Blame - keyguard_messages.cpp - platform/system/gatekeeper

blob: 0c92e786063b8ebc1ffc9a6478264de5dc9eaecb [file] [log] [blame]

Andres Morales	6c9fe69	2015-02-23 10:44:41 -0800	[diff] [blame^]	1	/*
				2	* Copyright 2015 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*
				16	*
				17	* TODO(anmorales): figure out a reasonable max buffer size
				18	*/
				19
				20	#include <keyguard/keyguard_messages.h>
				21
				22	#include <string.h>
				23
				24	namespace keyguard {
				25
				26	/**
				27	* Variant of memset() that uses GCC-specific pragmas to disable optimizations, so effect is not
				28	* optimized away. This is important because we often need to wipe blocks of sensitive data from
				29	* memory. As an additional convenience, this implementation avoids writing to NULL pointers.
				30	*/
				31	#ifdef __clang__
				32	#define OPTNONE __attribute__((optnone))
				33	#else // not __clang__
				34	#define OPTNONE __attribute__((optimize("O0")))
				35	#endif // not __clang__
				36	inline OPTNONE void* memset_s(void* s, int c, size_t n) {
				37	if (!s)
				38	return s;
				39	return memset(s, c, n);
				40	}
				41	#undef OPTNONE
				42
				43	static inline size_t buffer_size(const SizedBuffer &buf) {
				44	return sizeof(uint32_t) + buf.length;
				45	}
				46
				47	static inline void append_to_buffer(uint8_t *buffer, const SizedBuffer to_append) {
				48	memcpy(*buffer, &to_append->length, sizeof(to_append->length));
				49	*buffer += sizeof(to_append->length);
				50	memcpy(*buffer, to_append->buffer.get(), to_append->length);
				51	*buffer += to_append->length;
				52	}
				53
				54	static inline keyguard_error_t read_from_buffer(const uint8_t *buffer, const uint8_t end,
				55	SizedBuffer *target) {
				56	if (*buffer + sizeof(target->length) >= end) return KG_ERROR_INVALID;
				57
				58	memcpy(&target->length, *buffer, sizeof(target->length));
				59	*buffer += sizeof(target->length);
				60	const uint8_t buffer_end = buffer + target->length;
				61	if (buffer_end > end \|\| buffer_end <= *buffer) return KG_ERROR_INVALID;
				62
				63	target->buffer.reset(new uint8_t[target->length]);
				64	memcpy(target->buffer.get(), *buffer, target->length);
				65	*buffer += target->length;
				66	return KG_ERROR_OK;
				67	}
				68
				69	size_t KeyguardMessage::GetSerializedSize() const {
				70	if (error_ == KG_ERROR_OK) {
				71	return sizeof(uint32_t) + nonErrorSerializedSize();
				72	} else {
				73	return sizeof(uint32_t);
				74	}
				75	}
				76
				77	uint8_t *KeyguardMessage::Serialize() const {
				78	if (error_ != KG_ERROR_OK) {
				79	uint32_t *error_buf = new uint32_t;
				80	*error_buf = static_cast<uint32_t>(error_);
				81	return reinterpret_cast<uint8_t *>(error_buf);
				82	} else {
				83	uint8_t *buf = new uint8_t[sizeof(uint32_t) + nonErrorSerializedSize()];
				84	uint32_t error_value = static_cast<uint32_t>(error_);
				85	memcpy(buf, &error_value, sizeof(uint32_t));
				86	nonErrorSerialize(buf + sizeof(uint32_t));
				87	return buf;
				88	}
				89	}
				90
				91	keyguard_error_t KeyguardMessage::Deserialize(const uint8_t payload, const uint8_t end) {
				92	uint32_t error_value;
				93	if (payload + sizeof(uint32_t) > end) return KG_ERROR_INVALID;
				94	memcpy(&error_value, payload, sizeof(uint32_t));
				95	error_ = static_cast<keyguard_error_t>(error_value);
				96	if (error_ == KG_ERROR_OK) {
				97	error_ = nonErrorDeserialize(payload + sizeof(uint32_t), end);
				98	}
				99
				100	return error_;
				101	}
				102
				103
				104	VerifyRequest::VerifyRequest(SizedBuffer *enrolled_password_handle,
				105	SizedBuffer *provided_password_payload) {
				106	password_handle_.buffer = std::move(enrolled_password_handle->buffer);
				107	password_handle_.length = enrolled_password_handle->length;
				108	provided_password_.buffer = std::move(provided_password_payload->buffer);
				109	provided_password_.length = provided_password_payload->length;
				110	}
				111
				112	VerifyRequest::VerifyRequest() {
				113	memset_s(&password_handle_, 0, sizeof(password_handle_));
				114	memset_s(&provided_password_, 0, sizeof(provided_password_));
				115	}
				116
				117	VerifyRequest::~VerifyRequest() {
				118	if (password_handle_.buffer) {
				119	password_handle_.buffer.reset();
				120	}
				121
				122	if (provided_password_.buffer) {
				123	memset_s(provided_password_.buffer.get(), 0, provided_password_.length);
				124	provided_password_.buffer.reset();
				125	}
				126	}
				127
				128	size_t VerifyRequest::nonErrorSerializedSize() const {
				129	return buffer_size(password_handle_) + buffer_size(provided_password_);
				130	}
				131
				132	void VerifyRequest::nonErrorSerialize(uint8_t *buffer) const {
				133	append_to_buffer(&buffer, &password_handle_);
				134	append_to_buffer(&buffer, &provided_password_);
				135	}
				136
				137	keyguard_error_t VerifyRequest::nonErrorDeserialize(const uint8_t payload, const uint8_t end) {
				138	keyguard_error_t error = KG_ERROR_OK;
				139
				140	if (password_handle_.buffer) {
				141	password_handle_.buffer.reset();
				142	}
				143
				144	if (provided_password_.buffer) {
				145	memset_s(provided_password_.buffer.get(), 0, provided_password_.length);
				146	provided_password_.buffer.reset();
				147	}
				148
				149	error = read_from_buffer(&payload, end, &password_handle_);
				150	if (error != KG_ERROR_OK) return error;
				151
				152	return read_from_buffer(&payload, end, &provided_password_);
				153
				154	}
				155
				156	VerifyResponse::VerifyResponse(SizedBuffer *verification_token) {
				157	verification_token_.buffer = std::move(verification_token->buffer);
				158	verification_token_.length = verification_token->length;
				159	}
				160
				161	VerifyResponse::VerifyResponse() {
				162	memset_s(&verification_token_, 0, sizeof(verification_token_));
				163	};
				164
				165	VerifyResponse::~VerifyResponse() {
				166	if (verification_token_.length > 0) {
				167	verification_token_.buffer.reset();
				168	}
				169	}
				170
				171	size_t VerifyResponse::nonErrorSerializedSize() const {
				172	return buffer_size(verification_token_);
				173	}
				174
				175	void VerifyResponse::nonErrorSerialize(uint8_t *buffer) const {
				176	append_to_buffer(&buffer, &verification_token_);
				177	}
				178
				179	keyguard_error_t VerifyResponse::nonErrorDeserialize(const uint8_t payload, const uint8_t end) {
				180	if (verification_token_.buffer) {
				181	verification_token_.buffer.reset();
				182	}
				183
				184	return read_from_buffer(&payload, end, &verification_token_);
				185	}
				186
				187	EnrollRequest::EnrollRequest(SizedBuffer *provided_password) {
				188	provided_password_.buffer = std::move(provided_password->buffer);
				189	provided_password_.length = provided_password->length;
				190	}
				191
				192	EnrollRequest::EnrollRequest() {
				193	memset_s(&provided_password_, 0, sizeof(provided_password_));
				194	}
				195
				196	EnrollRequest::~EnrollRequest() {
				197	if (provided_password_.buffer) {
				198	memset_s(provided_password_.buffer.get(), 0, provided_password_.length);
				199	provided_password_.buffer.reset();
				200	}
				201	}
				202
				203	size_t EnrollRequest::nonErrorSerializedSize() const {
				204	return buffer_size(provided_password_);
				205	}
				206
				207	void EnrollRequest::nonErrorSerialize(uint8_t *buffer) const {
				208	append_to_buffer(&buffer, &provided_password_);
				209	}
				210
				211	keyguard_error_t EnrollRequest::nonErrorDeserialize(const uint8_t payload, const uint8_t end) {
				212	if (provided_password_.buffer) {
				213	memset_s(provided_password_.buffer.get(), 0, provided_password_.length);
				214	provided_password_.buffer.reset();
				215	}
				216
				217	return read_from_buffer(&payload, end, &provided_password_);
				218	}
				219
				220	EnrollResponse::EnrollResponse(SizedBuffer *enrolled_password_handle) {
				221	enrolled_password_handle_.buffer = std::move(enrolled_password_handle->buffer);
				222	enrolled_password_handle_.length = enrolled_password_handle->length;
				223	}
				224
				225	EnrollResponse::EnrollResponse() {
				226	memset_s(&enrolled_password_handle_, 0, sizeof(enrolled_password_handle_));
				227	}
				228
				229	EnrollResponse::~EnrollResponse() {
				230	if (enrolled_password_handle_.buffer) {
				231	enrolled_password_handle_.buffer.reset();
				232	}
				233	}
				234
				235	size_t EnrollResponse::nonErrorSerializedSize() const {
				236	return buffer_size(enrolled_password_handle_);
				237	}
				238
				239	void EnrollResponse::nonErrorSerialize(uint8_t *buffer) const {
				240	append_to_buffer(&buffer, &enrolled_password_handle_);
				241	}
				242
				243	keyguard_error_t EnrollResponse::nonErrorDeserialize(const uint8_t payload, const uint8_t end) {
				244	if (enrolled_password_handle_.buffer) {
				245	enrolled_password_handle_.buffer.reset();
				246	}
				247
				248	return read_from_buffer(&payload, end, &enrolled_password_handle_);
				249	}
				250
				251	};
				252