Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / 6dde87c27ec620c0962507b58ece3fbe94bbff02 / . / aes_key.cpp
blob: 4ea13e5834aab319e3baefbf1601f0f4f149744c [file] [log] [blame]
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame]17#include <assert.h>
18
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]19#include <openssl/err.h>
20#include <openssl/rand.h>
21
22#include "aes_key.h"
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame]23#include "aes_operation.h"
24#include "unencrypted_key_blob.h"
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]25
26namespace keymaster {
27
28AesKey* AesKey::GenerateKey(const AuthorizationSet& key_description, const Logger& logger,
29 keymaster_error_t* error) {
30 if (!error)
31 return NULL;
32
33 AuthorizationSet authorizations(key_description);
34 uint32_t key_size_bits;
35 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size_bits) ||
36 !size_is_supported(key_size_bits)) {
37 *error = KM_ERROR_UNSUPPORTED_KEY_SIZE;
38 return NULL;
39 }
40
41 keymaster_block_mode_t block_mode;
42 if (!authorizations.GetTagValue(TAG_BLOCK_MODE, &block_mode) ||
43 !block_mode_is_supported(block_mode)) {
44 *error = KM_ERROR_UNSUPPORTED_BLOCK_MODE;
45 return NULL;
46 }
47
48 uint32_t chunk_length = 0;
49 if (block_mode >= KM_MODE_FIRST_AUTHENTICATED && block_mode < KM_MODE_FIRST_MAC) {
50 // Chunk length is required.
51 if (!authorizations.GetTagValue(TAG_CHUNK_LENGTH, &chunk_length) ||
52 !chunk_length_is_supported(chunk_length)) {
53 // TODO(swillden): Add a better error code for this.
Shawn Willden7efb8782014-12-11 14:07:44 -0700[diff] [blame]54 *error = KM_ERROR_INVALID_ARGUMENT;
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]55 return NULL;
56 }
57 }
58
59 // Padding is optional
60 keymaster_padding_t padding;
Shawn Willden7efb8782014-12-11 14:07:44 -0700[diff] [blame]61 if (authorizations.GetTagValue(TAG_PADDING, &padding) &&
62 !padding_is_supported(block_mode, padding)) {
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]63 *error = KM_ERROR_UNSUPPORTED_PADDING_MODE;
64 return NULL;
65 }
66
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame^]67 // Mac required for some modes.
Shawn Willden7efb8782014-12-11 14:07:44 -0700[diff] [blame]68 uint32_t mac_length;
69 if (mac_length_required(block_mode)) {
70 if (!authorizations.GetTagValue(TAG_MAC_LENGTH, &mac_length) ||
71 !mac_length_is_supported(block_mode, mac_length)) {
72 // TODO(swillden): Add a better error code for this.
73 *error = KM_ERROR_INVALID_ARGUMENT;
74 return NULL;
75 }
76 }
77
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]78 // Verify purpose is compatible with block mode.
79 if (!ModeAndPurposesAreCompatible(authorizations, block_mode, logger)) {
80 *error = KM_ERROR_INCOMPATIBLE_BLOCK_MODE;
81 return NULL;
82 }
83
84 // All required tags seem to be present and valid. Generate the key bits.
85 size_t key_data_size = key_size_bits / 8;
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame]86 uint8_t key_data[MAX_KEY_SIZE];
87 Eraser erase_key_data(key_data, MAX_KEY_SIZE);
88 if (!RAND_bytes(key_data, key_data_size)) {
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]89 logger.error("Error %ul generating %d bit AES key", ERR_get_error(), key_size_bits);
90 *error = KM_ERROR_UNKNOWN_ERROR;
91 return NULL;
92 }
93
94 *error = KM_ERROR_OK;
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame]95 return new AesKey(key_data, key_data_size, authorizations, logger);
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]96}
97
98bool AesKey::ModeAndPurposesAreCompatible(const AuthorizationSet& authorizations,
99 keymaster_block_mode_t block_mode, const Logger& logger) {
100 keymaster_purpose_t purpose;
101 for (size_t i = 0; authorizations.GetTagValue(TAG_PURPOSE, i, &purpose); ++i) {
102 switch (purpose) {
103 case KM_PURPOSE_SIGN:
104 case KM_PURPOSE_VERIFY:
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame^]105 if (block_mode < KM_MODE_FIRST_MAC) {
106 logger.error("Only MACing modes are supported for signing and verification "
107 "purposes.");
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]108 return false;
109 }
110 break;
111
112 case KM_PURPOSE_ENCRYPT:
113 case KM_PURPOSE_DECRYPT:
114 if (block_mode >= KM_MODE_FIRST_MAC) {
115 logger.error("MACing modes not supported for encryption and decryption purposes.");
116 return false;
117 }
118 break;
119 }
120 }
121 return true;
122}
123
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame]124AesKey::AesKey(const uint8_t(&key_data)[MAX_KEY_SIZE], size_t key_data_size,
125 AuthorizationSet& auths, const Logger& logger)
126 : Key(auths, logger), key_data_size_(key_data_size) {
127 memcpy(key_data_, key_data, key_data_size);
128}
129
130AesKey::AesKey(const UnencryptedKeyBlob& blob, const Logger& logger, keymaster_error_t* error)
131 : Key(blob, logger), key_data_size_(blob.unencrypted_key_material_length()) {
132 if (error)
133 *error = LoadKey(blob);
134}
135
136AesKey::~AesKey() {
137 memset_s(key_data_, 0, MAX_KEY_SIZE);
138}
139
140keymaster_error_t AesKey::LoadKey(const UnencryptedKeyBlob& blob) {
141 assert(blob.unencrypted_key_material_length() == key_data_size_);
142 memcpy(key_data_, blob.unencrypted_key_material(), key_data_size_);
143
144 return KM_ERROR_OK;
145}
146
147Operation* AesKey::CreateOperation(keymaster_purpose_t purpose, keymaster_error_t* error) {
148 keymaster_block_mode_t block_mode;
149 if (!authorizations().GetTagValue(TAG_BLOCK_MODE, &block_mode)) {
150 *error = KM_ERROR_UNSUPPORTED_BLOCK_MODE;
151 return NULL;
152 }
153
154 switch (block_mode) {
155 case KM_MODE_OCB:
156 return CreateOcbOperation(purpose, error);
157 default:
158 *error = KM_ERROR_UNSUPPORTED_BLOCK_MODE;
159 return NULL;
160 }
161}
162
163Operation* AesKey::CreateOcbOperation(keymaster_purpose_t purpose, keymaster_error_t* error) {
164 *error = KM_ERROR_OK;
165
166 uint32_t chunk_length;
167 if (!authorizations().GetTagValue(TAG_CHUNK_LENGTH, &chunk_length))
168 // TODO(swillden): Create and use a better return code.
169 *error = KM_ERROR_INVALID_INPUT_LENGTH;
170
171 uint32_t tag_length;
172 if (!authorizations().GetTagValue(TAG_MAC_LENGTH, &tag_length))
173 // TODO(swillden): Create and use a better return code.
174 *error = KM_ERROR_INVALID_INPUT_LENGTH;
175
176 if (*error != KM_ERROR_OK)
177 return NULL;
178
179 keymaster_blob_t additional_data = {0, 0};
180 authorizations().GetTagValue(TAG_ADDITIONAL_DATA, &additional_data);
181
182 Operation* op = NULL;
183 switch (purpose) {
184 case KM_PURPOSE_ENCRYPT:
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame^]185 case KM_PURPOSE_DECRYPT:
186 op = new AesOcbOperation(purpose, logger_, key_data_, key_data_size_, chunk_length,
187 tag_length, additional_data);
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame]188 break;
189 default:
190 *error = KM_ERROR_UNSUPPORTED_PURPOSE;
191 return NULL;
192 }
193
194 if (!op)
195 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
196
197 return op;
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]198}
199
200keymaster_error_t AesKey::key_material(UniquePtr<uint8_t[]>* key_material, size_t* size) const {
201 *size = key_data_size_;
202 key_material->reset(new uint8_t[*size]);
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame]203 if (!key_material->get())
204 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
205 memcpy(key_material->get(), key_data_, *size);
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]206 return KM_ERROR_OK;
207}
208
209} // namespace keymaster