1/* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17syntax = "proto3"; 18 19package nugget.app.identity; 20 21import "nugget/app/identity/identity_defs.proto"; 22import "nugget/app/identity/identity_types.proto"; 23import "nugget/protobuf/options.proto"; 24 25// Identity is the app used to implement Android's Identity HAL. 26// 27// The documentation for the HAL applies to this implementation. 28service Identity { 29 option (nugget.protobuf.app_id) = "IDENTITY"; 30 option (nugget.protobuf.app_name) = "Identity"; 31 option (nugget.protobuf.app_version) = 1; 32 option (nugget.protobuf.request_buffer_size) = 1024; 33 option (nugget.protobuf.response_buffer_size) = 1024; 34 35 // RPCs for the Identity HAL 36 rpc WICinitialize (WICinitializeRequest) returns (WICinitializeResponse); 37 rpc WICinitializeForUpdate (WICinitializeForUpdateRequest) returns (WICinitializeForUpdateResponse); 38 rpc WICcreateCredentialKey (WICcreateCredentialKeyRequest) returns (WICcreateCredentialKeyResponse); 39 rpc WICstartPersonalization (WICstartPersonalizationRequest) returns (WICstartPersonalizationResponse); 40 rpc WICaddAccessControlProfile (WICaddAccessControlProfileRequest) returns (WICaddAccessControlProfileResponse); 41 rpc WICbeginAddEntry (WICbeginAddEntryRequest) returns (WICbeginAddEntryResponse); 42 rpc WICaddEntryValue (WICaddEntryValueRequest) returns (WICaddEntryValueResponse); 43 rpc WICfinishAddingEntries (WICfinishAddingEntriesRequest) returns (WICfinishAddingEntriesResponse); 44 rpc ICinitialize (ICinitializeRequest) returns (ICinitializeResponse); 45 rpc ICcreateEphemeralKeyPair (ICcreateEphemeralKeyPairRequest) returns (ICcreateEphemeralKeyPairResponse); 46 rpc ICgenerateSigningKeyPair (ICgenerateSigningKeyPairRequest) returns (ICgenerateSigningKeyPairResponse); 47 rpc ICcreateAuthChallenge (ICcreateAuthChallengeRequest) returns (ICcreateAuthChallengeResponse); 48 rpc ICstartRetrieveEntries (ICstartRetrieveEntriesRequest) returns (ICstartRetrieveEntriesResponse); 49 rpc ICsetAuthToken (ICsetAuthTokenRequest) returns (ICsetAuthTokenResponse); 50 rpc ICpushReaderCert (ICpushReaderCertRequest) returns (ICpushReaderCertResponse); 51 rpc ICvalidateAccessControlProfile (ICvalidateAccessControlProfileRequest) returns (ICvalidateAccessControlProfileResponse); 52 rpc ICvalidateRequestMessage (ICvalidateRequestMessageRequest) returns (ICvalidateRequestMessageResponse); 53 rpc ICcalcMacKey (ICcalcMacKeyRequest) returns (ICcalcMacKeyResponse); 54 rpc ICstartRetrieveEntryValue (ICstartRetrieveEntryValueRequest) returns (ICstartRetrieveEntryValueResponse); 55 rpc ICretrieveEntryValue (ICretrieveEntryValueRequest) returns (ICretrieveEntryValueResponse); 56 rpc ICfinishRetrieval (ICfinishRetrievalRequest) returns (ICfinishRetrievalResponse); 57 rpc ICdeleteCredential (ICdeleteCredentialRequest) returns (ICdeleteCredentialResponse); 58 rpc ICproveOwnership (ICproveOwnershipRequest) returns (ICproveOwnershipResponse); 59} 60 61// WICinitialize 62message WICinitializeRequest{ 63 bool testCredential = 1; 64} 65message WICinitializeResponse{ 66 Result result = 1; 67} 68 69// WICinitializeForUpdate 70message WICinitializeForUpdateRequest{ 71 bool testCredential = 1; 72 bytes docType = 2; 73 bytes encryptedCredentialKeys = 3; 74} 75 76message WICinitializeForUpdateResponse{ 77 Result result = 1; 78} 79 80// WICcreateCredentialKey 81message WICcreateCredentialKeyRequest{ 82} 83 84message WICcreateCredentialKeyResponse{ 85 Result result = 1; 86 bytes publickey = 2; 87} 88 89// WICstartPersonalization 90message WICstartPersonalizationRequest{ 91 uint32 accessControlProfileCount = 1; 92 bytes entryCounts = 2; 93 bytes docType = 3; 94 uint32 expectedProofOfProvisioningSize = 4; 95} 96message WICstartPersonalizationResponse{ 97 Result result = 1; 98} 99 100// WICaddAccessControlProfile 101message WICaddAccessControlProfileRequest{ 102 uint32 id = 1; 103 bytes readerCertificate = 2; 104 bool userAuthenticationRequired = 3; 105 uint64 timeoutMillis = 4; 106 uint64 secureUserId = 5; 107} 108message WICaddAccessControlProfileResponse{ 109 Result result = 1; 110 bytes mac = 2; 111} 112 113// WICbeginAddEntry 114message WICbeginAddEntryRequest{ 115 bytes accessControlProfileIds = 1; 116 string nameSpace = 2; 117 string name = 3; 118 uint64 entrySize = 4; 119} 120message WICbeginAddEntryResponse{ 121 Result result = 1; 122} 123 124// WICaddEntryValue 125message WICaddEntryValueRequest{ 126 bytes accessControlProfileIds = 1; 127 string nameSpace = 2; 128 string name = 3; 129 bytes content = 4; 130} 131message WICaddEntryValueResponse{ 132 Result result = 1; 133 bytes encrypted_content = 2; 134} 135 136// WICfinishAddingEntries 137message WICfinishAddingEntriesRequest{ 138 bytes docType = 1; 139 bool testCredential = 2; 140} 141 142message WICfinishAddingEntriesResponse{ 143 Result result = 1; 144 bytes signatureOfToBeSigned = 2; 145 bytes credentialData = 3; 146} 147 148// ICinitialize 149message ICinitializeRequest{ 150 bool testCredential = 1; 151 bytes docType = 2; 152 bytes encryptedCredentialKeys = 3; 153} 154 155message ICinitializeResponse{ 156 Result result = 1; 157} 158 159// ICcreateEphemeralKeyPair 160message ICcreateEphemeralKeyPairRequest{ 161} 162 163message ICcreateEphemeralKeyPairResponse{ 164 Result result = 1; 165 bytes ephemeralPriv = 2; 166} 167 168// ICgenerateSigningKeyPair 169message ICgenerateSigningKeyPairRequest{ 170 bytes docType = 1; 171} 172 173message ICgenerateSigningKeyPairResponse{ 174 Result result = 1; 175 bytes SigningKeyBlob =2; 176 bytes signingPubKey =3; 177} 178 179// ICcreateAuthChallenge 180message ICcreateAuthChallengeRequest{ 181} 182 183message ICcreateAuthChallengeResponse{ 184 Result result = 1; 185 uint64 challenge = 2; 186} 187 188// ICstartRetrieveEntries 189message ICstartRetrieveEntriesRequest{ 190} 191 192message ICstartRetrieveEntriesResponse{ 193 Result result = 1; 194} 195 196// ICsetAuthToken 197message ICsetAuthTokenRequest{ 198 uint64 challenge = 1; 199 uint64 secureUserId = 2; 200 uint64 authenticatorId = 3; 201 uint32 hardwareAuthenticatorType = 4; 202 uint64 timeStamp = 5; 203 bytes mac = 6; 204 uint64 verificationTokenChallenge = 7; 205 uint64 verificationTokenTimestamp =8; 206 uint32 verificationTokenSecurityLevel =9; 207 bytes verificationTokenMac = 10; 208} 209 210message ICsetAuthTokenResponse{ 211 Result result = 1; 212} 213 214// ICpushReaderCert 215message ICpushReaderCertRequest{ 216 bytes x509Cert = 1; 217 uint32 tbsCertificateOffset = 2; 218 uint32 tbsCertificateSize = 3; 219 uint32 signatureOffset = 4; 220 uint32 signatureSize = 5; 221 uint32 publicKeyOffset = 6; 222 uint32 publicKeySize = 7; 223 uint32 signAlg = 8; 224} 225 226message ICpushReaderCertResponse{ 227 Result result = 1; 228} 229 230// ICvalidateAccessControlProfile 231message ICvalidateAccessControlProfileRequest{ 232 uint32 id = 1; 233 bytes readerCertificate = 2; 234 bool userAuthenticationRequired = 3; 235 uint32 timeoutMillis = 4; 236 uint64 secureUserId = 5; 237 bytes mac = 6; 238 uint32 publicKeyOffset = 7; 239 uint32 publicKeysize = 8; 240} 241 242message ICvalidateAccessControlProfileResponse{ 243 Result result = 1; 244 bool accessGranted = 2; 245} 246 247// ICvalidateRequestMessage 248message ICvalidateRequestMessageRequest{ 249 bytes sessionTranscript = 1; 250 bytes requestMessage = 2; 251 uint32 coseSignAlg = 3; 252 bytes readerSignatureOfToBeSigned = 4; 253} 254 255message ICvalidateRequestMessageResponse{ 256 Result result = 1; 257} 258 259// ICcalcMacKey 260message ICcalcMacKeyRequest{ 261 bytes sessionTranscript = 1; 262 bytes readerEphemeralPublicKey = 2; 263 bytes signingKeyBlob = 3; 264 bytes docType = 4; 265 uint32 numNamespacesWithValues = 5; 266 uint32 expectedProofOfProvisioningSize = 6; 267} 268 269message ICcalcMacKeyResponse{ 270 Result result = 1; 271} 272 273// ICstartRetrieveEntryValue 274message ICstartRetrieveEntryValueRequest{ 275 string nameSpace = 1; 276 string name = 2; 277 uint32 newNamespaceNumEntries = 3; 278 uint32 entrySize = 4; 279 bytes accessControlProfileIds = 5; 280} 281 282message ICstartRetrieveEntryValueResponse{ 283 AccessResult accessCheckResult = 1; 284} 285 286// ICretrieveEntryValue 287message ICretrieveEntryValueRequest{ 288 bytes encryptedContent = 1; 289 string nameSpace = 2; 290 string name = 3; 291 bytes accessControlProfileIds = 4; 292} 293 294message ICretrieveEntryValueResponse{ 295 Result result = 1; 296 bytes content = 2; 297} 298 299// ICfinishRetrieval 300message ICfinishRetrievalRequest{ 301} 302 303message ICfinishRetrievalResponse{ 304 Result result = 1; 305 bytes mac = 2; 306} 307 308// ICdeleteCredential 309message ICdeleteCredentialRequest{ 310 bytes docType = 1; 311 bytes challenge = 2; 312 bool includeChallenge = 3; 313 uint32 proofOfDeletionCborSize = 4; 314} 315 316message ICdeleteCredentialResponse{ 317 Result result = 1; 318 bytes signatureOfToBeSigned = 2; 319} 320 321// ICproveOwnership 322message ICproveOwnershipRequest{ 323 bytes docType = 1; 324 bool testCredential = 2; 325 bytes challenge = 3; 326 uint32 proofOfOwnershipCborSize = 4; 327} 328 329message ICproveOwnershipResponse{ 330 Result result = 1; 331 bytes signatureOfToBeSigned = 2; 332}