1 /* 2 * Copyright 2020, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include "CborConverter.h" 20 #include "JavacardSecureElement.h" 21 22 #include <aidl/android/hardware/security/keymint/BnKeyMintOperation.h> 23 #include <aidl/android/hardware/security/secureclock/ISecureClock.h> 24 #include <hardware/keymaster_defs.h> 25 #include <vector> 26 27 #define AES_BLOCK_SIZE 16 28 #define DES_BLOCK_SIZE 8 29 #define RSA_BUFFER_SIZE 256 30 #define EC_BUFFER_SIZE 32 31 #define MAX_CHUNK_SIZE 256 32 namespace aidl::android::hardware::security::keymint { 33 using namespace ::keymint::javacard; 34 using ::ndk::ScopedAStatus; 35 using secureclock::TimeStampToken; 36 using std::optional; 37 using std::shared_ptr; 38 using std::string; 39 using std::vector; 40 41 // Bufferig modes for update 42 enum class BufferingMode : int32_t { 43 NONE = 0, // Send everything to javacard - most of the assymteric operations 44 RSA_NO_DIGEST = 1, // Buffer everything in update upto 256 bytes and send in finish. If 45 // input data is greater than 256 bytes than it is an error. Javacard 46 // will further check according to exact key size and crypto provider. 47 EC_NO_DIGEST = 2, // Buffer upto 65 bytes and then truncate. Javacard will further truncate 48 // upto exact keysize. 49 BUF_AES_ENCRYPT_PKCS7_BLOCK_ALIGNED = 3, // Buffer 16 bytes. 50 BUF_AES_DECRYPT_PKCS7_BLOCK_ALIGNED = 4, // Buffer 16 bytes. 51 BUF_DES_ENCRYPT_PKCS7_BLOCK_ALIGNED = 5, // Buffer 8 bytes. 52 BUF_DES_DECRYPT_PKCS7_BLOCK_ALIGNED = 6, // Buffer 8 bytes. 53 BUF_AES_GCM_DECRYPT_BLOCK_ALIGNED = 7, // Buffer 16 bytes. 54 55 }; 56 57 // The is the view in the input data being processed by update/finish funcion. 58 59 struct DataView { 60 vector<uint8_t> buffer; // previously buffered data from cycle n-1 61 const vector<uint8_t>& data; // current data in cycle n. 62 uint32_t start; // start of the view 63 size_t length; // length of the view 64 }; 65 66 class JavacardKeyMintOperation : public BnKeyMintOperation { 67 public: JavacardKeyMintOperation(keymaster_operation_handle_t opHandle,BufferingMode bufferingMode,uint16_t macLength,shared_ptr<JavacardSecureElement> card)68 explicit JavacardKeyMintOperation(keymaster_operation_handle_t opHandle, 69 BufferingMode bufferingMode, 70 uint16_t macLength, 71 shared_ptr<JavacardSecureElement> card) 72 : buffer_(vector<uint8_t>()), bufferingMode_(bufferingMode), macLength_(macLength), 73 card_(card), opHandle_(opHandle) {} 74 virtual ~JavacardKeyMintOperation(); 75 76 ScopedAStatus updateAad(const vector<uint8_t>& input, 77 const optional<HardwareAuthToken>& authToken, 78 const optional<TimeStampToken>& timestampToken) override; 79 80 ScopedAStatus update(const vector<uint8_t>& input, const optional<HardwareAuthToken>& authToken, 81 const optional<TimeStampToken>& timestampToken, 82 vector<uint8_t>* output) override; 83 84 ScopedAStatus finish(const optional<vector<uint8_t>>& input, 85 const optional<vector<uint8_t>>& signature, 86 const optional<HardwareAuthToken>& authToken, 87 const optional<TimeStampToken>& timestampToken, 88 const optional<vector<uint8_t>>& confirmationToken, 89 vector<uint8_t>* output) override; 90 91 ScopedAStatus abort() override; 92 93 private: 94 vector<uint8_t> popNextChunk(DataView& view, uint32_t chunkSize); 95 96 keymaster_error_t updateInChunks(DataView& data, HardwareAuthToken& authToken, 97 TimeStampToken& timestampToken, vector<uint8_t>* output); 98 99 keymaster_error_t sendFinish(const vector<uint8_t>& data, const vector<uint8_t>& signature, 100 const HardwareAuthToken& authToken, 101 const TimeStampToken& timestampToken, const vector<uint8_t>& confToken, vector<uint8_t>& output); 102 103 keymaster_error_t sendUpdate(const vector<uint8_t>& data, const HardwareAuthToken& authToken, 104 const TimeStampToken& timestampToken, vector<uint8_t>& output); 105 appendBufferedData(DataView & view)106 inline void appendBufferedData(DataView& view) { 107 if (!buffer_.empty()) { 108 view.buffer = buffer_; 109 view.length = view.length + buffer_.size(); 110 view.start = 0; 111 // view.buffer = insert(data.begin(), buffer_.begin(), buffer_.end()); 112 buffer_.clear(); 113 } 114 } 115 116 std::tuple<std::unique_ptr<Item>, keymaster_error_t> sendRequest(Instruction ins, 117 Array& request); 118 keymaster_error_t bufferData(DataView& data); 119 void blockAlign(DataView& data, uint16_t blockSize); 120 uint16_t getDataViewOffset(DataView& view, uint16_t blockSize); 121 122 vector<uint8_t> buffer_; 123 BufferingMode bufferingMode_; 124 uint16_t macLength_; 125 const shared_ptr<JavacardSecureElement> card_; 126 keymaster_operation_handle_t opHandle_; 127 CborConverter cbor_; 128 }; 129 130 } // namespace aidl::android::hardware::security::keymint 131