github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/proto/domain.proto (about)

     1  // Copyright (c) 2015, Google, Inc.  All rights reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  syntax = "proto2";
    15  
    16  package tao;
    17  
    18  // TODO(jlm): Comments for arguments.
    19  // Policy key should be compatible with library cipher suite.
    20  message DomainDetails {
    21    // name of domain
    22    optional string name = 1;
    23    optional string policy_keys_path = 2;
    24    optional string guard_type = 3;
    25    // ??
    26    optional string guard_network = 4;
    27    optional string guard_address = 5;
    28    optional int64 guard_ttl = 6;
    29    optional string cipher_suite = 7;
    30  }
    31  
    32  message X509Details {
    33    optional string common_name = 1;
    34    optional string country = 2;
    35    optional string state = 3;
    36    optional string organization = 4;
    37    optional string organizational_unit = 5;
    38    optional int32 serial_number = 6;
    39  }
    40  
    41  message ACLGuardDetails {
    42    optional string signed_acls_path = 1;
    43  }
    44  
    45  message DatalogGuardDetails {
    46    optional string signed_rules_path = 2;
    47  }
    48  
    49  message TPMDetails {
    50    optional string tpm_path = 1;
    51    optional string aik_path = 2;
    52    // A string representing the IDs of PCRs, like "17,18".
    53    optional string pcrs = 3;
    54    // Path for AIK cert.
    55    optional string aik_cert_path = 4;
    56  }
    57  
    58  message TPM2Details {
    59    optional string tpm2_info_dir = 1;
    60    optional string tpm2_device = 2;
    61    optional string tpm2_pcrs = 3;
    62  
    63    optional string tpm2_ek_cert = 4;
    64    optional string tpm2_quote_cert = 5;
    65    optional string tpm2_seal_cert = 6;
    66  }
    67  
    68  message DomainConfig {
    69    optional DomainDetails domain_info = 1;
    70    optional X509Details x509_info = 2;
    71    optional ACLGuardDetails acl_guard_info = 3;
    72    optional DatalogGuardDetails datalog_guard_info = 4;
    73    optional TPMDetails tpm_info = 5;
    74    optional TPM2Details tpm2_info = 6;
    75  }
    76  
    77  message DomainTemplate {
    78    optional DomainConfig config = 1;
    79    repeated string datalog_rules = 2;
    80    repeated string acl_rules = 3;
    81  
    82    // The name of the host (used for policy statements)
    83    optional string host_name = 4;
    84    optional string host_predicate_name = 5;
    85    // Program names (as paths to binaries)
    86    repeated string program_paths = 6;
    87    optional string program_predicate_name = 7;
    88    // Container names (as paths to images)
    89    repeated string container_paths = 8;
    90    optional string container_predicate_name = 9;
    91    // VM names (as paths to images)
    92    repeated string vm_paths = 10;
    93    optional string vm_predicate_name = 11;
    94    // LinuxHost names (as paths to images)
    95    repeated string linux_host_paths = 12;
    96    optional string linux_host_predicate_name = 13;
    97    // The name of the predicate to use for trusted guards.
    98    optional string guard_predicate_name = 14;
    99    // The name of the predicate to use for trusted TPMs.
   100    optional string tpm_predicate_name = 15;
   101    // The name of the predicate to use for trusted OSs.
   102    optional string os_predicate_name = 16;
   103    // The name of the predicate to use for trusted TPM2s.
   104    optional string tpm2_predicate_name = 17;
   105  }