1 // Copyright 2021, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! Provides routines to read/write on the instance disk.
16 //!
17 //! Instance disk is a disk where the identity of a VM instance is recorded. The identity usually
18 //! includes certificates of the VM payload that is trusted, but not limited to it. Instance disk
19 //! is empty when a VM is first booted. The identity data is filled in during the first boot, and
20 //! then encrypted and signed. Subsequent boots decrypts and authenticates the data and uses the
21 //! identity data to further verify the payload (e.g. against the certificate).
22 //!
23 //! Instance disk consists of a disk header and one or more partitions each of which consists of a
24 //! header and payload. Each header (both the disk header and a partition header) is 512 bytes
25 //! long. Payload is just next to the header and its size can be arbitrary. Headers are located at
26 //! 512 bytes boundaries. So, when the size of a payload is not multiple of 512, there exists a gap
27 //! between the end of the payload and the start of the next partition (if there is any).
28 //!
29 //! Each partition is identified by a UUID. A partition is created for a program loader that
30 //! participates in the boot chain of the VM. Each program loader is expected to locate the
31 //! partition that corresponds to the loader using the UUID that is assigned to the loader.
32 //!
33 //! The payload of a partition is encrypted/signed by a key that is unique to the loader and to the
34 //! VM as well. Failing to decrypt/authenticate a partition by a loader stops the boot process.
35
36 use crate::ioutil;
37
38 use android_security_dice::aidl::android::security::dice::IDiceNode::IDiceNode;
39 use anyhow::{anyhow, bail, Context, Result};
40 use binder::wait_for_interface;
41 use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
42 use ring::aead::{Aad, Algorithm, LessSafeKey, Nonce, UnboundKey, AES_256_GCM};
43 use ring::hkdf::{Salt, HKDF_SHA256};
44 use serde::{Deserialize, Serialize};
45 use std::fs::{File, OpenOptions};
46 use std::io::{Read, Seek, SeekFrom, Write};
47 use uuid::Uuid;
48
49 /// Path to the instance disk inside the VM
50 const INSTANCE_IMAGE_PATH: &str = "/dev/block/by-name/vm-instance";
51
52 /// Magic string in the instance disk header
53 const DISK_HEADER_MAGIC: &str = "Android-VM-instance";
54
55 /// Version of the instance disk format
56 const DISK_HEADER_VERSION: u16 = 1;
57
58 /// Size of the headers in the instance disk
59 const DISK_HEADER_SIZE: u64 = 512;
60 const PARTITION_HEADER_SIZE: u64 = 512;
61
62 /// UUID of the partition that microdroid manager uses
63 const MICRODROID_PARTITION_UUID: &str = "cf9afe9a-0662-11ec-a329-c32663a09d75";
64
65 /// Encryption algorithm used to cipher payload
66 static ENCRYPT_ALG: &Algorithm = &AES_256_GCM;
67
68 /// Handle to the instance disk
69 pub struct InstanceDisk {
70 file: File,
71 }
72
73 /// Information from a partition header
74 struct PartitionHeader {
75 uuid: Uuid,
76 payload_size: u64, // in bytes
77 }
78
79 /// Offset of a partition in the instance disk
80 type PartitionOffset = u64;
81
82 impl InstanceDisk {
83 /// Creates handle to instance disk
new() -> Result<Self>84 pub fn new() -> Result<Self> {
85 let mut file = OpenOptions::new()
86 .read(true)
87 .write(true)
88 .open(INSTANCE_IMAGE_PATH)
89 .with_context(|| format!("Failed to open {}", INSTANCE_IMAGE_PATH))?;
90
91 // Check if this file is a valid instance disk by examining the header (the first block)
92 let mut magic = [0; DISK_HEADER_MAGIC.len()];
93 file.read_exact(&mut magic)?;
94 if magic != DISK_HEADER_MAGIC.as_bytes() {
95 bail!("invalid magic: {:?}", magic);
96 }
97
98 let version = file.read_u16::<LittleEndian>()?;
99 if version == 0 {
100 bail!("invalid version: {}", version);
101 }
102 if version > DISK_HEADER_VERSION {
103 bail!("unsupported version: {}", version);
104 }
105
106 Ok(Self { file })
107 }
108
109 /// Reads the identity data that was written by microdroid manager. The returned data is
110 /// plaintext, although it is stored encrypted. In case when the partition for microdroid
111 /// manager doesn't exist, which can happen if it's the first boot, `Ok(None)` is returned.
read_microdroid_data(&mut self) -> Result<Option<MicrodroidData>>112 pub fn read_microdroid_data(&mut self) -> Result<Option<MicrodroidData>> {
113 let (header, offset) = self.locate_microdroid_header()?;
114 if header.is_none() {
115 return Ok(None);
116 }
117 let header = header.unwrap();
118 let payload_offset = offset + PARTITION_HEADER_SIZE;
119 self.file.seek(SeekFrom::Start(payload_offset))?;
120
121 // Read the 12-bytes nonce (unencrypted)
122 let mut nonce = [0; 12];
123 self.file.read_exact(&mut nonce)?;
124 let nonce = Nonce::assume_unique_for_key(nonce);
125
126 // Read the encrypted payload
127 let payload_size = header.payload_size - 12; // we already have read the nonce
128 let mut data = vec![0; payload_size as usize];
129 self.file.read_exact(&mut data)?;
130
131 // Read the header as well because it's part of the signed data (though not encrypted).
132 let mut header = [0; PARTITION_HEADER_SIZE as usize];
133 self.file.seek(SeekFrom::Start(offset))?;
134 self.file.read_exact(&mut header)?;
135
136 // Decrypt and authenticate the data (along with the header). The data is decrypted in
137 // place. `open_in_place` returns slice to the decrypted part in the buffer.
138 let plaintext_len = get_key()?.open_in_place(nonce, Aad::from(&header), &mut data)?.len();
139 // Truncate to remove the tag
140 data.truncate(plaintext_len);
141
142 let microdroid_data = serde_cbor::from_slice(data.as_slice())?;
143 Ok(Some(microdroid_data))
144 }
145
146 /// Writes identity data to the partition for microdroid manager. The partition is appended
147 /// if it doesn't exist. The data is stored encrypted.
write_microdroid_data(&mut self, microdroid_data: &MicrodroidData) -> Result<()>148 pub fn write_microdroid_data(&mut self, microdroid_data: &MicrodroidData) -> Result<()> {
149 let (header, offset) = self.locate_microdroid_header()?;
150
151 let mut data = serde_cbor::to_vec(microdroid_data)?;
152
153 // By encrypting and signing the data, tag will be appended. The tag also becomes part of
154 // the encrypted payload which will be written. In addition, a 12-bytes nonce will be
155 // prepended (non-encrypted).
156 let payload_size = (data.len() + ENCRYPT_ALG.tag_len() + 12) as u64;
157
158 // If the partition exists, make sure we don't change the partition size. If not (i.e.
159 // partition is not found), write the header at the empty place.
160 if let Some(header) = header {
161 if header.payload_size != payload_size {
162 bail!("Can't change payload size from {} to {}", header.payload_size, payload_size);
163 }
164 } else {
165 let uuid = Uuid::parse_str(MICRODROID_PARTITION_UUID)?;
166 self.write_header_at(offset, &uuid, payload_size)?;
167 }
168
169 // Read the header as it is used as additionally authenticated data (AAD).
170 let mut header = [0; PARTITION_HEADER_SIZE as usize];
171 self.file.seek(SeekFrom::Start(offset))?;
172 self.file.read_exact(&mut header)?;
173
174 // Generate a nonce randomly and recorde it on the disk first.
175 let nonce = Nonce::assume_unique_for_key(rand::random::<[u8; 12]>());
176 self.file.seek(SeekFrom::Start(offset + PARTITION_HEADER_SIZE))?;
177 self.file.write_all(nonce.as_ref())?;
178
179 // Then encrypt and sign the data. The non-encrypted input data is copied to a vector
180 // because it is encrypted in place, and also the tag is appended.
181 get_key()?.seal_in_place_append_tag(nonce, Aad::from(&header), &mut data)?;
182
183 // Persist the encrypted payload data
184 self.file.write_all(&data)?;
185 ioutil::blkflsbuf(&mut self.file)?;
186
187 Ok(())
188 }
189
190 /// Read header at `header_offset` and parse it into a `PartitionHeader`.
read_header_at(&mut self, header_offset: u64) -> Result<PartitionHeader>191 fn read_header_at(&mut self, header_offset: u64) -> Result<PartitionHeader> {
192 assert!(
193 header_offset % PARTITION_HEADER_SIZE == 0,
194 "header offset {} is not aligned to 512 bytes",
195 header_offset
196 );
197
198 let mut uuid = [0; 16];
199 self.file.seek(SeekFrom::Start(header_offset))?;
200 self.file.read_exact(&mut uuid)?;
201 let uuid = Uuid::from_bytes(uuid);
202 let payload_size = self.file.read_u64::<LittleEndian>()?;
203
204 Ok(PartitionHeader { uuid, payload_size })
205 }
206
207 /// Write header at `header_offset`
write_header_at( &mut self, header_offset: u64, uuid: &Uuid, payload_size: u64, ) -> Result<()>208 fn write_header_at(
209 &mut self,
210 header_offset: u64,
211 uuid: &Uuid,
212 payload_size: u64,
213 ) -> Result<()> {
214 self.file.seek(SeekFrom::Start(header_offset))?;
215 self.file.write_all(uuid.as_bytes())?;
216 self.file.write_u64::<LittleEndian>(payload_size)?;
217 Ok(())
218 }
219
220 /// Locate the header of the partition for microdroid manager. A pair of `PartitionHeader` and
221 /// the offset of the partition in the disk is returned. If the partition is not found,
222 /// `PartitionHeader` is `None` and the offset points to the empty partition that can be used
223 /// for the partition.
locate_microdroid_header(&mut self) -> Result<(Option<PartitionHeader>, PartitionOffset)>224 fn locate_microdroid_header(&mut self) -> Result<(Option<PartitionHeader>, PartitionOffset)> {
225 let microdroid_uuid = Uuid::parse_str(MICRODROID_PARTITION_UUID)?;
226
227 // the first partition header is located just after the disk header
228 let mut header_offset = DISK_HEADER_SIZE;
229 loop {
230 let header = self.read_header_at(header_offset)?;
231 if header.uuid == microdroid_uuid {
232 // found a matching header
233 return Ok((Some(header), header_offset));
234 } else if header.uuid == Uuid::nil() {
235 // found an empty space
236 return Ok((None, header_offset));
237 }
238 // Move to the next partition. Be careful about overflow.
239 let payload_size = round_to_multiple(header.payload_size, PARTITION_HEADER_SIZE)?;
240 let part_size = payload_size
241 .checked_add(PARTITION_HEADER_SIZE)
242 .ok_or_else(|| anyhow!("partition too large"))?;
243 header_offset = header_offset
244 .checked_add(part_size)
245 .ok_or_else(|| anyhow!("next partition at invalid offset"))?;
246 }
247 }
248 }
249
250 /// Round `n` up to the nearest multiple of `unit`
round_to_multiple(n: u64, unit: u64) -> Result<u64>251 fn round_to_multiple(n: u64, unit: u64) -> Result<u64> {
252 assert!((unit & (unit - 1)) == 0, "{} is not power of two", unit);
253 let ret = (n + unit - 1) & !(unit - 1);
254 if ret < n {
255 bail!("overflow")
256 }
257 Ok(ret)
258 }
259
260 struct ZeroOnDropKey(LessSafeKey);
261
262 impl Drop for ZeroOnDropKey {
drop(&mut self)263 fn drop(&mut self) {
264 // Zeroize the key by overwriting it with a key constructed from zeros of same length
265 // This works because the raw key bytes are allocated inside the struct, not on the heap
266 let zero = [0; 32];
267 let zero_key = LessSafeKey::new(UnboundKey::new(ENCRYPT_ALG, &zero).unwrap());
268 unsafe {
269 ::std::ptr::write_volatile::<LessSafeKey>(&mut self.0, zero_key);
270 }
271 }
272 }
273
274 impl std::ops::Deref for ZeroOnDropKey {
275 type Target = LessSafeKey;
deref(&self) -> &LessSafeKey276 fn deref(&self) -> &LessSafeKey {
277 &self.0
278 }
279 }
280
281 /// Returns the key that is used to encrypt the microdroid manager partition. It is derived from
282 /// the sealing CDI of the previous stage, which is Android Boot Loader (ABL).
get_key() -> Result<ZeroOnDropKey>283 fn get_key() -> Result<ZeroOnDropKey> {
284 // Sealing CDI from the previous stage.
285 let diced = wait_for_interface::<dyn IDiceNode>("android.security.dice.IDiceNode")
286 .context("IDiceNode service not found")?;
287 let bcc_handover = diced.derive(&[]).context("Failed to get BccHandover")?;
288
289 // Derive a key from the Sealing CDI
290 // Step 1 is extraction: https://datatracker.ietf.org/doc/html/rfc5869#section-2.2 where a
291 // pseduo random key (PRK) is extracted from (Input Keying Material - IKM, which is secret) and
292 // optional salt.
293 let salt = Salt::new(HKDF_SHA256, &[]); // use 0 as salt
294 let prk = salt.extract(&bcc_handover.cdiSeal); // Sealing CDI as IKM
295
296 // Step 2 is expansion: https://datatracker.ietf.org/doc/html/rfc5869#section-2.3 where the PRK
297 // (optionally with the `info` which gives contextual information) is expanded into the output
298 // keying material (OKM). Note that the process fails only when the size of OKM is longer than
299 // 255 * SHA256_HASH_SIZE (32), which isn't the case here.
300 let info = [b"microdroid_manager_key".as_ref()];
301 let okm = prk.expand(&info, HKDF_SHA256).unwrap(); // doesn't fail as explained above
302 let mut key = [0; 32];
303 okm.fill(&mut key).unwrap(); // doesn't fail as explained above
304
305 // The term LessSafe might be misleading here. LessSafe here just means that the API can
306 // possibly accept same nonces for different messages. However, since we encrypt/decrypt only a
307 // single message (the microdroid_manager partition payload) with a randomly generated nonce,
308 // this is safe enough.
309 let ret = ZeroOnDropKey(LessSafeKey::new(UnboundKey::new(ENCRYPT_ALG, &key).unwrap()));
310
311 // Don't forget to zeroize the raw key array as well
312 unsafe {
313 ::std::ptr::write_volatile::<[u8; 32]>(&mut key, [0; 32]);
314 }
315
316 Ok(ret)
317 }
318
319 #[derive(Debug, Serialize, Deserialize, PartialEq)]
320 pub struct MicrodroidData {
321 pub salt: Vec<u8>, // Should be [u8; 64] but that isn't serializable.
322 pub apk_data: ApkData,
323 pub extra_apks_data: Vec<ApkData>,
324 pub apex_data: Vec<ApexData>,
325 }
326
327 #[derive(Debug, Serialize, Deserialize, PartialEq)]
328 pub struct ApkData {
329 pub root_hash: Box<RootHash>,
330 pub pubkey: Box<[u8]>,
331 }
332
333 pub type RootHash = [u8];
334
335 #[derive(Debug, Serialize, Deserialize, PartialEq)]
336 pub struct ApexData {
337 pub name: String,
338 pub public_key: Vec<u8>,
339 pub root_digest: Vec<u8>,
340 pub last_update_seconds: u64,
341 pub is_factory: bool,
342 }
343