github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/attestation.pb.go (about) 1 // Code generated by protoc-gen-go. 2 // source: attestation.proto 3 // DO NOT EDIT! 4 5 /* 6 Package tao is a generated protocol buffer package. 7 8 It is generated from these files: 9 attestation.proto 10 11 It has these top-level messages: 12 Attestation 13 */ 14 package tao 15 16 import proto "github.com/golang/protobuf/proto" 17 import fmt "fmt" 18 import math "math" 19 20 // Reference imports to suppress errors if they are not otherwise used. 21 var _ = proto.Marshal 22 var _ = fmt.Errorf 23 var _ = math.Inf 24 25 // This is a compile-time assertion to ensure that this generated file 26 // is compatible with the proto package it is being compiled against. 27 // A compilation error at this line likely means your copy of the 28 // proto package needs to be updated. 29 const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package 30 31 // An Attestation is a key, a signature, and a statement, and it conveys: 32 // signer says statement 33 // i.e. 34 // signer says (issuer from time until exp says message) 35 // A valid Attestation encodes a public key, and it carries a signature that 36 // anyone can verify to (eventually) conclude: 37 // issuer from time' until exp' says message 38 // Note: Because of time restrictions within attached delegations, restrictions 39 // time' and exp' here do not necessarily exactly match the restrictions time 40 // and exp on the original serialized statement. 41 // If the modified time restriction is met, then we can derive the same 42 // conclusion as we would for the included statement, e.g.: 43 // delegate speaksfor issuer (for a delegation statement) 44 // or: 45 // issuer says Pred(arg_1, ..., arg_n) (for a predicate statement) 46 // That is to say, a valid Attestation that meets its time restriction conveys 47 // exactly the same meaning as conveyed by the included statement. 48 // 49 // There are two categories of valid Attestations: 50 // 51 // (1) In cases where issuer is a subprincipal of (or identical to) signer, no 52 // delegation will be present. In these cases, signer speaksfor issuer, so from 53 // the attestation: 54 // signer says (issuer says ...) 55 // we can derive: 56 // issuer says (issuer says ...) 57 // and further: 58 // issuer says ... 59 // 60 // Example of a category (1) attestation: 61 // Attestation = { 62 // statement = "H_aik.PCRs(...) says (H_os speaksfor H_aik.PCRs(...))" 63 // signer = K_aik 64 // signature = ... 65 // delegation = nil 66 // } 67 // Here, an OS has published a delegation statement establishing that key K_os 68 // speaks for the OS, and this statement was signed by the TPM K_aik on behalf 69 // of the OS. Note that the OS is a subprincipal of the TPM, so the TPM speaks 70 // for the OS. 71 // 72 // (2) In all other cases, a delegation will be present that, if valid, conveys: 73 // issuer0 from time0 until exp0 says (delegate speaksfor issuer0) 74 // where issuer is a subprincipal of (or identical to) issuer0 and delegate is a 75 // subprincipal of (or identical to) signer. Such a valid 76 // delegation can be combined with: 77 // signer says (issuer from time until exp says ...) 78 // to derive: 79 // issuer0 from time0 until exp0 says (issuer from time until exp says ...) 80 // And because issuer0 speaks for issuer, we can further derive: 81 // issuer from time' until exp' says ... 82 // where time' = max(time, time0) and exp = min(exp, exp0). 83 // 84 // Example of a category (2) attestation: 85 // Attestation = { 86 // statement = "H_aik.PCRs(...).Prog(...) says H_app speaksfor H_aik.PCRs(...).Prog(...)" 87 // signer = K_os 88 // signature = ... 89 // delegation = { 90 // statement = H_aik.PCRs(...) says H_os speaksfor H_aik.PCRs(...) 91 // signer = K_aik 92 // signature = ... 93 // delegation = nil 94 // } 95 // } 96 // Here, the OS identified by H_aik.PCRs(...) has signed, using a 97 // seemingly unrelated key K_os, a statement on behalf of one of its hosted 98 // programs, H_aik.PCRs(...).Prog(...). The embedded delegation statement, 99 // signed by K_aik, binds that seemingly unrelated key K_os to the OS's actual 100 // identity, H_aik.PCRs(...). 101 // 102 // Verifying an attestation signature requires knowing how the signature was 103 // produced. We currently define two signature schemes: 104 // 105 // TODO(kwalsh): add tpm2 signature scheme here and in attestation.go 106 // 107 // (a) Some signatures are produced by the TPM, so here we are bound by the 108 // mechanisms implemented by the TPM. In this case, we encode the signer name as 109 // tpm("..H..") where "..H.." is the hashed, serialized public half 110 // of the TPM's RSA key K. The TPM only ever signs things on behalf of its 111 // hosted programs, so the issuer used in the serialized statement will always 112 // have the form: 113 // tpm("..H..").PCRs("..i..", "..h..")... 114 // where "..i.." is a sorted, comma-separated list of PCR numbers, and "..h.." 115 // is the corresponding, comma-separated list of hex-encoded PCR values. The 116 // signature is computed roughly as: 117 // sig = rsa_sign(K, H( H(message) | pcrbuf(i, h) )) 118 // Here, we first hash the statement in a tpm-specific way, then sign the 119 // hash with RSA key K. To obtain the statement hash, first hash the serialized 120 // statement, including issuer, time, expiration and other information. This 121 // intermediate hash is then re-hashed with a tpm-specific encoding of the PCR 122 // numbers ("..i..") and values ("..h..") extracted from issuer. 123 // 124 // Note: The PCR values are effectively hashed twice, once as part of statement, 125 // and separately as part of the pcrbuf datastructure. See optimization note 126 // below. 127 // 128 // (b) Other signatures are produced in software, and here we have flexibility 129 // to use simpler signature schemes. In this case, we encode the signer name as 130 // key("..H..") where "..H.." is the hashed, serialized public half 131 // of a DSA key K. The issuer used in the serialized statement can have any 132 // form. The signature is roughly: 133 // sig = dsa_sign(K, H(context|message)) 134 // Here, we simply hash the serialized statement, along with some context, then 135 // sign it with the private DSA key K. The context used for attestations is 136 // defined in Tao.AttestationSigningContext. 137 // 138 // Together, this results in four possible combinations: 139 // 140 // (1a) No delegation, Tao signature. 141 // Historical note: This is the old "ROOT" attestation type. 142 // Typically exaample: signer is the "domain policy" key. 143 // The signer is always key("..H.."). 144 // (1b) No delegation, TPM signature. 145 // This is produced by tpm_tao. 146 // The signer is always tpm("..H..") and the statement issuer is 147 // always a tpm("..H..").PCRs("..i..", "..h..")... principal. 148 // (2a) Delegation, Tao signature. 149 // Historical note: This is the old "INTERMEDIATE" attestation type. 150 // The signer is always key("..H.."). 151 // The delegation is the head of a chain that eventually terminates in a 152 // type (1a) or (1b) attestation. 153 // (2b) Delegation, TPM signature. 154 // Historical note: This is the old "TPM_1_2_QUOTE" attestation type. 155 // This combination is no longer used. If it were, the signer would be 156 // tpm("..H..") and the statement issuer would be something like 157 // H_policy.TrustedPlatform. The delegation would be the head of a chain 158 // that eventually terminates in a type (1a) or (1b) attestation. The 159 // issuer at the head of the chain would always be a 160 // tpm("..H..").PCRs("..i..", "..h..") principal. 161 type Attestation struct { 162 // A serialized statement. This is serialized to avoid canonicalization issues 163 // when signing and verifying signatures. In Go, this is obtained using 164 // cloudproxy/tao/auth.Marshal(). 165 SerializedStatement []byte `protobuf:"bytes,1,req,name=serialized_statement,json=serializedStatement" json:"serialized_statement,omitempty"` 166 // The signature type, either "tpm", "tpm2", or "key". This must match 167 // the type of the signer key, and it is also used to determine how to verify 168 // signatures. 169 SignerType *string `protobuf:"bytes,2,req,name=signer_type,json=signerType" json:"signer_type,omitempty"` 170 // The signer's public key, i.e. the un-hashed key material used within 171 // cloudproxy/tao/auth.New*Prin(). 172 SignerKey []byte `protobuf:"bytes,3,req,name=signer_key,json=signerKey" json:"signer_key,omitempty"` 173 // Signature over the serialized statement using TPM or Tao signing. 174 Signature []byte `protobuf:"bytes,4,req,name=signature" json:"signature,omitempty"` 175 // A delegation attestation that conveys (eventually) that signer speaks for 176 // the issuer in the serialized statement. If this is empty, then it must be 177 // self evident that signer speaks for the issuer in the serialized statement. 178 // This can be added, removed, or replaced without changing the attestation 179 // signature, but verification may fail if a required delegation is missing. 180 SerializedDelegation []byte `protobuf:"bytes,5,opt,name=serialized_delegation,json=serializedDelegation" json:"serialized_delegation,omitempty"` 181 // An optional set of further attestations that may pertain, in some way, to 182 // the the issuer or signer of this attestation. These can be added or removed 183 // without changing the attestation signature. This allows attestations to be 184 // piggy-backed, e.g. when an authorization guard requires multiple 185 // attestations to check a policy. 186 SerializedEndorsements [][]byte `protobuf:"bytes,6,rep,name=serialized_endorsements,json=serializedEndorsements" json:"serialized_endorsements,omitempty"` 187 // This is the quote structure actually signed by the tpm 2.0. 188 // TODO(kwalsh) remove this -- as for tpm1.2, the quote structure should be 189 // recoverable from the principal names in the serialized statement. 190 Tpm2QuoteStructure []byte `protobuf:"bytes,7,opt,name=tpm2_quote_structure,json=tpm2QuoteStructure" json:"tpm2_quote_structure,omitempty"` 191 // This is a DER encoded X509 certificate certifying the key signing the 192 // attestation. This is included in attestations signed by a root Tao 193 // i.e. a TPM (1.2 or 2.0) Tao or a soft Tao, and forms the root of the 194 // attestation chain. This certificate is signed by the policy key. 195 RootEndorsement []byte `protobuf:"bytes,8,opt,name=root_endorsement,json=rootEndorsement" json:"root_endorsement,omitempty"` 196 XXX_unrecognized []byte `json:"-"` 197 } 198 199 func (m *Attestation) Reset() { *m = Attestation{} } 200 func (m *Attestation) String() string { return proto.CompactTextString(m) } 201 func (*Attestation) ProtoMessage() {} 202 func (*Attestation) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } 203 204 func (m *Attestation) GetSerializedStatement() []byte { 205 if m != nil { 206 return m.SerializedStatement 207 } 208 return nil 209 } 210 211 func (m *Attestation) GetSignerType() string { 212 if m != nil && m.SignerType != nil { 213 return *m.SignerType 214 } 215 return "" 216 } 217 218 func (m *Attestation) GetSignerKey() []byte { 219 if m != nil { 220 return m.SignerKey 221 } 222 return nil 223 } 224 225 func (m *Attestation) GetSignature() []byte { 226 if m != nil { 227 return m.Signature 228 } 229 return nil 230 } 231 232 func (m *Attestation) GetSerializedDelegation() []byte { 233 if m != nil { 234 return m.SerializedDelegation 235 } 236 return nil 237 } 238 239 func (m *Attestation) GetSerializedEndorsements() [][]byte { 240 if m != nil { 241 return m.SerializedEndorsements 242 } 243 return nil 244 } 245 246 func (m *Attestation) GetTpm2QuoteStructure() []byte { 247 if m != nil { 248 return m.Tpm2QuoteStructure 249 } 250 return nil 251 } 252 253 func (m *Attestation) GetRootEndorsement() []byte { 254 if m != nil { 255 return m.RootEndorsement 256 } 257 return nil 258 } 259 260 func init() { 261 proto.RegisterType((*Attestation)(nil), "tao.Attestation") 262 } 263 264 /* 265 func init() { proto.RegisterFile("attestation.proto", fileDescriptor0) } 266 267 var fileDescriptor0 = []byte{ 268 // 246 bytes of a gzipped FileDescriptorProto 269 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x4c, 0x8f, 0x3d, 0x4f, 0xc3, 0x40, 270 0x0c, 0x86, 0xd5, 0x84, 0xaf, 0xba, 0x48, 0x80, 0x29, 0x70, 0x03, 0x88, 0x88, 0x09, 0x16, 0xc4, 271 0xc7, 0xc0, 0x8c, 0x04, 0x13, 0x13, 0x2d, 0x7b, 0x74, 0x22, 0x56, 0x15, 0xd1, 0xc6, 0xe1, 0xce, 272 0x19, 0xc2, 0x3f, 0xe6, 0x5f, 0x70, 0x71, 0x49, 0x73, 0xe3, 0x3d, 0xcf, 0x6b, 0xfb, 0x3d, 0x38, 273 0xb2, 0x22, 0xe4, 0xc5, 0x4a, 0xc9, 0xd5, 0x6d, 0xed, 0x58, 0x18, 0x53, 0xb1, 0x7c, 0xf5, 0x9b, 274 0xc0, 0xe4, 0x79, 0x50, 0x78, 0x0f, 0x53, 0x4f, 0xae, 0xb4, 0xcb, 0xf2, 0x87, 0x8a, 0xbc, 0xa3, 275 0xb4, 0xa2, 0x4a, 0xcc, 0x28, 0x4b, 0xae, 0xf7, 0x67, 0xc7, 0x83, 0x9b, 0xf7, 0x0a, 0x2f, 0x61, 276 0xe2, 0xcb, 0x45, 0x45, 0x2e, 0x97, 0xb6, 0x26, 0x93, 0x84, 0xe4, 0x78, 0x06, 0x6b, 0xf4, 0x11, 277 0x08, 0x5e, 0xc0, 0xff, 0x2b, 0xff, 0xa2, 0xd6, 0xa4, 0xba, 0x69, 0xbc, 0x26, 0x6f, 0xd4, 0xe2, 278 0x39, 0xe8, 0xc3, 0x4a, 0xe3, 0xc8, 0x6c, 0x0d, 0x56, 0x01, 0x3e, 0xc2, 0x49, 0x54, 0xa8, 0xa0, 279 0x25, 0x2d, 0xb4, 0xa9, 0xd9, 0xce, 0x46, 0x21, 0x19, 0xb5, 0x7d, 0xd9, 0x38, 0x7c, 0x82, 0xb3, 280 0x68, 0x88, 0xaa, 0x82, 0x9d, 0xd7, 0xb2, 0xde, 0xec, 0x64, 0x69, 0x18, 0x3b, 0x1d, 0xf4, 0x6b, 281 0x64, 0xf1, 0x0e, 0xa6, 0x52, 0xaf, 0x1e, 0xf2, 0xef, 0x86, 0x85, 0xc2, 0xf7, 0x5d, 0xf3, 0xa9, 282 0xb5, 0x76, 0xf5, 0x18, 0x76, 0xee, 0xbd, 0x53, 0xf3, 0xde, 0xe0, 0x0d, 0x1c, 0x3a, 0x66, 0x89, 283 0x8f, 0x98, 0x3d, 0x4d, 0x1f, 0x74, 0x3c, 0xda, 0xfe, 0x17, 0x00, 0x00, 0xff, 0xff, 0x12, 0x38, 284 0x5b, 0xa8, 0x84, 0x01, 0x00, 0x00, 285 } 286 */