| /* |
| * Copyright (C) 2019 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| syntax = "proto3"; |
| |
| package nugget.app.identity; |
| |
| import "nugget/app/identity/identity_defs.proto"; |
| import "nugget/app/identity/identity_types.proto"; |
| import "nugget/protobuf/options.proto"; |
| |
| // Identity is the app used to implement Android's Identity HAL. |
| // |
| // The documentation for the HAL applies to this implementation. |
| service Identity { |
| option (nugget.protobuf.app_id) = "IDENTITY"; |
| option (nugget.protobuf.app_name) = "Identity"; |
| option (nugget.protobuf.app_version) = 1; |
| option (nugget.protobuf.request_buffer_size) = 2048; |
| option (nugget.protobuf.response_buffer_size) = 2048; |
| |
| // RPCs for the Identity HAL |
| rpc WICinitialize (WICinitializeRequest) returns (WICinitializeResponse); |
| rpc WICinitializeForUpdate (WICinitializeForUpdateRequest) returns (WICinitializeForUpdateResponse); |
| rpc WICcreateCredentialKey (WICcreateCredentialKeyRequest) returns (WICcreateCredentialKeyResponse); |
| rpc WICstartPersonalization (WICstartPersonalizationRequest) returns (WICstartPersonalizationResponse); |
| rpc WICaddAccessControlProfile (WICaddAccessControlProfileRequest) returns (WICaddAccessControlProfileResponse); |
| rpc WICbeginAddEntry (WICbeginAddEntryRequest) returns (WICbeginAddEntryResponse); |
| rpc WICaddEntryValue (WICaddEntryValueRequest) returns (WICaddEntryValueResponse); |
| rpc WICfinishAddingEntries (WICfinishAddingEntriesRequest) returns (WICfinishAddingEntriesResponse); |
| rpc ICinitialize (ICinitializeRequest) returns (ICinitializeResponse); |
| rpc ICcreateEphemeralKeyPair (ICcreateEphemeralKeyPairRequest) returns (ICcreateEphemeralKeyPairResponse); |
| rpc ICgenerateSigningKeyPair (ICgenerateSigningKeyPairRequest) returns (ICgenerateSigningKeyPairResponse); |
| rpc ICcreateAuthChallenge (ICcreateAuthChallengeRequest) returns (ICcreateAuthChallengeResponse); |
| rpc ICstartRetrieveEntries (ICstartRetrieveEntriesRequest) returns (ICstartRetrieveEntriesResponse); |
| rpc ICsetAuthToken (ICsetAuthTokenRequest) returns (ICsetAuthTokenResponse); |
| rpc ICpushReaderCert (ICpushReaderCertRequest) returns (ICpushReaderCertResponse); |
| rpc ICvalidateAccessControlProfile (ICvalidateAccessControlProfileRequest) returns (ICvalidateAccessControlProfileResponse); |
| rpc ICvalidateRequestMessage (ICvalidateRequestMessageRequest) returns (ICvalidateRequestMessageResponse); |
| rpc ICcalcMacKey (ICcalcMacKeyRequest) returns (ICcalcMacKeyResponse); |
| rpc ICstartRetrieveEntryValue (ICstartRetrieveEntryValueRequest) returns (ICstartRetrieveEntryValueResponse); |
| rpc ICretrieveEntryValue (ICretrieveEntryValueRequest) returns (ICretrieveEntryValueResponse); |
| rpc ICfinishRetrieval (ICfinishRetrievalRequest) returns (ICfinishRetrievalResponse); |
| rpc ICdeleteCredential (ICdeleteCredentialRequest) returns (ICdeleteCredentialResponse); |
| rpc ICproveOwnership (ICproveOwnershipRequest) returns (ICproveOwnershipResponse); |
| rpc GetSessionId (GetSessionIdRequest) returns (GetSessionIdResponse); |
| rpc SessionShutdown(SessionShutdownRequest) returns (SessionShutdownResponse); |
| rpc SessionInitialize (SessionInitializeRequest) returns (SessionInitializeResponse); |
| rpc SessionSetReaderEphemeralPublicKey (SessionSetReaderEphemeralPublicKeyRequest) returns (SessionSetReaderEphemeralPublicKeyResponse); |
| rpc SessionSetSessionTranscript (SessionSetSessionTranscriptRequest) returns (SessionSetSessionTranscriptResponse); |
| } |
| |
| enum RequestType { |
| unknown = 0; |
| provision = 1; |
| presentation = 2; |
| session = 3; |
| } |
| |
| // WICinitialize |
| message WICinitializeRequest{ |
| bool testCredential = 1; |
| } |
| message WICinitializeResponse{ |
| Result result = 1; |
| } |
| |
| // WICinitializeForUpdate |
| message WICinitializeForUpdateRequest{ |
| bool testCredential = 1; |
| bytes docType = 2; |
| bytes encryptedCredentialKeys = 3; |
| } |
| |
| message WICinitializeForUpdateResponse{ |
| Result result = 1; |
| } |
| |
| // WICcreateCredentialKey |
| message WICcreateCredentialKeyRequest{ |
| } |
| |
| message WICcreateCredentialKeyResponse{ |
| Result result = 1; |
| bytes publickey = 2; |
| } |
| |
| // WICstartPersonalization |
| message WICstartPersonalizationRequest{ |
| uint32 accessControlProfileCount = 1; |
| bytes entryCounts = 2; |
| bytes docType = 3; |
| uint32 expectedProofOfProvisioningSize = 4; |
| bool supportInt32EntryCounts = 5; |
| } |
| message WICstartPersonalizationResponse{ |
| Result result = 1; |
| } |
| |
| // WICaddAccessControlProfile |
| message WICaddAccessControlProfileRequest{ |
| uint32 id = 1; |
| bytes readerCertificate = 2; |
| bool userAuthenticationRequired = 3; |
| uint64 timeoutMillis = 4; |
| uint64 secureUserId = 5; |
| } |
| message WICaddAccessControlProfileResponse{ |
| Result result = 1; |
| bytes mac = 2; |
| } |
| |
| // WICbeginAddEntry |
| message WICbeginAddEntryRequest{ |
| bytes accessControlProfileIds = 1; |
| string nameSpace = 2; |
| string name = 3; |
| uint64 entrySize = 4; |
| } |
| message WICbeginAddEntryResponse{ |
| Result result = 1; |
| } |
| |
| // WICaddEntryValue |
| message WICaddEntryValueRequest{ |
| bytes accessControlProfileIds = 1; |
| string nameSpace = 2; |
| string name = 3; |
| bytes content = 4; |
| } |
| message WICaddEntryValueResponse{ |
| Result result = 1; |
| bytes encrypted_content = 2; |
| } |
| |
| // WICfinishAddingEntries |
| message WICfinishAddingEntriesRequest{ |
| bytes docType = 1; |
| bool testCredential = 2; |
| } |
| |
| message WICfinishAddingEntriesResponse{ |
| Result result = 1; |
| bytes signatureOfToBeSigned = 2; |
| bytes credentialData = 3; |
| } |
| |
| // ICinitialize |
| message ICinitializeRequest{ |
| bool testCredential = 1; |
| bytes docType = 2; |
| bytes encryptedCredentialKeys = 3; |
| uint32 oemHalVersion = 4; |
| uint32 sessionId = 5; |
| } |
| |
| message ICinitializeResponse{ |
| Result result = 1; |
| } |
| |
| // ICcreateEphemeralKeyPair |
| message ICcreateEphemeralKeyPairRequest{ |
| } |
| |
| message ICcreateEphemeralKeyPairResponse{ |
| Result result = 1; |
| bytes ephemeralPriv = 2; |
| } |
| |
| // ICgenerateSigningKeyPair |
| message ICgenerateSigningKeyPairRequest{ |
| bytes docType = 1; |
| } |
| |
| message ICgenerateSigningKeyPairResponse{ |
| Result result = 1; |
| bytes SigningKeyBlob =2; |
| bytes signingPubKey =3; |
| } |
| |
| // ICcreateAuthChallenge |
| message ICcreateAuthChallengeRequest{ |
| } |
| |
| message ICcreateAuthChallengeResponse{ |
| Result result = 1; |
| uint64 challenge = 2; |
| } |
| |
| // ICstartRetrieveEntries |
| message ICstartRetrieveEntriesRequest{ |
| } |
| |
| message ICstartRetrieveEntriesResponse{ |
| Result result = 1; |
| } |
| |
| // ICsetAuthToken |
| message ICsetAuthTokenRequest{ |
| uint64 challenge = 1; |
| uint64 secureUserId = 2; |
| uint64 authenticatorId = 3; |
| uint32 hardwareAuthenticatorType = 4; |
| uint64 timeStamp = 5; |
| bytes mac = 6; |
| uint64 verificationTokenChallenge = 7; |
| uint64 verificationTokenTimestamp =8; |
| uint32 verificationTokenSecurityLevel =9; |
| bytes verificationTokenMac = 10; |
| } |
| |
| message ICsetAuthTokenResponse{ |
| Result result = 1; |
| } |
| |
| // ICpushReaderCert |
| message ICpushReaderCertRequest{ |
| bytes x509Cert = 1; |
| uint32 tbsCertificateOffset = 2; |
| uint32 tbsCertificateSize = 3; |
| uint32 signatureOffset = 4; |
| uint32 signatureSize = 5; |
| uint32 publicKeyOffset = 6; |
| uint32 publicKeySize = 7; |
| uint32 signAlg = 8; |
| } |
| |
| message ICpushReaderCertResponse{ |
| Result result = 1; |
| } |
| |
| // ICvalidateAccessControlProfile |
| message ICvalidateAccessControlProfileRequest{ |
| uint32 id = 1; |
| bytes readerCertificate = 2; |
| bool userAuthenticationRequired = 3; |
| uint32 timeoutMillis = 4; |
| uint64 secureUserId = 5; |
| bytes mac = 6; |
| uint32 publicKeyOffset = 7; |
| uint32 publicKeysize = 8; |
| } |
| |
| message ICvalidateAccessControlProfileResponse{ |
| Result result = 1; |
| bool accessGranted = 2; |
| } |
| |
| // ICvalidateRequestMessage |
| message ICvalidateRequestMessageRequest{ |
| bytes sessionTranscript = 1; |
| bytes requestMessage = 2; |
| uint32 coseSignAlg = 3; |
| bytes readerSignatureOfToBeSigned = 4; |
| } |
| |
| message ICvalidateRequestMessageResponse{ |
| Result result = 1; |
| } |
| |
| // ICcalcMacKey |
| message ICcalcMacKeyRequest{ |
| bytes sessionTranscript = 1; |
| bytes readerEphemeralPublicKey = 2; |
| bytes signingKeyBlob = 3; |
| bytes docType = 4; |
| uint32 numNamespacesWithValues = 5; |
| uint32 expectedProofOfProvisioningSize = 6; |
| } |
| |
| message ICcalcMacKeyResponse{ |
| Result result = 1; |
| } |
| |
| // ICstartRetrieveEntryValue |
| message ICstartRetrieveEntryValueRequest{ |
| string nameSpace = 1; |
| string name = 2; |
| uint32 newNamespaceNumEntries = 3; |
| uint32 entrySize = 4; |
| bytes accessControlProfileIds = 5; |
| } |
| |
| message ICstartRetrieveEntryValueResponse{ |
| AccessResult accessCheckResult = 1; |
| uint32 sessionCookie = 2; |
| } |
| |
| // ICretrieveEntryValue |
| message ICretrieveEntryValueRequest{ |
| bytes encryptedContent = 1; |
| string nameSpace = 2; |
| string name = 3; |
| bytes accessControlProfileIds = 4; |
| uint32 sessionCookie = 5; |
| } |
| |
| message ICretrieveEntryValueResponse{ |
| Result result = 1; |
| bytes content = 2; |
| } |
| |
| // ICfinishRetrieval |
| message ICfinishRetrievalRequest{ |
| } |
| |
| message ICfinishRetrievalResponse{ |
| Result result = 1; |
| bytes mac = 2; |
| } |
| |
| // ICdeleteCredential |
| message ICdeleteCredentialRequest{ |
| bytes docType = 1; |
| bytes challenge = 2; |
| bool includeChallenge = 3; |
| uint32 proofOfDeletionCborSize = 4; |
| } |
| |
| message ICdeleteCredentialResponse{ |
| Result result = 1; |
| bytes signatureOfToBeSigned = 2; |
| } |
| |
| // ICproveOwnership |
| message ICproveOwnershipRequest{ |
| bytes docType = 1; |
| bool testCredential = 2; |
| bytes challenge = 3; |
| uint32 proofOfOwnershipCborSize = 4; |
| } |
| |
| message ICproveOwnershipResponse{ |
| Result result = 1; |
| bytes signatureOfToBeSigned = 2; |
| } |
| |
| // GetSessionId |
| message GetSessionIdRequest{ |
| RequestType requestType = 1; |
| } |
| |
| message GetSessionIdResponse{ |
| Result result = 1; |
| uint32 id = 2; |
| } |
| |
| // SessionShutdown |
| message SessionShutdownRequest{ |
| RequestType requestType = 1; |
| } |
| |
| message SessionShutdownResponse{ |
| Result result = 1; |
| } |
| |
| // SessionInitialize |
| message SessionInitializeRequest{ |
| } |
| |
| message SessionInitializeResponse{ |
| Result result = 1; |
| uint64 authChallenge = 2; |
| bytes ephemeralPrivateKey = 3; |
| } |
| |
| // SessionSetReaderEphemeralPublicKey |
| message SessionSetReaderEphemeralPublicKeyRequest{ |
| bytes readerEphemeralPublicKey = 1; |
| } |
| |
| message SessionSetReaderEphemeralPublicKeyResponse{ |
| Result result = 1; |
| } |
| |
| // SessionSetSessionTranscript |
| message SessionSetSessionTranscriptRequest{ |
| bytes sessionTranscript = 1; |
| } |
| |
| message SessionSetSessionTranscriptResponse{ |
| Result result = 1; |
| } |