96 lines
3 KiB
Protocol Buffer
96 lines
3 KiB
Protocol Buffer
// Copyright 2015 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
option optimize_for = LITE_RUNTIME;
|
|
|
|
package attestation;
|
|
|
|
// Describes key type.
|
|
enum KeyType {
|
|
KEY_TYPE_RSA = 1;
|
|
KEY_TYPE_ECC = 2;
|
|
}
|
|
|
|
// Describes allowed key usage.
|
|
enum KeyUsage {
|
|
KEY_USAGE_SIGN = 1;
|
|
KEY_USAGE_DECRYPT = 2;
|
|
}
|
|
|
|
// Enumerates various certificate profiles supported by the Attestation CA.
|
|
enum CertificateProfile {
|
|
// A certificate intended for enterprise-owned devices. It has the following
|
|
// subjectName fields:
|
|
// CN=<stable device identifier>
|
|
// OU=state:[verified|developer]
|
|
// O=Chrome Device Enterprise
|
|
ENTERPRISE_MACHINE_CERTIFICATE = 0;
|
|
|
|
// A certificate intended for enterprise-owned user accounts. It has the
|
|
// following subjectName fields:
|
|
// OU=state:[verified|developer]
|
|
// O=Chrome Device Enterprise
|
|
ENTERPRISE_USER_CERTIFICATE = 1;
|
|
|
|
// A certificate intended for platform verification by providers of protected
|
|
// content. It has the following subjectName fields:
|
|
// O=Chrome Device Content Protection
|
|
CONTENT_PROTECTION_CERTIFICATE = 2;
|
|
|
|
// Like above, but it also includes a stable ID and origin.
|
|
// CN=<origin-specific device identifier>
|
|
// OU=<origin>
|
|
// O=Chrome Device Content Protection
|
|
CONTENT_PROTECTION_CERTIFICATE_WITH_STABLE_ID = 3;
|
|
|
|
// A certificate intended for cast devices.
|
|
CAST_CERTIFICATE = 4;
|
|
|
|
GFSC_CERTIFICATE = 5;
|
|
}
|
|
|
|
// Holds information about a quote generated by the TPM.
|
|
message Quote {
|
|
// The quote; a signature generated with the AIK.
|
|
optional bytes quote = 1;
|
|
// The serialized data that was quoted; this assists in verifying the quote.
|
|
optional bytes quoted_data = 2;
|
|
// The value of the PCR(s) at the time the quote was generated.
|
|
optional bytes quoted_pcr_value = 3;
|
|
// Source data which was originally used to extend the PCR. If this field
|
|
// exists it can be expected that SHA1(pcr_source_hint) was extended into the
|
|
// PCR.
|
|
optional bytes pcr_source_hint = 4;
|
|
}
|
|
|
|
// Holds encrypted data and information required to decrypt it.
|
|
message EncryptedData {
|
|
// A key that has been sealed to the TPM or wrapped by another key.
|
|
optional bytes wrapped_key = 2;
|
|
// The initialization vector used during encryption.
|
|
optional bytes iv = 3;
|
|
// MAC of (iv || encrypted_data).
|
|
optional bytes mac = 4;
|
|
optional bytes encrypted_data = 5;
|
|
// An identifier for the wrapping key to assist in decryption.
|
|
optional bytes wrapping_key_id = 6;
|
|
}
|
|
|
|
// The wrapper message of any data and its signature.
|
|
message SignedData {
|
|
// The data to be signed.
|
|
optional bytes data = 1;
|
|
// The signature of the data field.
|
|
optional bytes signature = 2;
|
|
}
|
|
|
|
// These two fields are suitable for passing to Tspi_TPM_ActivateIdentity()
|
|
// directly.
|
|
message EncryptedIdentityCredential {
|
|
// TPM_ASYM_CA_CONTENTS, encrypted with EK public key.
|
|
optional bytes asym_ca_contents = 1;
|
|
// TPM_SYM_CA_ATTESTATION, encrypted with the key in aysm_ca_contents.
|
|
optional bytes sym_ca_attestation = 2;
|
|
}
|
|
|