Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / d0315735fdc56aa7e57746c413fe9cb0eeedd352^! / . / keystore / blob.cpp
commitd0315735fdc56aa7e57746c413fe9cb0eeedd352[log] [tgz]
authorBranden Archer <brarcher@google.com>Thu Jan 10 14:56:05 2019 -0800
committerBranden Archer <brarcher@google.com>Thu Jan 10 17:01:14 2019 -0800
tree922158105fbbce1d52107fe1c6e9f27cd9c773d7
parentf5953d7ace12a7548503e0422c40dc176f46596b [diff] [blame]
Increase the master key size to 256 bits

NIAP certification finds that the 128 bit key size is insufficient
and requires a 256 bit key size. This change increases the
size of new master keys to 256 bits. Any existing master keys are
not changed and continue to be supported.

A new BlobType, TYPE_MASTER_KEY_AES256, is used to signal when a
key is the new larger size.

Bug: 121272336
Test: (1) Ran Keystore CTS tests against Walleye.
      (2) Created keys in build without change, moved to build
          with change and verified old key could be loaded and
	  used. Also, a new key could be created with the
	  increased size and could be reloaded after a reboot.
Change-Id: If00331c303e6cc7bc95a2ab624d0e19bec4e587e

diff --git a/keystore/blob.cpp b/keystore/blob.cpp
index 4b7d6c1..b2a4a1b 100644
--- a/keystore/blob.cpp
+++ b/keystore/blob.cpp

@@ -69,13 +69,28 @@
     size_t mSize;
 };
 
+/**
+ * Returns a EVP_CIPHER appropriate for the given key, based on the key's size.
+ */
+const EVP_CIPHER* getAesCipherForKey(const std::vector<uint8_t>& key) {
+    const EVP_CIPHER* cipher = EVP_aes_256_gcm();
+    if (key.size() == kAes128KeySizeBytes) {
+        cipher = EVP_aes_128_gcm();
+    }
+    return cipher;
+}
+
 /*
- * Encrypt 'len' data at 'in' with AES-GCM, using 128-bit key at 'key', 96-bit IV at 'iv' and write
- * output to 'out' (which may be the same location as 'in') and 128-bit tag to 'tag'.
+ * Encrypt 'len' data at 'in' with AES-GCM, using 128-bit or 256-bit key at 'key', 96-bit IV at
+ * 'iv' and write output to 'out' (which may be the same location as 'in') and 128-bit tag to
+ * 'tag'.
  */
 ResponseCode AES_gcm_encrypt(const uint8_t* in, uint8_t* out, size_t len,
                              const std::vector<uint8_t>& key, const uint8_t* iv, uint8_t* tag) {
-    const EVP_CIPHER* cipher = EVP_aes_128_gcm();
+
+    // There can be 128-bit and 256-bit keys
+    const EVP_CIPHER* cipher = getAesCipherForKey(key);
+
     EVP_CIPHER_CTX_Ptr ctx(EVP_CIPHER_CTX_new());
 
     EVP_EncryptInit_ex(ctx.get(), cipher, nullptr /* engine */, key.data(), iv);
@@ -102,13 +117,17 @@
 }
 
 /*
- * Decrypt 'len' data at 'in' with AES-GCM, using 128-bit key at 'key', 96-bit IV at 'iv', checking
- * 128-bit tag at 'tag' and writing plaintext to 'out' (which may be the same location as 'in').
+ * Decrypt 'len' data at 'in' with AES-GCM, using 128-bit or 256-bit key at 'key', 96-bit IV at
+ * 'iv', checking 128-bit tag at 'tag' and writing plaintext to 'out'(which may be the same
+ * location as 'in').
  */
 ResponseCode AES_gcm_decrypt(const uint8_t* in, uint8_t* out, size_t len,
                              const std::vector<uint8_t> key, const uint8_t* iv,
                              const uint8_t* tag) {
-    const EVP_CIPHER* cipher = EVP_aes_128_gcm();
+
+    // There can be 128-bit and 256-bit keys
+    const EVP_CIPHER* cipher = getAesCipherForKey(key);
+
     EVP_CIPHER_CTX_Ptr ctx(EVP_CIPHER_CTX_new());
 
     EVP_DecryptInit_ex(ctx.get(), cipher, nullptr /* engine */, key.data(), iv);