Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_hardware_interfaces / be06a28f1326ef2d0b6f25144f50fb8516eb06ac / . / macsec / aidl / default / MacsecPskPlugin.cpp
blob: 82d254580054012e8f3eba4a036db2ca34c68ffe [file] [log] [blame]
/*
* Copyright 2023, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "MacsecPskPlugin.h"
#include <openssl/cipher.h>
#include <openssl/mem.h>
#include <android-base/format.h>
#include <android-base/logging.h>
namespace aidl::android::hardware::macsec {
constexpr auto ok = &ndk::ScopedAStatus::ok;
// vendor should hide the key in TEE/TA
// CAK key can be either 16 / 32 bytes
const std::vector<uint8_t> CAK_ID_1 = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
const std::vector<uint8_t> CAK_KEY_1 = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF};
std::vector<uint8_t> CKN_1 = {0x31, 0x32, 0x33, 0x34}; // maximum 16 bytes
const std::vector<uint8_t> CAK_ID_2 = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02};
const std::vector<uint8_t> CAK_KEY_2 = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF};
std::vector<uint8_t> CKN_2 = {0x35, 0x36, 0x37, 0x38}; // maximum 16 bytes
static ndk::ScopedAStatus resultToStatus(binder_exception_t res, const std::string& msg = "") {
if (msg.empty()) {
return ndk::ScopedAStatus::fromExceptionCode(res);
}
return ndk::ScopedAStatus::fromExceptionCodeWithMessage(res, msg.c_str());
}
static int omac1_aes(CMAC_CTX* ctx, const uint8_t* data, size_t data_len,
uint8_t* mac /* 16 bytes */) {
size_t outlen;
// Just reuse same key in ctx
if (!CMAC_Reset(ctx)) {
return -1;
}
if (!CMAC_Update(ctx, data, data_len)) {
return -1;
}
if (!CMAC_Final(ctx, mac, &outlen) || outlen != 16) {
return -1;
}
return 0;
}
static void put_be16(uint8_t* addr, uint16_t value) {
*addr++ = value >> 8;
*addr = value & 0xff;
}
/* IEEE Std 802.1X-2010, 6.2.1 KDF */
static int aes_kdf(CMAC_CTX* ctx, const char* label, const uint8_t* context, int ctx_bits,
int ret_bits, uint8_t* ret) {
const int h = 128;
const int r = 8;
int i, n;
int lab_len, ctx_len, ret_len, buf_len;
uint8_t* buf;
lab_len = strlen(label);
ctx_len = (ctx_bits + 7) / 8;
ret_len = ((ret_bits & 0xffff) + 7) / 8;
buf_len = lab_len + ctx_len + 4;
memset(ret, 0, ret_len);
n = (ret_bits + h - 1) / h;
if (n > ((0x1 << r) - 1)) return -1;
buf = (uint8_t*)calloc(1, buf_len);
if (buf == NULL) return -1;
memcpy(buf + 1, label, lab_len);
memcpy(buf + lab_len + 2, context, ctx_len);
put_be16(&buf[buf_len - 2], ret_bits);
for (i = 0; i < n; i++) {
int res;
buf[0] = (uint8_t)(i + 1);
res = omac1_aes(ctx, buf, buf_len, ret);
if (res) {
free(buf);
return -1;
}
ret = ret + h / 8;
}
free(buf);
return 0;
}
MacsecPskPlugin::MacsecPskPlugin() {
// always make sure ckn is 16 bytes, zero padded
CKN_1.resize(16);
CKN_2.resize(16);
addTestKey(CAK_ID_1, CAK_KEY_1, CKN_1);
addTestKey(CAK_ID_2, CAK_KEY_2, CKN_2);
}
MacsecPskPlugin::~MacsecPskPlugin() {
for (auto s : mKeys) {
OPENSSL_cleanse(&s.kekEncCtx, sizeof(AES_KEY));
OPENSSL_cleanse(&s.kekDecCtx, sizeof(AES_KEY));
CMAC_CTX_free(s.ickCtx);
CMAC_CTX_free(s.cakCtx);
}
}
ndk::ScopedAStatus MacsecPskPlugin::addTestKey(const std::vector<uint8_t>& keyId,
const std::vector<uint8_t>& CAK,
const std::vector<uint8_t>& CKN) {
if (CAK.size() != 16 && CAK.size() != 32) {
return resultToStatus(EX_ILLEGAL_ARGUMENT, "CAK length must be 16 or 32 bytes");
}
if (keyId.size() != CAK.size()) {
return resultToStatus(EX_ILLEGAL_ARGUMENT, "Key ID must be same as CAK length");
}
std::vector<uint8_t> ckn;
ckn = CKN;
ckn.resize(16); // make sure it is always zero padded with maximum length of
// 16 bytes
AES_KEY kekEncCtx;
AES_KEY kekDecCtx;
CMAC_CTX* ickCtx;
CMAC_CTX* cakCtx;
// Create the CAK openssl context
cakCtx = CMAC_CTX_new();
CMAC_Init(cakCtx, CAK.data(), CAK.size(),
CAK.size() == 16 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), NULL);
// derive KEK from CAK (ieee802_1x_kek_aes_cmac)
std::vector<uint8_t> kek;
kek.resize(CAK.size());
aes_kdf(cakCtx, "IEEE8021 KEK", (const uint8_t*)ckn.data(), ckn.size() * 8, 8 * kek.size(),
kek.data());
AES_set_encrypt_key(kek.data(), kek.size() << 3, &kekEncCtx);
AES_set_decrypt_key(kek.data(), kek.size() << 3, &kekDecCtx);
// derive ICK from CAK (ieee802_1x_ick_aes_cmac)
std::vector<uint8_t> ick;
ick.resize(CAK.size());
aes_kdf(cakCtx, "IEEE8021 ICK", (const uint8_t*)CKN.data(), CKN.size() * 8, 8 * ick.size(),
ick.data());
ickCtx = CMAC_CTX_new();
CMAC_Init(ickCtx, ick.data(), ick.size(),
ick.size() == 16 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), NULL);
mKeys.push_back({keyId, kekEncCtx, kekDecCtx, ickCtx, cakCtx});
return ok();
}
ndk::ScopedAStatus MacsecPskPlugin::calcIcv(const std::vector<uint8_t>& keyId,
const std::vector<uint8_t>& data,
std::vector<uint8_t>* out) {
CMAC_CTX* ctx = NULL;
for (auto s : mKeys) {
if (s.keyId == keyId) {
ctx = s.ickCtx;
break;
}
}
if (ctx == NULL) {
return resultToStatus(EX_ILLEGAL_ARGUMENT, "Key not exist");
}
out->resize(16);
if (omac1_aes(ctx, data.data(), data.size(), out->data()) != 0) {
return resultToStatus(EX_SERVICE_SPECIFIC, "Internal error");
}
return ok();
}
ndk::ScopedAStatus MacsecPskPlugin::generateSak(const std::vector<uint8_t>& keyId,
const std::vector<uint8_t>& data,
const int sakLength, std::vector<uint8_t>* out) {
CMAC_CTX* ctx = NULL;
if ((sakLength != 16) && (sakLength != 32)) {
return resultToStatus(EX_ILLEGAL_ARGUMENT, "Invalid SAK length");
}
if (data.size() < sakLength) {
return resultToStatus(EX_ILLEGAL_ARGUMENT, "Invalid data length");
}
for (auto s : mKeys) {
if (s.keyId == keyId) {
ctx = s.cakCtx;
break;
}
}
if (ctx == NULL) {
return resultToStatus(EX_ILLEGAL_ARGUMENT, "Key not exist");
}
out->resize(sakLength);
if (aes_kdf(ctx, "IEEE8021 SAK", data.data(), data.size() * 8, out->size() * 8, out->data()) !=
0) {
return resultToStatus(EX_SERVICE_SPECIFIC, "Internal error");
}
return ok();
}
ndk::ScopedAStatus MacsecPskPlugin::wrapSak(const std::vector<uint8_t>& keyId,
const std::vector<uint8_t>& sak,
std::vector<uint8_t>* out) {
if (sak.size() == 0 || sak.size() % 8 != 0) {
return resultToStatus(EX_ILLEGAL_ARGUMENT,
"SAK length not multiple of 8 or greater than 0");
}
AES_KEY* ctx = NULL;
for (auto s : mKeys) {
if (s.keyId == keyId) {
ctx = &s.kekEncCtx;
break;
}
}
if (ctx == NULL) {
return resultToStatus(EX_ILLEGAL_ARGUMENT, "Key not exist");
}
out->resize(sak.size() + 8);
if (AES_wrap_key(ctx, NULL, out->data(), sak.data(), sak.size()) > 0) {
return ok();
}
return resultToStatus(EX_SERVICE_SPECIFIC, "Internal error");
}
ndk::ScopedAStatus MacsecPskPlugin::unwrapSak(const std::vector<uint8_t>& keyId,
const std::vector<uint8_t>& sak,
std::vector<uint8_t>* out) {
if (sak.size() <= 8 || sak.size() % 8 != 0) {
return resultToStatus(EX_ILLEGAL_ARGUMENT,
"SAK length not multiple of 8 or greater than 0");
}
AES_KEY* ctx = NULL;
for (auto s : mKeys) {
if (s.keyId == keyId) {
ctx = &s.kekDecCtx;
break;
}
}
if (ctx == NULL) {
return resultToStatus(EX_ILLEGAL_ARGUMENT, "Key not exist");
}
out->resize(sak.size() - 8);
if (AES_unwrap_key(ctx, NULL, out->data(), sak.data(), sak.size()) > 0) {
return ok();
}
return resultToStatus(EX_SERVICE_SPECIFIC, "Internal error");
}
} // namespace aidl::android::hardware::macsec