1*4d7e907cSAndroid Build Coastguard Worker /*
2*4d7e907cSAndroid Build Coastguard Worker * Copyright 2020, The Android Open Source Project
3*4d7e907cSAndroid Build Coastguard Worker *
4*4d7e907cSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*4d7e907cSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*4d7e907cSAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*4d7e907cSAndroid Build Coastguard Worker *
8*4d7e907cSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*4d7e907cSAndroid Build Coastguard Worker *
10*4d7e907cSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*4d7e907cSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*4d7e907cSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*4d7e907cSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*4d7e907cSAndroid Build Coastguard Worker * limitations under the License.
15*4d7e907cSAndroid Build Coastguard Worker */
16*4d7e907cSAndroid Build Coastguard Worker
17*4d7e907cSAndroid Build Coastguard Worker #include <inttypes.h>
18*4d7e907cSAndroid Build Coastguard Worker
19*4d7e907cSAndroid Build Coastguard Worker #include "EicCommon.h"
20*4d7e907cSAndroid Build Coastguard Worker #include "EicSession.h"
21*4d7e907cSAndroid Build Coastguard Worker
22*4d7e907cSAndroid Build Coastguard Worker // Global used for assigning ids for session objects.
23*4d7e907cSAndroid Build Coastguard Worker //
24*4d7e907cSAndroid Build Coastguard Worker static uint32_t gSessionLastIdAssigned = 0;
25*4d7e907cSAndroid Build Coastguard Worker
26*4d7e907cSAndroid Build Coastguard Worker // The current session object or NULL if never initialized or if it has been shut down.
27*4d7e907cSAndroid Build Coastguard Worker //
28*4d7e907cSAndroid Build Coastguard Worker static EicSession* gSessionCurrent = NULL;
29*4d7e907cSAndroid Build Coastguard Worker
eicSessionGetForId(uint32_t sessionId)30*4d7e907cSAndroid Build Coastguard Worker EicSession* eicSessionGetForId(uint32_t sessionId) {
31*4d7e907cSAndroid Build Coastguard Worker if (gSessionCurrent != NULL && gSessionCurrent->id == sessionId) {
32*4d7e907cSAndroid Build Coastguard Worker return gSessionCurrent;
33*4d7e907cSAndroid Build Coastguard Worker }
34*4d7e907cSAndroid Build Coastguard Worker return NULL;
35*4d7e907cSAndroid Build Coastguard Worker }
36*4d7e907cSAndroid Build Coastguard Worker
eicSessionInit(EicSession * ctx)37*4d7e907cSAndroid Build Coastguard Worker bool eicSessionInit(EicSession* ctx) {
38*4d7e907cSAndroid Build Coastguard Worker eicMemSet(ctx, '\0', sizeof(EicSession));
39*4d7e907cSAndroid Build Coastguard Worker
40*4d7e907cSAndroid Build Coastguard Worker if (!eicNextId(&gSessionLastIdAssigned)) {
41*4d7e907cSAndroid Build Coastguard Worker eicDebug("Error getting id for object");
42*4d7e907cSAndroid Build Coastguard Worker return false;
43*4d7e907cSAndroid Build Coastguard Worker }
44*4d7e907cSAndroid Build Coastguard Worker ctx->id = gSessionLastIdAssigned;
45*4d7e907cSAndroid Build Coastguard Worker
46*4d7e907cSAndroid Build Coastguard Worker do {
47*4d7e907cSAndroid Build Coastguard Worker if (!eicOpsRandom((uint8_t*)&(ctx->authChallenge), sizeof(ctx->authChallenge))) {
48*4d7e907cSAndroid Build Coastguard Worker eicDebug("Failed generating random challenge");
49*4d7e907cSAndroid Build Coastguard Worker return false;
50*4d7e907cSAndroid Build Coastguard Worker }
51*4d7e907cSAndroid Build Coastguard Worker } while (ctx->authChallenge == EIC_KM_AUTH_CHALLENGE_UNSET);
52*4d7e907cSAndroid Build Coastguard Worker
53*4d7e907cSAndroid Build Coastguard Worker if (!eicOpsCreateEcKey(ctx->ephemeralPrivateKey, ctx->ephemeralPublicKey)) {
54*4d7e907cSAndroid Build Coastguard Worker eicDebug("Error creating ephemeral key-pair");
55*4d7e907cSAndroid Build Coastguard Worker return false;
56*4d7e907cSAndroid Build Coastguard Worker }
57*4d7e907cSAndroid Build Coastguard Worker
58*4d7e907cSAndroid Build Coastguard Worker gSessionCurrent = ctx;
59*4d7e907cSAndroid Build Coastguard Worker eicDebug("Initialized session with id %" PRIu32, ctx->id);
60*4d7e907cSAndroid Build Coastguard Worker return true;
61*4d7e907cSAndroid Build Coastguard Worker }
62*4d7e907cSAndroid Build Coastguard Worker
eicSessionShutdown(EicSession * ctx)63*4d7e907cSAndroid Build Coastguard Worker bool eicSessionShutdown(EicSession* ctx) {
64*4d7e907cSAndroid Build Coastguard Worker if (ctx->id == 0) {
65*4d7e907cSAndroid Build Coastguard Worker eicDebug("Trying to shut down session with id 0");
66*4d7e907cSAndroid Build Coastguard Worker return false;
67*4d7e907cSAndroid Build Coastguard Worker }
68*4d7e907cSAndroid Build Coastguard Worker eicDebug("Shut down session with id %" PRIu32, ctx->id);
69*4d7e907cSAndroid Build Coastguard Worker eicMemSet(ctx, '\0', sizeof(EicSession));
70*4d7e907cSAndroid Build Coastguard Worker gSessionCurrent = NULL;
71*4d7e907cSAndroid Build Coastguard Worker return true;
72*4d7e907cSAndroid Build Coastguard Worker }
73*4d7e907cSAndroid Build Coastguard Worker
eicSessionGetId(EicSession * ctx,uint32_t * outId)74*4d7e907cSAndroid Build Coastguard Worker bool eicSessionGetId(EicSession* ctx, uint32_t* outId) {
75*4d7e907cSAndroid Build Coastguard Worker *outId = ctx->id;
76*4d7e907cSAndroid Build Coastguard Worker return true;
77*4d7e907cSAndroid Build Coastguard Worker }
78*4d7e907cSAndroid Build Coastguard Worker
eicSessionGetAuthChallenge(EicSession * ctx,uint64_t * outAuthChallenge)79*4d7e907cSAndroid Build Coastguard Worker bool eicSessionGetAuthChallenge(EicSession* ctx, uint64_t* outAuthChallenge) {
80*4d7e907cSAndroid Build Coastguard Worker *outAuthChallenge = ctx->authChallenge;
81*4d7e907cSAndroid Build Coastguard Worker return true;
82*4d7e907cSAndroid Build Coastguard Worker }
83*4d7e907cSAndroid Build Coastguard Worker
eicSessionGetEphemeralKeyPair(EicSession * ctx,uint8_t ephemeralPrivateKey[EIC_P256_PRIV_KEY_SIZE])84*4d7e907cSAndroid Build Coastguard Worker bool eicSessionGetEphemeralKeyPair(EicSession* ctx,
85*4d7e907cSAndroid Build Coastguard Worker uint8_t ephemeralPrivateKey[EIC_P256_PRIV_KEY_SIZE]) {
86*4d7e907cSAndroid Build Coastguard Worker eicMemCpy(ephemeralPrivateKey, ctx->ephemeralPrivateKey, EIC_P256_PRIV_KEY_SIZE);
87*4d7e907cSAndroid Build Coastguard Worker ctx->getEphemeralKeyPairCalled = true;
88*4d7e907cSAndroid Build Coastguard Worker return true;
89*4d7e907cSAndroid Build Coastguard Worker }
90*4d7e907cSAndroid Build Coastguard Worker
eicSessionSetReaderEphemeralPublicKey(EicSession * ctx,const uint8_t readerEphemeralPublicKey[EIC_P256_PUB_KEY_SIZE])91*4d7e907cSAndroid Build Coastguard Worker bool eicSessionSetReaderEphemeralPublicKey(
92*4d7e907cSAndroid Build Coastguard Worker EicSession* ctx, const uint8_t readerEphemeralPublicKey[EIC_P256_PUB_KEY_SIZE]) {
93*4d7e907cSAndroid Build Coastguard Worker eicMemCpy(ctx->readerEphemeralPublicKey, readerEphemeralPublicKey, EIC_P256_PUB_KEY_SIZE);
94*4d7e907cSAndroid Build Coastguard Worker ctx->readerEphemeralPublicKeySize = EIC_P256_PUB_KEY_SIZE;
95*4d7e907cSAndroid Build Coastguard Worker return true;
96*4d7e907cSAndroid Build Coastguard Worker }
97*4d7e907cSAndroid Build Coastguard Worker
eicSessionSetSessionTranscript(EicSession * ctx,const uint8_t * sessionTranscript,size_t sessionTranscriptSize)98*4d7e907cSAndroid Build Coastguard Worker bool eicSessionSetSessionTranscript(EicSession* ctx, const uint8_t* sessionTranscript,
99*4d7e907cSAndroid Build Coastguard Worker size_t sessionTranscriptSize) {
100*4d7e907cSAndroid Build Coastguard Worker // If mdoc session encryption is in use, only accept the
101*4d7e907cSAndroid Build Coastguard Worker // SessionTranscript if X and Y from the ephemeral key we created
102*4d7e907cSAndroid Build Coastguard Worker // is somewhere in SessionTranscript...
103*4d7e907cSAndroid Build Coastguard Worker //
104*4d7e907cSAndroid Build Coastguard Worker if (ctx->getEphemeralKeyPairCalled) {
105*4d7e907cSAndroid Build Coastguard Worker if (eicMemMem(sessionTranscript, sessionTranscriptSize, ctx->ephemeralPublicKey,
106*4d7e907cSAndroid Build Coastguard Worker EIC_P256_PUB_KEY_SIZE / 2) == NULL) {
107*4d7e907cSAndroid Build Coastguard Worker eicDebug("Error finding X from ephemeralPublicKey in sessionTranscript");
108*4d7e907cSAndroid Build Coastguard Worker return false;
109*4d7e907cSAndroid Build Coastguard Worker }
110*4d7e907cSAndroid Build Coastguard Worker if (eicMemMem(sessionTranscript, sessionTranscriptSize,
111*4d7e907cSAndroid Build Coastguard Worker ctx->ephemeralPublicKey + EIC_P256_PUB_KEY_SIZE / 2,
112*4d7e907cSAndroid Build Coastguard Worker EIC_P256_PUB_KEY_SIZE / 2) == NULL) {
113*4d7e907cSAndroid Build Coastguard Worker eicDebug("Error finding Y from ephemeralPublicKey in sessionTranscript");
114*4d7e907cSAndroid Build Coastguard Worker return false;
115*4d7e907cSAndroid Build Coastguard Worker }
116*4d7e907cSAndroid Build Coastguard Worker }
117*4d7e907cSAndroid Build Coastguard Worker
118*4d7e907cSAndroid Build Coastguard Worker // To save space we only store the SHA-256 of SessionTranscript
119*4d7e907cSAndroid Build Coastguard Worker //
120*4d7e907cSAndroid Build Coastguard Worker EicSha256Ctx shaCtx;
121*4d7e907cSAndroid Build Coastguard Worker eicOpsSha256Init(&shaCtx);
122*4d7e907cSAndroid Build Coastguard Worker eicOpsSha256Update(&shaCtx, sessionTranscript, sessionTranscriptSize);
123*4d7e907cSAndroid Build Coastguard Worker eicOpsSha256Final(&shaCtx, ctx->sessionTranscriptSha256);
124*4d7e907cSAndroid Build Coastguard Worker return true;
125*4d7e907cSAndroid Build Coastguard Worker }
126