917 lines
33 KiB
C++
917 lines
33 KiB
C++
/*
|
|
* Copyright 2014 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include <keymaster/android_keymaster_messages.h>
|
|
#include <keymaster/android_keymaster_utils.h>
|
|
|
|
namespace keymaster {
|
|
|
|
namespace {
|
|
|
|
/*
|
|
* Helper functions for working with key blobs.
|
|
*/
|
|
|
|
void set_key_blob(keymaster_key_blob_t* key_blob, const void* key_material, size_t length) {
|
|
delete[] key_blob->key_material;
|
|
key_blob->key_material = dup_buffer(key_material, length);
|
|
key_blob->key_material_size = length;
|
|
}
|
|
|
|
size_t key_blob_size(const keymaster_key_blob_t& key_blob) {
|
|
return sizeof(uint32_t) /* key size */ + key_blob.key_material_size;
|
|
}
|
|
|
|
uint8_t* serialize_key_blob(const keymaster_key_blob_t& key_blob, uint8_t* buf,
|
|
const uint8_t* end) {
|
|
return append_size_and_data_to_buf(buf, end, key_blob.key_material, key_blob.key_material_size);
|
|
}
|
|
|
|
bool deserialize_key_blob(keymaster_key_blob_t* key_blob, const uint8_t** buf_ptr,
|
|
const uint8_t* end) {
|
|
delete[] key_blob->key_material;
|
|
key_blob->key_material = nullptr;
|
|
UniquePtr<uint8_t[]> deserialized_key_material;
|
|
if (!copy_size_and_data_from_buf(buf_ptr, end, &key_blob->key_material_size,
|
|
&deserialized_key_material))
|
|
return false;
|
|
key_blob->key_material = deserialized_key_material.release();
|
|
return true;
|
|
}
|
|
|
|
void set_blob(keymaster_blob_t* blob, const void* data, size_t length) {
|
|
assert(blob);
|
|
assert(data);
|
|
delete[] blob->data;
|
|
blob->data = dup_buffer(data, length);
|
|
blob->data_length = length;
|
|
}
|
|
|
|
size_t blob_size(const keymaster_blob_t& blob) {
|
|
return sizeof(uint32_t) /* data size */ + blob.data_length;
|
|
}
|
|
|
|
uint8_t* serialize_blob(const keymaster_blob_t& blob, uint8_t* buf, const uint8_t* end) {
|
|
return append_size_and_data_to_buf(buf, end, blob.data, blob.data_length);
|
|
}
|
|
|
|
bool deserialize_blob(keymaster_blob_t* blob, const uint8_t** buf_ptr, const uint8_t* end) {
|
|
delete[] blob->data;
|
|
*blob = {};
|
|
UniquePtr<uint8_t[]> deserialized_blob;
|
|
if (!copy_size_and_data_from_buf(buf_ptr, end, &blob->data_length, &deserialized_blob))
|
|
return false;
|
|
blob->data = deserialized_blob.release();
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
* Helper functions for working with certificate chains.
|
|
*/
|
|
const size_t kMaxChainEntryCount = 10;
|
|
|
|
size_t chain_size(const keymaster_cert_chain_t& certificate_chain) {
|
|
size_t result = sizeof(uint32_t); /* certificate_chain.entry_count */
|
|
for (size_t i = 0; i < certificate_chain.entry_count; ++i) {
|
|
result += sizeof(uint32_t); /* certificate_chain.entries[i].data_length */
|
|
result += certificate_chain.entries[i].data_length;
|
|
}
|
|
return result;
|
|
}
|
|
|
|
uint8_t* serialize_chain(const keymaster_cert_chain_t& certificate_chain, uint8_t* buf,
|
|
const uint8_t* end) {
|
|
buf = append_uint32_to_buf(buf, end, certificate_chain.entry_count);
|
|
for (size_t i = 0; i < certificate_chain.entry_count; ++i) {
|
|
buf = append_size_and_data_to_buf(buf, end, certificate_chain.entries[i].data,
|
|
certificate_chain.entries[i].data_length);
|
|
}
|
|
return buf;
|
|
}
|
|
|
|
CertificateChain deserialize_chain(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
size_t entry_count;
|
|
if (!copy_uint32_from_buf(buf_ptr, end, &entry_count) || entry_count > kMaxChainEntryCount) {
|
|
return {};
|
|
}
|
|
|
|
CertificateChain certificate_chain(entry_count);
|
|
if (!certificate_chain.entries) return {};
|
|
|
|
for (size_t i = 0; i < certificate_chain.entry_count; ++i) {
|
|
UniquePtr<uint8_t[]> data;
|
|
size_t data_length;
|
|
if (!copy_size_and_data_from_buf(buf_ptr, end, &data_length, &data)) return {};
|
|
certificate_chain.entries[i].data = data.release();
|
|
certificate_chain.entries[i].data_length = data_length;
|
|
}
|
|
|
|
return certificate_chain;
|
|
}
|
|
|
|
} // namespace
|
|
|
|
int32_t NegotiateMessageVersion(const GetVersionResponse& response, keymaster_error_t* error) {
|
|
switch (response.major_ver) {
|
|
case 1: // KM1
|
|
switch (response.minor_ver) {
|
|
case 0:
|
|
return MessageVersion(KmVersion::KEYMASTER_1, 0 /* km_date */);
|
|
case 1:
|
|
return MessageVersion(KmVersion::KEYMASTER_1_1, 0 /* km_date */);
|
|
}
|
|
break;
|
|
case 2:
|
|
return MessageVersion(KmVersion::KEYMASTER_2, 0 /* km_date */);
|
|
case 3:
|
|
return MessageVersion(KmVersion::KEYMASTER_3, 0 /* km_date */);
|
|
case 4:
|
|
switch (response.minor_ver) {
|
|
case 0:
|
|
return MessageVersion(KmVersion::KEYMASTER_4, 0 /* km_date */);
|
|
case 1:
|
|
return MessageVersion(KmVersion::KEYMASTER_4_1, 0 /* km_date */);
|
|
}
|
|
break;
|
|
}
|
|
|
|
*error = KM_ERROR_UNKNOWN_ERROR;
|
|
return -1;
|
|
}
|
|
|
|
int32_t NegotiateMessageVersion(const GetVersion2Request& request,
|
|
const GetVersion2Response& response) {
|
|
return request.max_message_version < response.max_message_version
|
|
? request.max_message_version
|
|
: response.max_message_version;
|
|
}
|
|
|
|
size_t KeymasterResponse::SerializedSize() const {
|
|
if (error != KM_ERROR_OK)
|
|
return sizeof(int32_t);
|
|
else
|
|
return sizeof(int32_t) + NonErrorSerializedSize();
|
|
}
|
|
|
|
uint8_t* KeymasterResponse::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = append_uint32_to_buf(buf, end, static_cast<uint32_t>(error));
|
|
if (error == KM_ERROR_OK) buf = NonErrorSerialize(buf, end);
|
|
return buf;
|
|
}
|
|
|
|
bool KeymasterResponse::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
if (!copy_uint32_from_buf(buf_ptr, end, &error)) return false;
|
|
if (error != KM_ERROR_OK) return true;
|
|
return NonErrorDeserialize(buf_ptr, end);
|
|
}
|
|
|
|
size_t GenerateKeyRequest::SerializedSize() const {
|
|
size_t size = key_description.SerializedSize();
|
|
if (message_version < 4) return size;
|
|
return size //
|
|
+ key_blob_size(attestation_signing_key_blob) //
|
|
+ attest_key_params.SerializedSize() //
|
|
+ blob_size(issuer_subject);
|
|
}
|
|
|
|
uint8_t* GenerateKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = key_description.Serialize(buf, end);
|
|
if (message_version < 4) return buf;
|
|
buf = serialize_key_blob(attestation_signing_key_blob, buf, end);
|
|
buf = attest_key_params.Serialize(buf, end);
|
|
return serialize_blob(issuer_subject, buf, end);
|
|
}
|
|
|
|
bool GenerateKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
if (!key_description.Deserialize(buf_ptr, end)) return false;
|
|
if (message_version < 4) return true;
|
|
return deserialize_key_blob(&attestation_signing_key_blob, buf_ptr, end) //
|
|
&& attest_key_params.Deserialize(buf_ptr, end) //
|
|
&& deserialize_blob(&issuer_subject, buf_ptr, end);
|
|
}
|
|
|
|
size_t GenerateKeyResponse::NonErrorSerializedSize() const {
|
|
size_t result =
|
|
key_blob_size(key_blob) + enforced.SerializedSize() + unenforced.SerializedSize();
|
|
if (message_version < 4) return result;
|
|
return result + chain_size(certificate_chain);
|
|
}
|
|
|
|
uint8_t* GenerateKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = serialize_key_blob(key_blob, buf, end);
|
|
buf = enforced.Serialize(buf, end);
|
|
buf = unenforced.Serialize(buf, end);
|
|
if (message_version < 4) return buf;
|
|
return serialize_chain(certificate_chain, buf, end);
|
|
}
|
|
|
|
bool GenerateKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
if (!deserialize_key_blob(&key_blob, buf_ptr, end) || //
|
|
!enforced.Deserialize(buf_ptr, end) || //
|
|
!unenforced.Deserialize(buf_ptr, end)) {
|
|
return false;
|
|
}
|
|
if (message_version < 4) return true;
|
|
certificate_chain = deserialize_chain(buf_ptr, end);
|
|
return !!certificate_chain.entries;
|
|
}
|
|
|
|
size_t GenerateRkpKeyResponse::NonErrorSerializedSize() const {
|
|
return key_blob_size(key_blob) + blob_size(maced_public_key);
|
|
}
|
|
|
|
uint8_t* GenerateRkpKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = serialize_key_blob(key_blob, buf, end);
|
|
return serialize_blob(maced_public_key, buf, end);
|
|
}
|
|
|
|
bool GenerateRkpKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return deserialize_key_blob(&key_blob, buf_ptr, end) &&
|
|
deserialize_blob(&maced_public_key, buf_ptr, end);
|
|
}
|
|
|
|
size_t GenerateCsrRequest::SerializedSize() const {
|
|
size_t size = sizeof(uint8_t); /* test_mode */
|
|
size += sizeof(uint32_t); /* num_keys */
|
|
for (size_t i = 0; i < num_keys; i++) {
|
|
size += blob_size(keys_to_sign_array[i]);
|
|
}
|
|
size += blob_size(endpoint_enc_cert_chain);
|
|
size += blob_size(challenge);
|
|
return size;
|
|
}
|
|
|
|
uint8_t* GenerateCsrRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = append_to_buf(buf, end, &test_mode, sizeof(uint8_t));
|
|
buf = append_uint32_to_buf(buf, end, num_keys);
|
|
for (size_t i = 0; i < num_keys; i++) {
|
|
buf = serialize_blob(keys_to_sign_array[i], buf, end);
|
|
}
|
|
buf = serialize_blob(endpoint_enc_cert_chain, buf, end);
|
|
return serialize_blob(challenge, buf, end);
|
|
}
|
|
|
|
bool GenerateCsrRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
if (!copy_from_buf(buf_ptr, end, &test_mode, sizeof(uint8_t)) ||
|
|
!copy_from_buf(buf_ptr, end, &num_keys, sizeof(uint32_t))) {
|
|
return false;
|
|
}
|
|
keys_to_sign_array = new (std::nothrow) KeymasterBlob[num_keys];
|
|
if (!keys_to_sign_array) return false;
|
|
for (size_t i = 0; i < num_keys; i++) {
|
|
if (!deserialize_blob(&keys_to_sign_array[i], buf_ptr, end)) return false;
|
|
}
|
|
return deserialize_blob(&endpoint_enc_cert_chain, buf_ptr, end) &&
|
|
deserialize_blob(&challenge, buf_ptr, end);
|
|
}
|
|
|
|
void GenerateCsrRequest::SetKeyToSign(uint32_t index, const void* data, size_t length) {
|
|
if (index >= num_keys) {
|
|
return;
|
|
}
|
|
set_blob(&keys_to_sign_array[index], data, length);
|
|
}
|
|
|
|
void GenerateCsrRequest::SetEndpointEncCertChain(const void* data, size_t length) {
|
|
set_blob(&endpoint_enc_cert_chain, data, length);
|
|
}
|
|
|
|
void GenerateCsrRequest::SetChallenge(const void* data, size_t length) {
|
|
set_blob(&challenge, data, length);
|
|
}
|
|
|
|
size_t GenerateCsrResponse::NonErrorSerializedSize() const {
|
|
return blob_size(keys_to_sign_mac) + blob_size(device_info_blob) +
|
|
blob_size(protected_data_blob);
|
|
}
|
|
|
|
uint8_t* GenerateCsrResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = serialize_blob(keys_to_sign_mac, buf, end);
|
|
buf = serialize_blob(device_info_blob, buf, end);
|
|
return serialize_blob(protected_data_blob, buf, end);
|
|
}
|
|
|
|
bool GenerateCsrResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return deserialize_blob(&keys_to_sign_mac, buf_ptr, end) &&
|
|
deserialize_blob(&device_info_blob, buf_ptr, end) &&
|
|
deserialize_blob(&protected_data_blob, buf_ptr, end);
|
|
}
|
|
|
|
GetKeyCharacteristicsRequest::~GetKeyCharacteristicsRequest() {
|
|
delete[] key_blob.key_material;
|
|
}
|
|
|
|
void GetKeyCharacteristicsRequest::SetKeyMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&key_blob, key_material, length);
|
|
}
|
|
|
|
size_t GetKeyCharacteristicsRequest::SerializedSize() const {
|
|
return key_blob_size(key_blob) + additional_params.SerializedSize();
|
|
}
|
|
|
|
uint8_t* GetKeyCharacteristicsRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = serialize_key_blob(key_blob, buf, end);
|
|
return additional_params.Serialize(buf, end);
|
|
}
|
|
|
|
bool GetKeyCharacteristicsRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return deserialize_key_blob(&key_blob, buf_ptr, end) &&
|
|
additional_params.Deserialize(buf_ptr, end);
|
|
}
|
|
|
|
size_t GetKeyCharacteristicsResponse::NonErrorSerializedSize() const {
|
|
return enforced.SerializedSize() + unenforced.SerializedSize();
|
|
}
|
|
|
|
uint8_t* GetKeyCharacteristicsResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = enforced.Serialize(buf, end);
|
|
return unenforced.Serialize(buf, end);
|
|
}
|
|
|
|
bool GetKeyCharacteristicsResponse::NonErrorDeserialize(const uint8_t** buf_ptr,
|
|
const uint8_t* end) {
|
|
return enforced.Deserialize(buf_ptr, end) && unenforced.Deserialize(buf_ptr, end);
|
|
}
|
|
|
|
void BeginOperationRequest::SetKeyMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&key_blob, key_material, length);
|
|
}
|
|
|
|
size_t BeginOperationRequest::SerializedSize() const {
|
|
return sizeof(uint32_t) /* purpose */ + key_blob_size(key_blob) +
|
|
additional_params.SerializedSize();
|
|
}
|
|
|
|
uint8_t* BeginOperationRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = append_uint32_to_buf(buf, end, purpose);
|
|
buf = serialize_key_blob(key_blob, buf, end);
|
|
return additional_params.Serialize(buf, end);
|
|
}
|
|
|
|
bool BeginOperationRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return copy_uint32_from_buf(buf_ptr, end, &purpose) &&
|
|
deserialize_key_blob(&key_blob, buf_ptr, end) &&
|
|
additional_params.Deserialize(buf_ptr, end);
|
|
}
|
|
|
|
size_t BeginOperationResponse::NonErrorSerializedSize() const {
|
|
if (message_version == 0)
|
|
return sizeof(op_handle);
|
|
else
|
|
return sizeof(op_handle) + output_params.SerializedSize();
|
|
}
|
|
|
|
uint8_t* BeginOperationResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = append_uint64_to_buf(buf, end, op_handle);
|
|
if (message_version > 0) buf = output_params.Serialize(buf, end);
|
|
return buf;
|
|
}
|
|
|
|
bool BeginOperationResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
bool retval = copy_uint64_from_buf(buf_ptr, end, &op_handle);
|
|
if (retval && message_version > 0) retval = output_params.Deserialize(buf_ptr, end);
|
|
return retval;
|
|
}
|
|
|
|
size_t UpdateOperationRequest::SerializedSize() const {
|
|
if (message_version == 0)
|
|
return sizeof(op_handle) + input.SerializedSize();
|
|
else
|
|
return sizeof(op_handle) + input.SerializedSize() + additional_params.SerializedSize();
|
|
}
|
|
|
|
uint8_t* UpdateOperationRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = append_uint64_to_buf(buf, end, op_handle);
|
|
buf = input.Serialize(buf, end);
|
|
if (message_version > 0) buf = additional_params.Serialize(buf, end);
|
|
return buf;
|
|
}
|
|
|
|
bool UpdateOperationRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
bool retval = copy_uint64_from_buf(buf_ptr, end, &op_handle) && input.Deserialize(buf_ptr, end);
|
|
if (retval && message_version > 0) retval = additional_params.Deserialize(buf_ptr, end);
|
|
return retval;
|
|
}
|
|
|
|
size_t UpdateOperationResponse::NonErrorSerializedSize() const {
|
|
size_t size = 0;
|
|
switch (message_version) {
|
|
case 4:
|
|
case 3:
|
|
case 2:
|
|
size += output_params.SerializedSize();
|
|
FALLTHROUGH;
|
|
case 1:
|
|
size += sizeof(uint32_t);
|
|
FALLTHROUGH;
|
|
case 0:
|
|
size += output.SerializedSize();
|
|
break;
|
|
|
|
default:
|
|
assert(false);
|
|
}
|
|
|
|
return size;
|
|
}
|
|
|
|
uint8_t* UpdateOperationResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = output.Serialize(buf, end);
|
|
if (message_version > 0) buf = append_uint32_to_buf(buf, end, input_consumed);
|
|
if (message_version > 1) buf = output_params.Serialize(buf, end);
|
|
return buf;
|
|
}
|
|
|
|
bool UpdateOperationResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
bool retval = output.Deserialize(buf_ptr, end);
|
|
if (retval && message_version > 0) retval = copy_uint32_from_buf(buf_ptr, end, &input_consumed);
|
|
if (retval && message_version > 1) retval = output_params.Deserialize(buf_ptr, end);
|
|
return retval;
|
|
}
|
|
|
|
size_t FinishOperationRequest::SerializedSize() const {
|
|
size_t size = 0;
|
|
switch (message_version) {
|
|
case 4:
|
|
case 3:
|
|
size += input.SerializedSize();
|
|
FALLTHROUGH;
|
|
case 2:
|
|
case 1:
|
|
size += additional_params.SerializedSize();
|
|
FALLTHROUGH;
|
|
case 0:
|
|
size += sizeof(op_handle) + signature.SerializedSize();
|
|
break;
|
|
|
|
default:
|
|
assert(false); // Should never get here.
|
|
}
|
|
|
|
return size;
|
|
}
|
|
|
|
uint8_t* FinishOperationRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = append_uint64_to_buf(buf, end, op_handle);
|
|
buf = signature.Serialize(buf, end);
|
|
if (message_version > 0) buf = additional_params.Serialize(buf, end);
|
|
if (message_version > 2) buf = input.Serialize(buf, end);
|
|
return buf;
|
|
}
|
|
|
|
bool FinishOperationRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
bool retval =
|
|
copy_uint64_from_buf(buf_ptr, end, &op_handle) && signature.Deserialize(buf_ptr, end);
|
|
if (retval && message_version > 0) retval = additional_params.Deserialize(buf_ptr, end);
|
|
if (retval && message_version > 2) retval = input.Deserialize(buf_ptr, end);
|
|
return retval;
|
|
}
|
|
|
|
size_t FinishOperationResponse::NonErrorSerializedSize() const {
|
|
if (message_version < 2)
|
|
return output.SerializedSize();
|
|
else
|
|
return output.SerializedSize() + output_params.SerializedSize();
|
|
}
|
|
|
|
uint8_t* FinishOperationResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = output.Serialize(buf, end);
|
|
if (message_version > 1) buf = output_params.Serialize(buf, end);
|
|
return buf;
|
|
}
|
|
|
|
bool FinishOperationResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
bool retval = output.Deserialize(buf_ptr, end);
|
|
if (retval && message_version > 1) retval = output_params.Deserialize(buf_ptr, end);
|
|
return retval;
|
|
}
|
|
|
|
size_t AddEntropyRequest::SerializedSize() const {
|
|
return random_data.SerializedSize();
|
|
}
|
|
|
|
uint8_t* AddEntropyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
return random_data.Serialize(buf, end);
|
|
}
|
|
|
|
bool AddEntropyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return random_data.Deserialize(buf_ptr, end);
|
|
}
|
|
|
|
size_t ImportKeyRequest::SerializedSize() const {
|
|
size_t size = key_description.SerializedSize() //
|
|
+ sizeof(uint32_t) /* key_format */ //
|
|
+ key_blob_size(key_data);
|
|
if (message_version < 4) return size;
|
|
return size //
|
|
+ key_blob_size(attestation_signing_key_blob) //
|
|
+ attest_key_params.SerializedSize() //
|
|
+ blob_size(issuer_subject);
|
|
}
|
|
|
|
uint8_t* ImportKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = key_description.Serialize(buf, end);
|
|
buf = append_uint32_to_buf(buf, end, key_format);
|
|
buf = serialize_key_blob(key_data, buf, end);
|
|
if (message_version < 4) return buf;
|
|
buf = serialize_key_blob(attestation_signing_key_blob, buf, end);
|
|
buf = attest_key_params.Serialize(buf, end);
|
|
return serialize_blob(issuer_subject, buf, end);
|
|
}
|
|
|
|
bool ImportKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
if (!(key_description.Deserialize(buf_ptr, end) &&
|
|
copy_uint32_from_buf(buf_ptr, end, &key_format) &&
|
|
deserialize_key_blob(&key_data, buf_ptr, end))) {
|
|
return false;
|
|
}
|
|
if (message_version < 4) return true;
|
|
|
|
return deserialize_key_blob(&attestation_signing_key_blob, buf_ptr, end) //
|
|
&& attest_key_params.Deserialize(buf_ptr, end) //
|
|
&& deserialize_blob(&issuer_subject, buf_ptr, end);
|
|
}
|
|
|
|
void ImportKeyResponse::SetKeyMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&key_blob, key_material, length);
|
|
}
|
|
|
|
size_t ImportKeyResponse::NonErrorSerializedSize() const {
|
|
size_t result =
|
|
key_blob_size(key_blob) + enforced.SerializedSize() + unenforced.SerializedSize();
|
|
if (message_version < 4) return result;
|
|
return result + chain_size(certificate_chain);
|
|
}
|
|
|
|
uint8_t* ImportKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = serialize_key_blob(key_blob, buf, end);
|
|
buf = enforced.Serialize(buf, end);
|
|
buf = unenforced.Serialize(buf, end);
|
|
if (message_version < 4) return buf;
|
|
return serialize_chain(certificate_chain, buf, end);
|
|
}
|
|
|
|
bool ImportKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
if (!deserialize_key_blob(&key_blob, buf_ptr, end) || //
|
|
!enforced.Deserialize(buf_ptr, end) || //
|
|
!unenforced.Deserialize(buf_ptr, end)) {
|
|
return false;
|
|
}
|
|
if (message_version < 4) return true;
|
|
certificate_chain = deserialize_chain(buf_ptr, end);
|
|
return !!certificate_chain.entries;
|
|
}
|
|
|
|
void ExportKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&key_blob, key_material, length);
|
|
}
|
|
|
|
size_t ExportKeyRequest::SerializedSize() const {
|
|
return additional_params.SerializedSize() + sizeof(uint32_t) /* key_format */ +
|
|
key_blob_size(key_blob);
|
|
}
|
|
|
|
uint8_t* ExportKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = additional_params.Serialize(buf, end);
|
|
buf = append_uint32_to_buf(buf, end, key_format);
|
|
return serialize_key_blob(key_blob, buf, end);
|
|
}
|
|
|
|
bool ExportKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return additional_params.Deserialize(buf_ptr, end) &&
|
|
copy_uint32_from_buf(buf_ptr, end, &key_format) &&
|
|
deserialize_key_blob(&key_blob, buf_ptr, end);
|
|
}
|
|
|
|
void ExportKeyResponse::SetKeyMaterial(const void* key_material, size_t length) {
|
|
delete[] key_data;
|
|
key_data = dup_buffer(key_material, length);
|
|
key_data_length = length;
|
|
}
|
|
|
|
size_t ExportKeyResponse::NonErrorSerializedSize() const {
|
|
return sizeof(uint32_t) /* key_data_length */ + key_data_length;
|
|
}
|
|
|
|
uint8_t* ExportKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
return append_size_and_data_to_buf(buf, end, key_data, key_data_length);
|
|
}
|
|
|
|
bool ExportKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
delete[] key_data;
|
|
key_data = nullptr;
|
|
UniquePtr<uint8_t[]> deserialized_key_material;
|
|
if (!copy_size_and_data_from_buf(buf_ptr, end, &key_data_length, &deserialized_key_material))
|
|
return false;
|
|
key_data = deserialized_key_material.release();
|
|
return true;
|
|
}
|
|
|
|
void DeleteKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&key_blob, key_material, length);
|
|
}
|
|
|
|
size_t DeleteKeyRequest::SerializedSize() const {
|
|
return key_blob_size(key_blob);
|
|
}
|
|
|
|
uint8_t* DeleteKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
return serialize_key_blob(key_blob, buf, end);
|
|
}
|
|
|
|
bool DeleteKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return deserialize_key_blob(&key_blob, buf_ptr, end);
|
|
}
|
|
|
|
size_t GetVersionResponse::NonErrorSerializedSize() const {
|
|
return sizeof(major_ver) + sizeof(minor_ver) + sizeof(subminor_ver);
|
|
}
|
|
|
|
uint8_t* GetVersionResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
if (buf + NonErrorSerializedSize() <= end) {
|
|
*buf++ = major_ver;
|
|
*buf++ = minor_ver;
|
|
*buf++ = subminor_ver;
|
|
} else {
|
|
buf += NonErrorSerializedSize();
|
|
}
|
|
return buf;
|
|
}
|
|
|
|
bool GetVersionResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
if (*buf_ptr + NonErrorSerializedSize() > end) return false;
|
|
const uint8_t* tmp = *buf_ptr;
|
|
major_ver = *tmp++;
|
|
minor_ver = *tmp++;
|
|
subminor_ver = *tmp++;
|
|
*buf_ptr = tmp;
|
|
return true;
|
|
}
|
|
|
|
AttestKeyRequest::~AttestKeyRequest() {
|
|
delete[] key_blob.key_material;
|
|
}
|
|
|
|
void AttestKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&key_blob, key_material, length);
|
|
}
|
|
|
|
size_t AttestKeyRequest::SerializedSize() const {
|
|
return key_blob_size(key_blob) + attest_params.SerializedSize();
|
|
}
|
|
|
|
uint8_t* AttestKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = serialize_key_blob(key_blob, buf, end);
|
|
return attest_params.Serialize(buf, end);
|
|
}
|
|
|
|
bool AttestKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return deserialize_key_blob(&key_blob, buf_ptr, end) && attest_params.Deserialize(buf_ptr, end);
|
|
}
|
|
|
|
size_t AttestKeyResponse::NonErrorSerializedSize() const {
|
|
return chain_size(certificate_chain);
|
|
}
|
|
|
|
uint8_t* AttestKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
return serialize_chain(certificate_chain, buf, end);
|
|
}
|
|
|
|
bool AttestKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
certificate_chain = deserialize_chain(buf_ptr, end);
|
|
return !!certificate_chain.entries;
|
|
}
|
|
|
|
UpgradeKeyRequest::~UpgradeKeyRequest() {
|
|
delete[] key_blob.key_material;
|
|
}
|
|
|
|
void UpgradeKeyRequest::SetKeyMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&key_blob, key_material, length);
|
|
}
|
|
|
|
size_t UpgradeKeyRequest::SerializedSize() const {
|
|
return key_blob_size(key_blob) + upgrade_params.SerializedSize();
|
|
}
|
|
|
|
uint8_t* UpgradeKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = serialize_key_blob(key_blob, buf, end);
|
|
return upgrade_params.Serialize(buf, end);
|
|
}
|
|
|
|
bool UpgradeKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return deserialize_key_blob(&key_blob, buf_ptr, end) &&
|
|
upgrade_params.Deserialize(buf_ptr, end);
|
|
}
|
|
|
|
UpgradeKeyResponse::~UpgradeKeyResponse() {
|
|
delete[] upgraded_key.key_material;
|
|
}
|
|
|
|
size_t UpgradeKeyResponse::NonErrorSerializedSize() const {
|
|
return key_blob_size(upgraded_key);
|
|
}
|
|
|
|
uint8_t* UpgradeKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
return serialize_key_blob(upgraded_key, buf, end);
|
|
}
|
|
|
|
bool UpgradeKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return deserialize_key_blob(&upgraded_key, buf_ptr, end);
|
|
}
|
|
|
|
size_t HmacSharingParameters::SerializedSize() const {
|
|
return blob_size(seed) + sizeof(nonce);
|
|
}
|
|
|
|
uint8_t* HmacSharingParameters::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = serialize_blob(seed, buf, end);
|
|
return append_to_buf(buf, end, nonce, sizeof(nonce));
|
|
}
|
|
|
|
bool HmacSharingParameters::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return deserialize_blob(&seed, buf_ptr, end) &&
|
|
copy_from_buf(buf_ptr, end, nonce, sizeof(nonce));
|
|
}
|
|
|
|
size_t HmacSharingParametersArray::SerializedSize() const {
|
|
size_t size = sizeof(uint32_t); // num_params size
|
|
for (size_t i = 0; i < num_params; ++i) {
|
|
size += params_array[i].SerializedSize();
|
|
}
|
|
return size;
|
|
}
|
|
|
|
uint8_t* HmacSharingParametersArray::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = append_uint32_to_buf(buf, end, num_params);
|
|
for (size_t i = 0; i < num_params; ++i) {
|
|
buf = params_array[i].Serialize(buf, end);
|
|
}
|
|
return buf;
|
|
}
|
|
|
|
bool HmacSharingParametersArray::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
if (!copy_uint32_from_buf(buf_ptr, end, &num_params)) return false;
|
|
params_array = new (std::nothrow) HmacSharingParameters[num_params];
|
|
if (!params_array) return false;
|
|
for (size_t i = 0; i < num_params; ++i) {
|
|
if (!params_array[i].Deserialize(buf_ptr, end)) return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
size_t ComputeSharedHmacResponse::NonErrorSerializedSize() const {
|
|
return blob_size(sharing_check);
|
|
}
|
|
|
|
uint8_t* ComputeSharedHmacResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
return serialize_blob(sharing_check, buf, end);
|
|
}
|
|
|
|
bool ComputeSharedHmacResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return deserialize_blob(&sharing_check, buf_ptr, end);
|
|
}
|
|
|
|
size_t ImportWrappedKeyRequest::SerializedSize() const {
|
|
return key_blob_size(wrapped_key) + key_blob_size(wrapping_key) + key_blob_size(masking_key) +
|
|
additional_params.SerializedSize() + sizeof(uint64_t) // password_sid
|
|
+ sizeof(uint64_t); // biometric_sid
|
|
}
|
|
|
|
uint8_t* ImportWrappedKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = serialize_key_blob(wrapped_key, buf, end);
|
|
buf = serialize_key_blob(wrapping_key, buf, end);
|
|
buf = serialize_key_blob(masking_key, buf, end);
|
|
buf = additional_params.Serialize(buf, end);
|
|
buf = append_uint64_to_buf(buf, end, password_sid);
|
|
return append_uint64_to_buf(buf, end, biometric_sid);
|
|
}
|
|
|
|
bool ImportWrappedKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return deserialize_key_blob(&wrapped_key, buf_ptr, end) &&
|
|
deserialize_key_blob(&wrapping_key, buf_ptr, end) &&
|
|
deserialize_key_blob(&masking_key, buf_ptr, end) &&
|
|
additional_params.Deserialize(buf_ptr, end) &&
|
|
copy_uint64_from_buf(buf_ptr, end, &password_sid) &&
|
|
copy_uint64_from_buf(buf_ptr, end, &biometric_sid);
|
|
}
|
|
|
|
void ImportWrappedKeyRequest::SetWrappedMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&wrapped_key, key_material, length);
|
|
}
|
|
|
|
void ImportWrappedKeyRequest::SetWrappingMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&wrapping_key, key_material, length);
|
|
}
|
|
|
|
void ImportWrappedKeyRequest::SetMaskingKeyMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&masking_key, key_material, length);
|
|
}
|
|
|
|
void ImportWrappedKeyResponse::SetKeyMaterial(const void* key_material, size_t length) {
|
|
set_key_blob(&key_blob, key_material, length);
|
|
}
|
|
|
|
size_t ImportWrappedKeyResponse::NonErrorSerializedSize() const {
|
|
size_t result =
|
|
key_blob_size(key_blob) + enforced.SerializedSize() + unenforced.SerializedSize();
|
|
if (message_version < 4) return result;
|
|
return result + chain_size(certificate_chain);
|
|
}
|
|
|
|
uint8_t* ImportWrappedKeyResponse::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = serialize_key_blob(key_blob, buf, end);
|
|
buf = enforced.Serialize(buf, end);
|
|
buf = unenforced.Serialize(buf, end);
|
|
if (message_version < 4) return buf;
|
|
return serialize_chain(certificate_chain, buf, end);
|
|
}
|
|
|
|
bool ImportWrappedKeyResponse::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
if (!deserialize_key_blob(&key_blob, buf_ptr, end) || //
|
|
!enforced.Deserialize(buf_ptr, end) || //
|
|
!unenforced.Deserialize(buf_ptr, end)) {
|
|
return false;
|
|
}
|
|
if (message_version < 4) return true;
|
|
certificate_chain = deserialize_chain(buf_ptr, end);
|
|
return !!certificate_chain.entries;
|
|
}
|
|
|
|
size_t HardwareAuthToken::SerializedSize() const {
|
|
return sizeof(challenge) + sizeof(user_id) + sizeof(authenticator_id) +
|
|
sizeof(authenticator_type) + sizeof(timestamp) + blob_size(mac);
|
|
}
|
|
|
|
uint8_t* HardwareAuthToken::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = append_uint64_to_buf(buf, end, challenge);
|
|
buf = append_uint64_to_buf(buf, end, user_id);
|
|
buf = append_uint64_to_buf(buf, end, authenticator_id);
|
|
buf = append_uint32_to_buf(buf, end, authenticator_type);
|
|
buf = append_uint64_to_buf(buf, end, timestamp);
|
|
return serialize_blob(mac, buf, end);
|
|
}
|
|
|
|
bool HardwareAuthToken::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return copy_uint64_from_buf(buf_ptr, end, &challenge) &&
|
|
copy_uint64_from_buf(buf_ptr, end, &user_id) &&
|
|
copy_uint64_from_buf(buf_ptr, end, &authenticator_id) &&
|
|
copy_uint32_from_buf(buf_ptr, end, &authenticator_type) &&
|
|
copy_uint64_from_buf(buf_ptr, end, ×tamp) && //
|
|
deserialize_blob(&mac, buf_ptr, end);
|
|
}
|
|
|
|
size_t VerificationToken::SerializedSize() const {
|
|
return sizeof(challenge) + sizeof(timestamp) + parameters_verified.SerializedSize() +
|
|
sizeof(security_level) + blob_size(mac);
|
|
}
|
|
|
|
uint8_t* VerificationToken::Serialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = append_uint64_to_buf(buf, end, challenge);
|
|
buf = append_uint64_to_buf(buf, end, timestamp);
|
|
buf = parameters_verified.Serialize(buf, end);
|
|
buf = append_uint32_to_buf(buf, end, security_level);
|
|
return serialize_blob(mac, buf, end);
|
|
}
|
|
|
|
bool VerificationToken::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return copy_uint64_from_buf(buf_ptr, end, &challenge) &&
|
|
copy_uint64_from_buf(buf_ptr, end, ×tamp) &&
|
|
parameters_verified.Deserialize(buf_ptr, end) &&
|
|
copy_uint32_from_buf(buf_ptr, end, &security_level) &&
|
|
deserialize_blob(&mac, buf_ptr, end);
|
|
}
|
|
|
|
size_t GetVersion2Response::NonErrorSerializedSize() const {
|
|
return sizeof(max_message_version) + //
|
|
sizeof(km_version) + //
|
|
sizeof(km_date);
|
|
}
|
|
|
|
uint8_t* GetVersion2Response::NonErrorSerialize(uint8_t* buf, const uint8_t* end) const {
|
|
buf = append_uint32_to_buf(buf, end, max_message_version);
|
|
buf = append_uint32_to_buf(buf, end, km_version);
|
|
return append_uint32_to_buf(buf, end, km_date);
|
|
}
|
|
|
|
bool GetVersion2Response::NonErrorDeserialize(const uint8_t** buf_ptr, const uint8_t* end) {
|
|
return copy_uint32_from_buf(buf_ptr, end, &max_message_version) &&
|
|
copy_uint32_from_buf(buf_ptr, end, &km_version) &&
|
|
copy_uint32_from_buf(buf_ptr, end, &km_date);
|
|
}
|
|
|
|
} // namespace keymaster
|