diff options
author | Bill Richardson <wfrichar@google.com> | 2021-04-20 18:26:55 -0500 |
---|---|---|
committer | Bill Richardson <wfrichar@google.com> | 2021-04-20 18:26:55 -0500 |
commit | 717b7356710e188ddaed9aa2838a51d7dc1a5a96 (patch) | |
tree | 28d2332eb47ec1fb2be536150b2a87b850008fb5 | |
parent | edbbb4737c0ae25f2af013f0ef21e39a1f822952 (diff) | |
parent | 467e3ad09b4d10e9c988c1426678be584f3d1936 (diff) | |
download | generic-717b7356710e188ddaed9aa2838a51d7dc1a5a96.tar.gz |
Merge remote-tracking branch 'goog/upstream-master' into D2-SC-020
* goog/upstream-master:
keymint: Add new Tag and KeyPurpose
Bug: 161929178
Test: release tests, QMC
Change-Id: Iaca4488cdcccbc9dab3cc07b647c408af855e495
4 files changed, 19 insertions, 6 deletions
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.options b/nugget/proto/nugget/app/keymaster/keymaster.options index ad3a0a1..be1a236 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster.options +++ b/nugget/proto/nugget/app/keymaster/keymaster.options @@ -15,6 +15,7 @@ nugget.app.keymaster.GetBootInfoResponse.boot_hash max_size:32 nugget.app.keymaster.ProvisionPresharedSecretRequest.preshared_secret max_size:32 nugget.app.keymaster.StartAttestKeyRequest.not_before max_size:15 nugget.app.keymaster.StartAttestKeyRequest.not_after max_size:15 +nugget.app.keymaster.StartAttestKeyRequest.caller_issuer_subj_name max_size:64 nugget.app.keymaster.ProvisionPresharedSecretResponse.digest max_size:32 nugget.app.keymaster.ProvisionCertificatesRequest.cert_block max_size: 1024 -nugget.app.keymaster.ProvisionCertificatesRequest.digest max_size: 32
\ No newline at end of file +nugget.app.keymaster.ProvisionCertificatesRequest.digest max_size: 32 diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto index 0a11349..e6fec75 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster.proto +++ b/nugget/proto/nugget/app/keymaster/keymaster.proto @@ -210,8 +210,10 @@ message StartAttestKeyRequest { KeyParameters params = 2; uint32 attestation_app_id_len = 3; AttestationSelector selector = 4; - bytes not_before = 5; // strftime('%y%m%d%H%M%SZ') [13 octects] - bytes not_after = 6; // strftime('%y%m%d%H%M%SZ') [13 octects] + bytes not_before = 5; // strftime('%Y%m%d%H%M%SZ') [15 octects] + bytes not_after = 6; // strftime('%Y%m%d%H%M%SZ') [15 octects] + bytes caller_issuer_subj_name = 7; + KeyParameters caller_key_params = 8; } message StartAttestKeyResponse { ErrorCode error_code = 1; @@ -233,6 +235,8 @@ message ContinueAttestKeyResponse { // FinishAttestKeyRequest message FinishAttestKeyRequest { OperationHandle handle = 1; + KeyBlob caller_blob = 2; + KeyParameters caller_key_params = 3; } message FinishAttestKeyResponse { ErrorCode error_code = 1; @@ -538,8 +542,8 @@ message IdentityStartAttestKeyRequest { KeyParameters params = 2; uint32 attestation_app_id_len = 3; AttestationSelector selector = 4; - bytes not_before = 5; // strftime('%y%m%d%H%M%SZ') [13 octects] - bytes not_after = 6; // strftime('%y%m%d%H%M%SZ') [13 octects] + bytes not_before = 5; // strftime('%y%m%d%H%M%SZ') [15 octects] + bytes not_after = 6; // strftime('%y%m%d%H%M%SZ') [15 octects] uint64 creation_time_ms = 7; // Rough current time (ms since epoch). bool use_km_attest_key = 8; } diff --git a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto index 15f655c..719215e 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto +++ b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto @@ -51,6 +51,7 @@ enum Tag { RSA_PUBLIC_EXPONENT = 0x500c8; // (TagType:ULONG | 200) /* RESERVED: ECIES_SINGLE_HASH_MODE = 0x700c9; // (TagType:BOOL | 201) */ INCLUDE_UNIQUE_ID = 0x700ca; // (TagType:BOOL | 202) + RSA_OAEP_MGF_DIGEST = 0x200cb; // (TagType:ENUM_REP | 203) BLOB_USAGE_REQUIREMENTS = 0x1012d; // (TagType:ENUM | 301) BOOTLOADER_ONLY = 0x7012e; // (TagType:BOOL | 302) ROLLBACK_RESISTANCE = 0x7012f; // (TagType:BOOL | 303) @@ -61,6 +62,7 @@ enum Tag { USAGE_EXPIRE_DATETIME = 0x60192; // (TagType:DATE | 402) MIN_SECONDS_BETWEEN_OPS = 0x30193; // (TagType:UINT | 403) MAX_USES_PER_BOOT = 0x30194; // (TagType:UINT | 404) + USAGE_COUNT_LIMIT = 0x30195; // (TagType:UINT | 405) /* RESERVED: ALL_USERS = 0x701f4; // (TagType:BOOL | 500) */ USER_ID = 0x301f5; // (TagType:UINT | 501) USER_SECURE_ID = 0xa01f6; // (TagType:ULONG_REP | 502) @@ -173,7 +175,9 @@ enum KeyPurpose { VERIFY = 3; /* RESERVED: DERIVE_KEY = 4; */ WRAP_KEY = 5; - PURPOSE_MAX = 6; + AGREE_KEY = 6; + ATTEST_KEY = 7; + PURPOSE_MAX = 8; }; enum ErrorCode { @@ -259,6 +263,8 @@ enum ErrorCode { ATTESTATION_IDS_NOT_PROVISIONED = 79; INVALID_OPERATION = 80; STORAGE_KEY_UNSUPPORTED = 81; + INCOMPATIBLE_MGF_DIGEST = 82; + UNSUPPORTED_MGF_DIGEST = 83; }; enum SecurityLevel { diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.proto b/nugget/proto/nugget/app/keymaster/keymaster_types.proto index 2689498..4a66d4e 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster_types.proto +++ b/nugget/proto/nugget/app/keymaster/keymaster_types.proto @@ -108,6 +108,8 @@ enum AttestationSelector { ATTEST_TEST = 0; ATTEST_BATCH = 1; ATTEST_INDIVIDUAL = 2; + ATTEST_SELF = 3; + ATTEST_CALLER = 4; } message VigoKey { |