// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. option optimize_for = LITE_RUNTIME; import "common.proto"; package attestation; // Holds TPM credentials that the attestation server will need to see. These // credentials must be cleared once the attestation server has certified the // AIK. message TPMCredentials { optional bytes endorsement_public_key = 1; optional bytes endorsement_credential = 2; optional bytes platform_credential = 3; optional bytes conformance_credential = 4; // The |endorsement_credential| encrypted with a public key associated with // the default Chrome OS Privacy CA. optional EncryptedData default_encrypted_endorsement_credential = 5; optional EncryptedData alternate_encrypted_endorsement_credential = 6; } // Holds information relevant to a particular AIK. message IdentityKey { // The DER encoded public key. optional bytes identity_public_key = 1; // The TPM-specific key blob that can be loaded back into the TPM. optional bytes identity_key_blob = 2; // A credential issued by the attestation server. optional bytes identity_credential = 3; } // Holds information required to verify the binding of an AIK to an EK. This // information should be cleared once the attestation server has certified the // AIK. message IdentityBinding { // The binding data, as output by the TPM_MakeIdentity operation. optional bytes identity_binding = 1; // The AIK public key, DER encoded. optional bytes identity_public_key_der = 2; // The AIK public key, in TPM_PUBKEY form. optional bytes identity_public_key = 3; // The label used during AIK creation. optional bytes identity_label = 4; // The PCA public key used during AIK creation, in TPM_PUBKEY form. optional bytes pca_public_key = 5; } // Holds owner delegation information. message Delegation { // The delegate owner blob. optional bytes blob = 1; // The authorization secret. optional bytes secret = 2; // Whether this delegate has permissions to call TPM_ResetLockValue. optional bool has_reset_lock_permissions = 3; } // Holds information about a certified key. message CertifiedKey { // The TPM-wrapped key blob. optional bytes key_blob = 1; // The public key in ASN.1 DER form. optional bytes public_key = 2; // The credential of the certified key in X.509 format. optional bytes certified_key_credential = 3; // The issuer intermediate CA certificate in X.509 format. optional bytes intermediate_ca_cert = 4; // A key name. This is not necessarily a unique identifier. optional bytes key_name = 5; // An arbitrary payload associated with the key. optional bytes payload = 6; // Addtional intermediate CA certificates that helps chaining up to the root // CA. See |AttestationCertificateResponse.additional_intermediate_ca_cert| // for more detail. repeated bytes additional_intermediate_ca_cert = 7; // The public key in TPM_PUBKEY form. optional bytes public_key_tpm_format = 8; // The serialized TPM_CERTIFY_INFO for the certified key. optional bytes certified_key_info = 9; // The signature of the TPM_CERTIFY_INFO by the AIK. optional bytes certified_key_proof = 10; // The original key type specified when the key was created. optional KeyType key_type = 11; // The original key usage specified when the key was created. optional KeyUsage key_usage = 12; } // Holds all information that a client stores locally. message AttestationDatabase { optional TPMCredentials credentials = 2; optional IdentityBinding identity_binding = 3; optional IdentityKey identity_key = 4; optional Quote pcr0_quote = 5; optional Quote pcr1_quote = 12; optional Delegation delegate = 6; repeated CertifiedKey device_keys = 7; message TemporalIndexRecord { optional bytes user_hash = 1; optional bytes origin_hash = 2; optional int32 temporal_index = 3; } repeated TemporalIndexRecord temporal_index_record = 8; optional IdentityBinding alternate_identity_binding = 9; optional IdentityKey alternate_identity_key = 10; optional Quote alternate_pcr0_quote = 11; optional Quote alternate_pcr1_quote = 13; }