src/keyblob/sdd_mem.rs

*9860b763SAndroid Build Coastguard Worker// Copyright 2022, The Android Open Source Project
*9860b763SAndroid Build Coastguard Worker//
*9860b763SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License");
*9860b763SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License.
*9860b763SAndroid Build Coastguard Worker// You may obtain a copy of the License at
*9860b763SAndroid Build Coastguard Worker//
*9860b763SAndroid Build Coastguard Worker//     http://www.apache.org/licenses/LICENSE-2.0
*9860b763SAndroid Build Coastguard Worker//
*9860b763SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software
*9860b763SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS,
*9860b763SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*9860b763SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and
*9860b763SAndroid Build Coastguard Worker// limitations under the License.
*9860b763SAndroid Build Coastguard Worker
*9860b763SAndroid Build Coastguard Worker//! In-memory secure deletion secret manager.
*9860b763SAndroid Build Coastguard Worker//!
*9860b763SAndroid Build Coastguard Worker//! Only suitable for development/testing (as secrets are lost on restart).
*9860b763SAndroid Build Coastguard Worker
*9860b763SAndroid Build Coastguard Workeruse super::{SecureDeletionData, SecureDeletionSecretManager, SecureDeletionSlot, SlotPurpose};
*9860b763SAndroid Build Coastguard Workeruse crate::{crypto, km_err, Error};
*9860b763SAndroid Build Coastguard Worker
*9860b763SAndroid Build Coastguard Worker/// Secure deletion secret manager that keeps state in memory. Provided as an example only; do not
*9860b763SAndroid Build Coastguard Worker/// use in a real system (keys will not survive reboot if you do).
*9860b763SAndroid Build Coastguard Workerpub struct InMemorySlotManager<const N: usize> {
*9860b763SAndroid Build Coastguard Worker    factory_secret: Option<[u8; 32]>,
*9860b763SAndroid Build Coastguard Worker    slots: [Option<SecureDeletionData>; N],
*9860b763SAndroid Build Coastguard Worker}
*9860b763SAndroid Build Coastguard Worker
*9860b763SAndroid Build Coastguard Workerimpl<const N: usize> Default for InMemorySlotManager<N> {
*9860b763SAndroid Build Coastguard Worker    fn default() -> Self {
*9860b763SAndroid Build Coastguard Worker        Self {
*9860b763SAndroid Build Coastguard Worker            factory_secret: None,
*9860b763SAndroid Build Coastguard Worker            // Work around Rust limitation that `[None; N]` doesn't work.
*9860b763SAndroid Build Coastguard Worker            slots: [(); N].map(|_| Option::<SecureDeletionData>::default()),
*9860b763SAndroid Build Coastguard Worker        }
*9860b763SAndroid Build Coastguard Worker    }
*9860b763SAndroid Build Coastguard Worker}
*9860b763SAndroid Build Coastguard Worker
*9860b763SAndroid Build Coastguard Workerimpl<const N: usize> SecureDeletionSecretManager for InMemorySlotManager<N> {
*9860b763SAndroid Build Coastguard Worker    fn get_or_create_factory_reset_secret(
*9860b763SAndroid Build Coastguard Worker        &mut self,
*9860b763SAndroid Build Coastguard Worker        rng: &mut dyn crypto::Rng,
*9860b763SAndroid Build Coastguard Worker    ) -> Result<SecureDeletionData, Error> {
*9860b763SAndroid Build Coastguard Worker        if self.factory_secret.is_none() {
*9860b763SAndroid Build Coastguard Worker            // No factory reset secret created yet, so do so now.
*9860b763SAndroid Build Coastguard Worker            let mut secret = [0; 32];
*9860b763SAndroid Build Coastguard Worker            rng.fill_bytes(&mut secret[..]);
*9860b763SAndroid Build Coastguard Worker            self.factory_secret = Some(secret);
*9860b763SAndroid Build Coastguard Worker        }
*9860b763SAndroid Build Coastguard Worker        self.get_factory_reset_secret()
*9860b763SAndroid Build Coastguard Worker    }
*9860b763SAndroid Build Coastguard Worker
*9860b763SAndroid Build Coastguard Worker    fn get_factory_reset_secret(&self) -> Result<SecureDeletionData, Error> {
*9860b763SAndroid Build Coastguard Worker        match self.factory_secret {
*9860b763SAndroid Build Coastguard Worker            Some(secret) => Ok(SecureDeletionData {
*9860b763SAndroid Build Coastguard Worker                factory_reset_secret: secret,
*9860b763SAndroid Build Coastguard Worker                secure_deletion_secret: [0; 16],
*9860b763SAndroid Build Coastguard Worker            }),
*9860b763SAndroid Build Coastguard Worker            None => Err(km_err!(UnknownError, "no factory secret available!")),
*9860b763SAndroid Build Coastguard Worker        }
*9860b763SAndroid Build Coastguard Worker    }
*9860b763SAndroid Build Coastguard Worker
*9860b763SAndroid Build Coastguard Worker    fn new_secret(
*9860b763SAndroid Build Coastguard Worker        &mut self,
*9860b763SAndroid Build Coastguard Worker        rng: &mut dyn crypto::Rng,
*9860b763SAndroid Build Coastguard Worker        _purpose: SlotPurpose,
*9860b763SAndroid Build Coastguard Worker    ) -> Result<(SecureDeletionSlot, SecureDeletionData), Error> {
*9860b763SAndroid Build Coastguard Worker        for idx in 0..N {
*9860b763SAndroid Build Coastguard Worker            if self.slots[idx].is_none() {
*9860b763SAndroid Build Coastguard Worker                let mut sdd = self.get_or_create_factory_reset_secret(rng)?;
*9860b763SAndroid Build Coastguard Worker                rng.fill_bytes(&mut sdd.secure_deletion_secret[..]);
*9860b763SAndroid Build Coastguard Worker                self.slots[idx] = Some(sdd.clone());
*9860b763SAndroid Build Coastguard Worker                return Ok((SecureDeletionSlot(idx as u32), sdd));
*9860b763SAndroid Build Coastguard Worker            }
*9860b763SAndroid Build Coastguard Worker        }
*9860b763SAndroid Build Coastguard Worker        Err(km_err!(RollbackResistanceUnavailable, "full"))
*9860b763SAndroid Build Coastguard Worker    }
*9860b763SAndroid Build Coastguard Worker
*9860b763SAndroid Build Coastguard Worker    fn get_secret(&self, slot: SecureDeletionSlot) -> Result<SecureDeletionData, Error> {
*9860b763SAndroid Build Coastguard Worker        let idx = slot.0 as usize;
*9860b763SAndroid Build Coastguard Worker        if !(0..N).contains(&idx) {
*9860b763SAndroid Build Coastguard Worker            return Err(km_err!(InvalidKeyBlob, "slot idx out of bounds"));
*9860b763SAndroid Build Coastguard Worker        }
*9860b763SAndroid Build Coastguard Worker        match &self.slots[idx] {
*9860b763SAndroid Build Coastguard Worker            Some(data) => Ok(data.clone()),
*9860b763SAndroid Build Coastguard Worker            None => Err(km_err!(InvalidKeyBlob, "slot idx empty")),
*9860b763SAndroid Build Coastguard Worker        }
*9860b763SAndroid Build Coastguard Worker    }
*9860b763SAndroid Build Coastguard Worker
*9860b763SAndroid Build Coastguard Worker    fn delete_secret(&mut self, slot: SecureDeletionSlot) -> Result<(), Error> {
*9860b763SAndroid Build Coastguard Worker        match self.slots[slot.0 as usize].take() {
*9860b763SAndroid Build Coastguard Worker            Some(_data) => Ok(()),
*9860b763SAndroid Build Coastguard Worker            None => Err(km_err!(InvalidKeyBlob, "slot idx empty")),
*9860b763SAndroid Build Coastguard Worker        }
*9860b763SAndroid Build Coastguard Worker    }
*9860b763SAndroid Build Coastguard Worker
*9860b763SAndroid Build Coastguard Worker    fn delete_all(&mut self) {
*9860b763SAndroid Build Coastguard Worker        self.factory_secret = None;
*9860b763SAndroid Build Coastguard Worker        for idx in 0..N {
*9860b763SAndroid Build Coastguard Worker            self.slots[idx] = None;
*9860b763SAndroid Build Coastguard Worker        }
*9860b763SAndroid Build Coastguard Worker    }
*9860b763SAndroid Build Coastguard Worker}