1 /*
2  * Copyright 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_KEYMASTER_AES_OPERATION_H_
18 #define SYSTEM_KEYMASTER_AES_OPERATION_H_
19 
20 #include <openssl/evp.h>
21 
22 #include "ocb_utils.h"
23 #include "operation.h"
24 
25 namespace keymaster {
26 
27 /**
28  * Abstract base for AES operation factories.  This class does all of the work to create
29  * AES operations.
30  */
31 class AesOperationFactory : public OperationFactory {
32   public:
registry_key()33     KeyType registry_key() const override { return KeyType(KM_ALGORITHM_AES, purpose()); }
34 
35     Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params,
36                                keymaster_error_t* error) override;
37     const keymaster_block_mode_t* SupportedBlockModes(size_t* block_mode_count) const override;
38     const keymaster_padding_t* SupportedPaddingModes(size_t* padding_count) const override;
39 
40     virtual keymaster_purpose_t purpose() const = 0;
41 };
42 
43 /**
44  * Concrete factory for AES encryption operations.
45  */
46 class AesEncryptionOperationFactory : public AesOperationFactory {
purpose()47     keymaster_purpose_t purpose() const override { return KM_PURPOSE_ENCRYPT; }
48 };
49 
50 /**
51  * Concrete factory for AES decryption operations.
52  */
53 class AesDecryptionOperationFactory : public AesOperationFactory {
purpose()54     keymaster_purpose_t purpose() const override { return KM_PURPOSE_DECRYPT; }
55 };
56 
57 static const size_t MAX_EVP_KEY_SIZE = 32;
58 
59 class AesEvpOperation : public Operation {
60   public:
61     AesEvpOperation(keymaster_purpose_t purpose, keymaster_block_mode_t block_mode,
62                     keymaster_padding_t padding, bool caller_iv, size_t tag_length,
63                     const uint8_t* key, size_t key_size);
64     ~AesEvpOperation();
65 
66     keymaster_error_t Begin(const AuthorizationSet& input_params,
67                             AuthorizationSet* output_params) override;
68     keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
69                              AuthorizationSet* output_params, Buffer* output,
70                              size_t* input_consumed) override;
71     keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input,
72                              const Buffer& signature, AuthorizationSet* output_params,
73                              Buffer* output) override;
74     keymaster_error_t Abort() override;
75 
76     virtual int evp_encrypt_mode() = 0;
77 
78   protected:
79     bool need_iv() const;
80     keymaster_error_t InitializeCipher();
81     keymaster_error_t GetIv(const AuthorizationSet& input_params);
82     bool HandleAad(const AuthorizationSet& input_params, const Buffer& input,
83                    keymaster_error_t* error);
84     bool ProcessAadBlocks(const uint8_t* data, size_t blocks, keymaster_error_t* error);
85     void FillBufferedAadBlock(keymaster_blob_t* aad);
86     bool ProcessBufferedAadBlock(keymaster_error_t* error);
87     bool InternalUpdate(const uint8_t* input, size_t input_length, Buffer* output,
88                         keymaster_error_t* error);
89     bool UpdateForFinish(const AuthorizationSet& additional_params, const Buffer& input,
90                          AuthorizationSet* output_params, Buffer* output, keymaster_error_t* error);
91 
92     const keymaster_block_mode_t block_mode_;
93     EVP_CIPHER_CTX ctx_;
94     UniquePtr<uint8_t[]> iv_;
95     size_t iv_length_;
96     const bool caller_iv_;
97     size_t tag_length_;
98     UniquePtr<uint8_t[]> aad_block_buf_;
99     size_t aad_block_buf_length_;
100 
101   private:
102     bool data_started_;
103     const size_t key_size_;
104     const keymaster_padding_t padding_;
105     uint8_t key_[MAX_EVP_KEY_SIZE];
106 };
107 
108 class AesEvpEncryptOperation : public AesEvpOperation {
109   public:
AesEvpEncryptOperation(keymaster_block_mode_t block_mode,keymaster_padding_t padding,bool caller_iv,size_t tag_length,const uint8_t * key,size_t key_size)110     AesEvpEncryptOperation(keymaster_block_mode_t block_mode, keymaster_padding_t padding,
111                            bool caller_iv, size_t tag_length, const uint8_t* key, size_t key_size)
112         : AesEvpOperation(KM_PURPOSE_ENCRYPT, block_mode, padding, caller_iv, tag_length, key,
113                           key_size) {}
114 
115     keymaster_error_t Begin(const AuthorizationSet& input_params,
116                             AuthorizationSet* output_params) override;
117     keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input,
118                              const Buffer& signature, AuthorizationSet* output_params,
119                              Buffer* output) override;
120 
evp_encrypt_mode()121     int evp_encrypt_mode() override { return 1; }
122 
123   private:
124     keymaster_error_t GenerateIv();
125 };
126 
127 class AesEvpDecryptOperation : public AesEvpOperation {
128   public:
AesEvpDecryptOperation(keymaster_block_mode_t block_mode,keymaster_padding_t padding,size_t tag_length,const uint8_t * key,size_t key_size)129     AesEvpDecryptOperation(keymaster_block_mode_t block_mode, keymaster_padding_t padding,
130                            size_t tag_length, const uint8_t* key, size_t key_size)
131         : AesEvpOperation(KM_PURPOSE_DECRYPT, block_mode, padding,
132                           false /* caller_iv -- don't care */, tag_length, key, key_size) {}
133 
134     keymaster_error_t Begin(const AuthorizationSet& input_params,
135                             AuthorizationSet* output_params) override;
136     keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
137                              AuthorizationSet* output_params, Buffer* output,
138                              size_t* input_consumed) override;
139     keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input,
140                              const Buffer& signature, AuthorizationSet* output_params,
141                              Buffer* output) override;
142 
evp_encrypt_mode()143     int evp_encrypt_mode() override { return 0; }
144 
145   private:
tag_buf_unused()146     size_t tag_buf_unused() { return tag_length_ - tag_buf_length_; }
147 
148     keymaster_error_t ProcessAllButTagLengthBytes(const Buffer& input, Buffer* output);
149     bool ProcessTagBufContentsAsData(size_t to_process, Buffer* output, keymaster_error_t* error);
150     void BufferCandidateTagData(const uint8_t* data, size_t data_length);
151 
152     UniquePtr<uint8_t[]> tag_buf_;
153     size_t tag_buf_length_;
154 };
155 
156 }  // namespace keymaster
157 
158 #endif  // SYSTEM_KEYMASTER_AES_OPERATION_H_
159