diff options
| author | josephjang <josephjang@google.com> | 2020-03-23 14:08:32 +0800 |
|---|---|---|
| committer | josephjang <josephjang@google.com> | 2020-06-08 14:42:52 +0800 |
| commit | b57647b17190337576672d6dd30e54939dbef6cb (patch) | |
| tree | 9cfe195bd2cad3ab940039c54937f27d5cac443b | |
| parent | 9e5ffa8b0e82c1beaabb34ad9d83e4bd64845d92 (diff) | |
| download | generic-b57647b17190337576672d6dd30e54939dbef6cb.tar.gz | |
Identity: Add support mDL certificate APIs
Background:
See b/150180570, in order to get EC public
key attestation and certificates from Citadel.
Create vendor RPC function from keymaster app
to support mDL specific requirement.
New Stuff:
Create new RPC function IdentityStartAttestKey()
and IdentityFinishAttestKeyRequest().
Create corresponding protobuf request/response struct
(IdentityStartAttestKeyRequest/
IdentityStartAttestKeyResponse) and
(IdentityFinishAttestKeyRequest/
IdentityFinishAttestKeyResponse).
Notes/Caveats:
None.
Test: System hartness testing
Bug: 150180570
Change-Id: I7f4834844e6191d3530c79126abe259353fc9b08
| -rw-r--r-- | nugget/proto/nugget/app/keymaster/keymaster.proto | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto index a5108c0..e508c8e 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster.proto +++ b/nugget/proto/nugget/app/keymaster/keymaster.proto @@ -125,6 +125,8 @@ service Keymaster { * More vendor specific methods. */ rpc ReadCertificate(ReadCertificateRequest) returns (ReadCertificateResponse); + rpc IdentityStartAttestKey (IdentityStartAttestKeyRequest) returns (IdentityStartAttestKeyResponse); + rpc IdentityFinishAttestKey (IdentityFinishAttestKeyRequest) returns (IdentityFinishAttestKeyResponse); /* * Resume-on-Reboot implementation. @@ -529,3 +531,31 @@ message VigoReleaseSecretResponse { ErrorCode error_code = 1; VigoSecret secret_encrypted = 2; } + +// IdentityStartAttestKey +message IdentityStartAttestKeyRequest { + bytes pubkey = 1; + KeyParameters params = 2; + uint32 attestation_app_id_len = 3; + AttestationSelector selector = 4; + bytes not_before = 5; // strftime('%y%m%d%H%M%SZ') [13 octects] + bytes not_after = 6; // strftime('%y%m%d%H%M%SZ') [13 octects] + uint64 creation_time_ms = 7; // Rough current time (ms since epoch). +} +message IdentityStartAttestKeyResponse { + ErrorCode error_code = 1; + OperationHandle handle = 2; + bytes certificate_prologue = 3; +} + +// IdentityFinishAttestKeyRequest +message IdentityFinishAttestKeyRequest { + OperationHandle handle = 1; + bool use_km_attest_key = 2; +} +message IdentityFinishAttestKeyResponse { + ErrorCode error_code = 1; + bytes certificate_epilogue = 2; + ChipFusing chip_fusing = 3; + bool nodelocked_ro = 4; +} |