attestation/common/database.proto - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 syntax = "proto2";

 option optimize_for = LITE_RUNTIME;

 import "attestation_ca.proto";
 import "keystore.proto";

 package attestation;

 // Holds TPM credentials that the attestation server will need to see. These
 // credentials must be cleared once the attestation server has certified the
 // AIK.
 message TPMCredentials {
   reserved 3, 4, 7, 8;

   // The key type of endorsement key stored in |endorsement_public_key| and
   // |endorsement_credential|.
   optional KeyType endorsement_key_type = 10 [default = KEY_TYPE_RSA];
   // The DER encoded SubjectPublicKeyInfo for endorsement key.
   optional bytes endorsement_public_key = 11;
   // The DER encoded X.509 certificate of endorsement key.
   optional bytes endorsement_credential = 2;

   // The DER encoded RSAPublicKey for RSA endorsement key.
   optional bytes legacy_endorsement_public_key = 1 [deprecated = true];
   optional EncryptedData default_encrypted_endorsement_credential = 5
       [deprecated = true];
   optional EncryptedData test_encrypted_endorsement_credential = 6
       [deprecated = true];

   // Map of |endorsement_credential| encrypted with a public key associated with
   // Chrome OS Privacy CA, by CA.
   map<int32, EncryptedData> encrypted_endorsement_credentials = 9;
 }

 // Holds information relevant to a particular AIK.
 message IdentityKey {
   // The key type of stored key.
   optional KeyType identity_key_type = 5 [default = KEY_TYPE_RSA];
   // The DER encoded public key. RSAPublicKey for RSA key. SubjectPublicKeyInfo
   // for ECC key.
   optional bytes identity_public_key_der = 1;
   // The TPM-specific key blob that can be loaded back into the TPM.
   optional bytes identity_key_blob = 2;
   // A credential issued by the attestation server. (Now in
   // IdentityCertificate.)
   optional bytes identity_credential = 3 [deprecated = true];
   // The computed enrollment ID, present only for enrolled devices.
   optional bytes enrollment_id = 4 [deprecated = true];
 }

 // Holds information required to verify the binding of an AIK to an EK. This
 // information should be cleared once the attestation server has certified the
 // AIK. This is not used for TPM 2.0 attestation and if it exists, only the
 // public key fields are meaningful.
 message IdentityBinding {
   // The binding data, as output by the TPM_MakeIdentity operation.
   optional bytes identity_binding = 1;
   // The AIK public key, DER encoded.
   optional bytes identity_public_key_der = 2;
   // The AIK public key, the raw TPM format. (TPM_PUBKEY for TPM 1.2,
   // TPMT_PUBLIC for TPM 2.0).
   optional bytes identity_public_key_tpm_format = 3;
   // The label used during AIK creation.
   optional bytes identity_label = 4;
   // The PCA public key used during AIK creation, in TPM_PUBKEY form.
   optional bytes pca_public_key = 5;
 }

 // Holds owner delegation information.
 message Delegation {
   reserved 4;
   reserved "can_read_internal_pub";
   // The delegate owner blob.
   optional bytes blob = 1;
   // The authorization secret.
   optional bytes secret = 2;
   // Whether this delegate has permissions to call TPM_ResetLockValue.
   optional bool has_reset_lock_permissions = 3;
 }

 // Holds information about a certified key.
 message CertifiedKey {
   // The TPM-wrapped key blob.
   optional bytes key_blob = 1;
   // The public key in ASN.1 DER form.
   optional bytes public_key = 2;
   // The credential of the certified key in X.509 format.
   optional bytes certified_key_credential = 3;
   // The issuer intermediate CA certificate in X.509 format.
   optional bytes intermediate_ca_cert = 4;
   // A key name.  This is not necessarily a unique identifier.
   optional bytes key_name = 5;
   // An arbitrary payload associated with the key.
   optional bytes payload = 6;
   // Addtional intermediate CA certificates that helps chaining up to the root
   // CA. See |AttestationCertificateResponse.additional_intermediate_ca_cert|
   // for more detail.
   repeated bytes additional_intermediate_ca_cert = 7;
   // The public key in TPM_PUBKEY form (TPMT_PUBLIC for TPM 2.0).
   optional bytes public_key_tpm_format = 8;
   // The serialized TPM_CERTIFY_INFO for the certified key (TPMS_ATTEST for
   // TPM 2.0).
   optional bytes certified_key_info = 9;
   // The signature of the TPM_CERTIFY_INFO or TPMS_ATTEST by the AIK.
   optional bytes certified_key_proof = 10;
   // The original key type specified when the key was created.
   optional KeyType key_type = 11;
   // The original key usage specified when the key was created.
   optional KeyUsage key_usage = 12;
 }

 // Features of an identity (bitwise enumeration).
 enum IdentityFeatures {
   // No identity features.
   NO_IDENTITY_FEATURES = 0;
   // This identity carries an EID.
   IDENTITY_FEATURE_ENTERPRISE_ENROLLMENT_ID = 1;
 }

 // Holds all information that a client stores locally.
 message AttestationDatabase {
   reserved 1, 9, 10, 11, 13;
   optional TPMCredentials credentials = 2;

   // These deprecated fields are now in identities and identity certificates.
   optional IdentityBinding identity_binding = 3 [deprecated = true];
   optional IdentityKey identity_key = 4 [deprecated = true];
   optional Quote pcr0_quote = 5 [deprecated = true];
   optional Quote pcr1_quote = 12 [deprecated = true];

   optional Delegation delegate = 6;
   repeated CertifiedKey device_keys = 7;

   message TemporalIndexRecord {
     optional bytes user_hash = 1;
     optional bytes origin_hash = 2;
     optional int32 temporal_index = 3;
   }
   repeated TemporalIndexRecord temporal_index_record = 8;

   // Holds identity-related values generated by the TPM.
   message Identity {
     optional int32 features = 1;
     optional IdentityBinding identity_binding = 2;
     optional IdentityKey identity_key = 3;
     // PCR quotes. Keys are PCR indices.
     map<int32, Quote> pcr_quotes = 4;
     // NVRAM quoted by AIK. Keys are values of NVRAMQuoteType.
     map<int32, Quote> nvram_quotes = 5;
   }

   // The unique device EID.
   optional bytes enrollment_id = 14;

   // All the known identities. Identity 0 is guaranteed to exist and to have
   // identity features of IDENTITY_FEATURE_ENTERPRISE_ENROLLMENT_ID.
   repeated Identity identities = 15;

   // Holds all identity-related value for a combination of Identity and ACA.
   message IdentityCertificate {
     // The Identity used for this certificate.
     optional int32 identity = 1;
     // The attestation server that this certificate was created with.
     optional int32 aca = 2;
     // A credential issued by the attestation server.
     optional bytes identity_credential = 3;
   }

   // All the identity certificates we know of. Keys 0 and 1 are reserved
   // for backwards compatibility and represent identity 0 enrolled with the
   // default and test ACA respectively.
   map<int32, IdentityCertificate> identity_certificates = 16;
 }
	// Copyright 2015 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	syntax = "proto2";

	option optimize_for = LITE_RUNTIME;

	import "attestation_ca.proto";
	import "keystore.proto";

	package attestation;

	// Holds TPM credentials that the attestation server will need to see. These
	// credentials must be cleared once the attestation server has certified the
	// AIK.
	message TPMCredentials {
	reserved 3, 4, 7, 8;

	// The key type of endorsement key stored in \|endorsement_public_key\| and
	// \|endorsement_credential\|.
	optional KeyType endorsement_key_type = 10 [default = KEY_TYPE_RSA];
	// The DER encoded SubjectPublicKeyInfo for endorsement key.
	optional bytes endorsement_public_key = 11;
	// The DER encoded X.509 certificate of endorsement key.
	optional bytes endorsement_credential = 2;

	// The DER encoded RSAPublicKey for RSA endorsement key.
	optional bytes legacy_endorsement_public_key = 1 [deprecated = true];
	optional EncryptedData default_encrypted_endorsement_credential = 5
	[deprecated = true];
	optional EncryptedData test_encrypted_endorsement_credential = 6
	[deprecated = true];

	// Map of \|endorsement_credential\| encrypted with a public key associated with
	// Chrome OS Privacy CA, by CA.
	map<int32, EncryptedData> encrypted_endorsement_credentials = 9;
	}

	// Holds information relevant to a particular AIK.
	message IdentityKey {
	// The key type of stored key.
	optional KeyType identity_key_type = 5 [default = KEY_TYPE_RSA];
	// The DER encoded public key. RSAPublicKey for RSA key. SubjectPublicKeyInfo
	// for ECC key.
	optional bytes identity_public_key_der = 1;
	// The TPM-specific key blob that can be loaded back into the TPM.
	optional bytes identity_key_blob = 2;
	// A credential issued by the attestation server. (Now in
	// IdentityCertificate.)
	optional bytes identity_credential = 3 [deprecated = true];
	// The computed enrollment ID, present only for enrolled devices.
	optional bytes enrollment_id = 4 [deprecated = true];
	}

	// Holds information required to verify the binding of an AIK to an EK. This
	// information should be cleared once the attestation server has certified the
	// AIK. This is not used for TPM 2.0 attestation and if it exists, only the
	// public key fields are meaningful.
	message IdentityBinding {
	// The binding data, as output by the TPM_MakeIdentity operation.
	optional bytes identity_binding = 1;
	// The AIK public key, DER encoded.
	optional bytes identity_public_key_der = 2;
	// The AIK public key, the raw TPM format. (TPM_PUBKEY for TPM 1.2,
	// TPMT_PUBLIC for TPM 2.0).
	optional bytes identity_public_key_tpm_format = 3;
	// The label used during AIK creation.
	optional bytes identity_label = 4;
	// The PCA public key used during AIK creation, in TPM_PUBKEY form.
	optional bytes pca_public_key = 5;
	}

	// Holds owner delegation information.
	message Delegation {
	reserved 4;
	reserved "can_read_internal_pub";
	// The delegate owner blob.
	optional bytes blob = 1;
	// The authorization secret.
	optional bytes secret = 2;
	// Whether this delegate has permissions to call TPM_ResetLockValue.
	optional bool has_reset_lock_permissions = 3;
	}

	// Holds information about a certified key.
	message CertifiedKey {
	// The TPM-wrapped key blob.
	optional bytes key_blob = 1;
	// The public key in ASN.1 DER form.
	optional bytes public_key = 2;
	// The credential of the certified key in X.509 format.
	optional bytes certified_key_credential = 3;
	// The issuer intermediate CA certificate in X.509 format.
	optional bytes intermediate_ca_cert = 4;
	// A key name. This is not necessarily a unique identifier.
	optional bytes key_name = 5;
	// An arbitrary payload associated with the key.
	optional bytes payload = 6;
	// Addtional intermediate CA certificates that helps chaining up to the root
	// CA. See \|AttestationCertificateResponse.additional_intermediate_ca_cert\|
	// for more detail.
	repeated bytes additional_intermediate_ca_cert = 7;
	// The public key in TPM_PUBKEY form (TPMT_PUBLIC for TPM 2.0).
	optional bytes public_key_tpm_format = 8;
	// The serialized TPM_CERTIFY_INFO for the certified key (TPMS_ATTEST for
	// TPM 2.0).
	optional bytes certified_key_info = 9;
	// The signature of the TPM_CERTIFY_INFO or TPMS_ATTEST by the AIK.
	optional bytes certified_key_proof = 10;
	// The original key type specified when the key was created.
	optional KeyType key_type = 11;
	// The original key usage specified when the key was created.
	optional KeyUsage key_usage = 12;
	}

	// Features of an identity (bitwise enumeration).
	enum IdentityFeatures {
	// No identity features.
	NO_IDENTITY_FEATURES = 0;
	// This identity carries an EID.
	IDENTITY_FEATURE_ENTERPRISE_ENROLLMENT_ID = 1;
	}

	// Holds all information that a client stores locally.
	message AttestationDatabase {
	reserved 1, 9, 10, 11, 13;
	optional TPMCredentials credentials = 2;

	// These deprecated fields are now in identities and identity certificates.
	optional IdentityBinding identity_binding = 3 [deprecated = true];
	optional IdentityKey identity_key = 4 [deprecated = true];
	optional Quote pcr0_quote = 5 [deprecated = true];
	optional Quote pcr1_quote = 12 [deprecated = true];

	optional Delegation delegate = 6;
	repeated CertifiedKey device_keys = 7;

	message TemporalIndexRecord {
	optional bytes user_hash = 1;
	optional bytes origin_hash = 2;
	optional int32 temporal_index = 3;
	}
	repeated TemporalIndexRecord temporal_index_record = 8;

	// Holds identity-related values generated by the TPM.
	message Identity {
	optional int32 features = 1;
	optional IdentityBinding identity_binding = 2;
	optional IdentityKey identity_key = 3;
	// PCR quotes. Keys are PCR indices.
	map<int32, Quote> pcr_quotes = 4;
	// NVRAM quoted by AIK. Keys are values of NVRAMQuoteType.
	map<int32, Quote> nvram_quotes = 5;
	}

	// The unique device EID.
	optional bytes enrollment_id = 14;

	// All the known identities. Identity 0 is guaranteed to exist and to have
	// identity features of IDENTITY_FEATURE_ENTERPRISE_ENROLLMENT_ID.
	repeated Identity identities = 15;

	// Holds all identity-related value for a combination of Identity and ACA.
	message IdentityCertificate {
	// The Identity used for this certificate.
	optional int32 identity = 1;
	// The attestation server that this certificate was created with.
	optional int32 aca = 2;
	// A credential issued by the attestation server.
	optional bytes identity_credential = 3;
	}

	// All the identity certificates we know of. Keys 0 and 1 are reserved
	// for backwards compatibility and represent identity 0 enrolled with the
	// default and test ACA respectively.
	map<int32, IdentityCertificate> identity_certificates = 16;
	}