Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / 907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfc / . / aes_key.cpp
blob: 00c22c8129382cee53a8a699252bc8019afabb3a [file] [log] [blame]
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame^]17#include <assert.h>
18
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]19#include <openssl/err.h>
20#include <openssl/rand.h>
21
22#include "aes_key.h"
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame^]23#include "aes_operation.h"
24#include "unencrypted_key_blob.h"
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]25
26namespace keymaster {
27
28AesKey* AesKey::GenerateKey(const AuthorizationSet& key_description, const Logger& logger,
29 keymaster_error_t* error) {
30 if (!error)
31 return NULL;
32
33 AuthorizationSet authorizations(key_description);
34 uint32_t key_size_bits;
35 if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size_bits) ||
36 !size_is_supported(key_size_bits)) {
37 *error = KM_ERROR_UNSUPPORTED_KEY_SIZE;
38 return NULL;
39 }
40
41 keymaster_block_mode_t block_mode;
42 if (!authorizations.GetTagValue(TAG_BLOCK_MODE, &block_mode) ||
43 !block_mode_is_supported(block_mode)) {
44 *error = KM_ERROR_UNSUPPORTED_BLOCK_MODE;
45 return NULL;
46 }
47
48 uint32_t chunk_length = 0;
49 if (block_mode >= KM_MODE_FIRST_AUTHENTICATED && block_mode < KM_MODE_FIRST_MAC) {
50 // Chunk length is required.
51 if (!authorizations.GetTagValue(TAG_CHUNK_LENGTH, &chunk_length) ||
52 !chunk_length_is_supported(chunk_length)) {
53 // TODO(swillden): Add a better error code for this.
54 *error = KM_ERROR_INVALID_INPUT_LENGTH;
55 return NULL;
56 }
57 }
58
59 // Padding is optional
60 keymaster_padding_t padding;
61 if (authorizations.GetTagValue(TAG_PADDING, &padding) && !padding_is_supported(padding)) {
62 *error = KM_ERROR_UNSUPPORTED_PADDING_MODE;
63 return NULL;
64 }
65
66 // Verify purpose is compatible with block mode.
67 if (!ModeAndPurposesAreCompatible(authorizations, block_mode, logger)) {
68 *error = KM_ERROR_INCOMPATIBLE_BLOCK_MODE;
69 return NULL;
70 }
71
72 // All required tags seem to be present and valid. Generate the key bits.
73 size_t key_data_size = key_size_bits / 8;
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame^]74 uint8_t key_data[MAX_KEY_SIZE];
75 Eraser erase_key_data(key_data, MAX_KEY_SIZE);
76 if (!RAND_bytes(key_data, key_data_size)) {
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]77 logger.error("Error %ul generating %d bit AES key", ERR_get_error(), key_size_bits);
78 *error = KM_ERROR_UNKNOWN_ERROR;
79 return NULL;
80 }
81
82 *error = KM_ERROR_OK;
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame^]83 return new AesKey(key_data, key_data_size, authorizations, logger);
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]84}
85
86bool AesKey::ModeAndPurposesAreCompatible(const AuthorizationSet& authorizations,
87 keymaster_block_mode_t block_mode, const Logger& logger) {
88 keymaster_purpose_t purpose;
89 for (size_t i = 0; authorizations.GetTagValue(TAG_PURPOSE, i, &purpose); ++i) {
90 switch (purpose) {
91 case KM_PURPOSE_SIGN:
92 case KM_PURPOSE_VERIFY:
93 if (block_mode < KM_MODE_FIRST_AUTHENTICATED) {
94 logger.error("Only MACing or authenticated modes are supported for signing and "
95 "verification purposes.");
96 return false;
97 }
98 break;
99
100 case KM_PURPOSE_ENCRYPT:
101 case KM_PURPOSE_DECRYPT:
102 if (block_mode >= KM_MODE_FIRST_MAC) {
103 logger.error("MACing modes not supported for encryption and decryption purposes.");
104 return false;
105 }
106 break;
107 }
108 }
109 return true;
110}
111
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame^]112AesKey::AesKey(const uint8_t(&key_data)[MAX_KEY_SIZE], size_t key_data_size,
113 AuthorizationSet& auths, const Logger& logger)
114 : Key(auths, logger), key_data_size_(key_data_size) {
115 memcpy(key_data_, key_data, key_data_size);
116}
117
118AesKey::AesKey(const UnencryptedKeyBlob& blob, const Logger& logger, keymaster_error_t* error)
119 : Key(blob, logger), key_data_size_(blob.unencrypted_key_material_length()) {
120 if (error)
121 *error = LoadKey(blob);
122}
123
124AesKey::~AesKey() {
125 memset_s(key_data_, 0, MAX_KEY_SIZE);
126}
127
128keymaster_error_t AesKey::LoadKey(const UnencryptedKeyBlob& blob) {
129 assert(blob.unencrypted_key_material_length() == key_data_size_);
130 memcpy(key_data_, blob.unencrypted_key_material(), key_data_size_);
131
132 return KM_ERROR_OK;
133}
134
135Operation* AesKey::CreateOperation(keymaster_purpose_t purpose, keymaster_error_t* error) {
136 keymaster_block_mode_t block_mode;
137 if (!authorizations().GetTagValue(TAG_BLOCK_MODE, &block_mode)) {
138 *error = KM_ERROR_UNSUPPORTED_BLOCK_MODE;
139 return NULL;
140 }
141
142 switch (block_mode) {
143 case KM_MODE_OCB:
144 return CreateOcbOperation(purpose, error);
145 default:
146 *error = KM_ERROR_UNSUPPORTED_BLOCK_MODE;
147 return NULL;
148 }
149}
150
151Operation* AesKey::CreateOcbOperation(keymaster_purpose_t purpose, keymaster_error_t* error) {
152 *error = KM_ERROR_OK;
153
154 uint32_t chunk_length;
155 if (!authorizations().GetTagValue(TAG_CHUNK_LENGTH, &chunk_length))
156 // TODO(swillden): Create and use a better return code.
157 *error = KM_ERROR_INVALID_INPUT_LENGTH;
158
159 uint32_t tag_length;
160 if (!authorizations().GetTagValue(TAG_MAC_LENGTH, &tag_length))
161 // TODO(swillden): Create and use a better return code.
162 *error = KM_ERROR_INVALID_INPUT_LENGTH;
163
164 if (*error != KM_ERROR_OK)
165 return NULL;
166
167 keymaster_blob_t additional_data = {0, 0};
168 authorizations().GetTagValue(TAG_ADDITIONAL_DATA, &additional_data);
169
170 Operation* op = NULL;
171 switch (purpose) {
172 case KM_PURPOSE_ENCRYPT:
173 op = new AesOcbEncryptOperation(logger_, key_data_, key_data_size_, chunk_length,
174 tag_length, additional_data);
175 break;
176 default:
177 *error = KM_ERROR_UNSUPPORTED_PURPOSE;
178 return NULL;
179 }
180
181 if (!op)
182 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
183
184 return op;
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]185}
186
187keymaster_error_t AesKey::key_material(UniquePtr<uint8_t[]>* key_material, size_t* size) const {
188 *size = key_data_size_;
189 key_material->reset(new uint8_t[*size]);
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame^]190 if (!key_material->get())
191 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
192 memcpy(key_material->get(), key_data_, *size);
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]193 return KM_ERROR_OK;
194}
195
196} // namespace keymaster