diff options
author | nagendra modadugu <ngm@google.com> | 2018-06-06 11:49:04 -0700 |
---|---|---|
committer | nagendra modadugu <ngm@google.com> | 2018-06-06 15:07:56 -0700 |
commit | 16abee7c520db841556986abb55f397e7e86691e (patch) | |
tree | 9c9faa6ae3310670570cad127a2b6cacd4346174 | |
parent | 8c302482a137a4501b65d403131087246530fb17 (diff) | |
download | generic-16abee7c520db841556986abb55f397e7e86691e.tar.gz |
keymaster: protos for attestation
Bug: 38428944
Change-Id: Ie3602f9f58c3c987cb4742d0f5b54ce622ae66de
-rw-r--r-- | nugget/proto/nugget/app/keymaster/keymaster.options | 2 | ||||
-rw-r--r-- | nugget/proto/nugget/app/keymaster/keymaster.proto | 41 | ||||
-rw-r--r-- | nugget/proto/nugget/app/keymaster/keymaster_types.proto | 6 |
3 files changed, 44 insertions, 5 deletions
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.options b/nugget/proto/nugget/app/keymaster/keymaster.options index f765aaf..554b2dc 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster.options +++ b/nugget/proto/nugget/app/keymaster/keymaster.options @@ -13,3 +13,5 @@ nugget.app.keymaster.DTupFetchInputEventResponse.signature max_size:32 nugget.app.keymaster.GetBootInfoResponse.boot_key max_size:32 nugget.app.keymaster.GetBootInfoResponse.boot_hash max_size:32 nugget.app.keymaster.ProvisionPresharedSecretRequest.preshared_secret max_size:32 +nugget.app.keymaster.StartAttestKeyRequest.not_before max_size:13 +nugget.app.keymaster.StartAttestKeyRequest.not_after max_size:13 diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto index 9559106..705bc85 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster.proto +++ b/nugget/proto/nugget/app/keymaster/keymaster.proto @@ -52,7 +52,7 @@ service Keymaster { rpc GetKeyCharacteristics (GetKeyCharacteristicsRequest) returns (GetKeyCharacteristicsResponse); rpc ImportKey (ImportKeyRequest) returns (ImportKeyResponse); rpc ExportKey (ExportKeyRequest) returns (ExportKeyResponse); - rpc AttestKey (AttestKeyRequest) returns (AttestKeyResponse); + rpc StartAttestKey (StartAttestKeyRequest) returns (StartAttestKeyResponse); rpc UpgradeKey (UpgradeKeyRequest) returns (UpgradeKeyResponse); rpc DeleteKey (DeleteKeyRequest) returns (DeleteKeyResponse); rpc DeleteAllKeys (DeleteAllKeysRequest) returns (DeleteAllKeysResponse); @@ -103,6 +103,13 @@ service Keymaster { * Called during provisioning by the CitadelProvision tool. */ rpc ProvisionPresharedSecret (ProvisionPresharedSecretRequest) returns (ProvisionPresharedSecretResponse); + + /* + * Additional attestation methods. + */ + rpc ContinueAttestKey(ContinueAttestKeyRequest) returns (ContinueAttestKeyResponse); + rpc FinishAttestKey(FinishAttestKeyRequest) returns (FinishAttestKeyResponse); + // These are implemented with a enum, so new RPCs must be appended, and // deprecated RPCs need placeholders. } @@ -167,14 +174,38 @@ message ExportKeyResponse { ECKey ec = 4; }; -// AttestKey -message AttestKeyRequest { +// StartAttestKey +message StartAttestKeyRequest { KeyBlob blob = 1; KeyParameters params = 2; + uint32 attestation_app_id_len = 3; + AttestationSelector selector = 4; + bytes not_before = 5; // strftime('%y%m%d%H%M%SZ') [13 octects] + bytes not_after = 6; // strftime('%y%m%d%H%M%SZ') [13 octects] +} +message StartAttestKeyResponse { + ErrorCode error_code = 1; + OperationHandle handle = 2; + bytes certificate_prologue = 3; +} + +// ContinueAttestKeyRequest +message ContinueAttestKeyRequest { + OperationHandle handle = 1; + bytes attestation_app_id = 2; +} +message ContinueAttestKeyResponse { + ErrorCode error_code = 1; + bytes certificate_body = 2; +} + +// FinishAttestKeyRequest +message FinishAttestKeyRequest { + OperationHandle handle = 1; } -message AttestKeyResponse { +message FinishAttestKeyResponse { ErrorCode error_code = 1; - CertificateChain chain = 2; + bytes certificate_epilogue = 2; } // UpgradeKey diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.proto b/nugget/proto/nugget/app/keymaster/keymaster_types.proto index 977595c..d56ff16 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster_types.proto +++ b/nugget/proto/nugget/app/keymaster/keymaster_types.proto @@ -101,3 +101,9 @@ enum PresharedSecretStatus { NOT_SET = 0; ALREADY_SET = 1; } + +enum AttestationSelector { + ATTEST_TEST = 0; + ATTEST_BATCH = 1; + ATTEST_INDIVIDUAL = 2; +} |