1 /*
2  * Copyright 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
18 #define SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
19 
20 #include <assert.h>
21 #include <stdint.h>
22 #include <stdlib.h>
23 #include <string.h>
24 
25 #include <keymaster/android_keymaster_utils.h>
26 #include <keymaster/authorization_set.h>
27 
28 namespace keymaster {
29 
30 // Commands
31 enum AndroidKeymasterCommand : uint32_t {
32     GENERATE_KEY = 0,
33     BEGIN_OPERATION = 1,
34     UPDATE_OPERATION = 2,
35     FINISH_OPERATION = 3,
36     ABORT_OPERATION = 4,
37     IMPORT_KEY = 5,
38     EXPORT_KEY = 6,
39     GET_VERSION = 7,
40     ADD_RNG_ENTROPY = 8,
41     GET_SUPPORTED_ALGORITHMS = 9,
42     GET_SUPPORTED_BLOCK_MODES = 10,
43     GET_SUPPORTED_PADDING_MODES = 11,
44     GET_SUPPORTED_DIGESTS = 12,
45     GET_SUPPORTED_IMPORT_FORMATS = 13,
46     GET_SUPPORTED_EXPORT_FORMATS = 14,
47     GET_KEY_CHARACTERISTICS = 15,
48     ATTEST_KEY = 16,
49     UPGRADE_KEY = 17,
50     CONFIGURE = 18,
51     GET_HMAC_SHARING_PARAMETERS = 19,
52     COMPUTE_SHARED_HMAC = 20,
53     VERIFY_AUTHORIZATION = 21,
54     DELETE_KEY = 22,
55     DELETE_ALL_KEYS = 23,
56     DESTROY_ATTESTATION_IDS = 24,
57     IMPORT_WRAPPED_KEY = 25,
58     EARLY_BOOT_ENDED = 26,
59     DEVICE_LOCKED = 27,
60 };
61 
62 /**
63  * Keymaster message versions are tied to keymaster versions.  We map the keymaster
64  * major.minor.subminor version to a sequential "message version".
65  *
66  * Rather than encoding a version number into each message we rely on the client -- who initiates
67  * all requests -- to check the version of the keymaster implementation with the GET_VERSION command
68  * and to send only requests that the implementation can understand.  This means that only the
69  * client side needs to manage version compatibility; the implementation can always expect/produce
70  * messages of its format.
71  *
72  * Because message version selection is purely a client-side issue, all messages default to using
73  * the latest version (MAX_MESSAGE_VERSION).  Client code must take care to check versions and pass
74  * correct version values to message constructors.  The AndroidKeymaster implementation always uses
75  * the default, latest.
76  *
77  * Note that this approach implies that GetVersionRequest and GetVersionResponse cannot be
78  * versioned.
79  */
80 const int32_t MAX_MESSAGE_VERSION = 3;
MessageVersion(uint8_t major_ver,uint8_t minor_ver,uint8_t)81 inline int32_t MessageVersion(uint8_t major_ver, uint8_t minor_ver, uint8_t /* subminor_ver */) {
82     int32_t message_version = -1;
83     switch (major_ver) {
84     case 0:
85         // For the moment we still support version 0, though in general the plan is not to support
86         // non-matching major versions.
87         message_version = 0;
88         break;
89     case 1:
90         switch (minor_ver) {
91         case 0:
92             message_version = 1;
93             break;
94         case 1:
95             message_version = 2;
96             break;
97         }
98         break;
99     case 2:
100         message_version = 3;
101         break;
102     }
103     return message_version;
104 }
105 
106 struct KeymasterMessage : public Serializable {
KeymasterMessageKeymasterMessage107     explicit KeymasterMessage(int32_t ver) : message_version(ver) { assert(ver >= 0); }
108 
109     uint32_t message_version;
110 };
111 
112 /**
113  * All responses include an error value, and if the error is not KM_ERROR_OK, return no additional
114  * data.  This abstract class factors out the common serialization functionality for all of the
115  * responses, so we only have to implement it once.  Inheritance for reuse is generally not a great
116  * structure, but in this case it's the cleanest option.
117  */
118 struct KeymasterResponse : public KeymasterMessage {
KeymasterResponseKeymasterResponse119     explicit KeymasterResponse(int32_t ver)
120         : KeymasterMessage(ver), error(KM_ERROR_UNKNOWN_ERROR) {}
121 
122     size_t SerializedSize() const override;
123     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
124     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
125 
126     virtual size_t NonErrorSerializedSize() const = 0;
127     virtual uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const = 0;
128     virtual bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) = 0;
129 
130     keymaster_error_t error;
131 };
132 
133 struct SupportedAlgorithmsRequest : public KeymasterMessage {
134     explicit SupportedAlgorithmsRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageSupportedAlgorithmsRequest135         : KeymasterMessage(ver) {}
136 
SerializedSizeSupportedAlgorithmsRequest137     size_t SerializedSize() const override { return 0; };
SerializeSupportedAlgorithmsRequest138     uint8_t* Serialize(uint8_t* buf, const uint8_t* /* end */) const override { return buf; }
DeserializeSupportedAlgorithmsRequest139     bool Deserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override {
140         return true;
141     }
142 };
143 
144 struct SupportedByAlgorithmRequest : public KeymasterMessage {
SupportedByAlgorithmRequestSupportedByAlgorithmRequest145     explicit SupportedByAlgorithmRequest(int32_t ver) : KeymasterMessage(ver) {}
146 
SerializedSizeSupportedByAlgorithmRequest147     size_t SerializedSize() const override { return sizeof(uint32_t); };
SerializeSupportedByAlgorithmRequest148     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
149         return append_uint32_to_buf(buf, end, algorithm);
150     }
DeserializeSupportedByAlgorithmRequest151     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
152         return copy_uint32_from_buf(buf_ptr, end, &algorithm);
153     }
154 
155     keymaster_algorithm_t algorithm;
156 };
157 
158 struct SupportedImportFormatsRequest : public SupportedByAlgorithmRequest {
159     explicit SupportedImportFormatsRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmRequestSupportedImportFormatsRequest160         : SupportedByAlgorithmRequest(ver) {}
161 };
162 
163 struct SupportedExportFormatsRequest : public SupportedByAlgorithmRequest {
164     explicit SupportedExportFormatsRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmRequestSupportedExportFormatsRequest165         : SupportedByAlgorithmRequest(ver) {}
166 };
167 
168 struct SupportedByAlgorithmAndPurposeRequest : public KeymasterMessage {
169     explicit SupportedByAlgorithmAndPurposeRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageSupportedByAlgorithmAndPurposeRequest170         : KeymasterMessage(ver) {}
171 
SerializedSizeSupportedByAlgorithmAndPurposeRequest172     size_t SerializedSize() const override { return sizeof(uint32_t) * 2; };
SerializeSupportedByAlgorithmAndPurposeRequest173     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
174         buf = append_uint32_to_buf(buf, end, algorithm);
175         return append_uint32_to_buf(buf, end, purpose);
176     }
DeserializeSupportedByAlgorithmAndPurposeRequest177     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
178         return copy_uint32_from_buf(buf_ptr, end, &algorithm) &&
179                copy_uint32_from_buf(buf_ptr, end, &purpose);
180     }
181 
182     keymaster_algorithm_t algorithm;
183     keymaster_purpose_t purpose;
184 };
185 
186 struct SupportedBlockModesRequest : public SupportedByAlgorithmAndPurposeRequest {
187     explicit SupportedBlockModesRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmAndPurposeRequestSupportedBlockModesRequest188         : SupportedByAlgorithmAndPurposeRequest(ver) {}
189 };
190 
191 struct SupportedPaddingModesRequest : public SupportedByAlgorithmAndPurposeRequest {
192     explicit SupportedPaddingModesRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmAndPurposeRequestSupportedPaddingModesRequest193         : SupportedByAlgorithmAndPurposeRequest(ver) {}
194 };
195 
196 struct SupportedDigestsRequest : public SupportedByAlgorithmAndPurposeRequest {
197     explicit SupportedDigestsRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmAndPurposeRequestSupportedDigestsRequest198         : SupportedByAlgorithmAndPurposeRequest(ver) {}
199 };
200 
201 template <typename T> struct SupportedResponse : public KeymasterResponse {
SupportedResponseSupportedResponse202     explicit SupportedResponse(int32_t ver)
203         : KeymasterResponse(ver), results(nullptr), results_length(0) {}
~SupportedResponseSupportedResponse204     ~SupportedResponse() { delete[] results; }
205 
SetResultsSupportedResponse206     template <size_t N> void SetResults(const T (&arr)[N]) { SetResults(arr, N); }
207 
SetResultsSupportedResponse208     void SetResults(const T* arr, size_t n) {
209         delete[] results;
210         results_length = 0;
211         results = dup_array(arr, n);
212         if (results == nullptr) {
213             error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
214         } else {
215             results_length = n;
216             error = KM_ERROR_OK;
217         }
218     }
219 
NonErrorSerializedSizeSupportedResponse220     size_t NonErrorSerializedSize() const override {
221         return sizeof(uint32_t) + results_length * sizeof(uint32_t);
222     }
NonErrorSerializeSupportedResponse223     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override {
224         return append_uint32_array_to_buf(buf, end, results, results_length);
225     }
NonErrorDeserializeSupportedResponse226     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
227         delete[] results;
228         results = nullptr;
229         UniquePtr<T[]> tmp;
230         if (!copy_uint32_array_from_buf(buf_ptr, end, &tmp, &results_length)) return false;
231         results = tmp.release();
232         return true;
233     }
234 
235     T* results;
236     size_t results_length;
237 };
238 
239 struct SupportedAlgorithmsResponse : public SupportedResponse<keymaster_algorithm_t> {
240     explicit SupportedAlgorithmsResponse(int32_t ver = MAX_MESSAGE_VERSION)
241         : SupportedResponse<keymaster_algorithm_t>(ver) {}
242 };
243 
244 struct SupportedBlockModesResponse : public SupportedResponse<keymaster_block_mode_t> {
245     explicit SupportedBlockModesResponse(int32_t ver = MAX_MESSAGE_VERSION)
246         : SupportedResponse<keymaster_block_mode_t>(ver) {}
247 };
248 
249 struct SupportedPaddingModesResponse : public SupportedResponse<keymaster_padding_t> {
250     explicit SupportedPaddingModesResponse(int32_t ver = MAX_MESSAGE_VERSION)
251         : SupportedResponse<keymaster_padding_t>(ver) {}
252 };
253 
254 struct SupportedDigestsResponse : public SupportedResponse<keymaster_digest_t> {
255     explicit SupportedDigestsResponse(int32_t ver = MAX_MESSAGE_VERSION)
256         : SupportedResponse<keymaster_digest_t>(ver) {}
257 };
258 
259 struct SupportedImportFormatsResponse : public SupportedResponse<keymaster_key_format_t> {
260     explicit SupportedImportFormatsResponse(int32_t ver = MAX_MESSAGE_VERSION)
261         : SupportedResponse<keymaster_key_format_t>(ver) {}
262 };
263 
264 struct SupportedExportFormatsResponse : public SupportedResponse<keymaster_key_format_t> {
265     explicit SupportedExportFormatsResponse(int32_t ver = MAX_MESSAGE_VERSION)
266         : SupportedResponse<keymaster_key_format_t>(ver) {}
267 };
268 
269 struct GenerateKeyRequest : public KeymasterMessage {
KeymasterMessageGenerateKeyRequest270     explicit GenerateKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
271 
SerializedSizeGenerateKeyRequest272     size_t SerializedSize() const override { return key_description.SerializedSize(); }
SerializeGenerateKeyRequest273     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
274         return key_description.Serialize(buf, end);
275     }
DeserializeGenerateKeyRequest276     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
277         return key_description.Deserialize(buf_ptr, end);
278     }
279 
280     AuthorizationSet key_description;
281 };
282 
283 struct GenerateKeyResponse : public KeymasterResponse {
KeymasterResponseGenerateKeyResponse284     explicit GenerateKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
285         key_blob.key_material = nullptr;
286         key_blob.key_material_size = 0;
287     }
288     ~GenerateKeyResponse();
289 
290     size_t NonErrorSerializedSize() const override;
291     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
292     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
293 
294     keymaster_key_blob_t key_blob;
295     AuthorizationSet enforced;
296     AuthorizationSet unenforced;
297 };
298 
299 struct GetKeyCharacteristicsRequest : public KeymasterMessage {
300     explicit GetKeyCharacteristicsRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageGetKeyCharacteristicsRequest301         : KeymasterMessage(ver) {
302         key_blob.key_material = nullptr;
303         key_blob.key_material_size = 0;
304     }
305     ~GetKeyCharacteristicsRequest();
306 
307     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialGetKeyCharacteristicsRequest308     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
309         SetKeyMaterial(blob.key_material, blob.key_material_size);
310     }
311 
312     size_t SerializedSize() const override;
313     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
314     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
315 
316     keymaster_key_blob_t key_blob;
317     AuthorizationSet additional_params;
318 };
319 
320 struct GetKeyCharacteristicsResponse : public KeymasterResponse {
321     explicit GetKeyCharacteristicsResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseGetKeyCharacteristicsResponse322         : KeymasterResponse(ver) {}
323     size_t NonErrorSerializedSize() const override;
324     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
325     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
326 
327     AuthorizationSet enforced;
328     AuthorizationSet unenforced;
329 };
330 
331 struct BeginOperationRequest : public KeymasterMessage {
KeymasterMessageBeginOperationRequest332     explicit BeginOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
333         key_blob.key_material = nullptr;
334         key_blob.key_material_size = 0;
335     }
~BeginOperationRequestBeginOperationRequest336     ~BeginOperationRequest() { delete[] key_blob.key_material; }
337 
338     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialBeginOperationRequest339     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
340         SetKeyMaterial(blob.key_material, blob.key_material_size);
341     }
342 
343     size_t SerializedSize() const override;
344     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
345     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
346 
347     keymaster_purpose_t purpose;
348     keymaster_key_blob_t key_blob;
349     AuthorizationSet additional_params;
350 };
351 
352 struct BeginOperationResponse : public KeymasterResponse {
KeymasterResponseBeginOperationResponse353     explicit BeginOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
354 
355     size_t NonErrorSerializedSize() const override;
356     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
357     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
358 
359     keymaster_operation_handle_t op_handle;
360     AuthorizationSet output_params;
361 };
362 
363 struct UpdateOperationRequest : public KeymasterMessage {
KeymasterMessageUpdateOperationRequest364     explicit UpdateOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
365 
366     size_t SerializedSize() const override;
367     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
368     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
369 
370     keymaster_operation_handle_t op_handle;
371     Buffer input;
372     AuthorizationSet additional_params;
373 };
374 
375 struct UpdateOperationResponse : public KeymasterResponse {
376     explicit UpdateOperationResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseUpdateOperationResponse377         : KeymasterResponse(ver), input_consumed(0) {}
378 
379     size_t NonErrorSerializedSize() const override;
380     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
381     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
382 
383     Buffer output;
384     size_t input_consumed;
385     AuthorizationSet output_params;
386 };
387 
388 struct FinishOperationRequest : public KeymasterMessage {
KeymasterMessageFinishOperationRequest389     explicit FinishOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
390 
391     size_t SerializedSize() const override;
392     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
393     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
394 
395     keymaster_operation_handle_t op_handle;
396     Buffer input;
397     Buffer signature;
398     AuthorizationSet additional_params;
399 };
400 
401 struct FinishOperationResponse : public KeymasterResponse {
KeymasterResponseFinishOperationResponse402     explicit FinishOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
403 
404     size_t NonErrorSerializedSize() const override;
405     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
406     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
407 
408     Buffer output;
409     AuthorizationSet output_params;
410 };
411 
412 struct AbortOperationRequest : public KeymasterMessage {
KeymasterMessageAbortOperationRequest413     explicit AbortOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
414 
SerializedSizeAbortOperationRequest415     size_t SerializedSize() const override { return sizeof(uint64_t); }
SerializeAbortOperationRequest416     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
417         return append_uint64_to_buf(buf, end, op_handle);
418     }
DeserializeAbortOperationRequest419     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
420         return copy_uint64_from_buf(buf_ptr, end, &op_handle);
421     }
422 
423     keymaster_operation_handle_t op_handle;
424 };
425 
426 struct AbortOperationResponse : public KeymasterResponse {
KeymasterResponseAbortOperationResponse427     explicit AbortOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
428     explicit AbortOperationResponse(keymaster_error_t error_, int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseAbortOperationResponse429         : KeymasterResponse(ver) {
430         error = error_;
431     }
432 
NonErrorSerializedSizeAbortOperationResponse433     size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeAbortOperationResponse434     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
NonErrorDeserializeAbortOperationResponse435     bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
436 };
437 
438 struct AddEntropyRequest : public KeymasterMessage {
KeymasterMessageAddEntropyRequest439     explicit AddEntropyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
440 
441     size_t SerializedSize() const override;
442     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
443     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
444 
445     Buffer random_data;
446 };
447 
448 struct AddEntropyResponse : public KeymasterResponse {
KeymasterResponseAddEntropyResponse449     explicit AddEntropyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
450 
NonErrorSerializedSizeAddEntropyResponse451     size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeAddEntropyResponse452     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* /* end */) const override {
453         return buf;
454     }
NonErrorDeserializeAddEntropyResponse455     bool NonErrorDeserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override {
456         return true;
457     }
458 };
459 
460 struct ImportKeyRequest : public KeymasterMessage {
461     explicit ImportKeyRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageImportKeyRequest462         : KeymasterMessage(ver), key_data(nullptr) {}
~ImportKeyRequestImportKeyRequest463     ~ImportKeyRequest() { delete[] key_data; }
464 
465     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialImportKeyRequest466     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
467         SetKeyMaterial(blob.key_material, blob.key_material_size);
468     }
469 
470     size_t SerializedSize() const override;
471     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
472     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
473 
474     AuthorizationSet key_description;
475     keymaster_key_format_t key_format;
476     uint8_t* key_data;
477     size_t key_data_length;
478 };
479 
480 struct ImportKeyResponse : public KeymasterResponse {
KeymasterResponseImportKeyResponse481     explicit ImportKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
482         key_blob.key_material = nullptr;
483         key_blob.key_material_size = 0;
484     }
~ImportKeyResponseImportKeyResponse485     ~ImportKeyResponse() { delete[] key_blob.key_material; }
486 
487     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialImportKeyResponse488     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
489         SetKeyMaterial(blob.key_material, blob.key_material_size);
490     }
491 
492     size_t NonErrorSerializedSize() const override;
493     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
494     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
495 
496     keymaster_key_blob_t key_blob;
497     AuthorizationSet enforced;
498     AuthorizationSet unenforced;
499 };
500 
501 struct ExportKeyRequest : public KeymasterMessage {
KeymasterMessageExportKeyRequest502     explicit ExportKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
503         key_blob.key_material = nullptr;
504         key_blob.key_material_size = 0;
505     }
~ExportKeyRequestExportKeyRequest506     ~ExportKeyRequest() { delete[] key_blob.key_material; }
507 
508     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialExportKeyRequest509     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
510         SetKeyMaterial(blob.key_material, blob.key_material_size);
511     }
512 
513     size_t SerializedSize() const override;
514     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
515     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
516 
517     AuthorizationSet additional_params;
518     keymaster_key_format_t key_format;
519     keymaster_key_blob_t key_blob;
520 };
521 
522 struct ExportKeyResponse : public KeymasterResponse {
523     explicit ExportKeyResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseExportKeyResponse524         : KeymasterResponse(ver), key_data(nullptr) {}
~ExportKeyResponseExportKeyResponse525     ~ExportKeyResponse() { delete[] key_data; }
526 
527     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialExportKeyResponse528     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
529         SetKeyMaterial(blob.key_material, blob.key_material_size);
530     }
531 
532     size_t NonErrorSerializedSize() const override;
533     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
534     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
535 
536     uint8_t* key_data;
537     size_t key_data_length;
538 };
539 
540 struct DeleteKeyRequest : public KeymasterMessage {
KeymasterMessageDeleteKeyRequest541     explicit DeleteKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
542         key_blob.key_material = nullptr;
543         key_blob.key_material_size = 0;
544     }
~DeleteKeyRequestDeleteKeyRequest545     ~DeleteKeyRequest() { delete[] key_blob.key_material; }
546 
547     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialDeleteKeyRequest548     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
549         SetKeyMaterial(blob.key_material, blob.key_material_size);
550     }
551 
552     size_t SerializedSize() const override;
553     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
554     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
555 
556     keymaster_key_blob_t key_blob;
557 };
558 
559 struct DeleteKeyResponse : public KeymasterResponse {
KeymasterResponseDeleteKeyResponse560     explicit DeleteKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
561 
NonErrorSerializedSizeDeleteKeyResponse562     size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeDeleteKeyResponse563     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
NonErrorDeserializeDeleteKeyResponse564     bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
565 };
566 
567 struct DeleteAllKeysRequest : public KeymasterMessage {
KeymasterMessageDeleteAllKeysRequest568     explicit DeleteAllKeysRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
569 
SerializedSizeDeleteAllKeysRequest570     size_t SerializedSize() const override { return 0; }
SerializeDeleteAllKeysRequest571     uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; }
DeserializeDeleteAllKeysRequest572     bool Deserialize(const uint8_t**, const uint8_t*) override { return true; };
573 };
574 
575 struct DeleteAllKeysResponse : public KeymasterResponse {
KeymasterResponseDeleteAllKeysResponse576     explicit DeleteAllKeysResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
577 
NonErrorSerializedSizeDeleteAllKeysResponse578     size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeDeleteAllKeysResponse579     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
NonErrorDeserializeDeleteAllKeysResponse580     bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
581 };
582 
583 struct GetVersionRequest : public KeymasterMessage {
GetVersionRequestGetVersionRequest584     GetVersionRequest() : KeymasterMessage(0 /* not versionable */) {}
585 
SerializedSizeGetVersionRequest586     size_t SerializedSize() const override { return 0; }
SerializeGetVersionRequest587     uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; }
DeserializeGetVersionRequest588     bool Deserialize(const uint8_t**, const uint8_t*) override { return true; };
589 };
590 
591 struct GetVersionResponse : public KeymasterResponse {
GetVersionResponseGetVersionResponse592     GetVersionResponse()
593         : KeymasterResponse(0 /* not versionable */), major_ver(0), minor_ver(0), subminor_ver(0) {}
594 
595     size_t NonErrorSerializedSize() const override;
596     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
597     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
598 
599     uint8_t major_ver;
600     uint8_t minor_ver;
601     uint8_t subminor_ver;
602 };
603 
604 struct AttestKeyRequest : public KeymasterMessage {
KeymasterMessageAttestKeyRequest605     explicit AttestKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
606         key_blob.key_material = nullptr;
607         key_blob.key_material_size = 0;
608     }
609     ~AttestKeyRequest();
610 
611     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialAttestKeyRequest612     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
613         SetKeyMaterial(blob.key_material, blob.key_material_size);
614     }
615 
616     size_t SerializedSize() const override;
617     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
618     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
619 
620     keymaster_key_blob_t key_blob;
621     AuthorizationSet attest_params;
622 };
623 
624 struct AttestKeyResponse : public KeymasterResponse {
KeymasterResponseAttestKeyResponse625     explicit AttestKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
626         certificate_chain.entry_count = 0;
627         certificate_chain.entries = nullptr;
628     }
629     ~AttestKeyResponse();
630 
631     bool AllocateChain(size_t entry_count);
632 
633     size_t NonErrorSerializedSize() const override;
634     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
635     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
636 
637     keymaster_cert_chain_t certificate_chain;
638 };
639 
640 struct UpgradeKeyRequest : public KeymasterMessage {
KeymasterMessageUpgradeKeyRequest641     explicit UpgradeKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
642         key_blob = {nullptr, 0};
643     }
644     ~UpgradeKeyRequest();
645 
646     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialUpgradeKeyRequest647     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
648         SetKeyMaterial(blob.key_material, blob.key_material_size);
649     }
650 
651     size_t SerializedSize() const override;
652     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
653     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
654 
655     keymaster_key_blob_t key_blob;
656     AuthorizationSet upgrade_params;
657 };
658 
659 struct UpgradeKeyResponse : public KeymasterResponse {
KeymasterResponseUpgradeKeyResponse660     explicit UpgradeKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
661         upgraded_key = {nullptr, 0};
662     }
663     ~UpgradeKeyResponse();
664 
665     size_t NonErrorSerializedSize() const override;
666     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
667     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
668 
669     keymaster_key_blob_t upgraded_key;
670 };
671 
672 struct ConfigureRequest : public KeymasterMessage {
KeymasterMessageConfigureRequest673     explicit ConfigureRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
674 
SerializedSizeConfigureRequest675     size_t SerializedSize() const override { return sizeof(os_version) + sizeof(os_patchlevel); }
SerializeConfigureRequest676     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
677         buf = append_uint32_to_buf(buf, end, os_version);
678         return append_uint32_to_buf(buf, end, os_patchlevel);
679     }
DeserializeConfigureRequest680     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
681         return copy_uint32_from_buf(buf_ptr, end, &os_version) &&
682                copy_uint32_from_buf(buf_ptr, end, &os_patchlevel);
683     }
684 
685     uint32_t os_version;
686     uint32_t os_patchlevel;
687 };
688 
689 struct ConfigureResponse : public KeymasterResponse {
KeymasterResponseConfigureResponse690     explicit ConfigureResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
691 
NonErrorSerializedSizeConfigureResponse692     size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeConfigureResponse693     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
NonErrorDeserializeConfigureResponse694     bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
695 };
696 
697 struct HmacSharingParameters : public Serializable {
HmacSharingParametersHmacSharingParameters698     HmacSharingParameters() : seed({}) { memset(nonce, 0, sizeof(nonce)); }
HmacSharingParametersHmacSharingParameters699     HmacSharingParameters(HmacSharingParameters&& other) {
700         seed = move(other.seed);
701         memcpy(nonce, other.nonce, sizeof(nonce));
702     }
703 
SetSeedHmacSharingParameters704     void SetSeed(KeymasterBlob&& value) { seed = move(value); }
705 
706     size_t SerializedSize() const override;
707     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
708     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
709 
710     KeymasterBlob seed{};
711     uint8_t nonce[32];
712 };
713 
714 struct HmacSharingParametersArray : public Serializable {
HmacSharingParametersArrayHmacSharingParametersArray715     HmacSharingParametersArray() : params_array(nullptr), num_params(0) {}
HmacSharingParametersArrayHmacSharingParametersArray716     HmacSharingParametersArray(HmacSharingParametersArray&& other) {
717         delete[] params_array;
718         params_array = other.params_array;
719         num_params = other.num_params;
720         other.params_array = nullptr;
721         other.num_params = 0;
722     }
~HmacSharingParametersArrayHmacSharingParametersArray723     ~HmacSharingParametersArray() override { delete[] params_array; }
724 
725     size_t SerializedSize() const override;
726     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
727     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
728 
729     HmacSharingParameters* params_array;
730     size_t num_params;
731 };
732 
733 struct GetHmacSharingParametersResponse : public KeymasterResponse {
734     explicit GetHmacSharingParametersResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseGetHmacSharingParametersResponse735         : KeymasterResponse(ver) {}
GetHmacSharingParametersResponseGetHmacSharingParametersResponse736     GetHmacSharingParametersResponse(GetHmacSharingParametersResponse&& other)
737         : KeymasterResponse(other.message_version), params(move(other.params)) {}
738 
SetSeedGetHmacSharingParametersResponse739     void SetSeed(KeymasterBlob&& seed_data) { params.SetSeed(move(seed_data)); }
740 
NonErrorSerializedSizeGetHmacSharingParametersResponse741     size_t NonErrorSerializedSize() const override { return params.SerializedSize(); }
NonErrorSerializeGetHmacSharingParametersResponse742     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override {
743         return params.Serialize(buf, end);
744     }
NonErrorDeserializeGetHmacSharingParametersResponse745     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
746         return params.Deserialize(buf_ptr, end);
747     }
748 
749     HmacSharingParameters params;
750 };
751 
752 struct ComputeSharedHmacRequest : public KeymasterMessage {
KeymasterMessageComputeSharedHmacRequest753     explicit ComputeSharedHmacRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
754 
SerializedSizeComputeSharedHmacRequest755     size_t SerializedSize() const override { return params_array.SerializedSize(); }
SerializeComputeSharedHmacRequest756     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
757         return params_array.Serialize(buf, end);
758     }
DeserializeComputeSharedHmacRequest759     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
760         return params_array.Deserialize(buf_ptr, end);
761     }
762 
763     HmacSharingParametersArray params_array;
764 };
765 
766 struct ComputeSharedHmacResponse : public KeymasterResponse {
767     explicit ComputeSharedHmacResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseComputeSharedHmacResponse768         : KeymasterResponse(ver) {}
ComputeSharedHmacResponseComputeSharedHmacResponse769     ComputeSharedHmacResponse(ComputeSharedHmacResponse&& other) : KeymasterResponse(move(other)) {
770         sharing_check = move(other.sharing_check);
771     }
772 
773     size_t NonErrorSerializedSize() const override;
774     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
775     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
776 
777     KeymasterBlob sharing_check;
778 };
779 
780 struct ImportWrappedKeyRequest : public KeymasterMessage {
KeymasterMessageImportWrappedKeyRequest781     explicit ImportWrappedKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
782 
783     void SetWrappedMaterial(const void* key_material, size_t length);
784     void SetWrappingMaterial(const void* key_material, size_t length);
785     void SetMaskingKeyMaterial(const void* key_material, size_t length);
786 
SetKeyMaterialImportWrappedKeyRequest787     void SetKeyMaterial(const keymaster_key_blob_t& wrapped, const keymaster_key_blob_t& wrapping) {
788         SetWrappedMaterial(wrapped.key_material, wrapped.key_material_size);
789         SetWrappingMaterial(wrapping.key_material, wrapping.key_material_size);
790     }
791 
792     size_t SerializedSize() const override;
793     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
794     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
795 
796     KeymasterKeyBlob wrapped_key;
797     KeymasterKeyBlob wrapping_key;
798     KeymasterKeyBlob masking_key;
799     AuthorizationSet additional_params;
800     uint64_t password_sid;
801     uint64_t biometric_sid;
802 };
803 
804 struct ImportWrappedKeyResponse : public KeymasterResponse {
KeymasterResponseImportWrappedKeyResponse805     explicit ImportWrappedKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
806 
807     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialImportWrappedKeyResponse808     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
809         SetKeyMaterial(blob.key_material, blob.key_material_size);
810     }
811 
812     size_t NonErrorSerializedSize() const override;
813     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
814     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
815 
816     KeymasterKeyBlob key_blob;
817     AuthorizationSet enforced;
818     AuthorizationSet unenforced;
819 };
820 
821 struct HardwareAuthToken : public Serializable {
822     HardwareAuthToken() = default;
HardwareAuthTokenHardwareAuthToken823     HardwareAuthToken(HardwareAuthToken&& other) {
824         challenge = other.challenge;
825         user_id = other.user_id;
826         authenticator_id = other.authenticator_id;
827         authenticator_type = other.authenticator_type;
828         timestamp = other.timestamp;
829         mac = move(other.mac);
830     }
831 
832     size_t SerializedSize() const override;
833     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
834     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
835 
836     uint64_t challenge{};
837     uint64_t user_id{};
838     uint64_t authenticator_id{};
839     hw_authenticator_type_t authenticator_type{};
840     uint64_t timestamp{};
841     KeymasterBlob mac;
842 };
843 
844 struct VerificationToken : public Serializable {
845     VerificationToken() = default;
VerificationTokenVerificationToken846     VerificationToken(VerificationToken&& other) {
847         challenge = other.challenge;
848         timestamp = other.timestamp;
849         parameters_verified = move(other.parameters_verified);
850         security_level = other.security_level;
851         mac = move(other.mac);
852     }
853 
854     size_t SerializedSize() const override;
855     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
856     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
857 
858     uint64_t challenge{};
859     uint64_t timestamp{};
860     AuthorizationSet parameters_verified{};
861     keymaster_security_level_t security_level{};
862     KeymasterBlob mac{};
863 };
864 
865 struct VerifyAuthorizationRequest : public KeymasterMessage {
866     explicit VerifyAuthorizationRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageVerifyAuthorizationRequest867         : KeymasterMessage(ver) {}
868     VerifyAuthorizationRequest(VerifyAuthorizationRequest&& other) = default;
869 
SerializedSizeVerifyAuthorizationRequest870     size_t SerializedSize() const override {
871         return sizeof(challenge) + parameters_to_verify.SerializedSize() +
872                auth_token.SerializedSize();
873     }
874 
SerializeVerifyAuthorizationRequest875     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
876         buf = append_uint64_to_buf(buf, end, challenge);
877         buf = parameters_to_verify.Serialize(buf, end);
878         return auth_token.Serialize(buf, end);
879     }
880 
DeserializeVerifyAuthorizationRequest881     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
882         return (copy_uint64_from_buf(buf_ptr, end, &challenge) &&
883                 parameters_to_verify.Deserialize(buf_ptr, end) &&
884                 auth_token.Deserialize(buf_ptr, end));
885     }
886 
887     uint64_t challenge{};
888     AuthorizationSet parameters_to_verify;
889     HardwareAuthToken auth_token;
890 };
891 
892 struct VerifyAuthorizationResponse : public KeymasterResponse {
893     explicit VerifyAuthorizationResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseVerifyAuthorizationResponse894         : KeymasterResponse(ver) {}
895     VerifyAuthorizationResponse(VerifyAuthorizationResponse&& other) = default;
896 
NonErrorSerializedSizeVerifyAuthorizationResponse897     size_t NonErrorSerializedSize() const override {
898         return sizeof(error) + token.SerializedSize();
899     }
NonErrorSerializeVerifyAuthorizationResponse900     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override {
901         buf = append_uint32_to_buf(buf, end, error);
902         return token.Serialize(buf, end);
903     }
NonErrorDeserializeVerifyAuthorizationResponse904     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
905         return copy_uint32_from_buf(buf_ptr, end, &error) && token.Deserialize(buf_ptr, end);
906     }
907 
908     VerificationToken token;
909 };
910 
911 // These return nothing but an error code, like AbortOperationResponse so might as well use that.
912 using EarlyBootEndedResponse = AbortOperationResponse;
913 using DeviceLockedResponse = AbortOperationResponse;
914 
915 struct DeviceLockedRequest : public KeymasterMessage {
KeymasterMessageDeviceLockedRequest916     explicit DeviceLockedRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
917     explicit DeviceLockedRequest(bool passwordOnly_, VerificationToken&& token_,
918                                  int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageDeviceLockedRequest919         : KeymasterMessage(ver), passwordOnly(passwordOnly_), token(move(token_)) {}
920 
SerializedSizeDeviceLockedRequest921     size_t SerializedSize() const override { return 1; }
SerializeDeviceLockedRequest922     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
923         if (buf < end) *buf++ = passwordOnly ? 1 : 0;
924         return token.Serialize(buf, end);
925     }
DeserializeDeviceLockedRequest926     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
927         if (*buf_ptr >= end) return false;
928         passwordOnly = !!*(*buf_ptr)++;
929         return token.Deserialize(buf_ptr, end);
930     }
931 
932     bool passwordOnly;
933     VerificationToken token;
934 };
935 
936 }  // namespace keymaster
937 
938 #endif  // SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
939