Hardware keyguard message interface
Simple message serialization interface for passing
keyguard objects through the HAL.
Change-Id: I3c1f83976edd88b0f5cb7fea3f33ba620b5f2057
diff --git a/keyguard_messages.cpp b/keyguard_messages.cpp
new file mode 100644
index 0000000..0c92e78
--- /dev/null
+++ b/keyguard_messages.cpp
@@ -0,0 +1,252 @@
+/*
+ * Copyright 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ * TODO(anmorales): figure out a reasonable max buffer size
+ */
+
+#include <keyguard/keyguard_messages.h>
+
+#include <string.h>
+
+namespace keyguard {
+
+/**
+ * Variant of memset() that uses GCC-specific pragmas to disable optimizations, so effect is not
+ * optimized away. This is important because we often need to wipe blocks of sensitive data from
+ * memory. As an additional convenience, this implementation avoids writing to NULL pointers.
+ */
+#ifdef __clang__
+#define OPTNONE __attribute__((optnone))
+#else // not __clang__
+#define OPTNONE __attribute__((optimize("O0")))
+#endif // not __clang__
+inline OPTNONE void* memset_s(void* s, int c, size_t n) {
+ if (!s)
+ return s;
+ return memset(s, c, n);
+}
+#undef OPTNONE
+
+static inline size_t buffer_size(const SizedBuffer &buf) {
+ return sizeof(uint32_t) + buf.length;
+}
+
+static inline void append_to_buffer(uint8_t **buffer, const SizedBuffer *to_append) {
+ memcpy(*buffer, &to_append->length, sizeof(to_append->length));
+ *buffer += sizeof(to_append->length);
+ memcpy(*buffer, to_append->buffer.get(), to_append->length);
+ *buffer += to_append->length;
+}
+
+static inline keyguard_error_t read_from_buffer(const uint8_t **buffer, const uint8_t *end,
+ SizedBuffer *target) {
+ if (*buffer + sizeof(target->length) >= end) return KG_ERROR_INVALID;
+
+ memcpy(&target->length, *buffer, sizeof(target->length));
+ *buffer += sizeof(target->length);
+ const uint8_t *buffer_end = *buffer + target->length;
+ if (buffer_end > end || buffer_end <= *buffer) return KG_ERROR_INVALID;
+
+ target->buffer.reset(new uint8_t[target->length]);
+ memcpy(target->buffer.get(), *buffer, target->length);
+ *buffer += target->length;
+ return KG_ERROR_OK;
+}
+
+size_t KeyguardMessage::GetSerializedSize() const {
+ if (error_ == KG_ERROR_OK) {
+ return sizeof(uint32_t) + nonErrorSerializedSize();
+ } else {
+ return sizeof(uint32_t);
+ }
+}
+
+uint8_t *KeyguardMessage::Serialize() const {
+ if (error_ != KG_ERROR_OK) {
+ uint32_t *error_buf = new uint32_t;
+ *error_buf = static_cast<uint32_t>(error_);
+ return reinterpret_cast<uint8_t *>(error_buf);
+ } else {
+ uint8_t *buf = new uint8_t[sizeof(uint32_t) + nonErrorSerializedSize()];
+ uint32_t error_value = static_cast<uint32_t>(error_);
+ memcpy(buf, &error_value, sizeof(uint32_t));
+ nonErrorSerialize(buf + sizeof(uint32_t));
+ return buf;
+ }
+}
+
+keyguard_error_t KeyguardMessage::Deserialize(const uint8_t *payload, const uint8_t *end) {
+ uint32_t error_value;
+ if (payload + sizeof(uint32_t) > end) return KG_ERROR_INVALID;
+ memcpy(&error_value, payload, sizeof(uint32_t));
+ error_ = static_cast<keyguard_error_t>(error_value);
+ if (error_ == KG_ERROR_OK) {
+ error_ = nonErrorDeserialize(payload + sizeof(uint32_t), end);
+ }
+
+ return error_;
+}
+
+
+VerifyRequest::VerifyRequest(SizedBuffer *enrolled_password_handle,
+ SizedBuffer *provided_password_payload) {
+ password_handle_.buffer = std::move(enrolled_password_handle->buffer);
+ password_handle_.length = enrolled_password_handle->length;
+ provided_password_.buffer = std::move(provided_password_payload->buffer);
+ provided_password_.length = provided_password_payload->length;
+}
+
+VerifyRequest::VerifyRequest() {
+ memset_s(&password_handle_, 0, sizeof(password_handle_));
+ memset_s(&provided_password_, 0, sizeof(provided_password_));
+}
+
+VerifyRequest::~VerifyRequest() {
+ if (password_handle_.buffer) {
+ password_handle_.buffer.reset();
+ }
+
+ if (provided_password_.buffer) {
+ memset_s(provided_password_.buffer.get(), 0, provided_password_.length);
+ provided_password_.buffer.reset();
+ }
+}
+
+size_t VerifyRequest::nonErrorSerializedSize() const {
+ return buffer_size(password_handle_) + buffer_size(provided_password_);
+}
+
+void VerifyRequest::nonErrorSerialize(uint8_t *buffer) const {
+ append_to_buffer(&buffer, &password_handle_);
+ append_to_buffer(&buffer, &provided_password_);
+}
+
+keyguard_error_t VerifyRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
+ keyguard_error_t error = KG_ERROR_OK;
+
+ if (password_handle_.buffer) {
+ password_handle_.buffer.reset();
+ }
+
+ if (provided_password_.buffer) {
+ memset_s(provided_password_.buffer.get(), 0, provided_password_.length);
+ provided_password_.buffer.reset();
+ }
+
+ error = read_from_buffer(&payload, end, &password_handle_);
+ if (error != KG_ERROR_OK) return error;
+
+ return read_from_buffer(&payload, end, &provided_password_);
+
+}
+
+VerifyResponse::VerifyResponse(SizedBuffer *verification_token) {
+ verification_token_.buffer = std::move(verification_token->buffer);
+ verification_token_.length = verification_token->length;
+}
+
+VerifyResponse::VerifyResponse() {
+ memset_s(&verification_token_, 0, sizeof(verification_token_));
+};
+
+VerifyResponse::~VerifyResponse() {
+ if (verification_token_.length > 0) {
+ verification_token_.buffer.reset();
+ }
+}
+
+size_t VerifyResponse::nonErrorSerializedSize() const {
+ return buffer_size(verification_token_);
+}
+
+void VerifyResponse::nonErrorSerialize(uint8_t *buffer) const {
+ append_to_buffer(&buffer, &verification_token_);
+}
+
+keyguard_error_t VerifyResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
+ if (verification_token_.buffer) {
+ verification_token_.buffer.reset();
+ }
+
+ return read_from_buffer(&payload, end, &verification_token_);
+}
+
+EnrollRequest::EnrollRequest(SizedBuffer *provided_password) {
+ provided_password_.buffer = std::move(provided_password->buffer);
+ provided_password_.length = provided_password->length;
+}
+
+EnrollRequest::EnrollRequest() {
+ memset_s(&provided_password_, 0, sizeof(provided_password_));
+}
+
+EnrollRequest::~EnrollRequest() {
+ if (provided_password_.buffer) {
+ memset_s(provided_password_.buffer.get(), 0, provided_password_.length);
+ provided_password_.buffer.reset();
+ }
+}
+
+size_t EnrollRequest::nonErrorSerializedSize() const {
+ return buffer_size(provided_password_);
+}
+
+void EnrollRequest::nonErrorSerialize(uint8_t *buffer) const {
+ append_to_buffer(&buffer, &provided_password_);
+}
+
+keyguard_error_t EnrollRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
+ if (provided_password_.buffer) {
+ memset_s(provided_password_.buffer.get(), 0, provided_password_.length);
+ provided_password_.buffer.reset();
+ }
+
+ return read_from_buffer(&payload, end, &provided_password_);
+}
+
+EnrollResponse::EnrollResponse(SizedBuffer *enrolled_password_handle) {
+ enrolled_password_handle_.buffer = std::move(enrolled_password_handle->buffer);
+ enrolled_password_handle_.length = enrolled_password_handle->length;
+}
+
+EnrollResponse::EnrollResponse() {
+ memset_s(&enrolled_password_handle_, 0, sizeof(enrolled_password_handle_));
+}
+
+EnrollResponse::~EnrollResponse() {
+ if (enrolled_password_handle_.buffer) {
+ enrolled_password_handle_.buffer.reset();
+ }
+}
+
+size_t EnrollResponse::nonErrorSerializedSize() const {
+ return buffer_size(enrolled_password_handle_);
+}
+
+void EnrollResponse::nonErrorSerialize(uint8_t *buffer) const {
+ append_to_buffer(&buffer, &enrolled_password_handle_);
+}
+
+keyguard_error_t EnrollResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
+ if (enrolled_password_handle_.buffer) {
+ enrolled_password_handle_.buffer.reset();
+ }
+
+ return read_from_buffer(&payload, end, &enrolled_password_handle_);
+}
+
+};
+