Add AttestationCertificateRequest and AttestationCertificateResponse.
BUG=none
TEST=compiled successfully
Change-Id: I273a2c229f220de7fad2d8aa60014108788a533a
Reviewed-on: https://gerrit.chromium.org/gerrit/33510
Tested-by: David Yu <davidyu@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: David Yu <davidyu@chromium.org>
diff --git a/attestation.proto b/attestation.proto
index ffaaa73..2106deb 100644
--- a/attestation.proto
+++ b/attestation.proto
@@ -69,7 +69,7 @@
optional Quote pcr0_quote = 3;
}
-// These two fields are sutible for passing to Tspi_TPM_ActivateIdentity()
+// These two fields are suitable for passing to Tspi_TPM_ActivateIdentity()
// directly.
message EncryptedIdentityCredential {
// TPM_ASYM_CA_CONTENTS, encrypted with EK public key.
@@ -88,7 +88,7 @@
REJECT = 3;
}
-// The response from the attestation server.
+// The response from the attestation server for the enrollment request.
message AttestationEnrollmentResponse {
optional ResponseStatus status = 1;
// Detail response message. Included when the result is not OK.
@@ -96,6 +96,30 @@
optional EncryptedIdentityCredential encrypted_identity_credential = 3;
}
+// The certificate request to be sent to the attestation server.
+message AttestationCertificateRequest {
+ // The AIK cert in X.509 format.
+ optional bytes identity_credential = 1;
+ // Set this field to true to include detail information (e.g. device mode) in
+ // the issued certificate.
+ optional bool is_cert_for_owner = 2;
+ // A certified public key in TPM_PUBKEY.
+ optional bytes certified_public_key = 3;
+ // The serialized TPM_CERTIFY_INFO for the certified key.
+ optional bytes certified_key_info = 4;
+ // The signature of the TPM_CERTIFY_INFO by the AIK.
+ optional bytes certified_key_proof = 5;
+}
+
+// The response from the attestation server for the certificate request.
+message AttestationCertificateResponse {
+ optional ResponseStatus status = 1;
+ // Detail response message. Included when the result is not OK.
+ optional string detail = 2;
+ // The credential of the ceritified key in X.509 format.
+ optional bytes certified_key_credential = 3;
+}
+
// Holds all information that a client stores locally.
message AttestationDatabase {
optional TPMCredentials credentials = 2;