1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <assert.h> 20 #include <stdint.h> 21 #include <stdlib.h> 22 #include <string.h> 23 24 #include <keymaster/android_keymaster_utils.h> 25 #include <keymaster/authorization_set.h> 26 #include <keymaster/km_version.h> 27 28 namespace keymaster { 29 30 // Commands 31 enum AndroidKeymasterCommand : uint32_t { 32 GENERATE_KEY = 0, 33 BEGIN_OPERATION = 1, 34 UPDATE_OPERATION = 2, 35 FINISH_OPERATION = 3, 36 ABORT_OPERATION = 4, 37 IMPORT_KEY = 5, 38 EXPORT_KEY = 6, 39 GET_VERSION = 7, 40 ADD_RNG_ENTROPY = 8, 41 GET_SUPPORTED_ALGORITHMS = 9, 42 GET_SUPPORTED_BLOCK_MODES = 10, 43 GET_SUPPORTED_PADDING_MODES = 11, 44 GET_SUPPORTED_DIGESTS = 12, 45 GET_SUPPORTED_IMPORT_FORMATS = 13, 46 GET_SUPPORTED_EXPORT_FORMATS = 14, 47 GET_KEY_CHARACTERISTICS = 15, 48 ATTEST_KEY = 16, 49 UPGRADE_KEY = 17, 50 CONFIGURE = 18, 51 GET_HMAC_SHARING_PARAMETERS = 19, 52 COMPUTE_SHARED_HMAC = 20, 53 VERIFY_AUTHORIZATION = 21, 54 DELETE_KEY = 22, 55 DELETE_ALL_KEYS = 23, 56 DESTROY_ATTESTATION_IDS = 24, 57 IMPORT_WRAPPED_KEY = 25, 58 EARLY_BOOT_ENDED = 26, 59 DEVICE_LOCKED = 27, 60 GET_VERSION_2 = 28, 61 GENERATE_RKP_KEY = 29, 62 GENERATE_CSR = 30, 63 GENERATE_TIMESTAMP_TOKEN = 31, 64 CONFIGURE_VENDOR_PATCHLEVEL = 32, 65 CONFIGURE_BOOT_PATCHLEVEL = 33, 66 }; 67 68 /** 69 * Keymaster message versions are tied to keymaster versions. We map the keymaster version to a 70 * sequential "message version". The actual message formatting differences are implemented in the 71 * message classes. Note that it is not necessary to increase the message version when new messages 72 * are added, only when the serialized format of one or more messages changes. A message version 73 * argument is provided to the message constructor and when the serialization/deserialization 74 * methods are called the implementations of those methods should examine the message version and 75 * generate/parse the byte stream accordingly. 76 * 77 * The original design of message versioning uses the GetVersion message, sent from client (e.g. HAL 78 * service) to server (e.g. trusted app), and then relies on the client to identify what messages to 79 * send. This architecture assumes that the client is never older than the server. This assumption 80 * turned out not to be true in general. 81 * 82 * The current approach performs a mutual exchange of message version info between client and 83 * server, using the GetVersion2 message. In addition, it defers the specification of the message 84 * ID to the message classes, so a message class can use a different ID when necessary. ID changes 85 * should be rare, in fact the only time they should be required is during the switch from 86 * GetVersion to GetVersion2. 87 * 88 * Assuming both client and server support GetVersion2, the approach is as follows: 89 * 90 * 1. Client sends GetVersion2Request, containing its maximum message version, c_max. 91 * 2. Server replies with GetVersion2Response, containing its maximum message version, s_max. 92 * 3. Both sides proceed to create all messages with version min(c_max, s_max). 93 * 94 * To enable this, the client must always send GetVersion2 as its first message. If the server 95 * doesn't support GetVersion2, it will reply with an error of some sort (the details are likely 96 * environment-specific). If the client gets this error, it must respond by sending GetVersion, and 97 * then must configure its message version according to the response. Note that an acceptable 98 * response to a too-old server version is to return an error to the caller of the client, informing 99 * it of the problem. 100 * 101 * On the server side, a server that supports GetVersion2 must also support GetVersion. If it 102 * received GetVersion2 it should proceed as outline above, and expect that the client will not send 103 * GetVersion. If it received GetVersion, it must assume that the client does not support 104 * GetVersion2 and reply that it is version 2.0.0 and use the corresponding message version (3). 105 */ 106 constexpr int32_t kInvalidMessageVersion = -1; 107 constexpr int32_t kMaxMessageVersion = 4; 108 constexpr int32_t kDefaultMessageVersion = 3; 109 110 /** 111 * MessageVersion returns the message version for a specified KM version and, possibly, KM release 112 * date in YYYYMMDD format (it's not recommended to change message formats within a KM version, but 113 * it could happen). 114 */ 115 inline constexpr int32_t MessageVersion(KmVersion version, uint32_t /* km_date */ = 0) { 116 switch (version) { 117 case KmVersion::KEYMASTER_1: 118 return 1; 119 case KmVersion::KEYMASTER_1_1: 120 return 2; 121 case KmVersion::KEYMASTER_2: 122 case KmVersion::KEYMASTER_3: 123 case KmVersion::KEYMASTER_4: 124 case KmVersion::KEYMASTER_4_1: 125 return 3; 126 case KmVersion::KEYMINT_1: 127 return 4; 128 } 129 return kInvalidMessageVersion; 130 } 131 132 /** 133 * NegotiateMessageVersion implements the client side of the GetVersion protocol, determining the 134 * appropriate message version from the values returned by the server. 135 */ 136 struct GetVersionResponse; 137 int32_t NegotiateMessageVersion(const GetVersionResponse& response, keymaster_error_t* error); 138 139 /** 140 * This MessageVersion overload determines the message version to use given the provided client and 141 * server messages. If the client gets an error when it sends GetVersion2Request, it should send 142 * GetVersionRequest and use the above overload. If the server receives GetVersionRequest, it 143 * should assume it should use message version 3 and return GetVersionResponse(2, 0, 0). 144 */ 145 struct GetVersion2Request; 146 struct GetVersion2Response; 147 int32_t NegotiateMessageVersion(const GetVersion2Request& request, 148 const GetVersion2Response& response); 149 150 struct KeymasterMessage : public Serializable { KeymasterMessageKeymasterMessage151 explicit KeymasterMessage(int32_t ver) : message_version(ver) { assert(ver >= 0); } 152 153 // The message version that should be used for this message. This indicates how the data is 154 // serialized/deserialized. Commonly, higher message versions serialize/deserialize additional 155 // arguments, though there is no specific rule limiting later version to adding parameters. 156 const int32_t message_version; 157 }; 158 159 /** 160 * All responses include an error value, and if the error is not KM_ERROR_OK, return no additional 161 * data. 162 */ 163 struct KeymasterResponse : public KeymasterMessage { KeymasterResponseKeymasterResponse164 explicit KeymasterResponse(int32_t ver) 165 : KeymasterMessage(ver), error(KM_ERROR_UNKNOWN_ERROR) {} 166 167 size_t SerializedSize() const override; 168 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 169 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 170 171 virtual size_t NonErrorSerializedSize() const = 0; 172 virtual uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const = 0; 173 virtual bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) = 0; 174 175 keymaster_error_t error; 176 }; 177 178 // Abstract base for empty requests. 179 struct EmptyKeymasterRequest : public KeymasterMessage { EmptyKeymasterRequestEmptyKeymasterRequest180 explicit EmptyKeymasterRequest(int32_t ver) : KeymasterMessage(ver) {} 181 SerializedSizeEmptyKeymasterRequest182 size_t SerializedSize() const override { return 0; } SerializeEmptyKeymasterRequest183 uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; } DeserializeEmptyKeymasterRequest184 bool Deserialize(const uint8_t**, const uint8_t*) override { return true; }; 185 }; 186 187 // Empty response. 188 struct EmptyKeymasterResponse : public KeymasterResponse { EmptyKeymasterResponseEmptyKeymasterResponse189 explicit EmptyKeymasterResponse(int32_t ver) : KeymasterResponse(ver) {} 190 NonErrorSerializedSizeEmptyKeymasterResponse191 size_t NonErrorSerializedSize() const override { return 0; } NonErrorSerializeEmptyKeymasterResponse192 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; } NonErrorDeserializeEmptyKeymasterResponse193 bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; } 194 }; 195 196 // TODO(swillden): Remove when Keymaster1 is deleted 197 struct SupportedAlgorithmsRequest : public KeymasterMessage { SupportedAlgorithmsRequestSupportedAlgorithmsRequest198 explicit SupportedAlgorithmsRequest(int32_t ver) : KeymasterMessage(ver) {} 199 SerializedSizeSupportedAlgorithmsRequest200 size_t SerializedSize() const override { return 0; }; SerializeSupportedAlgorithmsRequest201 uint8_t* Serialize(uint8_t* buf, const uint8_t* /* end */) const override { return buf; } DeserializeSupportedAlgorithmsRequest202 bool Deserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override { 203 return true; 204 } 205 }; 206 207 // TODO(swillden): Remove when Keymaster1 is deleted 208 struct SupportedByAlgorithmRequest : public KeymasterMessage { SupportedByAlgorithmRequestSupportedByAlgorithmRequest209 explicit SupportedByAlgorithmRequest(int32_t ver) : KeymasterMessage(ver) {} 210 SerializedSizeSupportedByAlgorithmRequest211 size_t SerializedSize() const override { return sizeof(uint32_t); }; SerializeSupportedByAlgorithmRequest212 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 213 return append_uint32_to_buf(buf, end, algorithm); 214 } DeserializeSupportedByAlgorithmRequest215 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 216 return copy_uint32_from_buf(buf_ptr, end, &algorithm); 217 } 218 219 keymaster_algorithm_t algorithm; 220 }; 221 222 // TODO(swillden): Remove when Keymaster1 is deleted 223 struct SupportedImportFormatsRequest : public SupportedByAlgorithmRequest { SupportedImportFormatsRequestSupportedImportFormatsRequest224 explicit SupportedImportFormatsRequest(int32_t ver) : SupportedByAlgorithmRequest(ver) {} 225 }; 226 227 // TODO(swillden): Remove when Keymaster1 is deleted 228 struct SupportedExportFormatsRequest : public SupportedByAlgorithmRequest { SupportedExportFormatsRequestSupportedExportFormatsRequest229 explicit SupportedExportFormatsRequest(int32_t ver) : SupportedByAlgorithmRequest(ver) {} 230 }; 231 232 // TODO(swillden): Remove when Keymaster1 is deleted 233 struct SupportedByAlgorithmAndPurposeRequest : public KeymasterMessage { SupportedByAlgorithmAndPurposeRequestSupportedByAlgorithmAndPurposeRequest234 explicit SupportedByAlgorithmAndPurposeRequest(int32_t ver) : KeymasterMessage(ver) {} 235 SerializedSizeSupportedByAlgorithmAndPurposeRequest236 size_t SerializedSize() const override { return sizeof(uint32_t) * 2; }; SerializeSupportedByAlgorithmAndPurposeRequest237 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 238 buf = append_uint32_to_buf(buf, end, algorithm); 239 return append_uint32_to_buf(buf, end, purpose); 240 } DeserializeSupportedByAlgorithmAndPurposeRequest241 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 242 return copy_uint32_from_buf(buf_ptr, end, &algorithm) && 243 copy_uint32_from_buf(buf_ptr, end, &purpose); 244 } 245 246 keymaster_algorithm_t algorithm; 247 keymaster_purpose_t purpose; 248 }; 249 250 // TODO(swillden): Remove when Keymaster1 is deleted 251 struct SupportedBlockModesRequest : public SupportedByAlgorithmAndPurposeRequest { SupportedBlockModesRequestSupportedBlockModesRequest252 explicit SupportedBlockModesRequest(int32_t ver) : SupportedByAlgorithmAndPurposeRequest(ver) {} 253 }; 254 255 // TODO(swillden): Remove when Keymaster1 is deleted 256 struct SupportedPaddingModesRequest : public SupportedByAlgorithmAndPurposeRequest { SupportedPaddingModesRequestSupportedPaddingModesRequest257 explicit SupportedPaddingModesRequest(int32_t ver) 258 : SupportedByAlgorithmAndPurposeRequest(ver) {} 259 }; 260 261 // TODO(swillden): Remove when Keymaster1 is deleted 262 struct SupportedDigestsRequest : public SupportedByAlgorithmAndPurposeRequest { SupportedDigestsRequestSupportedDigestsRequest263 explicit SupportedDigestsRequest(int32_t ver) : SupportedByAlgorithmAndPurposeRequest(ver) {} 264 }; 265 266 // TODO(swillden): Remove when Keymaster1 is deleted 267 template <typename T> struct SupportedResponse : public KeymasterResponse { SupportedResponseSupportedResponse268 explicit SupportedResponse(int32_t ver) 269 : KeymasterResponse(ver), results(nullptr), results_length(0) {} ~SupportedResponseSupportedResponse270 ~SupportedResponse() { delete[] results; } 271 SetResultsSupportedResponse272 template <size_t N> void SetResults(const T (&arr)[N]) { SetResults(arr, N); } 273 SetResultsSupportedResponse274 void SetResults(const T* arr, size_t n) { 275 delete[] results; 276 results_length = 0; 277 results = dup_array(arr, n); 278 if (results == nullptr) { 279 error = KM_ERROR_MEMORY_ALLOCATION_FAILED; 280 } else { 281 results_length = n; 282 error = KM_ERROR_OK; 283 } 284 } 285 NonErrorSerializedSizeSupportedResponse286 size_t NonErrorSerializedSize() const override { 287 return sizeof(uint32_t) + results_length * sizeof(uint32_t); 288 } NonErrorSerializeSupportedResponse289 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override { 290 return append_uint32_array_to_buf(buf, end, results, results_length); 291 } NonErrorDeserializeSupportedResponse292 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 293 delete[] results; 294 results = nullptr; 295 UniquePtr<T[]> tmp; 296 if (!copy_uint32_array_from_buf(buf_ptr, end, &tmp, &results_length)) return false; 297 results = tmp.release(); 298 return true; 299 } 300 301 T* results; 302 size_t results_length; 303 }; 304 305 // TODO(swillden): Remove when Keymaster1 is deleted 306 struct SupportedAlgorithmsResponse : public SupportedResponse<keymaster_algorithm_t> { SupportedAlgorithmsResponseSupportedAlgorithmsResponse307 explicit SupportedAlgorithmsResponse(int32_t ver) 308 : SupportedResponse<keymaster_algorithm_t>(ver) {} 309 }; 310 311 // TODO(swillden): Remove when Keymaster1 is deleted 312 struct SupportedBlockModesResponse : public SupportedResponse<keymaster_block_mode_t> { SupportedBlockModesResponseSupportedBlockModesResponse313 explicit SupportedBlockModesResponse(int32_t ver) 314 : SupportedResponse<keymaster_block_mode_t>(ver) {} 315 }; 316 317 // TODO(swillden): Remove when Keymaster1 is deleted 318 struct SupportedPaddingModesResponse : public SupportedResponse<keymaster_padding_t> { SupportedPaddingModesResponseSupportedPaddingModesResponse319 explicit SupportedPaddingModesResponse(int32_t ver) 320 : SupportedResponse<keymaster_padding_t>(ver) {} 321 }; 322 323 // TODO(swillden): Remove when Keymaster1 is deleted 324 struct SupportedDigestsResponse : public SupportedResponse<keymaster_digest_t> { SupportedDigestsResponseSupportedDigestsResponse325 explicit SupportedDigestsResponse(int32_t ver) : SupportedResponse<keymaster_digest_t>(ver) {} 326 }; 327 328 // TODO(swillden): Remove when Keymaster1 is deleted 329 struct SupportedImportFormatsResponse : public SupportedResponse<keymaster_key_format_t> { SupportedImportFormatsResponseSupportedImportFormatsResponse330 explicit SupportedImportFormatsResponse(int32_t ver) 331 : SupportedResponse<keymaster_key_format_t>(ver) {} 332 }; 333 334 // TODO(swillden): Remove when Keymaster1 is deleted 335 struct SupportedExportFormatsResponse : public SupportedResponse<keymaster_key_format_t> { SupportedExportFormatsResponseSupportedExportFormatsResponse336 explicit SupportedExportFormatsResponse(int32_t ver) 337 : SupportedResponse<keymaster_key_format_t>(ver) {} 338 }; 339 340 struct GenerateKeyRequest : public KeymasterMessage { GenerateKeyRequestGenerateKeyRequest341 explicit GenerateKeyRequest(int32_t ver) : KeymasterMessage(ver) {} 342 343 size_t SerializedSize() const override; 344 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 345 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 346 347 AuthorizationSet key_description; 348 KeymasterKeyBlob attestation_signing_key_blob; 349 AuthorizationSet attest_key_params; 350 KeymasterBlob issuer_subject; 351 }; 352 353 struct GenerateKeyResponse : public KeymasterResponse { GenerateKeyResponseGenerateKeyResponse354 explicit GenerateKeyResponse(int32_t ver) 355 : KeymasterResponse(ver), key_blob{}, certificate_chain{} {} 356 357 size_t NonErrorSerializedSize() const override; 358 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 359 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 360 361 KeymasterKeyBlob key_blob; 362 AuthorizationSet enforced; 363 AuthorizationSet unenforced; 364 CertificateChain certificate_chain; 365 }; 366 367 struct GenerateRkpKeyRequest : KeymasterMessage { GenerateRkpKeyRequestGenerateRkpKeyRequest368 explicit GenerateRkpKeyRequest(int32_t ver) : KeymasterMessage(ver) {} 369 SerializedSizeGenerateRkpKeyRequest370 size_t SerializedSize() const override { return sizeof(uint8_t); } SerializeGenerateRkpKeyRequest371 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 372 return append_to_buf(buf, end, &test_mode, sizeof(uint8_t)); 373 } DeserializeGenerateRkpKeyRequest374 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 375 return copy_from_buf(buf_ptr, end, &test_mode, sizeof(uint8_t)); 376 } 377 378 bool test_mode = false; 379 }; 380 381 struct GenerateRkpKeyResponse : public KeymasterResponse { GenerateRkpKeyResponseGenerateRkpKeyResponse382 explicit GenerateRkpKeyResponse(int32_t ver) : KeymasterResponse(ver) {} 383 384 size_t NonErrorSerializedSize() const override; 385 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 386 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 387 388 KeymasterKeyBlob key_blob; 389 KeymasterBlob maced_public_key; 390 }; 391 392 struct GenerateCsrRequest : public KeymasterMessage { GenerateCsrRequestGenerateCsrRequest393 explicit GenerateCsrRequest(int32_t ver) : KeymasterMessage(ver) {} 394 ~GenerateCsrRequestGenerateCsrRequest395 ~GenerateCsrRequest() override { delete[] keys_to_sign_array; } 396 397 size_t SerializedSize() const override; 398 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 399 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 400 void SetKeyToSign(uint32_t index, const void* data, size_t length); 401 void SetEndpointEncCertChain(const void* data, size_t length); 402 void SetChallenge(const void* data, size_t length); 403 404 bool test_mode = false; 405 size_t num_keys = 0; 406 KeymasterBlob* keys_to_sign_array = nullptr; 407 KeymasterBlob endpoint_enc_cert_chain; 408 KeymasterBlob challenge; 409 }; 410 411 struct GenerateCsrResponse : public KeymasterResponse { GenerateCsrResponseGenerateCsrResponse412 explicit GenerateCsrResponse(int32_t ver) : KeymasterResponse(ver) {} 413 414 size_t NonErrorSerializedSize() const override; 415 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 416 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 417 418 KeymasterBlob keys_to_sign_mac; 419 KeymasterBlob device_info_blob; 420 KeymasterBlob protected_data_blob; 421 }; 422 423 struct GetKeyCharacteristicsRequest : public KeymasterMessage { GetKeyCharacteristicsRequestGetKeyCharacteristicsRequest424 explicit GetKeyCharacteristicsRequest(int32_t ver) : KeymasterMessage(ver) { 425 key_blob.key_material = nullptr; 426 key_blob.key_material_size = 0; 427 } 428 ~GetKeyCharacteristicsRequest(); 429 430 void SetKeyMaterial(const void* key_material, size_t length); SetKeyMaterialGetKeyCharacteristicsRequest431 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 432 SetKeyMaterial(blob.key_material, blob.key_material_size); 433 } 434 435 size_t SerializedSize() const override; 436 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 437 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 438 439 keymaster_key_blob_t key_blob; 440 AuthorizationSet additional_params; 441 }; 442 443 struct GetKeyCharacteristicsResponse : public KeymasterResponse { GetKeyCharacteristicsResponseGetKeyCharacteristicsResponse444 explicit GetKeyCharacteristicsResponse(int32_t ver) : KeymasterResponse(ver) {} 445 446 size_t NonErrorSerializedSize() const override; 447 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 448 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 449 450 AuthorizationSet enforced; 451 AuthorizationSet unenforced; 452 }; 453 454 struct BeginOperationRequest : public KeymasterMessage { BeginOperationRequestBeginOperationRequest455 explicit BeginOperationRequest(int32_t ver) : KeymasterMessage(ver) { 456 key_blob.key_material = nullptr; 457 key_blob.key_material_size = 0; 458 } ~BeginOperationRequestBeginOperationRequest459 ~BeginOperationRequest() { delete[] key_blob.key_material; } 460 461 void SetKeyMaterial(const void* key_material, size_t length); SetKeyMaterialBeginOperationRequest462 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 463 SetKeyMaterial(blob.key_material, blob.key_material_size); 464 } 465 466 size_t SerializedSize() const override; 467 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 468 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 469 470 keymaster_purpose_t purpose; 471 keymaster_key_blob_t key_blob; 472 AuthorizationSet additional_params; 473 }; 474 475 struct BeginOperationResponse : public KeymasterResponse { BeginOperationResponseBeginOperationResponse476 explicit BeginOperationResponse(int32_t ver) : KeymasterResponse(ver) {} 477 478 size_t NonErrorSerializedSize() const override; 479 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 480 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 481 482 keymaster_operation_handle_t op_handle; 483 AuthorizationSet output_params; 484 }; 485 486 struct UpdateOperationRequest : public KeymasterMessage { UpdateOperationRequestUpdateOperationRequest487 explicit UpdateOperationRequest(int32_t ver) : KeymasterMessage(ver) {} 488 489 size_t SerializedSize() const override; 490 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 491 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 492 493 keymaster_operation_handle_t op_handle; 494 Buffer input; 495 AuthorizationSet additional_params; 496 }; 497 498 struct UpdateOperationResponse : public KeymasterResponse { UpdateOperationResponseUpdateOperationResponse499 explicit UpdateOperationResponse(int32_t ver) : KeymasterResponse(ver), input_consumed(0) {} 500 501 size_t NonErrorSerializedSize() const override; 502 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 503 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 504 505 Buffer output; 506 size_t input_consumed; 507 AuthorizationSet output_params; 508 }; 509 510 struct FinishOperationRequest : public KeymasterMessage { FinishOperationRequestFinishOperationRequest511 explicit FinishOperationRequest(int32_t ver) : KeymasterMessage(ver) {} 512 513 size_t SerializedSize() const override; 514 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 515 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 516 517 keymaster_operation_handle_t op_handle; 518 Buffer input; 519 Buffer signature; 520 AuthorizationSet additional_params; 521 }; 522 523 struct FinishOperationResponse : public KeymasterResponse { FinishOperationResponseFinishOperationResponse524 explicit FinishOperationResponse(int32_t ver) : KeymasterResponse(ver) {} 525 526 size_t NonErrorSerializedSize() const override; 527 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 528 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 529 530 Buffer output; 531 AuthorizationSet output_params; 532 }; 533 534 struct AbortOperationRequest : public KeymasterMessage { AbortOperationRequestAbortOperationRequest535 explicit AbortOperationRequest(int32_t ver) : KeymasterMessage(ver) {} 536 SerializedSizeAbortOperationRequest537 size_t SerializedSize() const override { return sizeof(uint64_t); } SerializeAbortOperationRequest538 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 539 return append_uint64_to_buf(buf, end, op_handle); 540 } DeserializeAbortOperationRequest541 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 542 return copy_uint64_from_buf(buf_ptr, end, &op_handle); 543 } 544 545 keymaster_operation_handle_t op_handle; 546 }; 547 548 using AbortOperationResponse = EmptyKeymasterResponse; 549 550 struct AddEntropyRequest : public KeymasterMessage { AddEntropyRequestAddEntropyRequest551 explicit AddEntropyRequest(int32_t ver) : KeymasterMessage(ver) {} 552 553 size_t SerializedSize() const override; 554 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 555 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 556 557 Buffer random_data; 558 }; 559 560 using AddEntropyResponse = EmptyKeymasterResponse; 561 562 struct ImportKeyRequest : public KeymasterMessage { ImportKeyRequestImportKeyRequest563 explicit ImportKeyRequest(int32_t ver) : KeymasterMessage(ver) {} 564 565 size_t SerializedSize() const override; 566 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 567 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 568 569 AuthorizationSet key_description; 570 keymaster_key_format_t key_format; 571 KeymasterKeyBlob key_data; 572 KeymasterKeyBlob attestation_signing_key_blob; 573 AuthorizationSet attest_key_params; 574 KeymasterBlob issuer_subject; 575 }; 576 577 struct ImportKeyResponse : public KeymasterResponse { ImportKeyResponseImportKeyResponse578 explicit ImportKeyResponse(int32_t ver) 579 : KeymasterResponse(ver), key_blob{}, certificate_chain{} {} 580 void SetKeyMaterial(const void* key_material, size_t length); SetKeyMaterialImportKeyResponse581 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 582 SetKeyMaterial(blob.key_material, blob.key_material_size); 583 } 584 585 size_t NonErrorSerializedSize() const override; 586 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 587 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 588 589 KeymasterKeyBlob key_blob; 590 AuthorizationSet enforced; 591 AuthorizationSet unenforced; 592 CertificateChain certificate_chain; 593 }; 594 595 struct ExportKeyRequest : public KeymasterMessage { ExportKeyRequestExportKeyRequest596 explicit ExportKeyRequest(int32_t ver) : KeymasterMessage(ver) { 597 key_blob.key_material = nullptr; 598 key_blob.key_material_size = 0; 599 } ~ExportKeyRequestExportKeyRequest600 ~ExportKeyRequest() { delete[] key_blob.key_material; } 601 602 void SetKeyMaterial(const void* key_material, size_t length); SetKeyMaterialExportKeyRequest603 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 604 SetKeyMaterial(blob.key_material, blob.key_material_size); 605 } 606 607 size_t SerializedSize() const override; 608 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 609 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 610 611 AuthorizationSet additional_params; 612 keymaster_key_format_t key_format; 613 keymaster_key_blob_t key_blob; 614 }; 615 616 struct ExportKeyResponse : public KeymasterResponse { ExportKeyResponseExportKeyResponse617 explicit ExportKeyResponse(int32_t ver) : KeymasterResponse(ver), key_data(nullptr) {} ~ExportKeyResponseExportKeyResponse618 ~ExportKeyResponse() { delete[] key_data; } 619 620 void SetKeyMaterial(const void* key_material, size_t length); SetKeyMaterialExportKeyResponse621 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 622 SetKeyMaterial(blob.key_material, blob.key_material_size); 623 } 624 625 size_t NonErrorSerializedSize() const override; 626 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 627 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 628 629 uint8_t* key_data; 630 size_t key_data_length; 631 }; 632 633 struct DeleteKeyRequest : public KeymasterMessage { DeleteKeyRequestDeleteKeyRequest634 explicit DeleteKeyRequest(int32_t ver) : KeymasterMessage(ver) { 635 key_blob.key_material = nullptr; 636 key_blob.key_material_size = 0; 637 } ~DeleteKeyRequestDeleteKeyRequest638 ~DeleteKeyRequest() { delete[] key_blob.key_material; } 639 640 void SetKeyMaterial(const void* key_material, size_t length); SetKeyMaterialDeleteKeyRequest641 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 642 SetKeyMaterial(blob.key_material, blob.key_material_size); 643 } 644 645 size_t SerializedSize() const override; 646 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 647 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 648 649 keymaster_key_blob_t key_blob; 650 }; 651 652 using DeleteKeyResponse = EmptyKeymasterResponse; 653 654 struct DeleteAllKeysRequest : public EmptyKeymasterRequest { DeleteAllKeysRequestDeleteAllKeysRequest655 explicit DeleteAllKeysRequest(int32_t ver) : EmptyKeymasterRequest(ver) {} 656 }; 657 658 using DeleteAllKeysResponse = EmptyKeymasterResponse; 659 660 struct GetVersionRequest : public EmptyKeymasterRequest { 661 // GetVersionRequest ctor takes a version arg so it has the same signature as others, but the 662 // value is ignored because it is not not versionable. 663 explicit GetVersionRequest(uint32_t /* ver */ = 0) 664 : EmptyKeymasterRequest(0 /* not versionable */) {} 665 }; 666 667 struct GetVersionResponse : public KeymasterResponse { 668 // GetVersionResponse ctor takes a version arg so it has the same signature as others, but the 669 // value is ignored because it is not not versionable. 670 explicit GetVersionResponse(uint32_t /* ver */ = 0) 671 : KeymasterResponse(0 /* not versionable */), major_ver(0), minor_ver(0), subminor_ver(0) {} 672 673 size_t NonErrorSerializedSize() const override; 674 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 675 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 676 677 uint8_t major_ver; 678 uint8_t minor_ver; 679 uint8_t subminor_ver; 680 }; 681 682 struct AttestKeyRequest : public KeymasterMessage { AttestKeyRequestAttestKeyRequest683 explicit AttestKeyRequest(int32_t ver) : KeymasterMessage(ver) { 684 key_blob.key_material = nullptr; 685 key_blob.key_material_size = 0; 686 } 687 ~AttestKeyRequest(); 688 689 void SetKeyMaterial(const void* key_material, size_t length); SetKeyMaterialAttestKeyRequest690 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 691 SetKeyMaterial(blob.key_material, blob.key_material_size); 692 } 693 694 size_t SerializedSize() const override; 695 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 696 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 697 698 keymaster_key_blob_t key_blob; 699 AuthorizationSet attest_params; 700 }; 701 702 struct AttestKeyResponse : public KeymasterResponse { AttestKeyResponseAttestKeyResponse703 explicit AttestKeyResponse(int32_t ver) : KeymasterResponse(ver) {} 704 705 size_t NonErrorSerializedSize() const override; 706 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 707 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 708 709 CertificateChain certificate_chain; 710 }; 711 712 struct UpgradeKeyRequest : public KeymasterMessage { UpgradeKeyRequestUpgradeKeyRequest713 explicit UpgradeKeyRequest(int32_t ver) : KeymasterMessage(ver) { key_blob = {nullptr, 0}; } 714 ~UpgradeKeyRequest(); 715 716 void SetKeyMaterial(const void* key_material, size_t length); SetKeyMaterialUpgradeKeyRequest717 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 718 SetKeyMaterial(blob.key_material, blob.key_material_size); 719 } 720 721 size_t SerializedSize() const override; 722 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 723 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 724 725 keymaster_key_blob_t key_blob; 726 AuthorizationSet upgrade_params; 727 }; 728 729 struct UpgradeKeyResponse : public KeymasterResponse { UpgradeKeyResponseUpgradeKeyResponse730 explicit UpgradeKeyResponse(int32_t ver) : KeymasterResponse(ver) { 731 upgraded_key = {nullptr, 0}; 732 } 733 ~UpgradeKeyResponse(); 734 735 size_t NonErrorSerializedSize() const override; 736 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 737 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 738 739 keymaster_key_blob_t upgraded_key; 740 }; 741 742 struct ConfigureRequest : public KeymasterMessage { ConfigureRequestConfigureRequest743 explicit ConfigureRequest(int32_t ver) : KeymasterMessage(ver) {} 744 SerializedSizeConfigureRequest745 size_t SerializedSize() const override { return sizeof(os_version) + sizeof(os_patchlevel); } SerializeConfigureRequest746 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 747 buf = append_uint32_to_buf(buf, end, os_version); 748 return append_uint32_to_buf(buf, end, os_patchlevel); 749 } DeserializeConfigureRequest750 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 751 return copy_uint32_from_buf(buf_ptr, end, &os_version) && 752 copy_uint32_from_buf(buf_ptr, end, &os_patchlevel); 753 } 754 755 uint32_t os_version; 756 uint32_t os_patchlevel; // YYYYMM 757 }; 758 759 using ConfigureResponse = EmptyKeymasterResponse; 760 761 struct HmacSharingParameters : public Serializable { HmacSharingParametersHmacSharingParameters762 HmacSharingParameters() : seed({}) { memset(nonce, 0, sizeof(nonce)); } HmacSharingParametersHmacSharingParameters763 HmacSharingParameters(HmacSharingParameters&& other) { 764 seed = move(other.seed); 765 memcpy(nonce, other.nonce, sizeof(nonce)); 766 } 767 SetSeedHmacSharingParameters768 void SetSeed(KeymasterBlob&& value) { seed = move(value); } 769 770 size_t SerializedSize() const override; 771 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 772 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 773 774 KeymasterBlob seed{}; 775 uint8_t nonce[32]; 776 }; 777 778 struct HmacSharingParametersArray : public Serializable { HmacSharingParametersArrayHmacSharingParametersArray779 HmacSharingParametersArray() : params_array(nullptr), num_params(0) {} HmacSharingParametersArrayHmacSharingParametersArray780 HmacSharingParametersArray(HmacSharingParametersArray&& other) { 781 delete[] params_array; 782 params_array = other.params_array; 783 num_params = other.num_params; 784 other.params_array = nullptr; 785 other.num_params = 0; 786 } ~HmacSharingParametersArrayHmacSharingParametersArray787 ~HmacSharingParametersArray() override { delete[] params_array; } 788 789 size_t SerializedSize() const override; 790 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 791 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 792 793 HmacSharingParameters* params_array; 794 size_t num_params; 795 }; 796 797 struct GetHmacSharingParametersRequest : public EmptyKeymasterRequest { GetHmacSharingParametersRequestGetHmacSharingParametersRequest798 explicit GetHmacSharingParametersRequest(int32_t ver) : EmptyKeymasterRequest(ver) {} 799 }; 800 801 struct GetHmacSharingParametersResponse : public KeymasterResponse { GetHmacSharingParametersResponseGetHmacSharingParametersResponse802 explicit GetHmacSharingParametersResponse(int32_t ver) : KeymasterResponse(ver) {} GetHmacSharingParametersResponseGetHmacSharingParametersResponse803 GetHmacSharingParametersResponse(GetHmacSharingParametersResponse&& other) 804 : KeymasterResponse(other.message_version), params(move(other.params)) {} 805 SetSeedGetHmacSharingParametersResponse806 void SetSeed(KeymasterBlob&& seed_data) { params.SetSeed(move(seed_data)); } 807 NonErrorSerializedSizeGetHmacSharingParametersResponse808 size_t NonErrorSerializedSize() const override { return params.SerializedSize(); } NonErrorSerializeGetHmacSharingParametersResponse809 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override { 810 return params.Serialize(buf, end); 811 } NonErrorDeserializeGetHmacSharingParametersResponse812 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 813 return params.Deserialize(buf_ptr, end); 814 } 815 816 HmacSharingParameters params; 817 }; 818 819 struct ComputeSharedHmacRequest : public KeymasterMessage { ComputeSharedHmacRequestComputeSharedHmacRequest820 explicit ComputeSharedHmacRequest(int32_t ver) : KeymasterMessage(ver) {} 821 SerializedSizeComputeSharedHmacRequest822 size_t SerializedSize() const override { return params_array.SerializedSize(); } SerializeComputeSharedHmacRequest823 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 824 return params_array.Serialize(buf, end); 825 } DeserializeComputeSharedHmacRequest826 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 827 return params_array.Deserialize(buf_ptr, end); 828 } 829 830 HmacSharingParametersArray params_array; 831 }; 832 833 struct ComputeSharedHmacResponse : public KeymasterResponse { ComputeSharedHmacResponseComputeSharedHmacResponse834 explicit ComputeSharedHmacResponse(int32_t ver) : KeymasterResponse(ver) {} ComputeSharedHmacResponseComputeSharedHmacResponse835 ComputeSharedHmacResponse(ComputeSharedHmacResponse&& other) : KeymasterResponse(move(other)) { 836 sharing_check = move(other.sharing_check); 837 } 838 839 size_t NonErrorSerializedSize() const override; 840 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 841 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 842 843 KeymasterBlob sharing_check; 844 }; 845 846 struct ImportWrappedKeyRequest : public KeymasterMessage { ImportWrappedKeyRequestImportWrappedKeyRequest847 explicit ImportWrappedKeyRequest(int32_t ver) : KeymasterMessage(ver) {} 848 849 void SetWrappedMaterial(const void* key_material, size_t length); 850 void SetWrappingMaterial(const void* key_material, size_t length); 851 void SetMaskingKeyMaterial(const void* key_material, size_t length); 852 SetKeyMaterialImportWrappedKeyRequest853 void SetKeyMaterial(const keymaster_key_blob_t& wrapped, const keymaster_key_blob_t& wrapping) { 854 SetWrappedMaterial(wrapped.key_material, wrapped.key_material_size); 855 SetWrappingMaterial(wrapping.key_material, wrapping.key_material_size); 856 } 857 858 size_t SerializedSize() const override; 859 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 860 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 861 862 KeymasterKeyBlob wrapped_key; 863 KeymasterKeyBlob wrapping_key; 864 KeymasterKeyBlob masking_key; 865 AuthorizationSet additional_params; 866 uint64_t password_sid; 867 uint64_t biometric_sid; 868 }; 869 870 struct ImportWrappedKeyResponse : public KeymasterResponse { 871 explicit ImportWrappedKeyResponse(int32_t ver = kDefaultMessageVersion) KeymasterResponseImportWrappedKeyResponse872 : KeymasterResponse(ver), key_blob{}, certificate_chain{} {} 873 void SetKeyMaterial(const void* key_material, size_t length); SetKeyMaterialImportWrappedKeyResponse874 void SetKeyMaterial(const keymaster_key_blob_t& blob) { 875 SetKeyMaterial(blob.key_material, blob.key_material_size); 876 } 877 878 size_t NonErrorSerializedSize() const override; 879 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override; 880 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 881 882 KeymasterKeyBlob key_blob; 883 AuthorizationSet enforced; 884 AuthorizationSet unenforced; 885 CertificateChain certificate_chain; 886 }; 887 888 struct HardwareAuthToken : public Serializable { 889 HardwareAuthToken() = default; HardwareAuthTokenHardwareAuthToken890 HardwareAuthToken(HardwareAuthToken&& other) { 891 challenge = other.challenge; 892 user_id = other.user_id; 893 authenticator_id = other.authenticator_id; 894 authenticator_type = other.authenticator_type; 895 timestamp = other.timestamp; 896 mac = move(other.mac); 897 } 898 899 size_t SerializedSize() const override; 900 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 901 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 902 903 uint64_t challenge{}; 904 uint64_t user_id{}; 905 uint64_t authenticator_id{}; 906 hw_authenticator_type_t authenticator_type{}; 907 uint64_t timestamp{}; 908 KeymasterBlob mac; 909 }; 910 911 struct VerificationToken : public Serializable { 912 VerificationToken() = default; VerificationTokenVerificationToken913 VerificationToken(VerificationToken&& other) { 914 challenge = other.challenge; 915 timestamp = other.timestamp; 916 parameters_verified = move(other.parameters_verified); 917 security_level = other.security_level; 918 mac = move(other.mac); 919 } 920 921 size_t SerializedSize() const override; 922 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override; 923 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 924 925 uint64_t challenge{}; 926 uint64_t timestamp{}; 927 AuthorizationSet parameters_verified{}; 928 keymaster_security_level_t security_level{}; 929 KeymasterBlob mac{}; 930 }; 931 932 struct VerifyAuthorizationRequest : public KeymasterMessage { VerifyAuthorizationRequestVerifyAuthorizationRequest933 explicit VerifyAuthorizationRequest(int32_t ver) : KeymasterMessage(ver) {} 934 VerifyAuthorizationRequest(VerifyAuthorizationRequest&& other) = default; 935 SerializedSizeVerifyAuthorizationRequest936 size_t SerializedSize() const override { 937 return sizeof(challenge) + parameters_to_verify.SerializedSize() + 938 auth_token.SerializedSize(); 939 } 940 SerializeVerifyAuthorizationRequest941 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 942 buf = append_uint64_to_buf(buf, end, challenge); 943 buf = parameters_to_verify.Serialize(buf, end); 944 return auth_token.Serialize(buf, end); 945 } 946 DeserializeVerifyAuthorizationRequest947 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 948 return (copy_uint64_from_buf(buf_ptr, end, &challenge) && 949 parameters_to_verify.Deserialize(buf_ptr, end) && 950 auth_token.Deserialize(buf_ptr, end)); 951 } 952 953 uint64_t challenge{}; 954 AuthorizationSet parameters_to_verify; 955 HardwareAuthToken auth_token; 956 }; 957 958 struct VerifyAuthorizationResponse : public KeymasterResponse { VerifyAuthorizationResponseVerifyAuthorizationResponse959 explicit VerifyAuthorizationResponse(int32_t ver) : KeymasterResponse(ver) {} 960 VerifyAuthorizationResponse(VerifyAuthorizationResponse&& other) = default; 961 NonErrorSerializedSizeVerifyAuthorizationResponse962 size_t NonErrorSerializedSize() const override { 963 return sizeof(error) + token.SerializedSize(); 964 } NonErrorSerializeVerifyAuthorizationResponse965 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override { 966 buf = append_uint32_to_buf(buf, end, error); 967 return token.Serialize(buf, end); 968 } NonErrorDeserializeVerifyAuthorizationResponse969 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 970 return copy_uint32_from_buf(buf_ptr, end, &error) && token.Deserialize(buf_ptr, end); 971 } 972 973 VerificationToken token; 974 }; 975 976 struct EarlyBootEndedRequest : public EmptyKeymasterRequest { EarlyBootEndedRequestEarlyBootEndedRequest977 explicit EarlyBootEndedRequest(int32_t ver) : EmptyKeymasterRequest(ver) {} 978 }; 979 980 struct EarlyBootEndedResponse : public KeymasterResponse { EarlyBootEndedResponseEarlyBootEndedResponse981 explicit EarlyBootEndedResponse(int32_t ver) : KeymasterResponse(ver) {} 982 NonErrorSerializedSizeEarlyBootEndedResponse983 size_t NonErrorSerializedSize() const override { return 0; } NonErrorSerializeEarlyBootEndedResponse984 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; } NonErrorDeserializeEarlyBootEndedResponse985 bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; } 986 }; 987 988 struct DeviceLockedRequest : public KeymasterMessage { DeviceLockedRequestDeviceLockedRequest989 explicit DeviceLockedRequest(int32_t ver) : KeymasterMessage(ver) {} DeviceLockedRequestDeviceLockedRequest990 explicit DeviceLockedRequest(int32_t ver, bool passwordOnly_, VerificationToken&& token_) 991 : KeymasterMessage(ver), passwordOnly(passwordOnly_), token(move(token_)) {} 992 SerializedSizeDeviceLockedRequest993 size_t SerializedSize() const override { return 1; } SerializeDeviceLockedRequest994 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 995 if (buf < end) *buf++ = passwordOnly ? 1 : 0; 996 return token.Serialize(buf, end); 997 } DeserializeDeviceLockedRequest998 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 999 if (*buf_ptr >= end) return false; 1000 passwordOnly = !!*(*buf_ptr)++; 1001 return token.Deserialize(buf_ptr, end); 1002 } 1003 1004 bool passwordOnly; 1005 VerificationToken token; 1006 }; 1007 1008 struct DeviceLockedResponse : public KeymasterResponse { DeviceLockedResponseDeviceLockedResponse1009 explicit DeviceLockedResponse(int32_t ver) : KeymasterResponse(ver) {} 1010 NonErrorSerializedSizeDeviceLockedResponse1011 size_t NonErrorSerializedSize() const override { return 0; } NonErrorSerializeDeviceLockedResponse1012 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; } NonErrorDeserializeDeviceLockedResponse1013 bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; } 1014 }; 1015 1016 struct GetVersion2Request : public KeymasterMessage { 1017 // GetVersion2Request ctor takes a version arg so it has the same signature as others, but the 1018 // value is ignored because it's not versionable. 1019 explicit GetVersion2Request(uint32_t /* ver */ = 0) 1020 : KeymasterMessage(0 /* not versionable */) {} 1021 SerializedSizeGetVersion2Request1022 size_t SerializedSize() const override { return sizeof(uint32_t); /* max message version */ } SerializeGetVersion2Request1023 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 1024 return append_uint32_to_buf(buf, end, max_message_version); 1025 } DeserializeGetVersion2Request1026 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 1027 return copy_uint32_from_buf(buf_ptr, end, &max_message_version); 1028 } 1029 1030 uint32_t max_message_version = kDefaultMessageVersion; 1031 }; 1032 1033 struct GetVersion2Response : public KeymasterResponse { 1034 // GetVersion2Request ctor takes a version arg so it has the same signature as others, but the 1035 // value is ignored because it's not versionable. 1036 explicit GetVersion2Response(uint32_t /* ver */ = 0) 1037 : KeymasterResponse(0 /* not versionable */) {} 1038 1039 size_t NonErrorSerializedSize() const override; 1040 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override; 1041 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override; 1042 1043 uint32_t max_message_version; 1044 KmVersion km_version; 1045 uint32_t km_date; 1046 }; 1047 1048 struct TimestampToken : public Serializable { 1049 explicit TimestampToken() = default; TimestampTokenTimestampToken1050 TimestampToken(TimestampToken&& other) { 1051 challenge = other.challenge; 1052 timestamp = other.timestamp; 1053 security_level = other.security_level; 1054 mac = move(other.mac); 1055 } SerializedSizeTimestampToken1056 size_t SerializedSize() const override { 1057 return sizeof(challenge) + sizeof(timestamp) + sizeof(security_level) + 1058 mac.SerializedSize(); 1059 } SerializeTimestampToken1060 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 1061 buf = append_uint64_to_buf(buf, end, challenge); 1062 buf = append_uint64_to_buf(buf, end, timestamp); 1063 buf = append_uint32_to_buf(buf, end, security_level); 1064 return mac.Serialize(buf, end); 1065 } DeserializeTimestampToken1066 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 1067 return copy_uint64_from_buf(buf_ptr, end, &challenge) && 1068 copy_uint64_from_buf(buf_ptr, end, ×tamp) && 1069 copy_uint32_from_buf(buf_ptr, end, &security_level) && mac.Deserialize(buf_ptr, end); 1070 } 1071 uint64_t challenge{}; 1072 uint64_t timestamp{}; 1073 keymaster_security_level_t security_level{}; 1074 KeymasterBlob mac{}; 1075 }; 1076 1077 struct GenerateTimestampTokenRequest : public KeymasterMessage { GenerateTimestampTokenRequestGenerateTimestampTokenRequest1078 explicit GenerateTimestampTokenRequest(int32_t ver) : KeymasterMessage(ver), challenge{} {} SerializedSizeGenerateTimestampTokenRequest1079 size_t SerializedSize() const override { return sizeof(challenge); } SerializeGenerateTimestampTokenRequest1080 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 1081 return append_uint64_to_buf(buf, end, challenge); 1082 } DeserializeGenerateTimestampTokenRequest1083 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 1084 return copy_uint64_from_buf(buf_ptr, end, &challenge); 1085 } 1086 uint64_t challenge; 1087 }; 1088 1089 struct GenerateTimestampTokenResponse : public KeymasterResponse { GenerateTimestampTokenResponseGenerateTimestampTokenResponse1090 explicit GenerateTimestampTokenResponse(int32_t ver) : KeymasterResponse(ver), token{} {} NonErrorSerializedSizeGenerateTimestampTokenResponse1091 size_t NonErrorSerializedSize() const override { return token.SerializedSize(); } NonErrorSerializeGenerateTimestampTokenResponse1092 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override { 1093 return token.Serialize(buf, end); 1094 } NonErrorDeserializeGenerateTimestampTokenResponse1095 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 1096 return token.Deserialize(buf_ptr, end); 1097 } 1098 TimestampToken token; 1099 }; 1100 1101 struct SetAttestationIdsRequest : public KeymasterMessage { SetAttestationIdsRequestSetAttestationIdsRequest1102 explicit SetAttestationIdsRequest(int32_t ver) : KeymasterMessage(ver) {} SerializedSizeSetAttestationIdsRequest1103 size_t SerializedSize() const override { 1104 return brand.SerializedSize() // 1105 + device.SerializedSize() // 1106 + product.SerializedSize() // 1107 + serial.SerializedSize() // 1108 + imei.SerializedSize() // 1109 + meid.SerializedSize() // 1110 + manufacturer.SerializedSize() // 1111 + model.SerializedSize(); 1112 } 1113 SerializeSetAttestationIdsRequest1114 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 1115 buf = brand.Serialize(buf, end); 1116 buf = device.Serialize(buf, end); 1117 buf = product.Serialize(buf, end); 1118 buf = serial.Serialize(buf, end); 1119 buf = imei.Serialize(buf, end); 1120 buf = meid.Serialize(buf, end); 1121 buf = manufacturer.Serialize(buf, end); 1122 return model.Serialize(buf, end); 1123 } 1124 DeserializeSetAttestationIdsRequest1125 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 1126 return brand.Deserialize(buf_ptr, end) // 1127 && device.Deserialize(buf_ptr, end) // 1128 && product.Deserialize(buf_ptr, end) // 1129 && serial.Deserialize(buf_ptr, end) // 1130 && imei.Deserialize(buf_ptr, end) // 1131 && meid.Deserialize(buf_ptr, end) // 1132 && manufacturer.Deserialize(buf_ptr, end) // 1133 && model.Deserialize(buf_ptr, end); // 1134 } 1135 1136 Buffer brand; 1137 Buffer device; 1138 Buffer product; 1139 Buffer serial; 1140 Buffer imei; 1141 Buffer meid; 1142 Buffer manufacturer; 1143 Buffer model; 1144 }; 1145 1146 using SetAttestationIdsResponse = EmptyKeymasterResponse; 1147 1148 struct ConfigureVendorPatchlevelRequest : public KeymasterMessage { ConfigureVendorPatchlevelRequestConfigureVendorPatchlevelRequest1149 explicit ConfigureVendorPatchlevelRequest(int32_t ver) : KeymasterMessage(ver) {} 1150 SerializedSizeConfigureVendorPatchlevelRequest1151 size_t SerializedSize() const override { return sizeof(vendor_patchlevel); } SerializeConfigureVendorPatchlevelRequest1152 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 1153 return append_uint32_to_buf(buf, end, vendor_patchlevel); 1154 } DeserializeConfigureVendorPatchlevelRequest1155 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 1156 return copy_uint32_from_buf(buf_ptr, end, &vendor_patchlevel); 1157 } 1158 1159 uint32_t vendor_patchlevel{}; // YYYYMMDD 1160 }; 1161 1162 using ConfigureVendorPatchlevelResponse = EmptyKeymasterResponse; 1163 1164 struct ConfigureBootPatchlevelRequest : public KeymasterMessage { ConfigureBootPatchlevelRequestConfigureBootPatchlevelRequest1165 explicit ConfigureBootPatchlevelRequest(int32_t ver) : KeymasterMessage(ver) {} 1166 SerializedSizeConfigureBootPatchlevelRequest1167 size_t SerializedSize() const override { return sizeof(boot_patchlevel); } SerializeConfigureBootPatchlevelRequest1168 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { 1169 return append_uint32_to_buf(buf, end, boot_patchlevel); 1170 } DeserializeConfigureBootPatchlevelRequest1171 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { 1172 return copy_uint32_from_buf(buf_ptr, end, &boot_patchlevel); 1173 } 1174 1175 uint32_t boot_patchlevel{}; // YYYYMMDD 1176 }; 1177 1178 using ConfigureBootPatchlevelResponse = EmptyKeymasterResponse; 1179 1180 } // namespace keymaster 1181