github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/proto/domain.proto (about) 1 // Copyright (c) 2015, Google, Inc. All rights reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 syntax = "proto2"; 15 16 package tao; 17 18 // TODO(jlm): Comments for arguments. 19 // Policy key should be compatible with library cipher suite. 20 message DomainDetails { 21 // name of domain 22 optional string name = 1; 23 optional string policy_keys_path = 2; 24 optional string guard_type = 3; 25 // ?? 26 optional string guard_network = 4; 27 optional string guard_address = 5; 28 optional int64 guard_ttl = 6; 29 optional string cipher_suite = 7; 30 } 31 32 message X509Details { 33 optional string common_name = 1; 34 optional string country = 2; 35 optional string state = 3; 36 optional string organization = 4; 37 optional string organizational_unit = 5; 38 optional int32 serial_number = 6; 39 } 40 41 message ACLGuardDetails { 42 optional string signed_acls_path = 1; 43 } 44 45 message DatalogGuardDetails { 46 optional string signed_rules_path = 2; 47 } 48 49 message TPMDetails { 50 optional string tpm_path = 1; 51 optional string aik_path = 2; 52 // A string representing the IDs of PCRs, like "17,18". 53 optional string pcrs = 3; 54 // Path for AIK cert. 55 optional string aik_cert_path = 4; 56 } 57 58 message TPM2Details { 59 optional string tpm2_info_dir = 1; 60 optional string tpm2_device = 2; 61 optional string tpm2_pcrs = 3; 62 63 optional string tpm2_ek_cert = 4; 64 optional string tpm2_quote_cert = 5; 65 optional string tpm2_seal_cert = 6; 66 } 67 68 message DomainConfig { 69 optional DomainDetails domain_info = 1; 70 optional X509Details x509_info = 2; 71 optional ACLGuardDetails acl_guard_info = 3; 72 optional DatalogGuardDetails datalog_guard_info = 4; 73 optional TPMDetails tpm_info = 5; 74 optional TPM2Details tpm2_info = 6; 75 } 76 77 message DomainTemplate { 78 optional DomainConfig config = 1; 79 repeated string datalog_rules = 2; 80 repeated string acl_rules = 3; 81 82 // The name of the host (used for policy statements) 83 optional string host_name = 4; 84 optional string host_predicate_name = 5; 85 // Program names (as paths to binaries) 86 repeated string program_paths = 6; 87 optional string program_predicate_name = 7; 88 // Container names (as paths to images) 89 repeated string container_paths = 8; 90 optional string container_predicate_name = 9; 91 // VM names (as paths to images) 92 repeated string vm_paths = 10; 93 optional string vm_predicate_name = 11; 94 // LinuxHost names (as paths to images) 95 repeated string linux_host_paths = 12; 96 optional string linux_host_predicate_name = 13; 97 // The name of the predicate to use for trusted guards. 98 optional string guard_predicate_name = 14; 99 // The name of the predicate to use for trusted TPMs. 100 optional string tpm_predicate_name = 15; 101 // The name of the predicate to use for trusted OSs. 102 optional string os_predicate_name = 16; 103 // The name of the predicate to use for trusted TPM2s. 104 optional string tpm2_predicate_name = 17; 105 }