zxcrypt_crypt/
lib.rs

1// Copyright 2024 The Fuchsia Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5use aes_gcm_siv::aead::{Aead as _, Payload};
6use aes_gcm_siv::{Aes128GcmSiv, Key, KeyInit as _, Nonce};
7use anyhow::Error;
8use crypt_policy::{unseal_sources, KeyConsumer, Policy};
9use fidl::endpoints::{create_request_stream, ClientEnd};
10use fidl_fuchsia_fxfs::CryptRequest;
11use futures::{FutureExt, TryStreamExt};
12use hkdf::Hkdf;
13use std::future::Future;
14use std::pin::pin;
15use uuid::Uuid;
16use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout};
17
18#[repr(C, packed)]
19#[derive(Clone, Copy, Debug, FromBytes, Immutable, IntoBytes, KnownLayout)]
20struct ZxcryptHeader {
21    magic: u128,
22    guid: [u8; 16],
23    version: u32,
24}
25
26const ZXCRYPT_MAGIC: u128 = 0x74707972_63787a80_e7116db3_00f8e85f;
27const ZXCRYPT_VERSION: u32 = 0x01000000;
28
29async fn unwrap_zxcrypt_key(policy: Policy, wrapped_key: &[u8]) -> Result<Vec<u8>, zx::Status> {
30    if wrapped_key.len() != 132 {
31        return Err(zx::Status::INVALID_ARGS);
32    }
33
34    let sources = unseal_sources(policy);
35
36    let (header, _) = ZxcryptHeader::read_from_prefix(wrapped_key).unwrap();
37
38    for source in sources {
39        let key = source.get_key(KeyConsumer::Zxcrypt).await.map_err(|_| zx::Status::INTERNAL)?;
40        let hk = Hkdf::<sha2::Sha256>::new(Some(&header.guid), &key);
41        let mut wrap_key = [0; 16];
42        let mut wrap_iv = [0; 12];
43        hk.expand("wrap key 0".as_bytes(), &mut wrap_key).unwrap();
44        hk.expand("wrap iv 0".as_bytes(), &mut wrap_iv).unwrap();
45
46        let header_size = std::mem::size_of::<ZxcryptHeader>();
47
48        if let Ok(unwrapped) = Aes128GcmSiv::new(Key::<Aes128GcmSiv>::from_slice(&wrap_key))
49            .decrypt(
50                &Nonce::from_slice(&wrap_iv),
51                Payload { msg: &wrapped_key[header_size..], aad: &wrapped_key[..header_size] },
52            )
53        {
54            return Ok(unwrapped);
55        }
56    }
57    log::warn!("Failed to unwrap zxcrypt key!");
58    Err(zx::Status::IO_DATA_INTEGRITY)
59}
60
61async fn create_zxcrypt_key(policy: Policy) -> Result<([u8; 16], Vec<u8>, Vec<u8>), zx::Status> {
62    let sources = unseal_sources(policy);
63
64    let header = ZxcryptHeader {
65        magic: ZXCRYPT_MAGIC,
66        guid: *Uuid::new_v4().as_bytes(),
67        version: ZXCRYPT_VERSION,
68    };
69
70    let mut unwrapped_key = vec![0; 80];
71    zx::cprng_draw(&mut unwrapped_key);
72
73    if let Some(source) = sources.first() {
74        let key = source.get_key(KeyConsumer::Zxcrypt).await.map_err(|_| zx::Status::INTERNAL)?;
75        let hk = Hkdf::<sha2::Sha256>::new(Some(&header.guid), &key);
76        let mut wrap_key = [0; 16];
77        let mut wrap_iv = [0; 12];
78        hk.expand("wrap key 0".as_bytes(), &mut wrap_key).unwrap();
79        hk.expand("wrap iv 0".as_bytes(), &mut wrap_iv).unwrap();
80
81        let wrapped = Aes128GcmSiv::new(Key::<Aes128GcmSiv>::from_slice(&wrap_key))
82            .encrypt(
83                &Nonce::from_slice(&wrap_iv),
84                Payload { msg: &unwrapped_key, aad: &header.as_bytes() },
85            )
86            .unwrap();
87
88        let mut header_and_key = header.as_bytes().to_vec();
89        header_and_key.extend(wrapped);
90
91        Ok(([0; 16], header_and_key, unwrapped_key))
92    } else {
93        log::warn!("No keys sources to create zxcrypt key");
94        Err(zx::Status::INTERNAL)
95    }
96}
97
98pub async fn run_crypt_service(
99    policy: Policy,
100    mut stream: fidl_fuchsia_fxfs::CryptRequestStream,
101) -> Result<(), Error> {
102    while let Some(request) = stream.try_next().await? {
103        match request {
104            CryptRequest::CreateKey { responder, .. } => responder.send(
105                create_zxcrypt_key(policy)
106                    .await
107                    .as_ref()
108                    .map(|(id, w, u)| (id, &w[..], &u[..]))
109                    .map_err(|s| s.into_raw()),
110            )?,
111            CryptRequest::CreateKeyWithId { responder, .. } => {
112                responder.send(Err(zx::Status::BAD_PATH.into_raw()))?
113            }
114            CryptRequest::UnwrapKey { responder, key, .. } => responder.send(
115                unwrap_zxcrypt_key(policy, &key)
116                    .await
117                    .as_ref()
118                    .map(|u| &u[..])
119                    .map_err(|s| s.into_raw()),
120            )?,
121        }
122    }
123    Ok::<(), Error>(())
124}
125
126/// Runs `f` with a scoped crypt service instance.  The instance will be automatically terminated on
127/// completion.
128pub async fn with_crypt_service<R, Fut: Future<Output = Result<R, Error>>>(
129    policy: Policy,
130    f: impl FnOnce(ClientEnd<fidl_fuchsia_fxfs::CryptMarker>) -> Fut,
131) -> Result<R, Error> {
132    let (crypt, stream) = create_request_stream::<fidl_fuchsia_fxfs::CryptMarker>();
133    let mut crypt_service = pin!(async { run_crypt_service(policy, stream).await }.fuse());
134    let mut fut = pin!(f(crypt).fuse());
135
136    loop {
137        futures::select! {
138            _ = crypt_service => {}
139            result = fut => return result,
140        }
141    }
142}
143
144#[cfg(test)]
145mod tests {
146    use super::{with_crypt_service, ZxcryptHeader, ZXCRYPT_MAGIC, ZXCRYPT_VERSION};
147    use crypt_policy::Policy;
148    use zerocopy::FromBytes;
149
150    fn entropy(data: &[u8]) -> f64 {
151        let mut frequencies = [0; 256];
152        for b in data {
153            frequencies[*b as usize] += 1;
154        }
155        -frequencies
156            .into_iter()
157            .map(|f| {
158                if f > 0 {
159                    let p = f as f64 / data.len() as f64;
160                    p * p.log2()
161                } else {
162                    0.0
163                }
164            })
165            .sum::<f64>()
166            / (data.len() as f64).log2()
167    }
168
169    #[fuchsia::test]
170    async fn test_keys() {
171        with_crypt_service(Policy::Null, |crypt| async {
172            let crypt = crypt.into_proxy();
173            let (_, key, unwrapped_key) = crypt
174                .create_key(0, fidl_fuchsia_fxfs::KeyPurpose::Data)
175                .await
176                .unwrap()
177                .expect("create_key failed");
178
179            // Check that unwrapped_key has high entropy.
180            assert!(entropy(&unwrapped_key) > 0.5);
181
182            // Check that key has the correct fields set.
183            let (header, _) = ZxcryptHeader::read_from_prefix(&key).unwrap();
184
185            let magic = header.magic;
186            assert_eq!(magic, ZXCRYPT_MAGIC);
187            assert!(entropy(&header.guid) > 0.5);
188            let version = header.version;
189            assert_eq!(version, ZXCRYPT_VERSION);
190
191            // Check that we can unwrap the returned key.
192            let wrapping_key_id_0 = [0; 16];
193            let unwrapped_key2 = crypt
194                .unwrap_key(&wrapping_key_id_0, 0, &key)
195                .await
196                .unwrap()
197                .expect("unwrap_key failed");
198
199            assert_eq!(unwrapped_key, unwrapped_key2);
200            Ok(())
201        })
202        .await
203        .unwrap();
204    }
205}
zxcrypt_crypt/lib.rs

zxcrypt_crypt/
lib.rs
