keymaster: protos for attestation

Bug: 38428944 Change-Id: Ie3602f9f58c3c987cb4742d0f5b54ce622ae66de
author: nagendra modadugu <ngm@google.com> 2018-06-06 11:49:04 -0700
committer: nagendra modadugu <ngm@google.com> 2018-06-06 15:07:56 -0700
commit: 16abee7c520db841556986abb55f397e7e86691e (patch)
tree: 9c9faa6ae3310670570cad127a2b6cacd4346174
parent: 8c302482a137a4501b65d403131087246530fb17 (diff)
download: generic-16abee7c520db841556986abb55f397e7e86691e.tar.gz
3 files changed, 44 insertions, 5 deletions
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.options b/nugget/proto/nugget/app/keymaster/keymaster.options
index f765aaf..554b2dc 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.options
+++ b/nugget/proto/nugget/app/keymaster/keymaster.options
@@ -13,3 +13,5 @@ nugget.app.keymaster.DTupFetchInputEventResponse.signature max_size:32
 nugget.app.keymaster.GetBootInfoResponse.boot_key max_size:32
 nugget.app.keymaster.GetBootInfoResponse.boot_hash max_size:32
 nugget.app.keymaster.ProvisionPresharedSecretRequest.preshared_secret max_size:32
+nugget.app.keymaster.StartAttestKeyRequest.not_before max_size:13
+nugget.app.keymaster.StartAttestKeyRequest.not_after max_size:13
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto
index 9559106..705bc85 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster.proto
@@ -52,7 +52,7 @@ service Keymaster {
   rpc GetKeyCharacteristics (GetKeyCharacteristicsRequest) returns (GetKeyCharacteristicsResponse);
   rpc ImportKey (ImportKeyRequest) returns (ImportKeyResponse);
   rpc ExportKey (ExportKeyRequest) returns (ExportKeyResponse);
-  rpc AttestKey (AttestKeyRequest) returns (AttestKeyResponse);
+  rpc StartAttestKey (StartAttestKeyRequest) returns (StartAttestKeyResponse);
   rpc UpgradeKey (UpgradeKeyRequest) returns (UpgradeKeyResponse);
   rpc DeleteKey (DeleteKeyRequest) returns (DeleteKeyResponse);
   rpc DeleteAllKeys (DeleteAllKeysRequest) returns (DeleteAllKeysResponse);
@@ -103,6 +103,13 @@ service Keymaster {
    * Called during provisioning by the CitadelProvision tool.
    */
   rpc ProvisionPresharedSecret (ProvisionPresharedSecretRequest) returns (ProvisionPresharedSecretResponse);
+
+  /*
+   * Additional attestation methods.
+   */
+  rpc ContinueAttestKey(ContinueAttestKeyRequest) returns (ContinueAttestKeyResponse);
+  rpc FinishAttestKey(FinishAttestKeyRequest) returns (FinishAttestKeyResponse);
+
   // These are implemented with a enum, so new RPCs must be appended, and
   // deprecated RPCs need placeholders.
 }
@@ -167,14 +174,38 @@ message ExportKeyResponse {
   ECKey ec = 4;
 };
 
-// AttestKey
-message AttestKeyRequest {
+// StartAttestKey
+message StartAttestKeyRequest {
   KeyBlob blob = 1;
   KeyParameters params = 2;
+  uint32 attestation_app_id_len = 3;
+  AttestationSelector selector = 4;
+  bytes not_before = 5;      // strftime('%y%m%d%H%M%SZ') [13 octects]
+  bytes not_after = 6;       // strftime('%y%m%d%H%M%SZ') [13 octects]
+}
+message StartAttestKeyResponse {
+  ErrorCode error_code = 1;
+  OperationHandle handle = 2;
+  bytes certificate_prologue = 3;
+}
+
+// ContinueAttestKeyRequest
+message ContinueAttestKeyRequest {
+  OperationHandle handle = 1;
+  bytes attestation_app_id = 2;
+}
+message  ContinueAttestKeyResponse {
+  ErrorCode error_code = 1;
+  bytes certificate_body = 2;
+}
+
+// FinishAttestKeyRequest
+message FinishAttestKeyRequest {
+  OperationHandle handle = 1;
 }
-message AttestKeyResponse {
+message  FinishAttestKeyResponse {
   ErrorCode error_code = 1;
-  CertificateChain chain = 2;
+  bytes certificate_epilogue = 2;
 }
 
 // UpgradeKey
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.proto b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
index 977595c..d56ff16 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_types.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
@@ -101,3 +101,9 @@ enum PresharedSecretStatus {
   NOT_SET = 0;
   ALREADY_SET = 1;
 }
+
+enum AttestationSelector {
+  ATTEST_TEST = 0;
+  ATTEST_BATCH = 1;
+  ATTEST_INDIVIDUAL = 2;
+}
author	nagendra modadugu <ngm@google.com>	2018-06-06 11:49:04 -0700
committer	nagendra modadugu <ngm@google.com>	2018-06-06 15:07:56 -0700
commit	16abee7c520db841556986abb55f397e7e86691e (patch)
tree	9c9faa6ae3310670570cad127a2b6cacd4346174
parent	8c302482a137a4501b65d403131087246530fb17 (diff)
download	generic-16abee7c520db841556986abb55f397e7e86691e.tar.gz