1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "adb/pairing/aes_128_gcm.h"
18 
19 #include <android-base/endian.h>
20 #include <android-base/logging.h>
21 
22 #include <openssl/evp.h>
23 #include <openssl/hkdf.h>
24 #include <openssl/rand.h>
25 
26 namespace adb {
27 namespace pairing {
28 
29 namespace {
30 // Size of AES-128-GCM key, in bytes
31 static constexpr size_t kHkdfKeyLength = 16;
32 
33 }  // namespace
34 
Aes128Gcm(const uint8_t * key_material,size_t key_material_len)35 Aes128Gcm::Aes128Gcm(const uint8_t* key_material, size_t key_material_len) {
36     CHECK(key_material);
37     CHECK_NE(key_material_len, 0ul);
38 
39     uint8_t key[kHkdfKeyLength];
40     uint8_t info[] = "adb pairing_auth aes-128-gcm key";
41     CHECK_EQ(HKDF(key, sizeof(key), EVP_sha256(), key_material, key_material_len, nullptr, 0, info,
42                   sizeof(info) - 1),
43              1);
44     CHECK(EVP_AEAD_CTX_init(context_.get(), EVP_aead_aes_128_gcm(), key, sizeof(key),
45                             EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr));
46 }
47 
Encrypt(const uint8_t * in,size_t in_len,uint8_t * out,size_t out_len)48 std::optional<size_t> Aes128Gcm::Encrypt(const uint8_t* in, size_t in_len, uint8_t* out,
49                                          size_t out_len) {
50     std::vector<uint8_t> nonce(EVP_AEAD_nonce_length(EVP_AEAD_CTX_aead(context_.get())), 0);
51     memcpy(nonce.data(), &enc_sequence_, sizeof(enc_sequence_));
52     size_t written_sz;
53     if (!EVP_AEAD_CTX_seal(context_.get(), out, &written_sz, out_len, nonce.data(), nonce.size(),
54                            in, in_len, nullptr, 0)) {
55         LOG(ERROR) << "Failed to encrypt (in_len=" << in_len << ", out_len=" << out_len
56                    << ", out_len_needed=" << EncryptedSize(in_len) << ")";
57         return std::nullopt;
58     }
59 
60     ++enc_sequence_;
61     return written_sz;
62 }
63 
Decrypt(const uint8_t * in,size_t in_len,uint8_t * out,size_t out_len)64 std::optional<size_t> Aes128Gcm::Decrypt(const uint8_t* in, size_t in_len, uint8_t* out,
65                                          size_t out_len) {
66     std::vector<uint8_t> nonce(EVP_AEAD_nonce_length(EVP_AEAD_CTX_aead(context_.get())), 0);
67     memcpy(nonce.data(), &dec_sequence_, sizeof(dec_sequence_));
68     size_t written_sz;
69     if (!EVP_AEAD_CTX_open(context_.get(), out, &written_sz, out_len, nonce.data(), nonce.size(),
70                            in, in_len, nullptr, 0)) {
71         LOG(ERROR) << "Failed to decrypt (in_len=" << in_len << ", out_len=" << out_len
72                    << ", out_len_needed=" << DecryptedSize(in_len) << ")";
73         return std::nullopt;
74     }
75 
76     ++dec_sequence_;
77     return written_sz;
78 }
79 
EncryptedSize(size_t size)80 size_t Aes128Gcm::EncryptedSize(size_t size) {
81     // https://commondatastorage.googleapis.com/chromium-boringssl-docs/aead.h.html#EVP_AEAD_CTX_seal
82     return size + EVP_AEAD_max_overhead(EVP_AEAD_CTX_aead(context_.get()));
83 }
84 
DecryptedSize(size_t size)85 size_t Aes128Gcm::DecryptedSize(size_t size) {
86     // https://commondatastorage.googleapis.com/chromium-boringssl-docs/aead.h.html#EVP_AEAD_CTX_open
87     return size;
88 }
89 
90 }  // namespace pairing
91 }  // namespace adb
92