1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_ 18 #define SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_ 19 20 #include <assert.h> 21 #include <stdint.h> 22 #include <stdlib.h> 23 #include <string.h> 24 25 #include <keymaster/android_keymaster_utils.h> 26 #include <keymaster/authorization_set.h> 27 28 namespace keymaster { 29 30 // Commands 31 enum AndroidKeymasterCommand : uint32_t { 32 GENERATE_KEY = 0, 33 BEGIN_OPERATION = 1, 34 UPDATE_OPERATION = 2, 35 FINISH_OPERATION = 3, 36 ABORT_OPERATION = 4, 37 IMPORT_KEY = 5, 38 EXPORT_KEY = 6, 39 GET_VERSION = 7, 40 ADD_RNG_ENTROPY = 8, 41 GET_SUPPORTED_ALGORITHMS = 9, 42 GET_SUPPORTED_BLOCK_MODES = 10, 43 GET_SUPPORTED_PADDING_MODES = 11, 44 GET_SUPPORTED_DIGESTS = 12, 45 GET_SUPPORTED_IMPORT_FORMATS = 13, 46 GET_SUPPORTED_EXPORT_FORMATS = 14, 47 GET_KEY_CHARACTERISTICS = 15, 48 ATTEST_KEY = 16, 49 UPGRADE_KEY = 17, 50 CONFIGURE = 18, 51 GET_HMAC_SHARING_PARAMETERS = 19, 52 COMPUTE_SHARED_HMAC = 20, 53 VERIFY_AUTHORIZATION = 21, 54 }; 55 56 /** 57 * Keymaster message versions are tied to keymaster versions. We map the keymaster 58 * major.minor.subminor version to a sequential "message version". 59 * 60 * Rather than encoding a version number into each message we rely on the client -- who initiates 61 * all requests -- to check the version of the keymaster implementation with the GET_VERSION command 62 * and to send only requests that the implementation can understand. This means that only the 63 * client side needs to manage version compatibility; the implementation can always expect/produce 64 * messages of its format. 65 * 66 * Because message version selection is purely a client-side issue, all messages default to using 67 * the latest version (MAX_MESSAGE_VERSION). Client code must take care to check versions and pass 68 * correct version values to message constructors. The AndroidKeymaster implementation always uses 69 * the default, latest. 70 * 71 * Note that this approach implies that GetVersionRequest and GetVersionResponse cannot be 72 * versioned. 73 */ 74 const int32_t MAX_MESSAGE_VERSION = 3; 75 inline int32_t MessageVersion(uint8_t major_ver, uint8_t minor_ver, uint8_t /* subminor_ver */) { 76 int32_t message_version = -1; 77 switch (major_ver) { 78 case 0: 79 // For the moment we still support version 0, though in general the plan is not to support 80 // non-matching major versions. 81 message_version = 0; 82 break; 83 case 1: 84 switch (minor_ver) { 85 case 0: 86 message_version = 1; 87 break; 88 case 1: 89 message_version = 2; 90 break; 91 } 92 break; 93 case 2: 94 message_version = 3; 95 break; 96 }; 97 return message_version; 98 } 99 100 struct KeymasterMessage : public Serializable { 101 explicit KeymasterMessage(int32_t ver) : message_version(ver) { assert(ver >= 0); } 102 KeymasterMessage(KeymasterMessage&& other) : message_version(move(other.message_version)) {} 103 uint32_t message_version; 104 }; 105 106 /** 107 * All responses include an error value, and if the error is not KM_ERROR_OK, return no additional 108 * data. This abstract class factors out the common serialization functionality for all of the 109 * responses, so we only have to implement it once. Inheritance for reuse is generally not a great 110 * structure, but in this case it's the cleanest option. 111 */ 112 struct KeymasterResponse : public KeymasterMessage { 113 explicit KeymasterResponse(int32_t ver) 114 : KeymasterMessage(ver), error(KM_ERROR_UNKNOWN_ERROR) {} 115 KeymasterResponse(KeymasterResponse&& other) 116 : KeymasterMessage(move(other)), error(move(other.error)) {} 117 KeymasterResponse& operator=(KeymasterResponse&&) = default; 118 119 size_t SerializedSize() const override; 120 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 121 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 122 123 virtual size_t NonErrorSerializedSize() const = 0; 124 virtual uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const = 0; 125 virtual bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) = 0; 126 127 keymaster_error_t error; 128 }; 129 130 struct SupportedAlgorithmsRequest : public KeymasterMessage { 131 explicit SupportedAlgorithmsRequest(int32_t ver = MAX_MESSAGE_VERSION) 132 : KeymasterMessage(ver) {} 133 134 size_t SerializedSize() const override { return 0; }; 135 uint8_t* Serialize(uint8_t* buf, const uint8_t* /* end */) const override { return buf; } 136 bool Deserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override { 137 return true; 138 } 139 }; 140 141 struct SupportedByAlgorithmRequest : public KeymasterMessage { 142 explicit SupportedByAlgorithmRequest(int32_t ver) : KeymasterMessage(ver) {} 143 144 size_t SerializedSize() const override { return sizeof(uint32_t); }; 145 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 146 return append_uint32_to_buf(buf, end, algorithm); 147 } 148 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 149 return copy_uint32_from_buf(buf_ptr, end, &algorithm); 150 } 151 152 keymaster_algorithm_t algorithm; 153 }; 154 155 struct SupportedImportFormatsRequest : public SupportedByAlgorithmRequest { 156 explicit SupportedImportFormatsRequest(int32_t ver = MAX_MESSAGE_VERSION) 157 : SupportedByAlgorithmRequest(ver) {} 158 }; 159 160 struct SupportedExportFormatsRequest : public SupportedByAlgorithmRequest { 161 explicit SupportedExportFormatsRequest(int32_t ver = MAX_MESSAGE_VERSION) 162 : SupportedByAlgorithmRequest(ver) {} 163 }; 164 165 struct SupportedByAlgorithmAndPurposeRequest : public KeymasterMessage { 166 explicit SupportedByAlgorithmAndPurposeRequest(int32_t ver = MAX_MESSAGE_VERSION) 167 : KeymasterMessage(ver) {} 168 169 size_t SerializedSize() const override { return sizeof(uint32_t) * 2; }; 170 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 171 buf = append_uint32_to_buf(buf, end, algorithm); 172 return append_uint32_to_buf(buf, end, purpose); 173 } 174 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 175 return copy_uint32_from_buf(buf_ptr, end, &algorithm) && 176 copy_uint32_from_buf(buf_ptr, end, &purpose); 177 } 178 179 keymaster_algorithm_t algorithm; 180 keymaster_purpose_t purpose; 181 }; 182 183 struct SupportedBlockModesRequest : public SupportedByAlgorithmAndPurposeRequest { 184 explicit SupportedBlockModesRequest(int32_t ver = MAX_MESSAGE_VERSION) 185 : SupportedByAlgorithmAndPurposeRequest(ver) {} 186 }; 187 188 struct SupportedPaddingModesRequest : public SupportedByAlgorithmAndPurposeRequest { 189 explicit SupportedPaddingModesRequest(int32_t ver = MAX_MESSAGE_VERSION) 190 : SupportedByAlgorithmAndPurposeRequest(ver) {} 191 }; 192 193 struct SupportedDigestsRequest : public SupportedByAlgorithmAndPurposeRequest { 194 explicit SupportedDigestsRequest(int32_t ver = MAX_MESSAGE_VERSION) 195 : SupportedByAlgorithmAndPurposeRequest(ver) {} 196 }; 197 198 template <typename T> struct SupportedResponse : public KeymasterResponse { 199 explicit SupportedResponse(int32_t ver) 200 : KeymasterResponse(ver), results(nullptr), results_length(0) {} 201 ~SupportedResponse() { delete[] results; } 202 203 template <size_t N> void SetResults(const T (&arr)[N]) { SetResults(arr, N); } 204 205 void SetResults(const T* arr, size_t n) { 206 delete[] results; 207 results_length = 0; 208 results = dup_array(arr, n); 209 if (results == nullptr) { 210 error = KM_ERROR_MEMORY_ALLOCATION_FAILED; 211 } else { 212 results_length = n; 213 error = KM_ERROR_OK; 214 } 215 } 216 217 size_t NonErrorSerializedSize() const override { 218 return sizeof(uint32_t) + results_length * sizeof(uint32_t); 219 } 220 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override { 221 return append_uint32_array_to_buf(buf, end, results, results_length); 222 } 223 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 224 delete[] results; 225 results = nullptr; 226 UniquePtr<T[]> tmp; 227 if (!copy_uint32_array_from_buf(buf_ptr, end, &tmp, &results_length)) return false; 228 results = tmp.release(); 229 return true; 230 } 231 232 T* results; 233 size_t results_length; 234 }; 235 236 struct SupportedAlgorithmsResponse : public SupportedResponse<keymaster_algorithm_t> { 237 explicit SupportedAlgorithmsResponse(int32_t ver = MAX_MESSAGE_VERSION) 238 : SupportedResponse<keymaster_algorithm_t>(ver) {} 239 }; 240 241 struct SupportedBlockModesResponse : public SupportedResponse<keymaster_block_mode_t> { 242 explicit SupportedBlockModesResponse(int32_t ver = MAX_MESSAGE_VERSION) 243 : SupportedResponse<keymaster_block_mode_t>(ver) {} 244 }; 245 246 struct SupportedPaddingModesResponse : public SupportedResponse<keymaster_padding_t> { 247 explicit SupportedPaddingModesResponse(int32_t ver = MAX_MESSAGE_VERSION) 248 : SupportedResponse<keymaster_padding_t>(ver) {} 249 }; 250 251 struct SupportedDigestsResponse : public SupportedResponse<keymaster_digest_t> { 252 explicit SupportedDigestsResponse(int32_t ver = MAX_MESSAGE_VERSION) 253 : SupportedResponse<keymaster_digest_t>(ver) {} 254 }; 255 256 struct SupportedImportFormatsResponse : public SupportedResponse<keymaster_key_format_t> { 257 explicit SupportedImportFormatsResponse(int32_t ver = MAX_MESSAGE_VERSION) 258 : SupportedResponse<keymaster_key_format_t>(ver) {} 259 }; 260 261 struct SupportedExportFormatsResponse : public SupportedResponse<keymaster_key_format_t> { 262 explicit SupportedExportFormatsResponse(int32_t ver = MAX_MESSAGE_VERSION) 263 : SupportedResponse<keymaster_key_format_t>(ver) {} 264 }; 265 266 struct GenerateKeyRequest : public KeymasterMessage { 267 explicit GenerateKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {} 268 269 size_t SerializedSize() const override { return key_description.SerializedSize(); } 270 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 271 return key_description.Serialize(buf, end); 272 } 273 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 274 return key_description.Deserialize(buf_ptr, end); 275 } 276 277 AuthorizationSet key_description; 278 }; 279 280 struct GenerateKeyResponse : public KeymasterResponse { 281 explicit GenerateKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) { 282 key_blob.key_material = nullptr; 283 key_blob.key_material_size = 0; 284 } 285 ~GenerateKeyResponse(); 286 287 size_t NonErrorSerializedSize() const override; 288 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 289 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 290 291 keymaster_key_blob_t key_blob; 292 AuthorizationSet enforced; 293 AuthorizationSet unenforced; 294 }; 295 296 struct GetKeyCharacteristicsRequest : public KeymasterMessage { 297 explicit GetKeyCharacteristicsRequest(int32_t ver = MAX_MESSAGE_VERSION) 298 : KeymasterMessage(ver) { 299 key_blob.key_material = nullptr; 300 key_blob.key_material_size = 0; 301 } 302 ~GetKeyCharacteristicsRequest(); 303 304 void SetKeyMaterial(const void* key_material, size_t length); 305 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 306 SetKeyMaterial(blob.key_material, blob.key_material_size); 307 } 308 309 size_t SerializedSize() const override; 310 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 311 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 312 313 keymaster_key_blob_t key_blob; 314 AuthorizationSet additional_params; 315 }; 316 317 struct GetKeyCharacteristicsResponse : public KeymasterResponse { 318 explicit GetKeyCharacteristicsResponse(int32_t ver = MAX_MESSAGE_VERSION) 319 : KeymasterResponse(ver) {} 320 size_t NonErrorSerializedSize() const override; 321 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 322 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 323 324 AuthorizationSet enforced; 325 AuthorizationSet unenforced; 326 }; 327 328 struct BeginOperationRequest : public KeymasterMessage { 329 explicit BeginOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) { 330 key_blob.key_material = nullptr; 331 key_blob.key_material_size = 0; 332 } 333 ~BeginOperationRequest() { delete[] key_blob.key_material; } 334 335 void SetKeyMaterial(const void* key_material, size_t length); 336 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 337 SetKeyMaterial(blob.key_material, blob.key_material_size); 338 } 339 340 size_t SerializedSize() const override; 341 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 342 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 343 344 keymaster_purpose_t purpose; 345 keymaster_key_blob_t key_blob; 346 AuthorizationSet additional_params; 347 }; 348 349 struct BeginOperationResponse : public KeymasterResponse { 350 explicit BeginOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {} 351 352 size_t NonErrorSerializedSize() const override; 353 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 354 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 355 356 keymaster_operation_handle_t op_handle; 357 AuthorizationSet output_params; 358 }; 359 360 struct UpdateOperationRequest : public KeymasterMessage { 361 explicit UpdateOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {} 362 363 size_t SerializedSize() const override; 364 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 365 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 366 367 keymaster_operation_handle_t op_handle; 368 Buffer input; 369 AuthorizationSet additional_params; 370 }; 371 372 struct UpdateOperationResponse : public KeymasterResponse { 373 explicit UpdateOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) 374 : KeymasterResponse(ver), input_consumed(0) {} 375 376 size_t NonErrorSerializedSize() const override; 377 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 378 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 379 380 Buffer output; 381 size_t input_consumed; 382 AuthorizationSet output_params; 383 }; 384 385 struct FinishOperationRequest : public KeymasterMessage { 386 explicit FinishOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {} 387 388 size_t SerializedSize() const override; 389 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 390 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 391 392 keymaster_operation_handle_t op_handle; 393 Buffer input; 394 Buffer signature; 395 AuthorizationSet additional_params; 396 }; 397 398 struct FinishOperationResponse : public KeymasterResponse { 399 explicit FinishOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {} 400 401 size_t NonErrorSerializedSize() const override; 402 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 403 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 404 405 Buffer output; 406 AuthorizationSet output_params; 407 }; 408 409 struct AbortOperationRequest : public KeymasterMessage { 410 explicit AbortOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {} 411 412 size_t SerializedSize() const override { return sizeof(uint64_t); } 413 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 414 return append_uint64_to_buf(buf, end, op_handle); 415 } 416 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 417 return copy_uint64_from_buf(buf_ptr, end, &op_handle); 418 } 419 420 keymaster_operation_handle_t op_handle; 421 }; 422 423 struct AbortOperationResponse : public KeymasterResponse { 424 explicit AbortOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {} 425 426 size_t NonErrorSerializedSize() const override { return 0; } 427 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; } 428 bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; } 429 }; 430 431 struct AddEntropyRequest : public KeymasterMessage { 432 explicit AddEntropyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {} 433 434 size_t SerializedSize() const override; 435 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 436 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 437 438 Buffer random_data; 439 }; 440 441 struct AddEntropyResponse : public KeymasterResponse { 442 explicit AddEntropyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {} 443 444 size_t NonErrorSerializedSize() const override { return 0; } 445 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* /* end */) const override { 446 return buf; 447 } 448 bool NonErrorDeserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override { 449 return true; 450 } 451 }; 452 453 struct ImportKeyRequest : public KeymasterMessage { 454 explicit ImportKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) 455 : KeymasterMessage(ver), key_data(nullptr) {} 456 ~ImportKeyRequest() { delete[] key_data; } 457 458 void SetKeyMaterial(const void* key_material, size_t length); 459 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 460 SetKeyMaterial(blob.key_material, blob.key_material_size); 461 } 462 463 size_t SerializedSize() const override; 464 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 465 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 466 467 AuthorizationSet key_description; 468 keymaster_key_format_t key_format; 469 uint8_t* key_data; 470 size_t key_data_length; 471 }; 472 473 struct ImportKeyResponse : public KeymasterResponse { 474 explicit ImportKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) { 475 key_blob.key_material = nullptr; 476 key_blob.key_material_size = 0; 477 } 478 ~ImportKeyResponse() { delete[] key_blob.key_material; } 479 480 void SetKeyMaterial(const void* key_material, size_t length); 481 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 482 SetKeyMaterial(blob.key_material, blob.key_material_size); 483 } 484 485 size_t NonErrorSerializedSize() const override; 486 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 487 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 488 489 keymaster_key_blob_t key_blob; 490 AuthorizationSet enforced; 491 AuthorizationSet unenforced; 492 }; 493 494 struct ExportKeyRequest : public KeymasterMessage { 495 explicit ExportKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) { 496 key_blob.key_material = nullptr; 497 key_blob.key_material_size = 0; 498 } 499 ~ExportKeyRequest() { delete[] key_blob.key_material; } 500 501 void SetKeyMaterial(const void* key_material, size_t length); 502 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 503 SetKeyMaterial(blob.key_material, blob.key_material_size); 504 } 505 506 size_t SerializedSize() const override; 507 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 508 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 509 510 AuthorizationSet additional_params; 511 keymaster_key_format_t key_format; 512 keymaster_key_blob_t key_blob; 513 }; 514 515 struct ExportKeyResponse : public KeymasterResponse { 516 explicit ExportKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) 517 : KeymasterResponse(ver), key_data(nullptr) {} 518 ~ExportKeyResponse() { delete[] key_data; } 519 520 void SetKeyMaterial(const void* key_material, size_t length); 521 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 522 SetKeyMaterial(blob.key_material, blob.key_material_size); 523 } 524 525 size_t NonErrorSerializedSize() const override; 526 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 527 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 528 529 uint8_t* key_data; 530 size_t key_data_length; 531 }; 532 533 struct DeleteKeyRequest : public KeymasterMessage { 534 explicit DeleteKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) { 535 key_blob.key_material = nullptr; 536 key_blob.key_material_size = 0; 537 } 538 ~DeleteKeyRequest() { delete[] key_blob.key_material; } 539 540 void SetKeyMaterial(const void* key_material, size_t length); 541 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 542 SetKeyMaterial(blob.key_material, blob.key_material_size); 543 } 544 545 size_t SerializedSize() const override; 546 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 547 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 548 549 keymaster_key_blob_t key_blob; 550 }; 551 552 struct DeleteKeyResponse : public KeymasterResponse { 553 explicit DeleteKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {} 554 555 size_t NonErrorSerializedSize() const override { return 0; } 556 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; } 557 bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; } 558 }; 559 560 struct DeleteAllKeysRequest : public KeymasterMessage { 561 explicit DeleteAllKeysRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {} 562 563 size_t SerializedSize() const override { return 0; } 564 uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; } 565 bool Deserialize(const uint8_t**, const uint8_t*) override { return true; }; 566 }; 567 568 struct DeleteAllKeysResponse : public KeymasterResponse { 569 explicit DeleteAllKeysResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {} 570 571 size_t NonErrorSerializedSize() const override { return 0; } 572 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; } 573 bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; } 574 }; 575 576 struct GetVersionRequest : public KeymasterMessage { 577 GetVersionRequest() : KeymasterMessage(0 /* not versionable */) {} 578 579 size_t SerializedSize() const override { return 0; } 580 uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; } 581 bool Deserialize(const uint8_t**, const uint8_t*) override { return true; }; 582 }; 583 584 struct GetVersionResponse : public KeymasterResponse { 585 GetVersionResponse() 586 : KeymasterResponse(0 /* not versionable */), major_ver(0), minor_ver(0), subminor_ver(0) {} 587 588 size_t NonErrorSerializedSize() const override; 589 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 590 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 591 592 uint8_t major_ver; 593 uint8_t minor_ver; 594 uint8_t subminor_ver; 595 }; 596 597 struct AttestKeyRequest : public KeymasterMessage { 598 explicit AttestKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) { 599 key_blob.key_material = nullptr; 600 key_blob.key_material_size = 0; 601 } 602 ~AttestKeyRequest(); 603 604 void SetKeyMaterial(const void* key_material, size_t length); 605 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 606 SetKeyMaterial(blob.key_material, blob.key_material_size); 607 } 608 609 size_t SerializedSize() const override; 610 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 611 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 612 613 keymaster_key_blob_t key_blob; 614 AuthorizationSet attest_params; 615 }; 616 617 struct AttestKeyResponse : public KeymasterResponse { 618 explicit AttestKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) { 619 certificate_chain.entry_count = 0; 620 certificate_chain.entries = nullptr; 621 } 622 ~AttestKeyResponse(); 623 624 bool AllocateChain(size_t entry_count); 625 626 size_t NonErrorSerializedSize() const override; 627 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 628 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 629 630 keymaster_cert_chain_t certificate_chain; 631 }; 632 633 struct UpgradeKeyRequest : public KeymasterMessage { 634 explicit UpgradeKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) { 635 key_blob = {nullptr, 0}; 636 } 637 ~UpgradeKeyRequest(); 638 639 void SetKeyMaterial(const void* key_material, size_t length); 640 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 641 SetKeyMaterial(blob.key_material, blob.key_material_size); 642 } 643 644 size_t SerializedSize() const override; 645 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 646 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 647 648 keymaster_key_blob_t key_blob; 649 AuthorizationSet upgrade_params; 650 }; 651 652 struct UpgradeKeyResponse : public KeymasterResponse { 653 explicit UpgradeKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) { 654 upgraded_key = {nullptr, 0}; 655 } 656 ~UpgradeKeyResponse(); 657 658 size_t NonErrorSerializedSize() const override; 659 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 660 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 661 662 keymaster_key_blob_t upgraded_key; 663 }; 664 665 struct ConfigureRequest : public KeymasterMessage { 666 explicit ConfigureRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {} 667 668 size_t SerializedSize() const override { return sizeof(os_version) + sizeof(os_patchlevel); } 669 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 670 buf = append_uint32_to_buf(buf, end, os_version); 671 return append_uint32_to_buf(buf, end, os_patchlevel); 672 } 673 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 674 return copy_uint32_from_buf(buf_ptr, end, &os_version) && 675 copy_uint32_from_buf(buf_ptr, end, &os_patchlevel); 676 } 677 678 uint32_t os_version; 679 uint32_t os_patchlevel; 680 }; 681 682 struct ConfigureResponse : public KeymasterResponse { 683 explicit ConfigureResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {} 684 685 size_t NonErrorSerializedSize() const override { return 0; } 686 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; } 687 bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; } 688 }; 689 690 struct HmacSharingParameters : public Serializable { 691 HmacSharingParameters() : seed({}) { memset(nonce, 0, sizeof(nonce)); } 692 HmacSharingParameters(HmacSharingParameters&& other) { 693 seed = move(other.seed); 694 memcpy(nonce, other.nonce, sizeof(nonce)); 695 } 696 697 void SetSeed(KeymasterBlob&& value) { seed = move(value); } 698 699 size_t SerializedSize() const override; 700 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 701 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 702 703 KeymasterBlob seed{}; 704 uint8_t nonce[32]; 705 }; 706 707 struct HmacSharingParametersArray : public Serializable { 708 HmacSharingParametersArray() : params_array(nullptr), num_params(0) {} 709 HmacSharingParametersArray(HmacSharingParametersArray&& other) { 710 delete[] params_array; 711 params_array = other.params_array; 712 num_params = other.num_params; 713 other.params_array = nullptr; 714 other.num_params = 0; 715 } 716 ~HmacSharingParametersArray() override { delete[] params_array; } 717 718 size_t SerializedSize() const override; 719 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 720 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 721 722 HmacSharingParameters* params_array; 723 size_t num_params; 724 }; 725 726 struct GetHmacSharingParametersResponse : public KeymasterResponse { 727 explicit GetHmacSharingParametersResponse(int32_t ver = MAX_MESSAGE_VERSION) 728 : KeymasterResponse(ver) {} 729 GetHmacSharingParametersResponse(GetHmacSharingParametersResponse&& other) 730 : KeymasterResponse(other.message_version), params(move(other.params)) {} 731 732 void SetSeed(KeymasterBlob&& seed_data) { params.SetSeed(move(seed_data)); } 733 734 size_t NonErrorSerializedSize() const override { return params.SerializedSize(); } 735 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override { 736 return params.Serialize(buf, end); 737 } 738 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 739 return params.Deserialize(buf_ptr, end); 740 } 741 742 HmacSharingParameters params; 743 }; 744 745 struct ComputeSharedHmacRequest : public KeymasterMessage { 746 explicit ComputeSharedHmacRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {} 747 748 size_t SerializedSize() const override { return params_array.SerializedSize(); } 749 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 750 return params_array.Serialize(buf, end); 751 } 752 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 753 return params_array.Deserialize(buf_ptr, end); 754 } 755 756 HmacSharingParametersArray params_array; 757 }; 758 759 struct ComputeSharedHmacResponse : public KeymasterResponse { 760 explicit ComputeSharedHmacResponse(int32_t ver = MAX_MESSAGE_VERSION) 761 : KeymasterResponse(ver) {} 762 ComputeSharedHmacResponse(ComputeSharedHmacResponse&& other) : KeymasterResponse(move(other)) { 763 sharing_check = move(other.sharing_check); 764 } 765 766 size_t NonErrorSerializedSize() const override; 767 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 768 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 769 770 KeymasterBlob sharing_check; 771 }; 772 773 struct ImportWrappedKeyRequest : public KeymasterMessage { 774 explicit ImportWrappedKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {} 775 776 void SetWrappedMaterial(const void* key_material, size_t length); 777 void SetWrappingMaterial(const void* key_material, size_t length); 778 void SetMaskingKeyMaterial(const void* key_material, size_t length); 779 780 void SetKeyMaterial(const keymaster_key_blob_t& wrapped, const keymaster_key_blob_t& wrapping) { 781 SetWrappedMaterial(wrapped.key_material, wrapped.key_material_size); 782 SetWrappingMaterial(wrapping.key_material, wrapping.key_material_size); 783 } 784 785 size_t SerializedSize() const override; 786 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 787 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 788 789 KeymasterKeyBlob wrapped_key; 790 KeymasterKeyBlob wrapping_key; 791 KeymasterKeyBlob masking_key; 792 AuthorizationSet additional_params; 793 uint64_t password_sid; 794 uint64_t biometric_sid; 795 }; 796 797 struct ImportWrappedKeyResponse : public KeymasterResponse { 798 explicit ImportWrappedKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {} 799 800 void SetKeyMaterial(const void* key_material, size_t length); 801 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 802 SetKeyMaterial(blob.key_material, blob.key_material_size); 803 } 804 805 size_t NonErrorSerializedSize() const override; 806 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 807 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 808 809 KeymasterKeyBlob key_blob; 810 AuthorizationSet enforced; 811 AuthorizationSet unenforced; 812 }; 813 814 struct HardwareAuthToken : public Serializable { 815 HardwareAuthToken() = default; 816 HardwareAuthToken(HardwareAuthToken&& other) { 817 challenge = other.challenge; 818 user_id = other.user_id; 819 authenticator_id = other.authenticator_id; 820 authenticator_type = other.authenticator_type; 821 timestamp = other.timestamp; 822 mac = move(other.mac); 823 } 824 825 size_t SerializedSize() const override; 826 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 827 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 828 829 uint64_t challenge{}; 830 uint64_t user_id{}; 831 uint64_t authenticator_id{}; 832 hw_authenticator_type_t authenticator_type{}; 833 uint64_t timestamp{}; 834 KeymasterBlob mac; 835 }; 836 837 struct VerificationToken : public Serializable { 838 VerificationToken() = default; 839 VerificationToken(VerificationToken&& other) { 840 challenge = other.challenge; 841 timestamp = other.timestamp; 842 parameters_verified = move(other.parameters_verified); 843 security_level = other.security_level; 844 mac = move(other.mac); 845 } 846 847 size_t SerializedSize() const override; 848 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 849 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 850 851 uint64_t challenge{}; 852 uint64_t timestamp{}; 853 AuthorizationSet parameters_verified{}; 854 keymaster_security_level_t security_level{}; 855 KeymasterBlob mac{}; 856 }; 857 858 struct VerifyAuthorizationRequest : public KeymasterMessage { 859 explicit VerifyAuthorizationRequest(int32_t ver = MAX_MESSAGE_VERSION) 860 : KeymasterMessage(ver) {} 861 VerifyAuthorizationRequest(VerifyAuthorizationRequest&& other) = default; 862 863 size_t SerializedSize() const override { 864 return sizeof(challenge) + parameters_to_verify.SerializedSize() + 865 auth_token.SerializedSize(); 866 } 867 868 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 869 buf = append_uint64_to_buf(buf, end, challenge); 870 buf = parameters_to_verify.Serialize(buf, end); 871 return auth_token.Serialize(buf, end); 872 } 873 874 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 875 return (copy_uint64_from_buf(buf_ptr, end, &challenge) && 876 parameters_to_verify.Deserialize(buf_ptr, end) && 877 auth_token.Deserialize(buf_ptr, end)); 878 } 879 880 uint64_t challenge{}; 881 AuthorizationSet parameters_to_verify; 882 HardwareAuthToken auth_token; 883 }; 884 885 struct VerifyAuthorizationResponse : public KeymasterResponse { 886 explicit VerifyAuthorizationResponse(int32_t ver = MAX_MESSAGE_VERSION) 887 : KeymasterResponse(ver) {} 888 VerifyAuthorizationResponse(VerifyAuthorizationResponse&& other) = default; 889 890 size_t NonErrorSerializedSize() const override { 891 return sizeof(error) + token.SerializedSize(); 892 } 893 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override { 894 buf = append_uint32_to_buf(buf, end, error); 895 return token.Serialize(buf, end); 896 } 897 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 898 return copy_uint32_from_buf(buf_ptr, end, &error) && token.Deserialize(buf_ptr, end); 899 } 900 901 keymaster_error_t error{KM_ERROR_UNKNOWN_ERROR}; 902 VerificationToken token; 903 }; 904 905 } // namespace keymaster 906 907 #endif // SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_ 908