2019-06-06 17:43:36 +00:00
|
|
|
syntax = "proto3";
|
|
|
|
|
2019-07-07 22:17:14 +00:00
|
|
|
package go_attestation;
|
2019-06-06 17:43:36 +00:00
|
|
|
|
|
|
|
enum TpmVersion {
|
|
|
|
TPM_VERSION_UNSPECIFIED = 0;
|
|
|
|
TPM_12 = 1;
|
|
|
|
TPM_20 = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
enum TpmInterface {
|
|
|
|
TPM_INTERFACE_UNSPECIFIED = 0;
|
|
|
|
DIRECT = 1;
|
|
|
|
KERNEL_MANAGED = 2;
|
|
|
|
DAEMON_MANAGED = 3;
|
|
|
|
}
|
|
|
|
|
|
|
|
// TpmInfo encapsulates version / device information
|
|
|
|
// about the TPM, and how the attestation client interfaces
|
|
|
|
// with it.
|
|
|
|
message TpmInfo {
|
|
|
|
TpmVersion tpm_version = 1;
|
|
|
|
string manufacturer = 2;
|
|
|
|
TpmInterface tpm_interface = 3;
|
|
|
|
|
|
|
|
// This number represents the version of the support code which
|
|
|
|
// interfaces with the TPM.
|
|
|
|
uint32 tpm_interface_version = 4 [deprecated = true];
|
|
|
|
|
|
|
|
// This is the string provided by the TPM.
|
|
|
|
string tpm_opaque_info = 5;
|
|
|
|
|
|
|
|
// This is set if challenges must be generated
|
|
|
|
// in TrouSerS format for TPM 1.2 devices.
|
|
|
|
bool trousers_format = 6;
|
|
|
|
}
|
|
|
|
|
|
|
|
message EndorsementKey {
|
|
|
|
enum DataType {
|
|
|
|
DATA_TYPE_UNSPECIFIED = 0;
|
|
|
|
PUBLIC_BLOB = 1; // Indicates data is encoded as a PKCS1 public key.
|
|
|
|
X509_CERT_BLOB = 2;
|
|
|
|
};
|
|
|
|
|
|
|
|
DataType datatype = 1;
|
|
|
|
bytes data = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Tpm20AikInfo describes an AIK using TPM 2.0 structures.
|
|
|
|
message Tpm20AikInfo {
|
|
|
|
// This is a TPMT_PUBLIC structure.
|
|
|
|
bytes public_blob = 1;
|
|
|
|
// This is a TPMS_CREATION_DATA structure.
|
|
|
|
bytes creation_data = 2;
|
|
|
|
// This is a TPMU_ATTEST structure, with the dynamic section
|
|
|
|
// containing a CREATION_INFO structure.
|
|
|
|
bytes attestation_data = 3;
|
|
|
|
// This is a TPMT_SIGNATURE structure.
|
|
|
|
bytes signature_data = 4;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Tpm12AikInfo describes an AIK using TPM 1.2 structures.
|
|
|
|
message Tpm12AikInfo {
|
|
|
|
// This is a TPM_PUBKEY structure.
|
|
|
|
bytes public_blob = 1;
|
|
|
|
// This is auxillary data, provided for the purpose of debugging.
|
|
|
|
// on Windows devices, this represents the contents of PCP_ID_BINDING.
|
|
|
|
bytes aux = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// AikInfo describes the public key, parameters, and creation information
|
|
|
|
// of an attestation identity key.
|
|
|
|
message AikInfo {
|
|
|
|
oneof tpm_aik_info {
|
|
|
|
Tpm20AikInfo tpm20 = 1;
|
|
|
|
Tpm12AikInfo tpm12 = 2;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// ChallengeInfo describes which challenge a nonce corresponds to.
|
|
|
|
message ChallengeInfo {
|
|
|
|
enum ChallengeType {
|
|
|
|
CHALLENGE_UNSPECIFIED = 0;
|
|
|
|
CHALLENGE_CA = 1;
|
|
|
|
};
|
|
|
|
|
|
|
|
ChallengeType type = 1;
|
|
|
|
}
|