Loading kinetic.proto +91 −79 Original line number Diff line number Diff line Loading @@ -81,46 +81,11 @@ message Message { optional bytes hmac = 2; } // Pin Auth is used for special commands that are valid when the device // is locked or to be locked. These are unlock, lock and erase. // This must come over the TLS connection to protect the confidentiality and // integrity. The request ignores the value in commandBytes. The // response will return this pinAuth and will have a status in // the commandBytes. // Pin based authentication for Pin operations. message PINauth { // The operation optional PinOp pinOp = 1; // The pin necessary to make the operations valid optional bytes pin = 2; enum PinOp { INVALID_PINOP = -1; // The pin will unlock the device UNLOCK_PINOP = 1; // This will lock the device. This includes all // configuration and user data. This operation is // secure from even given physical access and // disassembly of the device. LOCK_PINOP = 2; // Erase the device. This may be secure // or not. The implication is that it may be faster // than the secure operation. ERASE_PINOP = 3; // Erase the device in a way that will // physical access and disassembly of the device // will not SECURE_ERASE_PINOP = 4; // Both erase operations will return // the device to an as manufactured state removing all // user data and configuration settings. } optional bytes pin = 1; } } Loading Loading @@ -220,6 +185,9 @@ message Command { // Defined long running commands that are device dependent and // typically background operations. optional BackgroundOperation backgroundOperation = 5; // Perform Pin-based operations optional PinOperation pinOp = 8; } //operation status Loading Loading @@ -392,16 +360,6 @@ message Command { // message. The firmware is itself protected on its own for integrity, // authenticity, etc. optional bool firmwareDownload = 5; // sets the erase pin for the pin authorized erase commands. // 0 length or null pin is NOT allowed and an INVALID_REQUEST // error is returned. optional bytes newErasePin = 6; // Sets the lock unlock pin. When enabled the device has the // ability to be securely locked. Entering or changing the lock // unlock pin does not erase the device. optional bytes newLockPin = 7; } // P2P operations allow devices to be able to send keys to other devices. Loading Loading @@ -647,6 +605,7 @@ message Command { // The range on the request and results on the response optional Range range = 2; enum BackOpType { INVALID_BACKOP = -1; Loading @@ -663,6 +622,55 @@ message Command { } // Pin Operations are used for special commands that are valid when the device // is locked or to be locked. These are unlock, lock and erase. // This must come over the TLS connection to protect the confidentiality and // integrity. This operations must be used with PinAuth. message PinOperation { optional PinOpType pinOpType = 1; // New pin used for SET_LOCKPIN_PINOP or SET_ERASEPIN_PINOP operations optional bytes newPin = 2; enum PinOpType { INVALID_PINOP = -1; // The pin will unlock the device UNLOCK_PINOP = 1; // This will lock the device. This includes all // configuration and user data. This operation is // secure from even given physical access and // disassembly of the device. LOCK_PINOP = 2; // Both erase operations will return // the device to an as manufactured state removing all // user data and configuration settings. // Erase the device. This may be secure // or not. The implication is that it may be faster // than the secure operation. ERASE_PINOP = 3; // Erase the device in a way that will // physical access and disassembly of the device // will not SECURE_ERASE_PINOP = 4; // Sets the lock unlock pin. When enabled the device has the // ability to be securely locked. Entering or changing the lock // unlock pin does not erase the device. SET_LOCKPIN_PINOP = 5; // sets the erase pin for the pin authorized erase commands. // 0 length or null pin is NOT allowed and an INVALID_REQUEST // error is returned. SET_ERASEPIN_PINOP = 6; } } enum Priority { NORMAL = 5; LOWEST = 1; Loading Loading @@ -700,10 +708,12 @@ message Command { GETKEYRANGE_RESPONSE = 11; // 13 and 14 are reserved, do not use GETVERSION = 16; GETVERSION_RESPONSE = 15; // 17, 18, 19, and 20 are reserved, do not use SETUP = 22; SETUP_RESPONSE = 21; GETLOG = 24; Loading @@ -718,6 +728,8 @@ message Command { FLUSHALLDATA_RESPONSE = 31; BACKOP = 34; // background operations BACKOP_RESPONSE = 33; PINOP = 36; // Pin based operations PINOP_RESPONSE = 35; } } Loading
kinetic.proto +91 −79 Original line number Diff line number Diff line Loading @@ -81,46 +81,11 @@ message Message { optional bytes hmac = 2; } // Pin Auth is used for special commands that are valid when the device // is locked or to be locked. These are unlock, lock and erase. // This must come over the TLS connection to protect the confidentiality and // integrity. The request ignores the value in commandBytes. The // response will return this pinAuth and will have a status in // the commandBytes. // Pin based authentication for Pin operations. message PINauth { // The operation optional PinOp pinOp = 1; // The pin necessary to make the operations valid optional bytes pin = 2; enum PinOp { INVALID_PINOP = -1; // The pin will unlock the device UNLOCK_PINOP = 1; // This will lock the device. This includes all // configuration and user data. This operation is // secure from even given physical access and // disassembly of the device. LOCK_PINOP = 2; // Erase the device. This may be secure // or not. The implication is that it may be faster // than the secure operation. ERASE_PINOP = 3; // Erase the device in a way that will // physical access and disassembly of the device // will not SECURE_ERASE_PINOP = 4; // Both erase operations will return // the device to an as manufactured state removing all // user data and configuration settings. } optional bytes pin = 1; } } Loading Loading @@ -220,6 +185,9 @@ message Command { // Defined long running commands that are device dependent and // typically background operations. optional BackgroundOperation backgroundOperation = 5; // Perform Pin-based operations optional PinOperation pinOp = 8; } //operation status Loading Loading @@ -392,16 +360,6 @@ message Command { // message. The firmware is itself protected on its own for integrity, // authenticity, etc. optional bool firmwareDownload = 5; // sets the erase pin for the pin authorized erase commands. // 0 length or null pin is NOT allowed and an INVALID_REQUEST // error is returned. optional bytes newErasePin = 6; // Sets the lock unlock pin. When enabled the device has the // ability to be securely locked. Entering or changing the lock // unlock pin does not erase the device. optional bytes newLockPin = 7; } // P2P operations allow devices to be able to send keys to other devices. Loading Loading @@ -647,6 +605,7 @@ message Command { // The range on the request and results on the response optional Range range = 2; enum BackOpType { INVALID_BACKOP = -1; Loading @@ -663,6 +622,55 @@ message Command { } // Pin Operations are used for special commands that are valid when the device // is locked or to be locked. These are unlock, lock and erase. // This must come over the TLS connection to protect the confidentiality and // integrity. This operations must be used with PinAuth. message PinOperation { optional PinOpType pinOpType = 1; // New pin used for SET_LOCKPIN_PINOP or SET_ERASEPIN_PINOP operations optional bytes newPin = 2; enum PinOpType { INVALID_PINOP = -1; // The pin will unlock the device UNLOCK_PINOP = 1; // This will lock the device. This includes all // configuration and user data. This operation is // secure from even given physical access and // disassembly of the device. LOCK_PINOP = 2; // Both erase operations will return // the device to an as manufactured state removing all // user data and configuration settings. // Erase the device. This may be secure // or not. The implication is that it may be faster // than the secure operation. ERASE_PINOP = 3; // Erase the device in a way that will // physical access and disassembly of the device // will not SECURE_ERASE_PINOP = 4; // Sets the lock unlock pin. When enabled the device has the // ability to be securely locked. Entering or changing the lock // unlock pin does not erase the device. SET_LOCKPIN_PINOP = 5; // sets the erase pin for the pin authorized erase commands. // 0 length or null pin is NOT allowed and an INVALID_REQUEST // error is returned. SET_ERASEPIN_PINOP = 6; } } enum Priority { NORMAL = 5; LOWEST = 1; Loading Loading @@ -700,10 +708,12 @@ message Command { GETKEYRANGE_RESPONSE = 11; // 13 and 14 are reserved, do not use GETVERSION = 16; GETVERSION_RESPONSE = 15; // 17, 18, 19, and 20 are reserved, do not use SETUP = 22; SETUP_RESPONSE = 21; GETLOG = 24; Loading @@ -718,6 +728,8 @@ message Command { FLUSHALLDATA_RESPONSE = 31; BACKOP = 34; // background operations BACKOP_RESPONSE = 33; PINOP = 36; // Pin based operations PINOP_RESPONSE = 35; } }
