Merge Android R
Bug: 168057903
Merged-In: If0f3baab4f54614b6890d8419f6ca8c1b59ba1de
Change-Id: I24501de7efea9f33add1ada8a2dd5c2bcf98ca7e
diff --git a/OWNERS b/OWNERS
index d295ac7..3505355 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,7 +1,7 @@
# Default owners are top 3 or more active developers of the past 1 or 2 years
# or people with more than 10 commits last year.
# Please update this list if you find better owner candidates.
-ascull@google.com
-byi@google.com
-ngm@google.com
wfrichar@google.com
+kroot@google.com
+dybertwang@google.com
+byi@google.com
diff --git a/WORKSPACE b/WORKSPACE
deleted file mode 100644
index 0d42cc0..0000000
--- a/WORKSPACE
+++ /dev/null
@@ -1 +0,0 @@
-workspace(name = "nugget_host_generic")
diff --git a/libnos/BUILD b/libnos/BUILD
index edb46d5..c2c53c4 100644
--- a/libnos/BUILD
+++ b/libnos/BUILD
@@ -1,22 +1,22 @@
cc_library(
name = "libnos",
srcs = [
- "debug.cpp",
"NuggetClient.cpp",
+ "debug.cpp",
],
hdrs = [
- "include/nos/debug.h",
"include/nos/AppClient.h",
"include/nos/NuggetClient.h",
"include/nos/NuggetClientInterface.h",
+ "include/nos/debug.h",
],
includes = [
- "./include",
+ "include",
],
visibility = ["//visibility:public"],
deps = [
- "@nugget_host_generic//:nos_headers",
- "@nugget_host_generic_libnos_datagram//:libnos_datagram",
- "@nugget_host_generic_libnos_transport//:libnos_transport",
+ "//host/generic:nos_headers",
+ "//host/generic/libnos_datagram",
+ "//host/generic/libnos_transport",
],
)
diff --git a/libnos/NuggetClient.cpp b/libnos/NuggetClient.cpp
index f775756..3f4682d 100644
--- a/libnos/NuggetClient.cpp
+++ b/libnos/NuggetClient.cpp
@@ -32,6 +32,9 @@
: device_name_(device_name), open_(false) {
}
+NuggetClient::NuggetClient(const char* device_name)
+ : device_name_(device_name ? device_name : ""), open_(false) {}
+
NuggetClient::~NuggetClient() {
Close();
}
diff --git a/libnos/WORKSPACE b/libnos/WORKSPACE
deleted file mode 100644
index 40ed97b..0000000
--- a/libnos/WORKSPACE
+++ /dev/null
@@ -1 +0,0 @@
-workspace(name = "nugget_host_generic_libnos")
diff --git a/libnos/generator/BUILD b/libnos/generator/BUILD
index 3499d07..fc8bc33 100644
--- a/libnos/generator/BUILD
+++ b/libnos/generator/BUILD
@@ -8,7 +8,7 @@
],
visibility = ["//visibility:public"],
deps = [
+ "//host/generic/nugget/proto:nugget_protobuf_options_cc_proto",
"@com_google_protobuf//:protoc_lib",
- "@nugget_host_generic_nugget_proto//:nugget_protobuf_options_cc_proto",
],
)
diff --git a/libnos/generator/WORKSPACE b/libnos/generator/WORKSPACE
deleted file mode 100644
index fc361c0..0000000
--- a/libnos/generator/WORKSPACE
+++ /dev/null
@@ -1 +0,0 @@
-workspace(name = "nugget_host_generic_libnos_generator")
diff --git a/libnos/include/nos/NuggetClient.h b/libnos/include/nos/NuggetClient.h
index 428b0c3..f79b168 100644
--- a/libnos/include/nos/NuggetClient.h
+++ b/libnos/include/nos/NuggetClient.h
@@ -42,6 +42,7 @@
* Passing an empty device name causes the default device to be selected.
*/
NuggetClient(const std::string& device_name);
+ NuggetClient(const char* device_name);
~NuggetClient() override;
diff --git a/libnos_datagram/WORKSPACE b/libnos_datagram/WORKSPACE
deleted file mode 100644
index 3d515e2..0000000
--- a/libnos_datagram/WORKSPACE
+++ /dev/null
@@ -1 +0,0 @@
-workspace(name = "nugget_host_generic_libnos_datagram")
diff --git a/libnos_datagram/citadel.c b/libnos_datagram/citadel.c
index 026224d..7d1d893 100644
--- a/libnos_datagram/citadel.c
+++ b/libnos_datagram/citadel.c
@@ -31,6 +31,8 @@
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/stat.h>
+#include <sys/types.h>
#include <unistd.h>
/*****************************************************************************/
@@ -46,7 +48,8 @@
#define CITADEL_IOC_RESET _IO(CITADEL_IOC_MAGIC, 2)
/*****************************************************************************/
-#define DEV_CITADEL "/dev/citadel0"
+#define DEV_CITADEL "/dev/citadel0"
+#define DEV_DAUNTLESS "/dev/gsc0"
static pthread_mutex_t in_buf_mutex = PTHREAD_MUTEX_INITIALIZER;
static uint8_t in_buf[MAX_DEVICE_TRANSFER];
@@ -203,24 +206,51 @@
free(ctx);
}
-int nos_device_open(const char *device_name, struct nos_device *dev) {
- int fd, *new_fd;
+static const char *default_device(void) {
+ struct stat statbuf;
+ int rv;
- fd = open(device_name ? device_name : DEV_CITADEL, O_RDWR);
+ rv = stat(DEV_CITADEL, &statbuf);
+ if (!rv) {
+ return DEV_CITADEL;
+ }
+
+ rv = stat(DEV_DAUNTLESS, &statbuf);
+ if (!rv) {
+ return DEV_DAUNTLESS;
+ }
+
+ return 0;
+}
+
+int nos_device_open(const char *device_name, struct nos_device *dev) {
+ int fd, *new_ctx;
+
+ if (!device_name) {
+ device_name = default_device();
+ }
+
+ if (!device_name) {
+ ALOGE("can't find device node\n");
+ return -ENODEV;
+ }
+
+ fd = open(device_name, O_RDWR);
if (fd < 0) {
- ALOGE("can't open device: %s", strerror(errno));
+ ALOGE("can't open device \"%s\": %s", device_name, strerror(errno));
return -errno;
}
- new_fd = (int *)malloc(sizeof(int));
- if (!new_fd) {
- ALOGE("can't malloc new fd: %s", strerror(errno));
+ /* Our context is just a pointer to an int holding the fd */
+ new_ctx = (int *)malloc(sizeof(int));
+ if (!new_ctx) {
+ ALOGE("can't malloc new ctx: %s", strerror(errno));
close(fd);
return -ENOMEM;
}
- *new_fd = fd;
+ *new_ctx = fd;
- dev->ctx = new_fd;
+ dev->ctx = new_ctx;
dev->ops.read = read_datagram;
dev->ops.write = write_datagram;
dev->ops.wait_for_interrupt = wait_for_interrupt;
diff --git a/libnos_datagram/include/nos/device.h b/libnos_datagram/include/nos/device.h
index d4c29c3..5472156 100644
--- a/libnos_datagram/include/nos/device.h
+++ b/libnos_datagram/include/nos/device.h
@@ -69,6 +69,18 @@
* The device must not be used after closing.
*/
void (*close)(void *ctx);
+
+#ifndef ANDROID
+ /**
+ * Get or Set a configuration value. These are opaque, implementation-specific
+ * values useful only for bringup and development. The defaults should be
+ * optimal for production use.
+ *
+ * Return 0 on success and a negative value on failure.
+ */
+ int (*get_config)(void *ctx, uint32_t config_id, void *value);
+ int (*set_config)(void *ctx, uint32_t config_id, void *value);
+#endif
};
struct nos_device {
diff --git a/libnos_transport/.gitignore b/libnos_transport/.gitignore
deleted file mode 100644
index ac51a05..0000000
--- a/libnos_transport/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-bazel-*
diff --git a/libnos_transport/BUILD b/libnos_transport/BUILD
index f9c327f..9fc9017 100644
--- a/libnos_transport/BUILD
+++ b/libnos_transport/BUILD
@@ -1,20 +1,20 @@
cc_library(
name = "libnos_transport",
srcs = [
- "transport.c",
"crc16.c",
- "crc16.h",
+ "transport.c",
],
hdrs = [
+ "crc16.h",
"include/nos/transport.h",
],
includes = [
- "./include",
+ "include",
],
visibility = ["//visibility:public"],
deps = [
- "@nugget_host_generic//:nos_headers",
- "@nugget_host_generic_libnos_datagram//:libnos_datagram",
+ "//host/generic:nos_headers",
+ "//host/generic/libnos_datagram",
],
)
@@ -22,14 +22,15 @@
name = "libnos_transport_test",
srcs = [
"test/test.cpp",
- "crc16.c",
- "crc16.h",
],
- copts = ["-fsanitize=address"],
+ copts = [
+ "-fsanitize=address",
+ "-Ihost/generic/libnos_transport",
+ ],
linkopts = ["-fsanitize=address"],
deps = [
":libnos_transport",
- "@gtest//:gtest",
- "@nugget_host_generic//:nos_headers",
+ "//host/generic:nos_headers",
+ "@gtest",
],
)
diff --git a/libnos_transport/WORKSPACE b/libnos_transport/WORKSPACE
deleted file mode 100644
index 14884e6..0000000
--- a/libnos_transport/WORKSPACE
+++ /dev/null
@@ -1,20 +0,0 @@
-workspace(name = "nugget_host_generic_libnos_transport")
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-http_archive(
- name = "gtest",
- url = "https://github.com/google/googletest/archive/release-1.8.1.zip",
- sha256 = "927827c183d01734cc5cfef85e0ff3f5a92ffe6188e0d18e909c5efebf28a0c7",
- strip_prefix = "googletest-release-1.8.1",
-)
-
-local_repository(
- name = "nugget_host_generic",
- path = "../../../host/generic",
-)
-
-local_repository(
- name = "nugget_host_generic_libnos_datagram",
- path = "../../../host/generic/libnos_datagram",
-)
diff --git a/nugget/include/app_nugget.h b/nugget/include/app_nugget.h
index 2e96c97..14191df 100644
--- a/nugget/include/app_nugget.h
+++ b/nugget/include/app_nugget.h
@@ -16,7 +16,6 @@
#ifndef __CROS_EC_INCLUDE_APP_NUGGET_H
#define __CROS_EC_INCLUDE_APP_NUGGET_H
#include "application.h"
-#include "flash_layout.h"
#ifdef __cplusplus
extern "C" {
@@ -28,7 +27,7 @@
*/
/****************************************************************************/
-/* App-specific errors */
+/* App-specific errors (across all commands) */
enum {
NUGGET_ERROR_LOCKED = APP_SPECIFIC_ERROR,
NUGGET_ERROR_RETRY,
@@ -52,10 +51,11 @@
/****************************************************************************/
/* Firmware upgrade stuff */
+#define NP_FLASH_BLOCK_SIZE 2048
struct nugget_app_flash_block {
uint32_t block_digest; /* first 4 bytes of sha1 of the rest */
uint32_t offset; /* from start of flash */
- uint8_t payload[CHIP_FLASH_BANK_SIZE]; /* data to write */
+ uint8_t payload[NP_FLASH_BLOCK_SIZE]; /* data to write */
} __packed;
#define NUGGET_PARAM_FLASH_BLOCK 0x0001
@@ -323,6 +323,15 @@
* @param reply_len sizeof(uint32_t)
*/
+enum nugget_app_selftest_cmd {
+ /* Generic */
+ NUGGET_APP_SELFTEST_CMD_DEFAULT = 0,
+ NUGGET_APP_SELFTEST_CMD_HELP,
+
+ /* Application SelfTests */
+ NUGGET_APP_SELFTEST_CMD_TRNG = 0x10,
+};
+
#define NUGGET_PARAM_SELFTEST 0x0101
/*
* Run an intentionally vaguely specified internal test.
@@ -377,6 +386,30 @@
/* UNIMPLEMENTED */
/****************************************************************************/
+/* Commands for code coverage and quality assurance */
+
+#define NUGGET_GET_COVERAGE_COUNTERS 0x0300
+/**
+ * Returns the counters back to the master
+ *
+ * @param args module counter
+ * @param arg_len 1
+ * @param reply buffer containing coverage data in utf-8 format
+ * @param reply_len depends on the counters in the file
+ */
+
+/*
+ * Error returned if coverage data didn't fit in the buffer.
+ *
+ * TODO: Should really have a second arg which is an offset in the coverage
+ * data. That way we could call repeatedly to return data too big to return in
+ * a single command.
+ */
+enum {
+ NUGGET_ERROR_COVERAGE_OVERFLOW = APP_SPECIFIC_ERROR + 0x300,
+};
+
+/****************************************************************************/
/* These are bringup / debug functions only. */
#define NUGGET_PARAM_READ32 0xF000
@@ -420,6 +453,53 @@
* @param reply_len len(recent console output)
*/
+#define NUGGET_PARAM_MODULE_TEST 0xF003
+/**
+ * Run a module test based on a provided command.
+ *
+ * A default command is afforded (0x00), which runs each module test that is
+ * currently enabled. Specific tests can be specified, but are not enumerated
+ * here.
+ *
+ * The return code of the command (enum app_status) encodes the success state of
+ * the tests. A result of `APP_SUCCESS` is, unsurprisingly, a success for all
+ * specified tests. A failure of a given test is encoded using the
+ * `APP_SPECIFIC_ERROR` values. This allows a given test to not only report that
+ * an error has occured, but also to report which test threw the error, and in
+ * what point of the test the error was thrown.
+ * The encoding is as follows:
+ * `rv = (APP_SPECIFIC_ERROR + command + test_step)`
+ * where `command` is the 4-byte test value (in steps of 0x10), and where the
+ * test_step is a subdivision of the test, valued from 0-15.
+ *
+ * The return string will describe each test that passes, and each test that
+ * fails, and how it failed. Tests should abort after the first failure.
+ *
+ * @param args uint32_t command
+ * @param arg_len sizeof(uint32_t)
+ * @param reply null-terminated string (usually)
+ * @param reply_len number of bytes in reply (including trailing '\0')
+ */
+
+enum nugget_app_sleep_mode {
+ NUGGET_APP_SLEEP_MODE_DEFAULT,
+ NUGGET_APP_SLEEP_MODE_WFI,
+ NUGGET_APP_SLEEP_MODE_SLEEP
+};
+#define NUGGET_PARAM_SET_SLEEP_MODE 0xF004
+/**
+ * Set the Sleep mode of the GSC.
+ *
+ * In certain tests, we expect the GSC to be in either WFI mode, or in deep
+ * sleep mode. The sleep state should be provided by the host to the GSC, to
+ * ensure that the test is performed in the correct circumstances.
+ *
+ * @param args enum nugget_app_sleep_mode selection
+ * @param arg_len 4
+ * @param reply <none>
+ * @param reply_len 0
+ */
+
#ifdef __cplusplus
}
#endif
diff --git a/nugget/include/application.h b/nugget/include/application.h
index ddc7600..ef70754 100644
--- a/nugget/include/application.h
+++ b/nugget/include/application.h
@@ -72,6 +72,7 @@
#define APP_ID_KEYMASTER 0x02
#define APP_ID_WEAVER 0x03
#define APP_ID_PROTOBUF 0x04
+#define APP_ID_IDENTITY 0x05
/* Fake apps used only for testing */
#define APP_ID_AVB_TEST 0x11
@@ -168,15 +169,17 @@
* @param Id The Application ID, defined above
* @param Name A human-readable string identifying the application
* @param Version An app-specific uint32_t number, for compability purposes
- * @param From_fn A pointer to the app's read_from_app_fnt_t handler
+ * @param From_fn A pointer to the app's read_from_app_fn_t handler
* @param To_fn A pointer to the app's write_to_app_fn_t handler
+ * @param Data App's private data
*/
-#define DECLARE_APPLICATION_DATAGRAM(Id, Name, Version, From_fn, To_fn) \
- const struct app_info __keep CONCAT2(app_, Id) \
- __attribute__((section(".rodata.app_info"))) \
- = { .api = { .id = Id, \
- .from_fn = From_fn, .to_fn = To_fn}, \
- .version = Version, .name = Name }
+#define DECLARE_APPLICATION_DATAGRAM(Id, Name, Version, From_fn, To_fn, Data) \
+ const struct app_info __keep CONCAT2(app_, Id) \
+ __attribute__((section(".rodata.app_info"))) \
+ = { .api = { .id = Id, \
+ .from_fn = From_fn, .to_fn = To_fn, \
+ .data = Data}, \
+ .version = Version, .name = Name }
/****************************************************************************/
/* Transport API */
@@ -240,7 +243,7 @@
/* Flags used in the status message */
#define STATUS_FLAG_WORKING 0x0001 /* added in v1 */
-/* Pre-calculated CRCs for different status responses set by in the interrupt
+/* Pre-calculated CRCs for different status responses set in the interrupt
* context where the CRC would otherwise not be calculated. */
#define STATUS_CRC_FOR_IDLE 0x54c1
#define STATUS_CRC_FOR_WORKING 0x2101
@@ -303,18 +306,29 @@
enum app_status {
/* A few values are common to all applications */
APP_SUCCESS = 0,
- APP_ERROR_BOGUS_ARGS, /* caller being stupid */
- APP_ERROR_INTERNAL, /* application being stupid */
- APP_ERROR_TOO_MUCH, /* caller sent too much data */
- APP_ERROR_IO, /* problem sending or receiving data */
- APP_ERROR_RPC, /* problem during RPC communication */
- APP_ERROR_CHECKSUM, /* checksum failed, only used within protocol */
- APP_ERROR_BUSY, /* the app is already working on a commnad */
- APP_ERROR_TIMEOUT, /* the app took too long to respond */
+ APP_ERROR_BOGUS_ARGS, /* caller being stupid */
+ APP_ERROR_INTERNAL, /* application being stupid */
+ APP_ERROR_TOO_MUCH, /* caller sent too much data */
+ APP_ERROR_IO, /* problem sending or receiving data */
+ APP_ERROR_RPC, /* problem during RPC communication */
+ APP_ERROR_CHECKSUM, /* checksum failed, only used within protocol */
+ APP_ERROR_BUSY, /* the app is already working on a commnad */
+ APP_ERROR_TIMEOUT, /* the app took too long to respond */
/* more? */
+ /*
+ * Applications can define their own app-specific error codes. For example,
+ * app_foobar.h can do:
+ *
+ * #define APP_ERROR_FOOBAR_BAZ (APP_SPECIFIC_ERROR + 0)
+ *
+ * Do not use (APP_SPECIFIC_ERROR + N) directly in your code, because the
+ * error definition, firmware which generates it, and host code which
+ * interprets it are all in different repos. You'll never be able to keep
+ * the constants straight without using a #define or enum in your app's
+ * header file that everyone can share.
+ */
APP_SPECIFIC_ERROR = 0x20, /* "should be enough for anybody" */
- /* App-specific error codes can use APP_SPECIFIC_ERROR+0, +1, +2, ... */
/* For debugging, returning a line number might be helpful */
APP_LINE_NUMBER_BASE = 0x70000000,
diff --git a/nugget/include/citadel_events.h b/nugget/include/citadel_events.h
index 154e638..02653b0 100644
--- a/nugget/include/citadel_events.h
+++ b/nugget/include/citadel_events.h
@@ -63,6 +63,7 @@
EVENT_ALERT = 1, // Globalsec alert fired.
EVENT_REBOOTED = 2, // Device rebooted.
EVENT_UPGRADED = 3, // Device has upgraded.
+ EVENT_ALERT_V2 = 4, // Globalsec Alertv2 fired
};
/* Please do not change the size of this struct */
@@ -83,6 +84,13 @@
uint32_t which0;
uint32_t which1;
} rebooted;
+ struct {
+ uint32_t alert_grp[4];
+ uint16_t camo_breaches[2];
+ uint16_t temp_min;
+ uint16_t temp_max;
+ uint32_t bus_err;
+ } alert_v2;
/* uninterpreted */
union {
diff --git a/nugget/include/flash_layout.h b/nugget/include/flash_layout.h
index 7d65705..13c00ef 100644
--- a/nugget/include/flash_layout.h
+++ b/nugget/include/flash_layout.h
@@ -17,81 +17,22 @@
* from the RW images.
*/
-/* Flash is directly addressable */
-#if defined(CHIP_H1D1)
-#define CHIP_FLASH_BASE 0x80000
-#define CHIP_FLASH_SIZE (1024 * 1024)
-#else
-#define CHIP_FLASH_BASE 0x40000
-#define CHIP_FLASH_SIZE (512 * 1024)
-#endif
-#define CHIP_FLASH_HALF (CHIP_FLASH_SIZE >> 1)
+#define CITADEL_FLASH_BASE 0x40000
+#define CITADEL_FLASH_SIZE (512 * 1024)
+#define CITADEL_FLASH_HALF (CITADEL_FLASH_SIZE >> 1)
+#define CITADEL_RO_SIZE 0x4000
+#define CITADEL_RO_A_MEM_OFF 0
+#define CITADEL_RO_B_MEM_OFF CITADEL_FLASH_HALF
+#define CITADEL_RW_A_MEM_OFF CITADEL_RO_SIZE
+#define CITADEL_RW_B_MEM_OFF (CITADEL_FLASH_HALF + CITADEL_RW_A_MEM_OFF)
-/* Each half has to leave room for the image's signed header */
-#define CHIP_SIG_HEADER_SIZE 1024
-
-/* This isn't optional, since the bootrom will always look for both */
-#define CHIP_HAS_RO_B
-
-/* The RO images start at the very beginning of each flash half */
-#define CHIP_RO_A_MEM_OFF 0
-#define CHIP_RO_B_MEM_OFF CHIP_FLASH_HALF
-
-/* Size reserved for each RO image */
-#define CHIP_RO_SIZE 0x4000
-
-/*
- * RW images start right after the reserved-for-RO areas in each half, but only
- * because that's where the RO images look for them. It's not a HW constraint.
- */
-#define CHIP_RW_A_MEM_OFF CHIP_RO_SIZE
-#define CHIP_RW_B_MEM_OFF (CHIP_FLASH_HALF + CHIP_RW_A_MEM_OFF)
-
-/*
- * Any reserved flash storage is placed after the RW image. It makes A/B
- * updates MUCH simpler if both RW images are the same size, so we reserve the
- * same amount in each half.
- */
-#define CHIP_RW_SIZE \
- (CHIP_FLASH_HALF - CHIP_RW_A_MEM_OFF - CONFIG_FLASH_TOP_SIZE)
-
-/* Reserved flash offset starts here. */
-#define CHIP_FLASH_TOP_A_OFF (CHIP_FLASH_HALF - CONFIG_FLASH_TOP_SIZE)
-#define CHIP_FLASH_TOP_B_OFF (CHIP_FLASH_SIZE - CONFIG_FLASH_TOP_SIZE)
-
-
-/* Internal flash specifics */
-#define CHIP_FLASH_BANK_SIZE 0x800 /* protect bank size */
-#define CHIP_FLASH_ERASE_SIZE 0x800 /* erase bank size */
-
-/* This flash can only be written as 4-byte words (aligned properly, too). */
-#define CHIP_FLASH_ERASED_VALUE32 0xffffffff
-#define CHIP_FLASH_WRITE_SIZE 4 /* min write size (bytes) */
-
-/* But we have a 32-word buffer for writing multiple adjacent cells */
-#define CHIP_FLASH_WRITE_IDEAL_SIZE 128 /* best write size (bytes) */
-
-/* The flash controller prevents bulk writes that cross row boundaries */
-#define CHIP_FLASH_ROW_SIZE 256 /* row size */
-
-/* Manufacturing related data. */
-/* Certs in the RO region are written as 4-kB + 3-kB blocks to the A &
- * B banks respectively.
- */
-#define RO_CERTS_A_OFF (CHIP_RO_A_MEM_OFF + 0x2800)
-#define RO_CERTS_B_OFF (CHIP_RO_B_MEM_OFF + 0x2800)
-#define RO_CERTS_A_SIZE 0x01000
-#define RO_CERTS_B_SIZE 0x00c00
-/*
- * Flash erases must be multiples of CHIP_FLASH_ERASE_SIZE, so in
- * order to rewrite CERTS_B, we need wipe RO_CERTS_ERASE_SIZE rather
- * than CERTS_B_SIZE.
- */
-#define RO_CERTS_ERASE_SIZE 0x01000
-/* We have an unused 3-kB region in the B bank, for future proofing. */
-#define RO_CERTS_PAD_B_SIZE 0x00c00
-/* Factory provision data is written as a 2-kB block to the A bank. */
-#define RO_PROVISION_DATA_A_OFF 0x3800
-#define RO_PROVISION_DATA_A_SIZE 0x0800
+#define DAUNTLESS_FLASH_BASE 0x80000
+#define DAUNTLESS_FLASH_SIZE (1024 * 1024)
+#define DAUNTLESS_FLASH_HALF (DAUNTLESS_FLASH_SIZE >> 1)
+#define DAUNTLESS_RO_SIZE 0x4000
+#define DAUNTLESS_RO_A_MEM_OFF 0
+#define DAUNTLESS_RO_B_MEM_OFF DAUNTLESS_FLASH_HALF
+#define DAUNTLESS_RW_A_MEM_OFF DAUNTLESS_RO_SIZE
+#define DAUNTLESS_RW_B_MEM_OFF (DAUNTLESS_FLASH_HALF + DAUNTLESS_RW_A_MEM_OFF)
#endif /* __CROS_EC_FLASH_LAYOUT_H */
diff --git a/nugget/include/signed_header.h b/nugget/include/signed_header.h
index b5bf879..abeb1e0 100644
--- a/nugget/include/signed_header.h
+++ b/nugget/include/signed_header.h
@@ -27,7 +27,7 @@
#define FUSE_IGNORE_C 0x3aabadac // baked in rom!
#define INFO_IGNORE_C 0xa5c35a3c // baked in rom!
-// D2 chips
+// Dauntless chips
#define FUSE_IGNORE_D 0xdaa3baca // baked in rom!
#define INFO_IGNORE_D 0x5a3ca5c3 // baked in rom!
@@ -44,7 +44,7 @@
#define SIGNED_HEADER_MAGIC_HAVEN (-1u)
#define SIGNED_HEADER_MAGIC_CITADEL (-2u)
-#define SIGNED_HEADER_MAGIC_D2 (-3u)
+#define SIGNED_HEADER_MAGIC_DAUNTLESS (-3u)
/* Default value for _pad[] words */
#define SIGNED_HEADER_PADDING 0x33333333
@@ -100,7 +100,7 @@
switch (magic) {
case SIGNED_HEADER_MAGIC_HAVEN:
case SIGNED_HEADER_MAGIC_CITADEL:
- case SIGNED_HEADER_MAGIC_D2:
+ case SIGNED_HEADER_MAGIC_DAUNTLESS:
break;
default:
return false;
@@ -121,8 +121,8 @@
case SIGNED_HEADER_MAGIC_CITADEL:
printf("Citadel");
break;
- case SIGNED_HEADER_MAGIC_D2:
- printf("D2");
+ case SIGNED_HEADER_MAGIC_DAUNTLESS:
+ printf("Dauntless");
break;
default:
printf("?");
@@ -142,6 +142,7 @@
printf("hdr.minor : %08x\n", minor_);
printf("hdr.timestamp : %016" PRIx64 ", %s", timestamp_,
asctime(localtime(reinterpret_cast<const time_t*>(×tamp_))));
+ printf("hdr.img_size : %08x\n", image_size);
printf("hdr.img_chk : %08x\n", be32toh(img_chk_));
printf("hdr.fuses_chk : %08x\n", be32toh(fuses_chk_));
printf("hdr.info_chk : %08x\n", be32toh(info_chk_));
@@ -150,8 +151,10 @@
printf("hdr.err_response : %08x\n", err_response_);
printf("hdr.expect_response: %08x\n", expect_response_);
- if (dev_id0_) printf("hdr.dev_id0 : %08x (%d)\n", dev_id0_, dev_id0_);
- if (dev_id1_) printf("hdr.dev_id1 : %08x (%d)\n", dev_id1_, dev_id1_);
+ if (dev_id0_)
+ printf("hdr.dev_id0 : %08x (%d)\n", dev_id0_, dev_id0_);
+ if (dev_id1_)
+ printf("hdr.dev_id1 : %08x (%d)\n", dev_id1_, dev_id1_);
printf("hdr.fusemap : ");
for (size_t i = 0; i < sizeof(fusemap) / sizeof(fusemap[0]); ++i) {
@@ -196,25 +199,12 @@
uint32_t expect_response_; // action to take when expectation is violated
union {
- // 2nd FIPS signature (gnubby RW)
+ // 2nd FIPS signature (cr51/cr52 RW)
struct {
uint32_t keyid;
uint32_t r[8];
uint32_t s[8];
} ext_sig;
-
- // FLASH trim override (D2 RO)
- // iff config1_ & 65536
- struct {
- uint32_t FSH_SMW_SETTING_OPTION3;
- uint32_t FSH_SMW_SETTING_OPTION2;
- uint32_t FSH_SMW_SETTING_OPTIONA;
- uint32_t FSH_SMW_SETTING_OPTIONB;
- uint32_t FSH_SMW_SMP_WHV_OPTION1;
- uint32_t FSH_SMW_SMP_WHV_OPTION0;
- uint32_t FSH_SMW_SME_WHV_OPTION1;
- uint32_t FSH_SMW_SME_WHV_OPTION0;
- } fsh;
} u;
// Spare space
@@ -249,6 +239,9 @@
static_assert(offsetof(SignedHeader, info_chk_) == 1020,
"SignedHeader should be 1024 bytes");
#endif // GOOGLE3
+#else
+_Static_assert(sizeof(SignedHeader) == 1024,
+ "SignedHeader should be 1024 bytes");
#endif // __cplusplus
#endif // __EC_UTIL_SIGNER_COMMON_SIGNED_HEADER_H
diff --git a/nugget/proto/BUILD b/nugget/proto/BUILD
index ffd6b4f..0b7219f 100644
--- a/nugget/proto/BUILD
+++ b/nugget/proto/BUILD
@@ -43,6 +43,14 @@
)
cc_proto_library(
+ name = "nugget_app_identity_identity_cc_proto",
+ visibility = ["//visibility:public"],
+ deps = [
+ "nugget_app_identity_identity_proto",
+ ],
+)
+
+cc_proto_library(
name = "nugget_app_avb_avb_cc_proto",
visibility = ["//visibility:public"],
deps = [
@@ -77,7 +85,7 @@
deps = [
"nugget_app_keymaster_keymaster_cc_proto",
"nugget_protobuf_options_cc_proto",
- "@nugget_host_generic_libnos//:libnos",
+ "//host/generic/libnos",
],
)
@@ -96,7 +104,26 @@
deps = [
"nugget_app_weaver_weaver_cc_proto",
"nugget_protobuf_options_cc_proto",
- "@nugget_host_generic_libnos//:libnos",
+ "//host/generic/libnos",
+ ],
+)
+
+cc_library(
+ name = "identity_client_proto",
+ srcs = [
+ "nugget/app/identity/Identity.client.cpp",
+ ],
+ hdrs = [
+ "nugget/app/identity/Identity.client.h",
+ ],
+ includes = [
+ "./nugget/app/identity/",
+ ],
+ visibility = ["//visibility:public"],
+ deps = [
+ "nugget_app_identity_identity_cc_proto",
+ "nugget_protobuf_options_cc_proto",
+ "//host/generic/libnos",
],
)
@@ -115,7 +142,7 @@
deps = [
"nugget_app_avb_avb_cc_proto",
"nugget_protobuf_options_cc_proto",
- "@nugget_host_generic_libnos//:libnos",
+ "//host/generic/libnos",
],
)
@@ -123,7 +150,7 @@
# rpc proto genrules.
################################################################################
-GEN_SERVICE = "$(location @com_google_protobuf//:protoc) --plugin=protoc-gen-nos-client-cpp=$(location @nugget_host_generic_libnos_generator//:protoc_gen_nos_client_cpp)"
+GEN_SERVICE = "$(location @com_google_protobuf//:protoc) --plugin=protoc-gen-nos-client-cpp=$(location //host/generic/libnos/generator:protoc_gen_nos_client_cpp)"
PROTO_ROOT = "$$(dirname $$(dirname $$(dirname $(location nugget/protobuf/options.proto))))"
@@ -141,8 +168,8 @@
" --nos-client-cpp_out=source:$$(dirname $(location nugget/app/avb/Avb.client.cpp)) " +
"$(location nugget/app/avb/avb.proto)",
tools = [
+ "//host/generic/libnos/generator:protoc_gen_nos_client_cpp",
"@com_google_protobuf//:protoc",
- "@nugget_host_generic_libnos_generator//:protoc_gen_nos_client_cpp",
],
)
@@ -160,8 +187,8 @@
" --nos-client-cpp_out=header:$$(dirname $(location nugget/app/avb/Avb.client.h)) " +
"$(location nugget/app/avb/avb.proto)",
tools = [
+ "//host/generic/libnos/generator:protoc_gen_nos_client_cpp",
"@com_google_protobuf//:protoc",
- "@nugget_host_generic_libnos_generator//:protoc_gen_nos_client_cpp",
],
)
@@ -179,8 +206,8 @@
" --nos-client-cpp_out=source:$$(dirname $(location nugget/app/weaver/Weaver.client.cpp)) " +
"$(location nugget/app/weaver/weaver.proto)",
tools = [
+ "//host/generic/libnos/generator:protoc_gen_nos_client_cpp",
"@com_google_protobuf//:protoc",
- "@nugget_host_generic_libnos_generator//:protoc_gen_nos_client_cpp",
],
)
@@ -198,8 +225,50 @@
" --nos-client-cpp_out=header:$$(dirname $(location nugget/app/weaver/Weaver.client.h)) " +
"$(location nugget/app/weaver/weaver.proto)",
tools = [
+ "//host/generic/libnos/generator:protoc_gen_nos_client_cpp",
"@com_google_protobuf//:protoc",
- "@nugget_host_generic_libnos_generator//:protoc_gen_nos_client_cpp",
+ ],
+)
+
+genrule(
+ name = "identity_proto_client_cc_genrule",
+ srcs = [
+ "nugget/app/identity/identity.proto",
+ "nugget/app/identity/identity_defs.proto",
+ "nugget/app/identity/identity_types.proto",
+ "nugget/protobuf/options.proto",
+ "google/protobuf/descriptor.proto",
+ ],
+ outs = [
+ "nugget/app/identity/Identity.client.cpp",
+ ],
+ cmd = GEN_SERVICE + " --proto_path=" + PROTO_ROOT +
+ " --nos-client-cpp_out=source:$$(dirname $(location nugget/app/identity/Identity.client.cpp)) " +
+ "$(location nugget/app/identity/identity.proto)",
+ tools = [
+ "@com_google_protobuf//:protoc",
+ "//host/generic/libnos/generator:protoc_gen_nos_client_cpp",
+ ],
+)
+
+genrule(
+ name = "identity_proto_client_h_genrule",
+ srcs = [
+ "nugget/app/identity/identity.proto",
+ "nugget/app/identity/identity_defs.proto",
+ "nugget/app/identity/identity_types.proto",
+ "nugget/protobuf/options.proto",
+ "google/protobuf/descriptor.proto",
+ ],
+ outs = [
+ "nugget/app/identity/Identity.client.h",
+ ],
+ cmd = GEN_SERVICE + " --proto_path=" + PROTO_ROOT +
+ " --nos-client-cpp_out=header:$$(dirname $(location nugget/app/identity/Identity.client.h)) " +
+ "$(location nugget/app/identity/identity.proto)",
+ tools = [
+ "@com_google_protobuf//:protoc",
+ "//host/generic/libnos/generator:protoc_gen_nos_client_cpp",
],
)
@@ -219,8 +288,8 @@
" --nos-client-cpp_out=source:$$(dirname $(location nugget/app/keymaster/Keymaster.client.cpp)) " +
"$(location nugget/app/keymaster/keymaster.proto)",
tools = [
+ "//host/generic/libnos/generator:protoc_gen_nos_client_cpp",
"@com_google_protobuf//:protoc",
- "@nugget_host_generic_libnos_generator//:protoc_gen_nos_client_cpp",
],
)
@@ -240,8 +309,8 @@
" --nos-client-cpp_out=header:$$(dirname $(location nugget/app/keymaster/Keymaster.client.h)) " +
"$(location nugget/app/keymaster/keymaster.proto)",
tools = [
+ "//host/generic/libnos/generator:protoc_gen_nos_client_cpp",
"@com_google_protobuf//:protoc",
- "@nugget_host_generic_libnos_generator//:protoc_gen_nos_client_cpp",
],
)
@@ -249,11 +318,14 @@
# proto libraries
################################################################################
+PROTO_SOURCE_ROOT = "/host/generic/nugget/proto"
+
proto_library(
name = "google_protobuf_descriptor_proto",
srcs = [
"google/protobuf/descriptor.proto",
],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
)
proto_library(
@@ -261,6 +333,7 @@
srcs = [
"nugget/app/avb/avb.proto",
],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
deps = [
"nugget_protobuf_options_proto",
],
@@ -273,6 +346,7 @@
"nugget/app/keymaster/keymaster_defs.proto",
"nugget/app/keymaster/keymaster_types.proto",
],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
deps = [
"nugget_protobuf_options_proto",
],
@@ -283,6 +357,7 @@
srcs = [
"nugget/app/protoapi/control.proto",
],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
deps = [
"nugget_app_protoapi_header_proto",
],
@@ -293,6 +368,7 @@
srcs = [
"nugget/app/protoapi/diagnostics_api.proto",
],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
deps = [
"nugget_app_protoapi_header_proto",
],
@@ -303,6 +379,7 @@
srcs = [
"nugget/app/protoapi/gchips_types.proto",
],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
)
proto_library(
@@ -310,6 +387,7 @@
srcs = [
"nugget/app/protoapi/header.proto",
],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
)
proto_library(
@@ -317,6 +395,7 @@
srcs = [
"nugget/app/protoapi/testing_api.proto",
],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
deps = [
"nugget_app_protoapi_header_proto",
],
@@ -327,6 +406,20 @@
srcs = [
"nugget/app/weaver/weaver.proto",
],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
+ deps = [
+ "nugget_protobuf_options_proto",
+ ],
+)
+
+proto_library(
+ name = "nugget_app_identity_identity_proto",
+ srcs = [
+ "nugget/app/identity/identity.proto",
+ "nugget/app/identity/identity_defs.proto",
+ "nugget/app/identity/identity_types.proto",
+ ],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
deps = [
"nugget_protobuf_options_proto",
],
@@ -337,6 +430,7 @@
srcs = [
"nugget/protobuf/options.proto",
],
+ strip_import_prefix = PROTO_SOURCE_ROOT,
deps = [
"@com_google_protobuf//:descriptor_proto",
],
diff --git a/nugget/proto/WORKSPACE b/nugget/proto/WORKSPACE
deleted file mode 100644
index 8f4a329..0000000
--- a/nugget/proto/WORKSPACE
+++ /dev/null
@@ -1 +0,0 @@
-workspace(name = "nugget_host_generic_nugget_proto")
diff --git a/nugget/proto/nugget/app/identity/Android.bp b/nugget/proto/nugget/app/identity/Android.bp
new file mode 100644
index 0000000..d05f639
--- /dev/null
+++ b/nugget/proto/nugget/app/identity/Android.bp
@@ -0,0 +1,47 @@
+//
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+genrule {
+ name: "nos_app_identity_service_genc++",
+ out: ["Identity.client.cpp"],
+ srcs: ["identity.proto"],
+ tools: ["aprotoc", "protoc-gen-nos-client-cpp"],
+ cmd: GEN_SERVICE_SOURCE,
+}
+
+genrule {
+ name: "nos_app_identity_service_genc++_headers",
+ out: ["Identity.client.h"],
+ srcs: ["identity.proto"],
+ tools: ["aprotoc", "protoc-gen-nos-client-cpp"],
+ cmd: GEN_SERVICE_HEADER,
+}
+
+genrule {
+ name: "nos_app_identity_service_genc++_mock",
+ out: ["MockIdentity.client.h"],
+ srcs: ["identity.proto"],
+ tools: ["aprotoc", "protoc-gen-nos-client-cpp"],
+ cmd: GEN_SERVICE_MOCK,
+}
+
+cc_library {
+ name: "nos_app_identity",
+ generated_sources: ["nos_app_identity_service_genc++"],
+ generated_headers: ["nos_app_identity_service_genc++_headers"],
+ defaults: ["nos_app_service_defaults"],
+ export_generated_headers: ["nos_app_identity_service_genc++_headers"],
+}
diff --git a/nugget/proto/nugget/app/identity/identity.proto b/nugget/proto/nugget/app/identity/identity.proto
new file mode 100644
index 0000000..96548c0
--- /dev/null
+++ b/nugget/proto/nugget/app/identity/identity.proto
@@ -0,0 +1,305 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+syntax = "proto3";
+
+package nugget.app.identity;
+
+import "nugget/app/identity/identity_defs.proto";
+import "nugget/app/identity/identity_types.proto";
+import "nugget/protobuf/options.proto";
+
+// Identity is the app used to implement Android's Identity HAL.
+//
+// The documentation for the HAL applies to this implementation.
+service Identity {
+ option (nugget.protobuf.app_id) = "IDENTITY";
+ option (nugget.protobuf.app_name) = "Identity";
+ option (nugget.protobuf.app_version) = 1;
+ option (nugget.protobuf.request_buffer_size) = 1024;
+ option (nugget.protobuf.response_buffer_size) = 1024;
+
+ // RPCs for the Identity HAL
+ rpc WICinitialize (WICinitializeRequest) returns (WICinitializeResponse);
+ rpc WICcreateCredentialKey (WICcreateCredentialKeyRequest) returns (WICcreateCredentialKeyResponse);
+ rpc WICstartPersonalization (WICstartPersonalizationRequest) returns (WICstartPersonalizationResponse);
+ rpc WICaddAccessControlProfile (WICaddAccessControlProfileRequest) returns (WICaddAccessControlProfileResponse);
+ rpc WICbeginAddEntry (WICbeginAddEntryRequest) returns (WICbeginAddEntryResponse);
+ rpc WICaddEntryValue (WICaddEntryValueRequest) returns (WICaddEntryValueResponse);
+ rpc WICfinishAddingEntries (WICfinishAddingEntriesRequest) returns (WICfinishAddingEntriesResponse);
+ rpc ICinitialize (ICinitializeRequest) returns (ICinitializeResponse);
+ rpc ICcreateEphemeralKeyPair (ICcreateEphemeralKeyPairRequest) returns (ICcreateEphemeralKeyPairResponse);
+ rpc ICgenerateSigningKeyPair (ICgenerateSigningKeyPairRequest) returns (ICgenerateSigningKeyPairResponse);
+ rpc ICcreateAuthChallenge (ICcreateAuthChallengeRequest) returns (ICcreateAuthChallengeResponse);
+ rpc ICstartRetrieveEntries (ICstartRetrieveEntriesRequest) returns (ICstartRetrieveEntriesResponse);
+ rpc ICsetAuthToken (ICsetAuthTokenRequest) returns (ICsetAuthTokenResponse);
+ rpc ICpushReaderCert (ICpushReaderCertRequest) returns (ICpushReaderCertResponse);
+ rpc ICvalidateAccessControlProfile (ICvalidateAccessControlProfileRequest) returns (ICvalidateAccessControlProfileResponse);
+ rpc ICvalidateRequestMessage (ICvalidateRequestMessageRequest) returns (ICvalidateRequestMessageResponse);
+ rpc ICcalcMacKey (ICcalcMacKeyRequest) returns (ICcalcMacKeyResponse);
+ rpc ICstartRetrieveEntryValue (ICstartRetrieveEntryValueRequest) returns (ICstartRetrieveEntryValueResponse);
+ rpc ICretrieveEntryValue (ICretrieveEntryValueRequest) returns (ICretrieveEntryValueResponse);
+ rpc ICfinishRetrieval (ICfinishRetrievalRequest) returns (ICfinishRetrievalResponse);
+ rpc ICdeleteCredential (ICdeleteCredentialRequest) returns (ICdeleteCredentialResponse);
+}
+
+// WICinitialize
+message WICinitializeRequest{
+ bool testCredential = 1;
+}
+message WICinitializeResponse{
+ Result result = 1;
+}
+
+// WICcreateCredentialKey
+message WICcreateCredentialKeyRequest{
+}
+
+message WICcreateCredentialKeyResponse{
+ Result result = 1;
+ bytes publickey = 2;
+}
+
+// WICstartPersonalization
+message WICstartPersonalizationRequest{
+ uint32 accessControlProfileCount = 1;
+ bytes entryCounts = 2;
+ bytes docType = 3;
+ uint32 expectedProofOfProvisioningSize = 4;
+}
+message WICstartPersonalizationResponse{
+ Result result = 1;
+}
+
+// WICaddAccessControlProfile
+message WICaddAccessControlProfileRequest{
+ uint32 id = 1;
+ bytes readerCertificate = 2;
+ bool userAuthenticationRequired = 3;
+ uint64 timeoutMillis = 4;
+ uint64 secureUserId = 5;
+}
+message WICaddAccessControlProfileResponse{
+ Result result = 1;
+ bytes mac = 2;
+}
+
+// WICbeginAddEntry
+message WICbeginAddEntryRequest{
+ bytes accessControlProfileIds = 1;
+ string nameSpace = 2;
+ string name = 3;
+ uint64 entrySize = 4;
+}
+message WICbeginAddEntryResponse{
+ Result result = 1;
+}
+
+// WICaddEntryValue
+message WICaddEntryValueRequest{
+ bytes accessControlProfileIds = 1;
+ string nameSpace = 2;
+ string name = 3;
+ bytes content = 4;
+}
+message WICaddEntryValueResponse{
+ Result result = 1;
+ bytes encrypted_content = 2;
+}
+
+// WICfinishAddingEntries
+message WICfinishAddingEntriesRequest{
+ bytes docType = 1;
+ bool testCredential = 2;
+}
+
+message WICfinishAddingEntriesResponse{
+ Result result = 1;
+ bytes signatureOfToBeSigned = 2;
+ bytes credentialData = 3;
+}
+
+// ICinitialize
+message ICinitializeRequest{
+ bool testCredential = 1;
+ bytes docType = 2;
+ bytes encryptedCredentialKeys = 3;
+}
+
+message ICinitializeResponse{
+ Result result = 1;
+}
+
+// ICcreateEphemeralKeyPair
+message ICcreateEphemeralKeyPairRequest{
+}
+
+message ICcreateEphemeralKeyPairResponse{
+ Result result = 1;
+ bytes ephemeralPriv = 2;
+}
+
+// ICgenerateSigningKeyPair
+message ICgenerateSigningKeyPairRequest{
+ bytes docType = 1;
+}
+
+message ICgenerateSigningKeyPairResponse{
+ Result result = 1;
+ bytes SigningKeyBlob =2;
+ bytes signingPubKey =3;
+}
+
+// ICcreateAuthChallenge
+message ICcreateAuthChallengeRequest{
+}
+
+message ICcreateAuthChallengeResponse{
+ Result result = 1;
+ uint64 challenge = 2;
+}
+
+// ICstartRetrieveEntries
+message ICstartRetrieveEntriesRequest{
+}
+
+message ICstartRetrieveEntriesResponse{
+ Result result = 1;
+}
+
+// ICsetAuthToken
+message ICsetAuthTokenRequest{
+ uint64 challenge = 1;
+ uint64 secureUserId = 2;
+ uint64 authenticatorId = 3;
+ uint32 hardwareAuthenticatorType = 4;
+ uint64 timeStamp = 5;
+ bytes mac = 6;
+ uint64 verificationTokenChallenge = 7;
+ uint64 verificationTokenTimestamp =8;
+ uint32 verificationTokenSecurityLevel =9;
+ bytes verificationTokenMac = 10;
+}
+
+message ICsetAuthTokenResponse{
+ Result result = 1;
+}
+
+// ICpushReaderCert
+message ICpushReaderCertRequest{
+ bytes x509Cert = 1;
+ uint32 tbsCertificateOffset = 2;
+ uint32 tbsCertificateSize = 3;
+ uint32 signatureOffset = 4;
+ uint32 signatureSize = 5;
+ uint32 publicKeyOffset = 6;
+ uint32 publicKeySize = 7;
+ uint32 signAlg = 8;
+}
+
+message ICpushReaderCertResponse{
+ Result result = 1;
+}
+
+// ICvalidateAccessControlProfile
+message ICvalidateAccessControlProfileRequest{
+ uint32 id = 1;
+ bytes readerCertificate = 2;
+ bool userAuthenticationRequired = 3;
+ uint32 timeoutMillis = 4;
+ uint64 secureUserId = 5;
+ bytes mac = 6;
+ uint32 publicKeyOffset = 7;
+ uint32 publicKeysize = 8;
+}
+
+message ICvalidateAccessControlProfileResponse{
+ Result result = 1;
+ bool accessGranted = 2;
+}
+
+// ICvalidateRequestMessage
+message ICvalidateRequestMessageRequest{
+ bytes sessionTranscript = 1;
+ bytes requestMessage = 2;
+ uint32 coseSignAlg = 3;
+ bytes readerSignatureOfToBeSigned = 4;
+}
+
+message ICvalidateRequestMessageResponse{
+ Result result = 1;
+}
+
+// ICcalcMacKey
+message ICcalcMacKeyRequest{
+ bytes sessionTranscript = 1;
+ bytes readerEphemeralPublicKey = 2;
+ bytes signingKeyBlob = 3;
+ bytes docType = 4;
+ uint32 numNamespacesWithValues = 5;
+ uint32 expectedProofOfProvisioningSize = 6;
+}
+
+message ICcalcMacKeyResponse{
+ Result result = 1;
+}
+
+// ICstartRetrieveEntryValue
+message ICstartRetrieveEntryValueRequest{
+ string nameSpace = 1;
+ string name = 2;
+ uint32 newNamespaceNumEntries = 3;
+ uint32 entrySize = 4;
+ bytes accessControlProfileIds = 5;
+}
+
+message ICstartRetrieveEntryValueResponse{
+ AccessResult accessCheckResult = 1;
+}
+
+// ICretrieveEntryValue
+message ICretrieveEntryValueRequest{
+ bytes encryptedContent = 1;
+ string nameSpace = 2;
+ string name = 3;
+ bytes accessControlProfileIds = 4;
+}
+
+message ICretrieveEntryValueResponse{
+ Result result = 1;
+ bytes content = 2;
+}
+
+// ICfinishRetrieval
+message ICfinishRetrievalRequest{
+}
+
+message ICfinishRetrievalResponse{
+ Result result = 1;
+ bytes mac = 2;
+}
+
+// ICdeleteCredential
+message ICdeleteCredentialRequest{
+ bytes docType = 1;
+ bool testCredential = 2;
+ uint32 proofOfDeletionCborSize =3;
+}
+
+message ICdeleteCredentialResponse{
+ Result result = 1;
+ bytes signatureOfToBeSigned = 2;
+}
\ No newline at end of file
diff --git a/nugget/proto/nugget/app/identity/identity_defs.proto b/nugget/proto/nugget/app/identity/identity_defs.proto
new file mode 100644
index 0000000..f372ad3
--- /dev/null
+++ b/nugget/proto/nugget/app/identity/identity_defs.proto
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+syntax = "proto3";
+
+package nugget.app.identity;
+
+/**
+ * The ResultCode enumeration is used to convey the status of an operation.
+ */
+enum ResultCode {
+ STATUS_OK = 0;
+ STATUS_FAILED = 1;
+ STATUS_CIPHER_SUITE_NOT_SUPPORTED = 2;
+ STATUS_INVALID_DATA = 3;
+ STATUS_INVALID_AUTH_TOKEN = 4;
+ STATUS_INVALID_ITEMS_REQUEST_MESSAGE = 5;
+ STATUS_READER_SIGNATURE_CHECK_FAILED = 6;
+ STATUS_EPHEMERAL_PUBLIC_KEY_NOT_FOUND = 7;
+ STATUS_USER_AUTHENTICATION_FAILED = 8;
+ STATUS_READER_AUTHENTICATION_FAILED = 9;
+ STATUS_NO_ACCESS_CONTROL_PROFILES = 10;
+ STATUS_NOT_IN_REQUEST_MESSAGE = 11;
+ STATUS_SESSION_TRANSCRIPT_MISMATCH = 12;
+};
+
+enum EicAccessCheckResult {
+ EIC_ACCESS_CHECK_RESULT_OK = 0;
+ EIC_ACCESS_CHECK_RESULT_FAILED = 1;
+ EIC_ACCESS_CHECK_RESULT_NO_ACCESS_CONTROL_PROFILES = 2;
+ EIC_ACCESS_CHECK_RESULT_USER_AUTHENTICATION_FAILED = 3;
+ EIC_ACCESS_CHECK_RESULT_READER_AUTHENTICATION_FAILED = 4;
+};
\ No newline at end of file
diff --git a/nugget/proto/nugget/app/identity/identity_types.proto b/nugget/proto/nugget/app/identity/identity_types.proto
new file mode 100644
index 0000000..4c50f2c
--- /dev/null
+++ b/nugget/proto/nugget/app/identity/identity_types.proto
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+syntax = "proto3";
+
+package nugget.app.identity;
+
+import "nugget/protobuf/options.proto";
+import "nugget/app/identity/identity_defs.proto";
+
+message Result {
+ ResultCode result_code = 1;
+ string message = 2;
+}
+
+message AccessResult {
+ EicAccessCheckResult access_result = 1;
+ string message = 2;
+}
\ No newline at end of file
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto
index 8dac4e8..e508c8e 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster.proto
@@ -115,6 +115,29 @@
*/
rpc ProvisionCertificates(ProvisionCertificatesRequest) returns (ProvisionCertificatesResponse);
+ /*
+ * KM4.1 methods.
+ */
+ rpc DeviceLocked(DeviceLockedRequest) returns (DeviceLockedResponse);
+ rpc EarlyBootEnded(EarlyBootEndedRequest) returns (EarlyBootEndedResponse);
+
+ /*
+ * More vendor specific methods.
+ */
+ rpc ReadCertificate(ReadCertificateRequest) returns (ReadCertificateResponse);
+ rpc IdentityStartAttestKey (IdentityStartAttestKeyRequest) returns (IdentityStartAttestKeyResponse);
+ rpc IdentityFinishAttestKey (IdentityFinishAttestKeyRequest) returns (IdentityFinishAttestKeyResponse);
+
+ /*
+ * Resume-on-Reboot implementation.
+ */
+ rpc VigoReadVS(VigoReadVSRequest) returns (VigoReadVSResponse);
+ rpc VigoStartChannel(VigoStartChannelRequest)
+ returns (VigoStartChannelResponse);
+ rpc VigoStoreSecret(VigoStoreSecretRequest) returns (VigoStoreSecretResponse);
+ rpc VigoReleaseSecret(VigoReleaseSecretRequest)
+ returns (VigoReleaseSecretResponse);
+
// These are implemented with a enum, so new RPCs must be appended, and
// deprecated RPCs need placeholders.
}
@@ -337,6 +360,21 @@
bytes sharing_check = 2;
}
+// DeviceLockedRequest
+message DeviceLockedRequest {
+ bool password_only = 1;
+ VerificationToken verification_token = 2;
+}
+message DeviceLockedResponse {
+ ErrorCode error_code = 1;
+}
+
+// DeviceLockedRequest
+message EarlyBootEndedRequest {}
+message EarlyBootEndedResponse {
+ ErrorCode error_code = 1;
+}
+
/*
* Vendor HAL.
*/
@@ -455,4 +493,69 @@
message ProvisionCertificatesResponse {
ErrorCode error_code = 1;
CertificateStatus cert_status = 2;
-}
\ No newline at end of file
+}
+
+message ReadCertificateRequest {
+ AttestationSelector selector = 1;
+ Algorithm algorithm = 2;
+}
+message ReadCertificateResponse {
+ ErrorCode error_code = 1;
+ Certificate cert = 2;
+}
+
+message VigoReadVSRequest {}
+message VigoReadVSResponse {
+ ErrorCode error_code = 1;
+ VigoKey vs_key = 2;
+}
+message VigoStartChannelRequest {
+ VigoKey client_key = 1;
+}
+message VigoStartChannelResponse {
+ ErrorCode error_code = 1;
+ VigoKey server_key = 2;
+ VigoSignature channel_signature = 3;
+}
+message VigoStoreSecretRequest {
+ VigoKey rs_key = 1;
+ VigoSecret secret_encrypted = 2;
+}
+message VigoStoreSecretResponse {
+ ErrorCode error_code = 1;
+}
+message VigoReleaseSecretRequest {
+ VigoSignature rs_signature = 1;
+}
+message VigoReleaseSecretResponse {
+ ErrorCode error_code = 1;
+ VigoSecret secret_encrypted = 2;
+}
+
+// IdentityStartAttestKey
+message IdentityStartAttestKeyRequest {
+ bytes pubkey = 1;
+ KeyParameters params = 2;
+ uint32 attestation_app_id_len = 3;
+ AttestationSelector selector = 4;
+ bytes not_before = 5; // strftime('%y%m%d%H%M%SZ') [13 octects]
+ bytes not_after = 6; // strftime('%y%m%d%H%M%SZ') [13 octects]
+ uint64 creation_time_ms = 7; // Rough current time (ms since epoch).
+}
+message IdentityStartAttestKeyResponse {
+ ErrorCode error_code = 1;
+ OperationHandle handle = 2;
+ bytes certificate_prologue = 3;
+}
+
+// IdentityFinishAttestKeyRequest
+message IdentityFinishAttestKeyRequest {
+ OperationHandle handle = 1;
+ bool use_km_attest_key = 2;
+}
+message IdentityFinishAttestKeyResponse {
+ ErrorCode error_code = 1;
+ bytes certificate_epilogue = 2;
+ ChipFusing chip_fusing = 3;
+ bool nodelocked_ro = 4;
+}
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
index 1eff0bf..76f1a2f 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
@@ -55,6 +55,7 @@
BOOTLOADER_ONLY = 0x7012e; // (TagType:BOOL | 302)
ROLLBACK_RESISTANCE = 0x7012f; // (TagType:BOOL | 303)
HARDWARE_TYPE = 0x10130; // TagType:ENUM | 304,
+ EARLY_BOOT_ONLY = 0x70131; // TagType:BOOL | 305,
ACTIVE_DATETIME = 0x60190; // (TagType:DATE | 400)
ORIGINATION_EXPIRE_DATETIME = 0x60191; // (TagType:DATE | 401)
USAGE_EXPIRE_DATETIME = 0x60192; // (TagType:DATE | 402)
@@ -93,6 +94,9 @@
ATTESTATION_ID_MODEL = 0x902cd; // (TagType:BYTES | 717)
VENDOR_PATCHLEVEL = 0x302ce; // (TagType:UINT | 718)
BOOT_PATCHLEVEL = 0x302cf; // (TagType:UINT | 719)
+ DEVICE_UNIQUE_ATTESTATION = 0x702d0; // (TagType:BOOL | 720)
+ IDENTITY_CREDENTIAL_KEY = 0x702d1; // (TagType:BOOL | 721)
+ STORAGE_KEY = 0x702d2; // (TagType:BOOL | 722)
ASSOCIATED_DATA = 0x903e8; // (TagType:BYTES | 1000)
NONCE = 0x903e9; // (TagType:BYTES | 1001)
/* RESERVED: AUTH_TOKEN = 0x903ea; // (TagType:BYTES | 1002) */
@@ -249,6 +253,12 @@
PRODUCTION_MODE_PROVISIONING = 73; // Vendor specific.
NO_USER_CONFIRMATION = 74;
KEY_UPGRADE_NOT_REQUIRED = 75; // Vendor specific.
+ DEVICE_LOCKED = 76;
+ EARLY_BOOT_ENDED = 77;
+ ATTESTATION_KEYS_NOT_PROVISIONED = 78;
+ ATTESTATION_IDS_NOT_PROVISIONED = 79;
+ INVALID_OPERATION = 80;
+ STORAGE_KEY_UNSUPPORTED = 81;
};
enum SecurityLevel {
@@ -305,4 +315,4 @@
CERT_CHECKSUM = 2;
CERT_UNKNOWN_ERROR = 3;
CERT_WRONG_PACKET = 4;
-}
\ No newline at end of file
+}
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.options b/nugget/proto/nugget/app/keymaster/keymaster_types.options
index 36284ca..02853bc 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_types.options
+++ b/nugget/proto/nugget/app/keymaster/keymaster_types.options
@@ -3,3 +3,9 @@
nugget.app.keymaster.HmacSharingParameters.nonce max_size:32
nugget.app.keymaster.HardwareAuthToken.mac max_size:32
nugget.app.keymaster.VerificationToken.mac max_size:32
+nugget.app.keymaster.VigoKey.x max_size:64
+nugget.app.keymaster.VigoSignature.r max_size:32
+nugget.app.keymaster.VigoSignature.s max_size:32
+nugget.app.keymaster.VigoSecret.material max_size:32
+nugget.app.keymaster.VigoSecret.iv max_size:16
+nugget.app.keymaster.VigoSecret.tag max_size:16
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.proto b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
index 7e1d7b7..2689498 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_types.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
@@ -109,3 +109,18 @@
ATTEST_BATCH = 1;
ATTEST_INDIVIDUAL = 2;
}
+
+message VigoKey {
+ bytes x = 1;
+}
+
+message VigoSignature {
+ bytes r = 1;
+ bytes s = 2;
+}
+
+message VigoSecret {
+ bytes material = 1;
+ bytes iv = 2;
+ bytes tag = 3;
+}
diff --git a/nugget/proto/nugget/app/protoapi/testing_api.proto b/nugget/proto/nugget/app/protoapi/testing_api.proto
index 127d847..c1c271f 100644
--- a/nugget/proto/nugget/app/protoapi/testing_api.proto
+++ b/nugget/proto/nugget/app/protoapi/testing_api.proto
@@ -15,6 +15,8 @@
INVALID_PLAINTEXT = 2;
MISSING_PARAMETER = 3;
KEYSIZE_MISMATCH = 4;
+ INVALID_TEST = 5;
+ KEYGEN_ERROR = 6;
}
// TODO remove this when oneof support is added to nanopb
@@ -25,6 +27,26 @@
kAesGcmEncryptTest = 3;
kAesCmacTest = 4;
kFullStressTest = 5;
+ kAesCavpCbcTest = 6;
+ kAesCavpEcbTest = 7;
+ kAesCavpCtrTest = 8;
+ kAesCavpMctCbcTest = 9;
+ kAesCavpMctEcbTest = 10;
+ kAesCavpMctCtrTest = 11;
+ kCavpAesGcmTest = 12;
+ kCavpHmacTest = 13;
+ kCavpShaMsgTest = 14;
+ kCavpShaMctTest = 15;
+ kCavpRsaKeyGenTest = 16;
+ kCavpRsaSigGenTest = 17;
+ kCavpRsaSigVerTest = 18;
+ kCavpDrbgTest = 19;
+ kCavpCkdfTest = 20;
+ kCavpEcdsaKeyPairTest = 21;
+ kCavpEcdsaPkvTest = 22;
+ kCavpEcdsaSigGenTest = 23;
+ kCavpEcdsaSigVerTest = 24;
+ kCavpCmacGenTest = 25;
}
// TODO remove this when oneof support is added to nanopb
@@ -35,6 +57,20 @@
kAesGcmEncryptTestResult = 3;
kAesCmacTestResult = 4;
kFullStressResult = 5;
+ kAesCavpTestResult = 6;
+ kCavpAesGcmTestResult = 7;
+ kCavpHmacTestResult = 8;
+ kCavpShaTestResult = 9;
+ kCavpRsaKeyGenTestResult = 10;
+ kCavpRsaSigGenTestResult = 11;
+ kCavpRsaSigVerTestResult = 12;
+ kCavpDrbgTestResult = 13;
+ kCavpCkdfTestResult = 14;
+ kCavpEcdsaKeyPairTestResult = 15;
+ kCavpEcdsaPkvTestResult = 16;
+ kCavpEcdsaSigGenTestResult = 17;
+ kCavpEcdsaSigVerTestResult = 18;
+ kCavpCmacGenTestResult = 19;
}
message AesCbcEncryptTest {
@@ -68,6 +104,238 @@
bytes tag = 3;
}
+enum CavpEncryptMode {
+ ENCRYPT = 0;
+ DECRYPT = 1;
+}
+
+message AesCavpTest {
+ uint32 count = 1;
+ uint32 key_size = 3;
+ CavpEncryptMode encrypt_mode = 4;
+ bytes key = 5;
+ bytes iv = 6;
+ bytes text = 7;
+}
+
+message AesCavpTestResult {
+ DcryptError result_code = 1;
+ bytes text = 2;
+}
+
+message CavpAesGcmTest {
+ uint32 count = 1;
+ uint32 key_len = 2;
+ uint32 tag_len = 3;
+ CavpEncryptMode encrypt_mode = 4;
+ bytes key = 5;
+ bytes iv = 6;
+ bytes text = 7;
+ bytes aad = 8;
+ bytes tag = 9;
+}
+
+message CavpAesGcmTestResult {
+ DcryptError result_code = 1;
+ bytes text = 2;
+ bytes tag = 3;
+ uint32 success = 4;
+}
+
+enum CavpShaAlgorithm {
+ INVALID = 0;
+ SHA1 = 1;
+ SHA256 = 2;
+}
+
+message CavpHmacTest {
+ uint32 key_len = 1;
+ uint32 text_len = 2;
+ CavpShaAlgorithm algo = 3;
+ bytes key = 4;
+ bytes msg = 5;
+}
+
+message CavpHmacTestResult {
+ DcryptError result_code = 1;
+ bytes mac = 2;
+}
+
+message CavpShaMsgTest {
+ CavpShaAlgorithm algo = 1;
+ uint32 total_len = 2;
+ uint32 offset = 3;
+ bytes msg = 4;
+}
+
+message CavpShaMctTest {
+ CavpShaAlgorithm algo = 1;
+ bytes seed = 2;
+}
+
+message CavpShaTestResult {
+ DcryptError result_code = 1;
+ bytes md = 2;
+}
+
+enum CavpRsaMRTable {
+ C_2 = 0;
+ C_3 = 1;
+}
+
+enum CavpRsaPaddingType {
+ INVALID_PADDING = 0;
+ PKCS1 = 1;
+ PSS = 2;
+ OAEP = 3;
+}
+
+message CavpRsaKeyGenTest {
+ uint32 count = 1;
+ uint32 mod = 2;
+ CavpRsaMRTable table = 3;
+}
+
+message CavpRsaSigGenTest {
+ bool gen_n = 1;
+ CavpShaAlgorithm sha_alg = 2;
+ CavpRsaPaddingType padding = 3;
+ bytes msg = 4;
+}
+
+message CavpRsaSigVerTest {
+ uint32 mod = 1;
+ CavpShaAlgorithm sha_alg = 2;
+ CavpRsaPaddingType padding = 3;
+ uint32 e = 4;
+ bytes n = 5;
+ bytes msg = 6;
+ bytes sig = 7;
+}
+
+enum CavpRsaSigVerResult {
+ Pass = 0;
+ Fail_MessageChanged = 1;
+ Fail_General = 2;
+ Fail_SigChanged = 3;
+ Fail_EMHashMovedLeft = 4;
+ Fail_EMModPayload = 5;
+}
+
+message CavpRsaSigVerTestResult {
+ DcryptError result_code = 1;
+ CavpRsaSigVerResult verif_result = 2;
+}
+
+message CavpRsaSigGenTestResult {
+ DcryptError result_code = 1;
+ uint32 e = 2;
+ bytes n = 3;
+ bytes sig = 4;
+}
+
+message CavpRsaKeyGenTestResult {
+ DcryptError result_code = 1;
+ uint32 e = 2;
+ bytes p = 3;
+ bytes q = 4;
+ bytes n = 5;
+ bytes d = 6;
+}
+
+message CavpDrbgTest {
+ bool prediction_resistance = 2;
+ uint32 ret_len = 3;
+ bytes entropy_init = 4;
+ bytes nonce = 5;
+ bytes perso_str = 6;
+ bytes add_input_1 = 7;
+ bytes add_input_2 = 8;
+ bytes entropy_pr_1 = 10;
+ bytes entropy_pr_2 = 11;
+}
+
+message CavpDrbgTestResult {
+ DcryptError result_code = 1;
+ bytes bits = 2;
+}
+
+message CavpCkdfTest {
+ uint32 key_len = 1;
+ bytes key = 2;
+}
+
+message CavpCkdfTestResult {
+ DcryptError result_code = 1;
+ bytes key = 2;
+ bytes fixed_input_data = 3;
+}
+
+enum CavpEcdsaKeyGenTable {
+ B_4_1 = 0;
+ B_4_2 = 1;
+}
+
+message CavpEcdsaKeyPairTest {
+ CavpEcdsaKeyGenTable table = 1;
+}
+
+message CavpEcdsaKeyPairTestResult {
+ DcryptError result_code = 1;
+ bytes d = 2;
+ bytes qx = 3;
+ bytes qy = 4;
+}
+
+message CavpEcdsaPkvTest {
+ bytes qx = 1;
+ bytes qy = 2;
+}
+
+message CavpEcdsaPkvTestResult {
+ DcryptError result_code = 1;
+ bool result = 2;
+}
+
+message CavpEcdsaSigGenTest {
+ bytes msg = 1;
+}
+
+message CavpEcdsaSigGenTestResult {
+ DcryptError result_code = 1;
+ bytes qx = 2;
+ bytes qy = 3;
+ bytes r = 4;
+ bytes sig = 5;
+}
+
+message CavpEcdsaSigVerTest {
+ bytes msg = 1;
+ bytes qx = 2;
+ bytes qy = 3;
+ bytes r = 4;
+ bytes sig = 5;
+}
+
+message CavpEcdsaSigVerTestResult {
+ DcryptError result_code = 1;
+ bool result = 2;
+}
+
+message CavpCmacGenTest {
+ uint32 offset = 1;
+ uint32 key_size = 2;
+ uint32 mac_len = 3;
+ uint32 total_len = 4;
+ bytes key = 5;
+ bytes msg = 6;
+}
+
+message CavpCmacGenTestResult {
+ DcryptError result_code = 1;
+ bytes mac = 2;
+}
+
message TrngTest {
uint32 number_of_bytes = 1;
}