1/*
2 * Copyright 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18#include <gatekeeper/gatekeeper_messages.h>
19
20#include <string.h>
21
22using namespace std;
23
24namespace gatekeeper {
25
26/**
27 * Methods for serializing/deserializing SizedBuffers
28 */
29
30struct __attribute__((__packed__)) serial_header_t {
31    uint32_t error;
32    uint32_t user_id;
33};
34
35static inline uint32_t serialized_buffer_size(const SizedBuffer &buf) {
36    return sizeof(buf.length) + buf.length;
37}
38
39static inline void append_to_buffer(uint8_t **buffer, const SizedBuffer *to_append) {
40    memcpy(*buffer, &to_append->length, sizeof(to_append->length));
41    *buffer += sizeof(to_append->length);
42    if (to_append->length != 0) {
43        memcpy(*buffer, to_append->buffer.get(), to_append->length);
44        *buffer += to_append->length;
45    }
46}
47
48static inline gatekeeper_error_t read_from_buffer(const uint8_t **buffer, const uint8_t *end,
49        SizedBuffer *target) {
50    if (*buffer + sizeof(target->length) > end) return ERROR_INVALID;
51
52    memcpy(&target->length, *buffer, sizeof(target->length));
53    *buffer += sizeof(target->length);
54    if (target->length != 0) {
55        const uint8_t *buffer_end = *buffer + target->length;
56        if (buffer_end > end || buffer_end <= *buffer) return ERROR_INVALID;
57
58        target->buffer.reset(new uint8_t[target->length]);
59        memcpy(target->buffer.get(), *buffer, target->length);
60        *buffer += target->length;
61    }
62    return ERROR_NONE;
63}
64
65
66uint32_t GateKeeperMessage::GetSerializedSize() const {
67    if (error == ERROR_NONE) {
68        uint32_t size = sizeof(serial_header_t) + nonErrorSerializedSize();
69        return size;
70    } else {
71        uint32_t size = sizeof(serial_header_t);
72        if (error == ERROR_RETRY) {
73            size += sizeof(retry_timeout);
74        }
75        return size;
76    }
77}
78
79uint32_t GateKeeperMessage::Serialize(uint8_t *buffer, const uint8_t *end) const {
80    uint32_t bytes_written = 0;
81    if (buffer + GetSerializedSize() > end) {
82        return 0;
83    }
84
85    serial_header_t *header = reinterpret_cast<serial_header_t *>(buffer);
86    if (error != ERROR_NONE) {
87        if (buffer + sizeof(serial_header_t) > end) return 0;
88        header->error = error;
89        header->user_id = user_id;
90        bytes_written += sizeof(*header);
91        if (error == ERROR_RETRY) {
92            memcpy(buffer + sizeof(serial_header_t), &retry_timeout, sizeof(retry_timeout));
93            bytes_written  += sizeof(retry_timeout);
94        }
95    } else {
96        if (buffer + sizeof(serial_header_t) + nonErrorSerializedSize() > end)
97            return 0;
98        header->error = error;
99        header->user_id = user_id;
100        nonErrorSerialize(buffer + sizeof(*header));
101        bytes_written += sizeof(*header) + nonErrorSerializedSize();
102    }
103
104    return bytes_written;
105}
106
107gatekeeper_error_t GateKeeperMessage::Deserialize(const uint8_t *payload, const uint8_t *end) {
108    if (payload + sizeof(uint32_t) > end) return ERROR_INVALID;
109    const serial_header_t *header = reinterpret_cast<const serial_header_t *>(payload);
110    if (header->error == ERROR_NONE) {
111        if (payload == end) return ERROR_INVALID;
112        user_id = header->user_id;
113        error = nonErrorDeserialize(payload + sizeof(*header), end);
114    } else {
115        error = static_cast<gatekeeper_error_t>(header->error);
116        user_id = header->user_id;
117        if (error == ERROR_RETRY) {
118            if (payload + sizeof(serial_header_t) < end) {
119                memcpy(&retry_timeout, payload + sizeof(serial_header_t), sizeof(retry_timeout));
120            } else {
121                retry_timeout = 0;
122            }
123        }
124    }
125
126    return error;
127}
128
129void GateKeeperMessage::SetRetryTimeout(uint32_t retry_timeout) {
130    this->retry_timeout = retry_timeout;
131    this->error = ERROR_RETRY;
132}
133
134VerifyRequest::VerifyRequest(uint32_t user_id, uint64_t challenge,
135        SizedBuffer *enrolled_password_handle, SizedBuffer *provided_password_payload) {
136    this->user_id = user_id;
137    this->challenge = challenge;
138    this->password_handle.buffer.reset(enrolled_password_handle->buffer.release());
139    this->password_handle.length = enrolled_password_handle->length;
140    this->provided_password.buffer.reset(provided_password_payload->buffer.release());
141    this->provided_password.length = provided_password_payload->length;
142}
143
144VerifyRequest::VerifyRequest() {
145    memset_s(&password_handle, 0, sizeof(password_handle));
146    memset_s(&provided_password, 0, sizeof(provided_password));
147}
148
149VerifyRequest::~VerifyRequest() {
150    if (password_handle.buffer.get()) {
151        password_handle.buffer.reset();
152    }
153
154    if (provided_password.buffer.get()) {
155        memset_s(provided_password.buffer.get(), 0, provided_password.length);
156        provided_password.buffer.reset();
157    }
158}
159
160uint32_t VerifyRequest::nonErrorSerializedSize() const {
161    return sizeof(challenge) + serialized_buffer_size(password_handle)
162            + serialized_buffer_size(provided_password);
163}
164
165void VerifyRequest::nonErrorSerialize(uint8_t *buffer) const {
166    memcpy(buffer, &challenge, sizeof(challenge));
167    buffer += sizeof(challenge);
168    append_to_buffer(&buffer, &password_handle);
169    append_to_buffer(&buffer, &provided_password);
170}
171
172gatekeeper_error_t VerifyRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
173    gatekeeper_error_t error = ERROR_NONE;
174
175    if (password_handle.buffer.get()) {
176        password_handle.buffer.reset();
177    }
178
179    if (provided_password.buffer.get()) {
180        memset_s(provided_password.buffer.get(), 0, provided_password.length);
181        provided_password.buffer.reset();
182    }
183
184    memcpy(&challenge, payload, sizeof(challenge));
185    payload += sizeof(challenge);
186
187    error = read_from_buffer(&payload, end, &password_handle);
188    if (error != ERROR_NONE) return error;
189
190    return read_from_buffer(&payload, end, &provided_password);
191
192}
193
194VerifyResponse::VerifyResponse(uint32_t user_id, SizedBuffer *auth_token) {
195    this->user_id = user_id;
196    this->auth_token.buffer.reset(auth_token->buffer.release());
197    this->auth_token.length = auth_token->length;
198    this->request_reenroll = false;
199}
200
201VerifyResponse::VerifyResponse() {
202    request_reenroll = false;
203    memset_s(&auth_token, 0, sizeof(auth_token));
204};
205
206VerifyResponse::~VerifyResponse() {
207    if (auth_token.length > 0) {
208        auth_token.buffer.reset();
209    }
210}
211
212void VerifyResponse::SetVerificationToken(SizedBuffer *auth_token) {
213    this->auth_token.buffer.reset(auth_token->buffer.release());
214    this->auth_token.length = auth_token->length;
215}
216
217uint32_t VerifyResponse::nonErrorSerializedSize() const {
218    return serialized_buffer_size(auth_token) + sizeof(request_reenroll);
219}
220
221void VerifyResponse::nonErrorSerialize(uint8_t *buffer) const {
222    append_to_buffer(&buffer, &auth_token);
223    memcpy(buffer, &request_reenroll, sizeof(request_reenroll));
224}
225
226gatekeeper_error_t VerifyResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
227    if (auth_token.buffer.get()) {
228        auth_token.buffer.reset();
229    }
230
231    gatekeeper_error_t err = read_from_buffer(&payload, end, &auth_token);
232    if (err != ERROR_NONE) {
233        return err;
234    }
235
236    memcpy(&request_reenroll, payload, sizeof(request_reenroll));
237    return ERROR_NONE;
238}
239
240EnrollRequest::EnrollRequest(uint32_t user_id, SizedBuffer *password_handle,
241        SizedBuffer *provided_password,  SizedBuffer *enrolled_password) {
242    this->user_id = user_id;
243    this->provided_password.buffer.reset(provided_password->buffer.release());
244    this->provided_password.length = provided_password->length;
245
246    if (enrolled_password == NULL) {
247        this->enrolled_password.buffer.reset();
248        this->enrolled_password.length = 0;
249    } else {
250        this->enrolled_password.buffer.reset(enrolled_password->buffer.release());
251        this->enrolled_password.length = enrolled_password->length;
252    }
253
254    if (password_handle == NULL) {
255        this->password_handle.buffer.reset();
256        this->password_handle.length = 0;
257    } else {
258        this->password_handle.buffer.reset(password_handle->buffer.release());
259        this->password_handle.length = password_handle->length;
260    }
261}
262
263EnrollRequest::EnrollRequest() {
264    memset_s(&provided_password, 0, sizeof(provided_password));
265    memset_s(&enrolled_password, 0, sizeof(enrolled_password));
266    memset_s(&password_handle, 0, sizeof(password_handle));
267}
268
269EnrollRequest::~EnrollRequest() {
270    if (provided_password.buffer.get()) {
271        memset_s(provided_password.buffer.get(), 0, provided_password.length);
272        provided_password.buffer.reset();
273    }
274
275    if (enrolled_password.buffer.get()) {
276        memset_s(enrolled_password.buffer.get(), 0, enrolled_password.length);
277        enrolled_password.buffer.reset();
278    }
279
280    if (password_handle.buffer.get()) {
281        memset_s(password_handle.buffer.get(), 0, password_handle.length);
282        password_handle.buffer.reset();
283    }
284}
285
286uint32_t EnrollRequest::nonErrorSerializedSize() const {
287   return serialized_buffer_size(provided_password) + serialized_buffer_size(enrolled_password)
288       + serialized_buffer_size(password_handle);
289}
290
291void EnrollRequest::nonErrorSerialize(uint8_t *buffer) const {
292    append_to_buffer(&buffer, &provided_password);
293    append_to_buffer(&buffer, &enrolled_password);
294    append_to_buffer(&buffer, &password_handle);
295}
296
297gatekeeper_error_t EnrollRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
298    gatekeeper_error_t ret;
299    if (provided_password.buffer.get()) {
300        memset_s(provided_password.buffer.get(), 0, provided_password.length);
301        provided_password.buffer.reset();
302    }
303
304    if (enrolled_password.buffer.get()) {
305        memset_s(enrolled_password.buffer.get(), 0, enrolled_password.length);
306        enrolled_password.buffer.reset();
307    }
308
309    if (password_handle.buffer.get()) {
310        memset_s(password_handle.buffer.get(), 0, password_handle.length);
311        password_handle.buffer.reset();
312    }
313
314     ret = read_from_buffer(&payload, end, &provided_password);
315     if (ret != ERROR_NONE) {
316         return ret;
317     }
318
319     ret = read_from_buffer(&payload, end, &enrolled_password);
320     if (ret != ERROR_NONE) {
321         return ret;
322     }
323
324     return read_from_buffer(&payload, end, &password_handle);
325}
326
327EnrollResponse::EnrollResponse(uint32_t user_id, SizedBuffer *enrolled_password_handle) {
328    this->user_id = user_id;
329    this->enrolled_password_handle.buffer.reset(enrolled_password_handle->buffer.release());
330    this->enrolled_password_handle.length = enrolled_password_handle->length;
331}
332
333EnrollResponse::EnrollResponse() {
334    memset_s(&enrolled_password_handle, 0, sizeof(enrolled_password_handle));
335}
336
337EnrollResponse::~EnrollResponse() {
338    if (enrolled_password_handle.buffer.get()) {
339        enrolled_password_handle.buffer.reset();
340    }
341}
342
343void EnrollResponse::SetEnrolledPasswordHandle(SizedBuffer *enrolled_password_handle) {
344    this->enrolled_password_handle.buffer.reset(enrolled_password_handle->buffer.release());
345    this->enrolled_password_handle.length = enrolled_password_handle->length;
346}
347
348uint32_t EnrollResponse::nonErrorSerializedSize() const {
349    return serialized_buffer_size(enrolled_password_handle);
350}
351
352void EnrollResponse::nonErrorSerialize(uint8_t *buffer) const {
353    append_to_buffer(&buffer, &enrolled_password_handle);
354}
355
356gatekeeper_error_t EnrollResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
357    if (enrolled_password_handle.buffer.get()) {
358        enrolled_password_handle.buffer.reset();
359    }
360
361    return read_from_buffer(&payload, end, &enrolled_password_handle);
362}
363
364};
365
366