github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tpm2/tpm2.proto (about) 1 // To compile: protoc -I=. --go_out=. tpm2.proto 2 3 // Definition of protobufs for tpm2 applications 4 syntax = "proto2"; 5 6 package tpm2; 7 8 // TODO(jlm): More comments to describe fields needed. 9 10 message private_key_blob_message { 11 required string key_type = 1; 12 optional string key_name = 2; 13 optional bytes blob = 3; 14 } 15 16 message rsa_public_key_message { 17 optional string key_name = 1; 18 required int32 bit_modulus_size = 2; 19 required bytes exponent = 3; 20 required bytes modulus = 4; 21 } 22 23 message rsa_private_key_message { 24 required rsa_public_key_message public_key = 1; 25 optional bytes d = 2; 26 optional bytes p = 3; 27 optional bytes q = 4; 28 optional bytes dp = 5; 29 optional bytes dq = 6; 30 } 31 32 message asymmetric_key_message { 33 optional rsa_private_key_message key = 1; 34 } 35 36 message public_key_message { 37 optional string key_type = 1; 38 optional rsa_public_key_message rsa_key = 2; 39 } 40 41 message endorsement_key_message { 42 optional string machine_identifier = 1; 43 optional bytes tpm2b_blob = 2; 44 optional bytes tpm2_name = 3; 45 } 46 47 message signing_instructions_message { 48 optional string issuer = 1; 49 optional int64 duration = 2; 50 optional string purpose = 3; 51 optional string date = 4; 52 optional string time = 5; 53 optional string sign_alg = 6; 54 optional string hash_alg = 7; 55 optional bool isCA = 8; 56 optional bool can_sign = 9; 57 } 58 59 message x509_cert_request_parameters_message { 60 required string common_name = 1; 61 optional string country_name = 2; 62 optional string state_name = 3; 63 optional string locality_name = 4; 64 optional string organization_name = 5; 65 optional string suborganization_name = 6; 66 optional public_key_message key = 7; 67 } 68 69 message x509_cert_issuer_parameters_message { 70 required string common_name = 1; 71 optional string country_name = 2; 72 optional string state_name = 3; 73 optional string locality_name = 4; 74 optional string organization_name = 5; 75 optional string suborganization_name = 6; 76 optional string purpose = 7; 77 optional public_key_message key = 8; 78 } 79 80 message cert_parameters_message { 81 optional x509_cert_request_parameters_message request = 1; 82 optional x509_cert_issuer_parameters_message signer = 2; 83 optional string not_before = 3; 84 optional string not_after = 4; 85 } 86 87 message quote_key_info_message { 88 // public key parameters of "quote-key" 89 optional public_key_message public_key = 1; 90 // Tpm2 name (hash) of the "quote-key" info 91 optional bytes name = 2; 92 // objectAttributes of the "quote key" 93 optional int32 properties = 3; 94 } 95 96 // TODO(jlm): note this is just RSA parameters. NOT USED. 97 message program_key_parameters { 98 optional string program_name = 1; 99 optional string program_key_type = 2; 100 optional int32 program_bit_modulus_size = 3; 101 optional bytes program_key_exponent = 4; 102 optional bytes program_key_modulus = 5; 103 }; 104 105 message program_cert_request_message { 106 optional string request_id = 1; 107 optional bytes endorsement_cert_blob = 2; 108 optional program_key_parameters program_key = 3; 109 optional string quote_sign_alg = 4; 110 optional string quote_sign_hash_alg = 5; 111 optional bytes quote_signature = 6; 112 optional quote_key_info_message quote_key_info = 7; 113 optional bytes quoted_blob = 8; 114 } 115 116 message program_cert_response_message { 117 optional string request_id = 1; 118 optional string program_name = 2; 119 optional string integrity_alg = 3; 120 // outer HMAC, does not include size in buffer 121 // HMAC key is KDFa derived from seed and "INTEGRITY" 122 // This is a TPM2B_DIGEST and has a size. 123 optional bytes integrityHMAC = 4; 124 // encIdentity, does not include size of encIdentity in buffer. 125 // encIdentity should be an encrypted correctly marshalled 126 // This is an encrypted TPM2B_DIGEST and has a size. 127 // encIdentity is always CFB Aes-128 encrypted 128 // with KDFa derived key derived from the "seed," "STORAGE" and 129 // the name of the quote key. 130 optional bytes encIdentity = 5; 131 // protector-key private-key encrypted seed || "IDENTITY" buffer 132 optional bytes secret = 6; 133 // Signed, der-encoded program cert CTR encrypted with 134 // secret in credential buffer. TODO(jlm): should also 135 // contain an HMAC. 136 optional bytes encrypted_cert = 7; 137 optional bytes encrypted_cert_hmac = 8; 138 } 139 140 message certificate_chain_entry_message { 141 optional string subject_key_name = 1; 142 optional string issuer_key_name = 2; 143 optional string cert_type = 3; 144 optional bytes cert_blob = 4; 145 } 146 147 message certificate_chain_message { 148 repeated certificate_chain_entry_message entry = 1; 149 } 150 151 message quote_certification_information { 152 optional bytes magic = 1; 153 optional bytes type = 2; 154 optional bytes qualifiedsigner = 3; 155 optional bytes extraData = 4; 156 optional bytes clockinfo = 5; 157 optional int64 firmwareversion = 6; 158 optional bytes pcr_selection = 7; 159 optional bytes digest = 8; 160 } 161 162 // This is used to request a signed cert from the domain service for a tpm2 quote key. 163 message AttestCertRequest { 164 optional bytes attest_blob= 1; 165 optional bytes sig_blob= 2; 166 // "rsa" 167 optional string key_type = 3; 168 // Tao name of the host. 169 optional string key_name = 4; 170 optional string hash_type = 5; 171 optional bytes tpm2_key_name = 6; 172 // MarshalPKIX... of quote key 173 optional bytes subject_public_key = 7; 174 optional bytes der_endorsement_cert = 8; 175 optional bytes cert_chain = 9; 176 } 177 178 // This is the response from the domain service with the encrypted attest cert. 179 message AttestCertResponse { 180 required int32 error = 1; 181 // "hmacsha1" Is this used now? 182 optional string integrity_alg = 2; 183 optional bytes integrity_hmac= 3; 184 optional bytes enc_identity = 4; 185 optional bytes encrypted_secret = 5; 186 optional bytes encrypted_cert = 6; 187 optional bytes encrypted_cert_hmac = 7; 188 repeated bytes cert_chain = 8; 189 } 190 191