Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 3d3a70a04aae0e4d2362514d9843f997c8143cdd^! / .
commit3d3a70a04aae0e4d2362514d9843f997c8143cdd[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Mon Aug 21 20:02:08 2023 +0000
committerShikha Panwar <shikhapanwar@google.com>Fri Sep 08 15:28:41 2023 +0000
treec048ad41b1d9ea4920971a4f7bbe5e67fd6e5b1f
parent95084dfd8587992bb384759544678fd0ab5cef8b [diff]
Move per api sealing derivations to vm_secret.

To ensure we use fixed but different salts in context of different API,
we add the method for each api (currently payload's secret derivation &
for encryptedstore key) moving the corresponding randomly generated bytes
to one place.

TRUNK_STABLE_FlAG: This is just refactoring & not part of feature.

Bug: 241541860
Test: Microdroid tests
Change-Id: Icab9f17dbc4c707216e3b0552fe8c3101c04bace

diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 4172329..e9cb0ec 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs

@@ -90,7 +90,6 @@
 const FAILURE_SERIAL_DEVICE: &str = "/dev/ttyS1";
 
 const ENCRYPTEDSTORE_BACKING_DEVICE: &str = "/dev/block/by-name/encryptedstore";
-const ENCRYPTEDSTORE_KEY_IDENTIFIER: &str = "encryptedstore_key";
 const ENCRYPTEDSTORE_KEYSIZE: usize = 32;
 
 #[derive(thiserror::Error, Debug)]
@@ -921,16 +920,8 @@
 }
 
 fn prepare_encryptedstore(vm_secret: &VmSecret) -> Result<Child> {
-    // Use a fixed salt to scope the derivation to this API.
-    // Generated using hexdump -vn32 -e'14/1 "0x%02X, " 1 "\n"' /dev/urandom
-    // TODO(b/241541860) : Move this (& other salts) to a salt container, i.e. a global enum
-    let salt = [
-        0xFC, 0x1D, 0x35, 0x7B, 0x96, 0xF3, 0xEF, 0x17, 0x78, 0x7D, 0x70, 0xED, 0xEA, 0xFE, 0x1D,
-        0x6F, 0xB3, 0xF9, 0x40, 0xCE, 0xDD, 0x99, 0x40, 0xAA, 0xA7, 0x0E, 0x92, 0x73, 0x90, 0x86,
-        0x4A, 0x75,
-    ];
     let mut key = ZVec::new(ENCRYPTEDSTORE_KEYSIZE)?;
-    vm_secret.derive_sealing_key(&salt, ENCRYPTEDSTORE_KEY_IDENTIFIER.as_bytes(), &mut key)?;
+    vm_secret.derive_encryptedstore_key(&mut key)?;
     let mut cmd = Command::new(ENCRYPTEDSTORE_BIN);
     cmd.arg("--blkdevice")
         .arg(ENCRYPTEDSTORE_BACKING_DEVICE)

diff --git a/microdroid_manager/src/vm_payload_service.rs b/microdroid_manager/src/vm_payload_service.rs
index f9d917e..c611b11 100644
--- a/microdroid_manager/src/vm_payload_service.rs
+++ b/microdroid_manager/src/vm_payload_service.rs

@@ -43,15 +43,9 @@
             return Err(anyhow!("size {size} not in range (0..=32)"))
                 .or_binder_exception(ExceptionCode::ILLEGAL_ARGUMENT);
         }
-        // Use a fixed salt to scope the derivation to this API. It was randomly generated.
-        let salt = [
-            0x8B, 0x0F, 0xF0, 0xD3, 0xB1, 0x69, 0x2B, 0x95, 0x84, 0x2C, 0x9E, 0x3C, 0x99, 0x56,
-            0x7A, 0x22, 0x55, 0xF8, 0x08, 0x23, 0x81, 0x5F, 0xF5, 0x16, 0x20, 0x3E, 0xBE, 0xBA,
-            0xB7, 0xA8, 0x43, 0x92,
-        ];
         let mut instance_secret = vec![0; size.try_into().unwrap()];
         self.secret
-            .derive_sealing_key(&salt, identifier, &mut instance_secret)
+            .derive_payload_sealing_key(identifier, &mut instance_secret)
             .context("Failed to derive VM instance secret")
             .with_log()
             .or_service_specific_exception(-1)?;

diff --git a/microdroid_manager/src/vm_secret.rs b/microdroid_manager/src/vm_secret.rs
index 3308e0d..d84c2e2 100644
--- a/microdroid_manager/src/vm_secret.rs
+++ b/microdroid_manager/src/vm_secret.rs

@@ -21,9 +21,21 @@
 use openssl::md::Md;
 use openssl::sha;
 
+const ENCRYPTEDSTORE_KEY_IDENTIFIER: &str = "encryptedstore_key";
+
 // Size of the secret stored in Secretkeeper.
 const SK_SECRET_SIZE: usize = 64;
 
+// Generated using hexdump -vn32 -e'14/1 "0x%02X, " 1 "\n"' /dev/urandom
+const SALT_ENCRYPTED_STORE: &[u8] = &[
+    0xFC, 0x1D, 0x35, 0x7B, 0x96, 0xF3, 0xEF, 0x17, 0x78, 0x7D, 0x70, 0xED, 0xEA, 0xFE, 0x1D, 0x6F,
+    0xB3, 0xF9, 0x40, 0xCE, 0xDD, 0x99, 0x40, 0xAA, 0xA7, 0x0E, 0x92, 0x73, 0x90, 0x86, 0x4A, 0x75,
+];
+const SALT_PAYLOAD_SERVICE: &[u8] = &[
+    0x8B, 0x0F, 0xF0, 0xD3, 0xB1, 0x69, 0x2B, 0x95, 0x84, 0x2C, 0x9E, 0x3C, 0x99, 0x56, 0x7A, 0x22,
+    0x55, 0xF8, 0x08, 0x23, 0x81, 0x5F, 0xF5, 0x16, 0x20, 0x3E, 0xBE, 0xBA, 0xB7, 0xA8, 0x43, 0x92,
+];
+
 pub enum VmSecret {
     // V2 secrets are derived from 2 independently secured secrets:
     //      1. Secretkeeper protected secrets (skp secret).
@@ -71,10 +83,14 @@
         Ok(())
     }
 
-    /// Derives a sealing key of `key_length` bytes from the VmSecret.
-    /// Essentially key expansion.
-    pub fn derive_sealing_key(&self, salt: &[u8], identifier: &[u8], key: &mut [u8]) -> Result<()> {
-        self.get_vm_secret(salt, identifier, key)
+    /// Derive sealing key for payload with following identifier.
+    pub fn derive_payload_sealing_key(&self, identifier: &[u8], key: &mut [u8]) -> Result<()> {
+        self.get_vm_secret(SALT_PAYLOAD_SERVICE, identifier, key)
+    }
+
+    /// Derive encryptedstore key. This uses hardcoded random salt & fixed identifier.
+    pub fn derive_encryptedstore_key(&self, key: &mut [u8]) -> Result<()> {
+        self.get_vm_secret(SALT_ENCRYPTED_STORE, ENCRYPTEDSTORE_KEY_IDENTIFIER.as_bytes(), key)
     }
 }