blob: 3afb342075f14734ea1a4932c3312953760d008e [file] [log] [blame]
/*
* Copyright (C) 2021 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "trusty_secure_deletion_secret_storage.h"
#include <array>
#include <optional>
#include <vector>
#include <lib/storage/storage.h>
#include <uapi/err.h>
#include <keymaster/logger.h>
#include <keymaster/random_source.h>
namespace keymaster {
namespace {
// Maximum number of attempts to perform a secure storage transaction to read or
// delete a secure deletion secret. Because the storageproxy may be restarted
// while this code is running, it may be necessary to retry. But because it's
// unclear exactly what error codes may be returned when the proxy is shut down,
// we conservatively retry all unexpected errors. To avoid an infinite loop, we
// set a limit on the number of retries (though hitting the limit and returning
// an error will likely break the boot anyway). Ideally, we should never need
// more than one retry. We allow three.
constexpr size_t kMaxTries = 3;
// Name of the file to store secrets. The "_1" suffix is to allow for new file
// formats/versions in the future.
constexpr char kSecureDeletionSecretFileName[] = "SecureDeletionSecrets_1";
// Each secret is 16 bytes.
constexpr storage_off_t kSecretSize = 16;
// The factory reset secret is composed of two secrets, so 32 bytes, and it's
// stored at offset 0.
constexpr storage_off_t kFactoryResetSecretSize = kSecretSize * 2;
constexpr storage_off_t kFactoryResetSecretPos = 0;
constexpr storage_off_t kFirstSecureDeletionSecretPos =
kFactoryResetSecretPos + kFactoryResetSecretSize;
// We read secrets in blocks of 32, so 512 bytes.
constexpr storage_off_t kBlockSize = kSecretSize * 32;
// Limit file size to 16 KiB (except for key upgrades, see
// kMaxSecretFileSizeForUpgrades).
constexpr storage_off_t kMaxSecretFileSize = kBlockSize * 32;
// This is a higher file size limit, with the space above kMaxSecretFileSize
// usable only for key IDs that need to be written as part of a key upgrade.
// This is to reduce the probability that keys are degraded as a result of
// upgrading.
constexpr storage_off_t kMaxSecretFileSizeForUpgrades =
kMaxSecretFileSize + 8 * kBlockSize;
// We set a bit in the first byte of each slot to indicate that the slot is in
// use. This reduces the maximum entropy of each slot to 127 bits.
constexpr uint8_t kInUseFlag = 0x80;
/**
* StorageFile represents a secure storage file, and provides operations on it.
* Use StorageSession::OpenFile to create a StorageFile.
*/
class StorageFile {
public:
StorageFile(const StorageFile&) = delete;
StorageFile& operator=(const StorageFile&) = delete;
StorageFile(StorageFile&& rhs)
: fileHandle_(std::move(rhs.fileHandle_)),
fileSize_(rhs.fileSize_) {
rhs.fileHandle_ = std::nullopt;
rhs.fileSize_ = 0;
}
~StorageFile() { CloseFile(); }
/**
* Close the file.
*
* Note that normally it's not necessary to call this, because the dtor
* will.
*/
void CloseFile() {
if (!fileHandle_) {
return;
}
LOG_D("Closing file handle %llu", *fileHandle_);
storage_close_file(*fileHandle_);
fileHandle_ = std::nullopt;
}
/**
* Return size of file.
*/
storage_off_t size() const { return fileSize_; }
/**
* Reads a block of bytes from the file. On error returns std::nullopt.
*/
std::optional<Buffer> ReadBlock(storage_off_t readPos,
storage_off_t bytesToRead) const {
if (!fileHandle_) {
return std::nullopt;
}
Buffer buf(bytesToRead);
if (buf.buffer_size() < bytesToRead) {
LOG_E("Error memory allocation failed trying to allocate ReadBlock buffer.",
0);
return std::nullopt;
}
ssize_t bytesRead = storage_read(
*fileHandle_, readPos, buf.peek_write(), buf.available_write());
if (bytesRead < 0) {
LOG_E("Error %zd reading file", bytesRead);
return std::nullopt;
} else if (static_cast<size_t>(bytesRead) < bytesToRead) {
LOG_E("Error attempt to read %llu bytes returned only %zd bytes",
bytesToRead, bytesRead);
return std::nullopt;
}
if (!buf.advance_write(bytesRead)) {
LOG_E("Failed to update buffer write position. Code error.", 0);
return std::nullopt;
}
return buf;
}
/**
* Write a block of bytes from `data` of size `size` to storage at offset
* `pos`. Will not extend the file.
*
* Returns false if the write would go past the end of the file, or if an
* error occurs (all errors are logged).
*/
bool WriteBlock(storage_off_t pos, const uint8_t* data, size_t size) const {
if (!fileHandle_) {
LOG_E("Attempt to write to invalid file handle", 0);
return false;
}
storage_off_t end;
if (__builtin_add_overflow(pos, size, &end) || end > fileSize_) {
LOG_E("Attempt to write past EOF", 0);
return false;
}
ssize_t bytesWritten =
storage_write(*fileHandle_, pos, data, size, 0 /* opflags */);
if (bytesWritten < 0) {
LOG_E("Error %zd writing rollback record at offset %llu",
bytesWritten, pos);
return false;
} else if (static_cast<size_t>(bytesWritten) < size) {
LOG_E("Wrote %zd of %zu bytes", bytesWritten, size);
return false;
}
return true;
}
/**
* Resize the file to `newSize` bytes.
*
* Returns error code from uapi/err.h. Errors are logged.
*/
int Resize(storage_off_t newSize) {
if (!fileHandle_) {
LOG_E("Attempt to resize invalid file handle", 0);
return -ERR_NOT_VALID;
}
int rc = storage_set_file_size(*fileHandle_, newSize, 0 /* opflags */);
if (rc) {
LOG_E("Error %d resizing file from %llu to %llu", rc, fileSize_,
newSize);
return rc;
}
fileSize_ = newSize;
return NO_ERROR;
}
private:
friend class StorageSession;
StorageFile(file_handle_t fileHandle, storage_off_t fileSize)
: fileHandle_(fileHandle), fileSize_(fileSize) {}
std::optional<file_handle_t> fileHandle_;
storage_off_t fileSize_;
};
/**
* StorageSession represents a secure storage session, and provides methods to
* manipulate files within the session, and to finalize a storage transaction.
*/
class StorageSession {
public:
// Error codes used by DeleteFile.
enum class Error : uint32_t {
OK = 0,
NOT_FOUND = 1,
UNKNOWN = 2,
};
StorageSession(const StorageSession&) = delete;
StorageSession(StorageSession&& rhs) : session_(rhs.session_) {
rhs.session_ = STORAGE_INVALID_SESSION;
}
~StorageSession() {
if (session_ != STORAGE_INVALID_SESSION) {
LOG_D("Closing storage session %llu", session_);
storage_close_session(session_);
}
}
/**
* Creates a session, connected to the specified port.
*
* There is a possibility that the port has not been created when this
* method is called. In this case its behavior is determined by the
* `waitForPort` argument:
*
* - if true, the method will block until the port is available and the
* connection is completed.
*
* - if false, the method will return std::nullopt immediately.
*
* If the port exists, this method will block until the connection is
* completed.
*/
static std::optional<StorageSession> CreateSession(
bool waitForPort = true,
const char* port = STORAGE_CLIENT_TP_PORT) {
LOG_D("Opening storage session on port %s (wait: %s)", port,
waitForPort ? "true" : "false");
// We use connect rather than storage_open_session because the latter
// always waits for the port.
long rc = connect(port, waitForPort ? IPC_CONNECT_WAIT_FOR_PORT : 0);
if (rc < 0) {
LOG_E("Error %ld opening storage session on port %s.", rc, port);
return std::nullopt;
}
storage_session_t session = static_cast<storage_session_t>(rc);
LOG_D("Opened storage session %llu", session);
return StorageSession(session);
}
/**
* Open a file. Returns std::nullopt on failure (after logging error code).
*/
std::optional<StorageFile> OpenFile(
const char* fileName,
uint32_t flags = STORAGE_FILE_OPEN_CREATE) const {
file_handle_t fileHandle;
int err = storage_open_file(session_, &fileHandle, fileName, flags,
0 /* opflags */);
if (err) {
LOG_E("Error %d opening file %s", err, fileName);
return std::nullopt;
}
LOG_D("Opened file %s with handle %llu", fileName, fileHandle);
storage_off_t fileSize;
err = storage_get_file_size(fileHandle, &fileSize);
if (err) {
LOG_E("Error %d reading size of file %s", err, fileName);
storage_close_file(fileHandle);
return std::nullopt;
}
return StorageFile(fileHandle, fileSize);
}
/**
* Delete a file.
*
* Returns Error::OK on success, Error::NOT_FOUND, if the file did not
* exist, Error::UNKNOWN in any other case.
*/
Error DeleteFile(const char* fileName) const {
int rc = storage_delete_file(session_, fileName, 0 /* opflags */);
if (rc < 0) {
LOG_E("Error (%d) deleting file %s", rc, fileName);
if (rc == ERR_NOT_FOUND) {
return Error::NOT_FOUND;
} else {
return Error::UNKNOWN;
}
}
return Error::OK;
}
/**
* Ends current transaction (any uncommitted changes in this session),
* either committing or aborting (rolling back) the changes, as specified by
* `commit`.
*
* Note failing to commit the transaction will result in it being lost.
*
* Returns true on success, false on failure.
*/
bool EndTransaction(bool commit) {
int rc = storage_end_transaction(session_, commit);
if (rc < 0) {
LOG_E("Error (%d) committing transaction", rc);
return false;
}
return true;
}
private:
StorageSession(storage_session_t session) : session_(session) {}
storage_session_t session_;
};
/**
* Zeros each secret from position `begin` to position `end`.
*/
bool zero_entries(const StorageFile& file,
storage_off_t begin,
storage_off_t end) {
if (begin % kSecretSize != 0) {
LOG_S("zero_entries called with invalid offset %llu", begin);
return false;
}
for (storage_off_t pos = begin; pos < end; pos += kSecretSize) {
uint8_t zero_buf[kSecretSize] = {0x00, 0x00, 0x00, 0x00, //
0x00, 0x00, 0x00, 0x00, //
0x00, 0x00, 0x00, 0x00, //
0x00, 0x00, 0x00, 0x00};
if (!file.WriteBlock(pos, zero_buf, sizeof(zero_buf))) {
LOG_E("Failed to zero secret at offset %llu", pos);
return false;
}
}
return true;
}
/**
* Finds an empty slot in file. Returns empty on error, 0 on failure to
* find an empty slot and a valid (>0) slot number otherwise.
*/
std::optional<uint32_t /* keySlot */> find_empty_slot(const StorageFile& file,
bool isUpgrade) {
storage_off_t end =
std::min(file.size(), isUpgrade ? kMaxSecretFileSizeForUpgrades
: kMaxSecretFileSize);
uint32_t retval = 0;
for (storage_off_t filePos = 0; filePos < end; filePos += kBlockSize) {
std::optional<Buffer> block = file.ReadBlock(filePos, kBlockSize);
if (!block) {
LOG_E("Failed to read block of secrets", 0);
return std::nullopt;
}
size_t blockPos =
filePos == kFactoryResetSecretPos ? kFactoryResetSecretSize : 0;
for (; blockPos < block->available_read(); blockPos += kSecretSize) {
uint8_t first_byte = *(block->begin() + blockPos);
if ((first_byte & kInUseFlag) == 0 && retval == 0) {
static_assert(kBlockSize % kSecretSize == 0 &&
kFactoryResetSecretSize % kSecretSize == 0);
retval = static_cast<uint32_t>((filePos + blockPos) /
kSecretSize);
}
}
}
return retval;
}
// Helper class that calls the provided function (probably a lambda) on
// destruction if not disarmed.
template <typename F>
class OnExit {
public:
OnExit(F f) : f_(f) {}
~OnExit() {
if (!disarmed_) {
f_();
}
}
void disarm() { disarmed_ = true; }
private:
F f_;
bool disarmed_ = false;
};
} // namespace
bool TrustySecureDeletionSecretStorage::LoadOrCreateFactoryResetSecret(
bool wait_for_port) const {
if (factory_reset_secret_) {
// Already read.
return true;
}
LOG_D("Trying to open a session to read factory reset secret", 0);
std::optional<StorageSession> session =
StorageSession::CreateSession(wait_for_port);
if (!session) {
return false;
}
LOG_D("Trying to open secure secrets file", 0);
std::optional<StorageFile> file =
session->OpenFile(kSecureDeletionSecretFileName);
if (!file) {
// This shouldn't be possible, unless maybe the session just went away?
LOG_E("Can't open secure secrets file.", 0);
return false;
}
if (file->size() > 0) {
LOG_D("Opened non-empty secure secrets file.", 0);
std::optional<Buffer> block = file->ReadBlock(kFactoryResetSecretPos,
kFactoryResetSecretSize);
if (!block) {
LOG_E("Failed to read factory reset secret", 0);
return false;
}
LOG_D("Read factory-reset secret, size %zu", block->available_read());
factory_reset_secret_ = std::move(block);
return true;
}
// The file was just created. Need to create the factory reset secret.
LOG_I("Created new secure secrets file, size %llu", file->size());
if (file->Resize(kBlockSize) != NO_ERROR) {
LOG_E("Failed to grow new file from 0 to %llu bytes", kBlockSize);
return false;
}
LOG_D("Resized secure secrets file to size %llu", file->size());
static_assert(kBlockSize >= kFactoryResetSecretSize);
Buffer buf(kFactoryResetSecretSize);
keymaster_error_t error =
random_.GenerateRandom(buf.peek_write(), buf.available_write());
if (error != KM_ERROR_OK || !buf.advance_write(kFactoryResetSecretSize)) {
LOG_E("Failed to generate %zu random bytes for factory reset secret",
kFactoryResetSecretSize);
return false;
}
if (!file->WriteBlock(kFactoryResetSecretPos, buf.peek_read(),
buf.available_read())) {
LOG_E("Failed to write factory reset secret", 0);
return false;
}
LOG_D("Wrote new factory reset secret.", 0);
if (!zero_entries(*file, kFirstSecureDeletionSecretPos /* begin */,
kBlockSize /* end */)) {
LOG_E("Failed to zero secure deletion secret entries in first block",
0);
return false;
}
LOG_D("Zeroed secrets.", 0);
if (!session->EndTransaction(true /* commit */)) {
LOG_E("Failed to commit transaction creating secure secrets file", 0);
return false;
}
LOG_D("Committed new secrets file.", 0);
LOG_I("Got factory reset secret of size %zu", buf.buffer_size());
factory_reset_secret_ = std::move(buf);
return true;
}
std::optional<SecureDeletionData>
TrustySecureDeletionSecretStorage::CreateDataForNewKey(bool secure_deletion,
bool is_upgrade) const {
if (!LoadOrCreateFactoryResetSecret(false /* wait_for_port */) ||
!factory_reset_secret_) {
// Unable to get factory reset secret from secure storage.
LOG_I("Unable to get factory reset secret", 0);
return std::nullopt;
}
SecureDeletionData retval;
retval.factory_reset_secret.Reinitialize(*factory_reset_secret_);
if (!secure_deletion) {
LOG_D("Secure deletion not requested.", 0);
return retval;
}
retval.secure_deletion_secret.reserve(kSecretSize);
if (retval.secure_deletion_secret.buffer_size() == 0) {
return std::nullopt;
}
keymaster_error_t error = random_.GenerateRandom(
retval.secure_deletion_secret.peek_write(),
retval.secure_deletion_secret.available_write());
if (error != KM_ERROR_OK) {
// Ths really shouldn't be possible. Perhaps we should abort()?
LOG_E("Failed to create secure deletion secret", 0);
return std::nullopt;
}
retval.secure_deletion_secret.peek_write()[0] |= kInUseFlag;
retval.secure_deletion_secret.advance_write(
retval.secure_deletion_secret.available_write());
auto sds_cleanup = OnExit([&]() { retval.secure_deletion_secret.Clear(); });
std::optional<StorageSession> session =
StorageSession::CreateSession(); // Will block
if (!session) {
LOG_E("Failed to open session in CreateDateForNewKey", 0);
return retval;
}
LOG_D("Opened session to store secure deletion secret.", 0);
std::optional<StorageFile> file =
session->OpenFile(kSecureDeletionSecretFileName);
if (!file) {
LOG_E("Failed to open file in CreateDateForNewKey", 0);
return retval;
}
LOG_D("Opened file to store secure deletion secret.", 0);
std::optional<uint32_t> keySlot = find_empty_slot(*file, is_upgrade);
if (!keySlot) {
LOG_E("Error while searching for key slot", 0);
return retval;
}
if (*keySlot == 0) {
bool can_resize =
file->size() < kMaxSecretFileSize ||
(is_upgrade && file->size() < kMaxSecretFileSizeForUpgrades);
if (!can_resize) {
LOG_I("Didn't find a slot and can't grow the file larger than %llu",
file->size());
return retval;
}
storage_off_t old_size = file->size();
LOG_D("Attempting to resize file from %llu to %llu", file->size(),
file->size() + kBlockSize);
int rc = file->Resize(old_size + kBlockSize);
if (rc != NO_ERROR) {
LOG_E("Failed (%d) to grow file to make room for a key slot", rc);
return retval;
}
LOG_D("Resized file to %llu", file->size());
if (!zero_entries(*file, old_size, file->size())) {
LOG_E("Error zeroing space in extended file", 0);
return retval;
}
keySlot = old_size / kSecretSize;
}
LOG_D("Writing new deletion secret to key slot %u", *keySlot);
if (!file->WriteBlock(*keySlot * kSecretSize,
retval.secure_deletion_secret.peek_read(),
retval.secure_deletion_secret.available_read())) {
LOG_E("Failed to write new deletion secret to key slot %u", *keySlot);
return retval;
}
if (!session->EndTransaction(true /* commit */)) {
LOG_E("Failed to commit transaction writing new deletion secret to slot %u",
*keySlot);
return retval;
}
LOG_D("Committed new secret.", 0);
sds_cleanup.disarm(); // Secure deletion secret written; no need to wipe.
retval.key_slot = *keySlot;
return retval;
}
SecureDeletionData TrustySecureDeletionSecretStorage::GetDataForKey(
const uint32_t key_slot) const {
for (size_t tries = 0; tries < kMaxTries && !factory_reset_secret_;
++tries) {
LoadOrCreateFactoryResetSecret(true /* waitForPort */);
}
if (!factory_reset_secret_) {
return SecureDeletionData{};
}
SecureDeletionData retval;
retval.key_slot = key_slot;
retval.factory_reset_secret.Reinitialize(*factory_reset_secret_);
bool secureDeletionSecretRequested = (key_slot != 0);
if (!secureDeletionSecretRequested) {
LOG_D("Secure deletion not requested.", 0);
return retval;
}
LOG_D("Need to read secure deletion secret from slot %u", retval.key_slot);
for (size_t tries = 0; tries < kMaxTries; ++tries) {
std::optional<StorageSession> session =
StorageSession::CreateSession(); // Will block
if (!session) {
LOG_E("Failed to open session to get secure deletion data.", 0);
continue;
}
std::optional<StorageFile> file =
session->OpenFile(kSecureDeletionSecretFileName);
if (!file) {
LOG_E("Failed to open file to get secure deletion data.", 0);
continue;
}
storage_off_t keySlotBegin = retval.key_slot * kSecretSize;
storage_off_t keySlotEnd = keySlotBegin + kSecretSize;
if (keySlotEnd > file->size()) {
LOG_E("Invalid key slot %u would read past end of file of size %llu",
retval.key_slot, file->size());
return retval; // Empty secure_deletion_secret, key decryption will
// fail.
}
std::optional<Buffer> secret =
file->ReadBlock(retval.key_slot * kSecretSize, kSecretSize);
if (!secret) {
LOG_E("Failed to read secret from slot %u", retval.key_slot);
continue;
}
LOG_D("Read secure deletion secret, size: %zu",
secret->available_read());
retval.secure_deletion_secret = std::move(*secret);
break;
}
return retval;
}
void TrustySecureDeletionSecretStorage::DeleteKey(uint32_t key_slot) const {
if (key_slot == 0) {
LOG_D("key_slot == 0, nothing to delete", 0);
return;
}
for (;;) {
std::optional<StorageSession> session =
StorageSession::CreateSession(); // Will block
if (!session) {
LOG_E("Failed to open session to retrieve secure deletion data.",
0);
continue;
}
std::optional<StorageFile> file =
session->OpenFile(kSecureDeletionSecretFileName);
if (!file) {
LOG_E("Failed to open file to retrieve secure deletion data.", 0);
continue;
}
storage_off_t key_slot_begin = key_slot * kSecretSize;
storage_off_t key_slot_end = key_slot_begin + kSecretSize;
if (key_slot_begin <
kFactoryResetSecretPos + kFactoryResetSecretSize //
|| key_slot_end > file->size()) {
LOG_E("Attempted to delete invalid key slot %u", key_slot);
return;
}
if (!zero_entries(*file, key_slot_begin, key_slot_end)) {
continue;
}
LOG_D("Deleted secure key slot %u, zeroing %llu to %llu", key_slot,
key_slot_begin, key_slot_end);
if (!session->EndTransaction(true /* commit */)) {
LOG_E("Failed to commit transaction deleting key at slot %u",
key_slot);
continue;
}
LOG_D("Committed deletion", 0);
return;
}
}
void TrustySecureDeletionSecretStorage::DeleteAllKeys() const {
for (;;) {
std::optional<StorageSession> session =
StorageSession::CreateSession(); // Will block
if (!session) {
LOG_E("Failed to open session to delete secrets file.", 0);
continue;
}
LOG_D("Opened session to delete secrets file.", 0);
auto error = session->DeleteFile(kSecureDeletionSecretFileName);
if (error == StorageSession::Error::OK) {
LOG_D("Deleted secrets file", 0);
if (!session->EndTransaction(true /* commit */)) {
LOG_E("Failed to commit deletion of secrets file.", 0);
}
LOG_D("Committed deletion of secrets file.", 0);
} else if (error == StorageSession::Error::NOT_FOUND) {
// File does not exist, may as well abandon the session.
LOG_D("No secrets file existed.", 0);
} else {
// Assuming transient error. Log and retry.
LOG_E("Failed to delete secrets file", 0);
continue;
}
// Success
factory_reset_secret_ = {};
return;
}
}
} // namespace keymaster