1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17syntax = "proto3";
18
19package nugget.app.keymaster;
20
21import "nugget/app/keymaster/keymaster_defs.proto";
22
23message KeyParameter {
24  Tag tag = 1;      /* Possible values defined here
25                     * ::android::hardware::keymaster::V3_0::Tag
26                     */
27  uint32 integer = 2;
28  uint64 long_integer = 3;
29  bytes blob = 4;
30}
31
32message KeyParameters {
33  repeated KeyParameter params = 1;
34}
35
36message KeyBlob {
37  bytes blob = 1;
38}
39
40message OperationHandle {
41  uint64 handle = 1;
42}
43
44message Certificate {
45  bytes data = 1;
46}
47
48message CertificateChain {
49  repeated Certificate certificates = 1;
50}
51
52message KeyCharacteristics {
53  KeyParameters software_enforced = 1;
54  KeyParameters tee_enforced = 2;
55}
56
57message HmacSharingParameters {
58  bytes seed = 1;
59  bytes nonce = 2;
60}
61
62message HardwareAuthToken {
63  uint64 challenge = 1;
64  uint64 user_id = 2;
65  uint64 authenticator_id = 3;
66  // Deprecated in favor of tag 7.
67  // HardwareAuthenticatorType authenticator_type = 4;
68  uint64 timestamp = 5;
69  bytes mac = 6;
70  uint32 authenticator_type = 7;
71}
72
73message VerificationToken {
74  uint64 challenge = 1;
75  uint64 timestamp = 2;
76  KeyParameters params_verified = 3;
77  SecurityLevel security_level = 4;
78  bytes mac = 5;
79}
80
81/*
82 * Internal types.
83 */
84message RSAKey {
85  uint32 e = 1;
86  bytes d = 2;
87  bytes n = 3;
88}
89
90message ECKey {
91  /* TODO: should this be EcCurve. */
92  uint32 curve_id = 1;
93  bytes d = 2;
94  bytes x = 3;
95  bytes y = 4;
96}
97
98message SymmetricKey {
99  bytes material = 1;
100}
101
102enum PresharedSecretStatus {
103  NOT_SET = 0;
104  ALREADY_SET = 1;
105}
106
107enum AttestationSelector {
108  ATTEST_TEST = 0;
109  ATTEST_BATCH = 1;
110  ATTEST_INDIVIDUAL = 2;
111}
112