1 /*
2 * Copyright 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18 #include <gatekeeper/gatekeeper_messages.h>
19
20 #include <string.h>
21
22 using namespace std;
23
24 namespace gatekeeper {
25
26 /**
27 * Methods for serializing/deserializing SizedBuffers
28 */
29
30 struct __attribute__((__packed__)) serial_header_t {
31 uint32_t error;
32 uint32_t user_id;
33 };
34
serialized_buffer_size(const SizedBuffer & buf)35 static inline uint32_t serialized_buffer_size(const SizedBuffer &buf) {
36 return sizeof(buf.length) + buf.length;
37 }
38
append_to_buffer(uint8_t ** buffer,const SizedBuffer * to_append)39 static inline void append_to_buffer(uint8_t **buffer, const SizedBuffer *to_append) {
40 memcpy(*buffer, &to_append->length, sizeof(to_append->length));
41 *buffer += sizeof(to_append->length);
42 if (to_append->length != 0) {
43 memcpy(*buffer, to_append->buffer.get(), to_append->length);
44 *buffer += to_append->length;
45 }
46 }
47
read_from_buffer(const uint8_t ** buffer,const uint8_t * end,SizedBuffer * target)48 static inline gatekeeper_error_t read_from_buffer(const uint8_t **buffer, const uint8_t *end,
49 SizedBuffer *target) {
50 if (*buffer + sizeof(target->length) > end) return ERROR_INVALID;
51
52 memcpy(&target->length, *buffer, sizeof(target->length));
53 *buffer += sizeof(target->length);
54 if (target->length != 0) {
55 const uint8_t *buffer_end = *buffer + target->length;
56 if (buffer_end > end || buffer_end <= *buffer) return ERROR_INVALID;
57
58 target->buffer.reset(new uint8_t[target->length]);
59 memcpy(target->buffer.get(), *buffer, target->length);
60 *buffer += target->length;
61 }
62 return ERROR_NONE;
63 }
64
65
GetSerializedSize() const66 uint32_t GateKeeperMessage::GetSerializedSize() const {
67 if (error == ERROR_NONE) {
68 uint32_t size = sizeof(serial_header_t) + nonErrorSerializedSize();
69 return size;
70 } else {
71 uint32_t size = sizeof(serial_header_t);
72 if (error == ERROR_RETRY) {
73 size += sizeof(retry_timeout);
74 }
75 return size;
76 }
77 }
78
Serialize(uint8_t * buffer,const uint8_t * end) const79 uint32_t GateKeeperMessage::Serialize(uint8_t *buffer, const uint8_t *end) const {
80 uint32_t bytes_written = 0;
81 if (buffer + GetSerializedSize() > end) {
82 return 0;
83 }
84
85 serial_header_t *header = reinterpret_cast<serial_header_t *>(buffer);
86 if (error != ERROR_NONE) {
87 if (buffer + sizeof(serial_header_t) > end) return 0;
88 header->error = error;
89 header->user_id = user_id;
90 bytes_written += sizeof(*header);
91 if (error == ERROR_RETRY) {
92 memcpy(buffer + sizeof(serial_header_t), &retry_timeout, sizeof(retry_timeout));
93 bytes_written += sizeof(retry_timeout);
94 }
95 } else {
96 if (buffer + sizeof(serial_header_t) + nonErrorSerializedSize() > end)
97 return 0;
98 header->error = error;
99 header->user_id = user_id;
100 nonErrorSerialize(buffer + sizeof(*header));
101 bytes_written += sizeof(*header) + nonErrorSerializedSize();
102 }
103
104 return bytes_written;
105 }
106
Deserialize(const uint8_t * payload,const uint8_t * end)107 gatekeeper_error_t GateKeeperMessage::Deserialize(const uint8_t *payload, const uint8_t *end) {
108 if (payload + sizeof(uint32_t) > end) return ERROR_INVALID;
109 const serial_header_t *header = reinterpret_cast<const serial_header_t *>(payload);
110 if (header->error == ERROR_NONE) {
111 if (payload == end) return ERROR_INVALID;
112 user_id = header->user_id;
113 error = nonErrorDeserialize(payload + sizeof(*header), end);
114 } else {
115 error = static_cast<gatekeeper_error_t>(header->error);
116 user_id = header->user_id;
117 if (error == ERROR_RETRY) {
118 if (payload + sizeof(serial_header_t) < end) {
119 memcpy(&retry_timeout, payload + sizeof(serial_header_t), sizeof(retry_timeout));
120 } else {
121 retry_timeout = 0;
122 }
123 }
124 }
125
126 return error;
127 }
128
SetRetryTimeout(uint32_t retry_timeout)129 void GateKeeperMessage::SetRetryTimeout(uint32_t retry_timeout) {
130 this->retry_timeout = retry_timeout;
131 this->error = ERROR_RETRY;
132 }
133
VerifyRequest(uint32_t user_id,uint64_t challenge,SizedBuffer * enrolled_password_handle,SizedBuffer * provided_password_payload)134 VerifyRequest::VerifyRequest(uint32_t user_id, uint64_t challenge,
135 SizedBuffer *enrolled_password_handle, SizedBuffer *provided_password_payload) {
136 this->user_id = user_id;
137 this->challenge = challenge;
138 this->password_handle.buffer.reset(enrolled_password_handle->buffer.release());
139 this->password_handle.length = enrolled_password_handle->length;
140 this->provided_password.buffer.reset(provided_password_payload->buffer.release());
141 this->provided_password.length = provided_password_payload->length;
142 }
143
VerifyRequest()144 VerifyRequest::VerifyRequest() {
145 memset_s(&password_handle, 0, sizeof(password_handle));
146 memset_s(&provided_password, 0, sizeof(provided_password));
147 }
148
~VerifyRequest()149 VerifyRequest::~VerifyRequest() {
150 if (password_handle.buffer.get()) {
151 password_handle.buffer.reset();
152 }
153
154 if (provided_password.buffer.get()) {
155 memset_s(provided_password.buffer.get(), 0, provided_password.length);
156 provided_password.buffer.reset();
157 }
158 }
159
nonErrorSerializedSize() const160 uint32_t VerifyRequest::nonErrorSerializedSize() const {
161 return sizeof(challenge) + serialized_buffer_size(password_handle)
162 + serialized_buffer_size(provided_password);
163 }
164
nonErrorSerialize(uint8_t * buffer) const165 void VerifyRequest::nonErrorSerialize(uint8_t *buffer) const {
166 memcpy(buffer, &challenge, sizeof(challenge));
167 buffer += sizeof(challenge);
168 append_to_buffer(&buffer, &password_handle);
169 append_to_buffer(&buffer, &provided_password);
170 }
171
nonErrorDeserialize(const uint8_t * payload,const uint8_t * end)172 gatekeeper_error_t VerifyRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
173 gatekeeper_error_t error = ERROR_NONE;
174
175 if (password_handle.buffer.get()) {
176 password_handle.buffer.reset();
177 }
178
179 if (provided_password.buffer.get()) {
180 memset_s(provided_password.buffer.get(), 0, provided_password.length);
181 provided_password.buffer.reset();
182 }
183
184 memcpy(&challenge, payload, sizeof(challenge));
185 payload += sizeof(challenge);
186
187 error = read_from_buffer(&payload, end, &password_handle);
188 if (error != ERROR_NONE) return error;
189
190 return read_from_buffer(&payload, end, &provided_password);
191
192 }
193
VerifyResponse(uint32_t user_id,SizedBuffer * auth_token)194 VerifyResponse::VerifyResponse(uint32_t user_id, SizedBuffer *auth_token) {
195 this->user_id = user_id;
196 this->auth_token.buffer.reset(auth_token->buffer.release());
197 this->auth_token.length = auth_token->length;
198 this->request_reenroll = false;
199 }
200
VerifyResponse()201 VerifyResponse::VerifyResponse() {
202 request_reenroll = false;
203 memset_s(&auth_token, 0, sizeof(auth_token));
204 };
205
~VerifyResponse()206 VerifyResponse::~VerifyResponse() {
207 if (auth_token.length > 0) {
208 auth_token.buffer.reset();
209 }
210 }
211
SetVerificationToken(SizedBuffer * auth_token)212 void VerifyResponse::SetVerificationToken(SizedBuffer *auth_token) {
213 this->auth_token.buffer.reset(auth_token->buffer.release());
214 this->auth_token.length = auth_token->length;
215 }
216
nonErrorSerializedSize() const217 uint32_t VerifyResponse::nonErrorSerializedSize() const {
218 return serialized_buffer_size(auth_token) + sizeof(request_reenroll);
219 }
220
nonErrorSerialize(uint8_t * buffer) const221 void VerifyResponse::nonErrorSerialize(uint8_t *buffer) const {
222 append_to_buffer(&buffer, &auth_token);
223 memcpy(buffer, &request_reenroll, sizeof(request_reenroll));
224 }
225
nonErrorDeserialize(const uint8_t * payload,const uint8_t * end)226 gatekeeper_error_t VerifyResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
227 if (auth_token.buffer.get()) {
228 auth_token.buffer.reset();
229 }
230
231 gatekeeper_error_t err = read_from_buffer(&payload, end, &auth_token);
232 if (err != ERROR_NONE) {
233 return err;
234 }
235
236 memcpy(&request_reenroll, payload, sizeof(request_reenroll));
237 return ERROR_NONE;
238 }
239
EnrollRequest(uint32_t user_id,SizedBuffer * password_handle,SizedBuffer * provided_password,SizedBuffer * enrolled_password)240 EnrollRequest::EnrollRequest(uint32_t user_id, SizedBuffer *password_handle,
241 SizedBuffer *provided_password, SizedBuffer *enrolled_password) {
242 this->user_id = user_id;
243 this->provided_password.buffer.reset(provided_password->buffer.release());
244 this->provided_password.length = provided_password->length;
245
246 if (enrolled_password == NULL) {
247 this->enrolled_password.buffer.reset();
248 this->enrolled_password.length = 0;
249 } else {
250 this->enrolled_password.buffer.reset(enrolled_password->buffer.release());
251 this->enrolled_password.length = enrolled_password->length;
252 }
253
254 if (password_handle == NULL) {
255 this->password_handle.buffer.reset();
256 this->password_handle.length = 0;
257 } else {
258 this->password_handle.buffer.reset(password_handle->buffer.release());
259 this->password_handle.length = password_handle->length;
260 }
261 }
262
EnrollRequest()263 EnrollRequest::EnrollRequest() {
264 memset_s(&provided_password, 0, sizeof(provided_password));
265 memset_s(&enrolled_password, 0, sizeof(enrolled_password));
266 memset_s(&password_handle, 0, sizeof(password_handle));
267 }
268
~EnrollRequest()269 EnrollRequest::~EnrollRequest() {
270 if (provided_password.buffer.get()) {
271 memset_s(provided_password.buffer.get(), 0, provided_password.length);
272 provided_password.buffer.reset();
273 }
274
275 if (enrolled_password.buffer.get()) {
276 memset_s(enrolled_password.buffer.get(), 0, enrolled_password.length);
277 enrolled_password.buffer.reset();
278 }
279
280 if (password_handle.buffer.get()) {
281 memset_s(password_handle.buffer.get(), 0, password_handle.length);
282 password_handle.buffer.reset();
283 }
284 }
285
nonErrorSerializedSize() const286 uint32_t EnrollRequest::nonErrorSerializedSize() const {
287 return serialized_buffer_size(provided_password) + serialized_buffer_size(enrolled_password)
288 + serialized_buffer_size(password_handle);
289 }
290
nonErrorSerialize(uint8_t * buffer) const291 void EnrollRequest::nonErrorSerialize(uint8_t *buffer) const {
292 append_to_buffer(&buffer, &provided_password);
293 append_to_buffer(&buffer, &enrolled_password);
294 append_to_buffer(&buffer, &password_handle);
295 }
296
nonErrorDeserialize(const uint8_t * payload,const uint8_t * end)297 gatekeeper_error_t EnrollRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
298 gatekeeper_error_t ret;
299 if (provided_password.buffer.get()) {
300 memset_s(provided_password.buffer.get(), 0, provided_password.length);
301 provided_password.buffer.reset();
302 }
303
304 if (enrolled_password.buffer.get()) {
305 memset_s(enrolled_password.buffer.get(), 0, enrolled_password.length);
306 enrolled_password.buffer.reset();
307 }
308
309 if (password_handle.buffer.get()) {
310 memset_s(password_handle.buffer.get(), 0, password_handle.length);
311 password_handle.buffer.reset();
312 }
313
314 ret = read_from_buffer(&payload, end, &provided_password);
315 if (ret != ERROR_NONE) {
316 return ret;
317 }
318
319 ret = read_from_buffer(&payload, end, &enrolled_password);
320 if (ret != ERROR_NONE) {
321 return ret;
322 }
323
324 return read_from_buffer(&payload, end, &password_handle);
325 }
326
EnrollResponse(uint32_t user_id,SizedBuffer * enrolled_password_handle)327 EnrollResponse::EnrollResponse(uint32_t user_id, SizedBuffer *enrolled_password_handle) {
328 this->user_id = user_id;
329 this->enrolled_password_handle.buffer.reset(enrolled_password_handle->buffer.release());
330 this->enrolled_password_handle.length = enrolled_password_handle->length;
331 }
332
EnrollResponse()333 EnrollResponse::EnrollResponse() {
334 memset_s(&enrolled_password_handle, 0, sizeof(enrolled_password_handle));
335 }
336
~EnrollResponse()337 EnrollResponse::~EnrollResponse() {
338 if (enrolled_password_handle.buffer.get()) {
339 enrolled_password_handle.buffer.reset();
340 }
341 }
342
SetEnrolledPasswordHandle(SizedBuffer * enrolled_password_handle)343 void EnrollResponse::SetEnrolledPasswordHandle(SizedBuffer *enrolled_password_handle) {
344 this->enrolled_password_handle.buffer.reset(enrolled_password_handle->buffer.release());
345 this->enrolled_password_handle.length = enrolled_password_handle->length;
346 }
347
nonErrorSerializedSize() const348 uint32_t EnrollResponse::nonErrorSerializedSize() const {
349 return serialized_buffer_size(enrolled_password_handle);
350 }
351
nonErrorSerialize(uint8_t * buffer) const352 void EnrollResponse::nonErrorSerialize(uint8_t *buffer) const {
353 append_to_buffer(&buffer, &enrolled_password_handle);
354 }
355
nonErrorDeserialize(const uint8_t * payload,const uint8_t * end)356 gatekeeper_error_t EnrollResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
357 if (enrolled_password_handle.buffer.get()) {
358 enrolled_password_handle.buffer.reset();
359 }
360
361 return read_from_buffer(&payload, end, &enrolled_password_handle);
362 }
363
364 };
365
366