dm-verity

2
init/Android.mk
View File

@ -96,7 +96,7 @@ LOCAL_STATIC_LIBRARIES := \
libc \
libselinux \
liblog \
libmincrypt \
libcrypto_utils_static \
libcrypto_static \
libc++_static \
libdl \

56
libcrypto_utils/Android.mk Normal file
View File

@ -0,0 +1,56 @@
#
# Copyright (C) 2016 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := libcrypto_utils
LOCAL_SRC_FILES := android_pubkey.c
LOCAL_CFLAGS := -Wall -Werror -Wextra -std=c99
LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
LOCAL_SHARED_LIBRARIES := libcrypto
include $(BUILD_SHARED_LIBRARY)
include $(CLEAR_VARS)
LOCAL_MODULE := libcrypto_utils
LOCAL_SRC_FILES := android_pubkey.c
LOCAL_CFLAGS := -Wall -Werror -Wextra -std=c99
LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
LOCAL_SHARED_LIBRARIES := libcrypto-host
include $(BUILD_HOST_SHARED_LIBRARY)
include $(CLEAR_VARS)
LOCAL_MODULE := libcrypto_utils_static
LOCAL_SRC_FILES := android_pubkey.c
LOCAL_CFLAGS := -Wall -Werror -Wextra -std=c99
LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
LOCAL_STATIC_LIBRARIES := libcrypto_static
include $(BUILD_STATIC_LIBRARY)
include $(CLEAR_VARS)
LOCAL_MODULE := libcrypto_utils_static
LOCAL_MODULE_HOST_OS := darwin linux windows
LOCAL_SRC_FILES := android_pubkey.c
LOCAL_CFLAGS := -Wall -Werror -Wextra -std=c99
LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
LOCAL_STATIC_LIBRARIES := libcrypto_static
include $(BUILD_HOST_STATIC_LIBRARY)
include $(call all-makefiles-under,$(LOCAL_PATH))

167
libcrypto_utils/android_pubkey.c Normal file
View File

@ -0,0 +1,167 @@
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <crypto_utils/android_pubkey.h>
#include <assert.h>
#include <stdlib.h>
#include <string.h>
// Better safe than sorry.
#if (ANDROID_PUBKEY_MODULUS_SIZE % 4) != 0
#error RSA modulus size must be multiple of the word size!
#endif
// Size of the RSA modulus in words.
#define ANDROID_PUBKEY_MODULUS_SIZE_WORDS (ANDROID_PUBKEY_MODULUS_SIZE / 4)
// This file implements encoding and decoding logic for Android's custom RSA
// public key binary format. Public keys are stored as a sequence of
// little-endian 32 bit words. Note that Android only supports little-endian
// processors, so we don't do any byte order conversions when parsing the binary
// struct.
typedef struct RSAPublicKey {
// Modulus length. This must be ANDROID_PUBKEY_MODULUS_SIZE.
uint32_t modulus_size_words;
// Precomputed montgomery parameter: -1 / n[0] mod 2^32
uint32_t n0inv;
// RSA modulus as a little-endian array.
uint8_t modulus[ANDROID_PUBKEY_MODULUS_SIZE];
// Montgomery parameter R^2 as a little-endian array of little-endian words.
uint8_t rr[ANDROID_PUBKEY_MODULUS_SIZE];
// RSA modulus: 3 or 65537
uint32_t exponent;
} RSAPublicKey;
// Reverses byte order in |buffer|.
static void reverse_bytes(uint8_t* buffer, size_t size) {
for (size_t i = 0; i < (size + 1) / 2; ++i) {
uint8_t tmp = buffer[i];
buffer[i] = buffer[size - i - 1];
buffer[size - i - 1] = tmp;
}
}
bool android_pubkey_decode(const uint8_t* key_buffer, size_t size, RSA** key) {
const RSAPublicKey* key_struct = (RSAPublicKey*)key_buffer;
bool ret = false;
uint8_t modulus_buffer[ANDROID_PUBKEY_MODULUS_SIZE];
RSA* new_key = RSA_new();
if (!new_key) {
goto cleanup;
}
// Check |size| is large enough and the modulus size is correct.
if (size < sizeof(RSAPublicKey)) {
goto cleanup;
}
if (key_struct->modulus_size_words != ANDROID_PUBKEY_MODULUS_SIZE_WORDS) {
goto cleanup;
}
// Convert the modulus to big-endian byte order as expected by BN_bin2bn.
memcpy(modulus_buffer, key_struct->modulus, sizeof(modulus_buffer));
reverse_bytes(modulus_buffer, sizeof(modulus_buffer));
new_key->n = BN_bin2bn(modulus_buffer, sizeof(modulus_buffer), NULL);
if (!new_key->n) {
goto cleanup;
}
// Read the exponent.
new_key->e = BN_new();
if (!new_key->e || !BN_set_word(new_key->e, key_struct->exponent)) {
goto cleanup;
}
// Note that we don't extract the montgomery parameters n0inv and rr from
// the RSAPublicKey structure. They assume a word size of 32 bits, but
// BoringSSL may use a word size of 64 bits internally, so we're lacking the
// top 32 bits of n0inv in general. For now, we just ignore the parameters
// and have BoringSSL recompute them internally. More sophisticated logic can
// be added here if/when we want the additional speedup from using the
// pre-computed montgomery parameters.
*key = new_key;
ret = true;
cleanup:
if (!ret && new_key) {
RSA_free(new_key);
}
return ret;
}
static bool android_pubkey_encode_bignum(const BIGNUM* num, uint8_t* buffer) {
if (!BN_bn2bin_padded(buffer, ANDROID_PUBKEY_MODULUS_SIZE, num)) {
return false;
}
reverse_bytes(buffer, ANDROID_PUBKEY_MODULUS_SIZE);
return true;
}
bool android_pubkey_encode(const RSA* key, uint8_t* key_buffer, size_t size) {
RSAPublicKey* key_struct = (RSAPublicKey*)key_buffer;
bool ret = false;
BN_CTX* ctx = BN_CTX_new();
BIGNUM* r32 = BN_new();
BIGNUM* n0inv = BN_new();
BIGNUM* rr = BN_new();
if (sizeof(RSAPublicKey) > size ||
RSA_size(key) != ANDROID_PUBKEY_MODULUS_SIZE) {
goto cleanup;
}
// Store the modulus size.
key_struct->modulus_size_words = ANDROID_PUBKEY_MODULUS_SIZE_WORDS;
// Compute and store n0inv = -1 / N[0] mod 2^32.
if (!ctx || !r32 || !n0inv || !BN_set_bit(r32, 32) ||
!BN_mod(n0inv, key->n, r32, ctx) ||
!BN_mod_inverse(n0inv, n0inv, r32, ctx) || !BN_sub(n0inv, r32, n0inv)) {
goto cleanup;
}
key_struct->n0inv = (uint32_t)BN_get_word(n0inv);
// Store the modulus.
if (!android_pubkey_encode_bignum(key->n, key_struct->modulus)) {
goto cleanup;
}
// Compute and store rr = (2^(rsa_size)) ^ 2 mod N.
if (!ctx || !rr || !BN_set_bit(rr, ANDROID_PUBKEY_MODULUS_SIZE * 8) ||
!BN_mod_sqr(rr, rr, key->n, ctx) ||
!android_pubkey_encode_bignum(rr, key_struct->rr)) {
goto cleanup;
}
// Store the exponent.
key_struct->exponent = (uint32_t)BN_get_word(key->e);
ret = true;
cleanup:
BN_free(rr);
BN_free(n0inv);
BN_free(r32);
BN_CTX_free(ctx);
return ret;
}

61
libcrypto_utils/include/crypto_utils/android_pubkey.h Normal file
View File

@ -0,0 +1,61 @@
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CRYPTO_UTILS_ANDROID_PUBKEY_H
#define CRYPTO_UTILS_ANDROID_PUBKEY_H
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <openssl/rsa.h>
#ifdef __cplusplus
extern "C" {
#endif
// Size of an RSA modulus such as an encrypted block or a signature.
#define ANDROID_PUBKEY_MODULUS_SIZE (2048 / 8)
// Size of an encoded RSA key.
#define ANDROID_PUBKEY_ENCODED_SIZE \
(3 * sizeof(uint32_t) + 2 * ANDROID_PUBKEY_MODULUS_SIZE)
/* Allocates a new RSA |key| object, decodes a public RSA key stored in
* Android's custom binary format from |key_buffer| and sets the key parameters
* in |key|. |size| specifies the size of the key buffer and must be at least
* |ANDROID_PUBKEY_ENCODED_SIZE|. The resulting |*key| can be used with the
* standard BoringSSL API to perform public operations.
*
* Returns true if successful, in which case the caller receives ownership of
* the |*key| object, i.e. needs to call RSA_free() when done with it. If there
* is an error, |key| is left untouched and the return value will be false.
*/
bool android_pubkey_decode(const uint8_t* key_buffer, size_t size, RSA** key);
/* Encodes |key| in the Android RSA public key binary format and stores the
* bytes in |key_buffer|. |key_buffer| should be of size at least
* |ANDROID_PUBKEY_ENCODED_SIZE|.
*
* Returns true if successful, false on error.
*/
bool android_pubkey_encode(const RSA* key, uint8_t* key_buffer, size_t size);
#ifdef __cplusplus
} // extern "C"
#endif
#endif // CRYPTO_UTILS_ANDROID_PUBKEY_H

24
libcrypto_utils/tests/Android.mk Normal file
View File

@ -0,0 +1,24 @@
#
# Copyright (C) 2016 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := libcrypto_utils_test
LOCAL_SRC_FILES := android_pubkey_test.cpp
LOCAL_CFLAGS := -Wall -Werror -Wextra -std=c++11
LOCAL_SHARED_LIBRARIES := libcrypto_utils libcrypto-host
include $(BUILD_HOST_NATIVE_TEST)

129
libcrypto_utils/tests/android_pubkey_test.cpp Normal file
View File

@ -0,0 +1,129 @@
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <crypto_utils/android_pubkey.h>
#include <string.h>
#include <memory>
#include <openssl/obj_mac.h>
#include <openssl/rsa.h>
#include <gtest/gtest.h>
// Test digest to verify.
const uint8_t kDigest[] = {
0x31, 0x5f, 0x5b, 0xdb, 0x76, 0xd0, 0x78, 0xc4, 0x3b, 0x8a, 0xc0,
0x06, 0x4e, 0x4a, 0x01, 0x64, 0x61, 0x2b, 0x1f, 0xce, 0x77, 0xc8,
0x69, 0x34, 0x5b, 0xfc, 0x94, 0xc7, 0x58, 0x94, 0xed, 0xd3,
};
// 2048 RSA test key.
const uint8_t kKey2048[ANDROID_PUBKEY_ENCODED_SIZE] = {
0x40, 0x00, 0x00, 0x00, 0x05, 0x75, 0x61, 0xd1, 0x33, 0xf0, 0x2d, 0x12,
0x45, 0xfb, 0xae, 0x07, 0x02, 0x15, 0x4f, 0x3a, 0x2b, 0xa3, 0xbc, 0x49,
0xbd, 0x14, 0x07, 0xa0, 0xc0, 0x9f, 0x0c, 0x52, 0x60, 0x77, 0x9f, 0xa2,
0x31, 0xd0, 0xa7, 0xfb, 0x7e, 0xde, 0xfb, 0xc9, 0x05, 0xc0, 0x97, 0xf7,
0x74, 0x99, 0xe6, 0xd1, 0x08, 0xa6, 0xc2, 0x59, 0x5a, 0xd8, 0x37, 0x1d,
0xe0, 0x48, 0x5e, 0x63, 0x44, 0x04, 0x8b, 0x05, 0x20, 0xf6, 0x25, 0x67,
0x38, 0xb2, 0xb6, 0xf9, 0xbe, 0xb6, 0x1d, 0x7f, 0x1b, 0x71, 0x8a, 0xeb,
0xb7, 0xf8, 0x01, 0xc1, 0x5e, 0xf7, 0xfe, 0x48, 0x08, 0x27, 0x0f, 0x27,
0x2a, 0x64, 0x1a, 0x43, 0x8d, 0xcf, 0x5a, 0x33, 0x5c, 0x18, 0xc5, 0xf4,
0xe7, 0xfe, 0xee, 0xd3, 0x12, 0x62, 0xad, 0x61, 0x78, 0x9a, 0x03, 0xb0,
0xaf, 0xab, 0x91, 0x57, 0x46, 0xbf, 0x18, 0xc6, 0xbc, 0x0c, 0x6b, 0x55,
0xcd, 0xda, 0xc4, 0xcc, 0x98, 0x46, 0x91, 0x99, 0xbc, 0xa3, 0xca, 0x6c,
0x86, 0xa6, 0x1c, 0x8f, 0xca, 0xf8, 0xf6, 0x8a, 0x00, 0x8e, 0x05, 0xd7,
0x13, 0x43, 0xe2, 0xf2, 0x1a, 0x13, 0xf3, 0x50, 0x13, 0xa4, 0xf2, 0x4e,
0x41, 0xb1, 0x36, 0x78, 0x55, 0x4c, 0x5e, 0x27, 0xc5, 0xc0, 0x4b, 0xd8,
0x93, 0xaa, 0x7e, 0xf0, 0x90, 0x08, 0x10, 0x26, 0x72, 0x6d, 0xb9, 0x21,
0xae, 0x4d, 0x01, 0x4b, 0x55, 0x1d, 0xe7, 0x1e, 0x5e, 0x31, 0x6e, 0x62,
0xd1, 0x33, 0x26, 0xcb, 0xdb, 0xfe, 0x72, 0x98, 0xc8, 0x06, 0x1c, 0x12,
0xdf, 0xfc, 0x74, 0xe5, 0x7a, 0x6f, 0xf5, 0xa3, 0x63, 0x08, 0xe3, 0x02,
0x68, 0x4d, 0x7c, 0x70, 0x05, 0xec, 0x95, 0x7e, 0x24, 0xa4, 0xbc, 0x4c,
0xcd, 0x39, 0x14, 0xb5, 0x2a, 0x8f, 0xc1, 0xe3, 0x4e, 0xfa, 0xf8, 0x70,
0x50, 0x8f, 0xd5, 0x8e, 0xc7, 0xb5, 0x32, 0x89, 0x4d, 0xbb, 0x6a, 0xc1,
0xc1, 0xa2, 0x42, 0x57, 0x57, 0xbd, 0x2a, 0xdc, 0xa6, 0xfd, 0xc8, 0x86,
0x44, 0x6a, 0x03, 0x5d, 0x4d, 0x28, 0xe1, 0xde, 0xb4, 0xa9, 0xa5, 0x03,
0x61, 0x7a, 0x5f, 0xb1, 0x09, 0x17, 0x2b, 0x9c, 0xa2, 0x54, 0x28, 0xad,
0x34, 0xc9, 0x5f, 0x6c, 0x9f, 0xb8, 0xd2, 0xa9, 0x78, 0xa7, 0xaa, 0xb3,
0x11, 0x2f, 0x65, 0x9b, 0x4e, 0x67, 0x0c, 0xcc, 0x20, 0x36, 0xbf, 0x26,
0x2b, 0x4e, 0xc0, 0xd4, 0xbd, 0x22, 0x64, 0xc4, 0x1c, 0x56, 0x69, 0xdb,
0x5f, 0x89, 0xe1, 0x75, 0x68, 0x8d, 0x0e, 0xab, 0x1c, 0x10, 0x1a, 0xc0,
0x12, 0x5d, 0x6f, 0xbd, 0x09, 0xbb, 0x47, 0xcb, 0xe7, 0x34, 0xef, 0x56,
0xab, 0xea, 0xc3, 0xe9, 0x7f, 0x9a, 0x3d, 0xe9, 0x2d, 0x14, 0x61, 0x25,
0x37, 0x5c, 0x3b, 0x4b, 0xaf, 0x5a, 0x4b, 0xc8, 0x99, 0x1a, 0x32, 0x8f,
0x54, 0x07, 0xd3, 0x57, 0x8a, 0x3d, 0x2a, 0xf7, 0x9e, 0x7e, 0x92, 0x2a,
0x50, 0xe9, 0xd8, 0xdb, 0xd6, 0x03, 0xd3, 0x8e, 0x54, 0x32, 0xce, 0x87,
0x93, 0x92, 0xe7, 0x75, 0xe1, 0x6b, 0x78, 0x1a, 0x85, 0xc2, 0x46, 0xa1,
0x31, 0xbb, 0xc7, 0xb9, 0x1d, 0xd1, 0x71, 0xe0, 0xe2, 0x9b, 0x9c, 0x0d,
0xa3, 0xcf, 0x93, 0x4d, 0x87, 0x7b, 0x65, 0xd9, 0xda, 0x4c, 0xd9, 0x6a,
0xa6, 0x36, 0xc2, 0xc7, 0xe3, 0x33, 0xe2, 0xc3, 0x83, 0xd1, 0x72, 0x54,
0x30, 0x81, 0x5e, 0x34, 0x2c, 0x61, 0xee, 0xf4, 0x48, 0x97, 0xb6, 0xaa,
0x47, 0x6a, 0x05, 0x09, 0xd8, 0x4d, 0x90, 0xaf, 0xa8, 0x4e, 0x82, 0xe4,
0x8e, 0xb5, 0xe2, 0x65, 0x86, 0x67, 0xe9, 0x5b, 0x4b, 0x9a, 0x68, 0x08,
0x30, 0xf6, 0x25, 0x8b, 0x20, 0xda, 0x26, 0x6f, 0xbd, 0x0d, 0xa5, 0xd8,
0x6a, 0x7b, 0x01, 0x2f, 0xab, 0x7b, 0xb5, 0xfe, 0x62, 0x37, 0x2d, 0x94,
0x43, 0x2f, 0x4d, 0x16, 0x01, 0x00, 0x01, 0x00,
};
// 2048 bit RSA signature.
const uint8_t kSignature2048[ANDROID_PUBKEY_MODULUS_SIZE] = {
0x3a, 0x11, 0x84, 0x40, 0xc1, 0x2f, 0x13, 0x8c, 0xde, 0xb0, 0xc3, 0x89,
0x8a, 0x63, 0xb2, 0x50, 0x93, 0x58, 0xc0, 0x0c, 0xb7, 0x08, 0xe7, 0x6c,
0x52, 0x87, 0x4e, 0x78, 0x89, 0xa3, 0x9a, 0x47, 0xeb, 0x11, 0x57, 0xbc,
0xb3, 0x97, 0xf8, 0x34, 0xf1, 0xf7, 0xbf, 0x3a, 0xfa, 0x1c, 0x6b, 0xdc,
0xd1, 0x02, 0xde, 0x9a, 0x0d, 0x72, 0xe7, 0x19, 0x63, 0x81, 0x46, 0x68,
0x1e, 0x63, 0x64, 0xc6, 0x59, 0xe7, 0x7c, 0x39, 0xed, 0x32, 0xd2, 0xd1,
0xd5, 0x1f, 0x13, 0x9b, 0x52, 0xdf, 0x34, 0xa3, 0xc0, 0xc4, 0x9a, 0x63,
0x9b, 0x9c, 0xbe, 0x22, 0xc8, 0xd8, 0x14, 0x2f, 0x4c, 0x78, 0x36, 0xdb,
0x16, 0x41, 0x67, 0xc1, 0x21, 0x8a, 0x73, 0xb2, 0xe5, 0xb0, 0xd3, 0x80,
0x91, 0x7a, 0xbf, 0xf9, 0x59, 0x4a, 0x4d, 0x78, 0x45, 0x44, 0xa1, 0x52,
0x86, 0x29, 0x48, 0x4d, 0xf0, 0x5d, 0xf2, 0x55, 0xa7, 0xcd, 0xc5, 0x2b,
0x7b, 0xe0, 0xb1, 0xf6, 0x2a, 0xd5, 0x61, 0xba, 0x1e, 0x1e, 0x3a, 0xf0,
0x55, 0xbc, 0x8c, 0x44, 0x41, 0xfc, 0xb8, 0x8c, 0x76, 0xbf, 0x80, 0x58,
0x82, 0x35, 0x4b, 0x0c, 0xfd, 0xef, 0xd5, 0x70, 0xd1, 0x64, 0xcb, 0x46,
0x58, 0x37, 0xbc, 0xa9, 0x7d, 0xd4, 0x70, 0xac, 0xce, 0xec, 0xca, 0x48,
0xcb, 0x0a, 0x40, 0x77, 0x04, 0x59, 0xca, 0x9c, 0x7d, 0x1a, 0x0b, 0xf0,
0xb5, 0xdd, 0xde, 0x71, 0x18, 0xb8, 0xef, 0x90, 0x2a, 0x09, 0x42, 0x39,
0x74, 0xff, 0x45, 0xa1, 0x39, 0x17, 0x50, 0x89, 0xa6, 0x5f, 0xbc, 0x9c,
0x0c, 0x9b, 0x47, 0x25, 0x79, 0x3e, 0xe3, 0xaa, 0xaf, 0xbe, 0x73, 0x6b,
0xcb, 0xe7, 0x35, 0xc1, 0x27, 0x09, 0xcd, 0xeb, 0xd7, 0xcf, 0x63, 0x83,
0x64, 0x8c, 0x45, 0x1c, 0x1d, 0x58, 0xcc, 0xd2, 0xf8, 0x2b, 0x4c, 0x4e,
0x14, 0x89, 0x2d, 0x70,
};
struct AndroidPubkeyTest : public ::testing::Test {
void SetUp() override {
RSA* new_key = nullptr;
ASSERT_TRUE(android_pubkey_decode(kKey2048, sizeof(kKey2048), &new_key));
key_.reset(new_key);
}
std::unique_ptr<RSA, void(*)(RSA*)> key_ = {nullptr, RSA_free};
};
TEST_F(AndroidPubkeyTest, Decode) {
// Make sure the decoded key successfully verifies a valid signature.
EXPECT_TRUE(RSA_verify(NID_sha256, kDigest, sizeof(kDigest), kSignature2048,
sizeof(kSignature2048), key_.get()));
}
TEST_F(AndroidPubkeyTest, Encode) {
uint8_t key_data[ANDROID_PUBKEY_ENCODED_SIZE];
ASSERT_TRUE(android_pubkey_encode(key_.get(), key_data, sizeof(key_data)));
ASSERT_EQ(0, memcmp(kKey2048, key_data, sizeof(kKey2048)));
}