1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
/*
* Copyright 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef SYSTEM_KEYMASTER_AES_OPERATION_H_
#define SYSTEM_KEYMASTER_AES_OPERATION_H_
#include <openssl/evp.h>
#include "aead_mode_operation.h"
#include "ocb_utils.h"
#include "operation.h"
namespace keymaster {
static const size_t MAX_EVP_KEY_SIZE = 32;
class AesEvpOperation : public Operation {
public:
AesEvpOperation(keymaster_purpose_t purpose, keymaster_block_mode_t block_mode,
keymaster_padding_t padding, bool caller_iv, const uint8_t* key,
size_t key_size);
~AesEvpOperation();
keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
AuthorizationSet* output_params, Buffer* output,
size_t* input_consumed) override;
keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature,
AuthorizationSet* output_params, Buffer* output) override;
keymaster_error_t Abort() override;
virtual int evp_encrypt_mode() = 0;
protected:
bool need_iv() const;
keymaster_error_t InitializeCipher();
keymaster_error_t GetIv(const AuthorizationSet& input_params);
const keymaster_block_mode_t block_mode_;
EVP_CIPHER_CTX ctx_;
UniquePtr<uint8_t[]> iv_;
size_t iv_length_;
const bool caller_iv_;
private:
bool data_started_;
const size_t key_size_;
const keymaster_padding_t padding_;
uint8_t key_[MAX_EVP_KEY_SIZE];
};
class AesEvpEncryptOperation : public AesEvpOperation {
public:
AesEvpEncryptOperation(keymaster_block_mode_t block_mode, keymaster_padding_t padding,
bool caller_iv, size_t tag_length, const uint8_t* key, size_t key_size)
: AesEvpOperation(KM_PURPOSE_ENCRYPT, block_mode, padding, caller_iv, key, key_size),
tag_length_(tag_length) {}
keymaster_error_t Begin(const AuthorizationSet& input_params,
AuthorizationSet* output_params) override;
keymaster_error_t Finish(const AuthorizationSet& additional_params, const Buffer& signature,
AuthorizationSet* output_params, Buffer* output) override;
int evp_encrypt_mode() override { return 1; }
private:
keymaster_error_t GenerateIv();
size_t tag_length_;
};
class AesEvpDecryptOperation : public AesEvpOperation {
public:
AesEvpDecryptOperation(keymaster_block_mode_t block_mode, keymaster_padding_t padding,
const uint8_t* key, size_t key_size)
: AesEvpOperation(KM_PURPOSE_DECRYPT, block_mode, padding,
false /* caller_iv -- don't care */, key, key_size),
tag_provided_(false) {}
keymaster_error_t Begin(const AuthorizationSet& input_params,
AuthorizationSet* output_params) override;
keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
AuthorizationSet* output_params, Buffer* output,
size_t* input_consumed) override;
int evp_encrypt_mode() override { return 0; }
private:
bool tag_provided_;
};
/**
* Abstract base for AES operation factories. This class does all of the work to create
* AES operations.
*/
class AesOperationFactory : public OperationFactory {
public:
virtual KeyType registry_key() const { return KeyType(KM_ALGORITHM_AES, purpose()); }
virtual Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params,
keymaster_error_t* error);
virtual const keymaster_block_mode_t* SupportedBlockModes(size_t* block_mode_count) const;
virtual const keymaster_padding_t* SupportedPaddingModes(size_t* padding_count) const;
virtual keymaster_purpose_t purpose() const = 0;
private:
virtual Operation* CreateEvpOperation(const SymmetricKey& key,
keymaster_block_mode_t block_mode,
keymaster_padding_t padding, bool caller_iv,
size_t tag_length, keymaster_error_t* error);
};
/**
* Concrete factory for AES encryption operations.
*/
class AesEncryptionOperationFactory : public AesOperationFactory {
keymaster_purpose_t purpose() const { return KM_PURPOSE_ENCRYPT; }
};
/**
* Concrete factory for AES decryption operations.
*/
class AesDecryptionOperationFactory : public AesOperationFactory {
keymaster_purpose_t purpose() const { return KM_PURPOSE_DECRYPT; }
};
} // namespace keymaster
#endif // SYSTEM_KEYMASTER_AES_OPERATION_H_
|
