1 /*
2  * Copyright 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_MESSAGES_H_
18 #define TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_MESSAGES_H_
19 
20 #include <keymaster/android_keymaster_messages.h>
21 
22 namespace keymaster {
23 
copy_keymaster_algorithm_from_buf(const uint8_t ** buf_ptr,const uint8_t * end,keymaster_algorithm_t * state)24 static inline bool copy_keymaster_algorithm_from_buf(
25         const uint8_t** buf_ptr,
26         const uint8_t* end,
27         keymaster_algorithm_t* state) {
28     uint32_t val;
29     if (copy_uint32_from_buf(buf_ptr, end, &val)) {
30         switch (val) {
31         case KM_ALGORITHM_RSA:
32         case KM_ALGORITHM_EC:
33         case KM_ALGORITHM_AES:
34         case KM_ALGORITHM_TRIPLE_DES:
35         case KM_ALGORITHM_HMAC:
36             *state = static_cast<keymaster_algorithm_t>(val);
37             return true;
38         default:
39             return false;
40         }
41     }
42 
43     return false;
44 }
45 
copy_keymaster_verified_boot_from_buf(const uint8_t ** buf_ptr,const uint8_t * end,keymaster_verified_boot_t * state)46 static inline bool copy_keymaster_verified_boot_from_buf(
47         const uint8_t** buf_ptr,
48         const uint8_t* end,
49         keymaster_verified_boot_t* state) {
50     uint32_t val;
51     if (copy_uint32_from_buf(buf_ptr, end, &val)) {
52         switch (val) {
53         case KM_VERIFIED_BOOT_VERIFIED:
54         case KM_VERIFIED_BOOT_SELF_SIGNED:
55         case KM_VERIFIED_BOOT_UNVERIFIED:
56         case KM_VERIFIED_BOOT_FAILED:
57             *state = static_cast<keymaster_verified_boot_t>(val);
58             return true;
59         default:
60             return false;
61         }
62     }
63 
64     return false;
65 }
66 
67 /**
68  * Generic struct for Keymaster requests which hold a single raw buffer.
69  */
70 struct RawBufferRequest : public KeymasterMessage {
RawBufferRequestRawBufferRequest71     explicit RawBufferRequest(int32_t ver) : KeymasterMessage(ver) {}
72 
SerializedSizeRawBufferRequest73     size_t SerializedSize() const override { return data.SerializedSize(); }
SerializeRawBufferRequest74     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
75         return data.Serialize(buf, end);
76     }
DeserializeRawBufferRequest77     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
78         return data.Deserialize(buf_ptr, end);
79     }
80 
81     Buffer data;
82 };
83 
84 /**
85  * Generic struct for Keymaster responses which hold a single raw buffer.
86  */
87 struct RawBufferResponse : public KeymasterResponse {
RawBufferResponseRawBufferResponse88     explicit RawBufferResponse(int32_t ver) : KeymasterResponse(ver) {}
89 
NonErrorSerializedSizeRawBufferResponse90     size_t NonErrorSerializedSize() const override {
91         return data.SerializedSize();
92     }
NonErrorSerializeRawBufferResponse93     uint8_t* NonErrorSerialize(uint8_t* buf,
94                                const uint8_t* end) const override {
95         return data.Serialize(buf, end);
96     }
NonErrorDeserializeRawBufferResponse97     bool NonErrorDeserialize(const uint8_t** buf_ptr,
98                              const uint8_t* end) override {
99         return data.Deserialize(buf_ptr, end);
100     }
101 
102     Buffer data;
103 };
104 
105 struct SetBootParamsRequest : public KeymasterMessage {
SetBootParamsRequestSetBootParamsRequest106     explicit SetBootParamsRequest(int32_t ver) : KeymasterMessage(ver) {}
107 
SerializedSizeSetBootParamsRequest108     size_t SerializedSize() const override {
109         return (sizeof(os_version) + sizeof(os_patchlevel) +
110                 sizeof(device_locked) + sizeof(verified_boot_state) +
111                 verified_boot_key.SerializedSize() +
112                 verified_boot_hash.SerializedSize());
113     }
SerializeSetBootParamsRequest114     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
115         buf = append_uint32_to_buf(buf, end, os_version);
116         buf = append_uint32_to_buf(buf, end, os_patchlevel);
117         buf = append_uint32_to_buf(buf, end, device_locked);
118         buf = append_uint32_to_buf(buf, end, verified_boot_state);
119         buf = verified_boot_key.Serialize(buf, end);
120         return verified_boot_hash.Serialize(buf, end);
121     }
DeserializeSetBootParamsRequest122     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
123         return copy_uint32_from_buf(buf_ptr, end, &os_version) &&
124                copy_uint32_from_buf(buf_ptr, end, &os_patchlevel) &&
125                copy_uint32_from_buf(buf_ptr, end, &device_locked) &&
126                copy_keymaster_verified_boot_from_buf(buf_ptr, end,
127                                                      &verified_boot_state) &&
128                verified_boot_key.Deserialize(buf_ptr, end) &&
129                verified_boot_hash.Deserialize(buf_ptr, end);
130     }
131 
132     uint32_t os_version;
133     uint32_t os_patchlevel;
134     uint32_t device_locked;
135     keymaster_verified_boot_t verified_boot_state;
136     Buffer verified_boot_key;
137     Buffer verified_boot_hash;
138 };
139 
140 using SetBootParamsResponse = EmptyKeymasterResponse;
141 struct SetAttestationKeyRequest : public KeymasterMessage {
SetAttestationKeyRequestSetAttestationKeyRequest142     explicit SetAttestationKeyRequest(int32_t ver) : KeymasterMessage(ver) {}
143 
SerializedSizeSetAttestationKeyRequest144     size_t SerializedSize() const override {
145         return sizeof(uint32_t) + key_data.SerializedSize();
146     }
SerializeSetAttestationKeyRequest147     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
148         buf = append_uint32_to_buf(buf, end, algorithm);
149         return key_data.Serialize(buf, end);
150     }
DeserializeSetAttestationKeyRequest151     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
152         return copy_keymaster_algorithm_from_buf(buf_ptr, end, &algorithm) &&
153                key_data.Deserialize(buf_ptr, end);
154     }
155 
156     keymaster_algorithm_t algorithm;
157     Buffer key_data;
158 };
159 
160 using SetAttestationKeyResponse = EmptyKeymasterResponse;
161 
162 struct ClearAttestationCertChainRequest : public KeymasterMessage {
ClearAttestationCertChainRequestClearAttestationCertChainRequest163     explicit ClearAttestationCertChainRequest(int32_t ver)
164             : KeymasterMessage(ver) {}
165 
SerializedSizeClearAttestationCertChainRequest166     size_t SerializedSize() const override { return sizeof(uint32_t); }
SerializeClearAttestationCertChainRequest167     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
168         return append_uint32_to_buf(buf, end, algorithm);
169     }
DeserializeClearAttestationCertChainRequest170     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
171         return copy_keymaster_algorithm_from_buf(buf_ptr, end, &algorithm);
172     }
173 
174     keymaster_algorithm_t algorithm;
175 };
176 using ClearAttestationCertChainResponse = EmptyKeymasterResponse;
177 
178 struct AppendAttestationCertChainRequest : public KeymasterMessage {
AppendAttestationCertChainRequestAppendAttestationCertChainRequest179     explicit AppendAttestationCertChainRequest(int32_t ver)
180             : KeymasterMessage(ver) {}
181 
SerializedSizeAppendAttestationCertChainRequest182     size_t SerializedSize() const override {
183         return sizeof(uint32_t) + cert_data.SerializedSize();
184     }
SerializeAppendAttestationCertChainRequest185     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
186         buf = append_uint32_to_buf(buf, end, algorithm);
187         return cert_data.Serialize(buf, end);
188     }
DeserializeAppendAttestationCertChainRequest189     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
190         return copy_keymaster_algorithm_from_buf(buf_ptr, end, &algorithm) &&
191                cert_data.Deserialize(buf_ptr, end);
192     }
193 
194     keymaster_algorithm_t algorithm;
195     Buffer cert_data;
196 };
197 using AppendAttestationCertChainResponse = EmptyKeymasterResponse;
198 
199 /**
200  * For Android Things Attestation Provisioning (ATAP), the GetCaRequest message
201  * in the protocol are raw opaque messages for the purposes of this IPC call.
202  * Since the SetCaResponse message will be very large (> 10k), SetCaResponse is
203  * split into *Begin, *Update, and *Finish operations.
204  */
205 using AtapGetCaRequestRequest = RawBufferRequest;
206 using AtapGetCaRequestResponse = RawBufferResponse;
207 
208 struct AtapSetCaResponseBeginRequest : public KeymasterMessage {
AtapSetCaResponseBeginRequestAtapSetCaResponseBeginRequest209     explicit AtapSetCaResponseBeginRequest(int32_t ver)
210             : KeymasterMessage(ver) {}
211 
SerializedSizeAtapSetCaResponseBeginRequest212     size_t SerializedSize() const override { return sizeof(uint32_t); }
SerializeAtapSetCaResponseBeginRequest213     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
214         return append_uint32_to_buf(buf, end, ca_response_size);
215     }
DeserializeAtapSetCaResponseBeginRequest216     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
217         return copy_uint32_from_buf(buf_ptr, end, &ca_response_size);
218     }
219 
220     uint32_t ca_response_size;
221 };
222 using AtapSetCaResponseBeginResponse = EmptyKeymasterResponse;
223 
224 using AtapSetCaResponseUpdateRequest = RawBufferRequest;
225 using AtapSetCaResponseUpdateResponse = EmptyKeymasterResponse;
226 
227 using AtapSetCaResponseFinishRequest = EmptyKeymasterRequest;
228 using AtapSetCaResponseFinishResponse = EmptyKeymasterResponse;
229 
230 using AtapSetProductIdRequest = RawBufferRequest;
231 using AtapSetProductIdResponse = EmptyKeymasterResponse;
232 
233 using AtapReadUuidRequest = EmptyKeymasterRequest;
234 using AtapReadUuidResponse = RawBufferResponse;
235 
236 }  // namespace keymaster
237 
238 #endif  // TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_MESSAGES_H_
239