1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "proxy.h"
18 
19 #include <assert.h>
20 #include <lk/list.h>  // for containerof
21 #include <stdlib.h>
22 #include <string.h>
23 #include <uapi/err.h>
24 
25 #include <interface/storage/storage.h>
26 #include <lib/hwkey/hwkey.h>
27 
28 #include "aidl_service.h"
29 #include "ipc.h"
30 #include "rpmb.h"
31 #include "session.h"
32 
33 #define SS_ERR(args...) fprintf(stderr, "ss: " args)
34 
35 static void proxy_disconnect(struct ipc_channel_context* ctx);
36 
proxy_context_to_session(struct ipc_channel_context * context)37 static struct storage_session* proxy_context_to_session(
38         struct ipc_channel_context* context) {
39     assert(context != NULL);
40     struct storage_session* session =
41             containerof(context, struct storage_session, proxy_ctx);
42     assert(session->magic == STORAGE_SESSION_MAGIC);
43     return session;
44 }
45 
get_storage_encryption_key(hwkey_session_t session,uint8_t * key,uint32_t key_size)46 static int get_storage_encryption_key(hwkey_session_t session,
47                                       uint8_t* key,
48                                       uint32_t key_size) {
49     static const struct key storage_key_derivation_data = {
50             .byte = {
51                     0xbc, 0x10, 0x6c, 0x9e, 0xc1, 0xa4, 0x71, 0x04,
52                     0x83, 0xab, 0x03, 0x4b, 0x75, 0x8a, 0xb3, 0x5e,
53                     0xfb, 0xe5, 0x43, 0x6c, 0xe6, 0x74, 0xb7, 0xfc,
54                     0xee, 0x20, 0xad, 0xae, 0xfb, 0x34, 0xab, 0xd3,
55             }};
56 
57     if (key_size != sizeof(storage_key_derivation_data.byte)) {
58         return ERR_BAD_LEN;
59     }
60 
61     uint32_t kdf_version = HWKEY_KDF_VERSION_1;
62     int rc = hwkey_derive(session, &kdf_version,
63                           storage_key_derivation_data.byte, key, key_size);
64     if (rc < 0) {
65         SS_ERR("%s: failed to get key: %d\n", __func__, rc);
66         return rc;
67     }
68 
69     return NO_ERROR;
70 }
71 
72 #if !WITH_HKDF_RPMB_KEY
get_rpmb_auth_key(hwkey_session_t session,uint8_t * key,uint32_t key_size)73 static int get_rpmb_auth_key(hwkey_session_t session,
74                              uint8_t* key,
75                              uint32_t key_size) {
76     const char* storage_auth_key_id = "com.android.trusty.storage_auth.rpmb";
77 
78     int rc = hwkey_get_keyslot_data(session, storage_auth_key_id, key,
79                                     &key_size);
80     if (rc < 0) {
81         SS_ERR("%s: failed to get key: %d\n", __func__, rc);
82         return rc;
83     }
84 
85     return NO_ERROR;
86 }
87 #endif
88 
proxy_connect(struct ipc_port_context * parent_ctx,const uuid_t * peer_uuid,handle_t chan_handle)89 struct ipc_channel_context* proxy_connect(struct ipc_port_context* parent_ctx,
90                                           const uuid_t* peer_uuid,
91                                           handle_t chan_handle) {
92     struct rpmb_key* rpmb_key_ptr = NULL;
93     int rc;
94 
95     struct storage_session* session = calloc(1, sizeof(*session));
96     if (session == NULL) {
97         SS_ERR("%s: out of memory\n", __func__);
98         goto err_alloc_session;
99     }
100 
101     session->magic = STORAGE_SESSION_MAGIC;
102 
103     rc = hwkey_open();
104     if (rc < 0) {
105         SS_ERR("%s: hwkey init failed: %d\n", __func__, rc);
106         goto err_hwkey_open;
107     }
108 
109     hwkey_session_t hwkey_session = (hwkey_session_t)rc;
110 
111     /* Generate encryption key */
112     rc = get_storage_encryption_key(hwkey_session, session->key.byte,
113                                     sizeof(session->key));
114     if (rc < 0) {
115         SS_ERR("%s: can't get storage key: (%d) \n", __func__, rc);
116         goto err_get_storage_key;
117     }
118 
119     /* Init RPMB key */
120 #if !WITH_HKDF_RPMB_KEY
121     struct rpmb_key rpmb_key;
122     rc = get_rpmb_auth_key(hwkey_session, rpmb_key.byte, sizeof(rpmb_key.byte));
123     if (rc < 0) {
124         SS_ERR("%s: can't get storage auth key: (%d)\n", __func__, rc);
125         goto err_get_rpmb_key;
126     }
127 
128     rpmb_key_ptr = &rpmb_key;
129 #endif
130 
131     struct proxy_connect_context* proxy_ctx =
132             containerof(parent_ctx, struct proxy_connect_context, tipc_ctx);
133 
134     rc = block_device_tipc_init(&session->block_device, parent_ctx->common.hset,
135                                 &proxy_ctx->aidl_ctx, chan_handle,
136                                 &session->key, rpmb_key_ptr, hwkey_session);
137     if (rc < 0) {
138         SS_ERR("%s: block_device_tipc_init failed (%d)\n", __func__, rc);
139         goto err_init_block_device;
140     }
141 
142     session->proxy_ctx.ops.on_disconnect = proxy_disconnect;
143 
144     hwkey_close(hwkey_session);
145 
146     return &session->proxy_ctx;
147 
148 err_init_block_device:
149 #if !WITH_HKDF_RPMB_KEY
150 err_get_rpmb_key:
151 #endif
152 err_get_storage_key:
153     hwkey_close(hwkey_session);
154 err_hwkey_open:
155     free(session);
156 err_alloc_session:
157     return NULL;
158 }
159 
proxy_disconnect(struct ipc_channel_context * ctx)160 void proxy_disconnect(struct ipc_channel_context* ctx) {
161     struct storage_session* session = proxy_context_to_session(ctx);
162 
163     block_device_tipc_uninit(&session->block_device);
164 
165     free(session);
166 }
167