mirror of
https://github.com/google/go-attestation.git
synced 2024-12-28 00:38:55 +00:00
a801f7333b
* Upstream the verifier sub-library. * Rename proto package to go_attestation
115 lines
2.8 KiB
Protocol Buffer
115 lines
2.8 KiB
Protocol Buffer
// (-- api-linter: forbidden-types=disabled --)
|
|
syntax = "proto3";
|
|
|
|
package go_attestation.proto;
|
|
|
|
enum TpmVersion {
|
|
TPM_VERSION_UNSPECIFIED = 0;
|
|
TPM_12 = 1;
|
|
TPM_20 = 2;
|
|
}
|
|
|
|
enum TpmInterface {
|
|
TPM_INTERFACE_UNSPECIFIED = 0;
|
|
DIRECT = 1;
|
|
KERNEL_MANAGED = 2;
|
|
DAEMON_MANAGED = 3;
|
|
}
|
|
|
|
// TpmInfo encapsulates version / device information
|
|
// about the TPM, and how the attestation client interfaces
|
|
// with it.
|
|
message TpmInfo {
|
|
TpmVersion tpm_version = 1;
|
|
string manufacturer = 2;
|
|
TpmInterface tpm_interface = 3;
|
|
|
|
// This number represents the version of the support code which
|
|
// interfaces with the TPM.
|
|
uint32 tpm_interface_version = 4 [deprecated = true];
|
|
|
|
// This is the string provided by the TPM.
|
|
string tpm_opaque_info = 5;
|
|
|
|
// This is set if challenges must be generated
|
|
// in TrouSerS format for TPM 1.2 devices.
|
|
bool trousers_format = 6;
|
|
}
|
|
|
|
message EndorsementKey {
|
|
enum DataType {
|
|
DATA_TYPE_UNSPECIFIED = 0;
|
|
PUBLIC_BLOB = 1; // Indicates data is encoded as a PKCS1 public key.
|
|
X509_CERT_BLOB = 2;
|
|
};
|
|
|
|
DataType datatype = 1;
|
|
bytes data = 2;
|
|
}
|
|
|
|
// Tpm20AikInfo describes an AIK using TPM 2.0 structures.
|
|
message Tpm20AikInfo {
|
|
// This is a TPMT_PUBLIC structure.
|
|
bytes public_blob = 1;
|
|
// This is a TPMS_CREATION_DATA structure.
|
|
bytes creation_data = 2;
|
|
// This is a TPMU_ATTEST structure, with the dynamic section
|
|
// containing a CREATION_INFO structure.
|
|
bytes attestation_data = 3;
|
|
// This is a TPMT_SIGNATURE structure.
|
|
bytes signature_data = 4;
|
|
}
|
|
|
|
// Tpm12AikInfo describes an AIK using TPM 1.2 structures.
|
|
message Tpm12AikInfo {
|
|
// This is a TPM_PUBKEY structure.
|
|
bytes public_blob = 1;
|
|
// This is auxillary data, provided for the purpose of debugging.
|
|
// on Windows devices, this represents the contents of PCP_ID_BINDING.
|
|
bytes aux = 2;
|
|
}
|
|
|
|
// AikInfo describes the public key, parameters, and creation information
|
|
// of an attestation identity key.
|
|
message AikInfo {
|
|
oneof tpm_aik_info {
|
|
Tpm20AikInfo tpm20 = 1;
|
|
Tpm12AikInfo tpm12 = 2;
|
|
}
|
|
}
|
|
|
|
// ChallengeInfo describes which challenge a nonce corresponds to.
|
|
message ChallengeInfo {
|
|
enum ChallengeType {
|
|
CHALLENGE_UNSPECIFIED = 0;
|
|
CHALLENGE_CA = 1;
|
|
};
|
|
|
|
ChallengeType type = 1;
|
|
}
|
|
|
|
// ClientInfo is optional data sent from the client to identify what version
|
|
// of racc-client it is running.
|
|
message ClientInfo {
|
|
string machine_track = 1;
|
|
string cl_rollup = 2;
|
|
string version = 3;
|
|
}
|
|
|
|
// StatusReport describes information from a client which is distinct to any
|
|
// attestation operation.
|
|
message StatusReport {
|
|
enum ReportType {
|
|
REPORT_UNSPECIFIED = 0;
|
|
REPORT_TPM_UNSUITABLE = 1;
|
|
REPORT_TPM_OPERATION_FAILURE = 2;
|
|
REPORT_LOG_UNAVAILABLE = 3;
|
|
};
|
|
|
|
ReportType type = 1;
|
|
int64 code = 2;
|
|
string message = 3;
|
|
string operation = 4;
|
|
ClientInfo client_info = 5;
|
|
}
|