1/* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17syntax = "proto3"; 18 19package nugget.app.keymaster; 20 21import "nugget/app/keymaster/keymaster_defs.proto"; 22 23message KeyParameter { 24 Tag tag = 1; /* Possible values defined here 25 * ::android::hardware::keymaster::V3_0::Tag 26 */ 27 uint32 integer = 2; 28 uint64 long_integer = 3; 29 bytes blob = 4; 30} 31 32message KeyParameters { 33 repeated KeyParameter params = 1; 34} 35 36message KeyBlob { 37 bytes blob = 1; 38} 39 40message OperationHandle { 41 uint64 handle = 1; 42} 43 44message Certificate { 45 bytes data = 1; 46} 47 48message CertificateChain { 49 repeated Certificate certificates = 1; 50} 51 52message KeyCharacteristics { 53 KeyParameters software_enforced = 1; 54 KeyParameters tee_enforced = 2; 55} 56 57message HmacSharingParameters { 58 bytes seed = 1; 59 bytes nonce = 2; 60} 61 62message HardwareAuthToken { 63 uint64 challenge = 1; 64 uint64 user_id = 2; 65 uint64 authenticator_id = 3; 66 // Deprecated in favor of tag 7. 67 // HardwareAuthenticatorType authenticator_type = 4; 68 uint64 timestamp = 5; 69 bytes mac = 6; 70 uint32 authenticator_type = 7; 71} 72 73message VerificationToken { 74 uint64 challenge = 1; 75 uint64 timestamp = 2; 76 KeyParameters params_verified = 3; 77 SecurityLevel security_level = 4; 78 bytes mac = 5; 79} 80 81/* 82 * Internal types. 83 */ 84message RSAKey { 85 uint32 e = 1; 86 bytes d = 2; 87 bytes n = 3; 88} 89 90message ECKey { 91 /* TODO: should this be EcCurve. */ 92 uint32 curve_id = 1; 93 bytes d = 2; 94 bytes x = 3; 95 bytes y = 4; 96} 97 98message SymmetricKey { 99 bytes material = 1; 100} 101 102enum PresharedSecretStatus { 103 NOT_SET = 0; 104 ALREADY_SET = 1; 105} 106 107enum AttestationSelector { 108 ATTEST_TEST = 0; 109 ATTEST_BATCH = 1; 110 ATTEST_INDIVIDUAL = 2; 111} 112