pfk: keymaster support to set/clear ice keys

With new FBE key management changes, the keys are not
available in the clear, but wrapped with an ephemeral key
from keymaster. We cannot use a direct call to the qsee
kernel to set/clear keys as they need to be unwrapped by
keymaster first, which would then call in to the qsee kernel
to set/clear the keys.

Change-Id: Ie3fba8c0613d246efb5577ef6a0254171f082bfe
Signed-off-by: Shivaprasad Hongal <shongal@codeaurora.org>

security/pfe/Kconfig

@@ -25,4 +25,17 @@ config PFK
 		Information is used when file is encrypted later using
 		ICE or dm crypto engine
 
+config PFK_WRAPPED_KEY_SUPPORTED
+	bool "Per-File-Key driver with wrapped key support"
+	depends on SECURITY
+	depends on SECURITY_SELINUX
+	depends on QSEECOM
+	depends on PFK
+	default n
+	help
+		Adds wrapped key support in PFK driver. Instead of setting
+		the key directly from vold, it unwraps the key in a secure
+		environment and sets the key in ICE. This is because the key
+		is not directly available in HLOS and needs to be unwrapped
+		in a secure environment.
 endmenu

security/pfe/Makefile

@@ -5,6 +5,7 @@
 ccflags-y += -Isecurity/selinux -Isecurity/selinux/include
 ccflags-y += -Ifs/ext4
 ccflags-y += -Ifs/crypto
+ccflags-y += -Idrivers/misc
 
 obj-$(CONFIG_PFT) += pft.o
 obj-$(CONFIG_PFK) += pfk.o pfk_kc.o pfk_ice.o pfk_ext4.o

security/pfe/pfk_ice.c

@@ -24,7 +24,7 @@
 #include <soc/qcom/qseecomi.h>
 #include <crypto/ice.h>
 #include "pfk_ice.h"
-
+#include "qseecom_kernel.h"
 
 /**********************************/
 /** global definitions		 **/
@@ -55,48 +55,120 @@
 	TZ_SYSCALL_CREATE_PARAM_ID_1( \
 	TZ_SYSCALL_PARAM_TYPE_VAL)
 
+#define CONTEXT_SIZE 0x1000
+
+#define KEYMASTER_UTILS_CMD_ID 0x200UL
+#define KEYMASTER_SET_ICE_KEY (KEYMASTER_UTILS_CMD_ID + 18UL)
+#define KEYMASTER_CLEAR_ICE_KEY (KEYMASTER_UTILS_CMD_ID + 19UL)
+
 #define ICE_KEY_SIZE 32
 #define ICE_SALT_SIZE 32
 
 static uint8_t ice_key[ICE_KEY_SIZE];
 static uint8_t ice_salt[ICE_KEY_SIZE];
 
-int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt,
-			char *storage_type)
+static struct qseecom_handle *qhandle;
+
+static int set_wrapped_key(uint32_t index, const uint8_t *key,
+				const uint8_t *salt)
+{
+	int ret = 0;
+	u32 set_req_len = 0;
+	u32 set_rsp_len = 0;
+	struct pfk_ice_key_req *set_req_buf;
+	struct pfk_ice_key_rsp *set_rsp_buf;
+
+	memcpy(ice_key, key, sizeof(ice_key));
+	memcpy(ice_salt, salt, sizeof(ice_salt));
+
+	if (!qhandle) {
+		ret = qseecom_start_app(&qhandle, "keymaster64",
+			CONTEXT_SIZE);
+		if (ret) {
+			pr_err("Qseecom start app failed\n");
+			return ret;
+		}
+	}
+
+	set_req_buf = (struct pfk_ice_key_req *) qhandle->sbuf;
+	set_req_buf->cmd_id = KEYMASTER_SET_ICE_KEY;
+	set_req_buf->index = index;
+	set_req_buf->ice_key_offset = sizeof(struct pfk_ice_key_req);
+	set_req_buf->ice_key_size = ICE_KEY_SIZE;
+	set_req_buf->ice_salt_offset = set_req_buf->ice_key_offset +
+					set_req_buf->ice_key_size;
+	set_req_buf->ice_salt_size = ICE_SALT_SIZE;
+
+	memcpy((uint8_t *) set_req_buf + set_req_buf->ice_key_offset, ice_key,
+				set_req_buf->ice_key_size);
+	memcpy((uint8_t *) set_req_buf + set_req_buf->ice_salt_offset, ice_salt,
+				set_req_buf->ice_salt_size);
+
+	set_req_len = sizeof(struct pfk_ice_key_req) + set_req_buf->ice_key_size
+			+ set_req_buf->ice_salt_size;
+
+	set_rsp_buf = (struct pfk_ice_key_rsp *) (qhandle->sbuf +
+			set_req_len);
+	set_rsp_len = sizeof(struct pfk_ice_key_rsp);
+
+	ret = qseecom_send_command(qhandle,
+					set_req_buf, set_req_len,
+					set_rsp_buf, set_rsp_len);
+
+	if (ret)
+		pr_err("%s: Set wrapped key  error: Status %d\n", __func__,
+						set_rsp_buf->ret);
+
+	return ret;
+}
+
+static int clear_wrapped_key(uint32_t index)
+{
+	int ret = 0;
+
+	u32 clear_req_len = 0;
+	u32 clear_rsp_len = 0;
+	struct pfk_ice_key_req *clear_req_buf;
+	struct pfk_ice_key_rsp *clear_rsp_buf;
+
+	clear_req_buf = (struct pfk_ice_key_req *) qhandle->sbuf;
+	memset(clear_req_buf, 0, sizeof(qhandle->sbuf));
+	clear_req_buf->cmd_id = KEYMASTER_CLEAR_ICE_KEY;
+	clear_req_buf->index = index;
+	clear_req_len = sizeof(struct pfk_ice_key_req);
+	clear_rsp_buf = (struct pfk_ice_key_rsp *) (qhandle->sbuf +
+			QSEECOM_ALIGN(clear_req_len));
+	clear_rsp_len = sizeof(struct pfk_ice_key_rsp);
+
+	ret = qseecom_send_command(qhandle, clear_req_buf, clear_req_len,
+			clear_rsp_buf, clear_rsp_len);
+	if (ret)
+		pr_err("%s: Clear wrapped key error: Status %d\n", __func__,
+					clear_rsp_buf->ret);
+
+	return ret;
+}
+
+static int set_key(uint32_t index, const uint8_t *key, const uint8_t *salt)
 {
 	struct scm_desc desc = {0};
-	int ret, ret1;
+	int ret = 0;
+	uint32_t smc_id = 0;
 	char *tzbuf_key = (char *)ice_key;
 	char *tzbuf_salt = (char *)ice_salt;
-	char *s_type = storage_type;
-	uint32_t smc_id = 0;
 	u32 tzbuflen_key = sizeof(ice_key);
 	u32 tzbuflen_salt = sizeof(ice_salt);
 
-	if (index < MIN_ICE_KEY_INDEX || index > MAX_ICE_KEY_INDEX) {
-		pr_err("%s Invalid index %d\n", __func__, index);
-		return -EINVAL;
-	}
-	if (!key || !salt) {
-		pr_err("%s Invalid key/salt\n", __func__);
-		return -EINVAL;
-	}
-
 	if (!tzbuf_key || !tzbuf_salt) {
 		pr_err("%s No Memory\n", __func__);
 		return -ENOMEM;
 	}
 
-	if (s_type == NULL) {
-		pr_err("%s Invalid Storage type\n", __func__);
-		return -EINVAL;
-	}
-
 	memset(tzbuf_key, 0, tzbuflen_key);
 	memset(tzbuf_salt, 0, tzbuflen_salt);
 
-	memcpy(ice_key, key, tzbuflen_key);
-	memcpy(ice_salt, salt, tzbuflen_salt);
+	memcpy(ice_key, key, sizeof(ice_key));
+	memcpy(ice_salt, salt, sizeof(ice_salt));
 
 	dmac_flush_range(tzbuf_key, tzbuf_key + tzbuflen_key);
 	dmac_flush_range(tzbuf_salt, tzbuf_salt + tzbuflen_salt);
@@ -110,33 +182,84 @@ int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt,
 	desc.args[3] = virt_to_phys(tzbuf_salt);
 	desc.args[4] = tzbuflen_salt;
 
+	ret = scm_call2(smc_id, &desc);
+	if (ret)
+		pr_err("%s:SCM call Error: 0x%x\n", __func__, ret);
+
+	return ret;
+}
+
+static int clear_key(uint32_t index)
+{
+	struct scm_desc desc = {0};
+	int ret = 0;
+	uint32_t smc_id = 0;
+
+	smc_id = TZ_ES_INVALIDATE_ICE_KEY_ID;
+
+	desc.arginfo = TZ_ES_INVALIDATE_ICE_KEY_PARAM_ID;
+	desc.args[0] = index;
+
+	ret = scm_call2(smc_id, &desc);
+	if (ret)
+		pr_err("%s:SCM call Error: 0x%x\n", __func__, ret);
+	return ret;
+}
+
+int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt,
+			char *storage_type)
+{
+	int ret = 0, ret1 = 0;
+	char *s_type = storage_type;
+
+	if (index < MIN_ICE_KEY_INDEX || index > MAX_ICE_KEY_INDEX) {
+		pr_err("%s Invalid index %d\n", __func__, index);
+		return -EINVAL;
+	}
+	if (!key || !salt) {
+		pr_err("%s Invalid key/salt\n", __func__);
+		return -EINVAL;
+	}
+
+	if (s_type == NULL) {
+		pr_err("%s Invalid Storage type\n", __func__);
+		return -EINVAL;
+	}
+
 	ret = qcom_ice_setup_ice_hw((const char *)s_type, true);
 	if (ret) {
 		pr_err("%s: could not enable clocks: %d\n", __func__, ret);
 		goto out;
 	}
 
-	ret = scm_call2(smc_id, &desc);
+	if (pfk_wrapped_key_supported()) {
+		pr_debug("%s: Setting wrapped key\n", __func__);
+		ret = set_wrapped_key(index, key, salt);
+	} else {
+		pr_debug("%s: Setting keys with QSEE kernel\n", __func__);
+		ret = set_key(index, key, salt);
+	}
+
 	if (ret) {
 		pr_err("%s: Set Key Error: %d\n", __func__, ret);
 		if (ret == -EBUSY) {
 			if (qcom_ice_setup_ice_hw((const char *)s_type, false))
 				pr_err("%s: clock disable failed\n", __func__);
-			goto out;
+				goto out;
 		}
 		/* Try to invalidate the key to keep ICE in proper state */
-		smc_id = TZ_ES_INVALIDATE_ICE_KEY_ID;
-		desc.arginfo = TZ_ES_INVALIDATE_ICE_KEY_PARAM_ID;
-		desc.args[0] = index;
-		ret1 = scm_call2(smc_id, &desc);
+		if (pfk_wrapped_key_supported())
+			ret1 = clear_wrapped_key(index);
+		else
+			ret1 = clear_key(index);
+
 		if (ret1)
-			pr_err("%s: Invalidate Key Error: %d\n", __func__,
-					ret1);
+			pr_err("%s: Invalidate key error: %d\n", __func__, ret);
 	}
 
 	ret1 = qcom_ice_setup_ice_hw((const char *)s_type, false);
-	if (ret1)
-		pr_err("%s: Error %d disabling clocks\n", __func__, ret1);
+	if (ret)
+		pr_err("%s: Error %d disabling clocks\n", __func__, ret);
 
 out:
 	return ret;
@@ -144,11 +267,8 @@ out:
 
 int qti_pfk_ice_invalidate_key(uint32_t index, char *storage_type)
 {
-	struct scm_desc desc = {0};
 	int ret = 0;
 
-	uint32_t smc_id = 0;
-
 	if (index < MIN_ICE_KEY_INDEX || index > MAX_ICE_KEY_INDEX) {
 		pr_err("%s Invalid index %d\n", __func__, index);
 		return -EINVAL;
@@ -159,20 +279,22 @@ int qti_pfk_ice_invalidate_key(uint32_t index, char *storage_type)
 		return -EINVAL;
 	}
 
-	smc_id = TZ_ES_INVALIDATE_ICE_KEY_ID;
-
-	desc.arginfo = TZ_ES_INVALIDATE_ICE_KEY_PARAM_ID;
-	desc.args[0] = index;
-
 	ret = qcom_ice_setup_ice_hw((const char *)storage_type, true);
 	if (ret) {
 		pr_err("%s: could not enable clocks: 0x%x\n", __func__, ret);
 		return ret;
 	}
 
-	ret = scm_call2(smc_id, &desc);
+	if (pfk_wrapped_key_supported()) {
+		ret = clear_wrapped_key(index);
+		pr_debug("%s: Clearing wrapped key\n", __func__);
+	} else {
+		pr_debug("%s: Clearing keys with QSEE kernel\n", __func__);
+		ret = clear_key(index);
+	}
+
 	if (ret)
-		pr_err("%s: Error: 0x%x\n", __func__, ret);
+		pr_err("%s: Invalidate key error: %d\n", __func__, ret);
 
 	if (qcom_ice_setup_ice_hw((const char *)storage_type, false))
 		pr_err("%s: could not disable clocks\n", __func__);

security/pfe/pfk_ice.h

@@ -22,9 +22,35 @@
 
 #include <linux/types.h>
 
+struct __attribute__ ((__packed__)) pfk_ice_key_req {
+	uint32_t cmd_id;
+	uint32_t index;
+	uint32_t ice_key_offset;
+	uint32_t ice_key_size;
+	uint32_t ice_salt_offset;
+	uint32_t ice_salt_size;
+};
+
+struct __attribute__ ((__packed__)) pfk_ice_key_rsp {
+	uint32_t ret;
+	uint32_t cmd_id;
+};
+
 int pfk_ice_init(void);
 int pfk_ice_deinit(void);
 
+#ifdef CONFIG_PFK_WRAPPED_KEY_SUPPORTED
+static inline bool pfk_wrapped_key_supported(void)
+{
+	return true;
+}
+#else
+static inline bool pfk_wrapped_key_supported(void)
+{
+	return false;
+}
+#endif
+
 int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt,
 			char *storage_type);
 int qti_pfk_ice_invalidate_key(uint32_t index, char *storage_type);