1 /*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #ifndef SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
18 #define SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
19
20 #include <assert.h>
21 #include <stdlib.h>
22 #include <string.h>
23
24 #include <keymaster/android_keymaster_utils.h>
25 #include <keymaster/authorization_set.h>
26
27 namespace keymaster {
28
29 // Commands
30 enum AndroidKeymasterCommand {
31 GENERATE_KEY = 0,
32 BEGIN_OPERATION = 1,
33 UPDATE_OPERATION = 2,
34 FINISH_OPERATION = 3,
35 ABORT_OPERATION = 4,
36 IMPORT_KEY = 5,
37 EXPORT_KEY = 6,
38 GET_VERSION = 7,
39 ADD_RNG_ENTROPY = 8,
40 GET_SUPPORTED_ALGORITHMS = 9,
41 GET_SUPPORTED_BLOCK_MODES = 10,
42 GET_SUPPORTED_PADDING_MODES = 11,
43 GET_SUPPORTED_DIGESTS = 12,
44 GET_SUPPORTED_IMPORT_FORMATS = 13,
45 GET_SUPPORTED_EXPORT_FORMATS = 14,
46 GET_KEY_CHARACTERISTICS = 15,
47 ATTEST_KEY = 16,
48 UPGRADE_KEY = 17,
49 };
50
51 /**
52 * Keymaster message versions are tied to keymaster versions. We map the keymaster
53 * major.minor.subminor version to a sequential "message version".
54 *
55 * Rather than encoding a version number into each message we rely on the client -- who initiates
56 * all requests -- to check the version of the keymaster implementation with the GET_VERSION command
57 * and to send only requests that the implementation can understand. This means that only the
58 * client side needs to manage version compatibility; the implementation can always expect/produce
59 * messages of its format.
60 *
61 * Because message version selection is purely a client-side issue, all messages default to using
62 * the latest version (MAX_MESSAGE_VERSION). Client code must take care to check versions and pass
63 * correct version values to message constructors. The AndroidKeymaster implementation always uses
64 * the default, latest.
65 *
66 * Note that this approach implies that GetVersionRequest and GetVersionResponse cannot be
67 * versioned.
68 */
69 const int32_t MAX_MESSAGE_VERSION = 3;
MessageVersion(uint8_t major_ver,uint8_t minor_ver,uint8_t)70 inline int32_t MessageVersion(uint8_t major_ver, uint8_t minor_ver, uint8_t /* subminor_ver */) {
71 int32_t message_version = -1;
72 switch (major_ver) {
73 case 0:
74 // For the moment we still support version 0, though in general the plan is not to support
75 // non-matching major versions.
76 message_version = 0;
77 break;
78 case 1:
79 switch (minor_ver) {
80 case 0:
81 message_version = 1;
82 break;
83 case 1:
84 message_version = 2;
85 break;
86 }
87 break;
88 case 2:
89 message_version = 3;
90 break;
91 };
92 return message_version;
93 }
94
95 struct KeymasterMessage : public Serializable {
KeymasterMessageKeymasterMessage96 explicit KeymasterMessage(int32_t ver) : message_version(ver) { assert(ver >= 0); }
97 uint32_t message_version;
98 };
99
100 /**
101 * All responses include an error value, and if the error is not KM_ERROR_OK, return no additional
102 * data. This abstract class factors out the common serialization functionality for all of the
103 * responses, so we only have to implement it once. Inheritance for reuse is generally not a great
104 * structure, but in this case it's the cleanest option.
105 */
106 struct KeymasterResponse : public KeymasterMessage {
KeymasterResponseKeymasterResponse107 explicit KeymasterResponse(int32_t ver)
108 : KeymasterMessage(ver), error(KM_ERROR_UNKNOWN_ERROR) {}
109
110 size_t SerializedSize() const override;
111 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
112 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
113
114 virtual size_t NonErrorSerializedSize() const = 0;
115 virtual uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const = 0;
116 virtual bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) = 0;
117
118 keymaster_error_t error;
119 };
120
121 struct SupportedAlgorithmsRequest : public KeymasterMessage {
122 explicit SupportedAlgorithmsRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageSupportedAlgorithmsRequest123 : KeymasterMessage(ver) {}
124
SerializedSizeSupportedAlgorithmsRequest125 size_t SerializedSize() const override { return 0; };
SerializeSupportedAlgorithmsRequest126 uint8_t* Serialize(uint8_t* buf, const uint8_t* /* end */) const override { return buf; }
DeserializeSupportedAlgorithmsRequest127 bool Deserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override {
128 return true;
129 }
130 };
131
132 struct SupportedByAlgorithmRequest : public KeymasterMessage {
SupportedByAlgorithmRequestSupportedByAlgorithmRequest133 explicit SupportedByAlgorithmRequest(int32_t ver) : KeymasterMessage(ver) {}
134
SerializedSizeSupportedByAlgorithmRequest135 size_t SerializedSize() const override { return sizeof(uint32_t); };
SerializeSupportedByAlgorithmRequest136 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
137 return append_uint32_to_buf(buf, end, algorithm);
138 }
DeserializeSupportedByAlgorithmRequest139 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
140 return copy_uint32_from_buf(buf_ptr, end, &algorithm);
141 }
142
143 keymaster_algorithm_t algorithm;
144 };
145
146 struct SupportedImportFormatsRequest : public SupportedByAlgorithmRequest {
147 explicit SupportedImportFormatsRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmRequestSupportedImportFormatsRequest148 : SupportedByAlgorithmRequest(ver) {}
149 };
150
151 struct SupportedExportFormatsRequest : public SupportedByAlgorithmRequest {
152 explicit SupportedExportFormatsRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmRequestSupportedExportFormatsRequest153 : SupportedByAlgorithmRequest(ver) {}
154 };
155
156 struct SupportedByAlgorithmAndPurposeRequest : public KeymasterMessage {
157 explicit SupportedByAlgorithmAndPurposeRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageSupportedByAlgorithmAndPurposeRequest158 : KeymasterMessage(ver) {}
159
SerializedSizeSupportedByAlgorithmAndPurposeRequest160 size_t SerializedSize() const override { return sizeof(uint32_t) * 2; };
SerializeSupportedByAlgorithmAndPurposeRequest161 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
162 buf = append_uint32_to_buf(buf, end, algorithm);
163 return append_uint32_to_buf(buf, end, purpose);
164 }
DeserializeSupportedByAlgorithmAndPurposeRequest165 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
166 return copy_uint32_from_buf(buf_ptr, end, &algorithm) &&
167 copy_uint32_from_buf(buf_ptr, end, &purpose);
168 }
169
170 keymaster_algorithm_t algorithm;
171 keymaster_purpose_t purpose;
172 };
173
174 struct SupportedBlockModesRequest : public SupportedByAlgorithmAndPurposeRequest {
175 explicit SupportedBlockModesRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmAndPurposeRequestSupportedBlockModesRequest176 : SupportedByAlgorithmAndPurposeRequest(ver) {}
177 };
178
179 struct SupportedPaddingModesRequest : public SupportedByAlgorithmAndPurposeRequest {
180 explicit SupportedPaddingModesRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmAndPurposeRequestSupportedPaddingModesRequest181 : SupportedByAlgorithmAndPurposeRequest(ver) {}
182 };
183
184 struct SupportedDigestsRequest : public SupportedByAlgorithmAndPurposeRequest {
185 explicit SupportedDigestsRequest(int32_t ver = MAX_MESSAGE_VERSION)
SupportedByAlgorithmAndPurposeRequestSupportedDigestsRequest186 : SupportedByAlgorithmAndPurposeRequest(ver) {}
187 };
188
189 template <typename T> struct SupportedResponse : public KeymasterResponse {
SupportedResponseSupportedResponse190 explicit SupportedResponse(int32_t ver)
191 : KeymasterResponse(ver), results(nullptr), results_length(0) {}
~SupportedResponseSupportedResponse192 ~SupportedResponse() { delete[] results; }
193
SetResultsSupportedResponse194 template <size_t N> void SetResults(const T (&arr)[N]) { SetResults(arr, N); }
195
SetResultsSupportedResponse196 void SetResults(const T* arr, size_t n) {
197 delete[] results;
198 results_length = 0;
199 results = dup_array(arr, n);
200 if (results == nullptr) {
201 error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
202 } else {
203 results_length = n;
204 error = KM_ERROR_OK;
205 }
206 }
207
NonErrorSerializedSizeSupportedResponse208 size_t NonErrorSerializedSize() const override {
209 return sizeof(uint32_t) + results_length * sizeof(uint32_t);
210 }
NonErrorSerializeSupportedResponse211 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override {
212 return append_uint32_array_to_buf(buf, end, results, results_length);
213 }
NonErrorDeserializeSupportedResponse214 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
215 delete[] results;
216 results = nullptr;
217 UniquePtr<T[]> tmp;
218 if (!copy_uint32_array_from_buf(buf_ptr, end, &tmp, &results_length))
219 return false;
220 results = tmp.release();
221 return true;
222 }
223
224 T* results;
225 size_t results_length;
226 };
227
228 struct SupportedAlgorithmsResponse : public SupportedResponse<keymaster_algorithm_t> {
229 explicit SupportedAlgorithmsResponse(int32_t ver = MAX_MESSAGE_VERSION)
230 : SupportedResponse<keymaster_algorithm_t>(ver) {}
231 };
232
233 struct SupportedBlockModesResponse : public SupportedResponse<keymaster_block_mode_t> {
234 explicit SupportedBlockModesResponse(int32_t ver = MAX_MESSAGE_VERSION)
235 : SupportedResponse<keymaster_block_mode_t>(ver) {}
236 };
237
238 struct SupportedPaddingModesResponse : public SupportedResponse<keymaster_padding_t> {
239 explicit SupportedPaddingModesResponse(int32_t ver = MAX_MESSAGE_VERSION)
240 : SupportedResponse<keymaster_padding_t>(ver) {}
241 };
242
243 struct SupportedDigestsResponse : public SupportedResponse<keymaster_digest_t> {
244 explicit SupportedDigestsResponse(int32_t ver = MAX_MESSAGE_VERSION)
245 : SupportedResponse<keymaster_digest_t>(ver) {}
246 };
247
248 struct SupportedImportFormatsResponse : public SupportedResponse<keymaster_key_format_t> {
249 explicit SupportedImportFormatsResponse(int32_t ver = MAX_MESSAGE_VERSION)
250 : SupportedResponse<keymaster_key_format_t>(ver) {}
251 };
252
253 struct SupportedExportFormatsResponse : public SupportedResponse<keymaster_key_format_t> {
254 explicit SupportedExportFormatsResponse(int32_t ver = MAX_MESSAGE_VERSION)
255 : SupportedResponse<keymaster_key_format_t>(ver) {}
256 };
257
258 struct GenerateKeyRequest : public KeymasterMessage {
KeymasterMessageGenerateKeyRequest259 explicit GenerateKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
260
SerializedSizeGenerateKeyRequest261 size_t SerializedSize() const override { return key_description.SerializedSize(); }
SerializeGenerateKeyRequest262 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
263 return key_description.Serialize(buf, end);
264 }
DeserializeGenerateKeyRequest265 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
266 return key_description.Deserialize(buf_ptr, end);
267 }
268
269 AuthorizationSet key_description;
270 };
271
272 struct GenerateKeyResponse : public KeymasterResponse {
KeymasterResponseGenerateKeyResponse273 explicit GenerateKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
274 key_blob.key_material = nullptr;
275 key_blob.key_material_size = 0;
276 }
277 ~GenerateKeyResponse();
278
279 size_t NonErrorSerializedSize() const override;
280 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
281 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
282
283 keymaster_key_blob_t key_blob;
284 AuthorizationSet enforced;
285 AuthorizationSet unenforced;
286 };
287
288 struct GetKeyCharacteristicsRequest : public KeymasterMessage {
289 explicit GetKeyCharacteristicsRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageGetKeyCharacteristicsRequest290 : KeymasterMessage(ver) {
291 key_blob.key_material = nullptr;
292 key_blob.key_material_size = 0;
293 }
294 ~GetKeyCharacteristicsRequest();
295
296 void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialGetKeyCharacteristicsRequest297 void SetKeyMaterial(const keymaster_key_blob_t& blob) {
298 SetKeyMaterial(blob.key_material, blob.key_material_size);
299 }
300
301 size_t SerializedSize() const override;
302 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
303 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
304
305 keymaster_key_blob_t key_blob;
306 AuthorizationSet additional_params;
307 };
308
309 struct GetKeyCharacteristicsResponse : public KeymasterResponse {
310 explicit GetKeyCharacteristicsResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseGetKeyCharacteristicsResponse311 : KeymasterResponse(ver) {}
312 size_t NonErrorSerializedSize() const override;
313 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
314 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
315
316 AuthorizationSet enforced;
317 AuthorizationSet unenforced;
318 };
319
320 struct BeginOperationRequest : public KeymasterMessage {
KeymasterMessageBeginOperationRequest321 explicit BeginOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
322 key_blob.key_material = nullptr;
323 key_blob.key_material_size = 0;
324 }
~BeginOperationRequestBeginOperationRequest325 ~BeginOperationRequest() { delete[] key_blob.key_material; }
326
327 void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialBeginOperationRequest328 void SetKeyMaterial(const keymaster_key_blob_t& blob) {
329 SetKeyMaterial(blob.key_material, blob.key_material_size);
330 }
331
332 size_t SerializedSize() const;
333 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
334 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
335
336 keymaster_purpose_t purpose;
337 keymaster_key_blob_t key_blob;
338 AuthorizationSet additional_params;
339 };
340
341 struct BeginOperationResponse : public KeymasterResponse {
KeymasterResponseBeginOperationResponse342 explicit BeginOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
343
344 size_t NonErrorSerializedSize() const override;
345 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
346 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
347
348 keymaster_operation_handle_t op_handle;
349 AuthorizationSet output_params;
350 };
351
352 struct UpdateOperationRequest : public KeymasterMessage {
KeymasterMessageUpdateOperationRequest353 explicit UpdateOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
354
355 size_t SerializedSize() const override;
356 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
357 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
358
359 keymaster_operation_handle_t op_handle;
360 Buffer input;
361 AuthorizationSet additional_params;
362 };
363
364 struct UpdateOperationResponse : public KeymasterResponse {
365 explicit UpdateOperationResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseUpdateOperationResponse366 : KeymasterResponse(ver), input_consumed(0) {}
367
368 size_t NonErrorSerializedSize() const override;
369 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
370 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
371
372 Buffer output;
373 size_t input_consumed;
374 AuthorizationSet output_params;
375 };
376
377 struct FinishOperationRequest : public KeymasterMessage {
KeymasterMessageFinishOperationRequest378 explicit FinishOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
379
380 size_t SerializedSize() const override;
381 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
382 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
383
384 keymaster_operation_handle_t op_handle;
385 Buffer input;
386 Buffer signature;
387 AuthorizationSet additional_params;
388 };
389
390 struct FinishOperationResponse : public KeymasterResponse {
KeymasterResponseFinishOperationResponse391 explicit FinishOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
392
393 size_t NonErrorSerializedSize() const override;
394 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
395 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
396
397 Buffer output;
398 AuthorizationSet output_params;
399 };
400
401 struct AbortOperationRequest : public KeymasterMessage {
KeymasterMessageAbortOperationRequest402 explicit AbortOperationRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
403
SerializedSizeAbortOperationRequest404 size_t SerializedSize() const override { return sizeof(uint64_t); }
SerializeAbortOperationRequest405 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
406 return append_uint64_to_buf(buf, end, op_handle);
407 }
DeserializeAbortOperationRequest408 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
409 return copy_uint64_from_buf(buf_ptr, end, &op_handle);
410 }
411
412 keymaster_operation_handle_t op_handle;
413 };
414
415 struct AbortOperationResponse : public KeymasterResponse {
KeymasterResponseAbortOperationResponse416 explicit AbortOperationResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
417
NonErrorSerializedSizeAbortOperationResponse418 size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeAbortOperationResponse419 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
NonErrorDeserializeAbortOperationResponse420 bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
421 };
422
423 struct AddEntropyRequest : public KeymasterMessage {
KeymasterMessageAddEntropyRequest424 explicit AddEntropyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
425
426 size_t SerializedSize() const override;
427 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
428 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
429
430 Buffer random_data;
431 };
432
433 struct AddEntropyResponse : public KeymasterResponse {
KeymasterResponseAddEntropyResponse434 explicit AddEntropyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
435
NonErrorSerializedSizeAddEntropyResponse436 size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeAddEntropyResponse437 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* /* end */) const override {
438 return buf;
439 }
NonErrorDeserializeAddEntropyResponse440 bool NonErrorDeserialize(const uint8_t** /* buf_ptr */, const uint8_t* /* end */) override {
441 return true;
442 }
443 };
444
445 struct ImportKeyRequest : public KeymasterMessage {
446 explicit ImportKeyRequest(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterMessageImportKeyRequest447 : KeymasterMessage(ver), key_data(nullptr) {}
~ImportKeyRequestImportKeyRequest448 ~ImportKeyRequest() { delete[] key_data; }
449
450 void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialImportKeyRequest451 void SetKeyMaterial(const keymaster_key_blob_t& blob) {
452 SetKeyMaterial(blob.key_material, blob.key_material_size);
453 }
454
455 size_t SerializedSize() const override;
456 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
457 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
458
459 AuthorizationSet key_description;
460 keymaster_key_format_t key_format;
461 uint8_t* key_data;
462 size_t key_data_length;
463 };
464
465 struct ImportKeyResponse : public KeymasterResponse {
KeymasterResponseImportKeyResponse466 explicit ImportKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
467 key_blob.key_material = nullptr;
468 key_blob.key_material_size = 0;
469 }
~ImportKeyResponseImportKeyResponse470 ~ImportKeyResponse() { delete[] key_blob.key_material; }
471
472 void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialImportKeyResponse473 void SetKeyMaterial(const keymaster_key_blob_t& blob) {
474 SetKeyMaterial(blob.key_material, blob.key_material_size);
475 }
476
477 size_t NonErrorSerializedSize() const override;
478 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
479 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
480
481 keymaster_key_blob_t key_blob;
482 AuthorizationSet enforced;
483 AuthorizationSet unenforced;
484 };
485
486 struct ExportKeyRequest : public KeymasterMessage {
KeymasterMessageExportKeyRequest487 explicit ExportKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
488 key_blob.key_material = nullptr;
489 key_blob.key_material_size = 0;
490 }
~ExportKeyRequestExportKeyRequest491 ~ExportKeyRequest() { delete[] key_blob.key_material; }
492
493 void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialExportKeyRequest494 void SetKeyMaterial(const keymaster_key_blob_t& blob) {
495 SetKeyMaterial(blob.key_material, blob.key_material_size);
496 }
497
498 size_t SerializedSize() const override;
499 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
500 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
501
502 AuthorizationSet additional_params;
503 keymaster_key_format_t key_format;
504 keymaster_key_blob_t key_blob;
505 };
506
507 struct ExportKeyResponse : public KeymasterResponse {
508 explicit ExportKeyResponse(int32_t ver = MAX_MESSAGE_VERSION)
KeymasterResponseExportKeyResponse509 : KeymasterResponse(ver), key_data(nullptr) {}
~ExportKeyResponseExportKeyResponse510 ~ExportKeyResponse() { delete[] key_data; }
511
512 void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialExportKeyResponse513 void SetKeyMaterial(const keymaster_key_blob_t& blob) {
514 SetKeyMaterial(blob.key_material, blob.key_material_size);
515 }
516
517 size_t NonErrorSerializedSize() const override;
518 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
519 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
520
521 uint8_t* key_data;
522 size_t key_data_length;
523 };
524
525 struct DeleteKeyRequest : public KeymasterMessage {
KeymasterMessageDeleteKeyRequest526 explicit DeleteKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
527 key_blob.key_material = nullptr;
528 key_blob.key_material_size = 0;
529 }
~DeleteKeyRequestDeleteKeyRequest530 ~DeleteKeyRequest() { delete[] key_blob.key_material; }
531
532 void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialDeleteKeyRequest533 void SetKeyMaterial(const keymaster_key_blob_t& blob) {
534 SetKeyMaterial(blob.key_material, blob.key_material_size);
535 }
536
537 size_t SerializedSize() const override;
538 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
539 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
540
541 keymaster_key_blob_t key_blob;
542 };
543
544 struct DeleteKeyResponse : public KeymasterResponse {
KeymasterResponseDeleteKeyResponse545 explicit DeleteKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
546
NonErrorSerializedSizeDeleteKeyResponse547 size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeDeleteKeyResponse548 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
NonErrorDeserializeDeleteKeyResponse549 bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
550 };
551
552 struct DeleteAllKeysRequest : public KeymasterMessage {
KeymasterMessageDeleteAllKeysRequest553 explicit DeleteAllKeysRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {}
554
SerializedSizeDeleteAllKeysRequest555 size_t SerializedSize() const override { return 0; }
SerializeDeleteAllKeysRequest556 uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; }
DeserializeDeleteAllKeysRequest557 bool Deserialize(const uint8_t**, const uint8_t*) override { return true; };
558 };
559
560 struct DeleteAllKeysResponse : public KeymasterResponse {
KeymasterResponseDeleteAllKeysResponse561 explicit DeleteAllKeysResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {}
562
NonErrorSerializedSizeDeleteAllKeysResponse563 size_t NonErrorSerializedSize() const override { return 0; }
NonErrorSerializeDeleteAllKeysResponse564 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
NonErrorDeserializeDeleteAllKeysResponse565 bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
566 };
567
568 struct GetVersionRequest : public KeymasterMessage {
GetVersionRequestGetVersionRequest569 GetVersionRequest() : KeymasterMessage(0 /* not versionable */) {}
570
SerializedSizeGetVersionRequest571 size_t SerializedSize() const override { return 0; }
SerializeGetVersionRequest572 uint8_t* Serialize(uint8_t* buf, const uint8_t*) const override { return buf; }
DeserializeGetVersionRequest573 bool Deserialize(const uint8_t**, const uint8_t*) override { return true; };
574 };
575
576 struct GetVersionResponse : public KeymasterResponse {
GetVersionResponseGetVersionResponse577 GetVersionResponse()
578 : KeymasterResponse(0 /* not versionable */), major_ver(0), minor_ver(0), subminor_ver(0) {}
579
580 size_t NonErrorSerializedSize() const override;
581 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
582 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
583
584 uint8_t major_ver;
585 uint8_t minor_ver;
586 uint8_t subminor_ver;
587 };
588
589 struct AttestKeyRequest : public KeymasterMessage {
KeymasterMessageAttestKeyRequest590 explicit AttestKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
591 key_blob.key_material = nullptr;
592 key_blob.key_material_size = 0;
593 }
594 ~AttestKeyRequest();
595
596 void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialAttestKeyRequest597 void SetKeyMaterial(const keymaster_key_blob_t& blob) {
598 SetKeyMaterial(blob.key_material, blob.key_material_size);
599 }
600
601 size_t SerializedSize() const override;
602 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
603 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
604
605 keymaster_key_blob_t key_blob;
606 AuthorizationSet attest_params;
607 };
608
609 struct AttestKeyResponse : public KeymasterResponse {
KeymasterResponseAttestKeyResponse610 explicit AttestKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
611 certificate_chain.entry_count = 0;
612 certificate_chain.entries = nullptr;
613 }
614 ~AttestKeyResponse();
615
616 bool AllocateChain(size_t entry_count);
617
618 size_t NonErrorSerializedSize() const override;
619 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
620 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
621
622 keymaster_cert_chain_t certificate_chain;
623 };
624
625 struct UpgradeKeyRequest : public KeymasterMessage {
KeymasterMessageUpgradeKeyRequest626 explicit UpgradeKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
627 key_blob = {nullptr, 0};
628 }
629 ~UpgradeKeyRequest();
630
631 void SetKeyMaterial(const void* key_material, size_t length);
SetKeyMaterialUpgradeKeyRequest632 void SetKeyMaterial(const keymaster_key_blob_t& blob) {
633 SetKeyMaterial(blob.key_material, blob.key_material_size);
634 }
635
636 size_t SerializedSize() const override;
637 uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
638 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
639
640 keymaster_key_blob_t key_blob;
641 AuthorizationSet upgrade_params;
642 };
643
644 struct UpgradeKeyResponse : public KeymasterResponse {
KeymasterResponseUpgradeKeyResponse645 explicit UpgradeKeyResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {
646 upgraded_key = {nullptr, 0};
647 }
648 ~UpgradeKeyResponse();
649
650 size_t NonErrorSerializedSize() const override;
651 uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t* end) const override;
652 bool NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
653
654 keymaster_key_blob_t upgraded_key;
655 };
656
657 } // namespace keymaster
658
659 #endif // SYSTEM_KEYMASTER_ANDROID_KEYMASTER_MESSAGES_H_
660