diff options
author | josephjang <josephjang@google.com> | 2020-06-16 16:11:48 +0800 |
---|---|---|
committer | Jing-yan, Jang <josephjang@google.com> | 2020-06-16 08:41:02 +0000 |
commit | be4523fff7f5a44d61da5202050b0c51d349dc81 (patch) | |
tree | ff3a745d33d20b6a3eecbe34b7f977edec0e2a91 | |
parent | 99cb689080e281665275798304de46b1068c1f2d (diff) | |
parent | 18e6fd158f64003f8a8bca3954da7bd328039ed2 (diff) | |
download | generic-be4523fff7f5a44d61da5202050b0c51d349dc81.tar.gz |
Merge remote-tracking branch 'goog/upstream-master' into josephjang-nos-merge-upstream
* goog/upstream-master:
ALERT: refactor event_record struct option
Identity: Add support mDL certificate APIs
identity: Create identity proto and app ID
CAVP: ECDSA proto messages
CAVP: CKDF proto messages
CAVP: DRBG proto messages
CAVP: RSA proto messages
Bug: 159098922
Bug: 150181632
Change-Id: I74020d9775a5038af37c1502017fd19fdf76bdc1
-rw-r--r-- | nugget/include/application.h | 1 | ||||
-rw-r--r-- | nugget/include/citadel_events.h | 11 | ||||
-rw-r--r-- | nugget/proto/BUILD | 82 | ||||
-rw-r--r-- | nugget/proto/nugget/app/identity/Android.bp | 47 | ||||
-rw-r--r-- | nugget/proto/nugget/app/identity/identity.proto | 303 | ||||
-rw-r--r-- | nugget/proto/nugget/app/identity/identity_defs.proto | 46 | ||||
-rw-r--r-- | nugget/proto/nugget/app/identity/identity_types.proto | 32 | ||||
-rw-r--r-- | nugget/proto/nugget/app/keymaster/keymaster.proto | 30 | ||||
-rw-r--r-- | nugget/proto/nugget/app/protoapi/testing_api.proto | 163 |
9 files changed, 711 insertions, 4 deletions
diff --git a/nugget/include/application.h b/nugget/include/application.h index 9415811..ef70754 100644 --- a/nugget/include/application.h +++ b/nugget/include/application.h @@ -72,6 +72,7 @@ typedef const void * const __private; #define APP_ID_KEYMASTER 0x02 #define APP_ID_WEAVER 0x03 #define APP_ID_PROTOBUF 0x04 +#define APP_ID_IDENTITY 0x05 /* Fake apps used only for testing */ #define APP_ID_AVB_TEST 0x11 diff --git a/nugget/include/citadel_events.h b/nugget/include/citadel_events.h index 280c7ff..02653b0 100644 --- a/nugget/include/citadel_events.h +++ b/nugget/include/citadel_events.h @@ -63,6 +63,7 @@ enum event_id { EVENT_ALERT = 1, // Globalsec alert fired. EVENT_REBOOTED = 2, // Device rebooted. EVENT_UPGRADED = 3, // Device has upgraded. + EVENT_ALERT_V2 = 4, // Globalsec Alertv2 fired }; /* Please do not change the size of this struct */ @@ -84,10 +85,12 @@ struct event_record { uint32_t which1; } rebooted; struct { - uint32_t int_grp_bf; - uint32_t int_cause_bf; - uint32_t dlyctr_bf; - } d_globalsec; + uint32_t alert_grp[4]; + uint16_t camo_breaches[2]; + uint16_t temp_min; + uint16_t temp_max; + uint32_t bus_err; + } alert_v2; /* uninterpreted */ union { diff --git a/nugget/proto/BUILD b/nugget/proto/BUILD index d065ed2..0b7219f 100644 --- a/nugget/proto/BUILD +++ b/nugget/proto/BUILD @@ -43,6 +43,14 @@ cc_proto_library( ) cc_proto_library( + name = "nugget_app_identity_identity_cc_proto", + visibility = ["//visibility:public"], + deps = [ + "nugget_app_identity_identity_proto", + ], +) + +cc_proto_library( name = "nugget_app_avb_avb_cc_proto", visibility = ["//visibility:public"], deps = [ @@ -101,6 +109,25 @@ cc_library( ) cc_library( + name = "identity_client_proto", + srcs = [ + "nugget/app/identity/Identity.client.cpp", + ], + hdrs = [ + "nugget/app/identity/Identity.client.h", + ], + includes = [ + "./nugget/app/identity/", + ], + visibility = ["//visibility:public"], + deps = [ + "nugget_app_identity_identity_cc_proto", + "nugget_protobuf_options_cc_proto", + "//host/generic/libnos", + ], +) + +cc_library( name = "avb_client_proto", srcs = [ "nugget/app/avb/Avb.client.cpp", @@ -204,6 +231,48 @@ genrule( ) genrule( + name = "identity_proto_client_cc_genrule", + srcs = [ + "nugget/app/identity/identity.proto", + "nugget/app/identity/identity_defs.proto", + "nugget/app/identity/identity_types.proto", + "nugget/protobuf/options.proto", + "google/protobuf/descriptor.proto", + ], + outs = [ + "nugget/app/identity/Identity.client.cpp", + ], + cmd = GEN_SERVICE + " --proto_path=" + PROTO_ROOT + + " --nos-client-cpp_out=source:$$(dirname $(location nugget/app/identity/Identity.client.cpp)) " + + "$(location nugget/app/identity/identity.proto)", + tools = [ + "@com_google_protobuf//:protoc", + "//host/generic/libnos/generator:protoc_gen_nos_client_cpp", + ], +) + +genrule( + name = "identity_proto_client_h_genrule", + srcs = [ + "nugget/app/identity/identity.proto", + "nugget/app/identity/identity_defs.proto", + "nugget/app/identity/identity_types.proto", + "nugget/protobuf/options.proto", + "google/protobuf/descriptor.proto", + ], + outs = [ + "nugget/app/identity/Identity.client.h", + ], + cmd = GEN_SERVICE + " --proto_path=" + PROTO_ROOT + + " --nos-client-cpp_out=header:$$(dirname $(location nugget/app/identity/Identity.client.h)) " + + "$(location nugget/app/identity/identity.proto)", + tools = [ + "@com_google_protobuf//:protoc", + "//host/generic/libnos/generator:protoc_gen_nos_client_cpp", + ], +) + +genrule( name = "keymaster_proto_client_cc_genrule", srcs = [ "nugget/app/keymaster/keymaster.proto", @@ -344,6 +413,19 @@ proto_library( ) proto_library( + name = "nugget_app_identity_identity_proto", + srcs = [ + "nugget/app/identity/identity.proto", + "nugget/app/identity/identity_defs.proto", + "nugget/app/identity/identity_types.proto", + ], + strip_import_prefix = PROTO_SOURCE_ROOT, + deps = [ + "nugget_protobuf_options_proto", + ], +) + +proto_library( name = "nugget_protobuf_options_proto", srcs = [ "nugget/protobuf/options.proto", diff --git a/nugget/proto/nugget/app/identity/Android.bp b/nugget/proto/nugget/app/identity/Android.bp new file mode 100644 index 0000000..d05f639 --- /dev/null +++ b/nugget/proto/nugget/app/identity/Android.bp @@ -0,0 +1,47 @@ +// +// Copyright (C) 2019 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +genrule { + name: "nos_app_identity_service_genc++", + out: ["Identity.client.cpp"], + srcs: ["identity.proto"], + tools: ["aprotoc", "protoc-gen-nos-client-cpp"], + cmd: GEN_SERVICE_SOURCE, +} + +genrule { + name: "nos_app_identity_service_genc++_headers", + out: ["Identity.client.h"], + srcs: ["identity.proto"], + tools: ["aprotoc", "protoc-gen-nos-client-cpp"], + cmd: GEN_SERVICE_HEADER, +} + +genrule { + name: "nos_app_identity_service_genc++_mock", + out: ["MockIdentity.client.h"], + srcs: ["identity.proto"], + tools: ["aprotoc", "protoc-gen-nos-client-cpp"], + cmd: GEN_SERVICE_MOCK, +} + +cc_library { + name: "nos_app_identity", + generated_sources: ["nos_app_identity_service_genc++"], + generated_headers: ["nos_app_identity_service_genc++_headers"], + defaults: ["nos_app_service_defaults"], + export_generated_headers: ["nos_app_identity_service_genc++_headers"], +} diff --git a/nugget/proto/nugget/app/identity/identity.proto b/nugget/proto/nugget/app/identity/identity.proto new file mode 100644 index 0000000..9d0a529 --- /dev/null +++ b/nugget/proto/nugget/app/identity/identity.proto @@ -0,0 +1,303 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +syntax = "proto3"; + +package nugget.app.identity; + +import "nugget/app/identity/identity_defs.proto"; +import "nugget/app/identity/identity_types.proto"; +import "nugget/protobuf/options.proto"; + +// Identity is the app used to implement Android's Identity HAL. +// +// The documentation for the HAL applies to this implementation. +service Identity { + option (nugget.protobuf.app_id) = "IDENTITY"; + option (nugget.protobuf.app_name) = "Identity"; + option (nugget.protobuf.app_version) = 1; + option (nugget.protobuf.request_buffer_size) = 1024; + option (nugget.protobuf.response_buffer_size) = 1024; + + // RPCs for the Identity HAL + rpc WICinitialize (WICinitializeRequest) returns (WICinitializeResponse); + rpc WICcreateCredentialKey (WICcreateCredentialKeyRequest) returns (WICcreateCredentialKeyResponse); + rpc WICstartPersonalization (WICstartPersonalizationRequest) returns (WICstartPersonalizationResponse); + rpc WICaddAccessControlProfile (WICaddAccessControlProfileRequest) returns (WICaddAccessControlProfileResponse); + rpc WICbeginAddEntry (WICbeginAddEntryRequest) returns (WICbeginAddEntryResponse); + rpc WICaddEntryValue (WICaddEntryValueRequest) returns (WICaddEntryValueResponse); + rpc WICfinishAddingEntries (WICfinishAddingEntriesRequest) returns (WICfinishAddingEntriesResponse); + rpc ICinitialize (ICinitializeRequest) returns (ICinitializeResponse); + rpc ICcreateEphemeralKeyPair (ICcreateEphemeralKeyPairRequest) returns (ICcreateEphemeralKeyPairResponse); + rpc ICgenerateSigningKeyPair (ICgenerateSigningKeyPairRequest) returns (ICgenerateSigningKeyPairResponse); + rpc ICcreateAuthChallenge (ICcreateAuthChallengeRequest) returns (ICcreateAuthChallengeResponse); + rpc ICstartRetrieveEntries (ICstartRetrieveEntriesRequest) returns (ICstartRetrieveEntriesResponse); + rpc ICsetAuthToken (ICsetAuthTokenRequest) returns (ICsetAuthTokenResponse); + rpc ICpushReaderCert (ICpushReaderCertRequest) returns (ICpushReaderCertResponse); + rpc ICvalidateAccessControlProfile (ICvalidateAccessControlProfileRequest) returns (ICvalidateAccessControlProfileResponse); + rpc ICvalidateRequestMessage (ICvalidateRequestMessageRequest) returns (ICvalidateRequestMessageResponse); + rpc ICcalcMacKey (ICcalcMacKeyRequest) returns (ICcalcMacKeyResponse); + rpc ICstartRetrieveEntryValue (ICstartRetrieveEntryValueRequest) returns (ICstartRetrieveEntryValueResponse); + rpc ICretrieveEntryValue (ICretrieveEntryValueRequest) returns (ICretrieveEntryValueResponse); + rpc ICfinishRetrieval (ICfinishRetrievalRequest) returns (ICfinishRetrievalResponse); + rpc ICdeleteCredential (ICdeleteCredentialRequest) returns (ICdeleteCredentialResponse); +} + +// WICinitialize +message WICinitializeRequest{ + bool testCredential = 1; +} +message WICinitializeResponse{ + Result result = 1; +} + +// WICcreateCredentialKey +message WICcreateCredentialKeyRequest{ +} + +message WICcreateCredentialKeyResponse{ + Result result = 1; + bytes publickey = 2; +} + +// WICstartPersonalization +message WICstartPersonalizationRequest{ + uint32 accessControlProfileCount = 1; + bytes entryCounts = 2; + bytes docType = 3; + uint32 expectedProofOfProvisioningSize = 4; +} +message WICstartPersonalizationResponse{ + Result result = 1; +} + +// WICaddAccessControlProfile +message WICaddAccessControlProfileRequest{ + uint32 id = 1; + bytes readerCertificate = 2; + bool userAuthenticationRequired = 3; + uint64 timeoutMillis = 4; + uint64 secureUserId = 5; +} +message WICaddAccessControlProfileResponse{ + Result result = 1; + bytes mac = 2; +} + +// WICbeginAddEntry +message WICbeginAddEntryRequest{ + bytes accessControlProfileIds = 1; + string nameSpace = 2; + string name = 3; + uint64 entrySize = 4; +} +message WICbeginAddEntryResponse{ + Result result = 1; +} + +// WICaddEntryValue +message WICaddEntryValueRequest{ + bytes accessControlProfileIds = 1; + string nameSpace = 2; + string name = 3; + bytes content = 4; +} +message WICaddEntryValueResponse{ + Result result = 1; + bytes encrypted_content = 2; +} + +// WICfinishAddingEntries +message WICfinishAddingEntriesRequest{ + bytes docType = 1; + bool testCredential = 2; +} + +message WICfinishAddingEntriesResponse{ + Result result = 1; + bytes signatureOfToBeSigned = 2; + bytes credentialData = 3; +} + +// ICinitialize +message ICinitializeRequest{ + bool testCredential = 1; + bytes docType = 2; + bytes encryptedCredentialKeys = 3; +} + +message ICinitializeResponse{ + Result result = 1; +} + +// ICcreateEphemeralKeyPair +message ICcreateEphemeralKeyPairRequest{ +} + +message ICcreateEphemeralKeyPairResponse{ + Result result = 1; + bytes ephemeralPriv = 2; +} + +// ICgenerateSigningKeyPair +message ICgenerateSigningKeyPairRequest{ + bytes docType = 1; +} + +message ICgenerateSigningKeyPairResponse{ + Result result = 1; + bytes SigningKeyBlob =2; + bytes signingPubKey =3; +} + +// ICcreateAuthChallenge +message ICcreateAuthChallengeRequest{ +} + +message ICcreateAuthChallengeResponse{ + Result result = 1; + uint64 challenge = 2; +} + +// ICstartRetrieveEntries +message ICstartRetrieveEntriesRequest{ +} + +message ICstartRetrieveEntriesResponse{ + Result result = 1; +} + +// ICsetAuthToken +message ICsetAuthTokenRequest{ + uint64 challenge = 1; + uint64 secureUserId = 2; + uint64 authenticatorId = 3; + uint32 hardwareAuthenticatorType = 4; + uint64 timeStamp = 5; + bytes mac = 6; + uint64 verificationTokenTimestamp =7; + bytes verificationTokenMac = 8; +} + +message ICsetAuthTokenResponse{ + Result result = 1; +} + +// ICpushReaderCert +message ICpushReaderCertRequest{ + bytes x509Cert = 1; + uint32 tbsCertificateOffset = 2; + uint32 tbsCertificateSize = 3; + uint32 signatureOffset = 4; + uint32 signatureSize = 5; + uint32 publicKeyOffset = 6; + uint32 publicKeySize = 7; + uint32 signAlg = 8; +} + +message ICpushReaderCertResponse{ + Result result = 1; +} + +// ICvalidateAccessControlProfile +message ICvalidateAccessControlProfileRequest{ + uint32 id = 1; + bytes readerCertificate = 2; + bool userAuthenticationRequired = 3; + uint32 timeoutMillis = 4; + uint64 secureUserId = 5; + bytes mac = 6; + uint32 publicKeyOffset = 7; + uint32 publicKeysize = 8; +} + +message ICvalidateAccessControlProfileResponse{ + Result result = 1; + bool accessGranted = 2; +} + +// ICvalidateRequestMessage +message ICvalidateRequestMessageRequest{ + bytes sessionTranscript = 1; + bytes requestMessage = 2; + uint32 coseSignAlg = 3; + bytes readerSignatureOfToBeSigned = 4; +} + +message ICvalidateRequestMessageResponse{ + Result result = 1; +} + +// ICcalcMacKey +message ICcalcMacKeyRequest{ + bytes sessionTranscript = 1; + bytes readerEphemeralPublicKey = 2; + bytes signingKeyBlob = 3; + bytes docType = 4; + uint32 numNamespacesWithValues = 5; + uint32 expectedProofOfProvisioningSize = 6; +} + +message ICcalcMacKeyResponse{ + Result result = 1; +} + +// ICstartRetrieveEntryValue +message ICstartRetrieveEntryValueRequest{ + string nameSpace = 1; + string name = 2; + uint32 newNamespaceNumEntries = 3; + uint32 entrySize = 4; + bytes accessControlProfileIds = 5; +} + +message ICstartRetrieveEntryValueResponse{ + AccessResult accessCheckResult = 1; +} + +// ICretrieveEntryValue +message ICretrieveEntryValueRequest{ + bytes encryptedContent = 1; + string nameSpace = 2; + string name = 3; + bytes accessControlProfileIds = 4; +} + +message ICretrieveEntryValueResponse{ + Result result = 1; + bytes content = 2; +} + +// ICfinishRetrieval +message ICfinishRetrievalRequest{ +} + +message ICfinishRetrievalResponse{ + Result result = 1; + bytes mac = 2; +} + +// ICdeleteCredential +message ICdeleteCredentialRequest{ + bytes docType = 1; + bool testCredential = 2; + uint32 proofOfDeletionCborSize =3; +} + +message ICdeleteCredentialResponse{ + Result result = 1; + bytes signatureOfToBeSigned = 2; +}
\ No newline at end of file diff --git a/nugget/proto/nugget/app/identity/identity_defs.proto b/nugget/proto/nugget/app/identity/identity_defs.proto new file mode 100644 index 0000000..f372ad3 --- /dev/null +++ b/nugget/proto/nugget/app/identity/identity_defs.proto @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +syntax = "proto3"; + +package nugget.app.identity; + +/** + * The ResultCode enumeration is used to convey the status of an operation. + */ +enum ResultCode { + STATUS_OK = 0; + STATUS_FAILED = 1; + STATUS_CIPHER_SUITE_NOT_SUPPORTED = 2; + STATUS_INVALID_DATA = 3; + STATUS_INVALID_AUTH_TOKEN = 4; + STATUS_INVALID_ITEMS_REQUEST_MESSAGE = 5; + STATUS_READER_SIGNATURE_CHECK_FAILED = 6; + STATUS_EPHEMERAL_PUBLIC_KEY_NOT_FOUND = 7; + STATUS_USER_AUTHENTICATION_FAILED = 8; + STATUS_READER_AUTHENTICATION_FAILED = 9; + STATUS_NO_ACCESS_CONTROL_PROFILES = 10; + STATUS_NOT_IN_REQUEST_MESSAGE = 11; + STATUS_SESSION_TRANSCRIPT_MISMATCH = 12; +}; + +enum EicAccessCheckResult { + EIC_ACCESS_CHECK_RESULT_OK = 0; + EIC_ACCESS_CHECK_RESULT_FAILED = 1; + EIC_ACCESS_CHECK_RESULT_NO_ACCESS_CONTROL_PROFILES = 2; + EIC_ACCESS_CHECK_RESULT_USER_AUTHENTICATION_FAILED = 3; + EIC_ACCESS_CHECK_RESULT_READER_AUTHENTICATION_FAILED = 4; +};
\ No newline at end of file diff --git a/nugget/proto/nugget/app/identity/identity_types.proto b/nugget/proto/nugget/app/identity/identity_types.proto new file mode 100644 index 0000000..4c50f2c --- /dev/null +++ b/nugget/proto/nugget/app/identity/identity_types.proto @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +syntax = "proto3"; + +package nugget.app.identity; + +import "nugget/protobuf/options.proto"; +import "nugget/app/identity/identity_defs.proto"; + +message Result { + ResultCode result_code = 1; + string message = 2; +} + +message AccessResult { + EicAccessCheckResult access_result = 1; + string message = 2; +}
\ No newline at end of file diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto index a5108c0..e508c8e 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster.proto +++ b/nugget/proto/nugget/app/keymaster/keymaster.proto @@ -125,6 +125,8 @@ service Keymaster { * More vendor specific methods. */ rpc ReadCertificate(ReadCertificateRequest) returns (ReadCertificateResponse); + rpc IdentityStartAttestKey (IdentityStartAttestKeyRequest) returns (IdentityStartAttestKeyResponse); + rpc IdentityFinishAttestKey (IdentityFinishAttestKeyRequest) returns (IdentityFinishAttestKeyResponse); /* * Resume-on-Reboot implementation. @@ -529,3 +531,31 @@ message VigoReleaseSecretResponse { ErrorCode error_code = 1; VigoSecret secret_encrypted = 2; } + +// IdentityStartAttestKey +message IdentityStartAttestKeyRequest { + bytes pubkey = 1; + KeyParameters params = 2; + uint32 attestation_app_id_len = 3; + AttestationSelector selector = 4; + bytes not_before = 5; // strftime('%y%m%d%H%M%SZ') [13 octects] + bytes not_after = 6; // strftime('%y%m%d%H%M%SZ') [13 octects] + uint64 creation_time_ms = 7; // Rough current time (ms since epoch). +} +message IdentityStartAttestKeyResponse { + ErrorCode error_code = 1; + OperationHandle handle = 2; + bytes certificate_prologue = 3; +} + +// IdentityFinishAttestKeyRequest +message IdentityFinishAttestKeyRequest { + OperationHandle handle = 1; + bool use_km_attest_key = 2; +} +message IdentityFinishAttestKeyResponse { + ErrorCode error_code = 1; + bytes certificate_epilogue = 2; + ChipFusing chip_fusing = 3; + bool nodelocked_ro = 4; +} diff --git a/nugget/proto/nugget/app/protoapi/testing_api.proto b/nugget/proto/nugget/app/protoapi/testing_api.proto index 7373da5..e88fb37 100644 --- a/nugget/proto/nugget/app/protoapi/testing_api.proto +++ b/nugget/proto/nugget/app/protoapi/testing_api.proto @@ -16,6 +16,7 @@ enum DcryptError { MISSING_PARAMETER = 3; KEYSIZE_MISMATCH = 4; INVALID_TEST = 5; + KEYGEN_ERROR = 6; } // TODO remove this when oneof support is added to nanopb @@ -36,6 +37,15 @@ enum OneofTestParametersCase { kCavpHmacTest = 13; kCavpShaMsgTest = 14; kCavpShaMctTest = 15; + kCavpRsaKeyGenTest = 16; + kCavpRsaSigGenTest = 17; + kCavpRsaSigVerTest = 18; + kCavpDrbgTest = 19; + kCavpCkdfTest = 20; + kCavpEcdsaKeyPairTest = 21; + kCavpEcdsaPkvTest = 22; + kCavpEcdsaSigGenTest = 23; + kCavpEcdsaSigVerTest = 24; } // TODO remove this when oneof support is added to nanopb @@ -50,6 +60,15 @@ enum OneofTestResultsCase { kCavpAesGcmTestResult = 7; kCavpHmacTestResult = 8; kCavpShaTestResult = 9; + kCavpRsaKeyGenTestResult = 10; + kCavpRsaSigGenTestResult = 11; + kCavpRsaSigVerTestResult = 12; + kCavpDrbgTestResult = 13; + kCavpCkdfTestResult = 14; + kCavpEcdsaKeyPairTestResult = 15; + kCavpEcdsaPkvTestResult = 16; + kCavpEcdsaSigGenTestResult = 17; + kCavpEcdsaSigVerTestResult = 18; } message AesCbcEncryptTest { @@ -156,6 +175,150 @@ message CavpShaTestResult { bytes md = 2; } +enum CavpRsaMRTable { + C_2 = 0; + C_3 = 1; +} + +enum CavpRsaPaddingType { + INVALID_PADDING = 0; + PKCS1 = 1; + PSS = 2; + OAEP = 3; +} + +message CavpRsaKeyGenTest { + uint32 count = 1; + uint32 mod = 2; + CavpRsaMRTable table = 3; +} + +message CavpRsaSigGenTest { + bool gen_n = 1; + CavpShaAlgorithm sha_alg = 2; + CavpRsaPaddingType padding = 3; + bytes msg = 4; +} + +message CavpRsaSigVerTest { + uint32 mod = 1; + CavpShaAlgorithm sha_alg = 2; + CavpRsaPaddingType padding = 3; + uint32 e = 4; + bytes n = 5; + bytes msg = 6; + bytes sig = 7; +} + +enum CavpRsaSigVerResult { + Pass = 0; + Fail_MessageChanged = 1; + Fail_General = 2; + Fail_SigChanged = 3; + Fail_EMHashMovedLeft = 4; + Fail_EMModPayload = 5; +} + +message CavpRsaSigVerTestResult { + DcryptError result_code = 1; + CavpRsaSigVerResult verif_result = 2; +} + +message CavpRsaSigGenTestResult { + DcryptError result_code = 1; + uint32 e = 2; + bytes n = 3; + bytes sig = 4; +} + +message CavpRsaKeyGenTestResult { + DcryptError result_code = 1; + uint32 e = 2; + bytes p = 3; + bytes q = 4; + bytes n = 5; + bytes d = 6; +} + +message CavpDrbgTest { + bool prediction_resistance = 2; + uint32 ret_len = 3; + bytes entropy_init = 4; + bytes nonce = 5; + bytes perso_str = 6; + bytes add_input_1 = 7; + bytes add_input_2 = 8; + bytes entropy_pr_1 = 10; + bytes entropy_pr_2 = 11; +} + +message CavpDrbgTestResult { + DcryptError result_code = 1; + bytes bits = 2; +} + +message CavpCkdfTest { + uint32 key_len = 1; + bytes key = 2; +} + +message CavpCkdfTestResult { + DcryptError result_code = 1; + bytes key = 2; + bytes fixed_input_data = 3; +} + +enum CavpEcdsaKeyGenTable { + B_4_1 = 0; + B_4_2 = 1; +} + +message CavpEcdsaKeyPairTest { + CavpEcdsaKeyGenTable table = 1; +} + +message CavpEcdsaKeyPairTestResult { + DcryptError result_code = 1; + bytes d = 2; + bytes qx = 3; + bytes qy = 4; +} + +message CavpEcdsaPkvTest { + bytes qx = 1; + bytes qy = 2; +} + +message CavpEcdsaPkvTestResult { + DcryptError result_code = 1; + bool result = 2; +} + +message CavpEcdsaSigGenTest { + bytes msg = 1; +} + +message CavpEcdsaSigGenTestResult { + DcryptError result_code = 1; + bytes qx = 2; + bytes qy = 3; + bytes r = 4; + bytes sig = 5; +} + +message CavpEcdsaSigVerTest { + bytes msg = 1; + bytes qx = 2; + bytes qy = 3; + bytes r = 4; + bytes sig = 5; +} + +message CavpEcdsaSigVerTestResult { + DcryptError result_code = 1; + bool result = 2; +} + message TrngTest { uint32 number_of_bytes = 1; } |