Protocol for preshared secret provisioning.
Bug: 80271289
Change-Id: I7e3b9898824f7d12709341d68fdcc32b72e14e5d
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.options b/nugget/proto/nugget/app/keymaster/keymaster.options
index 79aa06f..f765aaf 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.options
+++ b/nugget/proto/nugget/app/keymaster/keymaster.options
@@ -12,3 +12,4 @@
nugget.app.keymaster.DTupFetchInputEventResponse.signature max_size:32
nugget.app.keymaster.GetBootInfoResponse.boot_key max_size:32
nugget.app.keymaster.GetBootInfoResponse.boot_hash max_size:32
+nugget.app.keymaster.ProvisionPresharedSecretRequest.preshared_secret max_size:32
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto
index 8766cdf..47a7d60 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster.proto
@@ -99,6 +99,10 @@
rpc SetSystemVersionInfo (SetSystemVersionInfoRequest) returns (SetSystemVersionInfoResponse);
rpc GetBootInfo (GetBootInfoRequest) returns (GetBootInfoResponse);
+ /*
+ * Called during provisioning by the CitadelProvision tool.
+ */
+ rpc ProvisionPresharedSecret (ProvisionPresharedSecretRequest) returns (ProvisionPresharedSecretResponse);
// These are implemented with a enum, so new RPCs must be appended, and
// deprecated RPCs need placeholders.
}
@@ -385,3 +389,12 @@
bytes boot_key = 4; // This is a SHA256 digest.
bytes boot_hash = 5; // This is a SHA256 digest.
}
+
+message ProvisionPresharedSecretRequest {
+ bytes preshared_secret = 1;
+ bool get_status = 2;
+}
+message ProvisionPresharedSecretResponse {
+ ErrorCode error_code = 1;
+ PresharedSecretStatus status = 2;
+}
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.proto b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
index 9c62baf..977595c 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_types.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
@@ -96,3 +96,8 @@
message SymmetricKey {
bytes material = 1;
}
+
+enum PresharedSecretStatus {
+ NOT_SET = 0;
+ ALREADY_SET = 1;
+}