| /* |
| * Copyright (C) 2022 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| //! Module that implements the [`SecureDeletionSecretManager`] trait. |
| use alloc::rc::Rc; |
| use core::{ |
| cell::RefCell, |
| cmp, |
| ops::{Deref, DerefMut}, |
| }; |
| use kmr_common::{ |
| crypto, |
| keyblob::{SecureDeletionData, SecureDeletionSecretManager, SecureDeletionSlot, SlotPurpose}, |
| km_err, Error, |
| }; |
| use log::{debug, error, info}; |
| use storage::{self as storage_session, OpenMode, Port, SecureFile, Session, Transaction}; |
| use trusty_sys; |
| use zeroize::{Zeroize, ZeroizeOnDrop}; |
| |
| // Maximum number of attempts to perform a secure storage transaction to read or |
| // delete a secure deletion secret. Because the storageproxy may be restarted |
| // while this code is running, it may be necessary to retry. But because it's |
| // unclear exactly what error codes may be returned when the proxy is shut down, |
| // we conservatively retry all unexpected errors. To avoid an infinite loop, we |
| // set a limit on the number of retries (though hitting the limit and returning |
| // an error will likely break the boot anyway). Ideally, we should never need |
| // more than one retry. We allow three. |
| const KM_MAX_TRIES: usize = 3; |
| |
| // Each secret is 16 bytes. |
| const KM_SECRET_SIZE: usize = 16; |
| // The factory reset secret is composed of two secrets, so 32 bytes, and it is |
| // stored at offset 0. After this position (offset 32), all the secrets are |
| // stored one after the other. On each secret a single bit on the first byte is |
| // set to indicate that the secret is valid (mask 0x80). Any unused secret/newly |
| // allocated space on the file is set to 0 |
| const KM_FACTORY_RESET_SECRET_SIZE: usize = KM_SECRET_SIZE * 2; |
| const KM_FACTORY_RESET_SECRET_POS: usize = 0; |
| const KM_FACTORY_FIRST_SECURE_DELETION_SECRET_POS: usize = |
| KM_FACTORY_RESET_SECRET_POS + KM_FACTORY_RESET_SECRET_SIZE; |
| |
| // We read secrets in blocks of 32, so 512 bytes. |
| const KM_BLOCK_SIZE: usize = KM_SECRET_SIZE * 32; |
| |
| // Limit file size to 16 KiB (except for key upgrades, see |
| // KM_MAX_SECRET_FILE_SIZE_FOR_UPGRADES). |
| const KM_MAX_SECRET_FILE_SIZE: usize = KM_BLOCK_SIZE * 32; |
| |
| // This is a higher file size limit, with the space above KM_MAX_SECRET_FILE_SIZE |
| // usable only for key IDs that need to be written as part of a key upgrade. |
| // This is to reduce the probability that keys are degraded as a result of |
| // upgrading. |
| const KM_MAX_SECRET_FILE_SIZE_FOR_UPGRADES: usize = KM_MAX_SECRET_FILE_SIZE + 8 * KM_BLOCK_SIZE; |
| |
| // We set a bit in the first byte of each slot to indicate that the slot is in |
| // use. This reduces the maximum entropy of each slot to 127 bits. |
| const KM_IN_USE_FLAG: u8 = 0x80; |
| |
| // Name of the file to store secrets. The "_1" suffix is to allow for new file |
| // formats/versions in the future. |
| const KM_SECURE_DELETION_SECRET_FILENAME: &'static str = "SecureDeletionSecrets_1"; |
| |
| const _: () = assert!( |
| KM_BLOCK_SIZE >= KM_FACTORY_RESET_SECRET_SIZE, |
| "KM_BLOCK_SIZE should be bigger than KM_FACTORY_RESET_SECRET_SIZE" |
| ); |
| const _: () = assert!((KM_BLOCK_SIZE % KM_SECRET_SIZE) == 0, "Broke find_empty_slot assumption"); |
| const _: () = assert!( |
| (KM_FACTORY_RESET_SECRET_SIZE % KM_SECRET_SIZE) == 0, |
| "Broke find_empty_slot assumption" |
| ); |
| |
| struct SecureDeletionSecretFileSession { |
| session: Session, |
| } |
| |
| struct SecureDeletionSecretFile<'a> { |
| file: SecureFile, |
| transaction: Transaction<'a>, |
| } |
| |
| enum RetrieveSecureDeletionSecretFileData<'a> { |
| EmptyFileFound(SecureDeletionSecretFile<'a>), |
| CachedDataFound(SecureDeletionData), |
| DataFoundOnFile(SecureDeletionData), |
| } |
| |
| impl SecureDeletionSecretFileSession { |
| fn new(wait_on_port: bool) -> Result<Self, Error> { |
| let mut session = Session::new(Port::TamperProof, wait_on_port).map_err(|_| { |
| km_err!( |
| SecureHwCommunicationFailed, |
| "Failed to connect to secure storage port for opening secure deletion secret file" |
| ) |
| })?; |
| Ok(SecureDeletionSecretFileSession { session }) |
| } |
| |
| fn delete_file(&mut self) -> Result<(), Error> { |
| // We do not consider the file not existing an error when trying to delete it because the |
| // end result is the same. |
| match self.session.remove(KM_SECURE_DELETION_SECRET_FILENAME) { |
| Ok(_) => Ok(()), |
| Err(storage_session::Error::Code(trusty_sys::Error::NotFound)) => Ok(()), |
| Err(_) => { |
| Err(km_err!(SecureHwCommunicationFailed, "Couldn't delete secure secrets file")) |
| } |
| } |
| } |
| |
| fn close(self) { |
| self.session.close() |
| } |
| } |
| |
| impl<'a> SecureDeletionSecretFile<'a> { |
| fn open_or_create( |
| session: &'a mut SecureDeletionSecretFileSession, |
| ) -> Result<SecureDeletionSecretFile<'a>, Error> { |
| let mut transaction = session.session.begin_transaction(); |
| let mut file = |
| transaction.open_file(KM_SECURE_DELETION_SECRET_FILENAME, OpenMode::Create).map_err( |
| |_| km_err!(SecureHwCommunicationFailed, "Failed open secure deletion secret file"), |
| )?; |
| Ok(SecureDeletionSecretFile { transaction, file }) |
| } |
| |
| fn read_block<'buf>( |
| &mut self, |
| start: usize, |
| buffer: &'buf mut [u8], |
| ) -> Result<&'buf [u8], Error> { |
| let req_len = buffer.len(); |
| let data = self.transaction.read_at(&self.file, start, buffer).map_err(|_| { |
| km_err!( |
| SecureHwCommunicationFailed, |
| "Failed to read secure deletion secret file at offset {} with len {}", |
| start, |
| req_len |
| ) |
| })?; |
| if data.len() != req_len { |
| Err(km_err!( |
| UnknownError, |
| "Couldn't read {} bytes of secure deletion secret file at offset {}. Read {} bytes", |
| req_len, |
| start, |
| data.len() |
| )) |
| } else { |
| Ok(data) |
| } |
| } |
| |
| // Find empty slot is used to find the first [KM_SECRET_SIZE] position on the secure file that |
| // isn't currently in use. For this it will read the secure file in [KM_BLOCK_SIZE] chunks and |
| // move in [KM_SECRET_SIZE] increments; checking if the KM_IN_USE_FLAG if set on that position. |
| fn find_empty_slot(&mut self, is_upgrade: bool) -> Result<usize, Error> { |
| let end = SecureDeletionSecretFile::get_max_file_size(is_upgrade); |
| let file_size = self.get_file_size()?; |
| let end = cmp::min(end, file_size); |
| let mut key_slot = 0; |
| let mut block_buffer = [0; KM_BLOCK_SIZE]; |
| 'search_loop: for start_pos in (0..end).step_by(KM_BLOCK_SIZE) { |
| let read_data = match self.read_block(start_pos, &mut block_buffer) { |
| Ok(read_data) => read_data, |
| Err(e) => { |
| error!("Failed to read block of secrets"); |
| return Err(e); |
| } |
| }; |
| if read_data.len() != KM_BLOCK_SIZE { |
| return Err(km_err!( |
| SecureHwCommunicationFailed, |
| "Failed to read complete block from storage. Received {} bytes", |
| read_data.len() |
| )); |
| } |
| let block_start = match start_pos { |
| KM_FACTORY_RESET_SECRET_POS => KM_FACTORY_FIRST_SECURE_DELETION_SECRET_POS, |
| _ => 0, |
| }; |
| for (chunk_num, secret) in read_data[block_start..].chunks(KM_SECRET_SIZE).enumerate() { |
| if (secret[0] & KM_IN_USE_FLAG) == 0 { |
| key_slot = |
| (start_pos + block_start + (chunk_num * KM_SECRET_SIZE)) / KM_SECRET_SIZE; |
| break 'search_loop; |
| } |
| } |
| } |
| Ok(key_slot) |
| } |
| |
| fn write_block(&mut self, start: usize, buffer: &[u8]) -> Result<(), Error> { |
| self.transaction.write_at(&mut self.file, start, buffer).map_err(|_| { |
| km_err!( |
| SecureHwCommunicationFailed, |
| "Failed to write to deletion secret file at pos {}", |
| start |
| ) |
| }) |
| } |
| |
| fn get_file_size(&mut self) -> Result<usize, Error> { |
| self.transaction.get_size(&self.file).map_err(|_| { |
| km_err!(SecureHwCommunicationFailed, "Couldn't get secure deletion secret file size") |
| }) |
| } |
| |
| fn get_max_file_size(is_upgrade: bool) -> usize { |
| match is_upgrade { |
| true => KM_MAX_SECRET_FILE_SIZE_FOR_UPGRADES, |
| false => KM_MAX_SECRET_FILE_SIZE, |
| } |
| } |
| |
| fn resize(&mut self, new_size: usize) -> Result<(), Error> { |
| self.transaction.set_size(&mut self.file, new_size).map_err(|_| { |
| km_err!( |
| SecureHwCommunicationFailed, |
| "Failed to resize secure deletion secret file to {}", |
| new_size |
| ) |
| })?; |
| Ok(()) |
| } |
| |
| fn zero_entries(&mut self, begin: usize, end: usize) -> Result<(), Error> { |
| if (begin % KM_SECRET_SIZE) != 0 { |
| return Err(km_err!( |
| InvalidArgument, |
| "zero_entries called with invalid offset {}", |
| begin |
| )); |
| } |
| let zero_buff = [0; KM_SECRET_SIZE]; |
| for start_pos in (begin..end).step_by(KM_SECRET_SIZE) { |
| self.write_block(start_pos, &zero_buff)?; |
| } |
| Ok(()) |
| } |
| |
| fn finish_transaction(mut self) -> Result<(), Error> { |
| self.transaction.commit().map_err(|_| { |
| km_err!( |
| SecureHwCommunicationFailed, |
| "Failed to commit transaction on secure deletion secret file" |
| ) |
| }) |
| } |
| } |
| |
| #[derive(Clone, PartialEq, Eq, Zeroize, ZeroizeOnDrop)] |
| struct FactoryResetSecret(Option<[u8; KM_FACTORY_RESET_SECRET_SIZE]>); |
| |
| #[derive(Clone, PartialEq, Eq)] |
| pub struct TrustySecureDeletionSecretManager { |
| factory_reset_secret: RefCell<FactoryResetSecret>, |
| } |
| |
| impl TrustySecureDeletionSecretManager { |
| pub fn new() -> Self { |
| TrustySecureDeletionSecretManager { |
| factory_reset_secret: RefCell::new(FactoryResetSecret(None)), |
| } |
| } |
| |
| // get_factory_reset_secret_impl will just try to get the factory reset secret either from cache |
| // or from the file if it exists. If the secret is read and not cached, it will cache it. |
| // If the file doesn't exist, or if it is empty, it will return a File object/session; so the |
| // caller can initialize it. In case the caller doesn't initialize it, we will end up with an |
| // empty file on the file system, but this should be fine because we treat an empty file in the |
| // same way we treat a non-existing file. |
| fn get_factory_reset_secret_impl<'a>( |
| &'a self, |
| session: Option<&'a mut SecureDeletionSecretFileSession>, |
| ) -> Result<RetrieveSecureDeletionSecretFileData, Error> { |
| match self.factory_reset_secret.borrow_mut().deref_mut().0 { |
| Some(secret) => { |
| Ok(RetrieveSecureDeletionSecretFileData::CachedDataFound(SecureDeletionData { |
| factory_reset_secret: secret.clone(), |
| secure_deletion_secret: [0; KM_SECRET_SIZE], |
| })) |
| } |
| mut factory_reset_secret @ None => { |
| debug!("Trying to open a session to read factory reset secret"); |
| let session = session.ok_or(km_err!( |
| SecureHwCommunicationFailed, |
| "Couldn't get a session to open the secure deletion secret file" |
| ))?; |
| let mut sdsf_file = SecureDeletionSecretFile::open_or_create(session)?; |
| let file_size = sdsf_file.get_file_size().map_err(|_| { |
| km_err!( |
| SecureHwCommunicationFailed, |
| "Couldn't get secure deletion secret file size" |
| ) |
| })?; |
| if file_size > 0 { |
| // We found a secret on the file; read it |
| debug!("Opened non-empty secure secrets file"); |
| let mut buffer = [0; KM_FACTORY_RESET_SECRET_SIZE]; |
| let block = sdsf_file.read_block(KM_FACTORY_RESET_SECRET_POS, &mut buffer)?; |
| debug!("Read factory-reset secret, size {}", block.len()); |
| if block.len() != KM_FACTORY_RESET_SECRET_SIZE { |
| return Err(km_err!( |
| SecureHwCommunicationFailed, |
| "Failed to read complete secret data from storage. Received {} bytes", |
| block.len() |
| )); |
| } |
| factory_reset_secret.replace(buffer.clone()); |
| Ok(RetrieveSecureDeletionSecretFileData::DataFoundOnFile(SecureDeletionData { |
| factory_reset_secret: buffer, |
| secure_deletion_secret: [0; KM_SECRET_SIZE], |
| })) |
| } else { |
| Ok(RetrieveSecureDeletionSecretFileData::EmptyFileFound(sdsf_file)) |
| } |
| } |
| } |
| } |
| |
| // get_or_create_factory_reset_secret_impl will use get_factory_reset_secret_impl to try to get |
| // the factory reset secret. If the secure deletion secret file doesn't exist on secure storage, |
| // it will create it and will also initialize it. |
| fn get_or_create_factory_reset_secret_impl( |
| &mut self, |
| rng: &mut dyn crypto::Rng, |
| wait_for_port: bool, |
| ) -> Result<SecureDeletionData, Error> { |
| let mut session = SecureDeletionSecretFileSession::new(wait_for_port).ok(); |
| let mut secret_file_data = self.get_factory_reset_secret_impl(session.as_mut())?; |
| match secret_file_data { |
| RetrieveSecureDeletionSecretFileData::CachedDataFound(data) => Ok(data), |
| RetrieveSecureDeletionSecretFileData::DataFoundOnFile(data) => Ok(data), |
| RetrieveSecureDeletionSecretFileData::EmptyFileFound(mut sdsf_file) => { |
| sdsf_file.resize(KM_BLOCK_SIZE)?; |
| debug!("Resized secure secrets file to size {}", KM_BLOCK_SIZE); |
| let mut buffer = [0; KM_FACTORY_RESET_SECRET_SIZE]; |
| rng.fill_bytes(&mut buffer); |
| sdsf_file.write_block(KM_FACTORY_RESET_SECRET_POS, &buffer)?; |
| debug!("Wrote new factory reset secret"); |
| sdsf_file |
| .zero_entries(KM_FACTORY_FIRST_SECURE_DELETION_SECRET_POS, KM_BLOCK_SIZE)?; |
| debug!("Zeroed secrets"); |
| sdsf_file.finish_transaction()?; |
| debug!("Committed new secrets file"); |
| self.factory_reset_secret.borrow_mut().deref_mut().0.replace(buffer.clone()); |
| Ok(SecureDeletionData { |
| factory_reset_secret: buffer, |
| secure_deletion_secret: [0; KM_SECRET_SIZE], |
| }) |
| } |
| } |
| } |
| |
| fn read_slot_data(&self, slot: SecureDeletionSlot, buffer: &mut [u8]) -> Result<(), Error> { |
| let buffer_size = buffer.len(); |
| if buffer_size != KM_SECRET_SIZE { |
| return Err(km_err!( |
| InsufficientBufferSpace, |
| "Needed {} bytes to read slot. Received {}", |
| KM_SECRET_SIZE, |
| buffer.len() |
| )); |
| } |
| let requested_slot = slot.0 as usize; |
| let key_slot_pos = requested_slot * KM_SECRET_SIZE; |
| let mut session = match SecureDeletionSecretFileSession::new(true) { |
| Ok(session) => session, |
| Err(e) => { |
| error!("Failed to open session to get secure deletion data"); |
| return Err(e); |
| } |
| }; |
| let mut sdsf_file = match SecureDeletionSecretFile::open_or_create(&mut session) { |
| Ok(sdsf_file) => sdsf_file, |
| Err(e) => { |
| error!("Failed to open file to get secure deletion data"); |
| return Err(e); |
| } |
| }; |
| let file_size = match sdsf_file.get_file_size() { |
| Ok(file_size) => file_size, |
| Err(e) => { |
| error!("Failed to read secure deletion data file size"); |
| return Err(e); |
| } |
| }; |
| if (key_slot_pos + KM_SECRET_SIZE) > file_size { |
| return Err(km_err!( |
| InvalidArgument, |
| "Invalid key slot {} would read past end of file of size {}", |
| requested_slot, |
| file_size |
| )); |
| } |
| match sdsf_file.read_block(key_slot_pos, buffer) { |
| Ok(read_data) => { |
| if buffer_size == read_data.len() { |
| Ok(()) |
| } else { |
| Err(km_err!( |
| SecureHwCommunicationFailed, |
| "Failed to read complete slot data from storage. Received {} bytes", |
| read_data.len() |
| )) |
| } |
| } |
| Err(e) => { |
| error!("Failed to read secret from slot {}", requested_slot); |
| Err(e) |
| } |
| } |
| } |
| } |
| |
| impl Drop for TrustySecureDeletionSecretManager { |
| fn drop(&mut self) { |
| self.factory_reset_secret.borrow_mut().deref_mut().zeroize(); |
| } |
| } |
| |
| impl ZeroizeOnDrop for TrustySecureDeletionSecretManager {} |
| |
| impl SecureDeletionSecretManager for TrustySecureDeletionSecretManager { |
| fn get_or_create_factory_reset_secret( |
| &mut self, |
| rng: &mut dyn crypto::Rng, |
| ) -> Result<SecureDeletionData, Error> { |
| self.get_or_create_factory_reset_secret_impl(rng, true) |
| } |
| |
| fn get_factory_reset_secret(&self) -> Result<SecureDeletionData, Error> { |
| let mut session = SecureDeletionSecretFileSession::new(true).ok(); |
| let mut secret_file_data = self.get_factory_reset_secret_impl(session.as_mut())?; |
| match secret_file_data { |
| RetrieveSecureDeletionSecretFileData::CachedDataFound(data) => Ok(data), |
| RetrieveSecureDeletionSecretFileData::DataFoundOnFile(data) => Ok(data), |
| RetrieveSecureDeletionSecretFileData::EmptyFileFound(_) => { |
| Err(km_err!(UnknownError, "Factory reset secret not found")) |
| } |
| } |
| } |
| |
| fn new_secret( |
| &mut self, |
| rng: &mut dyn crypto::Rng, |
| slot_purpose: SlotPurpose, |
| ) -> Result<(SecureDeletionSlot, SecureDeletionData), Error> { |
| let is_upgrade = match slot_purpose { |
| SlotPurpose::KeyUpgrade => true, |
| _ => false, |
| }; |
| // We are not waiting on the connection if the TA port is not available. This follows the |
| // behavior of the original code. |
| let mut secure_deletion_data = |
| match self.get_or_create_factory_reset_secret_impl(rng, false) { |
| Ok(data) => data, |
| Err(e) => { |
| info!("Unable to get factory reset secret"); |
| return Err(e); |
| } |
| }; |
| rng.fill_bytes(&mut secure_deletion_data.secure_deletion_secret); |
| secure_deletion_data.secure_deletion_secret[0] |= KM_IN_USE_FLAG; |
| // Next call will block on the port. It should be fine, because if we reach this point, the |
| // TA should have been available before. Also, the original code follows a similar flow on |
| // which they use a blocking call if this point is reached. |
| let mut session = SecureDeletionSecretFileSession::new(true)?; |
| let mut sdsf_file = SecureDeletionSecretFile::open_or_create(&mut session)?; |
| let mut empty_slot = match sdsf_file.find_empty_slot(is_upgrade) { |
| Ok(slot) => slot, |
| Err(e) => { |
| error!("Error while searching for key slot"); |
| return Err(e); |
| } |
| }; |
| |
| let original_file_size = sdsf_file.get_file_size()?; |
| if empty_slot == 0 { |
| //No empty slot found, try to increase file size |
| let max_file_size = SecureDeletionSecretFile::get_max_file_size(is_upgrade); |
| if (original_file_size >= max_file_size) { |
| error!( |
| "Didn't find a slot and can't grow the file larger than {}", |
| original_file_size |
| ); |
| return Err(km_err!( |
| UnknownError, |
| "Didn't find a slot and can't grow the file larger than {}", |
| original_file_size |
| )); |
| } |
| let new_size = original_file_size + KM_BLOCK_SIZE; |
| debug!("Attempting to resize file from {} to {}", original_file_size, new_size); |
| if let Err(e) = sdsf_file.resize(new_size) { |
| error!("Failed to grow file to make room for a key slot"); |
| return Err(e); |
| } |
| debug!("Resized file to {}", new_size); |
| if let Err(e) = sdsf_file.zero_entries(original_file_size, new_size) { |
| error!("Error zeroing space in extended file"); |
| return Err(e); |
| } |
| empty_slot = original_file_size / KM_SECRET_SIZE; |
| } |
| debug!("Writing new deletion secret to key slot {}", empty_slot); |
| if let Err(e) = sdsf_file |
| .write_block(empty_slot * KM_SECRET_SIZE, &secure_deletion_data.secure_deletion_secret) |
| { |
| error!("Failed to write new deletion secret to key slot {}", empty_slot); |
| return Err(e); |
| } |
| if let Err(e) = sdsf_file.finish_transaction() { |
| error!( |
| "Failed to commit transaction writing new deletion secret to slot {}", |
| empty_slot |
| ); |
| return Err(e); |
| } |
| debug!("Committed new secret"); |
| Ok((SecureDeletionSlot(empty_slot as u32), secure_deletion_data)) |
| } |
| |
| fn get_secret(&self, slot: SecureDeletionSlot) -> Result<SecureDeletionData, Error> { |
| let mut current_try = 0; |
| let mut secure_deletion_data = loop { |
| let data = self.get_factory_reset_secret(); |
| if (data.is_ok()) || (current_try >= KM_MAX_TRIES) { |
| break data?; |
| } |
| current_try += 1; |
| }; |
| let requested_slot = slot.0 as usize; |
| // TODO: Should we also limit access to slot 1? slot 1 should be part of the factory reset |
| // secret, but c++ code only checked for slot 0. |
| if requested_slot == 0 { |
| // Original debug message from c++ code was "Secure deletion not requested" |
| debug!("Requested deletion of slot 0 which corresponds to factory reset secret."); |
| return Err(km_err!( |
| InvalidArgument, |
| "Requested slot 0 which does not contain a secret" |
| )); |
| } |
| |
| current_try = 0; |
| loop { |
| match self.read_slot_data(slot, &mut secure_deletion_data.secure_deletion_secret) { |
| Ok(_) => { |
| debug!( |
| "Read secure deletion secret, size: {}", |
| secure_deletion_data.secure_deletion_secret.len() |
| ); |
| break Ok(secure_deletion_data); |
| } |
| Err(e) => { |
| if (current_try >= KM_MAX_TRIES) { |
| break Err(e); |
| } |
| } |
| } |
| current_try += 1; |
| } |
| } |
| |
| fn delete_secret(&mut self, slot: SecureDeletionSlot) -> Result<(), Error> { |
| let requested_slot = slot.0 as usize; |
| // TODO: Should we also limit access to slot 1? slot 1 should be part of the factory reset |
| // secret, but c++ code only checked for slot 0. |
| if requested_slot == 0 { |
| debug!("key_slot == 0, nothing to delete"); |
| return Err(km_err!( |
| InvalidArgument, |
| "Requested slot 0 which does not contain a secret" |
| )); |
| } |
| let key_slot_start = requested_slot * KM_SECRET_SIZE; |
| let key_slot_end = key_slot_start + KM_SECRET_SIZE; |
| if (key_slot_start < KM_FACTORY_FIRST_SECURE_DELETION_SECRET_POS) { |
| return Err(km_err!( |
| InvalidArgument, |
| "Attempted to delete invalid key slot {}", |
| requested_slot |
| )); |
| } |
| // TODO: Check if we should also stop trying to delete the key after some number of retries. |
| // C++ code doesn't stop retrying, which is the current behavior here. |
| loop { |
| let mut session = match SecureDeletionSecretFileSession::new(true) { |
| Ok(mut session) => session, |
| Err(_) => { |
| error!("Failed to open session to retrieve secure deletion data"); |
| continue; |
| } |
| }; |
| let mut sdsf_file = match SecureDeletionSecretFile::open_or_create(&mut session) { |
| Ok(mut sdsf_file) => sdsf_file, |
| Err(_) => { |
| error!("Failed to open file to retrieve secure deletion data"); |
| continue; |
| } |
| }; |
| let file_size = match sdsf_file.get_file_size() { |
| Ok(size) => size, |
| Err(_) => continue, |
| }; |
| if key_slot_end > file_size { |
| return Err(km_err!( |
| InvalidArgument, |
| "Attempted to delete invalid key slot {}", |
| requested_slot |
| )); |
| } |
| if let Err(_) = sdsf_file.zero_entries(key_slot_start, key_slot_end) { |
| continue; |
| } |
| debug!( |
| "Deleted secure key slot {}, zeroing {} to {}", |
| requested_slot, key_slot_start, key_slot_end |
| ); |
| if let Err(_) = sdsf_file.finish_transaction() { |
| error!("Failed to commit transaction deleting key at slot {}", requested_slot); |
| continue; |
| } |
| debug!("Committed deletion"); |
| break; |
| } |
| Ok(()) |
| } |
| |
| fn delete_all(&mut self) { |
| // TODO: Check if we should also stop trying to delete all keys after some number of |
| // retries. C++ code doesn't stop retrying, which is the current behavior here. |
| loop { |
| let mut session = match SecureDeletionSecretFileSession::new(true) { |
| Ok(mut session) => session, |
| Err(_) => { |
| error!("Failed to open session to delete secrets file"); |
| continue; |
| } |
| }; |
| if session.delete_file().is_ok() { |
| break; |
| } |
| } |
| } |
| } |
| |
| #[cfg(test)] |
| mod tests { |
| use super::*; |
| use kmr_crypto_boring::rng::BoringRng; |
| use test::{expect, expect_eq, expect_ne}; |
| |
| fn check_secret_manager_file_exists() -> bool { |
| let mut session = |
| Session::new(Port::TamperProof, true).expect("Couldn't connect to storage"); |
| session.open_file(KM_SECURE_DELETION_SECRET_FILENAME, OpenMode::Open).is_ok() |
| } |
| |
| #[test] |
| fn secret_data_is_cached() { |
| let mut sdsf = TrustySecureDeletionSecretManager::new(); |
| sdsf.delete_all(); |
| expect!(check_secret_manager_file_exists() == false, "Couldn't delete secret manager file"); |
| let mut rng = BoringRng::default(); |
| let secret1 = |
| sdsf.get_or_create_factory_reset_secret(&mut rng).expect("Couldn't create secret"); |
| let mut session = SecureDeletionSecretFileSession::new(true).ok(); |
| let secret2 = match sdsf.get_factory_reset_secret_impl(session.as_mut()) { |
| Ok(RetrieveSecureDeletionSecretFileData::CachedDataFound(secret)) => secret, |
| _ => panic!("Data should have been cached"), |
| }; |
| let secret3 = |
| sdsf.get_or_create_factory_reset_secret(&mut rng).expect("Couldn't get secret"); |
| expect_eq!( |
| secret1.factory_reset_secret, |
| secret2.factory_reset_secret, |
| "Should have retrieved the same secret" |
| ); |
| expect_eq!( |
| secret1.secure_deletion_secret, |
| secret2.secure_deletion_secret, |
| "Should have retrieved the same secret" |
| ); |
| expect_eq!( |
| secret1.secure_deletion_secret, |
| [0; KM_SECRET_SIZE], |
| "Deletion secret should be 0" |
| ); |
| expect_ne!( |
| secret1.factory_reset_secret, |
| [0; KM_FACTORY_RESET_SECRET_SIZE], |
| "Factory reset secret should not be 0" |
| ); |
| expect_eq!( |
| secret1.factory_reset_secret, |
| secret3.factory_reset_secret, |
| "Should have retrieved the same secret" |
| ); |
| sdsf.factory_reset_secret.replace(FactoryResetSecret(None)); |
| let secret3 = match sdsf.get_factory_reset_secret_impl(session.as_mut()) { |
| Ok(RetrieveSecureDeletionSecretFileData::DataFoundOnFile(secret)) => secret, |
| _ => panic!("Data couldn't be read from file."), |
| }; |
| expect_eq!( |
| secret1.factory_reset_secret, |
| secret3.factory_reset_secret, |
| "Should have retrieved the same secret" |
| ); |
| sdsf.delete_all(); |
| expect!(check_secret_manager_file_exists() == false, "Couldn't delete secret manager file"); |
| } |
| |
| #[test] |
| fn new_secret_data_file_is_clean() { |
| let mut sdsf = TrustySecureDeletionSecretManager::new(); |
| sdsf.delete_all(); |
| expect!(check_secret_manager_file_exists() == false, "Couldn't delete secret manager file"); |
| let mut rng = BoringRng::default(); |
| let secret1 = |
| sdsf.get_or_create_factory_reset_secret(&mut rng).expect("Couldn't create secret"); |
| let num_initial_slots = KM_BLOCK_SIZE / KM_SECRET_SIZE; |
| for slot_num in (2..num_initial_slots) { |
| let secret = |
| sdsf.get_secret(SecureDeletionSlot(slot_num as u32)).expect("Couldn't read slot"); |
| expect_eq!( |
| secret.secure_deletion_secret, |
| [0; KM_SECRET_SIZE], |
| "Deletion secret should be 0" |
| ); |
| expect_eq!( |
| secret.factory_reset_secret, |
| secret1.factory_reset_secret, |
| "Factory reset secret should match" |
| ); |
| } |
| let secret = sdsf.get_secret(SecureDeletionSlot(num_initial_slots as u32)); |
| expect!(secret.is_err(), "Read outside of initial range should fail"); |
| sdsf.delete_all(); |
| expect!(check_secret_manager_file_exists() == false, "Couldn't delete secret manager file"); |
| } |
| |
| #[test] |
| fn new_secret_data_file_expands() { |
| let mut sdsf = TrustySecureDeletionSecretManager::new(); |
| sdsf.delete_all(); |
| expect!(check_secret_manager_file_exists() == false, "Couldn't delete secret manager file"); |
| let mut rng = BoringRng::default(); |
| let secret1 = |
| sdsf.get_or_create_factory_reset_secret(&mut rng).expect("Couldn't create secret"); |
| let num_slots_per_block = KM_BLOCK_SIZE / KM_SECRET_SIZE; |
| let max_num_slots = KM_MAX_SECRET_FILE_SIZE / KM_SECRET_SIZE; |
| for slot_num in (2..max_num_slots) { |
| let (deletion_slot, deletion_data) = sdsf |
| .new_secret(&mut rng, SlotPurpose::KeyGeneration) |
| .expect("Couldn't create secret"); |
| // This test assumes order of secret creation on an empty file; next line can be changed |
| // to something like a map (to check that an empty slot if chosen every time) if order |
| // is not sequential anymore. |
| expect_eq!(deletion_slot.0 as usize, slot_num, "Wrong slot used for new secret"); |
| expect_ne!( |
| deletion_data.secure_deletion_secret, |
| [0; KM_SECRET_SIZE], |
| "Deletion secret should not be 0" |
| ); |
| expect_ne!( |
| deletion_data.secure_deletion_secret[0] & KM_IN_USE_FLAG, |
| 0, |
| "Slot should be marked as in use" |
| ); |
| let slot_data = sdsf.get_secret(deletion_slot).expect("Couldn't read back secret"); |
| expect_eq!( |
| deletion_data.secure_deletion_secret, |
| slot_data.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| expect_eq!( |
| deletion_data.factory_reset_secret, |
| slot_data.factory_reset_secret, |
| "Factory reset secret should match" |
| ); |
| } |
| let size_failure = sdsf.new_secret(&mut rng, SlotPurpose::KeyGeneration); |
| expect!(size_failure.is_err(), "Shouldn't be able to increase secret file size any larger"); |
| //Testing upgrade flow |
| let max_num_upgrade_slots = (KM_MAX_SECRET_FILE_SIZE_FOR_UPGRADES) / KM_SECRET_SIZE; |
| for slot_num in (max_num_slots..max_num_upgrade_slots) { |
| let (deletion_slot, deletion_data) = sdsf |
| .new_secret(&mut rng, SlotPurpose::KeyUpgrade) |
| .expect("Couldn't create secret for upgrade flow"); |
| expect_eq!(deletion_slot.0 as usize, slot_num, "Wrong slot used for new secret"); |
| expect_ne!( |
| deletion_data.secure_deletion_secret, |
| [0; KM_SECRET_SIZE], |
| "Deletion secret should not be 0" |
| ); |
| expect_ne!( |
| deletion_data.secure_deletion_secret[0] & KM_IN_USE_FLAG, |
| 0, |
| "Slot should be marked as in use" |
| ); |
| let slot_data = sdsf.get_secret(deletion_slot).expect("Couldn't read back secret"); |
| expect_eq!( |
| deletion_data.secure_deletion_secret, |
| slot_data.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| expect_eq!( |
| deletion_data.factory_reset_secret, |
| slot_data.factory_reset_secret, |
| "Factory reset secret should match" |
| ); |
| } |
| let size_failure = sdsf.new_secret(&mut rng, SlotPurpose::KeyUpgrade); |
| expect!(size_failure.is_err(), "Shouldn't be able to increase secret file size any larger"); |
| //Testing deletion |
| for slot_num in (2..max_num_upgrade_slots).rev() { |
| let slot = SecureDeletionSlot(slot_num as u32); |
| sdsf.delete_secret(slot).expect("Couldn't delete secret"); |
| let slot_data = sdsf.get_secret(slot).expect("Couldn't read back secret"); |
| expect_eq!( |
| slot_data.secure_deletion_secret, |
| [0; KM_SECRET_SIZE], |
| "Deletion secret should be 0" |
| ); |
| let (deletion_slot, deletion_data) = |
| sdsf.new_secret(&mut rng, SlotPurpose::KeyUpgrade).expect("Couldn't create secret"); |
| expect_eq!(deletion_slot.0 as usize, slot_num, "Wrong slot used for new secret"); |
| expect_ne!( |
| deletion_data.secure_deletion_secret, |
| [0; KM_SECRET_SIZE], |
| "Deletion secret should not be 0" |
| ); |
| expect_ne!( |
| deletion_data.secure_deletion_secret[0] & KM_IN_USE_FLAG, |
| 0, |
| "Slot should be marked as in use" |
| ); |
| } |
| sdsf.delete_all(); |
| expect!(check_secret_manager_file_exists() == false, "Couldn't delete secret manager file"); |
| } |
| |
| #[test] |
| fn new_secret_data_dont_affect_neighbors() { |
| let mut sdsf = TrustySecureDeletionSecretManager::new(); |
| sdsf.delete_all(); |
| expect!(check_secret_manager_file_exists() == false, "Couldn't delete secret manager file"); |
| let mut rng = BoringRng::default(); |
| let reset_secret = sdsf |
| .get_or_create_factory_reset_secret(&mut rng) |
| .expect("Couldn't create factory reset secret"); |
| let (deletion_slot_1, deletion_data_1) = |
| sdsf.new_secret(&mut rng, SlotPurpose::KeyGeneration).expect("Couldn't create secret"); |
| sdsf.delete_secret(deletion_slot_1).expect("Couldn't delete secret"); |
| // Delete cached data |
| sdsf.factory_reset_secret.replace(FactoryResetSecret(None)); |
| let reset_secret_1 = |
| sdsf.get_factory_reset_secret().expect("Couldn't get factory reset secret"); |
| expect_eq!( |
| reset_secret.factory_reset_secret, |
| reset_secret_1.factory_reset_secret, |
| "Factory reset secret should match" |
| ); |
| let (deletion_slot_1, deletion_data_1) = |
| sdsf.new_secret(&mut rng, SlotPurpose::KeyGeneration).expect("Couldn't create secret"); |
| let (deletion_slot_2, deletion_data_2) = |
| sdsf.new_secret(&mut rng, SlotPurpose::KeyGeneration).expect("Couldn't create secret"); |
| let (deletion_slot_3, deletion_data_3) = |
| sdsf.new_secret(&mut rng, SlotPurpose::KeyGeneration).expect("Couldn't create secret"); |
| let (deletion_slot_4, deletion_data_4) = |
| sdsf.new_secret(&mut rng, SlotPurpose::KeyGeneration).expect("Couldn't create secret"); |
| let (deletion_slot_5, deletion_data_5) = |
| sdsf.new_secret(&mut rng, SlotPurpose::KeyGeneration).expect("Couldn't create secret"); |
| let slot_data = sdsf.get_secret(deletion_slot_1).expect("Couldn't read back secret"); |
| expect_eq!( |
| slot_data.secure_deletion_secret, |
| deletion_data_1.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| let slot_data = sdsf.get_secret(deletion_slot_2).expect("Couldn't read back secret"); |
| expect_eq!( |
| slot_data.secure_deletion_secret, |
| deletion_data_2.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| let slot_data = sdsf.get_secret(deletion_slot_3).expect("Couldn't read back secret"); |
| expect_eq!( |
| slot_data.secure_deletion_secret, |
| deletion_data_3.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| let slot_data = sdsf.get_secret(deletion_slot_4).expect("Couldn't read back secret"); |
| expect_eq!( |
| slot_data.secure_deletion_secret, |
| deletion_data_4.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| let slot_data = sdsf.get_secret(deletion_slot_5).expect("Couldn't read back secret"); |
| expect_eq!( |
| slot_data.secure_deletion_secret, |
| deletion_data_5.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| sdsf.delete_secret(deletion_slot_3).expect("Couldn't delete secret"); |
| let slot_data = sdsf.get_secret(deletion_slot_1).expect("Couldn't read back secret"); |
| expect_eq!( |
| slot_data.secure_deletion_secret, |
| deletion_data_1.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| let slot_data = sdsf.get_secret(deletion_slot_2).expect("Couldn't read back secret"); |
| expect_eq!( |
| slot_data.secure_deletion_secret, |
| deletion_data_2.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| let slot_data = sdsf.get_secret(deletion_slot_3).expect("Couldn't read back secret"); |
| expect_ne!( |
| slot_data.secure_deletion_secret, |
| deletion_data_3.secure_deletion_secret, |
| "Secret data should not match anymore" |
| ); |
| let slot_data = sdsf.get_secret(deletion_slot_4).expect("Couldn't read back secret"); |
| expect_eq!( |
| slot_data.secure_deletion_secret, |
| deletion_data_4.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| let slot_data = sdsf.get_secret(deletion_slot_5).expect("Couldn't read back secret"); |
| expect_eq!( |
| slot_data.secure_deletion_secret, |
| deletion_data_5.secure_deletion_secret, |
| "Secret data should match" |
| ); |
| // Delete cached data |
| sdsf.factory_reset_secret.replace(FactoryResetSecret(None)); |
| let reset_secret_1 = |
| sdsf.get_factory_reset_secret().expect("Couldn't get factory reset secret"); |
| expect_eq!( |
| reset_secret.factory_reset_secret, |
| reset_secret_1.factory_reset_secret, |
| "Factory reset secret should match" |
| ); |
| sdsf.delete_all(); |
| expect!(check_secret_manager_file_exists() == false, "Couldn't delete secret manager file"); |
| } |
| } |
| |
| /// Wrapper to allow a single instance of [`SecureDeletionSecretManager`] to be shared. |
| #[derive(Clone)] |
| pub struct SharedSddManager<T> { |
| inner: Rc<RefCell<T>>, |
| } |
| |
| impl<T> SharedSddManager<T> { |
| /// Move a [`SecureDeletionSecretManager`] into a shareable wrapper. |
| pub fn new(inner: T) -> Self { |
| Self { inner: Rc::new(RefCell::new(inner)) } |
| } |
| } |
| |
| impl<T: SecureDeletionSecretManager> SecureDeletionSecretManager for SharedSddManager<T> { |
| fn get_or_create_factory_reset_secret( |
| &mut self, |
| rng: &mut dyn crypto::Rng, |
| ) -> Result<SecureDeletionData, Error> { |
| self.inner.borrow_mut().get_or_create_factory_reset_secret(rng) |
| } |
| |
| fn get_factory_reset_secret(&self) -> Result<SecureDeletionData, Error> { |
| self.inner.borrow_mut().get_factory_reset_secret() |
| } |
| |
| fn new_secret( |
| &mut self, |
| rng: &mut dyn crypto::Rng, |
| purpose: kmr_common::keyblob::SlotPurpose, |
| ) -> Result<(SecureDeletionSlot, SecureDeletionData), Error> { |
| self.inner.borrow_mut().new_secret(rng, purpose) |
| } |
| |
| fn get_secret(&self, slot: SecureDeletionSlot) -> Result<SecureDeletionData, Error> { |
| self.inner.borrow().get_secret(slot) |
| } |
| |
| fn delete_secret(&mut self, slot: SecureDeletionSlot) -> Result<(), Error> { |
| self.inner.borrow_mut().delete_secret(slot) |
| } |
| |
| fn delete_all(&mut self) { |
| self.inner.borrow_mut().delete_all() |
| } |
| } |
