blob: 2e0a61c7cd4fd9b8d177f26f5cf7e5a7e74d198d [file] [log] [blame]
nagendra modadugubdcfaa82017-09-17 17:11:36 -07001/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17syntax = "proto3";
18
19package nugget.app.keymaster;
20
21import "nugget/protobuf/options.proto";
22/* TODO: get imports and build system to work. */
23// import "keymaster_defs.proto";
24// import "keymaster_types.proto";
25
26/*
27 * Keymaster service methods.
28 *
29 * TODO: some methods may be implemented in the host side HAL implementation.
30 */
31service Keymaster {
Andrew Scull36ebf2d2017-10-10 11:25:21 +010032 option (nugget.protobuf.app_id) = "KEYMASTER";
33 option (nugget.protobuf.app_name) = "Keymaster";
34 option (nugget.protobuf.app_version) = 1;
35 option (nugget.protobuf.request_buffer_size) = 1024;
36 option (nugget.protobuf.response_buffer_size) = 1024;
nagendra modadugubdcfaa82017-09-17 17:11:36 -070037
Andrew Scull36ebf2d2017-10-10 11:25:21 +010038 /*
39 * KM3 methods, from:
40 * ::android::hardware::keymaster::V3_0::IKeymasterDevice
41 */
42 rpc AddRngEntropy (AddRngEntropyRequest) returns (AddRngEntropyResponse);
43 rpc GenerateKey (GenerateKeyRequest) returns (GenerateKeyResponse);
44 rpc GetKeyCharacteristics (GetKeyCharacteristicsRequest) returns (GetKeyCharacteristicsResponse);
45 rpc ImportKey (ImportKeyRequest) returns (ImportKeyResponse);
46 rpc ExportKey (ExportKeyRequest) returns (ExportKeyResponse);
47 rpc AttestKey (AttestKeyRequest) returns (AttestKeyResponse);
48 rpc UpgradeKey (UpgradeKeyRequest) returns (UpgradeKeyResponse);
49 rpc DeleteKey (DeleteKeyRequest) returns (DeleteKeyResponse);
50 rpc DeleteAllKeys (DeleteAllKeysRequest) returns (DeleteAllKeysResponse);
51 rpc DestroyAttestationIds (DestroyAttestationIdsRequest) returns (DestroyAttestationIdsResponse);
52 rpc BeginOperation (BeginOperationRequest) returns (BeginOperationResponse);
53 rpc UpdateOperation (UpdateOperationRequest) returns (UpdateOperationResponse);
54 rpc FinishOperation (FinishOperationRequest) returns (FinishOperationResponse);
55 rpc AbortOperation (AbortOperationRequest) returns (AbortOperationResponse);
nagendra modadugubdcfaa82017-09-17 17:11:36 -070056
Andrew Scull36ebf2d2017-10-10 11:25:21 +010057 /*
58 * KM4 methods.
59 */
60 rpc ImportWrappedKey (ImportWrappedKeyRequest) returns (ImportWrappedKeyResponse);
nagendra modadugubdcfaa82017-09-17 17:11:36 -070061
Andrew Scull36ebf2d2017-10-10 11:25:21 +010062 /*
63 * Vendor specific methods (manufacturing, status, factory reset, upgrade).
64 */
nagendra modadugubdcfaa82017-09-17 17:11:36 -070065}
66
67/*
68 * Minimal type definitions required for building protos. Sourced from:
69 * ::android::hardware::keymaster::V3_0
70 */
71enum KeyPurpose {
Andrew Scull36ebf2d2017-10-10 11:25:21 +010072 KM_PURPOSE_ENCRYPT = 0; /* Usable with RSA, EC and AES keys. */
73 KM_PURPOSE_DECRYPT = 1; /* Usable with RSA, EC and AES keys. */
74 KM_PURPOSE_SIGN = 2; /* Usable with RSA, EC and HMAC keys. */
75 KM_PURPOSE_VERIFY = 3; /* Usable with RSA, EC and HMAC keys. */
76 KM_PURPOSE_DERIVE_KEY = 4; /* Usable with EC keys. */
nagendra modadugubdcfaa82017-09-17 17:11:36 -070077}
78
79enum KeyFormat {
Andrew Scull36ebf2d2017-10-10 11:25:21 +010080 KM_KEY_FORMAT_X509 = 0; /* for public key export */
81 KM_KEY_FORMAT_PKCS8 = 1; /* for asymmetric key pair import */
82 KM_KEY_FORMAT_RAW = 3; /* for symmetric key import and export*/
nagendra modadugubdcfaa82017-09-17 17:11:36 -070083}
84
85message KeyParameter {
Andrew Scull36ebf2d2017-10-10 11:25:21 +010086 uint32 tag = 1; /* Possible values defined here
87 * ::android::hardware::keymaster::V3_0::Tag
88 */
89 uint32 integer = 2;
90 uint64 long_integer = 3;
91 bytes blob = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -070092}
93
94message KeyParameters {
Andrew Scull36ebf2d2017-10-10 11:25:21 +010095 repeated KeyParameter params = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -070096}
97
98message KeyBlob {
Andrew Scull36ebf2d2017-10-10 11:25:21 +010099 bytes blob = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700100}
101
102message OperationHandle {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100103 uint64 handle = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700104}
105
106message Certificate {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100107 bytes data = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700108}
109
110message CertificateChain {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100111 repeated Certificate certificates = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700112}
113
114message KeyCharacteristics {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100115 KeyParameters tee_enforced = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700116}
117
118/*
119 * KM3 messages.
120 */
121
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700122// AddEntropy
123message AddRngEntropyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100124 bytes data = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700125}
nagendra modadugu36966942017-09-26 15:56:24 -0700126message AddRngEntropyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100127 // TODO: replace with ErrorCode enum
128 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700129}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700130
131// GenerateKey
132message GenerateKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100133 KeyParameters params = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700134}
135message GenerateKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100136 uint32 error_code = 1;
137 KeyBlob blob = 2;
138 KeyCharacteristics characteristics = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700139}
140
141// GetKeyCharacteristics
142message GetKeyCharacteristicsRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100143 KeyBlob blob = 1;
144 bytes client_id = 2;
145 bytes app_data = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700146}
147message GetKeyCharacteristicsResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100148 uint32 error_code = 1;
149 KeyCharacteristics characteristics = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700150}
151
152// ImportKey
153message ImportKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100154 KeyParameters params = 1;
155 RSAKey rsa = 2;
156 ECKey ec = 3;
157 SymmetricKey symmetric_key = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700158};
159message ImportKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100160 // TODO: include an ErrorCode field
161 uint32 error_code = 1;
162 KeyBlob blob = 2;
163 KeyCharacteristics characteristics = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700164};
165
166// ExportKey
167message ExportKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100168 KeyFormat format = 1;
169 KeyBlob blob = 2;
170 bytes client_id = 3;
171 bytes app_data = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700172};
173message ExportKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100174 uint32 error_code = 1;
175 bytes key_material = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700176};
177
178// AttestKey
179message AttestKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100180 KeyBlob blob = 1;
181 KeyParameters params = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700182}
183message AttestKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100184 uint32 error_code = 1;
185 CertificateChain chain = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700186}
187
188// UpgradeKey
189message UpgradeKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100190 KeyBlob blob = 1;
191 KeyParameters params = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700192}
193message UpgradeKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100194 uint32 error_code = 1;
195 KeyBlob blob = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700196}
197
198// DeleteKey
199message DeleteKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100200 KeyBlob blob = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700201}
nagendra modadugu36966942017-09-26 15:56:24 -0700202message DeleteKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100203 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700204}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700205
206// DeleteAllKeys
207message DeleteAllKeysRequest {}
nagendra modadugu36966942017-09-26 15:56:24 -0700208message DeleteAllKeysResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100209 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700210}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700211
212// DestroyAttestationIds
213message DestroyAttestationIdsRequest {}
nagendra modadugu36966942017-09-26 15:56:24 -0700214message DestroyAttestationIdsResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100215 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700216}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700217
218// BeginOperation
219message BeginOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100220 KeyPurpose purpose = 1;
221 KeyBlob blob = 2;
222 KeyParameters params = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700223}
224message BeginOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100225 uint32 error_code = 1;
226 KeyParameters params = 2;
227 OperationHandle handle = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700228}
229
230// UpdateOperation
231message UpdateOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100232 OperationHandle handle = 1;
233 KeyParameters params = 2;
234 bytes input = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700235}
236message UpdateOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100237 uint32 error_code = 1;
238 uint32 consumed = 2;
239 KeyParameters params = 3;
240 bytes output = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700241}
242
243// FinishOperation
244message FinishOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100245 OperationHandle handle = 1;
246 KeyParameters params = 2;
247 bytes input = 3;
248 bytes signature = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700249};
250message FinishOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100251 uint32 error_code = 1;
252 KeyParameters params = 2;
253 bytes output = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700254};
255
256// AbortOperation
257message AbortOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100258 OperationHandle handle = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700259};
nagendra modadugu36966942017-09-26 15:56:24 -0700260message AbortOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100261 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700262};
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700263
264/*
265 * KM4 messages.
266 */
267message ImportWrappedKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100268 KeyBlob wrapping_key_blob = 1;
269 bytes wrapped_key = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700270}
271
272message ImportWrappedKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100273 uint32 error_code = 1;
274 KeyBlob blob = 2;
275 KeyCharacteristics characteristics = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700276}
nagendra modadugu6a53e4d2017-09-25 19:40:38 -0700277
278
279/*
280 * Internal types.
281 */
282message RSAKey {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100283 uint32 e = 1;
284 bytes d = 2;
285 bytes n = 3;
nagendra modadugu6a53e4d2017-09-25 19:40:38 -0700286}
287
288message ECKey {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100289 uint32 curve_id = 1;
290 bytes d = 2;
291 bytes x = 3;
292 bytes y = 4;
nagendra modadugu6a53e4d2017-09-25 19:40:38 -0700293}
294
295message SymmetricKey {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100296 uint32 algorithm = 1;
297 bytes material = 2;
298}