Home | History | Annotate | Download | only in keymaster
      1 /*
      2  * Copyright 2014 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #ifndef SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
     18 #define SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
     19 
     20 #include <assert.h>
     21 #include <stdlib.h>
     22 #include <string.h>
     23 
     24 #include <keymaster/android_keymaster_utils.h>
     25 #include <keymaster/authorization_set.h>
     26 
     27 namespace keymaster {
     28 
     29 // Commands
     30 enum AndroidKeymasterCommand {
     31     GENERATE_KEY = 0,
     32     BEGIN_OPERATION = 1,
     33     UPDATE_OPERATION = 2,
     34     FINISH_OPERATION = 3,
     35     ABORT_OPERATION = 4,
     36     IMPORT_KEY = 5,
     37     EXPORT_KEY = 6,
     38     GET_VERSION = 7,
     39     ADD_RNG_ENTROPY = 8,
     40     GET_SUPPORTED_ALGORITHMS = 9,
     41     GET_SUPPORTED_BLOCK_MODES = 10,
     42     GET_SUPPORTED_PADDING_MODES = 11,
     43     GET_SUPPORTED_DIGESTS = 12,
     44     GET_SUPPORTED_IMPORT_FORMATS = 13,
     45     GET_SUPPORTED_EXPORT_FORMATS = 14,
     46     GET_KEY_CHARACTERISTICS = 15,
     47     ATTEST_KEY = 16,
     48     UPGRADE_KEY = 17,
     49 };
     50 
     51 /**
     52  * Keymaster message versions are tied to keymaster versions.  We map the keymaster
     53  * major.minor.subminor version to a sequential "message version".
     54  *
     55  * Rather than encoding a version number into each message we rely on the client -- who initiates
     56  * all requests -- to check the version of the keymaster implementation with the GET_VERSION command
     57  * and to send only requests that the implementation can understand.  This means that only the
     58  * client side needs to manage version compatibility; the implementation can always expect/produce
     59  * messages of its format.
     60  *
     61  * Because message version selection is purely a client-side issue, all messages default to using
     62  * the latest version (MAX_MESSAGE_VERSION).  Client code must take care to check versions and pass
     63  * correct version values to message constructors.  The AndroidKeymaster implementation always uses
     64  * the default, latest.
     65  *
     66  * Note that this approach implies that GetVersionRequest and GetVersionResponse cannot be
     67  * versioned.
     68  */
     69 const int32_t MAX_MESSAGE_VERSION = 3;
     70 inline int32_t MessageVersion(uint8_t major_ver, uint8_t minor_ver, uint8_t /* subminor_ver */) {
     71     int32_t message_version = -1;
     72     switch (major_ver) {
     73     case 0:
     74         // For the moment we still support version 0, though in general the plan is not to support
     75         // non-matching major versions.
     76         message_version = 0;
     77         break;
     78     case 1:
     79         switch (minor_ver) {
     80         case 0:
     81             message_version = 1;
     82             break;
     83         case 1:
     84             message_version = 2;
     85             break;
     86         }
     87         break;
     88     case 2:
     89         message_version = 3;
     90         break;
     91     };
     92     return message_version;
     93 }
     94 
     95 struct KeymasterMessage : public Serializable {
     96     KeymasterMessage(int32_t ver) : message_version(ver) { assert(ver >= 0); }
     97     uint32_t message_version;
     98 };
     99 
    100 /**
    101  * All responses include an error value, and if the error is not KM_ERROR_OK, return no additional
    102  * data.  This abstract class factors out the common serialization functionality for all of the
    103  * responses, so we only have to implement it once.  Inheritance for reuse is generally not a great
    104  * structure, but in this case it's the cleanest option.
    105  */
    106 struct KeymasterResponse : public KeymasterMessage {
    107     explicit KeymasterResponse(int32_t ver)
    108         : KeymasterMessage(ver), error(KM_ERROR_UNKNOWN_ERROR) {}
    109 
    110     size_t SerializedSize() const override;
    111     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    112     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    113 
    114     virtual size_t NonErrorSerializedSize() const = 0;
    115     virtual uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const = 0;
    116     virtual bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) = 0;
    117 
    118     keymaster_error_t error;
    119 };
    120 
    121 struct SupportedAlgorithmsRequest : public KeymasterMessage {
    122     explicit SupportedAlgorithmsRequest(int32_t ver = MAX_MESSAGE_VERSION)
    123         : KeymasterMessage(ver) {}
    124 
    125     size_t SerializedSize() const override { return 0; };
    126     uint8_t* Serialize(uint8_t* buf, const uint8_t* /* end */) const override { return buf; }
    127     bool Deserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override {
    128         return true;
    129     }
    130 };
    131 
    132 struct SupportedByAlgorithmRequest : public KeymasterMessage {
    133     explicit SupportedByAlgorithmRequest(int32_t ver) : KeymasterMessage(ver) {}
    134 
    135     size_t SerializedSize() const override { return sizeof(uint32_t); };
    136     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
    137         return append_uint32_to_buf(buf, end, algorithm);
    138     }
    139     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
    140         return copy_uint32_from_buf(buf_ptr, end, &algorithm);
    141     }
    142 
    143     keymaster_algorithm_t algorithm;
    144 };
    145 
    146 struct SupportedImportFormatsRequest : public SupportedByAlgorithmRequest {
    147     SupportedImportFormatsRequest(int32_t ver = MAX_MESSAGE_VERSION)
    148         : SupportedByAlgorithmRequest(ver) {}
    149 };
    150 
    151 struct SupportedExportFormatsRequest : public SupportedByAlgorithmRequest {
    152     SupportedExportFormatsRequest(int32_t ver = MAX_MESSAGE_VERSION)
    153         : SupportedByAlgorithmRequest(ver) {}
    154 };
    155 
    156 struct SupportedByAlgorithmAndPurposeRequest : public KeymasterMessage {
    157     explicit SupportedByAlgorithmAndPurposeRequest(int32_t ver = MAX_MESSAGE_VERSION)
    158         : KeymasterMessage(ver) {}
    159 
    160     size_t SerializedSize() const override { return sizeof(uint32_t) * 2; };
    161     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
    162         buf = append_uint32_to_buf(buf, end, algorithm);
    163         return append_uint32_to_buf(buf, end, purpose);
    164     }
    165     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
    166         return copy_uint32_from_buf(buf_ptr, end, &algorithm) &&
    167                copy_uint32_from_buf(buf_ptr, end, &purpose);
    168     }
    169 
    170     keymaster_algorithm_t algorithm;
    171     keymaster_purpose_t purpose;
    172 };
    173 
    174 struct SupportedBlockModesRequest : public SupportedByAlgorithmAndPurposeRequest {
    175     SupportedBlockModesRequest(int32_t ver = MAX_MESSAGE_VERSION)
    176         : SupportedByAlgorithmAndPurposeRequest(ver) {}
    177 };
    178 
    179 struct SupportedPaddingModesRequest : public SupportedByAlgorithmAndPurposeRequest {
    180     SupportedPaddingModesRequest(int32_t ver = MAX_MESSAGE_VERSION)
    181         : SupportedByAlgorithmAndPurposeRequest(ver) {}
    182 };
    183 
    184 struct SupportedDigestsRequest : public SupportedByAlgorithmAndPurposeRequest {
    185     SupportedDigestsRequest(int32_t ver = MAX_MESSAGE_VERSION)
    186         : SupportedByAlgorithmAndPurposeRequest(ver) {}
    187 };
    188 
    189 template <typename T> struct SupportedResponse : public KeymasterResponse {
    190     explicit SupportedResponse(int32_t ver)
    191         : KeymasterResponse(ver), results(nullptr), results_length(0) {}
    192     ~SupportedResponse() { delete[] results; }
    193 
    194     template <size_t N> void SetResults(const T (&arr)[N]) { SetResults(arr, N); }
    195 
    196     void SetResults(const T* arr, size_t n) {
    197         delete[] results;
    198         results_length = 0;
    199         results = dup_array(arr, n);
    200         if (results == nullptr) {
    201             error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
    202         } else {
    203             results_length = n;
    204             error = KM_ERROR_OK;
    205         }
    206     }
    207 
    208     size_t NonErrorSerializedSize() const override {
    209         return sizeof(uint32_t) + results_length * sizeof(uint32_t);
    210     }
    211     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override {
    212         return append_uint32_array_to_buf(buf, end, results, results_length);
    213     }
    214     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
    215         delete[] results;
    216         results = nullptr;
    217         UniquePtr<T[]> tmp;
    218         if (!copy_uint32_array_from_buf(buf_ptr, end, &tmp, &results_length))
    219             return false;
    220         results = tmp.release();
    221         return true;
    222     }
    223 
    224     T* results;
    225     size_t results_length;
    226 };
    227 
    228 struct SupportedAlgorithmsResponse : public SupportedResponse<keymaster_algorithm_t> {
    229     SupportedAlgorithmsResponse(int32_t ver = MAX_MESSAGE_VERSION)
    230         : SupportedResponse<keymaster_algorithm_t>(ver) {}
    231 };
    232 
    233 struct SupportedBlockModesResponse : public SupportedResponse<keymaster_block_mode_t> {
    234     SupportedBlockModesResponse(int32_t ver = MAX_MESSAGE_VERSION)
    235         : SupportedResponse<keymaster_block_mode_t>(ver) {}
    236 };
    237 
    238 struct SupportedPaddingModesResponse : public SupportedResponse<keymaster_padding_t> {
    239     SupportedPaddingModesResponse(int32_t ver = MAX_MESSAGE_VERSION)
    240         : SupportedResponse<keymaster_padding_t>(ver) {}
    241 };
    242 
    243 struct SupportedDigestsResponse : public SupportedResponse<keymaster_digest_t> {
    244     SupportedDigestsResponse(int32_t ver = MAX_MESSAGE_VERSION)
    245         : SupportedResponse<keymaster_digest_t>(ver) {}
    246 };
    247 
    248 struct SupportedImportFormatsResponse : public SupportedResponse<keymaster_key_format_t> {
    249     SupportedImportFormatsResponse(int32_t ver = MAX_MESSAGE_VERSION)
    250         : SupportedResponse<keymaster_key_format_t>(ver) {}
    251 };
    252 
    253 struct SupportedExportFormatsResponse : public SupportedResponse<keymaster_key_format_t> {
    254     SupportedExportFormatsResponse(int32_t ver = MAX_MESSAGE_VERSION)
    255         : SupportedResponse<keymaster_key_format_t>(ver) {}
    256 };
    257 
    258 struct GenerateKeyRequest : public KeymasterMessage {
    259     explicit GenerateKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
    260 
    261     size_t SerializedSize() const override { return key_description.SerializedSize(); }
    262     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
    263         return key_description.Serialize(buf, end);
    264     }
    265     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
    266         return key_description.Deserialize(buf_ptr, end);
    267     }
    268 
    269     AuthorizationSet key_description;
    270 };
    271 
    272 struct GenerateKeyResponse : public KeymasterResponse {
    273     explicit GenerateKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
    274         key_blob.key_material = nullptr;
    275         key_blob.key_material_size = 0;
    276     }
    277     ~GenerateKeyResponse();
    278 
    279     size_t NonErrorSerializedSize() const override;
    280     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
    281     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    282 
    283     keymaster_key_blob_t key_blob;
    284     AuthorizationSet enforced;
    285     AuthorizationSet unenforced;
    286 };
    287 
    288 struct GetKeyCharacteristicsRequest : public KeymasterMessage {
    289     explicit GetKeyCharacteristicsRequest(int32_t ver = MAX_MESSAGE_VERSION)
    290         : KeymasterMessage(ver) {
    291         key_blob.key_material = nullptr;
    292         key_blob.key_material_size = 0;
    293     }
    294     ~GetKeyCharacteristicsRequest();
    295 
    296     void SetKeyMaterial(const void* key_material, size_t length);
    297     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
    298         SetKeyMaterial(blob.key_material, blob.key_material_size);
    299     }
    300 
    301     size_t SerializedSize() const override;
    302     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    303     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    304 
    305     keymaster_key_blob_t key_blob;
    306     AuthorizationSet additional_params;
    307 };
    308 
    309 struct GetKeyCharacteristicsResponse : public KeymasterResponse {
    310     explicit GetKeyCharacteristicsResponse(int32_t ver = MAX_MESSAGE_VERSION)
    311         : KeymasterResponse(ver) {}
    312     size_t NonErrorSerializedSize() const override;
    313     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
    314     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    315 
    316     AuthorizationSet enforced;
    317     AuthorizationSet unenforced;
    318 };
    319 
    320 struct BeginOperationRequest : public KeymasterMessage {
    321     explicit BeginOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
    322         key_blob.key_material = nullptr;
    323         key_blob.key_material_size = 0;
    324     }
    325     ~BeginOperationRequest() { delete[] key_blob.key_material; }
    326 
    327     void SetKeyMaterial(const void* key_material, size_t length);
    328     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
    329         SetKeyMaterial(blob.key_material, blob.key_material_size);
    330     }
    331 
    332     size_t SerializedSize() const;
    333     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    334     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    335 
    336     keymaster_purpose_t purpose;
    337     keymaster_key_blob_t key_blob;
    338     AuthorizationSet additional_params;
    339 };
    340 
    341 struct BeginOperationResponse : public KeymasterResponse {
    342     explicit BeginOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
    343 
    344     size_t NonErrorSerializedSize() const override;
    345     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
    346     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    347 
    348     keymaster_operation_handle_t op_handle;
    349     AuthorizationSet output_params;
    350 };
    351 
    352 struct UpdateOperationRequest : public KeymasterMessage {
    353     explicit UpdateOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
    354 
    355     size_t SerializedSize() const override;
    356     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    357     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    358 
    359     keymaster_operation_handle_t op_handle;
    360     Buffer input;
    361     AuthorizationSet additional_params;
    362 };
    363 
    364 struct UpdateOperationResponse : public KeymasterResponse {
    365     explicit UpdateOperationResponse(int32_t ver = MAX_MESSAGE_VERSION)
    366         : KeymasterResponse(ver), input_consumed(0) {}
    367 
    368     size_t NonErrorSerializedSize() const override;
    369     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
    370     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    371 
    372     Buffer output;
    373     size_t input_consumed;
    374     AuthorizationSet output_params;
    375 };
    376 
    377 struct FinishOperationRequest : public KeymasterMessage {
    378     explicit FinishOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
    379 
    380     size_t SerializedSize() const override;
    381     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    382     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    383 
    384     keymaster_operation_handle_t op_handle;
    385     Buffer input;
    386     Buffer signature;
    387     AuthorizationSet additional_params;
    388 };
    389 
    390 struct FinishOperationResponse : public KeymasterResponse {
    391     explicit FinishOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
    392 
    393     size_t NonErrorSerializedSize() const override;
    394     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
    395     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    396 
    397     Buffer output;
    398     AuthorizationSet output_params;
    399 };
    400 
    401 struct AbortOperationRequest : public KeymasterMessage {
    402     explicit AbortOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
    403 
    404     size_t SerializedSize() const override { return sizeof(uint64_t); }
    405     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
    406         return append_uint64_to_buf(buf, end, op_handle);
    407     }
    408     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
    409         return copy_uint64_from_buf(buf_ptr, end, &op_handle);
    410     }
    411 
    412     keymaster_operation_handle_t op_handle;
    413 };
    414 
    415 struct AbortOperationResponse : public KeymasterResponse {
    416     explicit AbortOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
    417 
    418     size_t NonErrorSerializedSize() const override { return 0; }
    419     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
    420     bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
    421 };
    422 
    423 struct AddEntropyRequest : public KeymasterMessage {
    424     explicit AddEntropyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
    425 
    426     size_t SerializedSize() const override;
    427     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    428     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    429 
    430     Buffer random_data;
    431 };
    432 
    433 struct AddEntropyResponse : public KeymasterResponse {
    434     explicit AddEntropyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
    435 
    436     size_t NonErrorSerializedSize() const override { return 0; }
    437     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* /* end */) const override {
    438         return buf;
    439     }
    440     bool NonErrorDeserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override {
    441         return true;
    442     }
    443 };
    444 
    445 struct ImportKeyRequest : public KeymasterMessage {
    446     explicit ImportKeyRequest(int32_t ver = MAX_MESSAGE_VERSION)
    447         : KeymasterMessage(ver), key_data(nullptr) {}
    448     ~ImportKeyRequest() { delete[] key_data; }
    449 
    450     void SetKeyMaterial(const void* key_material, size_t length);
    451     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
    452         SetKeyMaterial(blob.key_material, blob.key_material_size);
    453     }
    454 
    455     size_t SerializedSize() const override;
    456     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    457     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    458 
    459     AuthorizationSet key_description;
    460     keymaster_key_format_t key_format;
    461     uint8_t* key_data;
    462     size_t key_data_length;
    463 };
    464 
    465 struct ImportKeyResponse : public KeymasterResponse {
    466     explicit ImportKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
    467         key_blob.key_material = nullptr;
    468         key_blob.key_material_size = 0;
    469     }
    470     ~ImportKeyResponse() { delete[] key_blob.key_material; }
    471 
    472     void SetKeyMaterial(const void* key_material, size_t length);
    473     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
    474         SetKeyMaterial(blob.key_material, blob.key_material_size);
    475     }
    476 
    477     size_t NonErrorSerializedSize() const override;
    478     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
    479     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    480 
    481     keymaster_key_blob_t key_blob;
    482     AuthorizationSet enforced;
    483     AuthorizationSet unenforced;
    484 };
    485 
    486 struct ExportKeyRequest : public KeymasterMessage {
    487     explicit ExportKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
    488         key_blob.key_material = nullptr;
    489         key_blob.key_material_size = 0;
    490     }
    491     ~ExportKeyRequest() { delete[] key_blob.key_material; }
    492 
    493     void SetKeyMaterial(const void* key_material, size_t length);
    494     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
    495         SetKeyMaterial(blob.key_material, blob.key_material_size);
    496     }
    497 
    498     size_t SerializedSize() const override;
    499     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    500     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    501 
    502     AuthorizationSet additional_params;
    503     keymaster_key_format_t key_format;
    504     keymaster_key_blob_t key_blob;
    505 };
    506 
    507 struct ExportKeyResponse : public KeymasterResponse {
    508     explicit ExportKeyResponse(int32_t ver = MAX_MESSAGE_VERSION)
    509         : KeymasterResponse(ver), key_data(nullptr) {}
    510     ~ExportKeyResponse() { delete[] key_data; }
    511 
    512     void SetKeyMaterial(const void* key_material, size_t length);
    513     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
    514         SetKeyMaterial(blob.key_material, blob.key_material_size);
    515     }
    516 
    517     size_t NonErrorSerializedSize() const override;
    518     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
    519     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    520 
    521     uint8_t* key_data;
    522     size_t key_data_length;
    523 };
    524 
    525 struct DeleteKeyRequest : public KeymasterMessage {
    526     explicit DeleteKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
    527         key_blob.key_material = nullptr;
    528         key_blob.key_material_size = 0;
    529     }
    530     ~DeleteKeyRequest() { delete[] key_blob.key_material; }
    531 
    532     void SetKeyMaterial(const void* key_material, size_t length);
    533     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
    534         SetKeyMaterial(blob.key_material, blob.key_material_size);
    535     }
    536 
    537     size_t SerializedSize() const override;
    538     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    539     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    540 
    541     keymaster_key_blob_t key_blob;
    542 };
    543 
    544 struct DeleteKeyResponse : public KeymasterResponse {
    545     explicit DeleteKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
    546 
    547     size_t NonErrorSerializedSize() const override { return 0; }
    548     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
    549     bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
    550 };
    551 
    552 struct DeleteAllKeysRequest : public KeymasterMessage {
    553     explicit DeleteAllKeysRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
    554 
    555     size_t SerializedSize() const override { return 0; }
    556     uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; }
    557     bool Deserialize(const uint8_t**, const uint8_t*) override { return true; };
    558 };
    559 
    560 struct DeleteAllKeysResponse : public KeymasterResponse {
    561     explicit DeleteAllKeysResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
    562 
    563     size_t NonErrorSerializedSize() const override { return 0; }
    564     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
    565     bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
    566 };
    567 
    568 struct GetVersionRequest : public KeymasterMessage {
    569     GetVersionRequest() : KeymasterMessage(0 /* not versionable */) {}
    570 
    571     size_t SerializedSize() const override { return 0; }
    572     uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; }
    573     bool Deserialize(const uint8_t**, const uint8_t*) override { return true; };
    574 };
    575 
    576 struct GetVersionResponse : public KeymasterResponse {
    577     GetVersionResponse()
    578         : KeymasterResponse(0 /* not versionable */), major_ver(0), minor_ver(0), subminor_ver(0) {}
    579 
    580     size_t NonErrorSerializedSize() const override;
    581     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
    582     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    583 
    584     uint8_t major_ver;
    585     uint8_t minor_ver;
    586     uint8_t subminor_ver;
    587 };
    588 
    589 struct AttestKeyRequest : public KeymasterMessage {
    590     explicit AttestKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
    591         key_blob.key_material = nullptr;
    592         key_blob.key_material_size = 0;
    593     }
    594     ~AttestKeyRequest();
    595 
    596     void SetKeyMaterial(const void* key_material, size_t length);
    597     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
    598         SetKeyMaterial(blob.key_material, blob.key_material_size);
    599     }
    600 
    601     size_t SerializedSize() const override;
    602     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    603     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    604 
    605     keymaster_key_blob_t key_blob;
    606     AuthorizationSet attest_params;
    607 };
    608 
    609 struct AttestKeyResponse : public KeymasterResponse {
    610     explicit AttestKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
    611         certificate_chain.entry_count = 0;
    612         certificate_chain.entries = nullptr;
    613     }
    614     ~AttestKeyResponse();
    615 
    616     bool AllocateChain(size_t entry_count);
    617 
    618     size_t NonErrorSerializedSize() const override;
    619     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
    620     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    621 
    622     keymaster_cert_chain_t certificate_chain;
    623 };
    624 
    625 struct UpgradeKeyRequest : public KeymasterMessage {
    626     explicit UpgradeKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
    627         key_blob = {nullptr, 0};
    628     }
    629     ~UpgradeKeyRequest();
    630 
    631     void SetKeyMaterial(const void* key_material, size_t length);
    632     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
    633         SetKeyMaterial(blob.key_material, blob.key_material_size);
    634     }
    635 
    636     size_t SerializedSize() const override;
    637     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
    638     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    639 
    640     keymaster_key_blob_t key_blob;
    641     AuthorizationSet upgrade_params;
    642 };
    643 
    644 struct UpgradeKeyResponse : public KeymasterResponse {
    645     explicit UpgradeKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
    646         upgraded_key = {nullptr, 0};
    647     }
    648     ~UpgradeKeyResponse();
    649 
    650     size_t NonErrorSerializedSize() const override;
    651     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
    652     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
    653 
    654     keymaster_key_blob_t upgraded_key;
    655 };
    656 
    657 }  // namespace keymaster
    658 
    659 #endif  // SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
    660