1 /*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "proxy.h"
18
19 #include <assert.h>
20 #include <lk/list.h> // for containerof
21 #include <stdlib.h>
22 #include <string.h>
23 #include <uapi/err.h>
24
25 #include <interface/storage/storage.h>
26 #include <lib/hwkey/hwkey.h>
27
28 #include "aidl_service.h"
29 #include "block_device.h"
30 #include "block_device_tipc.h"
31 #include "ipc.h"
32 #include "rpmb.h"
33 #include "tipc_service.h"
34
35 #define SS_ERR(args...) fprintf(stderr, "ss: " args)
36
37 static void proxy_disconnect(struct ipc_channel_context* ctx);
38
proxy_context_to_session(struct ipc_channel_context * context)39 static struct storage_session* proxy_context_to_session(
40 struct ipc_channel_context* context) {
41 assert(context != NULL);
42 struct storage_session* session =
43 containerof(context, struct storage_session, proxy_ctx);
44 assert(session->magic == STORAGE_SESSION_MAGIC);
45 return session;
46 }
47
get_storage_encryption_key(hwkey_session_t session,uint8_t * key,uint32_t key_size)48 static int get_storage_encryption_key(hwkey_session_t session,
49 uint8_t* key,
50 uint32_t key_size) {
51 static const struct key storage_key_derivation_data = {
52 .byte = {
53 0xbc, 0x10, 0x6c, 0x9e, 0xc1, 0xa4, 0x71, 0x04,
54 0x83, 0xab, 0x03, 0x4b, 0x75, 0x8a, 0xb3, 0x5e,
55 0xfb, 0xe5, 0x43, 0x6c, 0xe6, 0x74, 0xb7, 0xfc,
56 0xee, 0x20, 0xad, 0xae, 0xfb, 0x34, 0xab, 0xd3,
57 }};
58
59 if (key_size != sizeof(storage_key_derivation_data.byte)) {
60 return ERR_BAD_LEN;
61 }
62
63 uint32_t kdf_version = HWKEY_KDF_VERSION_1;
64 int rc = hwkey_derive(session, &kdf_version,
65 storage_key_derivation_data.byte, key, key_size);
66 if (rc < 0) {
67 SS_ERR("%s: failed to get key: %d\n", __func__, rc);
68 return rc;
69 }
70
71 return NO_ERROR;
72 }
73
74 #if !WITH_HKDF_RPMB_KEY
get_rpmb_auth_key(hwkey_session_t session,uint8_t * key,uint32_t key_size)75 static int get_rpmb_auth_key(hwkey_session_t session,
76 uint8_t* key,
77 uint32_t key_size) {
78 const char* storage_auth_key_id = "com.android.trusty.storage_auth.rpmb";
79
80 int rc = hwkey_get_keyslot_data(session, storage_auth_key_id, key,
81 &key_size);
82 if (rc < 0) {
83 SS_ERR("%s: failed to get key: %d\n", __func__, rc);
84 return rc;
85 }
86
87 return NO_ERROR;
88 }
89 #endif
90
storage_service_init(struct storage_service * self,struct tipc_hset * hset,handle_t chan_handle)91 static int storage_service_init(struct storage_service* self,
92 struct tipc_hset* hset,
93 handle_t chan_handle) {
94 int rc;
95
96 rc = hwkey_open();
97 if (rc < 0) {
98 SS_ERR("%s: hwkey init failed: %d\n", __func__, rc);
99 goto err_hwkey_open;
100 }
101
102 hwkey_session_t hwkey_session = (hwkey_session_t)rc;
103
104 /* Generate encryption key */
105 rc = get_storage_encryption_key(hwkey_session, self->key.byte,
106 sizeof(self->key));
107 if (rc < 0) {
108 SS_ERR("%s: can't get storage key: (%d) \n", __func__, rc);
109 goto err_get_storage_key;
110 }
111
112 struct rpmb_key* rpmb_key_ptr = NULL;
113 /* Init RPMB key */
114 #if !WITH_HKDF_RPMB_KEY
115 struct rpmb_key rpmb_key;
116 rc = get_rpmb_auth_key(hwkey_session, rpmb_key.byte, sizeof(rpmb_key.byte));
117 if (rc < 0) {
118 SS_ERR("%s: can't get storage auth key: (%d)\n", __func__, rc);
119 goto err_get_rpmb_key;
120 }
121
122 rpmb_key_ptr = &rpmb_key;
123 #endif
124
125 rc = block_device_tipc_init(&self->block_device, chan_handle, &self->key,
126 rpmb_key_ptr, hwkey_session);
127 if (rc < 0) {
128 SS_ERR("%s: block_device_tipc_init failed (%d)\n", __func__, rc);
129 goto err_init_block_device;
130 }
131
132 rc = storage_aidl_create_service(&self->aidl, hset);
133 if (rc < 0) {
134 SS_ERR("%s: storage_aidl_create_service failed (%d)\n", __func__, rc);
135 goto err_aidl_create_service;
136 }
137
138 storage_aidl_enable(&self->aidl, &self->block_device);
139
140 hwkey_close(hwkey_session);
141 self->initialized = true;
142 return NO_ERROR;
143
144 err_aidl_create_service:
145 err_init_block_device:
146 #if !WITH_HKDF_RPMB_KEY
147 err_get_rpmb_key:
148 #endif
149 err_get_storage_key:
150 hwkey_close(hwkey_session);
151 err_hwkey_open:
152 free(self);
153 err_alloc_service:
154 return rc;
155 }
156
storage_service_disconnect(struct storage_service * self)157 static void storage_service_disconnect(struct storage_service* self) {
158 storage_aidl_disable(&self->aidl);
159 block_device_tipc_disconnect(&self->block_device);
160 }
161
storage_service_reconnect(struct storage_service * self,handle_t chan_handle)162 static int storage_service_reconnect(struct storage_service* self,
163 handle_t chan_handle) {
164 int rc = block_device_tipc_reconnect(&self->block_device, chan_handle,
165 &self->key);
166 if (rc < 0) {
167 return rc;
168 }
169
170 storage_aidl_enable(&self->aidl, &self->block_device);
171 return NO_ERROR;
172 }
173
storage_service_destroy(struct storage_service * self)174 static void storage_service_destroy(struct storage_service* self) {
175 storage_aidl_destroy_service(&self->aidl);
176 block_device_tipc_destroy(&self->block_device);
177 }
178
proxy_connect(struct ipc_port_context * parent_ctx,const uuid_t * peer_uuid,handle_t chan_handle)179 struct ipc_channel_context* proxy_connect(struct ipc_port_context* parent_ctx,
180 const uuid_t* peer_uuid,
181 handle_t chan_handle) {
182 struct proxy_connect_context* self =
183 containerof(parent_ctx, struct proxy_connect_context, tipc_ctx);
184 struct tipc_hset* hset = parent_ctx->common.hset;
185 int rc;
186
187 if (!self->service.initialized) {
188 rc = storage_service_init(&self->service, hset, chan_handle);
189 if (rc < 0) {
190 goto err_service_init;
191 }
192 } else {
193 rc = storage_service_reconnect(&self->service, chan_handle);
194 if (rc < 0) {
195 goto err_service_reconnect;
196 }
197 }
198
199 struct storage_session* session = calloc(1, sizeof(*session));
200 if (session == NULL) {
201 SS_ERR("%s: out of memory\n", __func__);
202 goto err_alloc_session;
203 }
204
205 session->magic = STORAGE_SESSION_MAGIC;
206 session->service = &self->service;
207
208 rc = storage_tipc_service_init(&session->tipc,
209 &session->service->block_device, hset);
210 if (rc < 0) {
211 SS_ERR("%s: block_device_tipc_init failed (%d)\n", __func__, rc);
212 goto err_init_block_device_tipc;
213 }
214
215 session->proxy_ctx.ops.on_disconnect = proxy_disconnect;
216 return &session->proxy_ctx;
217
218 err_init_block_device_tipc:
219 free(session);
220 err_alloc_session:
221 storage_service_disconnect(&self->service);
222 err_service_reconnect:
223 storage_service_destroy(&self->service);
224 err_service_init:
225 return NULL;
226 }
227
proxy_disconnect(struct ipc_channel_context * ctx)228 void proxy_disconnect(struct ipc_channel_context* ctx) {
229 struct storage_session* session = proxy_context_to_session(ctx);
230 struct storage_service* service = session->service;
231
232 storage_tipc_service_destroy(&session->tipc, &service->block_device);
233 free(session);
234
235 storage_service_disconnect(service);
236 }
237
proxy_destroy(struct proxy_connect_context * self)238 void proxy_destroy(struct proxy_connect_context* self) {
239 storage_service_destroy(&self->service);
240 ipc_port_destroy(&self->tipc_ctx);
241 }