keymint: Proto definition of IRemotelyProvisionedComponent

Bug: 203037043
Change-Id: Ib9c2b819df6d80641097d87a7081d7e6bb1222de
Reviewed-on: https://nugget-os-review.googlesource.com/c/host/generic/+/48885
Tested-by: Tommy Chiu <tommychiu@google.com>
Reviewed-by: Tommy Chiu <tommychiu@google.com>
Reviewed-by: Brian Murray <brianjmurray@google.com>
Presubmit-Verified: TreeHugger Robot <android-build-prod@system.gserviceaccount.com>
Autosubmit: Tommy Chiu <tommychiu@google.com>

4 files changed, 43 insertions, 1 deletions

diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto
index 1cb50bd..430cec2 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster.proto
@@ -143,6 +143,12 @@ service Keymaster {
    */
   rpc GetPerFactoryResetValue(GetPerFactoryResetValueRequest) returns (GetPerFactoryResetValueResponse);
 
+  /*
+   * RKP implementation
+   */
+  rpc GenerateRkpKey(GenerateRkpKeyRequest) returns (GenerateRkpKeyResponse);
+  rpc GenerateRkpCsr(GenerateRkpCsrRequest) returns (GenerateRkpCsrResponse);
+
   // These are implemented with a enum, so new RPCs must be appended, and
   // deprecated RPCs need placeholders.
 }
@@ -575,8 +581,31 @@ message GetPerFactoryResetValueRequest {
   bool bootloader_only = 1;
   bytes input = 2;
 }
-
 message GetPerFactoryResetValueResponse {
   ErrorCode error_code = 1;
   bytes output = 2;
 }
+
+// RKP messages
+message GenerateRkpKeyRequest{
+  bool test_mode = 1;
+  KeyParameters params = 2;
+  KeyBlob blob = 3;
+}
+message GenerateRkpKeyResponse{
+  ErrorCode error_code = 1;
+  bytes maced_public_key = 2;
+}
+
+message GenerateRkpCsrRequest{
+  bool test_mode = 1;
+  KeysToSign keys_to_sign = 2;
+  bytes endpoint_enc_cert_chain = 3;
+  bytes challenge = 4;
+}
+message GenerateRkpCsrResponse{
+  ErrorCode error_code = 1;
+  bytes keys_to_sign_mac = 2;
+  bytes device_info_blob = 3;
+  bytes protected_data_blob = 4;
+}
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
index da597b1..66d1801 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
@@ -267,6 +267,10 @@ enum ErrorCode {
   STORAGE_KEY_UNSUPPORTED = 81;
   INCOMPATIBLE_MGF_DIGEST = 82;
   UNSUPPORTED_MGF_DIGEST = 83;
+  INVALID_MAC = 84;                       // RKP specific.
+  PRODUCTION_KEY_IN_TEST_REQUEST = 85;    // RKP specific.
+  TEST_KEY_IN_PRODUCTION_REQUEST = 86;    // RKP specific.
+  INVALID_EEK = 87;                       // RKP specific.
 };
 
 enum SecurityLevel {
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.options b/nugget/proto/nugget/app/keymaster/keymaster_types.options
index 02853bc..417e181 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_types.options
+++ b/nugget/proto/nugget/app/keymaster/keymaster_types.options
@@ -9,3 +9,4 @@ nugget.app.keymaster.VigoSignature.s max_size:32
 nugget.app.keymaster.VigoSecret.material max_size:32
 nugget.app.keymaster.VigoSecret.iv max_size:16
 nugget.app.keymaster.VigoSecret.tag max_size:16
+nugget.app.keymaster.KeysToSign.keys max_count:20
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_types.proto b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
index 4a66d4e..1a4c539 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_types.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_types.proto
@@ -126,3 +126,11 @@ message VigoSecret {
   bytes iv = 2;
   bytes tag = 3;
 }
+
+message MacedKey{
+  bytes blob = 1;
+}
+
+message KeysToSign {
+  repeated MacedKey keys = 1;
+}