Google Git
Sign in
chromium / chromiumos / platform / cryptohome / refs/heads/factory-2914.B^! / .
commit84e92b775266d6fe5d613f5fe9358a79a7e6a090[log] [tgz]
authorDavid Yu <davidyu@chromium.org>Tue Sep 18 05:42:06 2012
committerGerrit <chrome-bot@google.com>Tue Sep 18 12:33:44 2012
treea7b277ca74fa5276cdb1cdb3f62df34a89ea9914
parent93898ebc7e5b4326e52987c647f1e5451743d8d5 [diff]
Add AttestationCertificateRequest and AttestationCertificateResponse.

BUG=none
TEST=compiled successfully

Change-Id: I273a2c229f220de7fad2d8aa60014108788a533a
Reviewed-on: https://gerrit.chromium.org/gerrit/33510
Tested-by: David Yu <davidyu@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: David Yu <davidyu@chromium.org>

diff --git a/attestation.proto b/attestation.proto
index ffaaa73..2106deb 100644
--- a/attestation.proto
+++ b/attestation.proto

@@ -69,7 +69,7 @@
   optional Quote pcr0_quote = 3;
 }
 
-// These two fields are sutible for passing to Tspi_TPM_ActivateIdentity()
+// These two fields are suitable for passing to Tspi_TPM_ActivateIdentity()
 // directly.
 message EncryptedIdentityCredential {
   // TPM_ASYM_CA_CONTENTS, encrypted with EK public key.
@@ -88,7 +88,7 @@
   REJECT = 3;
 }
 
-// The response from the attestation server.
+// The response from the attestation server for the enrollment request.
 message AttestationEnrollmentResponse {
   optional ResponseStatus status = 1;
   // Detail response message. Included when the result is not OK.
@@ -96,6 +96,30 @@
   optional EncryptedIdentityCredential encrypted_identity_credential = 3;
 }
 
+// The certificate request to be sent to the attestation server.
+message AttestationCertificateRequest {
+  // The AIK cert in X.509 format.
+  optional bytes identity_credential = 1;
+  // Set this field to true to include detail information (e.g. device mode) in
+  // the issued certificate.
+  optional bool is_cert_for_owner = 2;
+  // A certified public key in TPM_PUBKEY.
+  optional bytes certified_public_key = 3;
+  // The serialized TPM_CERTIFY_INFO for the certified key.
+  optional bytes certified_key_info = 4;
+  // The signature of the TPM_CERTIFY_INFO by the AIK.
+  optional bytes certified_key_proof = 5;
+}
+
+// The response from the attestation server for the certificate request.
+message AttestationCertificateResponse {
+  optional ResponseStatus status = 1;
+  // Detail response message. Included when the result is not OK.
+  optional string detail = 2;
+  // The credential of the ceritified key in X.509 format.
+  optional bytes certified_key_credential = 3;
+}
+
 // Holds all information that a client stores locally.
 message AttestationDatabase {
   optional TPMCredentials credentials = 2;