1 /*
2  * Copyright 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
18 #define SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
19 
20 #include <assert.h>
21 #include <stdlib.h>
22 #include <string.h>
23 
24 #include <keymaster/android_keymaster_utils.h>
25 #include <keymaster/authorization_set.h>
26 
27 namespace keymaster {
28 
29 // Commands
30 enum AndroidKeymasterCommand {
31     GENERATE_KEY = 0,
32     BEGIN_OPERATION = 1,
33     UPDATE_OPERATION = 2,
34     FINISH_OPERATION = 3,
35     ABORT_OPERATION = 4,
36     IMPORT_KEY = 5,
37     EXPORT_KEY = 6,
38     GET_VERSION = 7,
39     ADD_RNG_ENTROPY = 8,
40     GET_SUPPORTED_ALGORITHMS = 9,
41     GET_SUPPORTED_BLOCK_MODES = 10,
42     GET_SUPPORTED_PADDING_MODES = 11,
43     GET_SUPPORTED_DIGESTS = 12,
44     GET_SUPPORTED_IMPORT_FORMATS = 13,
45     GET_SUPPORTED_EXPORT_FORMATS = 14,
46     GET_KEY_CHARACTERISTICS = 15,
47     ATTEST_KEY = 16,
48     UPGRADE_KEY = 17,
49 };
50 
51 /**
52  * Keymaster message versions are tied to keymaster versions.  We map the keymaster
53  * major.minor.subminor version to a sequential "message version".
54  *
55  * Rather than encoding a version number into each message we rely on the client -- who initiates
56  * all requests -- to check the version of the keymaster implementation with the GET_VERSION command
57  * and to send only requests that the implementation can understand.  This means that only the
58  * client side needs to manage version compatibility; the implementation can always expect/produce
59  * messages of its format.
60  *
61  * Because message version selection is purely a client-side issue, all messages default to using
62  * the latest version (MAX_MESSAGE_VERSION).  Client code must take care to check versions and pass
63  * correct version values to message constructors.  The AndroidKeymaster implementation always uses
64  * the default, latest.
65  *
66  * Note that this approach implies that GetVersionRequest and GetVersionResponse cannot be
67  * versioned.
68  */
69 const int32_t MAX_MESSAGE_VERSION = 3;
MessageVersion(uint8_t major_ver,uint8_t minor_ver,uint8_t)70 inline int32_t MessageVersion(uint8_t major_ver, uint8_t minor_ver, uint8_t /* subminor_ver */) {
71     int32_t message_version = -1;
72     switch (major_ver) {
73     case 0:
74         // For the moment we still support version 0, though in general the plan is not to support
75         // non-matching major versions.
76         message_version = 0;
77         break;
78     case 1:
79         switch (minor_ver) {
80         case 0:
81             message_version = 1;
82             break;
83         case 1:
84             message_version = 2;
85             break;
86         }
87         break;
88     case 2:
89         message_version = 3;
90         break;
91     };
92     return message_version;
93 }
94 
95 struct KeymasterMessage : public Serializable {
KeymasterMessageKeymasterMessage96     explicit KeymasterMessage(int32_t ver) : message_version(ver) { assert(ver >= 0); }
97     uint32_t message_version;
98 };
99 
100 /**
101  * All responses include an error value, and if the error is not KM_ERROR_OK, return no additional
102  * data.  This abstract class factors out the common serialization functionality for all of the
103  * responses, so we only have to implement it once.  Inheritance for reuse is generally not a great
104  * structure, but in this case it's the cleanest option.
105  */
106 struct KeymasterResponse : public KeymasterMessage {
KeymasterResponseKeymasterResponse107     explicit KeymasterResponse(int32_t ver)
108         : KeymasterMessage(ver), error(KM_ERROR_UNKNOWN_ERROR) {}
109 
110     size_t SerializedSize() const override;
111     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
112     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
113 
114     virtual size_t NonErrorSerializedSize() const = 0;
115     virtual uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const = 0;
116     virtual bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) = 0;
117 
118     keymaster_error_t error;
119 };
120 
121 struct SupportedAlgorithmsRequest : public KeymasterMessage {
122     explicit SupportedAlgorithmsRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageSupportedAlgorithmsRequest123         : KeymasterMessage(ver) {}
124 
SerializedSizeSupportedAlgorithmsRequest125     size_t SerializedSize() const override { return 0; };
SerializeSupportedAlgorithmsRequest126     uint8_t* Serialize(uint8_t* buf, const uint8_t* /* end */) const override { return buf; }
DeserializeSupportedAlgorithmsRequest127     bool Deserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override {
128         return true;
129     }
130 };
131 
132 struct SupportedByAlgorithmRequest : public KeymasterMessage {
SupportedByAlgorithmRequestSupportedByAlgorithmRequest133     explicit SupportedByAlgorithmRequest(int32_t ver) : KeymasterMessage(ver) {}
134 
SerializedSizeSupportedByAlgorithmRequest135     size_t SerializedSize() const override { return sizeof(uint32_t); };
SerializeSupportedByAlgorithmRequest136     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
137         return append_uint32_to_buf(buf, end, algorithm);
138     }
DeserializeSupportedByAlgorithmRequest139     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
140         return copy_uint32_from_buf(buf_ptr, end, &algorithm);
141     }
142 
143     keymaster_algorithm_t algorithm;
144 };
145 
146 struct SupportedImportFormatsRequest : public SupportedByAlgorithmRequest {
147     explicit SupportedImportFormatsRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmRequestSupportedImportFormatsRequest148         : SupportedByAlgorithmRequest(ver) {}
149 };
150 
151 struct SupportedExportFormatsRequest : public SupportedByAlgorithmRequest {
152     explicit SupportedExportFormatsRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmRequestSupportedExportFormatsRequest153         : SupportedByAlgorithmRequest(ver) {}
154 };
155 
156 struct SupportedByAlgorithmAndPurposeRequest : public KeymasterMessage {
157     explicit SupportedByAlgorithmAndPurposeRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageSupportedByAlgorithmAndPurposeRequest158         : KeymasterMessage(ver) {}
159 
SerializedSizeSupportedByAlgorithmAndPurposeRequest160     size_t SerializedSize() const override { return sizeof(uint32_t) * 2; };
SerializeSupportedByAlgorithmAndPurposeRequest161     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
162         buf = append_uint32_to_buf(buf, end, algorithm);
163         return append_uint32_to_buf(buf, end, purpose);
164     }
DeserializeSupportedByAlgorithmAndPurposeRequest165     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
166         return copy_uint32_from_buf(buf_ptr, end, &algorithm) &&
167                copy_uint32_from_buf(buf_ptr, end, &purpose);
168     }
169 
170     keymaster_algorithm_t algorithm;
171     keymaster_purpose_t purpose;
172 };
173 
174 struct SupportedBlockModesRequest : public SupportedByAlgorithmAndPurposeRequest {
175     explicit SupportedBlockModesRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmAndPurposeRequestSupportedBlockModesRequest176         : SupportedByAlgorithmAndPurposeRequest(ver) {}
177 };
178 
179 struct SupportedPaddingModesRequest : public SupportedByAlgorithmAndPurposeRequest {
180     explicit SupportedPaddingModesRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmAndPurposeRequestSupportedPaddingModesRequest181         : SupportedByAlgorithmAndPurposeRequest(ver) {}
182 };
183 
184 struct SupportedDigestsRequest : public SupportedByAlgorithmAndPurposeRequest {
185     explicit SupportedDigestsRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmAndPurposeRequestSupportedDigestsRequest186         : SupportedByAlgorithmAndPurposeRequest(ver) {}
187 };
188 
189 template <typename T> struct SupportedResponse : public KeymasterResponse {
SupportedResponseSupportedResponse190     explicit SupportedResponse(int32_t ver)
191         : KeymasterResponse(ver), results(nullptr), results_length(0) {}
~SupportedResponseSupportedResponse192     ~SupportedResponse() { delete[] results; }
193 
SetResultsSupportedResponse194     template <size_t N> void SetResults(const T (&arr)[N]) { SetResults(arr, N); }
195 
SetResultsSupportedResponse196     void SetResults(const T* arr, size_t n) {
197         delete[] results;
198         results_length = 0;
199         results = dup_array(arr, n);
200         if (results == nullptr) {
201             error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
202         } else {
203             results_length = n;
204             error = KM_ERROR_OK;
205         }
206     }
207 
NonErrorSerializedSizeSupportedResponse208     size_t NonErrorSerializedSize() const override {
209         return sizeof(uint32_t) + results_length * sizeof(uint32_t);
210     }
NonErrorSerializeSupportedResponse211     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override {
212         return append_uint32_array_to_buf(buf, end, results, results_length);
213     }
NonErrorDeserializeSupportedResponse214     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
215         delete[] results;
216         results = nullptr;
217         UniquePtr<T[]> tmp;
218         if (!copy_uint32_array_from_buf(buf_ptr, end, &tmp, &results_length))
219             return false;
220         results = tmp.release();
221         return true;
222     }
223 
224     T* results;
225     size_t results_length;
226 };
227 
228 struct SupportedAlgorithmsResponse : public SupportedResponse<keymaster_algorithm_t> {
229     explicit SupportedAlgorithmsResponse(int32_t ver = MAX_MESSAGE_VERSION)
230         : SupportedResponse<keymaster_algorithm_t>(ver) {}
231 };
232 
233 struct SupportedBlockModesResponse : public SupportedResponse<keymaster_block_mode_t> {
234     explicit SupportedBlockModesResponse(int32_t ver = MAX_MESSAGE_VERSION)
235         : SupportedResponse<keymaster_block_mode_t>(ver) {}
236 };
237 
238 struct SupportedPaddingModesResponse : public SupportedResponse<keymaster_padding_t> {
239     explicit SupportedPaddingModesResponse(int32_t ver = MAX_MESSAGE_VERSION)
240         : SupportedResponse<keymaster_padding_t>(ver) {}
241 };
242 
243 struct SupportedDigestsResponse : public SupportedResponse<keymaster_digest_t> {
244     explicit SupportedDigestsResponse(int32_t ver = MAX_MESSAGE_VERSION)
245         : SupportedResponse<keymaster_digest_t>(ver) {}
246 };
247 
248 struct SupportedImportFormatsResponse : public SupportedResponse<keymaster_key_format_t> {
249     explicit SupportedImportFormatsResponse(int32_t ver = MAX_MESSAGE_VERSION)
250         : SupportedResponse<keymaster_key_format_t>(ver) {}
251 };
252 
253 struct SupportedExportFormatsResponse : public SupportedResponse<keymaster_key_format_t> {
254     explicit SupportedExportFormatsResponse(int32_t ver = MAX_MESSAGE_VERSION)
255         : SupportedResponse<keymaster_key_format_t>(ver) {}
256 };
257 
258 struct GenerateKeyRequest : public KeymasterMessage {
KeymasterMessageGenerateKeyRequest259     explicit GenerateKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
260 
SerializedSizeGenerateKeyRequest261     size_t SerializedSize() const override { return key_description.SerializedSize(); }
SerializeGenerateKeyRequest262     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
263         return key_description.Serialize(buf, end);
264     }
DeserializeGenerateKeyRequest265     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
266         return key_description.Deserialize(buf_ptr, end);
267     }
268 
269     AuthorizationSet key_description;
270 };
271 
272 struct GenerateKeyResponse : public KeymasterResponse {
KeymasterResponseGenerateKeyResponse273     explicit GenerateKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
274         key_blob.key_material = nullptr;
275         key_blob.key_material_size = 0;
276     }
277     ~GenerateKeyResponse();
278 
279     size_t NonErrorSerializedSize() const override;
280     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
281     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
282 
283     keymaster_key_blob_t key_blob;
284     AuthorizationSet enforced;
285     AuthorizationSet unenforced;
286 };
287 
288 struct GetKeyCharacteristicsRequest : public KeymasterMessage {
289     explicit GetKeyCharacteristicsRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageGetKeyCharacteristicsRequest290         : KeymasterMessage(ver) {
291         key_blob.key_material = nullptr;
292         key_blob.key_material_size = 0;
293     }
294     ~GetKeyCharacteristicsRequest();
295 
296     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialGetKeyCharacteristicsRequest297     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
298         SetKeyMaterial(blob.key_material, blob.key_material_size);
299     }
300 
301     size_t SerializedSize() const override;
302     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
303     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
304 
305     keymaster_key_blob_t key_blob;
306     AuthorizationSet additional_params;
307 };
308 
309 struct GetKeyCharacteristicsResponse : public KeymasterResponse {
310     explicit GetKeyCharacteristicsResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseGetKeyCharacteristicsResponse311         : KeymasterResponse(ver) {}
312     size_t NonErrorSerializedSize() const override;
313     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
314     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
315 
316     AuthorizationSet enforced;
317     AuthorizationSet unenforced;
318 };
319 
320 struct BeginOperationRequest : public KeymasterMessage {
KeymasterMessageBeginOperationRequest321     explicit BeginOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
322         key_blob.key_material = nullptr;
323         key_blob.key_material_size = 0;
324     }
~BeginOperationRequestBeginOperationRequest325     ~BeginOperationRequest() { delete[] key_blob.key_material; }
326 
327     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialBeginOperationRequest328     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
329         SetKeyMaterial(blob.key_material, blob.key_material_size);
330     }
331 
332     size_t SerializedSize() const;
333     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
334     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
335 
336     keymaster_purpose_t purpose;
337     keymaster_key_blob_t key_blob;
338     AuthorizationSet additional_params;
339 };
340 
341 struct BeginOperationResponse : public KeymasterResponse {
KeymasterResponseBeginOperationResponse342     explicit BeginOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
343 
344     size_t NonErrorSerializedSize() const override;
345     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
346     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
347 
348     keymaster_operation_handle_t op_handle;
349     AuthorizationSet output_params;
350 };
351 
352 struct UpdateOperationRequest : public KeymasterMessage {
KeymasterMessageUpdateOperationRequest353     explicit UpdateOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
354 
355     size_t SerializedSize() const override;
356     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
357     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
358 
359     keymaster_operation_handle_t op_handle;
360     Buffer input;
361     AuthorizationSet additional_params;
362 };
363 
364 struct UpdateOperationResponse : public KeymasterResponse {
365     explicit UpdateOperationResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseUpdateOperationResponse366         : KeymasterResponse(ver), input_consumed(0) {}
367 
368     size_t NonErrorSerializedSize() const override;
369     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
370     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
371 
372     Buffer output;
373     size_t input_consumed;
374     AuthorizationSet output_params;
375 };
376 
377 struct FinishOperationRequest : public KeymasterMessage {
KeymasterMessageFinishOperationRequest378     explicit FinishOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
379 
380     size_t SerializedSize() const override;
381     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
382     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
383 
384     keymaster_operation_handle_t op_handle;
385     Buffer input;
386     Buffer signature;
387     AuthorizationSet additional_params;
388 };
389 
390 struct FinishOperationResponse : public KeymasterResponse {
KeymasterResponseFinishOperationResponse391     explicit FinishOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
392 
393     size_t NonErrorSerializedSize() const override;
394     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
395     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
396 
397     Buffer output;
398     AuthorizationSet output_params;
399 };
400 
401 struct AbortOperationRequest : public KeymasterMessage {
KeymasterMessageAbortOperationRequest402     explicit AbortOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
403 
SerializedSizeAbortOperationRequest404     size_t SerializedSize() const override { return sizeof(uint64_t); }
SerializeAbortOperationRequest405     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
406         return append_uint64_to_buf(buf, end, op_handle);
407     }
DeserializeAbortOperationRequest408     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
409         return copy_uint64_from_buf(buf_ptr, end, &op_handle);
410     }
411 
412     keymaster_operation_handle_t op_handle;
413 };
414 
415 struct AbortOperationResponse : public KeymasterResponse {
KeymasterResponseAbortOperationResponse416     explicit AbortOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
417 
NonErrorSerializedSizeAbortOperationResponse418     size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeAbortOperationResponse419     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
NonErrorDeserializeAbortOperationResponse420     bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
421 };
422 
423 struct AddEntropyRequest : public KeymasterMessage {
KeymasterMessageAddEntropyRequest424     explicit AddEntropyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
425 
426     size_t SerializedSize() const override;
427     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
428     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
429 
430     Buffer random_data;
431 };
432 
433 struct AddEntropyResponse : public KeymasterResponse {
KeymasterResponseAddEntropyResponse434     explicit AddEntropyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
435 
NonErrorSerializedSizeAddEntropyResponse436     size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeAddEntropyResponse437     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* /* end */) const override {
438         return buf;
439     }
NonErrorDeserializeAddEntropyResponse440     bool NonErrorDeserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override {
441         return true;
442     }
443 };
444 
445 struct ImportKeyRequest : public KeymasterMessage {
446     explicit ImportKeyRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageImportKeyRequest447         : KeymasterMessage(ver), key_data(nullptr) {}
~ImportKeyRequestImportKeyRequest448     ~ImportKeyRequest() { delete[] key_data; }
449 
450     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialImportKeyRequest451     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
452         SetKeyMaterial(blob.key_material, blob.key_material_size);
453     }
454 
455     size_t SerializedSize() const override;
456     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
457     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
458 
459     AuthorizationSet key_description;
460     keymaster_key_format_t key_format;
461     uint8_t* key_data;
462     size_t key_data_length;
463 };
464 
465 struct ImportKeyResponse : public KeymasterResponse {
KeymasterResponseImportKeyResponse466     explicit ImportKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
467         key_blob.key_material = nullptr;
468         key_blob.key_material_size = 0;
469     }
~ImportKeyResponseImportKeyResponse470     ~ImportKeyResponse() { delete[] key_blob.key_material; }
471 
472     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialImportKeyResponse473     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
474         SetKeyMaterial(blob.key_material, blob.key_material_size);
475     }
476 
477     size_t NonErrorSerializedSize() const override;
478     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
479     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
480 
481     keymaster_key_blob_t key_blob;
482     AuthorizationSet enforced;
483     AuthorizationSet unenforced;
484 };
485 
486 struct ExportKeyRequest : public KeymasterMessage {
KeymasterMessageExportKeyRequest487     explicit ExportKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
488         key_blob.key_material = nullptr;
489         key_blob.key_material_size = 0;
490     }
~ExportKeyRequestExportKeyRequest491     ~ExportKeyRequest() { delete[] key_blob.key_material; }
492 
493     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialExportKeyRequest494     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
495         SetKeyMaterial(blob.key_material, blob.key_material_size);
496     }
497 
498     size_t SerializedSize() const override;
499     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
500     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
501 
502     AuthorizationSet additional_params;
503     keymaster_key_format_t key_format;
504     keymaster_key_blob_t key_blob;
505 };
506 
507 struct ExportKeyResponse : public KeymasterResponse {
508     explicit ExportKeyResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseExportKeyResponse509         : KeymasterResponse(ver), key_data(nullptr) {}
~ExportKeyResponseExportKeyResponse510     ~ExportKeyResponse() { delete[] key_data; }
511 
512     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialExportKeyResponse513     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
514         SetKeyMaterial(blob.key_material, blob.key_material_size);
515     }
516 
517     size_t NonErrorSerializedSize() const override;
518     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
519     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
520 
521     uint8_t* key_data;
522     size_t key_data_length;
523 };
524 
525 struct DeleteKeyRequest : public KeymasterMessage {
KeymasterMessageDeleteKeyRequest526     explicit DeleteKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
527         key_blob.key_material = nullptr;
528         key_blob.key_material_size = 0;
529     }
~DeleteKeyRequestDeleteKeyRequest530     ~DeleteKeyRequest() { delete[] key_blob.key_material; }
531 
532     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialDeleteKeyRequest533     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
534         SetKeyMaterial(blob.key_material, blob.key_material_size);
535     }
536 
537     size_t SerializedSize() const override;
538     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
539     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
540 
541     keymaster_key_blob_t key_blob;
542 };
543 
544 struct DeleteKeyResponse : public KeymasterResponse {
KeymasterResponseDeleteKeyResponse545     explicit DeleteKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
546 
NonErrorSerializedSizeDeleteKeyResponse547     size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeDeleteKeyResponse548     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
NonErrorDeserializeDeleteKeyResponse549     bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
550 };
551 
552 struct DeleteAllKeysRequest : public KeymasterMessage {
KeymasterMessageDeleteAllKeysRequest553     explicit DeleteAllKeysRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
554 
SerializedSizeDeleteAllKeysRequest555     size_t SerializedSize() const override { return 0; }
SerializeDeleteAllKeysRequest556     uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; }
DeserializeDeleteAllKeysRequest557     bool Deserialize(const uint8_t**, const uint8_t*) override { return true; };
558 };
559 
560 struct DeleteAllKeysResponse : public KeymasterResponse {
KeymasterResponseDeleteAllKeysResponse561     explicit DeleteAllKeysResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
562 
NonErrorSerializedSizeDeleteAllKeysResponse563     size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeDeleteAllKeysResponse564     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
NonErrorDeserializeDeleteAllKeysResponse565     bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
566 };
567 
568 struct GetVersionRequest : public KeymasterMessage {
GetVersionRequestGetVersionRequest569     GetVersionRequest() : KeymasterMessage(0 /* not versionable */) {}
570 
SerializedSizeGetVersionRequest571     size_t SerializedSize() const override { return 0; }
SerializeGetVersionRequest572     uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; }
DeserializeGetVersionRequest573     bool Deserialize(const uint8_t**, const uint8_t*) override { return true; };
574 };
575 
576 struct GetVersionResponse : public KeymasterResponse {
GetVersionResponseGetVersionResponse577     GetVersionResponse()
578         : KeymasterResponse(0 /* not versionable */), major_ver(0), minor_ver(0), subminor_ver(0) {}
579 
580     size_t NonErrorSerializedSize() const override;
581     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
582     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
583 
584     uint8_t major_ver;
585     uint8_t minor_ver;
586     uint8_t subminor_ver;
587 };
588 
589 struct AttestKeyRequest : public KeymasterMessage {
KeymasterMessageAttestKeyRequest590     explicit AttestKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
591         key_blob.key_material = nullptr;
592         key_blob.key_material_size = 0;
593     }
594     ~AttestKeyRequest();
595 
596     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialAttestKeyRequest597     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
598         SetKeyMaterial(blob.key_material, blob.key_material_size);
599     }
600 
601     size_t SerializedSize() const override;
602     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
603     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
604 
605     keymaster_key_blob_t key_blob;
606     AuthorizationSet attest_params;
607 };
608 
609 struct AttestKeyResponse : public KeymasterResponse {
KeymasterResponseAttestKeyResponse610     explicit AttestKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
611         certificate_chain.entry_count = 0;
612         certificate_chain.entries = nullptr;
613     }
614     ~AttestKeyResponse();
615 
616     bool AllocateChain(size_t entry_count);
617 
618     size_t NonErrorSerializedSize() const override;
619     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
620     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
621 
622     keymaster_cert_chain_t certificate_chain;
623 };
624 
625 struct UpgradeKeyRequest : public KeymasterMessage {
KeymasterMessageUpgradeKeyRequest626     explicit UpgradeKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
627         key_blob = {nullptr, 0};
628     }
629     ~UpgradeKeyRequest();
630 
631     void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialUpgradeKeyRequest632     void SetKeyMaterial(const keymaster_key_blob_t& blob) {
633         SetKeyMaterial(blob.key_material, blob.key_material_size);
634     }
635 
636     size_t SerializedSize() const override;
637     uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
638     bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
639 
640     keymaster_key_blob_t key_blob;
641     AuthorizationSet upgrade_params;
642 };
643 
644 struct UpgradeKeyResponse : public KeymasterResponse {
KeymasterResponseUpgradeKeyResponse645     explicit UpgradeKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
646         upgraded_key = {nullptr, 0};
647     }
648     ~UpgradeKeyResponse();
649 
650     size_t NonErrorSerializedSize() const override;
651     uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
652     bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
653 
654     keymaster_key_blob_t upgraded_key;
655 };
656 
657 }  // namespace keymaster
658 
659 #endif  // SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
660