Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2023 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 17 | //! Non-secure implementation of the Secretkeeper HAL. |
Shikha Panwar | 2759df0 | 2023-11-27 22:00:42 +0000 | [diff] [blame] | 18 | mod store; |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 19 | |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 20 | use authgraph_boringssl as boring; |
Shikha Panwar | 2759df0 | 2023-11-27 22:00:42 +0000 | [diff] [blame] | 21 | use authgraph_core::keyexchange::{AuthGraphParticipant, MAX_OPENED_SESSIONS}; |
| 22 | use authgraph_core::ta::{AuthGraphTa, Role}; |
| 23 | use authgraph_hal::channel::SerializedChannel; |
| 24 | use log::{error, info, Level}; |
Shikha Panwar | 3f136b2 | 2023-12-07 18:44:00 +0000 | [diff] [blame] | 25 | use secretkeeper_core::ta::SecretkeeperTa; |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 26 | use secretkeeper_hal::SecretkeeperService; |
Shikha Panwar | 2759df0 | 2023-11-27 22:00:42 +0000 | [diff] [blame] | 27 | use std::sync::Arc; |
| 28 | use std::sync::Mutex; |
| 29 | use store::InMemoryStore; |
| 30 | |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 31 | use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::{ |
Shikha Panwar | 2759df0 | 2023-11-27 22:00:42 +0000 | [diff] [blame] | 32 | BpSecretkeeper, ISecretkeeper, |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 33 | }; |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 34 | use std::cell::RefCell; |
| 35 | use std::rc::Rc; |
| 36 | use std::sync::mpsc; |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 37 | |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 38 | /// Implementation of the Secrekeeper TA that runs locally in-process (and which is therefore |
| 39 | /// insecure). |
| 40 | pub struct LocalTa { |
| 41 | in_tx: mpsc::Sender<Vec<u8>>, |
| 42 | out_rx: mpsc::Receiver<Vec<u8>>, |
| 43 | } |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 44 | |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 45 | /// Prefix byte for messages intended for the AuthGraph TA. |
| 46 | const AG_MESSAGE_PREFIX: u8 = 0x00; |
| 47 | /// Prefix byte for messages intended for the Secretkeeper TA. |
| 48 | const SK_MESSAGE_PREFIX: u8 = 0x01; |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 49 | |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 50 | impl LocalTa { |
| 51 | /// Create a new instance. |
| 52 | pub fn new() -> Self { |
| 53 | // Create a pair of channels to communicate with the TA thread. |
| 54 | let (in_tx, in_rx) = mpsc::channel(); |
| 55 | let (out_tx, out_rx) = mpsc::channel(); |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 56 | |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 57 | // The TA code expects to run single threaded, so spawn a thread to run it in. |
| 58 | std::thread::spawn(move || { |
| 59 | let mut crypto_impls = boring::crypto_trait_impls(); |
Shikha Panwar | 2759df0 | 2023-11-27 22:00:42 +0000 | [diff] [blame] | 60 | let storage_impl = Box::new(InMemoryStore::default()); |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 61 | let sk_ta = Rc::new(RefCell::new( |
Shikha Panwar | 2759df0 | 2023-11-27 22:00:42 +0000 | [diff] [blame] | 62 | SecretkeeperTa::new(&mut crypto_impls, storage_impl) |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 63 | .expect("Failed to create local Secretkeeper TA"), |
| 64 | )); |
| 65 | let mut ag_ta = AuthGraphTa::new( |
| 66 | AuthGraphParticipant::new(crypto_impls, sk_ta.clone(), MAX_OPENED_SESSIONS) |
| 67 | .expect("Failed to create local AuthGraph TA"), |
| 68 | Role::Sink, |
| 69 | ); |
| 70 | |
| 71 | // Loop forever processing request messages. |
| 72 | loop { |
| 73 | let req_data: Vec<u8> = in_rx.recv().expect("failed to receive next req"); |
| 74 | let rsp_data = match req_data[0] { |
| 75 | AG_MESSAGE_PREFIX => ag_ta.process(&req_data[1..]), |
| 76 | SK_MESSAGE_PREFIX => { |
| 77 | // It's safe to `borrow_mut()` because this code is not a callback |
| 78 | // from AuthGraph (the only other holder of an `Rc`), and so there |
| 79 | // can be no live `borrow()`s in this (single) thread. |
| 80 | sk_ta.borrow_mut().process(&req_data[1..]) |
| 81 | } |
| 82 | prefix => panic!("unexpected messageprefix {prefix}!"), |
| 83 | }; |
| 84 | out_tx.send(rsp_data).expect("failed to send out rsp"); |
| 85 | } |
| 86 | }); |
| 87 | Self { in_tx, out_rx } |
| 88 | } |
| 89 | |
| 90 | fn execute_for(&mut self, prefix: u8, req_data: &[u8]) -> Vec<u8> { |
| 91 | let mut prefixed_req = Vec::with_capacity(req_data.len() + 1); |
| 92 | prefixed_req.push(prefix); |
| 93 | prefixed_req.extend_from_slice(req_data); |
| 94 | self.in_tx |
| 95 | .send(prefixed_req) |
| 96 | .expect("failed to send in request"); |
| 97 | self.out_rx.recv().expect("failed to receive response") |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 98 | } |
| 99 | } |
| 100 | |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 101 | pub struct AuthGraphChannel(Arc<Mutex<LocalTa>>); |
| 102 | impl SerializedChannel for AuthGraphChannel { |
| 103 | const MAX_SIZE: usize = usize::MAX; |
| 104 | fn execute(&self, req_data: &[u8]) -> binder::Result<Vec<u8>> { |
| 105 | Ok(self |
| 106 | .0 |
| 107 | .lock() |
| 108 | .unwrap() |
| 109 | .execute_for(AG_MESSAGE_PREFIX, req_data)) |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 110 | } |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 111 | } |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 112 | |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 113 | pub struct SecretkeeperChannel(Arc<Mutex<LocalTa>>); |
| 114 | impl SerializedChannel for SecretkeeperChannel { |
| 115 | const MAX_SIZE: usize = usize::MAX; |
| 116 | fn execute(&self, req_data: &[u8]) -> binder::Result<Vec<u8>> { |
| 117 | Ok(self |
| 118 | .0 |
| 119 | .lock() |
| 120 | .unwrap() |
| 121 | .execute_for(SK_MESSAGE_PREFIX, req_data)) |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 122 | } |
| 123 | } |
| 124 | |
| 125 | fn main() { |
| 126 | // Initialize Android logging. |
| 127 | android_logger::init_once( |
| 128 | android_logger::Config::default() |
| 129 | .with_tag("NonSecureSecretkeeper") |
| 130 | .with_min_level(Level::Info) |
| 131 | .with_log_id(android_logger::LogId::System), |
| 132 | ); |
| 133 | // Redirect panic messages to logcat. |
| 134 | std::panic::set_hook(Box::new(|panic_info| { |
| 135 | error!("{}", panic_info); |
| 136 | })); |
| 137 | |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 138 | let ta = Arc::new(Mutex::new(LocalTa::new())); |
| 139 | let ag_channel = AuthGraphChannel(ta.clone()); |
| 140 | let sk_channel = SecretkeeperChannel(ta.clone()); |
| 141 | |
| 142 | let service = SecretkeeperService::new_as_binder(sk_channel, ag_channel); |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 143 | let service_name = format!( |
| 144 | "{}/nonsecure", |
| 145 | <BpSecretkeeper as ISecretkeeper>::get_descriptor() |
| 146 | ); |
David Drysdale | 8898d2e | 2023-11-07 15:20:15 +0000 | [diff] [blame] | 147 | binder::add_service(&service_name, service.as_binder()).unwrap_or_else(|e| { |
| 148 | panic!("Failed to register service {service_name} because of {e:?}.",); |
Shikha Panwar | eb223ba | 2023-10-19 14:54:06 +0000 | [diff] [blame] | 149 | }); |
| 150 | info!("Registered Binder service, joining threadpool."); |
| 151 | binder::ProcessState::join_thread_pool(); |
| 152 | } |