TPM AES HMAC AEAD Protos

PiperOrigin-RevId: 406392103
author: felobato <felobato@google.com> 2021-10-29 10:44:11 -0700
committer: Copybara-Service <copybara-worker@google.com> 2021-10-29 10:44:54 -0700
commit: 6cdf0d08bfeb5c0187a82098422545d7095b3cce (patch)
tree: a4556c706efac9f25f3cb4044674478375ebf582 /proto
parent: 717bd219334731ca9e01645ef84d3458b152ffbd (diff)
download: tink-6cdf0d08bfeb5c0187a82098422545d7095b3cce.tar.gz
6 files changed, 142 insertions, 8 deletions
diff --git a/proto/BUILD.bazel b/proto/BUILD.bazel
index dfd834844..b79d3a657 100644
--- a/proto/BUILD.bazel
+++ b/proto/BUILD.bazel
@@ -413,6 +413,26 @@ proto_library(
     ],
 )
 
+# ----------------------------------------------------------------------------
+# TPM AEAD
+# ----------------------------------------------------------------------------
+proto_library(
+    name = "tpm_aes_proto",
+    srcs = ["tpm_aes.proto"],
+    visibility = ["//visibility:public"],
+    deps = [":tpm_common_proto"],
+)
+
+proto_library(
+    name = "tpm_aes_hmac_aead_proto",
+    srcs = ["tpm_aes_hmac_aead.proto"],
+    visibility = ["//visibility:public"],
+    deps = [
+        ":tpm_aes_proto",
+        ":tpm_hmac_proto",
+    ],
+)
+
 # -----------------------------------------------
 # empty
 # -----------------------------------------------
diff --git a/proto/CMakeLists.txt b/proto/CMakeLists.txt
index 24edf26a3..cceb66a28 100644
--- a/proto/CMakeLists.txt
+++ b/proto/CMakeLists.txt
@@ -203,6 +203,21 @@ tink_cc_proto(
 )
 
 tink_cc_proto(
+    NAME tpm_aes_cc_proto
+    SRCS tpm_aes.proto
+    DEPS
+      tink::proto::tpm_commom_cc_proto
+)
+
+tink_cc_proto(
+    NAME tpm_aes_hmac_aead_proto
+    SRCS tpm_aes_hmac_aead.proto
+    DEPS
+        tink::proto::tpm_aes_cc_proto
+        tink::proto::tpm_hmac_cc_proto
+)
+
+tink_cc_proto(
   NAME empty_cc_proto
   SRCS empty.proto
 )
diff --git a/proto/tpm_aes.proto b/proto/tpm_aes.proto
new file mode 100644
index 000000000..922fc6d16
--- /dev/null
+++ b/proto/tpm_aes.proto
@@ -0,0 +1,51 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+syntax = "proto3";
+
+package google.crypto.tink;
+
+import "proto/tpm_common.proto";
+
+option go_package = "github.com/google/tink/proto/tpm_aes_go_proto";
+
+message TpmAesKeyParams {
+  TpmObjectAuthPolicy auth_policy = 1;
+
+  enum Mode {
+    MODE_UNSPECIFIED = 0;
+    // Cipher Feedback Mode - default TPM block cipher mode of operation.
+    MODE_CFB = 1;
+    // Counter mode of operation.
+    MODE_CTR = 2;
+  }
+  Mode mode = 2;
+
+  TpmHierarchy key_hierarchy = 3;
+}
+
+// key_type: type.googleapis.com/google.crypto.tink.TpmAesKey
+// TpmAesKey is TPM Restricted Storage key used for sealing blobs of data.
+message TpmAesKey {
+  uint32 version = 1;
+  TpmAesKeyParams params = 2;
+  TpmPrimaryKey primary_key = 3;
+}
+
+message TpmAesKeyFormat {
+  uint32 key_size = 1;
+  TpmAesKeyParams params = 2;
+}
diff --git a/proto/tpm_aes_hmac_aead.proto b/proto/tpm_aes_hmac_aead.proto
new file mode 100644
index 000000000..790aa2318
--- /dev/null
+++ b/proto/tpm_aes_hmac_aead.proto
@@ -0,0 +1,36 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+syntax = "proto3";
+
+package google.crypto.tink;
+
+import "proto/tpm_aes.proto";
+import "proto/tpm_hmac.proto";
+
+option go_package = "github.com/google/tink/proto/tpm_aes_hmac_aead_go_proto";
+
+message TpmAesHmacAeadKeyFormat {
+  TpmAesKeyFormat tpm_aes_key_format = 1;
+  TpmHmacKeyFormat tpm_hmac_key_format = 2;
+}
+
+// key_type: type.googleapis.com/google.crypto.tink.TpmAesHmacAeadKey
+message TpmAesHmacAeadKey {
+  uint32 version = 1;
+  TpmAesKey tpm_aes_key = 2;
+  TpmHmacKey tpm_hmac_key = 3;
+}
diff --git a/proto/tpm_common.proto b/proto/tpm_common.proto
index 740b77988..1488dd335 100644
--- a/proto/tpm_common.proto
+++ b/proto/tpm_common.proto
@@ -20,7 +20,7 @@ package google.crypto.tink;
 
 import "proto/common.proto";
 
-option go_package = "github.com/google/tink/proto/tpm_common";
+option go_package = "github.com/google/tink/proto/tpm_common_go_proto";
 
 message TpmObjectAuthPolicy {
   bool password_required = 1;
@@ -38,9 +38,22 @@ message TpmObjectAuthPolicy {
   repeated Pcr pcrs = 2;
 }
 
-// Defines the public parameters needed to re-create a Storage Key in the TPM.
-// The public template is a marshaled TPM2B_PUBLIC structure
+// Defines the public parameters needed to re-create a Storage Primary Key in
+// the TPM. The public_template is a marshaled TPM2B_PUBLIC structure
 // (https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part2_Structures_pub.pdf#page=160).
 message TpmPrimaryKey {
   bytes public_template = 1;
 }
+
+// A Hierarchy is a collection of entities that are related and managed as a
+// group. All primary objects in the TPM are places under one of the following
+// hierarchies.
+enum TpmHierarchy {
+  HIERARCHY_UNSPECIFIED = 0;
+  // TPM (reserved handle) hierarchy for platform owner.
+  HIERARCHY_OWNER = 1;
+  // TPM (reserved handle) hierarchy for platform manufacter.
+  HIERARCHY_PLATFORM = 2;
+  // TPM (reserved handle) hierarchy for privacy administration.
+  HIERARCHY_ENDORSEMENT = 3;
+}
diff --git a/proto/tpm_hmac.proto b/proto/tpm_hmac.proto
index cf79abe1c..b0ca05694 100644
--- a/proto/tpm_hmac.proto
+++ b/proto/tpm_hmac.proto
@@ -18,15 +18,15 @@ syntax = "proto3";
 
 package google.crypto.tink;
 
-import "proto/tpm_common.proto";
 import "proto/hmac.proto";
+import "proto/tpm_common.proto";
 
-option go_package = "github.com/google/tink/proto/tpm_hmac";
+option go_package = "github.com/google/tink/proto/tpm_hmac_go_proto";
 
 message TpmHmacParams {
   HmacParams hmac_params = 1;
   TpmObjectAuthPolicy auth_policy = 2;
-  repeated TpmPrimaryKey parents = 3;
+  TpmHierarchy key_hierarchy = 3;
 }
 
 // key_type: type.googleapis.com/google.crypto.tink.TpmHmacKey
@@ -35,11 +35,10 @@ message TpmHmacKey {
   TpmHmacParams params = 2;
   bytes wrapped_key = 3;
   bytes public_template = 4;
+  repeated TpmPrimaryKey parents = 5;
 }
 
 message TpmHmacKeyFormat {
   uint32 version = 1;
   TpmHmacParams params = 2;
 }
-
-
author	felobato <felobato@google.com>	2021-10-29 10:44:11 -0700
committer	Copybara-Service <copybara-worker@google.com>	2021-10-29 10:44:54 -0700
commit	6cdf0d08bfeb5c0187a82098422545d7095b3cce (patch)
tree	a4556c706efac9f25f3cb4044674478375ebf582 /proto
parent	717bd219334731ca9e01645ef84d3458b152ffbd (diff)
download	tink-6cdf0d08bfeb5c0187a82098422545d7095b3cce.tar.gz