| Shikha Panwar | 95084df | 2023-07-22 11:47:45 +0000 | [diff] [blame] | 1 | // Copyright 2023, The Android Open Source Project |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | // you may not use this file except in compliance with the License. |
| 5 | // You may obtain a copy of the License at |
| 6 | // |
| 7 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | // |
| 9 | // Unless required by applicable law or agreed to in writing, software |
| 10 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | // See the License for the specific language governing permissions and |
| 13 | // limitations under the License. |
| 14 | |
| 15 | //! Class for encapsulating & managing represent VM secrets. |
| 16 | |
| 17 | use anyhow::Result; |
| 18 | use diced_open_dice::{DiceArtifacts, OwnedDiceArtifacts}; |
| 19 | use keystore2_crypto::ZVec; |
| 20 | use openssl::hkdf::hkdf; |
| 21 | use openssl::md::Md; |
| 22 | use openssl::sha; |
| 23 | |
| Shikha Panwar | 3d3a70a | 2023-08-21 20:02:08 +0000 | [diff] [blame] | 24 | const ENCRYPTEDSTORE_KEY_IDENTIFIER: &str = "encryptedstore_key"; |
| 25 | |
| Shikha Panwar | 95084df | 2023-07-22 11:47:45 +0000 | [diff] [blame] | 26 | // Size of the secret stored in Secretkeeper. |
| 27 | const SK_SECRET_SIZE: usize = 64; |
| 28 | |
| Shikha Panwar | 3d3a70a | 2023-08-21 20:02:08 +0000 | [diff] [blame] | 29 | // Generated using hexdump -vn32 -e'14/1 "0x%02X, " 1 "\n"' /dev/urandom |
| 30 | const SALT_ENCRYPTED_STORE: &[u8] = &[ |
| 31 | 0xFC, 0x1D, 0x35, 0x7B, 0x96, 0xF3, 0xEF, 0x17, 0x78, 0x7D, 0x70, 0xED, 0xEA, 0xFE, 0x1D, 0x6F, |
| 32 | 0xB3, 0xF9, 0x40, 0xCE, 0xDD, 0x99, 0x40, 0xAA, 0xA7, 0x0E, 0x92, 0x73, 0x90, 0x86, 0x4A, 0x75, |
| 33 | ]; |
| 34 | const SALT_PAYLOAD_SERVICE: &[u8] = &[ |
| 35 | 0x8B, 0x0F, 0xF0, 0xD3, 0xB1, 0x69, 0x2B, 0x95, 0x84, 0x2C, 0x9E, 0x3C, 0x99, 0x56, 0x7A, 0x22, |
| 36 | 0x55, 0xF8, 0x08, 0x23, 0x81, 0x5F, 0xF5, 0x16, 0x20, 0x3E, 0xBE, 0xBA, 0xB7, 0xA8, 0x43, 0x92, |
| 37 | ]; |
| 38 | |
| Shikha Panwar | 95084df | 2023-07-22 11:47:45 +0000 | [diff] [blame] | 39 | pub enum VmSecret { |
| 40 | // V2 secrets are derived from 2 independently secured secrets: |
| 41 | // 1. Secretkeeper protected secrets (skp secret). |
| 42 | // 2. Dice Sealing CDIs (Similar to V1). |
| 43 | // |
| 44 | // These are protected against rollback of boot images i.e. VM instance rebooted |
| 45 | // with downgraded images will not have access to VM's secret. |
| 46 | // V2 secrets require hardware support - Secretkeeper HAL, which (among other things) |
| 47 | // is backed by tamper-evident storage, providing rollback protection to these secrets. |
| 48 | V2 { dice: OwnedDiceArtifacts, skp_secret: ZVec }, |
| 49 | // V1 secrets are not protected against rollback of boot images. |
| 50 | // They are reliable only if rollback of images was prevented by verified boot ie, |
| 51 | // each stage (including pvmfw/Microdroid/Microdroid Manager) prevents downgrade of next |
| 52 | // stage. These are now legacy secrets & used only when Secretkeeper HAL is not supported |
| 53 | // by device. |
| 54 | V1 { dice: OwnedDiceArtifacts }, |
| 55 | } |
| 56 | |
| 57 | impl VmSecret { |
| 58 | pub fn new(dice_artifacts: OwnedDiceArtifacts) -> Result<VmSecret> { |
| 59 | if is_sk_supported() { |
| 60 | // TODO(b/291213394): Change this to real Sk protected secret. |
| 61 | let fake_skp_secret = ZVec::new(SK_SECRET_SIZE)?; |
| 62 | return Ok(Self::V2 { dice: dice_artifacts, skp_secret: fake_skp_secret }); |
| 63 | } |
| 64 | Ok(Self::V1 { dice: dice_artifacts }) |
| 65 | } |
| 66 | pub fn dice(&self) -> &OwnedDiceArtifacts { |
| 67 | match self { |
| 68 | Self::V2 { dice, .. } => dice, |
| 69 | Self::V1 { dice } => dice, |
| 70 | } |
| 71 | } |
| 72 | |
| 73 | fn get_vm_secret(&self, salt: &[u8], identifier: &[u8], key: &mut [u8]) -> Result<()> { |
| 74 | match self { |
| 75 | Self::V2 { dice, skp_secret } => { |
| 76 | let mut hasher = sha::Sha256::new(); |
| 77 | hasher.update(dice.cdi_seal()); |
| 78 | hasher.update(skp_secret); |
| 79 | hkdf(key, Md::sha256(), &hasher.finish(), salt, identifier)? |
| 80 | } |
| 81 | Self::V1 { dice } => hkdf(key, Md::sha256(), dice.cdi_seal(), salt, identifier)?, |
| 82 | } |
| 83 | Ok(()) |
| 84 | } |
| 85 | |
| Shikha Panwar | 3d3a70a | 2023-08-21 20:02:08 +0000 | [diff] [blame] | 86 | /// Derive sealing key for payload with following identifier. |
| 87 | pub fn derive_payload_sealing_key(&self, identifier: &[u8], key: &mut [u8]) -> Result<()> { |
| 88 | self.get_vm_secret(SALT_PAYLOAD_SERVICE, identifier, key) |
| 89 | } |
| 90 | |
| 91 | /// Derive encryptedstore key. This uses hardcoded random salt & fixed identifier. |
| 92 | pub fn derive_encryptedstore_key(&self, key: &mut [u8]) -> Result<()> { |
| 93 | self.get_vm_secret(SALT_ENCRYPTED_STORE, ENCRYPTEDSTORE_KEY_IDENTIFIER.as_bytes(), key) |
| Shikha Panwar | 95084df | 2023-07-22 11:47:45 +0000 | [diff] [blame] | 94 | } |
| 95 | } |
| 96 | |
| 97 | // Does the hardware support Secretkeeper. |
| 98 | fn is_sk_supported() -> bool { |
| 99 | if cfg!(llpvm_changes) { |
| 100 | return false; |
| 101 | }; |
| 102 | // TODO(b/292209416): This value should be extracted from device tree. |
| 103 | // Note: this does not affect the security of pVM. pvmfw & microdroid_manager continue to block |
| 104 | // upgraded images. Setting this true is equivalent to including constant salt in vm secrets. |
| 105 | true |
| 106 | } |