1 /*
2 * Copyright 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18 #include <gatekeeper/gatekeeper_messages.h>
19
20 #include <string.h>
21
22 namespace gatekeeper {
23
24 /**
25 * Methods for serializing/deserializing SizedBuffers
26 */
27
28 struct __attribute__((__packed__)) serial_header_t {
29 uint32_t error;
30 uint32_t user_id;
31 };
32
serialized_buffer_size(const SizedBuffer & buf)33 static inline uint32_t serialized_buffer_size(const SizedBuffer &buf) {
34 return sizeof(buf.length) + buf.length;
35 }
36
append_to_buffer(uint8_t ** buffer,const SizedBuffer * to_append)37 static inline void append_to_buffer(uint8_t **buffer, const SizedBuffer *to_append) {
38 memcpy(*buffer, &to_append->length, sizeof(to_append->length));
39 *buffer += sizeof(to_append->length);
40 if (to_append->length != 0) {
41 memcpy(*buffer, to_append->buffer.get(), to_append->length);
42 *buffer += to_append->length;
43 }
44 }
45
read_from_buffer(const uint8_t ** buffer,const uint8_t * end,SizedBuffer * target)46 static inline gatekeeper_error_t read_from_buffer(const uint8_t **buffer, const uint8_t *end,
47 SizedBuffer *target) {
48 if (*buffer + sizeof(target->length) > end) return ERROR_INVALID;
49
50 memcpy(&target->length, *buffer, sizeof(target->length));
51 *buffer += sizeof(target->length);
52 if (target->length != 0) {
53 const size_t buffer_size = end - *buffer;
54 if (buffer_size < target->length) return ERROR_INVALID;
55
56 target->buffer.reset(new uint8_t[target->length]);
57 memcpy(target->buffer.get(), *buffer, target->length);
58 *buffer += target->length;
59 }
60 return ERROR_NONE;
61 }
62
63
GetSerializedSize() const64 uint32_t GateKeeperMessage::GetSerializedSize() const {
65 if (error == ERROR_NONE) {
66 uint32_t size = sizeof(serial_header_t) + nonErrorSerializedSize();
67 return size;
68 } else {
69 uint32_t size = sizeof(serial_header_t);
70 if (error == ERROR_RETRY) {
71 size += sizeof(retry_timeout);
72 }
73 return size;
74 }
75 }
76
Serialize(uint8_t * buffer,const uint8_t * end) const77 uint32_t GateKeeperMessage::Serialize(uint8_t *buffer, const uint8_t *end) const {
78 uint32_t bytes_written = 0;
79 if (buffer + GetSerializedSize() > end) {
80 return 0;
81 }
82
83 serial_header_t *header = reinterpret_cast<serial_header_t *>(buffer);
84 if (error != ERROR_NONE) {
85 if (buffer + sizeof(serial_header_t) > end) return 0;
86 header->error = error;
87 header->user_id = user_id;
88 bytes_written += sizeof(*header);
89 if (error == ERROR_RETRY) {
90 memcpy(buffer + sizeof(serial_header_t), &retry_timeout, sizeof(retry_timeout));
91 bytes_written += sizeof(retry_timeout);
92 }
93 } else {
94 if (buffer + sizeof(serial_header_t) + nonErrorSerializedSize() > end)
95 return 0;
96 header->error = error;
97 header->user_id = user_id;
98 nonErrorSerialize(buffer + sizeof(*header));
99 bytes_written += sizeof(*header) + nonErrorSerializedSize();
100 }
101
102 return bytes_written;
103 }
104
Deserialize(const uint8_t * payload,const uint8_t * end)105 gatekeeper_error_t GateKeeperMessage::Deserialize(const uint8_t *payload, const uint8_t *end) {
106 if (payload + sizeof(serial_header_t) > end) return ERROR_INVALID;
107 const serial_header_t *header = reinterpret_cast<const serial_header_t *>(payload);
108 payload += sizeof(serial_header_t);
109 user_id = header->user_id;
110 if (header->error == ERROR_NONE) {
111 error = nonErrorDeserialize(payload, end);
112 } else {
113 error = static_cast<gatekeeper_error_t>(header->error);
114 if (error == ERROR_RETRY) {
115 if (payload < end) {
116 if (payload + sizeof(retry_timeout) <= end) {
117 memcpy(&retry_timeout, payload, sizeof(retry_timeout));
118 } else {
119 error = ERROR_INVALID;
120 }
121 } else {
122 retry_timeout = 0;
123 }
124 }
125 }
126
127 return error;
128 }
129
SetRetryTimeout(uint32_t retry_timeout)130 void GateKeeperMessage::SetRetryTimeout(uint32_t retry_timeout) {
131 this->retry_timeout = retry_timeout;
132 this->error = ERROR_RETRY;
133 }
134
VerifyRequest(uint32_t user_id,uint64_t challenge,SizedBuffer * enrolled_password_handle,SizedBuffer * provided_password_payload)135 VerifyRequest::VerifyRequest(uint32_t user_id, uint64_t challenge,
136 SizedBuffer *enrolled_password_handle, SizedBuffer *provided_password_payload) {
137 this->user_id = user_id;
138 this->challenge = challenge;
139 this->password_handle.buffer.reset(enrolled_password_handle->buffer.release());
140 this->password_handle.length = enrolled_password_handle->length;
141 this->provided_password.buffer.reset(provided_password_payload->buffer.release());
142 this->provided_password.length = provided_password_payload->length;
143 }
144
VerifyRequest()145 VerifyRequest::VerifyRequest() {
146 memset_s(&password_handle, 0, sizeof(password_handle));
147 memset_s(&provided_password, 0, sizeof(provided_password));
148 }
149
~VerifyRequest()150 VerifyRequest::~VerifyRequest() {
151 if (password_handle.buffer.get()) {
152 password_handle.buffer.reset();
153 }
154
155 if (provided_password.buffer.get()) {
156 memset_s(provided_password.buffer.get(), 0, provided_password.length);
157 provided_password.buffer.reset();
158 }
159 }
160
nonErrorSerializedSize() const161 uint32_t VerifyRequest::nonErrorSerializedSize() const {
162 return sizeof(challenge) + serialized_buffer_size(password_handle)
163 + serialized_buffer_size(provided_password);
164 }
165
nonErrorSerialize(uint8_t * buffer) const166 void VerifyRequest::nonErrorSerialize(uint8_t *buffer) const {
167 memcpy(buffer, &challenge, sizeof(challenge));
168 buffer += sizeof(challenge);
169 append_to_buffer(&buffer, &password_handle);
170 append_to_buffer(&buffer, &provided_password);
171 }
172
nonErrorDeserialize(const uint8_t * payload,const uint8_t * end)173 gatekeeper_error_t VerifyRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
174 gatekeeper_error_t error = ERROR_NONE;
175
176 if (password_handle.buffer.get()) {
177 password_handle.buffer.reset();
178 }
179
180 if (provided_password.buffer.get()) {
181 memset_s(provided_password.buffer.get(), 0, provided_password.length);
182 provided_password.buffer.reset();
183 }
184
185 if (payload + sizeof(challenge) > end) {
186 return ERROR_INVALID;
187 }
188 memcpy(&challenge, payload, sizeof(challenge));
189 payload += sizeof(challenge);
190
191 error = read_from_buffer(&payload, end, &password_handle);
192 if (error != ERROR_NONE) return error;
193
194 return read_from_buffer(&payload, end, &provided_password);
195
196 }
197
VerifyResponse(uint32_t user_id,SizedBuffer * auth_token)198 VerifyResponse::VerifyResponse(uint32_t user_id, SizedBuffer *auth_token) {
199 this->user_id = user_id;
200 this->auth_token.buffer.reset(auth_token->buffer.release());
201 this->auth_token.length = auth_token->length;
202 this->request_reenroll = false;
203 }
204
VerifyResponse()205 VerifyResponse::VerifyResponse() {
206 request_reenroll = false;
207 memset_s(&auth_token, 0, sizeof(auth_token));
208 };
209
~VerifyResponse()210 VerifyResponse::~VerifyResponse() {
211 if (auth_token.length > 0) {
212 auth_token.buffer.reset();
213 }
214 }
215
SetVerificationToken(SizedBuffer * auth_token)216 void VerifyResponse::SetVerificationToken(SizedBuffer *auth_token) {
217 this->auth_token.buffer.reset(auth_token->buffer.release());
218 this->auth_token.length = auth_token->length;
219 }
220
nonErrorSerializedSize() const221 uint32_t VerifyResponse::nonErrorSerializedSize() const {
222 return serialized_buffer_size(auth_token) + sizeof(request_reenroll);
223 }
224
nonErrorSerialize(uint8_t * buffer) const225 void VerifyResponse::nonErrorSerialize(uint8_t *buffer) const {
226 append_to_buffer(&buffer, &auth_token);
227 memcpy(buffer, &request_reenroll, sizeof(request_reenroll));
228 }
229
nonErrorDeserialize(const uint8_t * payload,const uint8_t * end)230 gatekeeper_error_t VerifyResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
231 if (auth_token.buffer.get()) {
232 auth_token.buffer.reset();
233 }
234
235 gatekeeper_error_t err = read_from_buffer(&payload, end, &auth_token);
236 if (err != ERROR_NONE) {
237 return err;
238 }
239
240 if (payload + sizeof(request_reenroll) > end) {
241 return ERROR_INVALID;
242 }
243
244 memcpy(&request_reenroll, payload, sizeof(request_reenroll));
245 return ERROR_NONE;
246 }
247
EnrollRequest(uint32_t user_id,SizedBuffer * password_handle,SizedBuffer * provided_password,SizedBuffer * enrolled_password)248 EnrollRequest::EnrollRequest(uint32_t user_id, SizedBuffer *password_handle,
249 SizedBuffer *provided_password, SizedBuffer *enrolled_password) {
250 this->user_id = user_id;
251 this->provided_password.buffer.reset(provided_password->buffer.release());
252 this->provided_password.length = provided_password->length;
253
254 if (enrolled_password == NULL) {
255 this->enrolled_password.buffer.reset();
256 this->enrolled_password.length = 0;
257 } else {
258 this->enrolled_password.buffer.reset(enrolled_password->buffer.release());
259 this->enrolled_password.length = enrolled_password->length;
260 }
261
262 if (password_handle == NULL) {
263 this->password_handle.buffer.reset();
264 this->password_handle.length = 0;
265 } else {
266 this->password_handle.buffer.reset(password_handle->buffer.release());
267 this->password_handle.length = password_handle->length;
268 }
269 }
270
EnrollRequest()271 EnrollRequest::EnrollRequest() {
272 memset_s(&provided_password, 0, sizeof(provided_password));
273 memset_s(&enrolled_password, 0, sizeof(enrolled_password));
274 memset_s(&password_handle, 0, sizeof(password_handle));
275 }
276
~EnrollRequest()277 EnrollRequest::~EnrollRequest() {
278 if (provided_password.buffer.get()) {
279 memset_s(provided_password.buffer.get(), 0, provided_password.length);
280 provided_password.buffer.reset();
281 }
282
283 if (enrolled_password.buffer.get()) {
284 memset_s(enrolled_password.buffer.get(), 0, enrolled_password.length);
285 enrolled_password.buffer.reset();
286 }
287
288 if (password_handle.buffer.get()) {
289 memset_s(password_handle.buffer.get(), 0, password_handle.length);
290 password_handle.buffer.reset();
291 }
292 }
293
nonErrorSerializedSize() const294 uint32_t EnrollRequest::nonErrorSerializedSize() const {
295 return serialized_buffer_size(provided_password) + serialized_buffer_size(enrolled_password)
296 + serialized_buffer_size(password_handle);
297 }
298
nonErrorSerialize(uint8_t * buffer) const299 void EnrollRequest::nonErrorSerialize(uint8_t *buffer) const {
300 append_to_buffer(&buffer, &provided_password);
301 append_to_buffer(&buffer, &enrolled_password);
302 append_to_buffer(&buffer, &password_handle);
303 }
304
nonErrorDeserialize(const uint8_t * payload,const uint8_t * end)305 gatekeeper_error_t EnrollRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
306 gatekeeper_error_t ret;
307 if (provided_password.buffer.get()) {
308 memset_s(provided_password.buffer.get(), 0, provided_password.length);
309 provided_password.buffer.reset();
310 }
311
312 if (enrolled_password.buffer.get()) {
313 memset_s(enrolled_password.buffer.get(), 0, enrolled_password.length);
314 enrolled_password.buffer.reset();
315 }
316
317 if (password_handle.buffer.get()) {
318 memset_s(password_handle.buffer.get(), 0, password_handle.length);
319 password_handle.buffer.reset();
320 }
321
322 ret = read_from_buffer(&payload, end, &provided_password);
323 if (ret != ERROR_NONE) {
324 return ret;
325 }
326
327 ret = read_from_buffer(&payload, end, &enrolled_password);
328 if (ret != ERROR_NONE) {
329 return ret;
330 }
331
332 return read_from_buffer(&payload, end, &password_handle);
333 }
334
EnrollResponse(uint32_t user_id,SizedBuffer * enrolled_password_handle)335 EnrollResponse::EnrollResponse(uint32_t user_id, SizedBuffer *enrolled_password_handle) {
336 this->user_id = user_id;
337 this->enrolled_password_handle.buffer.reset(enrolled_password_handle->buffer.release());
338 this->enrolled_password_handle.length = enrolled_password_handle->length;
339 }
340
EnrollResponse()341 EnrollResponse::EnrollResponse() {
342 memset_s(&enrolled_password_handle, 0, sizeof(enrolled_password_handle));
343 }
344
~EnrollResponse()345 EnrollResponse::~EnrollResponse() {
346 if (enrolled_password_handle.buffer.get()) {
347 enrolled_password_handle.buffer.reset();
348 }
349 }
350
SetEnrolledPasswordHandle(SizedBuffer * enrolled_password_handle)351 void EnrollResponse::SetEnrolledPasswordHandle(SizedBuffer *enrolled_password_handle) {
352 this->enrolled_password_handle.buffer.reset(enrolled_password_handle->buffer.release());
353 this->enrolled_password_handle.length = enrolled_password_handle->length;
354 }
355
nonErrorSerializedSize() const356 uint32_t EnrollResponse::nonErrorSerializedSize() const {
357 return serialized_buffer_size(enrolled_password_handle);
358 }
359
nonErrorSerialize(uint8_t * buffer) const360 void EnrollResponse::nonErrorSerialize(uint8_t *buffer) const {
361 append_to_buffer(&buffer, &enrolled_password_handle);
362 }
363
nonErrorDeserialize(const uint8_t * payload,const uint8_t * end)364 gatekeeper_error_t EnrollResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
365 if (enrolled_password_handle.buffer.get()) {
366 enrolled_password_handle.buffer.reset();
367 }
368
369 return read_from_buffer(&payload, end, &enrolled_password_handle);
370 }
371
372 };
373
374