Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / nos / host / generic / 4f705a745ec8792a0adc996680b673fc9a9e32eb / . / nugget / proto / nugget / app / keymaster / keymaster.proto
blob: 256031bfb0386b2028a8f1befd2faf3a267f4254 [file] [log] [blame]
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17syntax = "proto3";
18
19package nugget.app.keymaster;
20
Andrew Scullb5f24a52017-10-13 19:46:40 +0100[diff] [blame]21import "nugget/app/keymaster/keymaster_defs.proto";
22import "nugget/app/keymaster/keymaster_types.proto";
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]23import "nugget/protobuf/options.proto";
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]24
25/*
26 * Keymaster service methods.
27 *
28 * TODO: some methods may be implemented in the host side HAL implementation.
29 */
30service Keymaster {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]31 option (nugget.protobuf.app_id) = "KEYMASTER";
32 option (nugget.protobuf.app_name) = "Keymaster";
33 option (nugget.protobuf.app_version) = 1;
nagendra modadugu89e50ed2017-10-30 22:13:01 -0700[diff] [blame]34 /*
35 * Both request and response buffers are sized such
36 * that a key-blob may be fully contained.
37 *
38 * TODO: revisit this choice in the event that memory
39 * is running out. Supporting smaller buffers will
40 * require that the keymaster app switch from the
41 * transport API to the datagram API.
42 */
nagendra modadugu4f532bc2018-01-23 16:39:04 -0800[diff] [blame]43 option (nugget.protobuf.request_buffer_size) = 3072;
nagendra modadugu89e50ed2017-10-30 22:13:01 -0700[diff] [blame]44 option (nugget.protobuf.response_buffer_size) = 2048;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]45
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]46 /*
47 * KM3 methods, from:
48 * ::android::hardware::keymaster::V3_0::IKeymasterDevice
49 */
50 rpc AddRngEntropy (AddRngEntropyRequest) returns (AddRngEntropyResponse);
51 rpc GenerateKey (GenerateKeyRequest) returns (GenerateKeyResponse);
52 rpc GetKeyCharacteristics (GetKeyCharacteristicsRequest) returns (GetKeyCharacteristicsResponse);
53 rpc ImportKey (ImportKeyRequest) returns (ImportKeyResponse);
54 rpc ExportKey (ExportKeyRequest) returns (ExportKeyResponse);
55 rpc AttestKey (AttestKeyRequest) returns (AttestKeyResponse);
56 rpc UpgradeKey (UpgradeKeyRequest) returns (UpgradeKeyResponse);
57 rpc DeleteKey (DeleteKeyRequest) returns (DeleteKeyResponse);
58 rpc DeleteAllKeys (DeleteAllKeysRequest) returns (DeleteAllKeysResponse);
59 rpc DestroyAttestationIds (DestroyAttestationIdsRequest) returns (DestroyAttestationIdsResponse);
60 rpc BeginOperation (BeginOperationRequest) returns (BeginOperationResponse);
61 rpc UpdateOperation (UpdateOperationRequest) returns (UpdateOperationResponse);
62 rpc FinishOperation (FinishOperationRequest) returns (FinishOperationResponse);
63 rpc AbortOperation (AbortOperationRequest) returns (AbortOperationResponse);
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]64
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]65 /*
66 * KM4 methods.
67 */
nagendra modadugubdf53cd2017-12-04 21:28:02 -0800[diff] [blame]68 rpc ImportWrappedKey (ImportWrappedKeyRequest) returns (ImportKeyResponse);
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]69
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]70 /*
nagendra modadugu6023a7d2017-11-08 14:40:49 -0800[diff] [blame]71 * Vendor specific methods (bootloader, manufacturing, status,
72 * factory reset, upgrade).
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]73 */
nagendra modadugu6023a7d2017-11-08 14:40:49 -0800[diff] [blame]74 // Only callable by the Bootloader.
75 rpc SetRootOfTrust (SetRootOfTrustRequest) returns (SetRootOfTrustResponse);
76 // Only callable by the Bootloader.
77 rpc SetBootState (SetBootStateRequest) returns (SetBootStateResponse);
nagendra modadugu0121ffb2018-03-08 22:37:33 -0800[diff] [blame]78 // Only callable at the Device Factory.
79 rpc ProvisionDeviceIds (ProvisionDeviceIdsRequest) returns (ProvisionDeviceIdsResponse);
80 // Only callable at the Device Factory.
81 rpc ReadTeeBatchCertificate (ReadTeeBatchCertificateRequest) returns (ReadTeeBatchCertificateResponse);
Janis Danisevskis4f705a72018-04-13 14:52:38 -0700[diff] [blame^]82
83 /*
84 * More KM4 methods.
85 */
86 rpc GetHmacSharingParameters (GetHmacSharingParametersRequest) returns (GetHmacSharingParametersResponse);
87 rpc ComputeSharedHmac (ComputeSharedHmacRequest) returns (ComputeSharedHmacResponse);
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]88}
89
90/*
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]91 * KM3 messages.
92 */
93
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]94// AddEntropy
95message AddRngEntropyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]96 bytes data = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]97}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]98message AddRngEntropyResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]99 ErrorCode error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]100}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]101
102// GenerateKey
103message GenerateKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]104 KeyParameters params = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]105}
106message GenerateKeyResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]107 ErrorCode error_code = 1;
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]108 KeyBlob blob = 2;
109 KeyCharacteristics characteristics = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]110}
111
112// GetKeyCharacteristics
113message GetKeyCharacteristicsRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]114 KeyBlob blob = 1;
115 bytes client_id = 2;
116 bytes app_data = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]117}
118message GetKeyCharacteristicsResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]119 ErrorCode error_code = 1;
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]120 KeyCharacteristics characteristics = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]121}
122
123// ImportKey
124message ImportKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]125 KeyParameters params = 1;
126 RSAKey rsa = 2;
127 ECKey ec = 3;
128 SymmetricKey symmetric_key = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]129};
130message ImportKeyResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]131 ErrorCode error_code = 1;
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]132 KeyBlob blob = 2;
133 KeyCharacteristics characteristics = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]134};
135
136// ExportKey
137message ExportKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]138 KeyFormat format = 1;
139 KeyBlob blob = 2;
140 bytes client_id = 3;
141 bytes app_data = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]142};
143message ExportKeyResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]144 ErrorCode error_code = 1;
nagendra modadugu95ac9bb2018-01-24 16:33:03 -0800[diff] [blame]145 Algorithm algorithm = 2;
146 RSAKey rsa = 3;
147 ECKey ec = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]148};
149
150// AttestKey
151message AttestKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]152 KeyBlob blob = 1;
153 KeyParameters params = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]154}
155message AttestKeyResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]156 ErrorCode error_code = 1;
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]157 CertificateChain chain = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]158}
159
160// UpgradeKey
161message UpgradeKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]162 KeyBlob blob = 1;
163 KeyParameters params = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]164}
165message UpgradeKeyResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]166 ErrorCode error_code = 1;
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]167 KeyBlob blob = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]168}
169
170// DeleteKey
171message DeleteKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]172 KeyBlob blob = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]173}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]174message DeleteKeyResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]175 ErrorCode error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]176}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]177
178// DeleteAllKeys
179message DeleteAllKeysRequest {}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]180message DeleteAllKeysResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]181 ErrorCode error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]182}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]183
184// DestroyAttestationIds
185message DestroyAttestationIdsRequest {}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]186message DestroyAttestationIdsResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]187 ErrorCode error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]188}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]189
190// BeginOperation
191message BeginOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]192 KeyPurpose purpose = 1;
193 KeyBlob blob = 2;
194 KeyParameters params = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]195}
196message BeginOperationResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]197 ErrorCode error_code = 1;
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]198 KeyParameters params = 2;
199 OperationHandle handle = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]200}
201
202// UpdateOperation
203message UpdateOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]204 OperationHandle handle = 1;
205 KeyParameters params = 2;
206 bytes input = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]207}
208message UpdateOperationResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]209 ErrorCode error_code = 1;
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]210 uint32 consumed = 2;
211 KeyParameters params = 3;
212 bytes output = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]213}
214
215// FinishOperation
216message FinishOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]217 OperationHandle handle = 1;
218 KeyParameters params = 2;
219 bytes input = 3;
220 bytes signature = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]221};
222message FinishOperationResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]223 ErrorCode error_code = 1;
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]224 KeyParameters params = 2;
225 bytes output = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]226};
227
228// AbortOperation
229message AbortOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]230 OperationHandle handle = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]231};
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]232message AbortOperationResponse {
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]233 ErrorCode error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]234};
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]235
236/*
237 * KM4 messages.
238 */
nagendra modadugu6023a7d2017-11-08 14:40:49 -0800[diff] [blame]239
240// ImportWrappedKey
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]241message ImportWrappedKeyRequest {
nagendra modadugubdf53cd2017-12-04 21:28:02 -0800[diff] [blame]242 uint32 key_format = 1;
243 KeyParameters params = 2;
244 bytes rsa_envelope = 3;
245 bytes initialization_vector = 4; // Fixed sized array.
246 bytes encrypted_import_key = 5;
247 bytes aad = 6;
248 bytes gcm_tag = 7; // Fixed sized array.
249 KeyBlob wrapping_key_blob = 8;
250 bytes masking_key = 9; // Fixed sized array.
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]251}
nagendra modadugubdf53cd2017-12-04 21:28:02 -0800[diff] [blame]252// ImportWrappedKey returns a ImportKeyResponse.
nagendra modadugu6023a7d2017-11-08 14:40:49 -0800[diff] [blame]253
254/*
255 * Vendor HAL.
256 */
257
258// SetRootOfTrustRequest
259// Only callable by the Bootloader.
260message SetRootOfTrustRequest {
261 bytes digest = 1;
262}
263message SetRootOfTrustResponse {
264 // Specified in keymaster_defs.proto:ErrorCode
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]265 ErrorCode error_code = 1;
nagendra modadugu6023a7d2017-11-08 14:40:49 -0800[diff] [blame]266}
267
268// SetBootStateRequest
269// Only callable by the Bootloader.
270message SetBootStateRequest {
271 bool is_unlocked = 1;
272 bytes public_key = 2;
273 uint32 color = 3;
274 uint32 system_version = 4;
275 uint32 system_security_level = 5;
276}
277message SetBootStateResponse {
278 // Specified in keymaster_defs.proto:ErrorCode
nagendra modadugu4405b6b2017-12-28 11:17:18 -0800[diff] [blame]279 ErrorCode error_code = 1;
nagendra modadugu0121ffb2018-03-08 22:37:33 -0800[diff] [blame]280}
281
282// ProvisionDeviceIds
283// Only callable at the Device Factory
284message ProvisionDeviceIdsRequest {
285 bytes product_brand = 1;
286 bytes product_device = 2;
287 bytes product_name = 3;
288 bytes serialno = 4;
289 bytes product_manufacturer = 5;
290 bytes product_model = 6;
291 bytes imei = 7;
292 bytes meid = 8;
293}
294message ProvisionDeviceIdsResponse {
295 // Specified in keymaster_defs.proto:ErrorCode
296 ErrorCode error_code = 1;
297}
298
299// ReadTeeBatchCertificate
300// Only callable at the Device Factory
301message ReadTeeBatchCertificateRequest {
302 Algorithm algorithm = 1;
303}
304message ReadTeeBatchCertificateResponse {
305 ErrorCode error_code = 1;
306 RSAKey rsa = 2; // rsa or ec set based on request algorithm selector.
307 ECKey ec = 3;
308 bytes batch_cert = 4;
309}
Janis Danisevskis4f705a72018-04-13 14:52:38 -0700[diff] [blame^]310
311message GetHmacSharingParametersRequest {}
312
313message GetHmacSharingParametersResponse {
314 ErrorCode error_code = 1;
315 HmacSharingParameters hmac_sharing_params = 2;
316}
317
318message ComputeSharedHmacRequest {
319 repeated HmacSharingParameters hmac_sharing_params = 1;
320}
321
322message ComputeSharedHmacResponse {
323 ErrorCode error_code = 1;
324 bytes sharing_check = 2;
325}