Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / nos / host / generic / 36ebf2dbe695e70de53f97537ea07f5745d3d5db / . / nugget / services / keymaster / keymaster.proto
blob: 2e0a61c7cd4fd9b8d177f26f5cf7e5a7e74d198d [file] [log] [blame]
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17syntax = "proto3";
18
19package nugget.app.keymaster;
20
21import "nugget/protobuf/options.proto";
22/* TODO: get imports and build system to work. */
23// import "keymaster_defs.proto";
24// import "keymaster_types.proto";
25
26/*
27 * Keymaster service methods.
28 *
29 * TODO: some methods may be implemented in the host side HAL implementation.
30 */
31service Keymaster {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]32 option (nugget.protobuf.app_id) = "KEYMASTER";
33 option (nugget.protobuf.app_name) = "Keymaster";
34 option (nugget.protobuf.app_version) = 1;
35 option (nugget.protobuf.request_buffer_size) = 1024;
36 option (nugget.protobuf.response_buffer_size) = 1024;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]37
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]38 /*
39 * KM3 methods, from:
40 * ::android::hardware::keymaster::V3_0::IKeymasterDevice
41 */
42 rpc AddRngEntropy (AddRngEntropyRequest) returns (AddRngEntropyResponse);
43 rpc GenerateKey (GenerateKeyRequest) returns (GenerateKeyResponse);
44 rpc GetKeyCharacteristics (GetKeyCharacteristicsRequest) returns (GetKeyCharacteristicsResponse);
45 rpc ImportKey (ImportKeyRequest) returns (ImportKeyResponse);
46 rpc ExportKey (ExportKeyRequest) returns (ExportKeyResponse);
47 rpc AttestKey (AttestKeyRequest) returns (AttestKeyResponse);
48 rpc UpgradeKey (UpgradeKeyRequest) returns (UpgradeKeyResponse);
49 rpc DeleteKey (DeleteKeyRequest) returns (DeleteKeyResponse);
50 rpc DeleteAllKeys (DeleteAllKeysRequest) returns (DeleteAllKeysResponse);
51 rpc DestroyAttestationIds (DestroyAttestationIdsRequest) returns (DestroyAttestationIdsResponse);
52 rpc BeginOperation (BeginOperationRequest) returns (BeginOperationResponse);
53 rpc UpdateOperation (UpdateOperationRequest) returns (UpdateOperationResponse);
54 rpc FinishOperation (FinishOperationRequest) returns (FinishOperationResponse);
55 rpc AbortOperation (AbortOperationRequest) returns (AbortOperationResponse);
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]56
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]57 /*
58 * KM4 methods.
59 */
60 rpc ImportWrappedKey (ImportWrappedKeyRequest) returns (ImportWrappedKeyResponse);
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]61
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]62 /*
63 * Vendor specific methods (manufacturing, status, factory reset, upgrade).
64 */
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]65}
66
67/*
68 * Minimal type definitions required for building protos. Sourced from:
69 * ::android::hardware::keymaster::V3_0
70 */
71enum KeyPurpose {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]72 KM_PURPOSE_ENCRYPT = 0; /* Usable with RSA, EC and AES keys. */
73 KM_PURPOSE_DECRYPT = 1; /* Usable with RSA, EC and AES keys. */
74 KM_PURPOSE_SIGN = 2; /* Usable with RSA, EC and HMAC keys. */
75 KM_PURPOSE_VERIFY = 3; /* Usable with RSA, EC and HMAC keys. */
76 KM_PURPOSE_DERIVE_KEY = 4; /* Usable with EC keys. */
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]77}
78
79enum KeyFormat {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]80 KM_KEY_FORMAT_X509 = 0; /* for public key export */
81 KM_KEY_FORMAT_PKCS8 = 1; /* for asymmetric key pair import */
82 KM_KEY_FORMAT_RAW = 3; /* for symmetric key import and export*/
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]83}
84
85message KeyParameter {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]86 uint32 tag = 1; /* Possible values defined here
87 * ::android::hardware::keymaster::V3_0::Tag
88 */
89 uint32 integer = 2;
90 uint64 long_integer = 3;
91 bytes blob = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]92}
93
94message KeyParameters {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]95 repeated KeyParameter params = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]96}
97
98message KeyBlob {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]99 bytes blob = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]100}
101
102message OperationHandle {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]103 uint64 handle = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]104}
105
106message Certificate {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]107 bytes data = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]108}
109
110message CertificateChain {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]111 repeated Certificate certificates = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]112}
113
114message KeyCharacteristics {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]115 KeyParameters tee_enforced = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]116}
117
118/*
119 * KM3 messages.
120 */
121
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]122// AddEntropy
123message AddRngEntropyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]124 bytes data = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]125}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]126message AddRngEntropyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]127 // TODO: replace with ErrorCode enum
128 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]129}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]130
131// GenerateKey
132message GenerateKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]133 KeyParameters params = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]134}
135message GenerateKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]136 uint32 error_code = 1;
137 KeyBlob blob = 2;
138 KeyCharacteristics characteristics = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]139}
140
141// GetKeyCharacteristics
142message GetKeyCharacteristicsRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]143 KeyBlob blob = 1;
144 bytes client_id = 2;
145 bytes app_data = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]146}
147message GetKeyCharacteristicsResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]148 uint32 error_code = 1;
149 KeyCharacteristics characteristics = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]150}
151
152// ImportKey
153message ImportKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]154 KeyParameters params = 1;
155 RSAKey rsa = 2;
156 ECKey ec = 3;
157 SymmetricKey symmetric_key = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]158};
159message ImportKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]160 // TODO: include an ErrorCode field
161 uint32 error_code = 1;
162 KeyBlob blob = 2;
163 KeyCharacteristics characteristics = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]164};
165
166// ExportKey
167message ExportKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]168 KeyFormat format = 1;
169 KeyBlob blob = 2;
170 bytes client_id = 3;
171 bytes app_data = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]172};
173message ExportKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]174 uint32 error_code = 1;
175 bytes key_material = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]176};
177
178// AttestKey
179message AttestKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]180 KeyBlob blob = 1;
181 KeyParameters params = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]182}
183message AttestKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]184 uint32 error_code = 1;
185 CertificateChain chain = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]186}
187
188// UpgradeKey
189message UpgradeKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]190 KeyBlob blob = 1;
191 KeyParameters params = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]192}
193message UpgradeKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]194 uint32 error_code = 1;
195 KeyBlob blob = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]196}
197
198// DeleteKey
199message DeleteKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]200 KeyBlob blob = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]201}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]202message DeleteKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]203 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]204}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]205
206// DeleteAllKeys
207message DeleteAllKeysRequest {}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]208message DeleteAllKeysResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]209 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]210}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]211
212// DestroyAttestationIds
213message DestroyAttestationIdsRequest {}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]214message DestroyAttestationIdsResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]215 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]216}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]217
218// BeginOperation
219message BeginOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]220 KeyPurpose purpose = 1;
221 KeyBlob blob = 2;
222 KeyParameters params = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]223}
224message BeginOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]225 uint32 error_code = 1;
226 KeyParameters params = 2;
227 OperationHandle handle = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]228}
229
230// UpdateOperation
231message UpdateOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]232 OperationHandle handle = 1;
233 KeyParameters params = 2;
234 bytes input = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]235}
236message UpdateOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]237 uint32 error_code = 1;
238 uint32 consumed = 2;
239 KeyParameters params = 3;
240 bytes output = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]241}
242
243// FinishOperation
244message FinishOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]245 OperationHandle handle = 1;
246 KeyParameters params = 2;
247 bytes input = 3;
248 bytes signature = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]249};
250message FinishOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]251 uint32 error_code = 1;
252 KeyParameters params = 2;
253 bytes output = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]254};
255
256// AbortOperation
257message AbortOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]258 OperationHandle handle = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]259};
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]260message AbortOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]261 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]262};
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]263
264/*
265 * KM4 messages.
266 */
267message ImportWrappedKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]268 KeyBlob wrapping_key_blob = 1;
269 bytes wrapped_key = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]270}
271
272message ImportWrappedKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]273 uint32 error_code = 1;
274 KeyBlob blob = 2;
275 KeyCharacteristics characteristics = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]276}
nagendra modadugu6a53e4d2017-09-25 19:40:38 -0700[diff] [blame]277
278
279/*
280 * Internal types.
281 */
282message RSAKey {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]283 uint32 e = 1;
284 bytes d = 2;
285 bytes n = 3;
nagendra modadugu6a53e4d2017-09-25 19:40:38 -0700[diff] [blame]286}
287
288message ECKey {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]289 uint32 curve_id = 1;
290 bytes d = 2;
291 bytes x = 3;
292 bytes y = 4;
nagendra modadugu6a53e4d2017-09-25 19:40:38 -0700[diff] [blame]293}
294
295message SymmetricKey {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame^]296 uint32 algorithm = 1;
297 bytes material = 2;
298}