aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBill Richardson <wfrichar@google.com>2021-04-20 18:26:55 -0500
committerBill Richardson <wfrichar@google.com>2021-04-20 18:26:55 -0500
commit717b7356710e188ddaed9aa2838a51d7dc1a5a96 (patch)
tree28d2332eb47ec1fb2be536150b2a87b850008fb5
parentedbbb4737c0ae25f2af013f0ef21e39a1f822952 (diff)
parent467e3ad09b4d10e9c988c1426678be584f3d1936 (diff)
downloadgeneric-717b7356710e188ddaed9aa2838a51d7dc1a5a96.tar.gz
Merge remote-tracking branch 'goog/upstream-master' into D2-SC-020
* goog/upstream-master: keymint: Add new Tag and KeyPurpose Bug: 161929178 Test: release tests, QMC Change-Id: Iaca4488cdcccbc9dab3cc07b647c408af855e495
Diffstat
-rw-r--r--nugget/proto/nugget/app/keymaster/keymaster.options3
-rw-r--r--nugget/proto/nugget/app/keymaster/keymaster.proto12
-rw-r--r--nugget/proto/nugget/app/keymaster/keymaster_defs.proto8
-rw-r--r--nugget/proto/nugget/app/keymaster/keymaster_types.proto2
4 files changed, 19 insertions, 6 deletions
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.options b/nugget/proto/nugget/app/keymaster/keymaster.options
index ad3a0a1..be1a236 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.options
+++ b/nugget/proto/nugget/app/keymaster/keymaster.options
@@ -15,6 +15,7 @@ nugget.app.keymaster.GetBootInfoResponse.boot_hash max_size:32
nugget.app.keymaster.ProvisionPresharedSecretRequest.preshared_secret max_size:32
nugget.app.keymaster.StartAttestKeyRequest.not_before max_size:15
nugget.app.keymaster.StartAttestKeyRequest.not_after max_size:15
+nugget.app.keymaster.StartAttestKeyRequest.caller_issuer_subj_name max_size:64
nugget.app.keymaster.ProvisionPresharedSecretResponse.digest max_size:32
nugget.app.keymaster.ProvisionCertificatesRequest.cert_block max_size: 1024
-nugget.app.keymaster.ProvisionCertificatesRequest.digest max_size: 32 \ No newline at end of file
+nugget.app.keymaster.ProvisionCertificatesRequest.digest max_size: 32
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto
index 0a11349..e6fec75 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster.proto
@@ -210,8 +210,10 @@ message StartAttestKeyRequest {
KeyParameters params = 2;
uint32 attestation_app_id_len = 3;
AttestationSelector selector = 4;
- bytes not_before = 5; // strftime('%y%m%d%H%M%SZ') [13 octects]
- bytes not_after = 6; // strftime('%y%m%d%H%M%SZ') [13 octects]
+ bytes not_before = 5; // strftime('%Y%m%d%H%M%SZ') [15 octects]
+ bytes not_after = 6; // strftime('%Y%m%d%H%M%SZ') [15 octects]
+ bytes caller_issuer_subj_name = 7;
+ KeyParameters caller_key_params = 8;
}
message StartAttestKeyResponse {
ErrorCode error_code = 1;
@@ -233,6 +235,8 @@ message ContinueAttestKeyResponse {
// FinishAttestKeyRequest
message FinishAttestKeyRequest {
OperationHandle handle = 1;
+ KeyBlob caller_blob = 2;
+ KeyParameters caller_key_params = 3;
}
message FinishAttestKeyResponse {
ErrorCode error_code = 1;
@@ -538,8 +542,8 @@ message IdentityStartAttestKeyRequest {
KeyParameters params = 2;
uint32 attestation_app_id_len = 3;
AttestationSelector selector = 4;
- bytes not_before = 5; // strftime('%y%m%d%H%M%SZ') [13 octects]
- bytes not_after = 6; // strftime('%y%m%d%H%M%SZ') [13 octects]
+ bytes not_before = 5; // strftime('%y%m%d%H%M%SZ') [15 octects]
+ bytes not_after = 6; // strftime('%y%m%d%H%M%SZ') [15 octects]
uint64 creation_time_ms = 7; // Rough current time (ms since epoch).
bool use_km_attest_key = 8;
}
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
index 15f655c..719215e 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
@@ -51,6 +51,7 @@ enum Tag {
RSA_PUBLIC_EXPONENT = 0x500c8; // (TagType:ULONG | 200)
/* RESERVED: ECIES_SINGLE_HASH_MODE = 0x700c9; // (TagType:BOOL | 201) */
INCLUDE_UNIQUE_ID = 0x700ca; // (TagType:BOOL | 202)
+ RSA_OAEP_MGF_DIGEST = 0x200cb; // (TagType:ENUM_REP | 203)
BLOB_USAGE_REQUIREMENTS = 0x1012d; // (TagType:ENUM | 301)
BOOTLOADER_ONLY = 0x7012e; // (TagType:BOOL | 302)
ROLLBACK_RESISTANCE = 0x7012f; // (TagType:BOOL | 303)
@@ -61,6 +62,7 @@ enum Tag {
USAGE_EXPIRE_DATETIME = 0x60192; // (TagType:DATE | 402)
MIN_SECONDS_BETWEEN_OPS = 0x30193; // (TagType:UINT | 403)
MAX_USES_PER_BOOT = 0x30194; // (TagType:UINT | 404)
+ USAGE_COUNT_LIMIT = 0x30195; // (TagType:UINT | 405)
/* RESERVED: ALL_USERS = 0x701f4; // (TagType:BOOL | 500) */
USER_ID = 0x301f5; // (TagType:UINT | 501)
USER_SECURE_ID = 0xa01f6; // (TagType:ULONG_REP | 502)
@@ -173,7 +175,9 @@ enum KeyPurpose {
VERIFY = 3;
/* RESERVED: DERIVE_KEY = 4; */
WRAP_KEY = 5;
- PURPOSE_MAX = 6;
+ AGREE_KEY = 6;
+ ATTEST_KEY = 7;
+ PURPOSE_MAX = 8;
};
enum ErrorCode {
@@ -259,6 +263,8 @@ enum ErrorCode {
ATTESTATION_IDS_NOT_PROVISIONED = 79;
INVALID_OPERATION = 80;
STORAGE_KEY_UNSUPPORTED = 81;
+ INCOMPATIBLE_MGF_DIGEST = 82;
+ UNSUPPORTED_MGF_DIGEST = 83;
};
enum SecurityLevel {
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.proto b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
index 2689498..4a66d4e 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_types.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
@@ -108,6 +108,8 @@ enum AttestationSelector {
ATTEST_TEST = 0;
ATTEST_BATCH = 1;
ATTEST_INDIVIDUAL = 2;
+ ATTEST_SELF = 3;
+ ATTEST_CALLER = 4;
}
message VigoKey {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-08 21:17:02 +0000