hals/authsecret/AuthSecret.cpp

/*
 * Copyright (C) 2018 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include "AuthSecret.h"

#include <android-base/logging.h>

#include <openssl/sha.h>

#include <application.h>
#include <app_nugget.h>
#include <nos/debug.h>

#include <AuthSecret.h>

namespace android {
namespace hardware {
namespace authsecret {

// libhidl
using ::android::hardware::Void;

namespace {

/** The digest is the first 4 bytes of the sha1 of the password */
uint32_t CalculatePasswordDigest(const nugget_app_password& password) {
    uint8_t passwordSha1[SHA_DIGEST_LENGTH];
    SHA_CTX c;
    SHA1_Init(&c);
    SHA1_Update(&c, &password.password, NUGGET_UPDATE_PASSWORD_LEN);
    SHA1_Final(passwordSha1, &c);

    uint32_t digest;
    memcpy(&digest, passwordSha1, sizeof(digest));
    return digest;
}

/*
 * Derive the update password from the secret:
 *     update_password = sha256( CITADEL_UPDATE_KEY | 0 | secret )
 *
 * Password must point to NUGGET_UPDATE_PASSWORD_LEN bytes.
 *
 * The password is derived in case the secret needs to be used for another
 * purpose. Deriving different values for each subsystem adds a layer of
 * security.
 */
nugget_app_password DeriveCitadelUpdatePassword(const hidl_vec<uint8_t>& secret) {
    nugget_app_password password;

    static_assert(SHA256_DIGEST_LENGTH == NUGGET_UPDATE_PASSWORD_LEN,
                  "Hash output does not match update password length");
    const uint8_t CITADEL_UPDATE_KEY[] = "citadel_update";
    SHA256_CTX c;
    SHA256_Init(&c);
    SHA256_Update(&c, CITADEL_UPDATE_KEY, sizeof(CITADEL_UPDATE_KEY));
    SHA256_Update(&c, secret.data(), secret.size());
    SHA256_Final(password.password, &c);
    password.digest = CalculatePasswordDigest(password);
    return password;
}

/**
 * The first time this is called, Citadel won't have its update password set so
 * always try and enroll it. If the update password is already set, this will
 * faily gracefully.
 */
void TryEnrollCitadelUpdatePassword(NuggetClientInterface& client,
                                    const nugget_app_password& password) {
    std::vector<uint8_t> buffer(sizeof(nugget_app_change_update_password));
    nugget_app_change_update_password* const msg
            = reinterpret_cast<nugget_app_change_update_password*>(buffer.data());

    msg->new_password = password;
    // Default password is uninitialized flash i.e. all 0xff
    memset(&msg->old_password.password, 0xff, NUGGET_UPDATE_PASSWORD_LEN);
    msg->old_password.digest = 0xffffffff;

    const uint32_t appStatus = client.CallApp(APP_ID_NUGGET,
                                              NUGGET_PARAM_CHANGE_UPDATE_PASSWORD,
                                              buffer, nullptr);
    if (appStatus == APP_ERROR_BOGUS_ARGS) {
        LOG(VERBOSE) << "Citadel update password already installed";
        return;
    }
    if (appStatus != APP_SUCCESS) {
        LOG(ERROR) << "Citadel change update password failed: "
                   << ::nos::StatusCodeString(appStatus) << " (" << appStatus << ")";
        return;
    }

    LOG(INFO) << "Citadel update password installed";
}

/** Request a hard reboot of Citadel. */
void RebootCitadel(NuggetClientInterface& client) {
    std::vector<uint8_t> ignored = {1};         // older images require this
    const uint32_t appStatus = client.CallApp(APP_ID_NUGGET, NUGGET_PARAM_REBOOT, ignored, nullptr);
    if (appStatus != APP_SUCCESS) {
        LOG(ERROR) << "Citadel failed to reboot: " << ::nos::StatusCodeString(appStatus)
                   << " (" << appStatus << ")";
    }
}

/**
 * Try to enable a Citadel update with the update password. If this fails,
 * something has gone wrong somewhere...
 */
void TryEnablingCitadelUpdate(NuggetClientInterface& client, const nugget_app_password& password) {
    std::vector<uint8_t> buffer(sizeof(nugget_app_enable_update));
    nugget_app_enable_update* const msg
            = reinterpret_cast<nugget_app_enable_update*>(buffer.data());

    msg->password = password;
    msg->which_headers = NUGGET_ENABLE_HEADER_RW | NUGGET_ENABLE_HEADER_RO;
    const uint32_t appStatus = client.CallApp(APP_ID_NUGGET,
                                              NUGGET_PARAM_ENABLE_UPDATE,
                                              buffer, &buffer);
    if (appStatus == APP_ERROR_BOGUS_ARGS) {
        LOG(ERROR) << "Incorrect Citadel update password";
        return;
    }
    if (appStatus != APP_SUCCESS) {
        LOG(ERROR) << "Citadel enable update failed: " << ::nos::StatusCodeString(appStatus)
                   << " (" << appStatus << ")";
        return;
    }

    // If the header[s] changed, reboot for the update to take effect
    // Old firmware doesn't have a reply but still needs to be updated
    if (buffer.empty() || buffer[0]) {
      LOG(INFO) << "Update password enabled a new image; rebooting Citadel";
      RebootCitadel(client);
    }
}

} // namespace

// Methods from ::android::hardware::authsecret::V1_0::IAuthSecret follow.
Return<void> AuthSecret::primaryUserCredential(const hidl_vec<uint8_t>& secret) {
    LOG(VERBOSE) << "Running AuthSecret::primaryUserCredential";

    if (secret.size() < 16) {
        LOG(WARNING) << "The secret is shorter than 16 bytes";
    }

    const nugget_app_password password = DeriveCitadelUpdatePassword(secret);
    TryEnrollCitadelUpdatePassword(_client, password);
    TryEnablingCitadelUpdate(_client, password);

    return Void();
}

} // namespace authsecret
} // namespace hardware
} // namespace android