1 /* 2 * Copyright 2020, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <vector> 20 21 #include <aidl/android/hardware/security/keymint/BnKeyMintOperation.h> 22 #include <aidl/android/hardware/security/secureclock/ISecureClock.h> 23 #include <hardware/keymaster_defs.h> 24 25 #include "CborConverter.h" 26 #include "JavacardSecureElement.h" 27 28 #define AES_BLOCK_SIZE 16 29 #define DES_BLOCK_SIZE 8 30 #define RSA_BUFFER_SIZE 256 31 #define EC_BUFFER_SIZE 32 32 #define MAX_CHUNK_SIZE 256 33 34 namespace aidl::android::hardware::security::keymint { 35 using cppbor::Array; 36 using cppbor::Item; 37 using ::keymint::javacard::CborConverter; 38 using ::keymint::javacard::Instruction; 39 using ::keymint::javacard::JavacardSecureElement; 40 using ::ndk::ScopedAStatus; 41 using secureclock::TimeStampToken; 42 using std::optional; 43 using std::shared_ptr; 44 using std::vector; 45 46 // Bufferig modes for update 47 enum class BufferingMode : int32_t { 48 NONE = 0, // Send everything to javacard - most of the assymteric operations 49 RSA_DECRYPT_OR_NO_DIGEST = 50 1, // Buffer everything in update upto 256 bytes and send in finish. If 51 // input data is greater then 256 bytes then it is an error. Javacard 52 // will further check according to exact key size and crypto provider. 53 EC_NO_DIGEST = 2, // Buffer upto 65 bytes and then truncate. Javacard will further truncate 54 // upto exact keysize. 55 BUF_AES_ENCRYPT_PKCS7_BLOCK_ALIGNED = 3, // Buffer 16 bytes. 56 BUF_AES_DECRYPT_PKCS7_BLOCK_ALIGNED = 4, // Buffer 16 bytes. 57 BUF_DES_ENCRYPT_PKCS7_BLOCK_ALIGNED = 5, // Buffer 8 bytes. 58 BUF_DES_DECRYPT_PKCS7_BLOCK_ALIGNED = 6, // Buffer 8 bytes. 59 BUF_AES_GCM_DECRYPT_BLOCK_ALIGNED = 7, // Buffer 16 bytes. 60 61 }; 62 63 // The is the view in the input data being processed by update/finish funcion. 64 65 struct DataView { 66 vector<uint8_t> buffer; // previously buffered data from cycle n-1 67 const vector<uint8_t>& data; // current data in cycle n. 68 uint32_t start; // start of the view 69 size_t length; // length of the view 70 }; 71 72 class JavacardKeyMintOperation : public BnKeyMintOperation { 73 public: JavacardKeyMintOperation(keymaster_operation_handle_t opHandle,BufferingMode bufferingMode,uint16_t macLength,shared_ptr<JavacardSecureElement> card)74 explicit JavacardKeyMintOperation(keymaster_operation_handle_t opHandle, 75 BufferingMode bufferingMode, uint16_t macLength, 76 shared_ptr<JavacardSecureElement> card) 77 : buffer_(vector<uint8_t>()), bufferingMode_(bufferingMode), macLength_(macLength), 78 card_(card), opHandle_(opHandle) {} 79 virtual ~JavacardKeyMintOperation(); 80 81 ScopedAStatus updateAad(const vector<uint8_t>& input, 82 const optional<HardwareAuthToken>& authToken, 83 const optional<TimeStampToken>& timestampToken) override; 84 85 ScopedAStatus update(const vector<uint8_t>& input, const optional<HardwareAuthToken>& authToken, 86 const optional<TimeStampToken>& timestampToken, 87 vector<uint8_t>* output) override; 88 89 ScopedAStatus finish(const optional<vector<uint8_t>>& input, 90 const optional<vector<uint8_t>>& signature, 91 const optional<HardwareAuthToken>& authToken, 92 const optional<TimeStampToken>& timestampToken, 93 const optional<vector<uint8_t>>& confirmationToken, 94 vector<uint8_t>* output) override; 95 96 ScopedAStatus abort() override; 97 98 private: 99 vector<uint8_t> popNextChunk(DataView& view, uint32_t chunkSize); 100 101 keymaster_error_t updateInChunks(DataView& data, HardwareAuthToken& authToken, 102 TimeStampToken& timestampToken, vector<uint8_t>* output); 103 104 keymaster_error_t sendFinish(const vector<uint8_t>& data, const vector<uint8_t>& signature, 105 const HardwareAuthToken& authToken, 106 const TimeStampToken& timestampToken, 107 const vector<uint8_t>& confToken, vector<uint8_t>& output); 108 109 keymaster_error_t sendUpdate(const vector<uint8_t>& data, const HardwareAuthToken& authToken, 110 const TimeStampToken& timestampToken, vector<uint8_t>& output); 111 appendBufferedData(DataView & view)112 inline void appendBufferedData(DataView& view) { 113 if (!buffer_.empty()) { 114 view.buffer = buffer_; 115 view.length = view.length + buffer_.size(); 116 view.start = 0; 117 // view.buffer = insert(data.begin(), buffer_.begin(), buffer_.end()); 118 buffer_.clear(); 119 } 120 } 121 122 std::tuple<std::unique_ptr<Item>, keymaster_error_t> sendRequest(Instruction ins, 123 Array& request); 124 keymaster_error_t bufferData(DataView& data); 125 void blockAlign(DataView& data, uint16_t blockSize); 126 uint16_t getDataViewOffset(DataView& view, uint16_t blockSize); 127 128 vector<uint8_t> buffer_; 129 BufferingMode bufferingMode_; 130 uint16_t macLength_; 131 const shared_ptr<JavacardSecureElement> card_; 132 keymaster_operation_handle_t opHandle_; 133 CborConverter cbor_; 134 }; 135 136 } // namespace aidl::android::hardware::security::keymint 137