1 /*
2 * Copyright 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #ifndef TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_MESSAGES_H_
18 #define TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_MESSAGES_H_
19
20 #include <keymaster/android_keymaster_messages.h>
21
22 namespace keymaster {
23
copy_keymaster_algorithm_from_buf(const uint8_t ** buf_ptr,const uint8_t * end,keymaster_algorithm_t * state)24 static inline bool copy_keymaster_algorithm_from_buf(
25 const uint8_t** buf_ptr,
26 const uint8_t* end,
27 keymaster_algorithm_t* state) {
28 uint32_t val;
29 if (copy_uint32_from_buf(buf_ptr, end, &val)) {
30 switch (val) {
31 case KM_ALGORITHM_RSA:
32 case KM_ALGORITHM_EC:
33 case KM_ALGORITHM_AES:
34 case KM_ALGORITHM_TRIPLE_DES:
35 case KM_ALGORITHM_HMAC:
36 *state = static_cast<keymaster_algorithm_t>(val);
37 return true;
38 default:
39 return false;
40 }
41 }
42
43 return false;
44 }
45
copy_keymaster_verified_boot_from_buf(const uint8_t ** buf_ptr,const uint8_t * end,keymaster_verified_boot_t * state)46 static inline bool copy_keymaster_verified_boot_from_buf(
47 const uint8_t** buf_ptr,
48 const uint8_t* end,
49 keymaster_verified_boot_t* state) {
50 uint32_t val;
51 if (copy_uint32_from_buf(buf_ptr, end, &val)) {
52 switch (val) {
53 case KM_VERIFIED_BOOT_VERIFIED:
54 case KM_VERIFIED_BOOT_SELF_SIGNED:
55 case KM_VERIFIED_BOOT_UNVERIFIED:
56 case KM_VERIFIED_BOOT_FAILED:
57 *state = static_cast<keymaster_verified_boot_t>(val);
58 return true;
59 default:
60 return false;
61 }
62 }
63
64 return false;
65 }
66
67 /**
68 * Generic struct for Keymaster requests which hold a single raw buffer.
69 */
70 struct RawBufferRequest : public KeymasterMessage {
RawBufferRequestRawBufferRequest71 explicit RawBufferRequest(int32_t ver) : KeymasterMessage(ver) {}
72
SerializedSizeRawBufferRequest73 size_t SerializedSize() const override { return data.SerializedSize(); }
SerializeRawBufferRequest74 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
75 return data.Serialize(buf, end);
76 }
DeserializeRawBufferRequest77 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
78 return data.Deserialize(buf_ptr, end);
79 }
80
81 Buffer data;
82 };
83
84 /**
85 * Generic struct for Keymaster responses which hold a single raw buffer.
86 */
87 struct RawBufferResponse : public KeymasterResponse {
RawBufferResponseRawBufferResponse88 explicit RawBufferResponse(int32_t ver) : KeymasterResponse(ver) {}
89
NonErrorSerializedSizeRawBufferResponse90 size_t NonErrorSerializedSize() const override {
91 return data.SerializedSize();
92 }
NonErrorSerializeRawBufferResponse93 uint8_t* NonErrorSerialize(uint8_t* buf,
94 const uint8_t* end) const override {
95 return data.Serialize(buf, end);
96 }
NonErrorDeserializeRawBufferResponse97 bool NonErrorDeserialize(const uint8_t** buf_ptr,
98 const uint8_t* end) override {
99 return data.Deserialize(buf_ptr, end);
100 }
101
102 Buffer data;
103 };
104
105 struct SetBootParamsRequest : public KeymasterMessage {
SetBootParamsRequestSetBootParamsRequest106 explicit SetBootParamsRequest(int32_t ver) : KeymasterMessage(ver) {}
107
SerializedSizeSetBootParamsRequest108 size_t SerializedSize() const override {
109 return (sizeof(os_version) + sizeof(os_patchlevel) +
110 sizeof(device_locked) + sizeof(verified_boot_state) +
111 verified_boot_key.SerializedSize() +
112 verified_boot_hash.SerializedSize());
113 }
SerializeSetBootParamsRequest114 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
115 buf = append_uint32_to_buf(buf, end, os_version);
116 buf = append_uint32_to_buf(buf, end, os_patchlevel);
117 buf = append_uint32_to_buf(buf, end, device_locked);
118 buf = append_uint32_to_buf(buf, end, verified_boot_state);
119 buf = verified_boot_key.Serialize(buf, end);
120 return verified_boot_hash.Serialize(buf, end);
121 }
DeserializeSetBootParamsRequest122 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
123 return copy_uint32_from_buf(buf_ptr, end, &os_version) &&
124 copy_uint32_from_buf(buf_ptr, end, &os_patchlevel) &&
125 copy_uint32_from_buf(buf_ptr, end, &device_locked) &&
126 copy_keymaster_verified_boot_from_buf(buf_ptr, end,
127 &verified_boot_state) &&
128 verified_boot_key.Deserialize(buf_ptr, end) &&
129 verified_boot_hash.Deserialize(buf_ptr, end);
130 }
131
132 uint32_t os_version;
133 uint32_t os_patchlevel;
134 uint32_t device_locked;
135 keymaster_verified_boot_t verified_boot_state;
136 Buffer verified_boot_key;
137 Buffer verified_boot_hash;
138 };
139
140 using SetBootParamsResponse = EmptyKeymasterResponse;
141 struct SetAttestationKeyRequest : public KeymasterMessage {
SetAttestationKeyRequestSetAttestationKeyRequest142 explicit SetAttestationKeyRequest(int32_t ver) : KeymasterMessage(ver) {}
143
SerializedSizeSetAttestationKeyRequest144 size_t SerializedSize() const override {
145 return sizeof(uint32_t) + key_data.SerializedSize();
146 }
SerializeSetAttestationKeyRequest147 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
148 buf = append_uint32_to_buf(buf, end, algorithm);
149 return key_data.Serialize(buf, end);
150 }
DeserializeSetAttestationKeyRequest151 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
152 return copy_keymaster_algorithm_from_buf(buf_ptr, end, &algorithm) &&
153 key_data.Deserialize(buf_ptr, end);
154 }
155
156 keymaster_algorithm_t algorithm;
157 Buffer key_data;
158 };
159
160 using SetAttestationKeyResponse = EmptyKeymasterResponse;
161
162 struct ClearAttestationCertChainRequest : public KeymasterMessage {
ClearAttestationCertChainRequestClearAttestationCertChainRequest163 explicit ClearAttestationCertChainRequest(int32_t ver)
164 : KeymasterMessage(ver) {}
165
SerializedSizeClearAttestationCertChainRequest166 size_t SerializedSize() const override { return sizeof(uint32_t); }
SerializeClearAttestationCertChainRequest167 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
168 return append_uint32_to_buf(buf, end, algorithm);
169 }
DeserializeClearAttestationCertChainRequest170 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
171 return copy_keymaster_algorithm_from_buf(buf_ptr, end, &algorithm);
172 }
173
174 keymaster_algorithm_t algorithm;
175 };
176 using ClearAttestationCertChainResponse = EmptyKeymasterResponse;
177
178 struct AppendAttestationCertChainRequest : public KeymasterMessage {
AppendAttestationCertChainRequestAppendAttestationCertChainRequest179 explicit AppendAttestationCertChainRequest(int32_t ver)
180 : KeymasterMessage(ver) {}
181
SerializedSizeAppendAttestationCertChainRequest182 size_t SerializedSize() const override {
183 return sizeof(uint32_t) + cert_data.SerializedSize();
184 }
SerializeAppendAttestationCertChainRequest185 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
186 buf = append_uint32_to_buf(buf, end, algorithm);
187 return cert_data.Serialize(buf, end);
188 }
DeserializeAppendAttestationCertChainRequest189 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
190 return copy_keymaster_algorithm_from_buf(buf_ptr, end, &algorithm) &&
191 cert_data.Deserialize(buf_ptr, end);
192 }
193
194 keymaster_algorithm_t algorithm;
195 Buffer cert_data;
196 };
197 using AppendAttestationCertChainResponse = EmptyKeymasterResponse;
198
199 /**
200 * For Android Things Attestation Provisioning (ATAP), the GetCaRequest message
201 * in the protocol are raw opaque messages for the purposes of this IPC call.
202 * Since the SetCaResponse message will be very large (> 10k), SetCaResponse is
203 * split into *Begin, *Update, and *Finish operations.
204 */
205 using AtapGetCaRequestRequest = RawBufferRequest;
206 using AtapGetCaRequestResponse = RawBufferResponse;
207
208 struct AtapSetCaResponseBeginRequest : public KeymasterMessage {
AtapSetCaResponseBeginRequestAtapSetCaResponseBeginRequest209 explicit AtapSetCaResponseBeginRequest(int32_t ver)
210 : KeymasterMessage(ver) {}
211
SerializedSizeAtapSetCaResponseBeginRequest212 size_t SerializedSize() const override { return sizeof(uint32_t); }
SerializeAtapSetCaResponseBeginRequest213 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
214 return append_uint32_to_buf(buf, end, ca_response_size);
215 }
DeserializeAtapSetCaResponseBeginRequest216 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
217 return copy_uint32_from_buf(buf_ptr, end, &ca_response_size);
218 }
219
220 uint32_t ca_response_size;
221 };
222 using AtapSetCaResponseBeginResponse = EmptyKeymasterResponse;
223
224 using AtapSetCaResponseUpdateRequest = RawBufferRequest;
225 using AtapSetCaResponseUpdateResponse = EmptyKeymasterResponse;
226
227 using AtapSetCaResponseFinishRequest = EmptyKeymasterRequest;
228 using AtapSetCaResponseFinishResponse = EmptyKeymasterResponse;
229
230 using AtapSetProductIdRequest = RawBufferRequest;
231 using AtapSetProductIdResponse = EmptyKeymasterResponse;
232
233 using AtapReadUuidRequest = EmptyKeymasterRequest;
234 using AtapReadUuidResponse = RawBufferResponse;
235
236 } // namespace keymaster
237
238 #endif // TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_MESSAGES_H_
239