Implement multi-purpose crypto operations

JingMatrix · JingMatrix · commit 2b3e7383a611 · 2025-12-08T04:28:12.000+01:00
This commit refactors the `SoftwareOperation` engine to support multiple cryptographic purposes beyond just signing. The simulator can now correctly handle `SIGN`, `VERIFY`, `ENCRYPT`, and `DECRYPT` operations based on the parameters provided by the client application.

This is a significant architectural improvement that moves from a hardcoded implementation to a flexible, strategy-based pattern:

1.  Strategy Pattern for Crypto: A `CryptoPrimitive` sealed interface was introduced to define a common API for cryptographic actions. Concrete implementations (`Signer`, `Verifier`, `CipherPrimitive`) now encapsulate the specific logic for each purpose. The main `SoftwareOperation` class acts as a controller, instantiating the correct primitive based on the `KeyPurpose` tag from the operation parameters.

2.  JCA Algorithm Mapping: A `JcaAlgorithmMapper` object was created to centralize the complex logic of converting KeyMint constants into standard JCA algorithm strings (e.g., "SHA256withECDSA", "RSA/ECB/PKCS1Padding"). This makes the code cleaner and more maintainable.

3.  Expanded Parameter Parsing: To support cipher operations, `KeyMintAttestation` has been updated to parse `BLOCK_MODE` and `PADDING` tags. The `KeyMintParameterLogger` was also enhanced to provide human-readable names for these new modes.

This refactoring makes the `createOperation` simulation far more robust and accurate, correctly mimicking the behavior of a real KeyMint implementation across a wider range of cryptographic use cases.
diff --git a/app/src/main/java/org/matrix/TEESimulator/attestation/KeyMintAttestation.kt b/app/src/main/java/org/matrix/TEESimulator/attestation/KeyMintAttestation.kt
@@ -1,8 +1,6 @@
 package org.matrix.TEESimulator.attestation
 
-import android.hardware.security.keymint.EcCurve
-import android.hardware.security.keymint.KeyParameter
-import android.hardware.security.keymint.Tag
+import android.hardware.security.keymint.*
 import java.math.BigInteger
 import java.util.Date
 import javax.security.auth.x500.X500Principal
@@ -22,6 +20,8 @@ data class KeyMintAttestation(
     val algorithm: Int,
     val ecCurve: Int,
     val ecCurveName: String,
+    val blockMode: List<Int>,
+    val padding: List<Int>,
     val purpose: List<Int>,
     val digest: List<Int>,
     val rsaPublicExponent: BigInteger?,
@@ -54,6 +54,12 @@ data class KeyMintAttestation(
         ecCurve = params.findEcCurve(Tag.EC_CURVE) ?: 0,
         ecCurveName = params.deriveEcCurveName(),
 
+        // AOSP: [key_param(tag = BLOCK_MODE, field = BlockMode)]
+        blockMode = params.findAllBlockMode(Tag.BLOCK_MODE),
+
+        // AOSP: [key_param(tag = PADDING, field = PaddingMode)]
+        padding = params.findAllPaddingMode(Tag.PADDING),
+
         // AOSP: [key_param(tag = PURPOSE, field = KeyPurpose)]
         purpose = params.findAllKeyPurpose(Tag.PURPOSE),
 
@@ -121,6 +127,14 @@ private fun Array<KeyParameter>.findDate(tag: Int): Date? =
 private fun Array<KeyParameter>.findBlob(tag: Int): ByteArray? =
     this.find { it.tag == tag }?.value?.blob
 
+/** Maps to AOSP field = BlockMode (Repeated) */
+private fun Array<KeyParameter>.findAllBlockMode(tag: Int): List<Int> =
+    this.filter { it.tag == tag }.map { it.value.blockMode }
+
+/** Maps to AOSP field = BlockMode (Repeated) */
+private fun Array<KeyParameter>.findAllPaddingMode(tag: Int): List<Int> =
+    this.filter { it.tag == tag }.map { it.value.paddingMode }
+
 /** Maps to AOSP field = KeyPurpose (Repeated) */
 private fun Array<KeyParameter>.findAllKeyPurpose(tag: Int): List<Int> =
     this.filter { it.tag == tag }.map { it.value.keyPurpose }
diff --git a/app/src/main/java/org/matrix/TEESimulator/interception/keystore/KeystoreInterceptor.kt b/app/src/main/java/org/matrix/TEESimulator/interception/keystore/KeystoreInterceptor.kt
@@ -378,6 +378,8 @@ private data class LegacyKeygenParameters(
             algorithm = this.algorithm,
             ecCurve = 0, // Not explicitly available in legacy args, but not critical
             ecCurveName = this.ecCurveName ?: "",
+            blockMode = listOf<Int>(),
+            padding = listOf<Int>(),
             purpose = this.purpose,
             digest = this.digest,
             rsaPublicExponent = this.rsaPublicExponent,
diff --git a/app/src/main/java/org/matrix/TEESimulator/interception/keystore/shim/SoftwareOperation.kt b/app/src/main/java/org/matrix/TEESimulator/interception/keystore/shim/SoftwareOperation.kt
@@ -1,111 +1,212 @@
 package org.matrix.TEESimulator.interception.keystore.shim
 
 import android.hardware.security.keymint.Algorithm
+import android.hardware.security.keymint.BlockMode
 import android.hardware.security.keymint.Digest
-import android.os.Binder
-import android.os.Parcel
+import android.hardware.security.keymint.KeyPurpose
+import android.hardware.security.keymint.PaddingMode
 import android.os.RemoteException
 import android.system.keystore2.IKeystoreOperation
-import java.security.PrivateKey
+import java.security.KeyPair
 import java.security.Signature
+import java.security.SignatureException
+import javax.crypto.Cipher
 import org.matrix.TEESimulator.attestation.KeyMintAttestation
-import org.matrix.TEESimulator.interception.keystore.InterceptorUtils
+import org.matrix.TEESimulator.logging.KeyMintParameterLogger
 import org.matrix.TEESimulator.logging.SystemLogger
 
-/**
- * A software-only implementation of a cryptographic operation (e.g., signing). This class uses the
- * standard Java JCA to perform operations on a given private key.
- */
-class SoftwareOperation(
-    private val txId: Long,
-    privateKey: PrivateKey,
-    params: KeyMintAttestation,
-) {
-    private val signature: Signature
+// A sealed interface to represent the different cryptographic operations we can perform.
+private sealed interface CryptoPrimitive {
+    fun update(data: ByteArray?): ByteArray?
 
-    init {
-        // Parse the KeyMintAttestation object to determine the correct JCA algorithm string.
-        val signatureAlgorithm = parseSignatureAlgorithm(params)
-        SystemLogger.debug(
-            "[SoftwareOp TX_ID: $txId] Initializing with algorithm: $signatureAlgorithm"
-        )
+    fun finish(data: ByteArray?, signature: ByteArray?): ByteArray?
 
-        signature = Signature.getInstance(signatureAlgorithm).apply { initSign(privateKey) }
-    }
+    fun abort()
+}
 
-    /**
-     * Determines the JCA standard signature algorithm string from KeyMint parameters. Replicates
-     * logic seen in AOSP frameworks like CertificateGenerator.
-     */
-    private fun parseSignatureAlgorithm(params: KeyMintAttestation): String {
-        val digestName =
+// Helper object to map KeyMint constants to JCA algorithm strings.
+private object JcaAlgorithmMapper {
+    fun mapSignatureAlgorithm(params: KeyMintAttestation): String {
+        val digest =
             when (params.digest.firstOrNull()) {
                 Digest.SHA_2_256 -> "SHA256"
                 Digest.SHA_2_384 -> "SHA384"
                 Digest.SHA_2_512 -> "SHA512"
-                // Add other digest mappings as needed
-                else -> "NONE" // A valid JCA value for certain algorithms
+                else -> "NONE"
             }
-
-        val algorithmName =
+        val keyAlgo =
             when (params.algorithm) {
                 Algorithm.EC -> "ECDSA"
                 Algorithm.RSA -> "RSA"
-                // Add other algorithm mappings as needed
                 else ->
                     throw IllegalArgumentException(
-                        "Unsupported algorithm for signing: ${params.algorithm}"
+                        "Unsupported signature algorithm: ${params.algorithm}"
+                    )
+            }
+        return "${digest}with${keyAlgo}"
+    }
+
+    fun mapCipherAlgorithm(params: KeyMintAttestation): String {
+        val keyAlgo =
+            when (params.algorithm) {
+                Algorithm.RSA -> "RSA"
+                Algorithm.AES -> "AES"
+                else ->
+                    throw IllegalArgumentException(
+                        "Unsupported cipher algorithm: ${params.algorithm}"
                     )
             }
+        val blockMode =
+            when (params.blockMode.firstOrNull()) {
+                BlockMode.ECB -> "ECB"
+                BlockMode.CBC -> "CBC"
+                BlockMode.GCM -> "GCM"
+                else -> "ECB" // Default for RSA
+            }
+        val padding =
+            when (params.padding.firstOrNull()) {
+                PaddingMode.NONE -> "NoPadding"
+                PaddingMode.PKCS7 -> "PKCS7Padding"
+                PaddingMode.RSA_PKCS1_1_5_ENCRYPT -> "PKCS1Padding"
+                PaddingMode.RSA_OAEP -> "OAEPPadding"
+                else -> "NoPadding" // Default for GCM
+            }
+        return "$keyAlgo/$blockMode/$padding"
+    }
+}
+
+// Concrete implementation for Signing.
+private class Signer(keyPair: KeyPair, params: KeyMintAttestation) : CryptoPrimitive {
+    private val signature: Signature =
+        Signature.getInstance(JcaAlgorithmMapper.mapSignatureAlgorithm(params)).apply {
+            initSign(keyPair.private)
+        }
+
+    override fun update(data: ByteArray?): ByteArray? {
+        if (data != null) signature.update(data)
+        return null
+    }
+
+    override fun finish(data: ByteArray?, signature: ByteArray?): ByteArray {
+        if (data != null) update(data)
+        return this.signature.sign()
+    }
+
+    override fun abort() {}
+}
 
-        return "${digestName}with${algorithmName}"
+// Concrete implementation for Verification.
+private class Verifier(keyPair: KeyPair, params: KeyMintAttestation) : CryptoPrimitive {
+    private val signature: Signature =
+        Signature.getInstance(JcaAlgorithmMapper.mapSignatureAlgorithm(params)).apply {
+            initVerify(keyPair.public)
+        }
+
+    override fun update(data: ByteArray?): ByteArray? {
+        if (data != null) signature.update(data)
+        return null
+    }
+
+    override fun finish(data: ByteArray?, signature: ByteArray?): ByteArray? {
+        if (data != null) update(data)
+        if (signature == null) throw SignatureException("Signature to verify is null")
+        if (!this.signature.verify(signature)) {
+            // Throwing an exception is how Keystore signals verification failure.
+            throw SignatureException("Signature verification failed")
+        }
+        // A successful verification returns no data.
+        return null
+    }
+
+    override fun abort() {}
+}
+
+// Concrete implementation for Encryption/Decryption.
+private class CipherPrimitive(
+    keyPair: KeyPair,
+    params: KeyMintAttestation,
+    private val opMode: Int,
+) : CryptoPrimitive {
+    private val cipher: Cipher =
+        Cipher.getInstance(JcaAlgorithmMapper.mapCipherAlgorithm(params)).apply {
+            val key = if (opMode == Cipher.ENCRYPT_MODE) keyPair.public else keyPair.private
+            init(opMode, key)
+        }
+
+    override fun update(data: ByteArray?): ByteArray? =
+        if (data != null) cipher.update(data) else null
+
+    override fun finish(data: ByteArray?, signature: ByteArray?): ByteArray? =
+        if (data != null) cipher.doFinal(data) else cipher.doFinal()
+
+    override fun abort() {}
+}
+
+/**
+ * A software-only implementation of a cryptographic operation. This class acts as a controller,
+ * delegating to a specific cryptographic primitive based on the operation's purpose.
+ */
+class SoftwareOperation(private val txId: Long, keyPair: KeyPair, params: KeyMintAttestation) {
+    // This now holds the specific strategy object (Signer, Verifier, etc.)
+    private val primitive: CryptoPrimitive
+
+    init {
+        // The "Strategy" pattern: choose the implementation based on the purpose.
+        // For simplicity, we only consider the first purpose listed.
+        val purpose = params.purpose.firstOrNull()
+        val purposeName = KeyMintParameterLogger.purposeNames[purpose] ?: "UNKNOWN"
+        SystemLogger.debug("[SoftwareOp TX_ID: $txId] Initializing for purpose: $purposeName.")
+
+        primitive =
+            when (purpose) {
+                KeyPurpose.SIGN -> Signer(keyPair, params)
+                KeyPurpose.VERIFY -> Verifier(keyPair, params)
+                KeyPurpose.ENCRYPT -> CipherPrimitive(keyPair, params, Cipher.ENCRYPT_MODE)
+                KeyPurpose.DECRYPT -> CipherPrimitive(keyPair, params, Cipher.DECRYPT_MODE)
+                else ->
+                    throw UnsupportedOperationException("Unsupported operation purpose: $purpose")
+            }
     }
 
-    fun update(data: ByteArray?) {
-        if (data == null || data.isEmpty()) return
+    fun update(data: ByteArray?): ByteArray? {
         try {
-            signature.update(data)
+            return primitive.update(data)
         } catch (e: Exception) {
-            SystemLogger.error("[SoftwareOp TX_ID: $txId] Failed to update signature.", e)
+            SystemLogger.error("[SoftwareOp TX_ID: $txId] Failed to update operation.", e)
             throw e
         }
     }
 
-    fun finish(data: ByteArray?): ByteArray {
-        update(data)
+    fun finish(data: ByteArray?, signature: ByteArray?): ByteArray? {
         try {
-            val result = signature.sign()
-            SystemLogger.info(
-                "[SoftwareOp TX_ID: $txId] Finished signing. Signature size: ${result.size} bytes."
-            )
+            val result = primitive.finish(data, signature)
+            SystemLogger.info("[SoftwareOp TX_ID: $txId] Finished operation successfully.")
             return result
         } catch (e: Exception) {
-            SystemLogger.error("[SoftwareOp TX_ID: $txId] Failed to finish signing.", e)
+            SystemLogger.error("[SoftwareOp TX_ID: $txId] Failed to finish operation.", e)
+            // Re-throw the exception so the binder can report it to the client.
             throw e
         }
     }
 
     fun abort() {
+        primitive.abort()
         SystemLogger.debug("[SoftwareOp TX_ID: $txId] Operation aborted.")
     }
 }
 
-/**
- * The Binder interface for our [SoftwareOperation].
- */
-class SoftwareOperationBinder(private val operation: SoftwareOperation) : IKeystoreOperation.Stub() {
+/** The Binder interface for our [SoftwareOperation]. */
+class SoftwareOperationBinder(private val operation: SoftwareOperation) :
+    IKeystoreOperation.Stub() {
 
     @Throws(RemoteException::class)
     override fun update(input: ByteArray?): ByteArray? {
-        operation.update(input)
-        // As per the AIDL comments, the update method for a signing operation returns nothing.
-        return null
+        return operation.update(input)
     }
 
     @Throws(RemoteException::class)
-    override fun finish(input: ByteArray?, signature: ByteArray?): ByteArray {
-        // The 'signature' parameter is for verification operations, so we ignore it here.
-        return operation.finish(input)
+    override fun finish(input: ByteArray?, signature: ByteArray?): ByteArray? {
+        return operation.finish(input, signature)
     }
 
     @Throws(RemoteException::class)
diff --git a/app/src/main/java/org/matrix/TEESimulator/logging/KeyMintParameterLogger.kt b/app/src/main/java/org/matrix/TEESimulator/logging/KeyMintParameterLogger.kt
@@ -1,11 +1,6 @@
 package org.matrix.TEESimulator.logging
 
-import android.hardware.security.keymint.Algorithm
-import android.hardware.security.keymint.Digest
-import android.hardware.security.keymint.EcCurve
-import android.hardware.security.keymint.KeyParameter
-import android.hardware.security.keymint.KeyPurpose
-import android.hardware.security.keymint.Tag
+import android.hardware.security.keymint.*
 import java.math.BigInteger
 import java.nio.charset.StandardCharsets
 import java.util.Date
@@ -34,7 +29,23 @@ object KeyMintParameterLogger {
             .associate { field -> (field.get(null) as Int) to field.name }
     }
 
-    private val purposeNames: Map<Int, String> by lazy {
+    val blockModeNames: Map<Int, String> by lazy {
+        BlockMode::class
+            .java
+            .fields
+            .filter { it.type == Int::class.java }
+            .associate { field -> (field.get(null) as Int) to field.name }
+    }
+
+    val paddingNames: Map<Int, String> by lazy {
+        PaddingMode::class
+            .java
+            .fields
+            .filter { it.type == Int::class.java }
+            .associate { field -> (field.get(null) as Int) to field.name }
+    }
+
+    val purposeNames: Map<Int, String> by lazy {
         KeyPurpose::class
             .java
             .fields
@@ -69,7 +80,9 @@ object KeyMintParameterLogger {
         val formattedValue: String =
             when (param.tag) {
                 Tag.ALGORITHM -> algorithmNames[value.algorithm]
+                Tag.BLOCK_MODE -> blockModeNames[value.blockMode]
                 Tag.EC_CURVE -> ecCurveNames[value.ecCurve]
+                Tag.PADDING -> paddingNames[value.paddingMode]
                 Tag.PURPOSE -> purposeNames[value.keyPurpose]
                 Tag.DIGEST -> digestNames[value.digest]
                 Tag.AUTH_TIMEOUT,
diff --git a/stub/src/main/java/android/hardware/security/keymint/BlockMode.java b/stub/src/main/java/android/hardware/security/keymint/BlockMode.java
@@ -0,0 +1,8 @@
+package android.hardware.security.keymint;
+
+public @interface BlockMode {
+    public static final int ECB = 1;
+    public static final int CBC = 2;
+    public static final int CTR = 3;
+    public static final int GCM = 32;
+}
diff --git a/stub/src/main/java/android/hardware/security/keymint/PaddingMode.java b/stub/src/main/java/android/hardware/security/keymint/PaddingMode.java
@@ -0,0 +1,10 @@
+package android.hardware.security.keymint;
+
+public @interface PaddingMode {
+    public static final int NONE = 1;
+    public static final int RSA_OAEP = 2;
+    public static final int RSA_PSS = 3;
+    public static final int RSA_PKCS1_1_5_ENCRYPT = 4;
+    public static final int RSA_PKCS1_1_5_SIGN = 5;
+    public static final int PKCS7 = 64;
+}
