keymint/KM200/JavacardKeyMintOperation.cpp

/*
 * Copyright 2020, The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
/******************************************************************************
 **
 ** The original Work has been changed by NXP.
 **
 ** Licensed under the Apache License, Version 2.0 (the "License");
 ** you may not use this file except in compliance with the License.
 ** You may obtain a copy of the License at
 **
 ** http://www.apache.org/licenses/LICENSE-2.0
 **
 ** Unless required by applicable law or agreed to in writing, software
 ** distributed under the License is distributed on an "AS IS" BASIS,
 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 ** See the License for the specific language governing permissions and
 ** limitations under the License.
 **
 ** Copyright 2022-2024 NXP
 **
 *********************************************************************************/
#define LOG_TAG "javacard.strongbox.keymint.operation-impl"

#include "JavacardKeyMintOperation.h"
#include "CborConverter.h"
#include <JavacardKeyMintUtils.h>
#include <aidl/android/hardware/security/keymint/ErrorCode.h>
#include <aidl/android/hardware/security/secureclock/ISecureClock.h>
#include <android-base/logging.h>

namespace aidl::android::hardware::security::keymint {
using cppbor::Bstr;
using cppbor::Uint;
using secureclock::TimeStampToken;

JavacardKeyMintOperation::~JavacardKeyMintOperation() {
#ifdef NXP_EXTNS
    card_->setOperationState(::keymint::javacard::CryptoOperationState::FINISHED);
#endif

    if (opHandle_ != 0) {
        abort();
    }
}

ScopedAStatus JavacardKeyMintOperation::updateAad(const vector<uint8_t>& input,
                                                  const optional<HardwareAuthToken>& authToken,
                                                  const optional<TimeStampToken>& timestampToken) {
    cppbor::Array request;
    request.add(Uint(opHandle_));
    request.add(Bstr(input));
    cbor_.addHardwareAuthToken(request, authToken.value_or(HardwareAuthToken()));
    cbor_.addTimeStampToken(request, timestampToken.value_or(TimeStampToken()));
    auto [item, err] = card_->sendRequest(Instruction::INS_UPDATE_AAD_OPERATION_CMD, request);
    if (err != KM_ERROR_OK) {
        return km_utils::kmError2ScopedAStatus(err);
    }
    return ScopedAStatus::ok();
}

ScopedAStatus JavacardKeyMintOperation::update(const vector<uint8_t>& input,
                                               const optional<HardwareAuthToken>& authToken,
                                               const optional<TimeStampToken>& timestampToken,
                                               vector<uint8_t>* output) {
    HardwareAuthToken aToken = authToken.value_or(HardwareAuthToken());
    TimeStampToken tToken = timestampToken.value_or(TimeStampToken());
    DataView view = {.buffer = {}, .data = input, .start = 0, .length = input.size()};
    keymaster_error_t err = bufferData(view);
    if (err != KM_ERROR_OK) {
        return km_utils::kmError2ScopedAStatus(err);
    }
    if (!(bufferingMode_ == BufferingMode::EC_NO_DIGEST ||
          bufferingMode_ == BufferingMode::RSA_NO_DIGEST)) {
        if (view.length > MAX_CHUNK_SIZE) {
            err = updateInChunks(view, aToken, tToken, output);
            if (err != KM_ERROR_OK) {
                return km_utils::kmError2ScopedAStatus(err);
            }
        }
        vector<uint8_t> remaining = popNextChunk(view, view.length);
        err = sendUpdate(remaining, aToken, tToken, *output);
    }
    return km_utils::kmError2ScopedAStatus(err);
}

ScopedAStatus JavacardKeyMintOperation::finish(
    const optional<vector<uint8_t>>& input, const optional<vector<uint8_t>>& signature,
    const optional<HardwareAuthToken>& authToken, const optional<TimeStampToken>& timestampToken,
    const optional<vector<uint8_t>>& confirmationToken, vector<uint8_t>* output) {
    HardwareAuthToken aToken = authToken.value_or(HardwareAuthToken());
    TimeStampToken tToken = timestampToken.value_or(TimeStampToken());
    const vector<uint8_t> confToken = confirmationToken.value_or(vector<uint8_t>());
    const vector<uint8_t> inData = input.value_or(vector<uint8_t>());
    DataView view = {.buffer = {}, .data = inData, .start = 0, .length = inData.size()};
    const vector<uint8_t> sign = signature.value_or(vector<uint8_t>());
    if (!(bufferingMode_ == BufferingMode::EC_NO_DIGEST ||
          bufferingMode_ == BufferingMode::RSA_NO_DIGEST)) {
        appendBufferedData(view);
        if (view.length > MAX_CHUNK_SIZE) {
            auto err = updateInChunks(view, aToken, tToken, output);
            if (err != KM_ERROR_OK) {
                return km_utils::kmError2ScopedAStatus(err);
            }
        }
    } else {
        keymaster_error_t err = bufferData(view);
        if (err != KM_ERROR_OK) {
            return km_utils::kmError2ScopedAStatus(err);
        }
        appendBufferedData(view);
    }
    vector<uint8_t> remaining = popNextChunk(view, view.length);
    return km_utils::kmError2ScopedAStatus(sendFinish(remaining, sign, aToken, tToken, confToken, *output));
}

ScopedAStatus JavacardKeyMintOperation::abort() {
    Array request;
    request.add(Uint(opHandle_));
    auto [item, err] = card_->sendRequest(Instruction::INS_ABORT_OPERATION_CMD, request);
    opHandle_ = 0;
    buffer_.clear();
    return km_utils::kmError2ScopedAStatus(err);
}

void JavacardKeyMintOperation::blockAlign(DataView& view, uint16_t blockSize) {
    appendBufferedData(view);
    uint16_t offset = getDataViewOffset(view, blockSize);
    if (view.buffer.empty() && view.data.empty()) {
        offset = 0;
    } else if (view.buffer.empty()) {
        buffer_.insert(buffer_.end(), view.data.begin() + offset, view.data.end());
    } else if (view.data.empty()) {
        buffer_.insert(buffer_.end(), view.buffer.begin() + offset, view.buffer.end());
    } else {
        if (offset < view.buffer.size()) {
            buffer_.insert(buffer_.end(), view.buffer.begin() + offset, view.buffer.end());
            buffer_.insert(buffer_.end(), view.data.begin(), view.data.end());
        } else {
            offset = offset - view.buffer.size();
            buffer_.insert(buffer_.end(), view.data.begin() + offset, view.data.end());
        }
    }
    // adjust the view length by removing the buffered data size from it.
    view.length = view.length - buffer_.size();
}

uint16_t JavacardKeyMintOperation::getDataViewOffset(DataView& view, uint16_t blockSize) {
    uint16_t offset = 0;
    uint16_t remaining = 0;
    switch(bufferingMode_) {
    case BufferingMode::BUF_DES_DECRYPT_PKCS7_BLOCK_ALIGNED:
    case BufferingMode::BUF_AES_DECRYPT_PKCS7_BLOCK_ALIGNED:
        offset = ((view.length / blockSize)) * blockSize;
        remaining = (view.length % blockSize);
        if (offset >= blockSize && remaining == 0) {
            offset -= blockSize;
        }
        break;
    case BufferingMode::BUF_DES_ENCRYPT_PKCS7_BLOCK_ALIGNED:
    case BufferingMode::BUF_AES_ENCRYPT_PKCS7_BLOCK_ALIGNED:
        offset = ((view.length / blockSize)) * blockSize;
        break;
    case BufferingMode::BUF_AES_GCM_DECRYPT_BLOCK_ALIGNED:
        if (view.length > macLength_) {
            offset = (view.length - macLength_);
        }
        break;
    default:
        break;
    }
    return offset;
}

keymaster_error_t JavacardKeyMintOperation::bufferData(DataView& view) {
    if (view.data.empty()) return KM_ERROR_OK;  // nothing to buffer
    switch (bufferingMode_) {
    case BufferingMode::RSA_NO_DIGEST:
        buffer_.insert(buffer_.end(), view.data.begin(), view.data.end());
        if (buffer_.size() > RSA_BUFFER_SIZE) {
            abort();
            return KM_ERROR_INVALID_INPUT_LENGTH;
        }
        view.start = 0;
        view.length = 0;
        break;
    case BufferingMode::EC_NO_DIGEST:
        if (buffer_.size() < EC_BUFFER_SIZE) {
            buffer_.insert(buffer_.end(), view.data.begin(), view.data.end());
            // Truncate the buffered data if greater than allowed EC buffer size.
            if (buffer_.size() > EC_BUFFER_SIZE) {
                buffer_.erase(buffer_.begin() + EC_BUFFER_SIZE, buffer_.end());
            }
        }
        view.start = 0;
        view.length = 0;
        break;
    case BufferingMode::BUF_AES_ENCRYPT_PKCS7_BLOCK_ALIGNED:
    case BufferingMode::BUF_AES_DECRYPT_PKCS7_BLOCK_ALIGNED:
        blockAlign(view, AES_BLOCK_SIZE);
        break;
    case BufferingMode::BUF_AES_GCM_DECRYPT_BLOCK_ALIGNED:
        blockAlign(view, macLength_);
        break;
    case BufferingMode::BUF_DES_ENCRYPT_PKCS7_BLOCK_ALIGNED:
    case BufferingMode::BUF_DES_DECRYPT_PKCS7_BLOCK_ALIGNED:
        blockAlign(view, DES_BLOCK_SIZE);
        break;
    case BufferingMode::NONE:
        break;
    }
    return KM_ERROR_OK;
}

// Incrementally send the request using multiple updates.
keymaster_error_t JavacardKeyMintOperation::updateInChunks(DataView& view,
                                                           HardwareAuthToken& authToken,
                                                           TimeStampToken& timestampToken,
                                                           vector<uint8_t>* output) {
    keymaster_error_t sendError = KM_ERROR_UNKNOWN_ERROR;
    while (view.length > MAX_CHUNK_SIZE) {
        vector<uint8_t> chunk = popNextChunk(view, MAX_CHUNK_SIZE);
        sendError = sendUpdate(chunk, authToken, timestampToken, *output);
        if (sendError != KM_ERROR_OK) {
            return sendError;
        }
        // Clear tokens
        if (!authToken.mac.empty()) authToken = HardwareAuthToken();
        if (!timestampToken.mac.empty()) timestampToken = TimeStampToken();
    }
    return KM_ERROR_OK;
}

vector<uint8_t> JavacardKeyMintOperation::popNextChunk(DataView& view, uint32_t chunkSize) {
    uint32_t start = view.start;
    uint32_t end = start + ((view.length < chunkSize) ? view.length : chunkSize);
    vector<uint8_t> chunk;
    if (start < view.buffer.size()) {
        if (end < view.buffer.size()) {
            chunk = {view.buffer.begin() + start, view.buffer.begin() + end};
        } else {
            end = end - view.buffer.size();
            chunk = {view.buffer.begin() + start, view.buffer.end()};
            chunk.insert(chunk.end(), view.data.begin(), view.data.begin() + end);
        }
    } else {
        start = start - view.buffer.size();
        end = end - view.buffer.size();
        chunk = {view.data.begin() + start, view.data.begin() + end};
    }
    view.start = view.start + chunk.size();
    view.length = view.length - chunk.size();
    return chunk;
}

keymaster_error_t JavacardKeyMintOperation::sendUpdate(const vector<uint8_t>& input,
                                                       const HardwareAuthToken& authToken,
                                                       const TimeStampToken& timestampToken,
                                                       vector<uint8_t>& output) {
    if (input.empty()) {
        return KM_ERROR_OK;
    }
    cppbor::Array request;
    request.add(Uint(opHandle_));
    request.add(Bstr(input));
    cbor_.addHardwareAuthToken(request, authToken);
    cbor_.addTimeStampToken(request, timestampToken);
    auto [item, error] = card_->sendRequest(Instruction::INS_UPDATE_OPERATION_CMD, request);
    if (error != KM_ERROR_OK) {
        return error;
    }
    vector<uint8_t> respData;
    if (!cbor_.getBinaryArray(item, 1, respData)) {
        return KM_ERROR_UNKNOWN_ERROR;
    }
    output.insert(output.end(), respData.begin(), respData.end());
    return KM_ERROR_OK;
}

keymaster_error_t JavacardKeyMintOperation::sendFinish(const vector<uint8_t>& data,
                                                       const vector<uint8_t>& sign,
                                                       const HardwareAuthToken& authToken,
                                                       const TimeStampToken& timestampToken,
                                                       const vector<uint8_t>& confToken,
                                                       vector<uint8_t>& output) {
    cppbor::Array request;
    request.add(Uint(opHandle_));
    request.add(Bstr(data));
    request.add(Bstr(sign));
    cbor_.addHardwareAuthToken(request, authToken);
    cbor_.addTimeStampToken(request, timestampToken);
    request.add(Bstr(confToken));

    auto [item, err] = card_->sendRequest(Instruction::INS_FINISH_OPERATION_CMD, request);
    if (err != KM_ERROR_OK) {
        return err;
    }
    vector<uint8_t> respData;
    if (!cbor_.getBinaryArray(item, 1, respData)) {
        return KM_ERROR_UNKNOWN_ERROR;
    }
    opHandle_ = 0;
    output.insert(output.end(), respData.begin(), respData.end());
#ifdef NXP_EXTNS
    LOG(INFO) << "(finish) completed Successfully";
#endif
    return KM_ERROR_OK;
}

}  // namespace aidl::android::hardware::security::keymint