hwaes/main.c - trusty/app/sample - Git at Google

 /*
  * Copyright (C) 2021 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #define TLOG_TAG "hwaes_srv"

 #include <assert.h>
 #include <lib/hwaes_server/hwaes_server.h>
 #include <lib/hwkey/hwkey.h>
 #include <lib/tipc/tipc_srv.h>
 #include <lk/err_ptr.h>
 #include <stdlib.h>
 #include <string.h>
 #include <trusty_log.h>
 #include <uapi/err.h>

 #include <openssl/evp.h>

 #include <hwaes_consts.h>

 static EVP_CIPHER_CTX* cipher_ctx;

 static void crypt_init(void) {
     assert(!cipher_ctx);

     cipher_ctx = EVP_CIPHER_CTX_new();
     assert(cipher_ctx);
 }

 static void crypt_shutdown(void) {
     EVP_CIPHER_CTX_free(cipher_ctx);
     cipher_ctx = NULL;
 }

 static uint32_t hwaes_check_arg_helper(size_t len, const uint8_t* data_ptr) {
     if (len == 0 || data_ptr == NULL) {
         return HWAES_ERR_INVALID_ARGS;
     }
     return HWAES_NO_ERROR;
 }

 static uint32_t hwaes_check_arg_in(const struct hwaes_arg_in* arg) {
     return hwaes_check_arg_helper(arg->len, arg->data_ptr);
 }

 static uint32_t hwaes_check_arg_out(const struct hwaes_arg_out* arg) {
     return hwaes_check_arg_helper(arg->len, arg->data_ptr);
 }

 uint32_t hwaes_aes_op(const struct hwaes_aes_op_args* args) {
     int evp_ret;
     uint32_t rc;
     const EVP_CIPHER* cipher;
     int out_data_size;

     if (args->padding != HWAES_NO_PADDING) {
         TLOGE("the padding type is not implemented yet\n");
         return HWAES_ERR_NOT_IMPLEMENTED;
     }

     rc = hwaes_check_arg_in(&args->key);
     if (rc != HWAES_NO_ERROR) {
         TLOGE("key argument is missing\n");
         return rc;
     }

     rc = hwaes_check_arg_in(&args->text_in);
     if (rc != HWAES_NO_ERROR) {
         TLOGE("text_in argument is missing\n");
         return rc;
     }

     rc = hwaes_check_arg_out(&args->text_out);
     if (rc != HWAES_NO_ERROR) {
         TLOGE("text_out argument is missing\n");
         return rc;
     }

     /*
      * The current implementation does not support padding.
      * So the size of input buffer is the same as output buffer.
      */
     if (args->text_in.len != args->text_out.len) {
         TLOGE("text_in_len (%zd) is not equal to text_out_len (%zd)\n",
               args->text_in.len, args->text_out.len);
         return HWAES_ERR_INVALID_ARGS;
     }

     uint8_t key_buffer[AES_KEY_MAX_SIZE] = {0};
     struct hwaes_arg_in key = args->key;

     /* Fetch the real key contents if needed */
     if (args->key_type == HWAES_OPAQUE_HANDLE) {
         if (key.len > HWKEY_OPAQUE_HANDLE_MAX_SIZE) {
             TLOGE("Wrong opaque handle length: %zu\n", key.len);
             return HWAES_ERR_INVALID_ARGS;
         }
         if (key.data_ptr[key.len - 1] != 0) {
             TLOGE("Opaque handle is not null-terminated\n");
             return HWAES_ERR_INVALID_ARGS;
         }
         long ret = hwkey_open();
         if (ret < 0) {
             TLOGE("Failed to open connection to hwkey service\n");
             return HWAES_ERR_GENERIC;
         }
         hwkey_session_t session = (hwkey_session_t)ret;
         uint32_t key_len = sizeof(key_buffer);
         ret = hwkey_get_keyslot_data(session, (const char*)key.data_ptr,
                                      key_buffer, &key_len);
         hwkey_close(session);
         if (ret != NO_ERROR) {
             TLOGE("Failed to retrieve opaque key: %ld\n", ret);
             return HWAES_ERR_IO;
         }

         key.data_ptr = key_buffer;
         key.len = key_len;
     }

     if (args->mode == HWAES_CBC_MODE) {
         switch (key.len) {
         case 16:
             cipher = EVP_aes_128_cbc();
             break;
         case 32:
             cipher = EVP_aes_256_cbc();
             break;
         default:
             TLOGE("invalid key length: (%zd)\n", key.len);
             return HWAES_ERR_INVALID_ARGS;
         }

         if (hwaes_check_arg_in(&args->aad) == HWAES_NO_ERROR) {
             TLOGE("AAD is not supported in CBC mode\n");
             return HWAES_ERR_INVALID_ARGS;
         }

         if (hwaes_check_arg_in(&args->tag_in) == HWAES_NO_ERROR ||
             hwaes_check_arg_out(&args->tag_out) == HWAES_NO_ERROR) {
             TLOGE("Authentication tag is not supported in CBC mode\n");
             return HWAES_ERR_INVALID_ARGS;
         }
     } else if (args->mode == HWAES_GCM_MODE) {
         switch (key.len) {
         case 16:
             cipher = EVP_aes_128_gcm();
             break;
         case 32:
             cipher = EVP_aes_256_gcm();
             break;
         default:
             TLOGE("invalid key length: (%zd)\n", key.len);
             return HWAES_ERR_INVALID_ARGS;
         }

         if (args->encrypt) {
             if (hwaes_check_arg_in(&args->tag_in) == HWAES_NO_ERROR) {
                 TLOGE("Input authentication tag set while encrypting in GCM mode\n");
                 return HWAES_ERR_INVALID_ARGS;
             }
             if (hwaes_check_arg_out(&args->tag_out) != HWAES_NO_ERROR) {
                 TLOGE("Missing output authentication tag in GCM mode\n");
                 return HWAES_ERR_INVALID_ARGS;
             }
         } else {
             if (hwaes_check_arg_in(&args->tag_in) != HWAES_NO_ERROR) {
                 TLOGE("Missing input authentication tag in GCM mode\n");
                 return HWAES_ERR_INVALID_ARGS;
             }
             if (hwaes_check_arg_out(&args->tag_out) == HWAES_NO_ERROR) {
                 TLOGE("Output authentication tag set while decrypting in GCM mode\n");
                 return HWAES_ERR_INVALID_ARGS;
             }
         }
     } else {
         TLOGE("AES mode %d is not implemented yet\n", args->mode);
         return HWAES_ERR_NOT_IMPLEMENTED;
     }

     assert(cipher_ctx);
     EVP_CIPHER_CTX_reset(cipher_ctx);

     evp_ret = EVP_CipherInit_ex(cipher_ctx, cipher, NULL, NULL, NULL,
                                 args->encrypt);
     if (!evp_ret) {
         TLOGE("EVP_CipherInit_ex failed\n");
         return HWAES_ERR_GENERIC;
     }

     if (args->text_in.len % EVP_CIPHER_CTX_block_size(cipher_ctx)) {
         TLOGE("text_in_len (%zd) is not block aligned\n", args->text_in.len);
         return HWAES_ERR_INVALID_ARGS;
     }

     if (EVP_CIPHER_CTX_iv_length(cipher_ctx) != args->iv.len) {
         TLOGE("invalid iv length: (%zd)\n", args->iv.len);
         return HWAES_ERR_INVALID_ARGS;
     }

     evp_ret = EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key.data_ptr,
                                 args->iv.data_ptr, args->encrypt);
     if (!evp_ret) {
         TLOGE("EVP_CipherInit_ex failed\n");
         return HWAES_ERR_GENERIC;
     }

     evp_ret = EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
     if (!evp_ret) {
         TLOGE("EVP_CIPHER_CTX_set_padding failed\n");
         return HWAES_ERR_GENERIC;
     }

     if (hwaes_check_arg_in(&args->aad) == HWAES_NO_ERROR) {
         evp_ret = EVP_CipherUpdate(cipher_ctx, NULL, &out_data_size,
                                    args->aad.data_ptr, args->aad.len);
         if (evp_ret != 1) {
             TLOGE("EVP CipherUpdate for AAD failed\n");
             return HWAES_ERR_GENERIC;
         }
     }

     if (hwaes_check_arg_in(&args->tag_in) == HWAES_NO_ERROR) {
         evp_ret = EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_SET_TAG,
                                       args->tag_in.len,
                                       (void*)args->tag_in.data_ptr);
         if (evp_ret != 1) {
             TLOGE("EVP set AEAD tag failed\n");
             return HWAES_ERR_GENERIC;
         }
     }

     evp_ret = EVP_CipherUpdate(cipher_ctx, args->text_out.data_ptr,
                                &out_data_size, args->text_in.data_ptr,
                                args->text_in.len);
     if (!evp_ret) {
         TLOGE("EVP_CipherUpdate failed\n");
         return HWAES_ERR_GENERIC;
     }

     /*
      * The assert fails if the memory corruption happens.
      */
     assert(out_data_size == (int)args->text_out.len);

     /*
      * Currently we don't support padding.
      */
     evp_ret = EVP_CipherFinal_ex(cipher_ctx, NULL, &out_data_size);
     if (!evp_ret) {
         TLOGE("EVP_CipherFinal_ex failed\n");
         return HWAES_ERR_GENERIC;
     }

     if (hwaes_check_arg_out(&args->tag_out) == HWAES_NO_ERROR) {
         evp_ret =
                 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_GET_TAG,
                                     args->tag_out.len, args->tag_out.data_ptr);
         if (evp_ret != 1) {
             TLOGE("EVP get AEAD tag failed\n");
             return HWAES_ERR_GENERIC;
         }
     }

     return HWAES_NO_ERROR;
 }

 static const uuid_t apploader_uuid = APPLOADER_APP_UUID;

 static const uuid_t hwaes_unittest_uuid = HWAES_UNITTEST_APP_UUID;

 static const uuid_t hwaes_bench_uuid = HWAES_BENCH_APP_UUID;

 static const uuid_t internal_app_uuid = INTERNAL_APP_UUID;

 static const uuid_t* allowed_clients[] = {
         &apploader_uuid,
         &hwaes_bench_uuid,
         &hwaes_unittest_uuid,
         &internal_app_uuid,
 };

 int main(void) {
     int rc;
     struct tipc_hset* hset;
     TLOGE("hwaes server is using SW Crypto\n");

     hset = tipc_hset_create();
     if (IS_ERR(hset)) {
         TLOGE("failed (%d) to create handle set\n", PTR_ERR(hset));
         return EXIT_FAILURE;
     }

     rc = add_hwaes_service(hset, allowed_clients, countof(allowed_clients));
     if (rc != NO_ERROR) {
         TLOGE("failed (%d) to initialize hwaes service\n", rc);
         return EXIT_FAILURE;
     }

     crypt_init();
     rc = tipc_run_event_loop(hset);

     TLOGE("hwaes server going down: (%d)\n", rc);
     crypt_shutdown();
     if (rc != NO_ERROR) {
         return EXIT_FAILURE;
     }
     EXIT_SUCCESS;
 }
	/*
	* Copyright (C) 2021 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#define TLOG_TAG "hwaes_srv"

	#include <assert.h>
	#include <lib/hwaes_server/hwaes_server.h>
	#include <lib/hwkey/hwkey.h>
	#include <lib/tipc/tipc_srv.h>
	#include <lk/err_ptr.h>
	#include <stdlib.h>
	#include <string.h>
	#include <trusty_log.h>
	#include <uapi/err.h>

	#include <openssl/evp.h>

	#include <hwaes_consts.h>

	static EVP_CIPHER_CTX* cipher_ctx;

	static void crypt_init(void) {
	assert(!cipher_ctx);

	cipher_ctx = EVP_CIPHER_CTX_new();
	assert(cipher_ctx);
	}

	static void crypt_shutdown(void) {
	EVP_CIPHER_CTX_free(cipher_ctx);
	cipher_ctx = NULL;
	}

	static uint32_t hwaes_check_arg_helper(size_t len, const uint8_t* data_ptr) {
	if (len == 0 \|\| data_ptr == NULL) {
	return HWAES_ERR_INVALID_ARGS;
	}
	return HWAES_NO_ERROR;
	}

	static uint32_t hwaes_check_arg_in(const struct hwaes_arg_in* arg) {
	return hwaes_check_arg_helper(arg->len, arg->data_ptr);
	}

	static uint32_t hwaes_check_arg_out(const struct hwaes_arg_out* arg) {
	return hwaes_check_arg_helper(arg->len, arg->data_ptr);
	}

	uint32_t hwaes_aes_op(const struct hwaes_aes_op_args* args) {
	int evp_ret;
	uint32_t rc;
	const EVP_CIPHER* cipher;
	int out_data_size;

	if (args->padding != HWAES_NO_PADDING) {
	TLOGE("the padding type is not implemented yet\n");
	return HWAES_ERR_NOT_IMPLEMENTED;
	}

	rc = hwaes_check_arg_in(&args->key);
	if (rc != HWAES_NO_ERROR) {
	TLOGE("key argument is missing\n");
	return rc;
	}

	rc = hwaes_check_arg_in(&args->text_in);
	if (rc != HWAES_NO_ERROR) {
	TLOGE("text_in argument is missing\n");
	return rc;
	}

	rc = hwaes_check_arg_out(&args->text_out);
	if (rc != HWAES_NO_ERROR) {
	TLOGE("text_out argument is missing\n");
	return rc;
	}

	/*
	* The current implementation does not support padding.
	* So the size of input buffer is the same as output buffer.
	*/
	if (args->text_in.len != args->text_out.len) {
	TLOGE("text_in_len (%zd) is not equal to text_out_len (%zd)\n",
	args->text_in.len, args->text_out.len);
	return HWAES_ERR_INVALID_ARGS;
	}

	uint8_t key_buffer[AES_KEY_MAX_SIZE] = {0};
	struct hwaes_arg_in key = args->key;

	/* Fetch the real key contents if needed */
	if (args->key_type == HWAES_OPAQUE_HANDLE) {
	if (key.len > HWKEY_OPAQUE_HANDLE_MAX_SIZE) {
	TLOGE("Wrong opaque handle length: %zu\n", key.len);
	return HWAES_ERR_INVALID_ARGS;
	}
	if (key.data_ptr[key.len - 1] != 0) {
	TLOGE("Opaque handle is not null-terminated\n");
	return HWAES_ERR_INVALID_ARGS;
	}
	long ret = hwkey_open();
	if (ret < 0) {
	TLOGE("Failed to open connection to hwkey service\n");
	return HWAES_ERR_GENERIC;
	}
	hwkey_session_t session = (hwkey_session_t)ret;
	uint32_t key_len = sizeof(key_buffer);
	ret = hwkey_get_keyslot_data(session, (const char*)key.data_ptr,
	key_buffer, &key_len);
	hwkey_close(session);
	if (ret != NO_ERROR) {
	TLOGE("Failed to retrieve opaque key: %ld\n", ret);
	return HWAES_ERR_IO;
	}

	key.data_ptr = key_buffer;
	key.len = key_len;
	}

	if (args->mode == HWAES_CBC_MODE) {
	switch (key.len) {
	case 16:
	cipher = EVP_aes_128_cbc();
	break;
	case 32:
	cipher = EVP_aes_256_cbc();
	break;
	default:
	TLOGE("invalid key length: (%zd)\n", key.len);
	return HWAES_ERR_INVALID_ARGS;
	}

	if (hwaes_check_arg_in(&args->aad) == HWAES_NO_ERROR) {
	TLOGE("AAD is not supported in CBC mode\n");
	return HWAES_ERR_INVALID_ARGS;
	}

	if (hwaes_check_arg_in(&args->tag_in) == HWAES_NO_ERROR \|\|
	hwaes_check_arg_out(&args->tag_out) == HWAES_NO_ERROR) {
	TLOGE("Authentication tag is not supported in CBC mode\n");
	return HWAES_ERR_INVALID_ARGS;
	}
	} else if (args->mode == HWAES_GCM_MODE) {
	switch (key.len) {
	case 16:
	cipher = EVP_aes_128_gcm();
	break;
	case 32:
	cipher = EVP_aes_256_gcm();
	break;
	default:
	TLOGE("invalid key length: (%zd)\n", key.len);
	return HWAES_ERR_INVALID_ARGS;
	}

	if (args->encrypt) {
	if (hwaes_check_arg_in(&args->tag_in) == HWAES_NO_ERROR) {
	TLOGE("Input authentication tag set while encrypting in GCM mode\n");
	return HWAES_ERR_INVALID_ARGS;
	}
	if (hwaes_check_arg_out(&args->tag_out) != HWAES_NO_ERROR) {
	TLOGE("Missing output authentication tag in GCM mode\n");
	return HWAES_ERR_INVALID_ARGS;
	}
	} else {
	if (hwaes_check_arg_in(&args->tag_in) != HWAES_NO_ERROR) {
	TLOGE("Missing input authentication tag in GCM mode\n");
	return HWAES_ERR_INVALID_ARGS;
	}
	if (hwaes_check_arg_out(&args->tag_out) == HWAES_NO_ERROR) {
	TLOGE("Output authentication tag set while decrypting in GCM mode\n");
	return HWAES_ERR_INVALID_ARGS;
	}
	}
	} else {
	TLOGE("AES mode %d is not implemented yet\n", args->mode);
	return HWAES_ERR_NOT_IMPLEMENTED;
	}

	assert(cipher_ctx);
	EVP_CIPHER_CTX_reset(cipher_ctx);

	evp_ret = EVP_CipherInit_ex(cipher_ctx, cipher, NULL, NULL, NULL,
	args->encrypt);
	if (!evp_ret) {
	TLOGE("EVP_CipherInit_ex failed\n");
	return HWAES_ERR_GENERIC;
	}

	if (args->text_in.len % EVP_CIPHER_CTX_block_size(cipher_ctx)) {
	TLOGE("text_in_len (%zd) is not block aligned\n", args->text_in.len);
	return HWAES_ERR_INVALID_ARGS;
	}

	if (EVP_CIPHER_CTX_iv_length(cipher_ctx) != args->iv.len) {
	TLOGE("invalid iv length: (%zd)\n", args->iv.len);
	return HWAES_ERR_INVALID_ARGS;
	}

	evp_ret = EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key.data_ptr,
	args->iv.data_ptr, args->encrypt);
	if (!evp_ret) {
	TLOGE("EVP_CipherInit_ex failed\n");
	return HWAES_ERR_GENERIC;
	}

	evp_ret = EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
	if (!evp_ret) {
	TLOGE("EVP_CIPHER_CTX_set_padding failed\n");
	return HWAES_ERR_GENERIC;
	}

	if (hwaes_check_arg_in(&args->aad) == HWAES_NO_ERROR) {
	evp_ret = EVP_CipherUpdate(cipher_ctx, NULL, &out_data_size,
	args->aad.data_ptr, args->aad.len);
	if (evp_ret != 1) {
	TLOGE("EVP CipherUpdate for AAD failed\n");
	return HWAES_ERR_GENERIC;
	}
	}

	if (hwaes_check_arg_in(&args->tag_in) == HWAES_NO_ERROR) {
	evp_ret = EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_SET_TAG,
	args->tag_in.len,
	(void*)args->tag_in.data_ptr);
	if (evp_ret != 1) {
	TLOGE("EVP set AEAD tag failed\n");
	return HWAES_ERR_GENERIC;
	}
	}

	evp_ret = EVP_CipherUpdate(cipher_ctx, args->text_out.data_ptr,
	&out_data_size, args->text_in.data_ptr,
	args->text_in.len);
	if (!evp_ret) {
	TLOGE("EVP_CipherUpdate failed\n");
	return HWAES_ERR_GENERIC;
	}

	/*
	* The assert fails if the memory corruption happens.
	*/
	assert(out_data_size == (int)args->text_out.len);

	/*
	* Currently we don't support padding.
	*/
	evp_ret = EVP_CipherFinal_ex(cipher_ctx, NULL, &out_data_size);
	if (!evp_ret) {
	TLOGE("EVP_CipherFinal_ex failed\n");
	return HWAES_ERR_GENERIC;
	}

	if (hwaes_check_arg_out(&args->tag_out) == HWAES_NO_ERROR) {
	evp_ret =
	EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_GET_TAG,
	args->tag_out.len, args->tag_out.data_ptr);
	if (evp_ret != 1) {
	TLOGE("EVP get AEAD tag failed\n");
	return HWAES_ERR_GENERIC;
	}
	}

	return HWAES_NO_ERROR;
	}

	static const uuid_t apploader_uuid = APPLOADER_APP_UUID;

	static const uuid_t hwaes_unittest_uuid = HWAES_UNITTEST_APP_UUID;

	static const uuid_t hwaes_bench_uuid = HWAES_BENCH_APP_UUID;

	static const uuid_t internal_app_uuid = INTERNAL_APP_UUID;

	static const uuid_t* allowed_clients[] = {
	&apploader_uuid,
	&hwaes_bench_uuid,
	&hwaes_unittest_uuid,
	&internal_app_uuid,
	};

	int main(void) {
	int rc;
	struct tipc_hset* hset;
	TLOGE("hwaes server is using SW Crypto\n");

	hset = tipc_hset_create();
	if (IS_ERR(hset)) {
	TLOGE("failed (%d) to create handle set\n", PTR_ERR(hset));
	return EXIT_FAILURE;
	}

	rc = add_hwaes_service(hset, allowed_clients, countof(allowed_clients));
	if (rc != NO_ERROR) {
	TLOGE("failed (%d) to initialize hwaes service\n", rc);
	return EXIT_FAILURE;
	}

	crypt_init();
	rc = tipc_run_event_loop(hset);

	TLOGE("hwaes server going down: (%d)\n", rc);
	crypt_shutdown();
	if (rc != NO_ERROR) {
	return EXIT_FAILURE;
	}
	EXIT_SUCCESS;
	}