1 /*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymaster/android_keymaster_messages.h>
18 #include <keymaster/android_keymaster_utils.h>
19
20 namespace keymaster {
21
22 namespace {
23
24 /*
25 * Helper functions for working with key blobs.
26 */
27
set_key_blob(keymaster_key_blob_t * key_blob,const void * key_material,size_t length)28 void set_key_blob(keymaster_key_blob_t* key_blob, const void* key_material, size_t length) {
29 delete[] key_blob->key_material;
30 key_blob->key_material = dup_buffer(key_material, length);
31 key_blob->key_material_size = length;
32 }
33
key_blob_size(const keymaster_key_blob_t & key_blob)34 size_t key_blob_size(const keymaster_key_blob_t& key_blob) {
35 return sizeof(uint32_t) /* key size */ + key_blob.key_material_size;
36 }
37
serialize_key_blob(const keymaster_key_blob_t & key_blob,uint8_t * buf,const uint8_t * end)38 uint8_t* serialize_key_blob(const keymaster_key_blob_t& key_blob, uint8_t* buf,
39 const uint8_t* end) {
40 return append_size_and_data_to_buf(buf, end, key_blob.key_material, key_blob.key_material_size);
41 }
42
deserialize_key_blob(keymaster_key_blob_t * key_blob,const uint8_t ** buf_ptr,const uint8_t * end)43 bool deserialize_key_blob(keymaster_key_blob_t* key_blob, const uint8_t** buf_ptr,
44 const uint8_t* end) {
45 delete[] key_blob->key_material;
46 key_blob->key_material = nullptr;
47 UniquePtr<uint8_t[]> deserialized_key_material;
48 if (!copy_size_and_data_from_buf(buf_ptr, end, &key_blob->key_material_size,
49 &deserialized_key_material))
50 return false;
51 key_blob->key_material = deserialized_key_material.release();
52 return true;
53 }
54
set_blob(keymaster_blob_t * blob,const void * data,size_t length)55 void set_blob(keymaster_blob_t* blob, const void* data, size_t length) {
56 assert(blob);
57 assert(data);
58 delete[] blob->data;
59 blob->data = dup_buffer(data, length);
60 blob->data_length = length;
61 }
62
blob_size(const keymaster_blob_t & blob)63 size_t blob_size(const keymaster_blob_t& blob) {
64 return sizeof(uint32_t) /* data size */ + blob.data_length;
65 }
66
serialize_blob(const keymaster_blob_t & blob,uint8_t * buf,const uint8_t * end)67 uint8_t* serialize_blob(const keymaster_blob_t& blob, uint8_t* buf, const uint8_t* end) {
68 return append_size_and_data_to_buf(buf, end, blob.data, blob.data_length);
69 }
70
deserialize_blob(keymaster_blob_t * blob,const uint8_t ** buf_ptr,const uint8_t * end)71 bool deserialize_blob(keymaster_blob_t* blob, const uint8_t** buf_ptr, const uint8_t* end) {
72 delete[] blob->data;
73 *blob = {};
74 UniquePtr<uint8_t[]> deserialized_blob;
75 if (!copy_size_and_data_from_buf(buf_ptr, end, &blob->data_length, &deserialized_blob))
76 return false;
77 blob->data = deserialized_blob.release();
78 return true;
79 }
80
81 /*
82 * Helper functions for working with certificate chains.
83 */
84 const size_t kMaxChainEntryCount = 10;
85
chain_size(const keymaster_cert_chain_t & certificate_chain)86 size_t chain_size(const keymaster_cert_chain_t& certificate_chain) {
87 size_t result = sizeof(uint32_t); /* certificate_chain.entry_count */
88 for (size_t i = 0; i < certificate_chain.entry_count; ++i) {
89 result += sizeof(uint32_t); /* certificate_chain.entries[i].data_length */
90 result += certificate_chain.entries[i].data_length;
91 }
92 return result;
93 }
94
serialize_chain(const keymaster_cert_chain_t & certificate_chain,uint8_t * buf,const uint8_t * end)95 uint8_t* serialize_chain(const keymaster_cert_chain_t& certificate_chain, uint8_t* buf,
96 const uint8_t* end) {
97 buf = append_uint32_to_buf(buf, end, certificate_chain.entry_count);
98 for (size_t i = 0; i < certificate_chain.entry_count; ++i) {
99 buf = append_size_and_data_to_buf(buf, end, certificate_chain.entries[i].data,
100 certificate_chain.entries[i].data_length);
101 }
102 return buf;
103 }
104
deserialize_chain(const uint8_t ** buf_ptr,const uint8_t * end)105 CertificateChain deserialize_chain(const uint8_t** buf_ptr, const uint8_t* end) {
106 size_t entry_count;
107 if (!copy_uint32_from_buf(buf_ptr, end, &entry_count) || entry_count > kMaxChainEntryCount) {
108 return {};
109 }
110
111 CertificateChain certificate_chain(entry_count);
112 if (!certificate_chain.entries) return {};
113
114 for (size_t i = 0; i < certificate_chain.entry_count; ++i) {
115 UniquePtr<uint8_t[]> data;
116 size_t data_length;
117 if (!copy_size_and_data_from_buf(buf_ptr, end, &data_length, &data)) return {};
118 certificate_chain.entries[i].data = data.release();
119 certificate_chain.entries[i].data_length = data_length;
120 }
121
122 return certificate_chain;
123 }
124
125 } // namespace
126
NegotiateMessageVersion(const GetVersionResponse & response,keymaster_error_t * error)127 int32_t NegotiateMessageVersion(const GetVersionResponse& response, keymaster_error_t* error) {
128 switch (response.major_ver) {
129 case 1: // KM1
130 switch (response.minor_ver) {
131 case 0:
132 return MessageVersion(KmVersion::KEYMASTER_1, 0 /* km_date */);
133 case 1:
134 return MessageVersion(KmVersion::KEYMASTER_1_1, 0 /* km_date */);
135 }
136 break;
137 case 2:
138 return MessageVersion(KmVersion::KEYMASTER_2, 0 /* km_date */);
139 case 3:
140 return MessageVersion(KmVersion::KEYMASTER_3, 0 /* km_date */);
141 case 4:
142 switch (response.minor_ver) {
143 case 0:
144 return MessageVersion(KmVersion::KEYMASTER_4, 0 /* km_date */);
145 case 1:
146 return MessageVersion(KmVersion::KEYMASTER_4_1, 0 /* km_date */);
147 }
148 break;
149 }
150
151 *error = KM_ERROR_UNKNOWN_ERROR;
152 return -1;
153 }
154
NegotiateMessageVersion(const GetVersion2Request & request,const GetVersion2Response & response)155 int32_t NegotiateMessageVersion(const GetVersion2Request& request,
156 const GetVersion2Response& response) {
157 return request.max_message_version < response.max_message_version
158 ? request.max_message_version
159 : response.max_message_version;
160 }
161
SerializedSize() const162 size_t KeymasterResponse::SerializedSize() const {
163 if (error != KM_ERROR_OK)
164 return sizeof(int32_t);
165 else
166 return sizeof(int32_t) + NonErrorSerializedSize();
167 }
168
Serialize(uint8_t * buf,const uint8_t * end) const169 uint8_t* KeymasterResponse::Serialize(uint8_t* buf, const uint8_t* end) const {
170 buf = append_uint32_to_buf(buf, end, static_cast<uint32_t>(error));
171 if (error == KM_ERROR_OK) buf = NonErrorSerialize(buf, end);
172 return buf;
173 }
174
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)175 bool KeymasterResponse::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
176 if (!copy_uint32_from_buf(buf_ptr, end, &error)) return false;
177 if (error != KM_ERROR_OK) return true;
178 return NonErrorDeserialize(buf_ptr, end);
179 }
180
SerializedSize() const181 size_t GenerateKeyRequest::SerializedSize() const {
182 size_t size = key_description.SerializedSize();
183 if (message_version < 4) return size;
184 return size //
185 + key_blob_size(attestation_signing_key_blob) //
186 + attest_key_params.SerializedSize() //
187 + blob_size(issuer_subject);
188 }
189
Serialize(uint8_t * buf,const uint8_t * end) const190 uint8_t* GenerateKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
191 buf = key_description.Serialize(buf, end);
192 if (message_version < 4) return buf;
193 buf = serialize_key_blob(attestation_signing_key_blob, buf, end);
194 buf = attest_key_params.Serialize(buf, end);
195 return serialize_blob(issuer_subject, buf, end);
196 }
197
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)198 bool GenerateKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
199 if (!key_description.Deserialize(buf_ptr, end)) return false;
200 if (message_version < 4) return true;
201 return deserialize_key_blob(&attestation_signing_key_blob, buf_ptr, end) //
202 && attest_key_params.Deserialize(buf_ptr, end) //
203 && deserialize_blob(&issuer_subject, buf_ptr, end);
204 }
205
NonErrorSerializedSize() const206 size_t GenerateKeyResponse::NonErrorSerializedSize() const {
207 size_t result =
208 key_blob_size(key_blob) + enforced.SerializedSize() + unenforced.SerializedSize();
209 if (message_version < 4) return result;
210 return result + chain_size(certificate_chain);
211 }
212
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const213 uint8_t* GenerateKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
214 buf = serialize_key_blob(key_blob, buf, end);
215 buf = enforced.Serialize(buf, end);
216 buf = unenforced.Serialize(buf, end);
217 if (message_version < 4) return buf;
218 return serialize_chain(certificate_chain, buf, end);
219 }
220
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)221 bool GenerateKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
222 if (!deserialize_key_blob(&key_blob, buf_ptr, end) || //
223 !enforced.Deserialize(buf_ptr, end) || //
224 !unenforced.Deserialize(buf_ptr, end)) {
225 return false;
226 }
227 if (message_version < 4) return true;
228 certificate_chain = deserialize_chain(buf_ptr, end);
229 return !!certificate_chain.entries;
230 }
231
NonErrorSerializedSize() const232 size_t GenerateRkpKeyResponse::NonErrorSerializedSize() const {
233 return key_blob_size(key_blob) + blob_size(maced_public_key);
234 }
235
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const236 uint8_t* GenerateRkpKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
237 buf = serialize_key_blob(key_blob, buf, end);
238 return serialize_blob(maced_public_key, buf, end);
239 }
240
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)241 bool GenerateRkpKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
242 return deserialize_key_blob(&key_blob, buf_ptr, end) &&
243 deserialize_blob(&maced_public_key, buf_ptr, end);
244 }
245
SerializedSize() const246 size_t GenerateCsrRequest::SerializedSize() const {
247 size_t size = sizeof(uint8_t); /* test_mode */
248 size += sizeof(uint32_t); /* num_keys */
249 for (size_t i = 0; i < num_keys; i++) {
250 size += blob_size(keys_to_sign_array[i]);
251 }
252 size += blob_size(endpoint_enc_cert_chain);
253 size += blob_size(challenge);
254 return size;
255 }
256
Serialize(uint8_t * buf,const uint8_t * end) const257 uint8_t* GenerateCsrRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
258 buf = append_to_buf(buf, end, &test_mode, sizeof(uint8_t));
259 buf = append_uint32_to_buf(buf, end, num_keys);
260 for (size_t i = 0; i < num_keys; i++) {
261 buf = serialize_blob(keys_to_sign_array[i], buf, end);
262 }
263 buf = serialize_blob(endpoint_enc_cert_chain, buf, end);
264 return serialize_blob(challenge, buf, end);
265 }
266
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)267 bool GenerateCsrRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
268 if (!copy_from_buf(buf_ptr, end, &test_mode, sizeof(uint8_t)) ||
269 !copy_from_buf(buf_ptr, end, &num_keys, sizeof(uint32_t))) {
270 return false;
271 }
272 keys_to_sign_array = new (std::nothrow) KeymasterBlob[num_keys];
273 if (!keys_to_sign_array) return false;
274 for (size_t i = 0; i < num_keys; i++) {
275 if (!deserialize_blob(&keys_to_sign_array[i], buf_ptr, end)) return false;
276 }
277 return deserialize_blob(&endpoint_enc_cert_chain, buf_ptr, end) &&
278 deserialize_blob(&challenge, buf_ptr, end);
279 }
280
SetKeyToSign(uint32_t index,const void * data,size_t length)281 void GenerateCsrRequest::SetKeyToSign(uint32_t index, const void* data, size_t length) {
282 if (index >= num_keys) {
283 return;
284 }
285 set_blob(&keys_to_sign_array[index], data, length);
286 }
287
SetEndpointEncCertChain(const void * data,size_t length)288 void GenerateCsrRequest::SetEndpointEncCertChain(const void* data, size_t length) {
289 set_blob(&endpoint_enc_cert_chain, data, length);
290 }
291
SetChallenge(const void * data,size_t length)292 void GenerateCsrRequest::SetChallenge(const void* data, size_t length) {
293 set_blob(&challenge, data, length);
294 }
295
NonErrorSerializedSize() const296 size_t GenerateCsrResponse::NonErrorSerializedSize() const {
297 return blob_size(keys_to_sign_mac) + blob_size(device_info_blob) +
298 blob_size(protected_data_blob);
299 }
300
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const301 uint8_t* GenerateCsrResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
302 buf = serialize_blob(keys_to_sign_mac, buf, end);
303 buf = serialize_blob(device_info_blob, buf, end);
304 return serialize_blob(protected_data_blob, buf, end);
305 }
306
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)307 bool GenerateCsrResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
308 return deserialize_blob(&keys_to_sign_mac, buf_ptr, end) &&
309 deserialize_blob(&device_info_blob, buf_ptr, end) &&
310 deserialize_blob(&protected_data_blob, buf_ptr, end);
311 }
312
~GetKeyCharacteristicsRequest()313 GetKeyCharacteristicsRequest::~GetKeyCharacteristicsRequest() {
314 delete[] key_blob.key_material;
315 }
316
SetKeyMaterial(const void * key_material,size_t length)317 void GetKeyCharacteristicsRequest::SetKeyMaterial(const void* key_material, size_t length) {
318 set_key_blob(&key_blob, key_material, length);
319 }
320
SerializedSize() const321 size_t GetKeyCharacteristicsRequest::SerializedSize() const {
322 return key_blob_size(key_blob) + additional_params.SerializedSize();
323 }
324
Serialize(uint8_t * buf,const uint8_t * end) const325 uint8_t* GetKeyCharacteristicsRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
326 buf = serialize_key_blob(key_blob, buf, end);
327 return additional_params.Serialize(buf, end);
328 }
329
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)330 bool GetKeyCharacteristicsRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
331 return deserialize_key_blob(&key_blob, buf_ptr, end) &&
332 additional_params.Deserialize(buf_ptr, end);
333 }
334
NonErrorSerializedSize() const335 size_t GetKeyCharacteristicsResponse::NonErrorSerializedSize() const {
336 return enforced.SerializedSize() + unenforced.SerializedSize();
337 }
338
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const339 uint8_t* GetKeyCharacteristicsResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
340 buf = enforced.Serialize(buf, end);
341 return unenforced.Serialize(buf, end);
342 }
343
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)344 bool GetKeyCharacteristicsResponse::NonErrorDeserialize(const uint8_t** buf_ptr,
345 const uint8_t* end) {
346 return enforced.Deserialize(buf_ptr, end) && unenforced.Deserialize(buf_ptr, end);
347 }
348
SetKeyMaterial(const void * key_material,size_t length)349 void BeginOperationRequest::SetKeyMaterial(const void* key_material, size_t length) {
350 set_key_blob(&key_blob, key_material, length);
351 }
352
SerializedSize() const353 size_t BeginOperationRequest::SerializedSize() const {
354 return sizeof(uint32_t) /* purpose */ + key_blob_size(key_blob) +
355 additional_params.SerializedSize();
356 }
357
Serialize(uint8_t * buf,const uint8_t * end) const358 uint8_t* BeginOperationRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
359 buf = append_uint32_to_buf(buf, end, purpose);
360 buf = serialize_key_blob(key_blob, buf, end);
361 return additional_params.Serialize(buf, end);
362 }
363
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)364 bool BeginOperationRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
365 return copy_uint32_from_buf(buf_ptr, end, &purpose) &&
366 deserialize_key_blob(&key_blob, buf_ptr, end) &&
367 additional_params.Deserialize(buf_ptr, end);
368 }
369
NonErrorSerializedSize() const370 size_t BeginOperationResponse::NonErrorSerializedSize() const {
371 if (message_version == 0)
372 return sizeof(op_handle);
373 else
374 return sizeof(op_handle) + output_params.SerializedSize();
375 }
376
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const377 uint8_t* BeginOperationResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
378 buf = append_uint64_to_buf(buf, end, op_handle);
379 if (message_version > 0) buf = output_params.Serialize(buf, end);
380 return buf;
381 }
382
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)383 bool BeginOperationResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
384 bool retval = copy_uint64_from_buf(buf_ptr, end, &op_handle);
385 if (retval && message_version > 0) retval = output_params.Deserialize(buf_ptr, end);
386 return retval;
387 }
388
SerializedSize() const389 size_t UpdateOperationRequest::SerializedSize() const {
390 if (message_version == 0)
391 return sizeof(op_handle) + input.SerializedSize();
392 else
393 return sizeof(op_handle) + input.SerializedSize() + additional_params.SerializedSize();
394 }
395
Serialize(uint8_t * buf,const uint8_t * end) const396 uint8_t* UpdateOperationRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
397 buf = append_uint64_to_buf(buf, end, op_handle);
398 buf = input.Serialize(buf, end);
399 if (message_version > 0) buf = additional_params.Serialize(buf, end);
400 return buf;
401 }
402
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)403 bool UpdateOperationRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
404 bool retval = copy_uint64_from_buf(buf_ptr, end, &op_handle) && input.Deserialize(buf_ptr, end);
405 if (retval && message_version > 0) retval = additional_params.Deserialize(buf_ptr, end);
406 return retval;
407 }
408
NonErrorSerializedSize() const409 size_t UpdateOperationResponse::NonErrorSerializedSize() const {
410 size_t size = 0;
411 switch (message_version) {
412 case 4:
413 case 3:
414 case 2:
415 size += output_params.SerializedSize();
416 FALLTHROUGH;
417 case 1:
418 size += sizeof(uint32_t);
419 FALLTHROUGH;
420 case 0:
421 size += output.SerializedSize();
422 break;
423
424 default:
425 assert(false);
426 }
427
428 return size;
429 }
430
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const431 uint8_t* UpdateOperationResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
432 buf = output.Serialize(buf, end);
433 if (message_version > 0) buf = append_uint32_to_buf(buf, end, input_consumed);
434 if (message_version > 1) buf = output_params.Serialize(buf, end);
435 return buf;
436 }
437
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)438 bool UpdateOperationResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
439 bool retval = output.Deserialize(buf_ptr, end);
440 if (retval && message_version > 0) retval = copy_uint32_from_buf(buf_ptr, end, &input_consumed);
441 if (retval && message_version > 1) retval = output_params.Deserialize(buf_ptr, end);
442 return retval;
443 }
444
SerializedSize() const445 size_t FinishOperationRequest::SerializedSize() const {
446 size_t size = 0;
447 switch (message_version) {
448 case 4:
449 case 3:
450 size += input.SerializedSize();
451 FALLTHROUGH;
452 case 2:
453 case 1:
454 size += additional_params.SerializedSize();
455 FALLTHROUGH;
456 case 0:
457 size += sizeof(op_handle) + signature.SerializedSize();
458 break;
459
460 default:
461 assert(false); // Should never get here.
462 }
463
464 return size;
465 }
466
Serialize(uint8_t * buf,const uint8_t * end) const467 uint8_t* FinishOperationRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
468 buf = append_uint64_to_buf(buf, end, op_handle);
469 buf = signature.Serialize(buf, end);
470 if (message_version > 0) buf = additional_params.Serialize(buf, end);
471 if (message_version > 2) buf = input.Serialize(buf, end);
472 return buf;
473 }
474
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)475 bool FinishOperationRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
476 bool retval =
477 copy_uint64_from_buf(buf_ptr, end, &op_handle) && signature.Deserialize(buf_ptr, end);
478 if (retval && message_version > 0) retval = additional_params.Deserialize(buf_ptr, end);
479 if (retval && message_version > 2) retval = input.Deserialize(buf_ptr, end);
480 return retval;
481 }
482
NonErrorSerializedSize() const483 size_t FinishOperationResponse::NonErrorSerializedSize() const {
484 if (message_version < 2)
485 return output.SerializedSize();
486 else
487 return output.SerializedSize() + output_params.SerializedSize();
488 }
489
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const490 uint8_t* FinishOperationResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
491 buf = output.Serialize(buf, end);
492 if (message_version > 1) buf = output_params.Serialize(buf, end);
493 return buf;
494 }
495
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)496 bool FinishOperationResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
497 bool retval = output.Deserialize(buf_ptr, end);
498 if (retval && message_version > 1) retval = output_params.Deserialize(buf_ptr, end);
499 return retval;
500 }
501
SerializedSize() const502 size_t AddEntropyRequest::SerializedSize() const {
503 return random_data.SerializedSize();
504 }
505
Serialize(uint8_t * buf,const uint8_t * end) const506 uint8_t* AddEntropyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
507 return random_data.Serialize(buf, end);
508 }
509
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)510 bool AddEntropyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
511 return random_data.Deserialize(buf_ptr, end);
512 }
513
SerializedSize() const514 size_t ImportKeyRequest::SerializedSize() const {
515 size_t size = key_description.SerializedSize() //
516 + sizeof(uint32_t) /* key_format */ //
517 + key_blob_size(key_data);
518 if (message_version < 4) return size;
519 return size //
520 + key_blob_size(attestation_signing_key_blob) //
521 + attest_key_params.SerializedSize() //
522 + blob_size(issuer_subject);
523 }
524
Serialize(uint8_t * buf,const uint8_t * end) const525 uint8_t* ImportKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
526 buf = key_description.Serialize(buf, end);
527 buf = append_uint32_to_buf(buf, end, key_format);
528 buf = serialize_key_blob(key_data, buf, end);
529 if (message_version < 4) return buf;
530 buf = serialize_key_blob(attestation_signing_key_blob, buf, end);
531 buf = attest_key_params.Serialize(buf, end);
532 return serialize_blob(issuer_subject, buf, end);
533 }
534
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)535 bool ImportKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
536 if (!(key_description.Deserialize(buf_ptr, end) &&
537 copy_uint32_from_buf(buf_ptr, end, &key_format) &&
538 deserialize_key_blob(&key_data, buf_ptr, end))) {
539 return false;
540 }
541 if (message_version < 4) return true;
542
543 return deserialize_key_blob(&attestation_signing_key_blob, buf_ptr, end) //
544 && attest_key_params.Deserialize(buf_ptr, end) //
545 && deserialize_blob(&issuer_subject, buf_ptr, end);
546 }
547
SetKeyMaterial(const void * key_material,size_t length)548 void ImportKeyResponse::SetKeyMaterial(const void* key_material, size_t length) {
549 set_key_blob(&key_blob, key_material, length);
550 }
551
NonErrorSerializedSize() const552 size_t ImportKeyResponse::NonErrorSerializedSize() const {
553 size_t result =
554 key_blob_size(key_blob) + enforced.SerializedSize() + unenforced.SerializedSize();
555 if (message_version < 4) return result;
556 return result + chain_size(certificate_chain);
557 }
558
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const559 uint8_t* ImportKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
560 buf = serialize_key_blob(key_blob, buf, end);
561 buf = enforced.Serialize(buf, end);
562 buf = unenforced.Serialize(buf, end);
563 if (message_version < 4) return buf;
564 return serialize_chain(certificate_chain, buf, end);
565 }
566
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)567 bool ImportKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
568 if (!deserialize_key_blob(&key_blob, buf_ptr, end) || //
569 !enforced.Deserialize(buf_ptr, end) || //
570 !unenforced.Deserialize(buf_ptr, end)) {
571 return false;
572 }
573 if (message_version < 4) return true;
574 certificate_chain = deserialize_chain(buf_ptr, end);
575 return !!certificate_chain.entries;
576 }
577
SetKeyMaterial(const void * key_material,size_t length)578 void ExportKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
579 set_key_blob(&key_blob, key_material, length);
580 }
581
SerializedSize() const582 size_t ExportKeyRequest::SerializedSize() const {
583 return additional_params.SerializedSize() + sizeof(uint32_t) /* key_format */ +
584 key_blob_size(key_blob);
585 }
586
Serialize(uint8_t * buf,const uint8_t * end) const587 uint8_t* ExportKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
588 buf = additional_params.Serialize(buf, end);
589 buf = append_uint32_to_buf(buf, end, key_format);
590 return serialize_key_blob(key_blob, buf, end);
591 }
592
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)593 bool ExportKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
594 return additional_params.Deserialize(buf_ptr, end) &&
595 copy_uint32_from_buf(buf_ptr, end, &key_format) &&
596 deserialize_key_blob(&key_blob, buf_ptr, end);
597 }
598
SetKeyMaterial(const void * key_material,size_t length)599 void ExportKeyResponse::SetKeyMaterial(const void* key_material, size_t length) {
600 delete[] key_data;
601 key_data = dup_buffer(key_material, length);
602 key_data_length = length;
603 }
604
NonErrorSerializedSize() const605 size_t ExportKeyResponse::NonErrorSerializedSize() const {
606 return sizeof(uint32_t) /* key_data_length */ + key_data_length;
607 }
608
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const609 uint8_t* ExportKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
610 return append_size_and_data_to_buf(buf, end, key_data, key_data_length);
611 }
612
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)613 bool ExportKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
614 delete[] key_data;
615 key_data = nullptr;
616 UniquePtr<uint8_t[]> deserialized_key_material;
617 if (!copy_size_and_data_from_buf(buf_ptr, end, &key_data_length, &deserialized_key_material))
618 return false;
619 key_data = deserialized_key_material.release();
620 return true;
621 }
622
SetKeyMaterial(const void * key_material,size_t length)623 void DeleteKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
624 set_key_blob(&key_blob, key_material, length);
625 }
626
SerializedSize() const627 size_t DeleteKeyRequest::SerializedSize() const {
628 return key_blob_size(key_blob);
629 }
630
Serialize(uint8_t * buf,const uint8_t * end) const631 uint8_t* DeleteKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
632 return serialize_key_blob(key_blob, buf, end);
633 }
634
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)635 bool DeleteKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
636 return deserialize_key_blob(&key_blob, buf_ptr, end);
637 }
638
NonErrorSerializedSize() const639 size_t GetVersionResponse::NonErrorSerializedSize() const {
640 return sizeof(major_ver) + sizeof(minor_ver) + sizeof(subminor_ver);
641 }
642
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const643 uint8_t* GetVersionResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
644 if (buf + NonErrorSerializedSize() <= end) {
645 *buf++ = major_ver;
646 *buf++ = minor_ver;
647 *buf++ = subminor_ver;
648 } else {
649 buf += NonErrorSerializedSize();
650 }
651 return buf;
652 }
653
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)654 bool GetVersionResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
655 if (*buf_ptr + NonErrorSerializedSize() > end) return false;
656 const uint8_t* tmp = *buf_ptr;
657 major_ver = *tmp++;
658 minor_ver = *tmp++;
659 subminor_ver = *tmp++;
660 *buf_ptr = tmp;
661 return true;
662 }
663
~AttestKeyRequest()664 AttestKeyRequest::~AttestKeyRequest() {
665 delete[] key_blob.key_material;
666 }
667
SetKeyMaterial(const void * key_material,size_t length)668 void AttestKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
669 set_key_blob(&key_blob, key_material, length);
670 }
671
SerializedSize() const672 size_t AttestKeyRequest::SerializedSize() const {
673 return key_blob_size(key_blob) + attest_params.SerializedSize();
674 }
675
Serialize(uint8_t * buf,const uint8_t * end) const676 uint8_t* AttestKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
677 buf = serialize_key_blob(key_blob, buf, end);
678 return attest_params.Serialize(buf, end);
679 }
680
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)681 bool AttestKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
682 return deserialize_key_blob(&key_blob, buf_ptr, end) && attest_params.Deserialize(buf_ptr, end);
683 }
684
NonErrorSerializedSize() const685 size_t AttestKeyResponse::NonErrorSerializedSize() const {
686 return chain_size(certificate_chain);
687 }
688
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const689 uint8_t* AttestKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
690 return serialize_chain(certificate_chain, buf, end);
691 }
692
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)693 bool AttestKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
694 certificate_chain = deserialize_chain(buf_ptr, end);
695 return !!certificate_chain.entries;
696 }
697
~UpgradeKeyRequest()698 UpgradeKeyRequest::~UpgradeKeyRequest() {
699 delete[] key_blob.key_material;
700 }
701
SetKeyMaterial(const void * key_material,size_t length)702 void UpgradeKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
703 set_key_blob(&key_blob, key_material, length);
704 }
705
SerializedSize() const706 size_t UpgradeKeyRequest::SerializedSize() const {
707 return key_blob_size(key_blob) + upgrade_params.SerializedSize();
708 }
709
Serialize(uint8_t * buf,const uint8_t * end) const710 uint8_t* UpgradeKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
711 buf = serialize_key_blob(key_blob, buf, end);
712 return upgrade_params.Serialize(buf, end);
713 }
714
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)715 bool UpgradeKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
716 return deserialize_key_blob(&key_blob, buf_ptr, end) &&
717 upgrade_params.Deserialize(buf_ptr, end);
718 }
719
~UpgradeKeyResponse()720 UpgradeKeyResponse::~UpgradeKeyResponse() {
721 delete[] upgraded_key.key_material;
722 }
723
NonErrorSerializedSize() const724 size_t UpgradeKeyResponse::NonErrorSerializedSize() const {
725 return key_blob_size(upgraded_key);
726 }
727
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const728 uint8_t* UpgradeKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
729 return serialize_key_blob(upgraded_key, buf, end);
730 }
731
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)732 bool UpgradeKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
733 return deserialize_key_blob(&upgraded_key, buf_ptr, end);
734 }
735
SerializedSize() const736 size_t HmacSharingParameters::SerializedSize() const {
737 return blob_size(seed) + sizeof(nonce);
738 }
739
Serialize(uint8_t * buf,const uint8_t * end) const740 uint8_t* HmacSharingParameters::Serialize(uint8_t* buf, const uint8_t* end) const {
741 buf = serialize_blob(seed, buf, end);
742 return append_to_buf(buf, end, nonce, sizeof(nonce));
743 }
744
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)745 bool HmacSharingParameters::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
746 return deserialize_blob(&seed, buf_ptr, end) &&
747 copy_from_buf(buf_ptr, end, nonce, sizeof(nonce));
748 }
749
SerializedSize() const750 size_t HmacSharingParametersArray::SerializedSize() const {
751 size_t size = sizeof(uint32_t); // num_params size
752 for (size_t i = 0; i < num_params; ++i) {
753 size += params_array[i].SerializedSize();
754 }
755 return size;
756 }
757
Serialize(uint8_t * buf,const uint8_t * end) const758 uint8_t* HmacSharingParametersArray::Serialize(uint8_t* buf, const uint8_t* end) const {
759 buf = append_uint32_to_buf(buf, end, num_params);
760 for (size_t i = 0; i < num_params; ++i) {
761 buf = params_array[i].Serialize(buf, end);
762 }
763 return buf;
764 }
765
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)766 bool HmacSharingParametersArray::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
767 if (!copy_uint32_from_buf(buf_ptr, end, &num_params)) return false;
768 params_array = new (std::nothrow) HmacSharingParameters[num_params];
769 if (!params_array) return false;
770 for (size_t i = 0; i < num_params; ++i) {
771 if (!params_array[i].Deserialize(buf_ptr, end)) return false;
772 }
773 return true;
774 }
775
NonErrorSerializedSize() const776 size_t ComputeSharedHmacResponse::NonErrorSerializedSize() const {
777 return blob_size(sharing_check);
778 }
779
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const780 uint8_t* ComputeSharedHmacResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
781 return serialize_blob(sharing_check, buf, end);
782 }
783
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)784 bool ComputeSharedHmacResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
785 return deserialize_blob(&sharing_check, buf_ptr, end);
786 }
787
SerializedSize() const788 size_t ImportWrappedKeyRequest::SerializedSize() const {
789 return key_blob_size(wrapped_key) + key_blob_size(wrapping_key) + key_blob_size(masking_key) +
790 additional_params.SerializedSize() + sizeof(uint64_t) // password_sid
791 + sizeof(uint64_t); // biometric_sid
792 }
793
Serialize(uint8_t * buf,const uint8_t * end) const794 uint8_t* ImportWrappedKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
795 buf = serialize_key_blob(wrapped_key, buf, end);
796 buf = serialize_key_blob(wrapping_key, buf, end);
797 buf = serialize_key_blob(masking_key, buf, end);
798 buf = additional_params.Serialize(buf, end);
799 buf = append_uint64_to_buf(buf, end, password_sid);
800 return append_uint64_to_buf(buf, end, biometric_sid);
801 }
802
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)803 bool ImportWrappedKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
804 return deserialize_key_blob(&wrapped_key, buf_ptr, end) &&
805 deserialize_key_blob(&wrapping_key, buf_ptr, end) &&
806 deserialize_key_blob(&masking_key, buf_ptr, end) &&
807 additional_params.Deserialize(buf_ptr, end) &&
808 copy_uint64_from_buf(buf_ptr, end, &password_sid) &&
809 copy_uint64_from_buf(buf_ptr, end, &biometric_sid);
810 }
811
SetWrappedMaterial(const void * key_material,size_t length)812 void ImportWrappedKeyRequest::SetWrappedMaterial(const void* key_material, size_t length) {
813 set_key_blob(&wrapped_key, key_material, length);
814 }
815
SetWrappingMaterial(const void * key_material,size_t length)816 void ImportWrappedKeyRequest::SetWrappingMaterial(const void* key_material, size_t length) {
817 set_key_blob(&wrapping_key, key_material, length);
818 }
819
SetMaskingKeyMaterial(const void * key_material,size_t length)820 void ImportWrappedKeyRequest::SetMaskingKeyMaterial(const void* key_material, size_t length) {
821 set_key_blob(&masking_key, key_material, length);
822 }
823
SetKeyMaterial(const void * key_material,size_t length)824 void ImportWrappedKeyResponse::SetKeyMaterial(const void* key_material, size_t length) {
825 set_key_blob(&key_blob, key_material, length);
826 }
827
NonErrorSerializedSize() const828 size_t ImportWrappedKeyResponse::NonErrorSerializedSize() const {
829 size_t result =
830 key_blob_size(key_blob) + enforced.SerializedSize() + unenforced.SerializedSize();
831 if (message_version < 4) return result;
832 return result + chain_size(certificate_chain);
833 }
834
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const835 uint8_t* ImportWrappedKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
836 buf = serialize_key_blob(key_blob, buf, end);
837 buf = enforced.Serialize(buf, end);
838 buf = unenforced.Serialize(buf, end);
839 if (message_version < 4) return buf;
840 return serialize_chain(certificate_chain, buf, end);
841 }
842
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)843 bool ImportWrappedKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
844 if (!deserialize_key_blob(&key_blob, buf_ptr, end) || //
845 !enforced.Deserialize(buf_ptr, end) || //
846 !unenforced.Deserialize(buf_ptr, end)) {
847 return false;
848 }
849 if (message_version < 4) return true;
850 certificate_chain = deserialize_chain(buf_ptr, end);
851 return !!certificate_chain.entries;
852 }
853
SerializedSize() const854 size_t HardwareAuthToken::SerializedSize() const {
855 return sizeof(challenge) + sizeof(user_id) + sizeof(authenticator_id) +
856 sizeof(authenticator_type) + sizeof(timestamp) + blob_size(mac);
857 }
858
Serialize(uint8_t * buf,const uint8_t * end) const859 uint8_t* HardwareAuthToken::Serialize(uint8_t* buf, const uint8_t* end) const {
860 buf = append_uint64_to_buf(buf, end, challenge);
861 buf = append_uint64_to_buf(buf, end, user_id);
862 buf = append_uint64_to_buf(buf, end, authenticator_id);
863 buf = append_uint32_to_buf(buf, end, authenticator_type);
864 buf = append_uint64_to_buf(buf, end, timestamp);
865 return serialize_blob(mac, buf, end);
866 }
867
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)868 bool HardwareAuthToken::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
869 return copy_uint64_from_buf(buf_ptr, end, &challenge) &&
870 copy_uint64_from_buf(buf_ptr, end, &user_id) &&
871 copy_uint64_from_buf(buf_ptr, end, &authenticator_id) &&
872 copy_uint32_from_buf(buf_ptr, end, &authenticator_type) &&
873 copy_uint64_from_buf(buf_ptr, end, ×tamp) && //
874 deserialize_blob(&mac, buf_ptr, end);
875 }
876
SerializedSize() const877 size_t VerificationToken::SerializedSize() const {
878 return sizeof(challenge) + sizeof(timestamp) + parameters_verified.SerializedSize() +
879 sizeof(security_level) + blob_size(mac);
880 }
881
Serialize(uint8_t * buf,const uint8_t * end) const882 uint8_t* VerificationToken::Serialize(uint8_t* buf, const uint8_t* end) const {
883 buf = append_uint64_to_buf(buf, end, challenge);
884 buf = append_uint64_to_buf(buf, end, timestamp);
885 buf = parameters_verified.Serialize(buf, end);
886 buf = append_uint32_to_buf(buf, end, security_level);
887 return serialize_blob(mac, buf, end);
888 }
889
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)890 bool VerificationToken::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
891 return copy_uint64_from_buf(buf_ptr, end, &challenge) &&
892 copy_uint64_from_buf(buf_ptr, end, ×tamp) &&
893 parameters_verified.Deserialize(buf_ptr, end) &&
894 copy_uint32_from_buf(buf_ptr, end, &security_level) &&
895 deserialize_blob(&mac, buf_ptr, end);
896 }
897
NonErrorSerializedSize() const898 size_t GetVersion2Response::NonErrorSerializedSize() const {
899 return sizeof(max_message_version) + //
900 sizeof(km_version) + //
901 sizeof(km_date);
902 }
903
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const904 uint8_t* GetVersion2Response::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
905 buf = append_uint32_to_buf(buf, end, max_message_version);
906 buf = append_uint32_to_buf(buf, end, km_version);
907 return append_uint32_to_buf(buf, end, km_date);
908 }
909
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)910 bool GetVersion2Response::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
911 return copy_uint32_from_buf(buf_ptr, end, &max_message_version) &&
912 copy_uint32_from_buf(buf_ptr, end, &km_version) &&
913 copy_uint32_from_buf(buf_ptr, end, &km_date);
914 }
915
916 } // namespace keymaster
917