blob: 2920b3933706772063cc3d3e6dabebc39b61d1a2 [file] [log] [blame]
// Copyright 2019 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <lib/fdio/fdio.h>
#include <lib/fzl/fdio.h>
#include <lib/zx/channel.h>
#include <memory>
#include <crypto/secret.h>
#include <fbl/function.h>
#include <fbl/string.h>
#include <fbl/unique_fd.h>
#include <fbl/vector.h>
#include <zxcrypt/volume.h>
namespace zxcrypt {
// Describes what activity we are performing: creating a new volume from
// scratch, or unsealing an existing volume. Different activities may prefer
// different key sources for migration reasons.
enum Activity {
enum KeySourcePolicy {
// Always uses a key of all zeroes.
// Always uses a key from the TEE; fail if not available
// Always uses a key from the TEE for new volumes;
// allows fallback to null key for unsealing volumes
// Attempts to use a key from the TEE for new volumes and unlocking, but
// falls back to null key if TEE key fails
// someday: TpmSource variants?
enum KeySource {
// Computes the ordered list of key sources that should be used in the context
// under the policy |ksp|.
fbl::Vector<KeySource> ComputeEffectiveCreatePolicy(KeySourcePolicy ksp);
fbl::Vector<KeySource> ComputeEffectiveUnsealPolicy(KeySourcePolicy ksp);
// Calls |callback| on a key provided by each key source in
// |ordered_key_sources| until either the callback returns ZX_OK or the callback
// has returned some error on all key sources in |ordered_key_sources|.
zx_status_t TryWithKeysFrom(
const fbl::Vector<KeySource>& ordered_key_sources, Activity activity,
fbl::Function<zx_status_t(std::unique_ptr<uint8_t[]>, size_t)> callback);
// |zxcrypt::FdioVolumeManager| represents a channel to an instance of a bound
// zxcrypt device (named "zxcrypt" in the device tree).
class __EXPORT FdioVolumeManager {
explicit FdioVolumeManager(zx::channel&& chan);
// Request that the volume provided by the manager represented by |chan| be
// unsealed with the given key material/slot. If successful, the driver
// will create a child device named |unsealed| which exposes a block interface.
zx_status_t Unseal(const uint8_t* key, size_t key_len, uint8_t slot);
// Request that the volume provided by the manager represented by |chan| be
// unsealed with an product-defined device key associated with the specified
// slot. The caller must have access to /boot/config/zxcrypt in its
// namespace to use this function. If successful, the driver will create a
// child device named |unsealed| which exposes a block interface.
zx_status_t UnsealWithDeviceKey(uint8_t slot);
// Request that the volume provided by the manager represented by |chan| be
// sealed. After calling this method, it is an error to make any further
// calls with this FdioVolumeManager.
zx_status_t Seal();
// The underlying zxcrypt device, accessed over FDIO
zx::channel chan_;
// |zxcrypt::FdioVolume| is a zxcrypt volume which does IO via a file
// descriptor. It can be used on the host to prepare zxcrypt images, and
// is often more convenient for testing.
class __EXPORT FdioVolume final : public Volume {
explicit FdioVolume(fbl::unique_fd&& block_dev_fd, fbl::unique_fd&& devfs_root_fd);
// Creates a new zxcrypt volume associated with the given file descriptor,
// |block_dev_fd|, which must live in the device tree rooted at
// |devfs_root_fd|, and returns it via |out|, if provided. This will format
// the block device as zxcrypt using the given |key|, which will be
// associated with key slot 0. This method takes ownership of
// |block_dev_fd| and |devfs_root_fd|. Note that |key| is not strengthened
// and MUST have cryptographic key length of at least 128 bits.
static zx_status_t Create(fbl::unique_fd block_dev_fd, fbl::unique_fd devfs_root_fd,
const crypto::Secret& key, std::unique_ptr<FdioVolume>* out = nullptr);
// Does the same as |Create| but with the key provided by a product-defined
// source. The caller must have access to /boot/config/zxcrypt in its
// namespace to use this function.
static zx_status_t CreateWithDeviceKey(fbl::unique_fd&& block_dev_fd,
fbl::unique_fd&& devfs_root_fd,
std::unique_ptr<FdioVolume>* out);
// Opens a zxcrypt volume on the block device described by |block_dev_fd|
// (from the device tree rooted at |devfs_root_fd|) using the |key|
// corresponding to given key |slot|. The |block_dev_fd| parameter means
// this method can be used from libzxcrypt. This method takes ownership of
// |block_dev_fd| and |devfs_root_fd|. Note that |key| is not strengthened
// and MUST have cryptographic key length of at least 128 bits.
static zx_status_t Unlock(fbl::unique_fd block_dev_fd, fbl::unique_fd devfs_root_fd,
const crypto::Secret& key, key_slot_t slot,
std::unique_ptr<FdioVolume>* out);
// Opens a zxcrypt volume on the block device described by |block_dev_fd|
// (from the device tree rooted at |devfs_root_fd|) using a key from a
// product-defined source with the specified |slot|. The caller must have
// access to /boot/config/zxcrypt in their namespace to use this function.
// This method takes ownership of |block_dev_fd| and |devfs_root_fd|.
static zx_status_t UnlockWithDeviceKey(fbl::unique_fd block_dev_fd, fbl::unique_fd devfs_root_fd,
key_slot_t slot, std::unique_ptr<FdioVolume>* out);
// Returns a new volume object corresponding to the block device given by
// |block_dev_fd| (which must live in the device tree hosted by
// |devfs_root_fd|) and populated with the block and FVM information.
static zx_status_t Init(fbl::unique_fd block_dev_fd, fbl::unique_fd devfs_root_fd,
std::unique_ptr<FdioVolume>* out = nullptr);
// Opens a zxcrypt volume on the block device described by |fd| using the |key| corresponding to
// given key |slot|.
zx_status_t Unlock(const crypto::Secret& key, key_slot_t slot);
// Attempts to open the zxcrypt driver device associated with the underlying
// block device described by |fd|, binding the driver if necessary,
// and returning a channel to the zxcrypt device node.
zx_status_t OpenManager(const zx::duration& timeout, zx_handle_t* out);
// Opens the block device exposed atop this volume and returns a file
// descriptor to it via |out|, or fails if the volume isn't available within
// |timeout|.
zx_status_t Open(const zx::duration& timeout, fbl::unique_fd* out);
// Adds a given |key| to the given key |slot|. This key can then be used to |Open| the
// zxcrypt device. This method can only be called if the volume belongs to libzxcrypt.
zx_status_t Enroll(const crypto::Secret& key, key_slot_t slot);
// Removes the root key in the given key |slot|. This key can no longer be used to |Open| the
// zxcrypt device. This method can only be called if the volume belongs to libzxcrypt.
zx_status_t Revoke(key_slot_t slot);
friend class testing::TestDevice;
// Retrieves the block and FVM information and adjusts it
zx_status_t Init();
zx_status_t GetBlockInfo(BlockInfo* out);
zx_status_t GetFvmSliceSize(uint64_t* out);
zx_status_t DoBlockFvmVsliceQuery(uint64_t vslice_start, SliceRegion ranges[MAX_SLICE_REGIONS],
uint64_t* slice_count);
zx_status_t DoBlockFvmExtend(uint64_t start_slice, uint64_t slice_count);
// Reads a block from the current offset on the underlying device.
zx_status_t Read();
// Writes a block to the current offset on the underlying device.
zx_status_t Write();
// OpenManager, but using a pre-created fdio_t.
zx_status_t OpenManagerWithCaller(fzl::UnownedFdioCaller& caller, const zx::duration& timeout,
zx_handle_t* out);
// Returns the topological path of the underlying block device, relative to
// |devfs_root_fd|
zx_status_t RelativeTopologicalPath(fzl::UnownedFdioCaller& caller, fbl::String* out);
// The underlying block device, accessed over FDIO
fbl::unique_fd block_dev_fd_;
// The root of the device tree, needed to openat() related devices via
// constructing relative topological paths.
fbl::unique_fd devfs_root_fd_;
} // namespace zxcrypt