github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/src/tpm2/tpm2.proto (about) 1 // To compile: protoc -I=. --cpp_out=. tpm2.proto 2 3 // Definition of protobufs for tpm2 applications 4 syntax = "proto2"; 5 6 message private_key_blob_message { 7 required string key_type = 1; 8 optional string key_name = 2; 9 optional bytes blob = 3; 10 } 11 12 message rsa_public_key_message { 13 optional string key_name = 1; 14 required int32 bit_modulus_size = 2; 15 required bytes exponent = 3; 16 required bytes modulus = 4; 17 } 18 19 message rsa_private_key_message { 20 required rsa_public_key_message public_key = 1; 21 optional bytes d = 2; 22 optional bytes p = 3; 23 optional bytes q = 4; 24 optional bytes dp = 5; 25 optional bytes dq = 6; 26 } 27 28 message asymmetric_key_message { 29 optional rsa_private_key_message key = 1; 30 } 31 32 message public_key_message { 33 optional string key_type = 1; 34 optional rsa_public_key_message rsa_key = 2; 35 } 36 37 message endorsement_key_message { 38 optional string machine_identifier = 1; 39 optional bytes tpm2b_blob = 2; 40 optional bytes tpm2_name = 3; 41 } 42 43 message signing_instructions_message { 44 optional string issuer = 1; 45 optional int64 duration = 2; 46 optional string purpose = 3; 47 optional string date = 4; 48 optional string time = 5; 49 optional string sign_alg = 6; 50 optional string hash_alg = 7; 51 optional bool isCA = 8; 52 optional bool can_sign = 9; 53 } 54 55 message x509_cert_request_parameters_message { 56 required string common_name = 1; 57 optional string country_name = 2; 58 optional string state_name = 3; 59 optional string locality_name = 4; 60 optional string organization_name = 5; 61 optional string suborganization_name = 6; 62 optional public_key_message key = 7; 63 } 64 65 message x509_cert_issuer_parameters_message { 66 required string common_name = 1; 67 optional string country_name = 2; 68 optional string state_name = 3; 69 optional string locality_name = 4; 70 optional string organization_name = 5; 71 optional string suborganization_name = 6; 72 optional string purpose = 7; 73 optional public_key_message key = 8; 74 } 75 76 message cert_parameters_message { 77 optional x509_cert_request_parameters_message request = 1; 78 optional x509_cert_issuer_parameters_message signer = 2; 79 optional string not_before = 3; 80 optional string not_after = 4; 81 } 82 83 message quote_key_info_message { 84 // public key parameters of "quote-key" 85 optional public_key_message public_key = 1; 86 // Tpm2 name (hash) of the "quote-key" info 87 optional bytes name = 2; 88 // objectAttributes of the "quote key" 89 optional int32 properties = 3; 90 } 91 92 message program_key_parameters { 93 optional string program_name = 1; 94 optional string program_key_type = 2; 95 optional int32 program_bit_modulus_size = 3; 96 optional bytes program_key_exponent = 4; 97 optional bytes program_key_modulus = 5; 98 }; 99 100 message program_cert_request_message { 101 optional string request_id = 1; 102 optional bytes endorsement_cert_blob = 2; 103 optional program_key_parameters program_key = 3; 104 optional string quote_sign_alg = 4; 105 optional string quote_sign_hash_alg = 5; 106 optional bytes quote_signature = 6; 107 optional quote_key_info_message quote_key_info = 7; 108 optional bytes quoted_blob = 8; 109 } 110 111 message program_cert_response_message { 112 optional string request_id = 1; 113 optional string program_name = 2; 114 optional string integrity_alg = 3; 115 // outer HMAC, does not include size in buffer 116 // HMAC key is KDFa derived from seed and "INTEGRITY" 117 // This is a TPM2B_DIGEST and has a size. 118 optional bytes integrityHMAC = 4; 119 // encIdentity, does not include size of encIdentity in buffer. 120 // encIdentity should be an encrypted correctly marshalled 121 // This is an encrypted TPM2B_DIGEST and has a size. 122 // encIdentity is always CFB Aes-128 encrypted 123 // with KDFa derived key derived from the "seed," "STORAGE" and 124 // the name of the quote key. 125 optional bytes encIdentity = 5; 126 // protector-key private-key encrypted seed || "IDENTITY" buffer 127 optional bytes secret = 6; 128 // Signed, der-encoded program cert CTR encrypted with 129 // secret in credential buffer. TODO(jlm): should also 130 // contain an HMAC. 131 optional bytes encrypted_cert = 7; 132 optional bytes encrypted_cert_hmac = 8; 133 } 134 135 message certificate_chain_entry_message { 136 optional string subject_key_name = 1; 137 optional string issuer_key_name = 2; 138 optional string cert_type = 3; 139 optional bytes cert_blob = 4; 140 } 141 142 message certificate_chain_message { 143 repeated certificate_chain_entry_message entry = 1; 144 } 145 146 message quote_certification_information { 147 optional bytes magic = 1; 148 optional bytes type = 2; 149 optional bytes qualifiedsigner = 3; 150 optional bytes extraData = 4; 151 optional bytes clockinfo = 5; 152 optional int64 firmwareversion = 6; 153 optional bytes pcr_selection = 7; 154 optional bytes digest = 8; 155 } 156