attestation.proto - chromiumos/platform/cryptohome - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 package cryptohome;

 // Holds TPM credentials that the attestation server will need to see. These
 // credentials must be cleared once the attestation server has certified the
 // AIK.
 message TPMCredentials {
   optional bytes endorsement_public_key = 1;
   optional bytes endorsement_credential = 2;
   optional bytes platform_credential = 3;
   optional bytes conformance_credential = 4;
 }

 // Holds information relevant to a particular AIK.
 message IdentityKey {
   // The DER encoded public key.
   optional bytes identity_public_key = 1;
   // The TPM-specific key blob that can be loaded back into the TPM.
   optional bytes identity_key_blob = 2;
   // A credential issued by the attestation server.
   optional bytes identity_credential = 3;
 }

 // Holds information required to verify the binding of an AIK to an EK. This
 // information should be cleared once the attestation server has certified the
 // AIK.
 message IdentityBinding {
   // The binding data, as output by the TPM_MakeIdentity operation.
   optional bytes identity_binding = 1;
   // The AIK public key, DER encoded.
   optional bytes identity_public_key_der = 2;
   // The AIK public key, in TPM_PUBKEY form.
   optional bytes identity_public_key = 3;
   // The label used during AIK creation.
   optional bytes identity_label = 4;
   // The PCA public key used during AIK creation, in TPM_PUBKEY form.
   optional bytes pca_public_key = 5;
 }

 // Holds information about a quote generated by the TPM.
 message Quote {
   // The quote; a signature generated with the AIK.
   optional bytes quote = 1;
   // The serialized data that was quoted; this assists in verifying the quote.
   optional bytes quoted_data = 2;
   // The value of the PCR(s) at the time the quote was generated.
   optional bytes quoted_pcr_value = 3;
 }

 // Holds owner delegation information.
 message Delegation {
   // The delegate owner blob.
   optional bytes blob = 1;
   // The authorization secret.
   optional bytes secret = 2;
 }

 // This message holds all information to be sent to the attestation server in
 // order to complete enrollment.
 message AttestationEnrollmentRequest {
   // The EK cert, in X.509 form.
   optional bytes endorsement_credential = 1;
   // The AIK public key, in TPM_PUBKEY form.
   optional bytes identity_public_key = 2;
   // PCR0 quoted by AIK.
   optional Quote pcr0_quote = 3;
 }

 // These two fields are sutible for passing to Tspi_TPM_ActivateIdentity()
 // directly.
 message EncryptedIdentityCredential {
   // TPM_ASYM_CA_CONTENTS, encrypted with EK public key.
   optional bytes asym_ca_contents = 1;
   // TPM_SYM_CA_ATTESTATION, encrypted with the key in aysm_ca_contents.
   optional bytes sym_ca_attestation = 2;
 }

 enum ResponseStatus {
   OK = 0;
   // Internal server error.
   SERVER_ERROR = 1;
   // The server cannot parse the request.
   BAD_REQUEST = 2;
   // The server rejects the request.
   REJECT = 3;
 }

 // The response from the attestation server.
 message AttestationEnrollmentResponse {
   optional ResponseStatus status = 1;
   // Detail response message. Included when the result is not OK.
   optional string detail = 2;
   optional EncryptedIdentityCredential encrypted_identity_credential = 3;
 }

 // Holds all information that a client stores locally.
 message AttestationDatabase {
   optional TPMCredentials credentials = 2;
   optional IdentityBinding identity_binding = 3;
   optional IdentityKey identity_key = 4;
   optional Quote pcr0_quote = 5;
   optional Delegation delegate = 6;
 }

 // Holds encrypted data and information required to decrypt it.
 message EncryptedDatabase {
   // A key that has been sealed to the TPM.
   optional bytes sealed_key = 2;
   // The initialization vector used during encryption.
   optional bytes iv = 3;
   // MAC of (iv || encrypted_data).
   optional bytes mac = 4;
   optional bytes encrypted_data = 5;
 }
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	package cryptohome;

	// Holds TPM credentials that the attestation server will need to see. These
	// credentials must be cleared once the attestation server has certified the
	// AIK.
	message TPMCredentials {
	optional bytes endorsement_public_key = 1;
	optional bytes endorsement_credential = 2;
	optional bytes platform_credential = 3;
	optional bytes conformance_credential = 4;
	}

	// Holds information relevant to a particular AIK.
	message IdentityKey {
	// The DER encoded public key.
	optional bytes identity_public_key = 1;
	// The TPM-specific key blob that can be loaded back into the TPM.
	optional bytes identity_key_blob = 2;
	// A credential issued by the attestation server.
	optional bytes identity_credential = 3;
	}

	// Holds information required to verify the binding of an AIK to an EK. This
	// information should be cleared once the attestation server has certified the
	// AIK.
	message IdentityBinding {
	// The binding data, as output by the TPM_MakeIdentity operation.
	optional bytes identity_binding = 1;
	// The AIK public key, DER encoded.
	optional bytes identity_public_key_der = 2;
	// The AIK public key, in TPM_PUBKEY form.
	optional bytes identity_public_key = 3;
	// The label used during AIK creation.
	optional bytes identity_label = 4;
	// The PCA public key used during AIK creation, in TPM_PUBKEY form.
	optional bytes pca_public_key = 5;
	}

	// Holds information about a quote generated by the TPM.
	message Quote {
	// The quote; a signature generated with the AIK.
	optional bytes quote = 1;
	// The serialized data that was quoted; this assists in verifying the quote.
	optional bytes quoted_data = 2;
	// The value of the PCR(s) at the time the quote was generated.
	optional bytes quoted_pcr_value = 3;
	}

	// Holds owner delegation information.
	message Delegation {
	// The delegate owner blob.
	optional bytes blob = 1;
	// The authorization secret.
	optional bytes secret = 2;
	}

	// This message holds all information to be sent to the attestation server in
	// order to complete enrollment.
	message AttestationEnrollmentRequest {
	// The EK cert, in X.509 form.
	optional bytes endorsement_credential = 1;
	// The AIK public key, in TPM_PUBKEY form.
	optional bytes identity_public_key = 2;
	// PCR0 quoted by AIK.
	optional Quote pcr0_quote = 3;
	}

	// These two fields are sutible for passing to Tspi_TPM_ActivateIdentity()
	// directly.
	message EncryptedIdentityCredential {
	// TPM_ASYM_CA_CONTENTS, encrypted with EK public key.
	optional bytes asym_ca_contents = 1;
	// TPM_SYM_CA_ATTESTATION, encrypted with the key in aysm_ca_contents.
	optional bytes sym_ca_attestation = 2;
	}

	enum ResponseStatus {
	OK = 0;
	// Internal server error.
	SERVER_ERROR = 1;
	// The server cannot parse the request.
	BAD_REQUEST = 2;
	// The server rejects the request.
	REJECT = 3;
	}

	// The response from the attestation server.
	message AttestationEnrollmentResponse {
	optional ResponseStatus status = 1;
	// Detail response message. Included when the result is not OK.
	optional string detail = 2;
	optional EncryptedIdentityCredential encrypted_identity_credential = 3;
	}

	// Holds all information that a client stores locally.
	message AttestationDatabase {
	optional TPMCredentials credentials = 2;
	optional IdentityBinding identity_binding = 3;
	optional IdentityKey identity_key = 4;
	optional Quote pcr0_quote = 5;
	optional Delegation delegate = 6;
	}

	// Holds encrypted data and information required to decrypt it.
	message EncryptedDatabase {
	// A key that has been sealed to the TPM.
	optional bytes sealed_key = 2;
	// The initialization vector used during encryption.
	optional bytes iv = 3;
	// MAC of (iv \|\| encrypted_data).
	optional bytes mac = 4;
	optional bytes encrypted_data = 5;
	}