1 /*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymaster/android_keymaster_messages.h>
18 #include <keymaster/android_keymaster_utils.h>
19
20 namespace keymaster {
21
22 /*
23 * Helper functions for working with key blobs.
24 */
25
set_key_blob(keymaster_key_blob_t * key_blob,const void * key_material,size_t length)26 static void set_key_blob(keymaster_key_blob_t* key_blob, const void* key_material, size_t length) {
27 delete[] key_blob->key_material;
28 key_blob->key_material = dup_buffer(key_material, length);
29 key_blob->key_material_size = length;
30 }
31
key_blob_size(const keymaster_key_blob_t & key_blob)32 static size_t key_blob_size(const keymaster_key_blob_t& key_blob) {
33 return sizeof(uint32_t) /* key size */ + key_blob.key_material_size;
34 }
35
serialize_key_blob(const keymaster_key_blob_t & key_blob,uint8_t * buf,const uint8_t * end)36 static uint8_t* serialize_key_blob(const keymaster_key_blob_t& key_blob, uint8_t* buf,
37 const uint8_t* end) {
38 return append_size_and_data_to_buf(buf, end, key_blob.key_material, key_blob.key_material_size);
39 }
40
deserialize_key_blob(keymaster_key_blob_t * key_blob,const uint8_t ** buf_ptr,const uint8_t * end)41 static bool deserialize_key_blob(keymaster_key_blob_t* key_blob, const uint8_t** buf_ptr,
42 const uint8_t* end) {
43 delete[] key_blob->key_material;
44 key_blob->key_material = nullptr;
45 UniquePtr<uint8_t[]> deserialized_key_material;
46 if (!copy_size_and_data_from_buf(buf_ptr, end, &key_blob->key_material_size,
47 &deserialized_key_material))
48 return false;
49 key_blob->key_material = deserialized_key_material.release();
50 return true;
51 }
52
blob_size(const keymaster_blob_t & blob)53 static size_t blob_size(const keymaster_blob_t& blob) {
54 return sizeof(uint32_t) /* data size */ + blob.data_length;
55 }
56
serialize_blob(const keymaster_blob_t & blob,uint8_t * buf,const uint8_t * end)57 static uint8_t* serialize_blob(const keymaster_blob_t& blob, uint8_t* buf, const uint8_t* end) {
58 return append_size_and_data_to_buf(buf, end, blob.data, blob.data_length);
59 }
60
deserialize_blob(keymaster_blob_t * blob,const uint8_t ** buf_ptr,const uint8_t * end)61 static bool deserialize_blob(keymaster_blob_t* blob, const uint8_t** buf_ptr, const uint8_t* end) {
62 delete[] blob->data;
63 *blob = {};
64 UniquePtr<uint8_t[]> deserialized_blob;
65 if (!copy_size_and_data_from_buf(buf_ptr, end, &blob->data_length, &deserialized_blob))
66 return false;
67 blob->data = deserialized_blob.release();
68 return true;
69 }
70
SerializedSize() const71 size_t KeymasterResponse::SerializedSize() const {
72 if (error != KM_ERROR_OK)
73 return sizeof(int32_t);
74 else
75 return sizeof(int32_t) + NonErrorSerializedSize();
76 }
77
Serialize(uint8_t * buf,const uint8_t * end) const78 uint8_t* KeymasterResponse::Serialize(uint8_t* buf, const uint8_t* end) const {
79 buf = append_uint32_to_buf(buf, end, static_cast<uint32_t>(error));
80 if (error == KM_ERROR_OK)
81 buf = NonErrorSerialize(buf, end);
82 return buf;
83 }
84
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)85 bool KeymasterResponse::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
86 if (!copy_uint32_from_buf(buf_ptr, end, &error))
87 return false;
88 if (error != KM_ERROR_OK)
89 return true;
90 return NonErrorDeserialize(buf_ptr, end);
91 }
92
~GenerateKeyResponse()93 GenerateKeyResponse::~GenerateKeyResponse() {
94 delete[] key_blob.key_material;
95 }
96
NonErrorSerializedSize() const97 size_t GenerateKeyResponse::NonErrorSerializedSize() const {
98 return key_blob_size(key_blob) + enforced.SerializedSize() + unenforced.SerializedSize();
99 }
100
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const101 uint8_t* GenerateKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
102 buf = serialize_key_blob(key_blob, buf, end);
103 buf = enforced.Serialize(buf, end);
104 return unenforced.Serialize(buf, end);
105 }
106
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)107 bool GenerateKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
108 return deserialize_key_blob(&key_blob, buf_ptr, end) && enforced.Deserialize(buf_ptr, end) &&
109 unenforced.Deserialize(buf_ptr, end);
110 }
111
~GetKeyCharacteristicsRequest()112 GetKeyCharacteristicsRequest::~GetKeyCharacteristicsRequest() {
113 delete[] key_blob.key_material;
114 }
115
SetKeyMaterial(const void * key_material,size_t length)116 void GetKeyCharacteristicsRequest::SetKeyMaterial(const void* key_material, size_t length) {
117 set_key_blob(&key_blob, key_material, length);
118 }
119
SerializedSize() const120 size_t GetKeyCharacteristicsRequest::SerializedSize() const {
121 return key_blob_size(key_blob) + additional_params.SerializedSize();
122 }
123
Serialize(uint8_t * buf,const uint8_t * end) const124 uint8_t* GetKeyCharacteristicsRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
125 buf = serialize_key_blob(key_blob, buf, end);
126 return additional_params.Serialize(buf, end);
127 }
128
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)129 bool GetKeyCharacteristicsRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
130 return deserialize_key_blob(&key_blob, buf_ptr, end) &&
131 additional_params.Deserialize(buf_ptr, end);
132 }
133
NonErrorSerializedSize() const134 size_t GetKeyCharacteristicsResponse::NonErrorSerializedSize() const {
135 return enforced.SerializedSize() + unenforced.SerializedSize();
136 }
137
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const138 uint8_t* GetKeyCharacteristicsResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
139 buf = enforced.Serialize(buf, end);
140 return unenforced.Serialize(buf, end);
141 }
142
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)143 bool GetKeyCharacteristicsResponse::NonErrorDeserialize(const uint8_t** buf_ptr,
144 const uint8_t* end) {
145 return enforced.Deserialize(buf_ptr, end) && unenforced.Deserialize(buf_ptr, end);
146 }
147
SetKeyMaterial(const void * key_material,size_t length)148 void BeginOperationRequest::SetKeyMaterial(const void* key_material, size_t length) {
149 set_key_blob(&key_blob, key_material, length);
150 }
151
SerializedSize() const152 size_t BeginOperationRequest::SerializedSize() const {
153 return sizeof(uint32_t) /* purpose */ + key_blob_size(key_blob) +
154 additional_params.SerializedSize();
155 }
156
Serialize(uint8_t * buf,const uint8_t * end) const157 uint8_t* BeginOperationRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
158 buf = append_uint32_to_buf(buf, end, purpose);
159 buf = serialize_key_blob(key_blob, buf, end);
160 return additional_params.Serialize(buf, end);
161 }
162
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)163 bool BeginOperationRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
164 return copy_uint32_from_buf(buf_ptr, end, &purpose) &&
165 deserialize_key_blob(&key_blob, buf_ptr, end) &&
166 additional_params.Deserialize(buf_ptr, end);
167 }
168
NonErrorSerializedSize() const169 size_t BeginOperationResponse::NonErrorSerializedSize() const {
170 if (message_version == 0)
171 return sizeof(op_handle);
172 else
173 return sizeof(op_handle) + output_params.SerializedSize();
174 }
175
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const176 uint8_t* BeginOperationResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
177 buf = append_uint64_to_buf(buf, end, op_handle);
178 if (message_version > 0)
179 buf = output_params.Serialize(buf, end);
180 return buf;
181 }
182
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)183 bool BeginOperationResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
184 bool retval = copy_uint64_from_buf(buf_ptr, end, &op_handle);
185 if (retval && message_version > 0)
186 retval = output_params.Deserialize(buf_ptr, end);
187 return retval;
188 }
189
SerializedSize() const190 size_t UpdateOperationRequest::SerializedSize() const {
191 if (message_version == 0)
192 return sizeof(op_handle) + input.SerializedSize();
193 else
194 return sizeof(op_handle) + input.SerializedSize() + additional_params.SerializedSize();
195 }
196
Serialize(uint8_t * buf,const uint8_t * end) const197 uint8_t* UpdateOperationRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
198 buf = append_uint64_to_buf(buf, end, op_handle);
199 buf = input.Serialize(buf, end);
200 if (message_version > 0)
201 buf = additional_params.Serialize(buf, end);
202 return buf;
203 }
204
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)205 bool UpdateOperationRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
206 bool retval = copy_uint64_from_buf(buf_ptr, end, &op_handle) && input.Deserialize(buf_ptr, end);
207 if (retval && message_version > 0)
208 retval = additional_params.Deserialize(buf_ptr, end);
209 return retval;
210 }
211
NonErrorSerializedSize() const212 size_t UpdateOperationResponse::NonErrorSerializedSize() const {
213 size_t size = 0;
214 switch (message_version) {
215 case 3:
216 case 2:
217 size += output_params.SerializedSize();
218 FALLTHROUGH;
219 case 1:
220 size += sizeof(uint32_t);
221 FALLTHROUGH;
222 case 0:
223 size += output.SerializedSize();
224 break;
225
226 default:
227 assert(false);
228 }
229
230 return size;
231 }
232
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const233 uint8_t* UpdateOperationResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
234 buf = output.Serialize(buf, end);
235 if (message_version > 0)
236 buf = append_uint32_to_buf(buf, end, input_consumed);
237 if (message_version > 1)
238 buf = output_params.Serialize(buf, end);
239 return buf;
240 }
241
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)242 bool UpdateOperationResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
243 bool retval = output.Deserialize(buf_ptr, end);
244 if (retval && message_version > 0)
245 retval = copy_uint32_from_buf(buf_ptr, end, &input_consumed);
246 if (retval && message_version > 1)
247 retval = output_params.Deserialize(buf_ptr, end);
248 return retval;
249 }
250
SerializedSize() const251 size_t FinishOperationRequest::SerializedSize() const {
252 size_t size = 0;
253 switch (message_version) {
254 case 3:
255 size += input.SerializedSize();
256 FALLTHROUGH;
257 case 2:
258 case 1:
259 size += additional_params.SerializedSize();
260 FALLTHROUGH;
261 case 0:
262 size += sizeof(op_handle) + signature.SerializedSize();
263 break;
264
265 default:
266 assert(false); // Should never get here.
267 }
268
269 return size;
270 }
271
Serialize(uint8_t * buf,const uint8_t * end) const272 uint8_t* FinishOperationRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
273 buf = append_uint64_to_buf(buf, end, op_handle);
274 buf = signature.Serialize(buf, end);
275 if (message_version > 0)
276 buf = additional_params.Serialize(buf, end);
277 if (message_version > 2)
278 buf = input.Serialize(buf, end);
279 return buf;
280 }
281
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)282 bool FinishOperationRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
283 bool retval =
284 copy_uint64_from_buf(buf_ptr, end, &op_handle) && signature.Deserialize(buf_ptr, end);
285 if (retval && message_version > 0)
286 retval = additional_params.Deserialize(buf_ptr, end);
287 if (retval && message_version > 2)
288 retval = input.Deserialize(buf_ptr, end);
289 return retval;
290 }
291
NonErrorSerializedSize() const292 size_t FinishOperationResponse::NonErrorSerializedSize() const {
293 if (message_version < 2)
294 return output.SerializedSize();
295 else
296 return output.SerializedSize() + output_params.SerializedSize();
297 }
298
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const299 uint8_t* FinishOperationResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
300 buf = output.Serialize(buf, end);
301 if (message_version > 1)
302 buf = output_params.Serialize(buf, end);
303 return buf;
304 }
305
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)306 bool FinishOperationResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
307 bool retval = output.Deserialize(buf_ptr, end);
308 if (retval && message_version > 1)
309 retval = output_params.Deserialize(buf_ptr, end);
310 return retval;
311 }
312
SerializedSize() const313 size_t AddEntropyRequest::SerializedSize() const {
314 return random_data.SerializedSize();
315 }
316
Serialize(uint8_t * buf,const uint8_t * end) const317 uint8_t* AddEntropyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
318 return random_data.Serialize(buf, end);
319 }
320
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)321 bool AddEntropyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
322 return random_data.Deserialize(buf_ptr, end);
323 }
324
SetKeyMaterial(const void * key_material,size_t length)325 void ImportKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
326 delete[] key_data;
327 key_data = dup_buffer(key_material, length);
328 key_data_length = length;
329 }
330
SerializedSize() const331 size_t ImportKeyRequest::SerializedSize() const {
332 return key_description.SerializedSize() + sizeof(uint32_t) /* key_format */ +
333 sizeof(uint32_t) /* key_data_length */ + key_data_length;
334 }
335
Serialize(uint8_t * buf,const uint8_t * end) const336 uint8_t* ImportKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
337 buf = key_description.Serialize(buf, end);
338 buf = append_uint32_to_buf(buf, end, key_format);
339 return append_size_and_data_to_buf(buf, end, key_data, key_data_length);
340 }
341
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)342 bool ImportKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
343 delete[] key_data;
344 key_data = nullptr;
345 UniquePtr<uint8_t[]> deserialized_key_material;
346 if (!key_description.Deserialize(buf_ptr, end) ||
347 !copy_uint32_from_buf(buf_ptr, end, &key_format) ||
348 !copy_size_and_data_from_buf(buf_ptr, end, &key_data_length, &deserialized_key_material))
349 return false;
350 key_data = deserialized_key_material.release();
351 return true;
352 }
353
SetKeyMaterial(const void * key_material,size_t length)354 void ImportKeyResponse::SetKeyMaterial(const void* key_material, size_t length) {
355 set_key_blob(&key_blob, key_material, length);
356 }
357
NonErrorSerializedSize() const358 size_t ImportKeyResponse::NonErrorSerializedSize() const {
359 return key_blob_size(key_blob) + enforced.SerializedSize() + unenforced.SerializedSize();
360 }
361
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const362 uint8_t* ImportKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
363 buf = serialize_key_blob(key_blob, buf, end);
364 buf = enforced.Serialize(buf, end);
365 return unenforced.Serialize(buf, end);
366 }
367
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)368 bool ImportKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
369 return deserialize_key_blob(&key_blob, buf_ptr, end) && enforced.Deserialize(buf_ptr, end) &&
370 unenforced.Deserialize(buf_ptr, end);
371 }
372
SetKeyMaterial(const void * key_material,size_t length)373 void ExportKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
374 set_key_blob(&key_blob, key_material, length);
375 }
376
SerializedSize() const377 size_t ExportKeyRequest::SerializedSize() const {
378 return additional_params.SerializedSize() + sizeof(uint32_t) /* key_format */ +
379 key_blob_size(key_blob);
380 }
381
Serialize(uint8_t * buf,const uint8_t * end) const382 uint8_t* ExportKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
383 buf = additional_params.Serialize(buf, end);
384 buf = append_uint32_to_buf(buf, end, key_format);
385 return serialize_key_blob(key_blob, buf, end);
386 }
387
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)388 bool ExportKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
389 return additional_params.Deserialize(buf_ptr, end) &&
390 copy_uint32_from_buf(buf_ptr, end, &key_format) &&
391 deserialize_key_blob(&key_blob, buf_ptr, end);
392 }
393
SetKeyMaterial(const void * key_material,size_t length)394 void ExportKeyResponse::SetKeyMaterial(const void* key_material, size_t length) {
395 delete[] key_data;
396 key_data = dup_buffer(key_material, length);
397 key_data_length = length;
398 }
399
NonErrorSerializedSize() const400 size_t ExportKeyResponse::NonErrorSerializedSize() const {
401 return sizeof(uint32_t) /* key_data_length */ + key_data_length;
402 }
403
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const404 uint8_t* ExportKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
405 return append_size_and_data_to_buf(buf, end, key_data, key_data_length);
406 }
407
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)408 bool ExportKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
409 delete[] key_data;
410 key_data = nullptr;
411 UniquePtr<uint8_t[]> deserialized_key_material;
412 if (!copy_size_and_data_from_buf(buf_ptr, end, &key_data_length, &deserialized_key_material))
413 return false;
414 key_data = deserialized_key_material.release();
415 return true;
416 }
417
SetKeyMaterial(const void * key_material,size_t length)418 void DeleteKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
419 set_key_blob(&key_blob, key_material, length);
420 }
421
SerializedSize() const422 size_t DeleteKeyRequest::SerializedSize() const {
423 return key_blob_size(key_blob);
424 }
425
Serialize(uint8_t * buf,const uint8_t * end) const426 uint8_t* DeleteKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
427 return serialize_key_blob(key_blob, buf, end);
428 }
429
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)430 bool DeleteKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
431 return deserialize_key_blob(&key_blob, buf_ptr, end);
432 }
433
NonErrorSerializedSize() const434 size_t GetVersionResponse::NonErrorSerializedSize() const {
435 return sizeof(major_ver) + sizeof(minor_ver) + sizeof(subminor_ver);
436 }
437
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const438 uint8_t* GetVersionResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
439 if (buf + NonErrorSerializedSize() <= end) {
440 *buf++ = major_ver;
441 *buf++ = minor_ver;
442 *buf++ = subminor_ver;
443 } else {
444 buf += NonErrorSerializedSize();
445 }
446 return buf;
447 }
448
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)449 bool GetVersionResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
450 if (*buf_ptr + NonErrorSerializedSize() > end)
451 return false;
452 const uint8_t* tmp = *buf_ptr;
453 major_ver = *tmp++;
454 minor_ver = *tmp++;
455 subminor_ver = *tmp++;
456 *buf_ptr = tmp;
457 return true;
458 }
459
~AttestKeyRequest()460 AttestKeyRequest::~AttestKeyRequest() {
461 delete[] key_blob.key_material;
462 }
463
SetKeyMaterial(const void * key_material,size_t length)464 void AttestKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
465 set_key_blob(&key_blob, key_material, length);
466 }
467
SerializedSize() const468 size_t AttestKeyRequest::SerializedSize() const {
469 return key_blob_size(key_blob) + attest_params.SerializedSize();
470 }
471
Serialize(uint8_t * buf,const uint8_t * end) const472 uint8_t* AttestKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
473 buf = serialize_key_blob(key_blob, buf, end);
474 return attest_params.Serialize(buf, end);
475 }
476
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)477 bool AttestKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
478 return deserialize_key_blob(&key_blob, buf_ptr, end) && attest_params.Deserialize(buf_ptr, end);
479 }
480
~AttestKeyResponse()481 AttestKeyResponse::~AttestKeyResponse() {
482 for (size_t i = 0; i < certificate_chain.entry_count; ++i)
483 delete[] certificate_chain.entries[i].data;
484 delete[] certificate_chain.entries;
485 }
486
487 const size_t kMaxChainEntryCount = 10;
AllocateChain(size_t entry_count)488 bool AttestKeyResponse::AllocateChain(size_t entry_count) {
489 if (entry_count > kMaxChainEntryCount)
490 return false;
491
492 if (certificate_chain.entries) {
493 for (size_t i = 0; i < certificate_chain.entry_count; ++i)
494 delete[] certificate_chain.entries[i].data;
495 delete[] certificate_chain.entries;
496 }
497
498 certificate_chain.entry_count = entry_count;
499 certificate_chain.entries = new (std::nothrow) keymaster_blob_t[entry_count];
500 if (!certificate_chain.entries) {
501 certificate_chain.entry_count = 0;
502 return false;
503 }
504
505 memset(certificate_chain.entries, 0, sizeof(certificate_chain.entries[0]) * entry_count);
506 return true;
507 }
508
NonErrorSerializedSize() const509 size_t AttestKeyResponse::NonErrorSerializedSize() const {
510 size_t result = sizeof(uint32_t); /* certificate_chain.entry_count */
511 for (size_t i = 0; i < certificate_chain.entry_count; ++i) {
512 result += sizeof(uint32_t); /* certificate_chain.entries[i].data_length */
513 result += certificate_chain.entries[i].data_length;
514 }
515 return result;
516 }
517
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const518 uint8_t* AttestKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
519 buf = append_uint32_to_buf(buf, end, certificate_chain.entry_count);
520 for (size_t i = 0; i < certificate_chain.entry_count; ++i) {
521 buf = append_size_and_data_to_buf(buf, end, certificate_chain.entries[i].data,
522 certificate_chain.entries[i].data_length);
523 }
524 return buf;
525 }
526
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)527 bool AttestKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
528 size_t entry_count;
529 if (!copy_uint32_from_buf(buf_ptr, end, &entry_count) || !AllocateChain(entry_count))
530 return false;
531
532 for (size_t i = 0; i < certificate_chain.entry_count; ++i) {
533 UniquePtr<uint8_t[]> data;
534 size_t data_length;
535 if (!copy_size_and_data_from_buf(buf_ptr, end, &data_length, &data))
536 return false;
537 certificate_chain.entries[i].data = data.release();
538 certificate_chain.entries[i].data_length = data_length;
539 }
540
541 return true;
542 }
543
~UpgradeKeyRequest()544 UpgradeKeyRequest::~UpgradeKeyRequest() {
545 delete[] key_blob.key_material;
546 }
547
SetKeyMaterial(const void * key_material,size_t length)548 void UpgradeKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
549 set_key_blob(&key_blob, key_material, length);
550 }
551
SerializedSize() const552 size_t UpgradeKeyRequest::SerializedSize() const {
553 return key_blob_size(key_blob) + upgrade_params.SerializedSize();
554 }
555
Serialize(uint8_t * buf,const uint8_t * end) const556 uint8_t* UpgradeKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
557 buf = serialize_key_blob(key_blob, buf, end);
558 return upgrade_params.Serialize(buf, end);
559 }
560
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)561 bool UpgradeKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
562 return deserialize_key_blob(&key_blob, buf_ptr, end) &&
563 upgrade_params.Deserialize(buf_ptr, end);
564 }
565
~UpgradeKeyResponse()566 UpgradeKeyResponse::~UpgradeKeyResponse() {
567 delete[] upgraded_key.key_material;
568 }
569
NonErrorSerializedSize() const570 size_t UpgradeKeyResponse::NonErrorSerializedSize() const {
571 return key_blob_size(upgraded_key);
572 }
573
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const574 uint8_t* UpgradeKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
575 return serialize_key_blob(upgraded_key, buf, end);
576 }
577
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)578 bool UpgradeKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
579 return deserialize_key_blob(&upgraded_key, buf_ptr, end);
580 }
581
SerializedSize() const582 size_t HmacSharingParameters::SerializedSize() const {
583 return blob_size(seed) + sizeof(nonce);
584 }
585
Serialize(uint8_t * buf,const uint8_t * end) const586 uint8_t* HmacSharingParameters::Serialize(uint8_t* buf, const uint8_t* end) const {
587 buf = serialize_blob(seed, buf, end);
588 return append_to_buf(buf, end, nonce, sizeof(nonce));
589 }
590
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)591 bool HmacSharingParameters::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
592 return deserialize_blob(&seed, buf_ptr, end) &&
593 copy_from_buf(buf_ptr, end, nonce, sizeof(nonce));
594 }
595
SerializedSize() const596 size_t HmacSharingParametersArray::SerializedSize() const {
597 size_t size = sizeof(uint32_t); // num_params size
598 for (size_t i = 0; i < num_params; ++i) {
599 size += params_array[i].SerializedSize();
600 }
601 return size;
602 }
603
Serialize(uint8_t * buf,const uint8_t * end) const604 uint8_t* HmacSharingParametersArray::Serialize(uint8_t* buf, const uint8_t* end) const {
605 buf = append_uint32_to_buf(buf, end, num_params);
606 for (size_t i = 0; i < num_params; ++i) {
607 buf = params_array[i].Serialize(buf, end);
608 }
609 return buf;
610 }
611
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)612 bool HmacSharingParametersArray::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
613 if (!copy_uint32_from_buf(buf_ptr, end, &num_params)) return false;
614 params_array = new (std::nothrow) HmacSharingParameters[num_params];
615 if (!params_array) return false;
616 for (size_t i = 0; i < num_params; ++i) {
617 if (!params_array[i].Deserialize(buf_ptr, end)) return false;
618 }
619 return true;
620 }
621
NonErrorSerializedSize() const622 size_t ComputeSharedHmacResponse::NonErrorSerializedSize() const {
623 return blob_size(sharing_check);
624 }
625
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const626 uint8_t* ComputeSharedHmacResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
627 return serialize_blob(sharing_check, buf, end);
628 }
629
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)630 bool ComputeSharedHmacResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
631 return deserialize_blob(&sharing_check, buf_ptr, end);
632 }
633
SerializedSize() const634 size_t ImportWrappedKeyRequest::SerializedSize() const {
635 return sizeof(uint32_t) /* wrapped_key_data_length */ + wrapped_key.key_material_size +
636 sizeof(uint32_t) /* wrapping_key_data_length */ + wrapping_key.key_material_size +
637 sizeof(uint32_t) /* masking_key_data_length */ + masking_key.key_material_size +
638 additional_params.SerializedSize() + sizeof(uint64_t) /* password_sid */ +
639 sizeof(uint64_t) /* biometric_sid */;
640 }
641
Serialize(uint8_t * buf,const uint8_t * end) const642 uint8_t* ImportWrappedKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
643 buf = serialize_key_blob(wrapped_key, buf, end);
644 buf = serialize_key_blob(wrapping_key, buf, end);
645 buf = serialize_key_blob(masking_key, buf, end);
646 buf = additional_params.Serialize(buf, end);
647 buf = append_uint64_to_buf(buf, end, password_sid);
648 return append_uint64_to_buf(buf, end, biometric_sid);
649 }
650
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)651 bool ImportWrappedKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
652 return deserialize_key_blob(&wrapped_key, buf_ptr, end) &&
653 deserialize_key_blob(&wrapping_key, buf_ptr, end) &&
654 deserialize_key_blob(&masking_key, buf_ptr, end) &&
655 additional_params.Deserialize(buf_ptr, end) &&
656 copy_uint64_from_buf(buf_ptr, end, &password_sid) &&
657 copy_uint64_from_buf(buf_ptr, end, &biometric_sid);
658 }
659
SetWrappedMaterial(const void * key_material,size_t length)660 void ImportWrappedKeyRequest::SetWrappedMaterial(const void* key_material, size_t length) {
661 set_key_blob(&wrapped_key, key_material, length);
662 }
663
SetWrappingMaterial(const void * key_material,size_t length)664 void ImportWrappedKeyRequest::SetWrappingMaterial(const void* key_material, size_t length) {
665 set_key_blob(&wrapping_key, key_material, length);
666 }
667
SetMaskingKeyMaterial(const void * key_material,size_t length)668 void ImportWrappedKeyRequest::SetMaskingKeyMaterial(const void* key_material, size_t length) {
669 set_key_blob(&masking_key, key_material, length);
670 }
671
SetKeyMaterial(const void * key_material,size_t length)672 void ImportWrappedKeyResponse::SetKeyMaterial(const void* key_material, size_t length) {
673 set_key_blob(&key_blob, key_material, length);
674 }
675
NonErrorSerializedSize() const676 size_t ImportWrappedKeyResponse::NonErrorSerializedSize() const {
677 return key_blob_size(key_blob) + enforced.SerializedSize() + unenforced.SerializedSize();
678 }
679
NonErrorSerialize(uint8_t * buf,const uint8_t * end) const680 uint8_t* ImportWrappedKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
681 buf = serialize_key_blob(key_blob, buf, end);
682 buf = enforced.Serialize(buf, end);
683 return unenforced.Serialize(buf, end);
684 }
685
NonErrorDeserialize(const uint8_t ** buf_ptr,const uint8_t * end)686 bool ImportWrappedKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
687 return deserialize_key_blob(&key_blob, buf_ptr, end) && enforced.Deserialize(buf_ptr, end) &&
688 unenforced.Deserialize(buf_ptr, end);
689 }
690
SerializedSize() const691 size_t HardwareAuthToken::SerializedSize() const {
692 return sizeof(challenge) + sizeof(user_id) + sizeof(authenticator_id) +
693 sizeof(authenticator_type) + sizeof(timestamp) + blob_size(mac);
694 }
695
Serialize(uint8_t * buf,const uint8_t * end) const696 uint8_t* HardwareAuthToken::Serialize(uint8_t* buf, const uint8_t* end) const {
697 buf = append_uint64_to_buf(buf, end, challenge);
698 buf = append_uint64_to_buf(buf, end, user_id);
699 buf = append_uint64_to_buf(buf, end, authenticator_id);
700 buf = append_uint32_to_buf(buf, end, authenticator_type);
701 buf = append_uint64_to_buf(buf, end, timestamp);
702 return serialize_blob(mac, buf, end);
703 }
704
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)705 bool HardwareAuthToken::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
706 return copy_uint64_from_buf(buf_ptr, end, &challenge) &&
707 copy_uint64_from_buf(buf_ptr, end, &user_id) &&
708 copy_uint64_from_buf(buf_ptr, end, &authenticator_id) &&
709 copy_uint32_from_buf(buf_ptr, end, &authenticator_type) &&
710 copy_uint64_from_buf(buf_ptr, end, ×tamp) && //
711 deserialize_blob(&mac, buf_ptr, end);
712 }
713
SerializedSize() const714 size_t VerificationToken::SerializedSize() const {
715 return sizeof(challenge) + sizeof(timestamp) + parameters_verified.SerializedSize() +
716 sizeof(security_level) + blob_size(mac);
717 }
718
Serialize(uint8_t * buf,const uint8_t * end) const719 uint8_t* VerificationToken::Serialize(uint8_t* buf, const uint8_t* end) const {
720 buf = append_uint64_to_buf(buf, end, challenge);
721 buf = append_uint64_to_buf(buf, end, timestamp);
722 buf = parameters_verified.Serialize(buf, end);
723 buf = append_uint32_to_buf(buf, end, security_level);
724 return serialize_blob(mac, buf, end);
725 }
726
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)727 bool VerificationToken::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
728 return copy_uint64_from_buf(buf_ptr, end, &challenge) &&
729 copy_uint64_from_buf(buf_ptr, end, ×tamp) &&
730 parameters_verified.Deserialize(buf_ptr, end) &&
731 copy_uint32_from_buf(buf_ptr, end, &security_level) &&
732 deserialize_blob(&mac, buf_ptr, end);
733 }
734
735 } // namespace keymaster
736