Enforce padding parameter for AES.
Bug: 20917242
Change-Id: If1c35792279a4b03731552ced86ae7755efc6fc8
(cherry picked from commit 5bc56cdf1e466da3c3ebfeb3f49f07094d11b376)
diff --git a/aes_operation.cpp b/aes_operation.cpp
index 9aa979e..22fbd0e 100644
--- a/aes_operation.cpp
+++ b/aes_operation.cpp
@@ -81,11 +81,20 @@
return nullptr;
}
- keymaster_padding_t padding = KM_PAD_NONE;
- begin_params.GetTagValue(TAG_PADDING, &padding);
- if (!key.authorizations().GetTagValue(TAG_PADDING, &padding)) {
+ keymaster_padding_t padding;
+ if (!begin_params.GetTagValue(TAG_PADDING, &padding)) {
+ LOG_E("%d padding modes specified in begin params",
+ begin_params.GetTagCount(TAG_PADDING));
+ *error = KM_ERROR_UNSUPPORTED_PADDING_MODE;
+ return nullptr;
+ } else if (!supported(padding)) {
+ LOG_E("Padding mode %d not supported", padding);
+ *error = KM_ERROR_UNSUPPORTED_PADDING_MODE;
+ return nullptr;
+ } else if (!key.authorizations().Contains(TAG_PADDING, padding)) {
LOG_E("Padding mode %d was specified, but not authorized by key", padding);
*error = KM_ERROR_INCOMPATIBLE_PADDING_MODE;
+ return nullptr;
}
bool caller_nonce = key.authorizations().GetTagValue(TAG_CALLER_NONCE);
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index 4a409f4..eeda13c 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -1266,8 +1266,8 @@
EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
string message = "Hello World!";
- string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
- string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_NONE);
+ string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
+ string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
EXPECT_EQ(message, plaintext);
}
@@ -1466,6 +1466,7 @@
AuthorizationSet begin_params(client_params());
begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
+ begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
string ciphertext;
size_t input_consumed;
@@ -1504,6 +1505,7 @@
AuthorizationSet begin_params(client_params());
begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
+ begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
string plaintext;
size_t input_consumed;
@@ -1546,6 +1548,7 @@
string message(239, 'a');
AuthorizationSet input_params(client_params());
input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
+ input_params.push_back(TAG_PADDING, KM_PAD_NONE);
AuthorizationSet output_params;
EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
@@ -1561,6 +1564,7 @@
input_params.Reinitialize(output_params);
input_params.push_back(client_params());
input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
+ input_params.push_back(TAG_PADDING, KM_PAD_NONE);
output_params.Clear();
EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
@@ -1628,6 +1632,7 @@
.Authorization(TAG_PADDING, KM_PAD_PKCS7)));
AuthorizationSet begin_params(client_params());
begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
+ begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
}
@@ -1640,6 +1645,7 @@
AuthorizationSet input_params(client_params());
input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
+ input_params.push_back(TAG_PADDING, KM_PAD_NONE);
input_params.push_back(TAG_NONCE, "123", 3);
EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
}
@@ -1689,6 +1695,7 @@
AuthorizationSet output_params;
input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
+ input_params.push_back(TAG_PADDING, KM_PAD_NONE);
string ciphertext2 =
ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
@@ -1700,6 +1707,7 @@
// Now try with wrong nonce.
input_params.Reinitialize(client_params());
input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
+ input_params.push_back(TAG_PADDING, KM_PAD_NONE);
input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
&output_params);
@@ -1728,6 +1736,7 @@
AuthorizationSet output_params;
input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
+ input_params.push_back(TAG_PADDING, KM_PAD_NONE);
EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
@@ -1743,6 +1752,7 @@
string message(240, 'a');
AuthorizationSet input_params(client_params());
input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
+ input_params.push_back(TAG_PADDING, KM_PAD_NONE);
AuthorizationSet output_params;
EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
@@ -1758,6 +1768,7 @@
input_params.Reinitialize(output_params);
input_params.push_back(client_params());
input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
+ input_params.push_back(TAG_PADDING, KM_PAD_NONE);
output_params.Clear();
EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
diff --git a/google_keymaster_test_utils.cpp b/google_keymaster_test_utils.cpp
index 59e1104..c0b696d 100644
--- a/google_keymaster_test_utils.cpp
+++ b/google_keymaster_test_utils.cpp
@@ -566,6 +566,7 @@
AuthorizationSet begin_params(client_params()), update_params, output_params;
begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
+ begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
string ciphertext =
EncryptMessageWithParams(message, begin_params, update_params, &output_params);
EXPECT_EQ(expected_ciphertext, ciphertext);