// // Copyright (C) 2015 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // option optimize_for = LITE_RUNTIME; import "common.proto"; package attestation; // This message holds all information to be sent to the attestation server in // order to complete enrollment. message AttestationEnrollmentRequest { // The EK cert, in X.509 form, encrypted using the server's public key with // the following parameters: // Key encryption: RSA-OAEP with no custom parameters. // Data encryption: 256-bit key, AES-CBC with PKCS5 padding. // MAC: HMAC-SHA-512 using the AES key. optional EncryptedData encrypted_endorsement_credential = 1; // The AIK public key, in TPM_PUBKEY form. optional bytes identity_public_key = 2; // PCR0 quoted by AIK. optional Quote pcr0_quote = 3; // PCR1 quoted by AIK. optional Quote pcr1_quote = 4; } enum ResponseStatus { OK = 0; // Internal server error. SERVER_ERROR = 1; // The server cannot parse the request. BAD_REQUEST = 2; // The server rejects the request. REJECT = 3; // Only appears in enrollment response. The server returns the same generated // id and reports the quota limit exceeded status when the number of reset // action in a specified time window is more than self reset limitation. QUOTA_LIMIT_EXCEEDED = 4; } // The response from the attestation server for the enrollment request. message AttestationEnrollmentResponse { optional ResponseStatus status = 1; // Detail response message. Included when the result is not OK. optional string detail = 2; optional EncryptedIdentityCredential encrypted_identity_credential = 3; } // The certificate request to be sent to the attestation server. message AttestationCertificateRequest { // The AIK cert in X.509 format. optional bytes identity_credential = 1; // A certified public key in TPM_PUBKEY. optional bytes certified_public_key = 3; // The serialized TPM_CERTIFY_INFO for the certified key. optional bytes certified_key_info = 4; // The signature of the TPM_CERTIFY_INFO by the AIK. optional bytes certified_key_proof = 5; // A message identifier to be included in the response. optional bytes message_id = 10; // The certificate profile defines the type of certificate to issue. optional CertificateProfile profile = 11; // Information about the origin of the request which may be used depending on // the certificate profile. optional string origin = 12; // The index of a temporal value. This may be used or ignored depending on // the certificate profile. optional int32 temporal_index = 13; } // The response from the attestation server for the certificate request. message AttestationCertificateResponse { optional ResponseStatus status = 1; // Detail response message. Included when the result is not OK. optional string detail = 2; // The credential of the certified key in X.509 format. optional bytes certified_key_credential = 3; // The issuer intermediate CA certificate in X.509 format. optional bytes intermediate_ca_cert = 5; // A message identifier from the request this message is responding to. optional bytes message_id = 6; // Additional intermediate CA certificates that can help in validation. // Certificate chaining order is from the leaf to the root. That is, // |certified_key_credential| is signed by // |intermediate_ca_cert|, which is signed by // |additional_intermediate_ca_cert(0)|, which is signed by // |additional_intermediate_ca_cert(1)|, ... and so on. repeated bytes additional_intermediate_ca_cert = 7; } // The reset request to be sent to the attestation server. message AttestationResetRequest { // The AIK cert, in X.509 form, encrypted using the server's public key with // the following parameters: // Key encryption: RSA-OAEP with no custom parameters. // Data encryption: 256-bit key, AES-CBC with PKCS5 padding. // MAC: HMAC-SHA-512 using the AES key. optional EncryptedData encrypted_identity_credential = 1; // The one time token to make sure the reset process can be triggered only once. optional bytes token = 2; // The EK cert, in X.509 form, encrypted using the server's public key with // the following parameters: // Key encryption: RSA-OAEP with no custom parameters. // Data encryption: 256-bit key, AES-CBC with PKCS5 padding. // MAC: HMAC-SHA-512 using the AES key. optional EncryptedData encrypted_endorsement_credential = 3; } // The response from the attestation server for the reset request. message AttestationResetResponse { // The response status. optional ResponseStatus status = 1; // Detail response message. Included when the result is not OK. optional string detail = 2; } // The challenge data (as in challenge-response) generated by the server. // Before transmitted to the client, this message will be wrapped as a // SignedData message, in which the data field is the serialized Challenge // message, and the signature field is the signature of the data field signed // by the enterprise server using a hard-coded key. The signature algorithm is // RSASSA-PKCS1-v1_5-SHA256. message Challenge { // A string for the client to sanity check a legitimate challenge. optional string prefix = 1; // A 256-bit random value generated by the server. optional bytes nonce = 2; // A timestamp for a stateless server to limit the timeframe during which the // challenge may be replayed. optional int64 timestamp = 3; } // The response data (as in challenge-response) generated by the client. // Before transmitted to the server, this message will be wrapped as a // SignedData message, in which the data field is the serialized // ChallengeResponse message, and the signature field is the signature of the // data field signed by the client using the key being challenged. The // signature algorithm is RSASSA-PKCS1-v1_5-SHA256. message ChallengeResponse { // The original challenge data. optional SignedData challenge = 1; // A 256-bit random value generated by the client. Mixing in this nonce // prevents a caller from using a challenge to sign arbitrary data. optional bytes nonce = 2; // The KeyInfo message encrypted using a public encryption key, pushed via // policy with the following parameters: // Key encryption: RSA-OAEP with no custom parameters. // Data encryption: 256-bit key, AES-CBC with PKCS5 padding. // MAC: HMAC-SHA-512 using the AES key. optional EncryptedData encrypted_key_info = 3; } // The data type of the message decrypted from // ChallengeResponse.encrypted_key_info.encrypted_data field. This message holds // information required by enterprise server to complete the verification. message KeyInfo { // Indicates whether the key is an EMK or EUK. optional KeyProfile key_type = 1; // Domain information about the device or user associated with the key. For an // EMK, this value is the enrolled domain. For an EUK, this value is the // user's email address. optional string domain = 2; // The virtual device ID associated with the device or user. optional bytes device_id = 3; // If the key is an EUK, this value is the PCA-issued certificate for the key. optional bytes certificate = 4; // If the key is an EUK, this value may hold a SignedPublicKeyAndChallenge // with a random challenge. The SignedPublicKeyAndChallenge specification is // here: https://developer.mozilla.org/en-US/docs/HTML/Element/keygen. optional bytes signed_public_key_and_challenge = 5; } enum KeyProfile { // Enterprise machine key. EMK = 0; // Enterprise user key. EUK = 1; }