Merge remote-tracking branch 'goog/upstream-master' into D2-TM-005
* goog/upstream-master:
keymint: Proto definition of IRemotelyProvisionedComponent
Change-Id: I3955f0be6db9a83a34b76876b8b91b38e160d1eb
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto
index 1cb50bd..430cec2 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster.proto
@@ -143,6 +143,12 @@
*/
rpc GetPerFactoryResetValue(GetPerFactoryResetValueRequest) returns (GetPerFactoryResetValueResponse);
+ /*
+ * RKP implementation
+ */
+ rpc GenerateRkpKey(GenerateRkpKeyRequest) returns (GenerateRkpKeyResponse);
+ rpc GenerateRkpCsr(GenerateRkpCsrRequest) returns (GenerateRkpCsrResponse);
+
// These are implemented with a enum, so new RPCs must be appended, and
// deprecated RPCs need placeholders.
}
@@ -575,8 +581,31 @@
bool bootloader_only = 1;
bytes input = 2;
}
-
message GetPerFactoryResetValueResponse {
ErrorCode error_code = 1;
bytes output = 2;
}
+
+// RKP messages
+message GenerateRkpKeyRequest{
+ bool test_mode = 1;
+ KeyParameters params = 2;
+ KeyBlob blob = 3;
+}
+message GenerateRkpKeyResponse{
+ ErrorCode error_code = 1;
+ bytes maced_public_key = 2;
+}
+
+message GenerateRkpCsrRequest{
+ bool test_mode = 1;
+ KeysToSign keys_to_sign = 2;
+ bytes endpoint_enc_cert_chain = 3;
+ bytes challenge = 4;
+}
+message GenerateRkpCsrResponse{
+ ErrorCode error_code = 1;
+ bytes keys_to_sign_mac = 2;
+ bytes device_info_blob = 3;
+ bytes protected_data_blob = 4;
+}
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
index da597b1..66d1801 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
@@ -267,6 +267,10 @@
STORAGE_KEY_UNSUPPORTED = 81;
INCOMPATIBLE_MGF_DIGEST = 82;
UNSUPPORTED_MGF_DIGEST = 83;
+ INVALID_MAC = 84; // RKP specific.
+ PRODUCTION_KEY_IN_TEST_REQUEST = 85; // RKP specific.
+ TEST_KEY_IN_PRODUCTION_REQUEST = 86; // RKP specific.
+ INVALID_EEK = 87; // RKP specific.
};
enum SecurityLevel {
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.options b/nugget/proto/nugget/app/keymaster/keymaster_types.options
index 02853bc..417e181 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_types.options
+++ b/nugget/proto/nugget/app/keymaster/keymaster_types.options
@@ -9,3 +9,4 @@
nugget.app.keymaster.VigoSecret.material max_size:32
nugget.app.keymaster.VigoSecret.iv max_size:16
nugget.app.keymaster.VigoSecret.tag max_size:16
+nugget.app.keymaster.KeysToSign.keys max_count:20
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.proto b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
index 4a66d4e..1a4c539 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_types.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
@@ -126,3 +126,11 @@
bytes iv = 2;
bytes tag = 3;
}
+
+message MacedKey{
+ bytes blob = 1;
+}
+
+message KeysToSign {
+ repeated MacedKey keys = 1;
+}