1907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden/* 2907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * Copyright 2014 The Android Open Source Project 3907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * 4907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * Licensed under the Apache License, Version 2.0 (the "License"); 5907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * you may not use this file except in compliance with the License. 6907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * You may obtain a copy of the License at 7907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * 8907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * http://www.apache.org/licenses/LICENSE-2.0 9907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * 10907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * Unless required by applicable law or agreed to in writing, software 11907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * distributed under the License is distributed on an "AS IS" BASIS, 12907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * See the License for the specific language governing permissions and 14907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden * limitations under the License. 15907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden */ 16907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden 17907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden#ifndef SYSTEM_KEYMASTER_AES_OPERATION_H_ 18907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden#define SYSTEM_KEYMASTER_AES_OPERATION_H_ 19907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden 20f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden#include <openssl/evp.h> 21f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden 22907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden#include "ocb_utils.h" 23907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden#include "operation.h" 24907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden 25907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willdennamespace keymaster { 26907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden 2734419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden/** 2834419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden * Abstract base for AES operation factories. This class does all of the work to create 2934419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden * AES operations. 3034419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden */ 3134419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willdenclass AesOperationFactory : public OperationFactory { 3234419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden public: 3334419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden KeyType registry_key() const override { return KeyType(KM_ALGORITHM_AES, purpose()); } 3434419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden 3534419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params, 3634419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden keymaster_error_t* error) override; 3734419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden const keymaster_block_mode_t* SupportedBlockModes(size_t* block_mode_count) const override; 3834419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden const keymaster_padding_t* SupportedPaddingModes(size_t* padding_count) const override; 3934419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden 4034419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden virtual keymaster_purpose_t purpose() const = 0; 4134419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden}; 4234419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden 4334419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden/** 4434419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden * Concrete factory for AES encryption operations. 4534419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden */ 4634419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willdenclass AesEncryptionOperationFactory : public AesOperationFactory { 4734419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden keymaster_purpose_t purpose() const override { return KM_PURPOSE_ENCRYPT; } 4834419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden}; 4934419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden 5034419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden/** 5134419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden * Concrete factory for AES decryption operations. 5234419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden */ 5334419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willdenclass AesDecryptionOperationFactory : public AesOperationFactory { 5434419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden keymaster_purpose_t purpose() const override { return KM_PURPOSE_DECRYPT; } 5534419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden}; 5634419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden 570cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willdenstatic const size_t MAX_EVP_KEY_SIZE = 32; 580cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 59f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willdenclass AesEvpOperation : public Operation { 60f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden public: 61f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden AesEvpOperation(keymaster_purpose_t purpose, keymaster_block_mode_t block_mode, 6234419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden keymaster_padding_t padding, bool caller_iv, size_t tag_length, 6334419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden const uint8_t* key, size_t key_size); 64f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden ~AesEvpOperation(); 65f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden 6634419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden keymaster_error_t Begin(const AuthorizationSet& input_params, 6734419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden AuthorizationSet* output_params) override; 680f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 690f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden AuthorizationSet* output_params, Buffer* output, 700f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden size_t* input_consumed) override; 71cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 72cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden const Buffer& signature, AuthorizationSet* output_params, 73cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden Buffer* output) override; 740f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden keymaster_error_t Abort() override; 75f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden 76f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden virtual int evp_encrypt_mode() = 0; 77f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden 780f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden protected: 790f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden bool need_iv() const; 80f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden keymaster_error_t InitializeCipher(); 817a62f5e84c579b85104fd617040a57b5dcb9fef2Shawn Willden keymaster_error_t GetIv(const AuthorizationSet& input_params); 8234419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden bool HandleAad(const AuthorizationSet& input_params, const Buffer& input, 8334419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden keymaster_error_t* error); 8434419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden bool ProcessAadBlocks(const uint8_t* data, size_t blocks, keymaster_error_t* error); 8534419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden void FillBufferedAadBlock(keymaster_blob_t* aad); 8634419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden bool ProcessBufferedAadBlock(keymaster_error_t* error); 8734419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden bool InternalUpdate(const uint8_t* input, size_t input_length, Buffer* output, 8834419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden keymaster_error_t* error); 89cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden bool UpdateForFinish(const AuthorizationSet& additional_params, const Buffer& input, 90cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden AuthorizationSet* output_params, Buffer* output, keymaster_error_t* error); 91f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden 920f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden const keymaster_block_mode_t block_mode_; 93f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden EVP_CIPHER_CTX ctx_; 940f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden UniquePtr<uint8_t[]> iv_; 950f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden size_t iv_length_; 960f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden const bool caller_iv_; 9734419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden size_t tag_length_; 9834419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden UniquePtr<uint8_t[]> aad_block_buf_; 9934419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden size_t aad_block_buf_length_; 1000f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden 1010f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden private: 1020f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden bool data_started_; 103f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden const size_t key_size_; 104f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden const keymaster_padding_t padding_; 1050cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden uint8_t key_[MAX_EVP_KEY_SIZE]; 106f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden}; 107f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden 108f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willdenclass AesEvpEncryptOperation : public AesEvpOperation { 109f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden public: 110f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden AesEvpEncryptOperation(keymaster_block_mode_t block_mode, keymaster_padding_t padding, 1110f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden bool caller_iv, size_t tag_length, const uint8_t* key, size_t key_size) 11234419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden : AesEvpOperation(KM_PURPOSE_ENCRYPT, block_mode, padding, caller_iv, tag_length, key, 11334419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden key_size) {} 1140f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden 1150f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden keymaster_error_t Begin(const AuthorizationSet& input_params, 1160f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden AuthorizationSet* output_params) override; 117cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 118cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden const Buffer& signature, AuthorizationSet* output_params, 119cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden Buffer* output) override; 1200f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden 1210f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden int evp_encrypt_mode() override { return 1; } 1220f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden 1230f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden private: 1240f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden keymaster_error_t GenerateIv(); 125f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden}; 126f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden 127f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willdenclass AesEvpDecryptOperation : public AesEvpOperation { 128f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden public: 129f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden AesEvpDecryptOperation(keymaster_block_mode_t block_mode, keymaster_padding_t padding, 13034419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden size_t tag_length, const uint8_t* key, size_t key_size) 1317a62f5e84c579b85104fd617040a57b5dcb9fef2Shawn Willden : AesEvpOperation(KM_PURPOSE_DECRYPT, block_mode, padding, 13234419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden false /* caller_iv -- don't care */, tag_length, key, key_size) {} 1330f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden 1340f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden keymaster_error_t Begin(const AuthorizationSet& input_params, 1350f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden AuthorizationSet* output_params) override; 1360f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input, 1370f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden AuthorizationSet* output_params, Buffer* output, 1380f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden size_t* input_consumed) override; 139cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& input, 140cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden const Buffer& signature, AuthorizationSet* output_params, 141cb647fec03f71929fd316d2b8f0750f7b24824f3Shawn Willden Buffer* output) override; 142f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3Shawn Willden 1430f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden int evp_encrypt_mode() override { return 0; } 1440f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden 1450f39256c68dc689b2eb8b604c4d39f17b9300363Shawn Willden private: 14634419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden size_t tag_buf_unused() { return tag_length_ - tag_buf_length_; } 1470629810b145187575bc26c910dded0d24c64569dShawn Willden 14834419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden keymaster_error_t ProcessAllButTagLengthBytes(const Buffer& input, Buffer* output); 14934419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden bool ProcessTagBufContentsAsData(size_t to_process, Buffer* output, keymaster_error_t* error); 15034419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden void BufferCandidateTagData(const uint8_t* data, size_t data_length); 1510629810b145187575bc26c910dded0d24c64569dShawn Willden 15234419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden UniquePtr<uint8_t[]> tag_buf_; 15334419130408d2a6dcadd7b0f1b6d2c9c4002bbacShawn Willden size_t tag_buf_length_; 1540629810b145187575bc26c910dded0d24c64569dShawn Willden}; 1550629810b145187575bc26c910dded0d24c64569dShawn Willden 156907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden} // namespace keymaster 157907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden 158907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfcShawn Willden#endif // SYSTEM_KEYMASTER_AES_OPERATION_H_ 159