Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / nos / host / generic / bdf53cdcf65c1dbd8a7c5bba9fcb1c00727c93ea / . / nugget / proto / nugget / app / keymaster / keymaster.proto
blob: 0edf748613461511844a2a45f91e1be563cba118 [file] [log] [blame]
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17syntax = "proto3";
18
19package nugget.app.keymaster;
20
Andrew Scullb5f24a52017-10-13 19:46:40 +0100[diff] [blame]21import "nugget/app/keymaster/keymaster_defs.proto";
22import "nugget/app/keymaster/keymaster_types.proto";
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]23import "nugget/protobuf/options.proto";
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]24
25/*
26 * Keymaster service methods.
27 *
28 * TODO: some methods may be implemented in the host side HAL implementation.
29 */
30service Keymaster {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]31 option (nugget.protobuf.app_id) = "KEYMASTER";
32 option (nugget.protobuf.app_name) = "Keymaster";
33 option (nugget.protobuf.app_version) = 1;
nagendra modadugu89e50ed2017-10-30 22:13:01 -0700[diff] [blame]34 /*
35 * Both request and response buffers are sized such
36 * that a key-blob may be fully contained.
37 *
38 * TODO: revisit this choice in the event that memory
39 * is running out. Supporting smaller buffers will
40 * require that the keymaster app switch from the
41 * transport API to the datagram API.
42 */
43 option (nugget.protobuf.request_buffer_size) = 2048;
44 option (nugget.protobuf.response_buffer_size) = 2048;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]45
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]46 /*
47 * KM3 methods, from:
48 * ::android::hardware::keymaster::V3_0::IKeymasterDevice
49 */
50 rpc AddRngEntropy (AddRngEntropyRequest) returns (AddRngEntropyResponse);
51 rpc GenerateKey (GenerateKeyRequest) returns (GenerateKeyResponse);
52 rpc GetKeyCharacteristics (GetKeyCharacteristicsRequest) returns (GetKeyCharacteristicsResponse);
53 rpc ImportKey (ImportKeyRequest) returns (ImportKeyResponse);
54 rpc ExportKey (ExportKeyRequest) returns (ExportKeyResponse);
55 rpc AttestKey (AttestKeyRequest) returns (AttestKeyResponse);
56 rpc UpgradeKey (UpgradeKeyRequest) returns (UpgradeKeyResponse);
57 rpc DeleteKey (DeleteKeyRequest) returns (DeleteKeyResponse);
58 rpc DeleteAllKeys (DeleteAllKeysRequest) returns (DeleteAllKeysResponse);
59 rpc DestroyAttestationIds (DestroyAttestationIdsRequest) returns (DestroyAttestationIdsResponse);
60 rpc BeginOperation (BeginOperationRequest) returns (BeginOperationResponse);
61 rpc UpdateOperation (UpdateOperationRequest) returns (UpdateOperationResponse);
62 rpc FinishOperation (FinishOperationRequest) returns (FinishOperationResponse);
63 rpc AbortOperation (AbortOperationRequest) returns (AbortOperationResponse);
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]64
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]65 /*
66 * KM4 methods.
67 */
nagendra modadugubdf53cd2017-12-04 21:28:02 -0800[diff] [blame^]68 rpc ImportWrappedKey (ImportWrappedKeyRequest) returns (ImportKeyResponse);
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]69
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]70 /*
nagendra modadugu6023a7d2017-11-08 14:40:49 -0800[diff] [blame]71 * Vendor specific methods (bootloader, manufacturing, status,
72 * factory reset, upgrade).
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]73 */
nagendra modadugu6023a7d2017-11-08 14:40:49 -0800[diff] [blame]74 // Only callable by the Bootloader.
75 rpc SetRootOfTrust (SetRootOfTrustRequest) returns (SetRootOfTrustResponse);
76 // Only callable by the Bootloader.
77 rpc SetBootState (SetBootStateRequest) returns (SetBootStateResponse);
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]78}
79
80/*
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]81 * KM3 messages.
82 */
83
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]84// AddEntropy
85message AddRngEntropyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]86 bytes data = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]87}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]88message AddRngEntropyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]89 // TODO: replace with ErrorCode enum
90 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]91}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]92
93// GenerateKey
94message GenerateKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]95 KeyParameters params = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]96}
97message GenerateKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]98 uint32 error_code = 1;
99 KeyBlob blob = 2;
100 KeyCharacteristics characteristics = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]101}
102
103// GetKeyCharacteristics
104message GetKeyCharacteristicsRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]105 KeyBlob blob = 1;
106 bytes client_id = 2;
107 bytes app_data = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]108}
109message GetKeyCharacteristicsResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]110 uint32 error_code = 1;
111 KeyCharacteristics characteristics = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]112}
113
114// ImportKey
115message ImportKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]116 KeyParameters params = 1;
117 RSAKey rsa = 2;
118 ECKey ec = 3;
119 SymmetricKey symmetric_key = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]120};
121message ImportKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]122 uint32 error_code = 1;
123 KeyBlob blob = 2;
124 KeyCharacteristics characteristics = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]125};
126
127// ExportKey
128message ExportKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]129 KeyFormat format = 1;
130 KeyBlob blob = 2;
131 bytes client_id = 3;
132 bytes app_data = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]133};
134message ExportKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]135 uint32 error_code = 1;
136 bytes key_material = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]137};
138
139// AttestKey
140message AttestKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]141 KeyBlob blob = 1;
142 KeyParameters params = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]143}
144message AttestKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]145 uint32 error_code = 1;
146 CertificateChain chain = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]147}
148
149// UpgradeKey
150message UpgradeKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]151 KeyBlob blob = 1;
152 KeyParameters params = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]153}
154message UpgradeKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]155 uint32 error_code = 1;
156 KeyBlob blob = 2;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]157}
158
159// DeleteKey
160message DeleteKeyRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]161 KeyBlob blob = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]162}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]163message DeleteKeyResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]164 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]165}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]166
167// DeleteAllKeys
168message DeleteAllKeysRequest {}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]169message DeleteAllKeysResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]170 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]171}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]172
173// DestroyAttestationIds
174message DestroyAttestationIdsRequest {}
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]175message DestroyAttestationIdsResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]176 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]177}
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]178
179// BeginOperation
180message BeginOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]181 KeyPurpose purpose = 1;
182 KeyBlob blob = 2;
183 KeyParameters params = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]184}
185message BeginOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]186 uint32 error_code = 1;
187 KeyParameters params = 2;
188 OperationHandle handle = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]189}
190
191// UpdateOperation
192message UpdateOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]193 OperationHandle handle = 1;
194 KeyParameters params = 2;
195 bytes input = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]196}
197message UpdateOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]198 uint32 error_code = 1;
199 uint32 consumed = 2;
200 KeyParameters params = 3;
201 bytes output = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]202}
203
204// FinishOperation
205message FinishOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]206 OperationHandle handle = 1;
207 KeyParameters params = 2;
208 bytes input = 3;
209 bytes signature = 4;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]210};
211message FinishOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]212 uint32 error_code = 1;
213 KeyParameters params = 2;
214 bytes output = 3;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]215};
216
217// AbortOperation
218message AbortOperationRequest {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]219 OperationHandle handle = 1;
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]220};
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]221message AbortOperationResponse {
Andrew Scull36ebf2d2017-10-10 11:25:21 +0100[diff] [blame]222 uint32 error_code = 1;
nagendra modadugu36966942017-09-26 15:56:24 -0700[diff] [blame]223};
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]224
225/*
226 * KM4 messages.
227 */
nagendra modadugu6023a7d2017-11-08 14:40:49 -0800[diff] [blame]228
229// ImportWrappedKey
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]230message ImportWrappedKeyRequest {
nagendra modadugubdf53cd2017-12-04 21:28:02 -0800[diff] [blame^]231 uint32 key_format = 1;
232 KeyParameters params = 2;
233 bytes rsa_envelope = 3;
234 bytes initialization_vector = 4; // Fixed sized array.
235 bytes encrypted_import_key = 5;
236 bytes aad = 6;
237 bytes gcm_tag = 7; // Fixed sized array.
238 KeyBlob wrapping_key_blob = 8;
239 bytes masking_key = 9; // Fixed sized array.
nagendra modadugubdcfaa82017-09-17 17:11:36 -0700[diff] [blame]240}
nagendra modadugubdf53cd2017-12-04 21:28:02 -0800[diff] [blame^]241// ImportWrappedKey returns a ImportKeyResponse.
nagendra modadugu6023a7d2017-11-08 14:40:49 -0800[diff] [blame]242
243/*
244 * Vendor HAL.
245 */
246
247// SetRootOfTrustRequest
248// Only callable by the Bootloader.
249message SetRootOfTrustRequest {
250 bytes digest = 1;
251}
252message SetRootOfTrustResponse {
253 // Specified in keymaster_defs.proto:ErrorCode
254 uint32 error_code = 1;
255}
256
257// SetBootStateRequest
258// Only callable by the Bootloader.
259message SetBootStateRequest {
260 bool is_unlocked = 1;
261 bytes public_key = 2;
262 uint32 color = 3;
263 uint32 system_version = 4;
264 uint32 system_security_level = 5;
265}
266message SetBootStateResponse {
267 // Specified in keymaster_defs.proto:ErrorCode
268 uint32 error_code = 1;
269}