diff options
author | felobato <felobato@google.com> | 2021-10-29 10:44:11 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2021-10-29 10:44:54 -0700 |
commit | 6cdf0d08bfeb5c0187a82098422545d7095b3cce (patch) | |
tree | a4556c706efac9f25f3cb4044674478375ebf582 /proto | |
parent | 717bd219334731ca9e01645ef84d3458b152ffbd (diff) | |
download | tink-6cdf0d08bfeb5c0187a82098422545d7095b3cce.tar.gz |
TPM AES HMAC AEAD Protos
PiperOrigin-RevId: 406392103
Diffstat (limited to 'proto')
-rw-r--r-- | proto/BUILD.bazel | 20 | ||||
-rw-r--r-- | proto/CMakeLists.txt | 15 | ||||
-rw-r--r-- | proto/tpm_aes.proto | 51 | ||||
-rw-r--r-- | proto/tpm_aes_hmac_aead.proto | 36 | ||||
-rw-r--r-- | proto/tpm_common.proto | 19 | ||||
-rw-r--r-- | proto/tpm_hmac.proto | 9 |
6 files changed, 142 insertions, 8 deletions
diff --git a/proto/BUILD.bazel b/proto/BUILD.bazel index dfd834844..b79d3a657 100644 --- a/proto/BUILD.bazel +++ b/proto/BUILD.bazel @@ -413,6 +413,26 @@ proto_library( ], ) +# ---------------------------------------------------------------------------- +# TPM AEAD +# ---------------------------------------------------------------------------- +proto_library( + name = "tpm_aes_proto", + srcs = ["tpm_aes.proto"], + visibility = ["//visibility:public"], + deps = [":tpm_common_proto"], +) + +proto_library( + name = "tpm_aes_hmac_aead_proto", + srcs = ["tpm_aes_hmac_aead.proto"], + visibility = ["//visibility:public"], + deps = [ + ":tpm_aes_proto", + ":tpm_hmac_proto", + ], +) + # ----------------------------------------------- # empty # ----------------------------------------------- diff --git a/proto/CMakeLists.txt b/proto/CMakeLists.txt index 24edf26a3..cceb66a28 100644 --- a/proto/CMakeLists.txt +++ b/proto/CMakeLists.txt @@ -203,6 +203,21 @@ tink_cc_proto( ) tink_cc_proto( + NAME tpm_aes_cc_proto + SRCS tpm_aes.proto + DEPS + tink::proto::tpm_commom_cc_proto +) + +tink_cc_proto( + NAME tpm_aes_hmac_aead_proto + SRCS tpm_aes_hmac_aead.proto + DEPS + tink::proto::tpm_aes_cc_proto + tink::proto::tpm_hmac_cc_proto +) + +tink_cc_proto( NAME empty_cc_proto SRCS empty.proto ) diff --git a/proto/tpm_aes.proto b/proto/tpm_aes.proto new file mode 100644 index 000000000..922fc6d16 --- /dev/null +++ b/proto/tpm_aes.proto @@ -0,0 +1,51 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +syntax = "proto3"; + +package google.crypto.tink; + +import "proto/tpm_common.proto"; + +option go_package = "github.com/google/tink/proto/tpm_aes_go_proto"; + +message TpmAesKeyParams { + TpmObjectAuthPolicy auth_policy = 1; + + enum Mode { + MODE_UNSPECIFIED = 0; + // Cipher Feedback Mode - default TPM block cipher mode of operation. + MODE_CFB = 1; + // Counter mode of operation. + MODE_CTR = 2; + } + Mode mode = 2; + + TpmHierarchy key_hierarchy = 3; +} + +// key_type: type.googleapis.com/google.crypto.tink.TpmAesKey +// TpmAesKey is TPM Restricted Storage key used for sealing blobs of data. +message TpmAesKey { + uint32 version = 1; + TpmAesKeyParams params = 2; + TpmPrimaryKey primary_key = 3; +} + +message TpmAesKeyFormat { + uint32 key_size = 1; + TpmAesKeyParams params = 2; +} diff --git a/proto/tpm_aes_hmac_aead.proto b/proto/tpm_aes_hmac_aead.proto new file mode 100644 index 000000000..790aa2318 --- /dev/null +++ b/proto/tpm_aes_hmac_aead.proto @@ -0,0 +1,36 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +syntax = "proto3"; + +package google.crypto.tink; + +import "proto/tpm_aes.proto"; +import "proto/tpm_hmac.proto"; + +option go_package = "github.com/google/tink/proto/tpm_aes_hmac_aead_go_proto"; + +message TpmAesHmacAeadKeyFormat { + TpmAesKeyFormat tpm_aes_key_format = 1; + TpmHmacKeyFormat tpm_hmac_key_format = 2; +} + +// key_type: type.googleapis.com/google.crypto.tink.TpmAesHmacAeadKey +message TpmAesHmacAeadKey { + uint32 version = 1; + TpmAesKey tpm_aes_key = 2; + TpmHmacKey tpm_hmac_key = 3; +} diff --git a/proto/tpm_common.proto b/proto/tpm_common.proto index 740b77988..1488dd335 100644 --- a/proto/tpm_common.proto +++ b/proto/tpm_common.proto @@ -20,7 +20,7 @@ package google.crypto.tink; import "proto/common.proto"; -option go_package = "github.com/google/tink/proto/tpm_common"; +option go_package = "github.com/google/tink/proto/tpm_common_go_proto"; message TpmObjectAuthPolicy { bool password_required = 1; @@ -38,9 +38,22 @@ message TpmObjectAuthPolicy { repeated Pcr pcrs = 2; } -// Defines the public parameters needed to re-create a Storage Key in the TPM. -// The public template is a marshaled TPM2B_PUBLIC structure +// Defines the public parameters needed to re-create a Storage Primary Key in +// the TPM. The public_template is a marshaled TPM2B_PUBLIC structure // (https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part2_Structures_pub.pdf#page=160). message TpmPrimaryKey { bytes public_template = 1; } + +// A Hierarchy is a collection of entities that are related and managed as a +// group. All primary objects in the TPM are places under one of the following +// hierarchies. +enum TpmHierarchy { + HIERARCHY_UNSPECIFIED = 0; + // TPM (reserved handle) hierarchy for platform owner. + HIERARCHY_OWNER = 1; + // TPM (reserved handle) hierarchy for platform manufacter. + HIERARCHY_PLATFORM = 2; + // TPM (reserved handle) hierarchy for privacy administration. + HIERARCHY_ENDORSEMENT = 3; +} diff --git a/proto/tpm_hmac.proto b/proto/tpm_hmac.proto index cf79abe1c..b0ca05694 100644 --- a/proto/tpm_hmac.proto +++ b/proto/tpm_hmac.proto @@ -18,15 +18,15 @@ syntax = "proto3"; package google.crypto.tink; -import "proto/tpm_common.proto"; import "proto/hmac.proto"; +import "proto/tpm_common.proto"; -option go_package = "github.com/google/tink/proto/tpm_hmac"; +option go_package = "github.com/google/tink/proto/tpm_hmac_go_proto"; message TpmHmacParams { HmacParams hmac_params = 1; TpmObjectAuthPolicy auth_policy = 2; - repeated TpmPrimaryKey parents = 3; + TpmHierarchy key_hierarchy = 3; } // key_type: type.googleapis.com/google.crypto.tink.TpmHmacKey @@ -35,11 +35,10 @@ message TpmHmacKey { TpmHmacParams params = 2; bytes wrapped_key = 3; bytes public_template = 4; + repeated TpmPrimaryKey parents = 5; } message TpmHmacKeyFormat { uint32 version = 1; TpmHmacParams params = 2; } - - |