1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17syntax = "proto3";
18
19package nugget.app.keymaster.ctdl;
20
21/*
22 * Minimal type definitions required for building protos.  Sourced from:
23 *     ::android::hardware::keymaster::V3_0
24 */
25enum TagType {
26  TAG_TYPE_INVALID = 0x0;  /* 0 << 16 */
27  ENUM = 0x10000;          /* 1 << 16 */
28  ENUM_REP = 0x20000;      /* 2 << 16 */
29  UINT = 0x30000;          /* 3 << 16 */
30  UINT_REP = 0x40000;      /* 4 << 16 */
31  ULONG = 0x50000;         /* 5 << 16 */
32  DATE = 0x60000;          /* 6 << 16 */
33  BOOL = 0x70000;          /* 7 << 16 */
34  BIGNUM_ = 0x80000;       /* 8 << 16 */
35  BYTES = 0x90000;         /* 9 << 16 */
36  ULONG_REP = 0xA0000;     /* 10 << 16 */
37};
38
39enum Tag {
40  TAG_INVALID = 0; // (TagType:INVALID | 0)
41  PURPOSE = 0x20001; // (TagType:ENUM_REP | 1)
42  ALGORITHM = 0x10002; // (TagType:ENUM | 2)
43  KEY_SIZE = 0x30003; // (TagType:UINT | 3)
44  BLOCK_MODE = 0x20004; // (TagType:ENUM_REP | 4)
45  DIGEST = 0x20005; // (TagType:ENUM_REP | 5)
46  PADDING = 0x20006; // (TagType:ENUM_REP | 6)
47  CALLER_NONCE = 0x70007; // (TagType:BOOL | 7)
48  MIN_MAC_LENGTH = 0x30008; // (TagType:UINT | 8)
49  /* RESERVED: KDF = 0x20009; // (TagType:ENUM_REP | 9) */
50  EC_CURVE = 0x1000a; // (TagType:ENUM | 10)
51  RSA_PUBLIC_EXPONENT = 0x500c8; // (TagType:ULONG | 200)
52  /* RESERVED: ECIES_SINGLE_HASH_MODE = 0x700c9; // (TagType:BOOL | 201) */
53  INCLUDE_UNIQUE_ID = 0x700ca; // (TagType:BOOL | 202)
54  RSA_OAEP_MGF_DIGEST = 0x200cb; // (TagType:ENUM_REP | 203)
55  BLOB_USAGE_REQUIREMENTS = 0x1012d; // (TagType:ENUM | 301)
56  BOOTLOADER_ONLY = 0x7012e; // (TagType:BOOL | 302)
57  ROLLBACK_RESISTANCE = 0x7012f; // (TagType:BOOL | 303)
58  HARDWARE_TYPE = 0x10130; // TagType:ENUM | 304,
59  EARLY_BOOT_ONLY = 0x70131;  // TagType:BOOL | 305,
60  ACTIVE_DATETIME = 0x60190; // (TagType:DATE | 400)
61  ORIGINATION_EXPIRE_DATETIME = 0x60191; // (TagType:DATE | 401)
62  USAGE_EXPIRE_DATETIME = 0x60192; // (TagType:DATE | 402)
63  MIN_SECONDS_BETWEEN_OPS = 0x30193; // (TagType:UINT | 403)
64  MAX_USES_PER_BOOT = 0x30194; // (TagType:UINT | 404)
65  USAGE_COUNT_LIMIT = 0x30195; // (TagType:UINT | 405)
66  /* RESERVED: ALL_USERS = 0x701f4; // (TagType:BOOL | 500) */
67  USER_ID = 0x301f5; // (TagType:UINT | 501)
68  USER_SECURE_ID = 0xa01f6; // (TagType:ULONG_REP | 502)
69  NO_AUTH_REQUIRED = 0x701f7; // (TagType:BOOL | 503)
70  USER_AUTH_TYPE = 0x101f8; // (TagType:ENUM | 504)
71  AUTH_TIMEOUT = 0x301f9; // (TagType:UINT | 505)
72  ALLOW_WHILE_ON_BODY = 0x701fa; // (TagType:BOOL | 506)
73  TRUSTED_USER_PRESENCE_REQUIRED = 0x701fb; // (TagType:BOOL | 507)
74  TRUSTED_CONFIRMATION_REQUIRED = 0x701fc;  // (TagType:BOOL | 508)
75  UNLOCKED_DEVICE_REQUIRED = 0x701fd;  //  (TagType:BOOL | 509)
76  /* RESERVED: ALL_APPLICATIONS = 0x70258; // (TagType:BOOL | 600) */
77  APPLICATION_ID = 0x90259; // (TagType:BYTES | 601)
78  /* RESERVED: EXPORTABLE = 0x7025a; // (TagType:BOOL | 602) */
79  APPLICATION_DATA = 0x902bc; // (TagType:BYTES | 700)
80  CREATION_DATETIME = 0x602bd; // (TagType:DATE | 701)
81  ORIGIN = 0x102be; // (TagType:ENUM | 702)
82  /* RESERVED: ROLLBACK_RESISTANT = 0x702bf; // (TagType:BOOL | 703) */
83  ROOT_OF_TRUST = 0x902c0; // (TagType:BYTES | 704)
84  OS_VERSION = 0x302c1; // (TagType:UINT | 705)
85  OS_PATCHLEVEL = 0x302c2; // (TagType:UINT | 706)
86  UNIQUE_ID = 0x902c3; // (TagType:BYTES | 707)
87  ATTESTATION_CHALLENGE = 0x902c4; // (TagType:BYTES | 708)
88  ATTESTATION_APPLICATION_ID = 0x902c5; // (TagType:BYTES | 709)
89  ATTESTATION_ID_BRAND = 0x902c6; // (TagType:BYTES | 710)
90  ATTESTATION_ID_DEVICE = 0x902c7; // (TagType:BYTES | 711)
91  ATTESTATION_ID_PRODUCT = 0x902c8; // (TagType:BYTES | 712)
92  ATTESTATION_ID_SERIAL = 0x902c9; // (TagType:BYTES | 713)
93  ATTESTATION_ID_IMEI = 0x902ca; // (TagType:BYTES | 714)
94  ATTESTATION_ID_MEID = 0x902cb; // (TagType:BYTES | 715)
95  ATTESTATION_ID_MANUFACTURER = 0x902cc; // (TagType:BYTES | 716)
96  ATTESTATION_ID_MODEL = 0x902cd; // (TagType:BYTES | 717)
97  VENDOR_PATCHLEVEL = 0x302ce; // (TagType:UINT | 718)
98  BOOT_PATCHLEVEL = 0x302cf; // (TagType:UINT | 719)
99  DEVICE_UNIQUE_ATTESTATION = 0x702d0;  // (TagType:BOOL | 720)
100  IDENTITY_CREDENTIAL_KEY = 0x702d1;    // (TagType:BOOL | 721)
101  STORAGE_KEY = 0x702d2;                // (TagType:BOOL | 722)
102  ATTESTATION_ID_SECOND_IMEI = 0x902d3; // (TagType:BYTES | 723)
103  ASSOCIATED_DATA = 0x903e8; // (TagType:BYTES | 1000)
104  NONCE = 0x903e9; // (TagType:BYTES | 1001)
105  /* RESERVED: AUTH_TOKEN = 0x903ea; // (TagType:BYTES | 1002) */
106  MAC_LENGTH = 0x303eb; // (TagType:UINT | 1003)
107  RESET_SINCE_ID_ROTATION = 0x703ec; // (TagType:BOOL | 1004)
108  CONFIRMATION_TOKEN = 0x903ed; // (TagType:BYTES | 1005)
109  CERTIFICATE_SERIAL = 0x803ee; // (TagType:BIGNUM | 1006)
110  CERTIFICATE_SUBJECT = 0x903ef; // (TagType:BYTES | 1007)
111};
112
113enum Algorithm {
114  RSA = 0;
115  EC = 1;
116  AES = 2;
117  DES = 3;
118  HMAC = 4;
119  ALGORITHM_MAX = 5;
120};
121
122enum BlockMode {
123  ECB = 0;
124  CBC = 1;
125  CTR = 2;
126  GCM = 3;
127  BLOCK_MODE_MAX = 4;
128};
129
130enum PaddingMode {
131  PADDING_NONE = 0;
132  PADDING_RSA_OAEP = 1;
133  PADDING_RSA_PSS = 2;
134  PADDING_RSA_PKCS1_1_5_ENCRYPT = 3;
135  PADDING_RSA_PKCS1_1_5_SIGN = 4;
136  PADDING_PKCS7 = 5;
137  PADDING_MODE_MAX = 6;
138};
139
140enum Digest {
141  DIGEST_NONE = 0;
142  DIGEST_MD5 = 1;
143  DIGEST_SHA1 = 2;
144  DIGEST_SHA_2_224 = 3;
145  DIGEST_SHA_2_256 = 4;
146  DIGEST_SHA_2_384 = 5;
147  DIGEST_SHA_2_512 = 6;
148  DIGEST_MAX = 7;
149};
150
151enum EcCurve {
152  P_224 = 0;
153  P_256 = 1;
154  P_384 = 2;
155  P_521 = 3;
156  EC_CURVE_MAX = 4;
157};
158
159enum KeyOrigin {
160  GENERATED = 0;
161  DERIVED = 1;
162  IMPORTED = 2;
163  UNKNOWN = 3;
164  SECURELY_IMPORTED = 4;
165  KEY_ORIGIN_MAX = 5;
166};
167
168enum KeyBlobUsageRequirements {
169  STANDALONE = 0;
170  REQUIRES_FILE_SYSTEM = 1;
171  KEY_USAGE_MAX = 2;
172};
173
174enum KeyPurpose {
175  ENCRYPT = 0;
176  DECRYPT = 1;
177  SIGN = 2;
178  VERIFY = 3;
179  /* RESERVED: DERIVE_KEY = 4; */
180  WRAP_KEY = 5;
181  AGREE_KEY = 6;
182  ATTEST_KEY = 7;
183  PURPOSE_MAX = 8;
184};
185
186enum ErrorCode {
187  OK = 0;
188  ROOT_OF_TRUST_ALREADY_SET = 1;
189  UNSUPPORTED_PURPOSE = 2;
190  INCOMPATIBLE_PURPOSE = 3;
191  UNSUPPORTED_ALGORITHM = 4;
192  INCOMPATIBLE_ALGORITHM = 5;
193  UNSUPPORTED_KEY_SIZE = 6;
194  UNSUPPORTED_BLOCK_MODE = 7;
195  INCOMPATIBLE_BLOCK_MODE = 8;
196  UNSUPPORTED_MAC_LENGTH = 9;
197  UNSUPPORTED_PADDING_MODE = 10;
198  INCOMPATIBLE_PADDING_MODE = 11;
199  UNSUPPORTED_DIGEST = 12;
200  INCOMPATIBLE_DIGEST = 13;
201  INVALID_EXPIRATION_TIME = 14;
202  INVALID_USER_ID = 15;
203  INVALID_AUTHORIZATION_TIMEOUT = 16;
204  UNSUPPORTED_KEY_FORMAT = 17;
205  INCOMPATIBLE_KEY_FORMAT = 18;
206  UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19;
207  UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20;
208  INVALID_INPUT_LENGTH = 21;
209  KEY_EXPORT_OPTIONS_INVALID = 22;
210  DELEGATION_NOT_ALLOWED = 23;
211  KEY_NOT_YET_VALID = 24;
212  KEY_EXPIRED = 25;
213  KEY_USER_NOT_AUTHENTICATED = 26;
214  OUTPUT_PARAMETER_NULL = 27;
215  INVALID_OPERATION_HANDLE = 28;
216  INSUFFICIENT_BUFFER_SPACE = 29;
217  VERIFICATION_FAILED = 30;
218  TOO_MANY_OPERATIONS = 31;
219  UNEXPECTED_NULL_POINTER = 32;
220  INVALID_KEY_BLOB = 33;
221  IMPORTED_KEY_NOT_ENCRYPTED = 34;
222  IMPORTED_KEY_DECRYPTION_FAILED = 35;
223  IMPORTED_KEY_NOT_SIGNED = 36;
224  IMPORTED_KEY_VERIFICATION_FAILED = 37;
225  INVALID_ARGUMENT = 38;
226  UNSUPPORTED_TAG = 39;
227  INVALID_TAG = 40;
228  MEMORY_ALLOCATION_FAILED = 41;
229  IMPORT_PARAMETER_MISMATCH = 42;
230  SECURE_HW_ACCESS_DENIED = 43;
231  OPERATION_CANCELLED = 44;
232  CONCURRENT_ACCESS_CONFLICT = 45;
233  SECURE_HW_BUSY = 46;
234  SECURE_HW_COMMUNICATION_FAILED = 47;
235  UNSUPPORTED_EC_FIELD = 48;
236  MISSING_NONCE = 49;
237  INVALID_NONCE = 50;
238  MISSING_MAC_LENGTH = 51;
239  KEY_RATE_LIMIT_EXCEEDED = 52;
240  CALLER_NONCE_PROHIBITED = 53;
241  KEY_MAX_OPS_EXCEEDED = 54;
242  INVALID_MAC_LENGTH = 55;
243  MISSING_MIN_MAC_LENGTH = 56;
244  UNSUPPORTED_MIN_MAC_LENGTH = 57;
245  UNSUPPORTED_KDF = 58;
246  UNSUPPORTED_EC_CURVE = 59;
247  KEY_REQUIRES_UPGRADE = 60;
248  ATTESTATION_CHALLENGE_MISSING = 61;
249  KEYMASTER_NOT_CONFIGURED = 62;
250  ATTESTATION_APPLICATION_ID_MISSING = 63;
251  CANNOT_ATTEST_IDS = 64;
252  UNIMPLEMENTED = 65;
253  VERSION_MISMATCH = 66;
254  ROLLBACK_RESISTANCE_UNAVAILABLE = 67;
255  HARDWARE_TYPE_UNAVAILABLE = 68;
256  PROOF_OF_PRESENCE_REQUIRED = 69;
257  CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70;
258  UNKNOWN_ERROR = 71;
259  INVALID_DEVICE_IDS = 72;                // Vendor specific.
260  PRODUCTION_MODE_PROVISIONING = 73;      // Vendor specific.
261  NO_USER_CONFIRMATION = 74;
262  KEY_UPGRADE_NOT_REQUIRED = 75;          // Vendor specific.
263  DEVICE_LOCKED = 76;
264  EARLY_BOOT_ENDED = 77;
265  ATTESTATION_KEYS_NOT_PROVISIONED = 78;
266  ATTESTATION_IDS_NOT_PROVISIONED = 79;
267  INVALID_OPERATION = 80;
268  STORAGE_KEY_UNSUPPORTED = 81;
269  INCOMPATIBLE_MGF_DIGEST = 82;
270  UNSUPPORTED_MGF_DIGEST = 83;
271  INVALID_MAC = 84;                       // RKP specific.
272  PRODUCTION_KEY_IN_TEST_REQUEST = 85;    // RKP specific.
273  TEST_KEY_IN_PRODUCTION_REQUEST = 86;    // RKP specific.
274  INVALID_EEK = 87;                       // RKP specific.
275};
276
277enum SecurityLevel {
278  SOFTWARE = 0;
279  TRUSTED_ENVIRONMENT = 1;
280  STRONGBOX = 2;
281};
282
283// NOTE: these enum values must be kept in sync with the HAL,
284// as they are used in an HMAC calculation.
285enum HardwareAuthenticatorType {
286  HW_AUTH_NONE = 0;
287  HW_AUTH_PASSWORD = 1;
288  HW_AUTH_FINGERPRINT = 2;
289  // Additional entries must be powers of 2.
290};
291
292enum KeyFormat {
293  X509 = 0;   /* for public key export */
294  PKCS8 = 1;  /* for asymmetric key pair import */
295  RAW = 3;    /* for symmetric key import and export*/
296}
297
298enum DTupError {
299  DTUP_OK = 0;
300  DTUP_NO_EVENT = 1;
301}
302
303/* matches Linux event device codes */
304enum DTupKeyEvent {
305    DTUP_RESERVED = 0;
306    DTUP_VOL_DOWN = 114;
307    DTUP_VOL_UP = 115;
308    DTUP_PWR = 116;
309}
310
311enum BootColor {
312    BOOT_VERIFIED_GREEN = 0;
313    BOOT_SELFSIGNED_YELLOW = 1;
314    BOOT_UNVERIFIED_ORANGE = 2;
315    BOOT_VERIFY_FAILED_RED = 3;
316}
317
318enum ChipFusing {
319    FUSING_PROTO = 0;
320    FUSING_DVT = 1;
321    FUSING_PVT = 2;     // Strongbox gen v0 certs.
322    FUSING_PVT_1 = 3;   // Strongbox gen v1 certs.
323    FUSING_D_PVT = 4;   // Dauntless gen v0 certs.
324    FUSING_D_PVT_1 = 5; // Dauntless gen v1 certs.
325    FUSING_D_PVT_2 = 6; // Dauntless gen v2 certs (D3M2).
326}
327
328enum CertificateStatus {
329  CERT_PREVIOUSLY_PROVISIONED = 0;
330  CERT_MISSING = 1;
331  CERT_CHECKSUM = 2;
332  CERT_UNKNOWN_ERROR = 3;
333  CERT_WRONG_PACKET = 4;
334}
335
336enum RkpCsrV2Operation {
337  RKP_CSR_V2_BEGIN = 0;
338  RKP_CSR_V2_UPDATE = 1;
339  RKP_CSR_V2_FINISH = 2;
340}
341