1// Copyright 2015 The Chromium OS Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5syntax = "proto2"; 6 7option optimize_for = LITE_RUNTIME; 8 9import "attestation_ca.proto"; 10import "keystore.proto"; 11 12package attestation; 13option go_package = "attestation_proto"; 14 15enum AttestationStatus { 16 STATUS_SUCCESS = 0; 17 STATUS_UNEXPECTED_DEVICE_ERROR = 1; 18 STATUS_NOT_AVAILABLE = 2; 19 STATUS_NOT_READY = 3; 20 STATUS_NOT_ALLOWED = 4; 21 STATUS_INVALID_PARAMETER = 5; 22 STATUS_REQUEST_DENIED_BY_CA = 6; 23 STATUS_CA_NOT_AVAILABLE = 7; 24 STATUS_NOT_SUPPORTED = 8; 25 // The error that is translated into by the client to indicate any kind of 26 // D-Bus error. 27 STATUS_DBUS_ERROR = 9; 28} 29 30enum ACAType { 31 DEFAULT_ACA = 0; 32 TEST_ACA = 1; 33} 34 35enum VAType { 36 DEFAULT_VA = 0; 37 TEST_VA = 1; 38} 39 40message GetKeyInfoRequest { 41 optional string key_label = 1; 42 optional string username = 2; 43} 44 45message GetKeyInfoReply { 46 optional AttestationStatus status = 1; 47 optional KeyType key_type = 2; 48 optional KeyUsage key_usage = 3; 49 // The public key (X.509/DER SubjectPublicKeyInfo). 50 optional bytes public_key = 4; 51 // The serialized TPM_CERTIFY_INFO or TPM2B_ATTEST for the new key. 52 optional bytes certify_info = 5; 53 // The signature of certify_info by the Attestation Key. 54 optional bytes certify_info_signature = 6; 55 // The certificate data associated with the key (if any). 56 optional bytes certificate = 7; 57 // The payload associated with the key. 58 optional bytes payload = 8; 59} 60 61message GetEndorsementInfoRequest { 62 reserved 1; 63} 64 65message GetEndorsementInfoReply { 66 optional AttestationStatus status = 1; 67 // The endorsement public key (X.509/DER SubjectPublicKeyInfo). 68 optional bytes ek_public_key = 2; 69 // The endorsement certificate (X.509/DER). 70 optional bytes ek_certificate = 3; 71 // Human-readable string with EK information. Contains EK certificate in PEM 72 // format and SHA256 hash of the raw DER encoded certificate. 73 optional string ek_info = 4; 74} 75 76message GetAttestationKeyInfoRequest { 77 reserved 1; 78 // What kind of ACA to use. 79 optional ACAType aca_type = 2; 80} 81 82message GetAttestationKeyInfoReply { 83 optional AttestationStatus status = 1; 84 // The attestation public key (X.509/DER SubjectPublicKeyInfo). 85 optional bytes public_key = 2; 86 // The attestation public key in TPM_PUBKEY form. 87 optional bytes public_key_tpm_format = 3; 88 // The attestation key certificate. 89 optional bytes certificate = 4; 90 // A quote of PCR0 at the time of attestation key creation. 91 optional Quote pcr0_quote = 5; 92 // A quote of PCR1 at the time of attestation key creation. 93 optional Quote pcr1_quote = 6; 94} 95 96message ActivateAttestationKeyRequest { 97 reserved 1; 98 optional EncryptedIdentityCredential encrypted_certificate = 2; 99 // Whether, on success, the decrypted certificate should be retained in 100 // association with the attestation key. When using an ACA, this is normally 101 // set to true. Other protocols may use a nonce as the 'certificate' and in 102 // these cases this field is normally set to false. 103 optional bool save_certificate = 3; 104 // What kind of ACA to use. 105 optional ACAType aca_type = 4; 106} 107 108message ActivateAttestationKeyReply { 109 optional AttestationStatus status = 1; 110 // The decrypted attestation key certificate. 111 optional bytes certificate = 2; 112} 113 114message CreateCertifiableKeyRequest { 115 // An arbitrary label which can be used to reference the key later. 116 optional string key_label = 1; 117 // Provided if the new key should be accessible only by a 118 // particular user. If this field is not set or is the empty 119 // string, the key will be accessible system-wide. 120 optional string username = 2; 121 optional KeyType key_type = 3; 122 optional KeyUsage key_usage = 4; 123} 124 125message CreateCertifiableKeyReply { 126 optional AttestationStatus status = 1; 127 // The new public key (X.509/DER SubjectPublicKeyInfo). 128 optional bytes public_key = 2; 129 // The serialized TPM_CERTIFY_INFO or TPM2B_ATTEST for the new key. 130 optional bytes certify_info = 3; 131 // The signature of certify_info by the Attestation Key. 132 optional bytes certify_info_signature = 4; 133} 134 135message DecryptRequest { 136 optional string key_label = 1; 137 optional string username = 2; 138 optional bytes encrypted_data = 3; 139} 140 141message DecryptReply { 142 optional AttestationStatus status = 1; 143 optional bytes decrypted_data = 2; 144} 145 146message SignRequest { 147 optional string key_label = 1; 148 optional string username = 2; 149 optional bytes data_to_sign = 3; 150} 151 152message SignReply { 153 optional AttestationStatus status = 1; 154 optional bytes signature = 2; 155} 156 157message RegisterKeyWithChapsTokenRequest { 158 optional string key_label = 1; 159 optional string username = 2; 160 optional bool include_certificates = 3; 161} 162 163message RegisterKeyWithChapsTokenReply { 164 optional AttestationStatus status = 1; 165} 166 167// Message to check whether attestation is prepared for enrollment or not. 168message GetEnrollmentPreparationsRequest { 169 optional ACAType aca_type = 1; 170} 171 172// Reply to a check of whether attestation is prepared for enrollment or not. 173message GetEnrollmentPreparationsReply { 174 optional AttestationStatus status = 1; 175 map<int32, bool> enrollment_preparations = 2; 176} 177 178message GetStatusRequest { 179 // Get extended status (see GetStatusReply below). 180 optional bool extended_status = 1; 181} 182 183message GetStatusReply { 184 message Identity { 185 // The identity features. 186 optional int32 features = 1; 187 } 188 189 message IdentityCertificate { 190 // The identity that is enrolled. 191 optional int32 identity = 1; 192 // The Privacy CA that the identity is enrolled with. 193 optional int32 aca = 2; 194 } 195 196 optional AttestationStatus status = 1; 197 // Is prepared for enrollment? True if prepared for *any* CA. 198 optional bool prepared_for_enrollment = 2; 199 // Is enrolled (AIK certificate created)? True if enrolled with *any* CA. 200 optional bool enrolled = 3; 201 // Is in verified boot mode (according to PCR0 quote)? 202 // [Only included in reply if extended_status is set] 203 optional bool verified_boot = 4; 204 // List of identities and their identity features. 205 repeated Identity identities = 5; 206 // List of identity certificates. 207 map<int32, IdentityCertificate> identity_certificates = 6; 208 // Map of CA types to whether we are prepared for enrollment with that CA. 209 map<int32, bool> enrollment_preparations = 7; 210} 211 212// Verify attestation data. 213message VerifyRequest { 214 // Use CrosCore CA to verify that the EK is endorsed. 215 optional bool cros_core = 1; 216 // Verify EK only. 217 // Otherwise, in addition to EK, verify all attestation data as a CA would. 218 optional bool ek_only = 2; 219} 220 221message VerifyReply { 222 optional AttestationStatus status = 1; 223 optional bool verified = 2; 224} 225 226// Create an enrollment request to be sent to the Privacy CA. This request 227// is a serialized AttestationEnrollmentRequest protobuf. Attestation 228// enrollment is a process by which the Privacy CA verifies the EK certificate 229// of a device and issues a certificate for an AIK. The enrollment process can 230// be finished by sending FinishEnrollRequest with the response from the CA. 231message CreateEnrollRequestRequest { 232 // What kind of ACA to use. 233 optional ACAType aca_type = 1; 234} 235 236message CreateEnrollRequestReply { 237 optional AttestationStatus status = 1; 238 // AttestationEnrollmentRequest to be sent to CA server. 239 optional bytes pca_request = 2; 240} 241 242// Finish the enrollment process. 243message FinishEnrollRequest { 244 // AttestationEnrollmentResponse received from CA server. 245 optional bytes pca_response = 1; 246 // What kind of ACA to use. 247 optional ACAType aca_type = 2; 248} 249 250message FinishEnrollReply { 251 optional AttestationStatus status = 1; 252} 253 254// Goes through the entire enrollment process, including creating enroll 255// request, sending the request to the corresponding PCA server, and storing the 256// response from PCA server if success. The message field is identical to 257// |CreateEnrollRequestRequest|. 258message EnrollRequest { 259 // What kind of ACA to use. 260 optional ACAType aca_type = 1; 261 // No matter is the device is enrolled, (re-)enroll the device. 262 optional bool forced = 2; 263} 264 265message EnrollReply { 266 optional AttestationStatus status = 1; 267} 268 269// Create an attestation certificate request to be sent to the Privacy CA. 270// The request is a serialized AttestationCertificateRequest protobuf. The 271// certificate request process generates and certifies a key in the TPM and 272// sends the AIK certificate along with information about the certified key to 273// the Privacy CA. The PCA verifies the information and issues a certificate 274// for the certified key. The certificate request process can be finished by 275// sending FinishCertificateRequestRequest with the response from the CA. 276message CreateCertificateRequestRequest { 277 // Type of certificate to be requested. 278 optional CertificateProfile certificate_profile = 1; 279 // The canonical username of the active user profile. Leave blank 280 // if not associated with the current user. 281 optional string username = 2; 282 // Some certificate requests require information about the origin 283 // of the request. If no origin is needed, this can be empty. 284 optional string request_origin = 3; 285 // What kind of ACA to use. 286 optional ACAType aca_type = 4; 287 // The key algorithm of certified key. 288 optional KeyType key_type = 5; 289} 290 291message CreateCertificateRequestReply { 292 optional AttestationStatus status = 1; 293 // The request to be sent to the Privacy CA. 294 optional bytes pca_request = 2; 295} 296 297// Finish the certificate request process. The |pca_response| from the PCA 298// is a serialized AttestationCertificateResponse protobuf. This final step 299// verifies the PCA operation succeeded and extracts the certificate for the 300// certified key. The certificate is stored with the key. 301message FinishCertificateRequestRequest { 302 // The Privacy CA's response to a certificate request. 303 optional bytes pca_response = 1; 304 // A name for the key. If a key already exists with this name it 305 // will be destroyed and replaced with this one. 306 optional string key_label = 2; 307 // This should match |username| in CreateCertificateRequestRequest. 308 optional string username = 3; 309} 310 311message FinishCertificateRequestReply { 312 optional AttestationStatus status = 1; 313 // The PCA issued certificate chain in PEM format. By 314 // convention the certified key certificate is listed 315 // first followed by intermediate CA certificate(s). 316 // The PCA root certificate is not included. 317 optional bytes certificate = 2; 318 // The public key (X.509/DER SubjectPublicKeyInfo). 319 optional bytes public_key = 3; 320} 321 322// Goes through the entire cert process, including creating cert, sending the 323// request to the corresponding PCA server, and storing the response from PCA 324// server if success. The message fields are basically the union of 325// |CreateCertificateRequestRequest| and |FinishCertificateRequestRequest|. 326message GetCertificateRequest { 327 // Type of certificate to be requested. 328 optional CertificateProfile certificate_profile = 1; 329 // The canonical username of the active user profile. Leave blank 330 // if not associated with the current user. 331 optional string username = 2; 332 // Some certificate requests require information about the origin 333 // of the request. If no origin is needed, this can be empty. 334 optional string request_origin = 3; 335 // What kind of ACA to use. 336 optional ACAType aca_type = 4; 337 // The key algorithm of certified key. 338 optional KeyType key_type = 5; 339 // A name for the key. If a key already exists with this name it 340 // will be destroyed and replaced with this one. 341 optional string key_label = 6; 342 // Ignores the current certificate if any and gets the new certificate. 343 optional bool forced = 7; 344 // If set to |true|, this request also triggers enrollment process if the 345 // device is not enrolled yet. 346 optional bool shall_trigger_enrollment = 8; 347} 348 349message GetCertificateReply { 350 optional AttestationStatus status = 1; 351 // The PCA issued certificate chain in PEM format. By 352 // convention the certified key certificate is listed 353 // first followed by intermediate CA certificate(s). 354 // The PCA root certificate is not included. 355 optional bytes certificate = 2; 356 // The public key (X.509/DER SubjectPublicKeyInfo). 357 optional bytes public_key = 3; 358} 359 360// Sign a challenge for an enterprise device / user. This challenge is 361// typically generated by and the response verified by the Enterprise Device 362// Verification Server (DVServer). 363message SignEnterpriseChallengeRequest { 364 // The key name. This is the same name previously passed to 365 // FinishCertficateRequestRequest. 366 optional string key_label = 1; 367 // The canonical username of the active user profile. Leave blank 368 // if not associated with the current user. 369 optional string username = 2; 370 // A domain value to be included in the challenge response. 371 optional string domain = 3; 372 // A device identifier to be included in the challenge response. 373 optional bytes device_id = 4; 374 // Whether the challenge response should include 375 // a SignedPublicKeyAndChallenge. 376 optional bool include_signed_public_key = 5; 377 // The challenge to be signed. 378 optional bytes challenge = 6; 379 // The VA server that will handle the challenge. 380 optional VAType va_type = 7; 381 // The name of the key used for SignedPublicKeyAndChallenge. If left empty, 382 // the same key used to sign the challenge response (EMK or EUK) will be used 383 // for SignedPublicKeyAndChallenge. 384 optional string key_name_for_spkac = 8; 385} 386 387message SignEnterpriseChallengeReply { 388 optional AttestationStatus status = 1; 389 // The challenge response. 390 optional bytes challenge_response = 2; 391} 392 393// Sign a challenge outside of an enterprise context: generate a random nonce 394// and append it to challenge, then sign and return the signature in the 395// |challenge_response|. 396// This challenge is typically generated by some module running within Chrome. 397message SignSimpleChallengeRequest { 398 // The key name. This is the same name previously passed to 399 // FinishCertficateRequestRequest. 400 optional string key_label = 1; 401 // The canonical username of the active user profile. Leave blank 402 // if not associated with the current user. 403 optional string username = 2; 404 // The challenge to be signed. 405 optional bytes challenge = 3; 406} 407 408message SignSimpleChallengeReply { 409 optional AttestationStatus status = 1; 410 // The challenge response. 411 optional bytes challenge_response = 2; 412} 413 414// Set a payload for a key; any previous payload will be overwritten. 415message SetKeyPayloadRequest { 416 // The key name. This is the same name previously passed to 417 // FinishCertficateRequestRequest. 418 optional string key_label = 1; 419 // The canonical username of the active user profile. Leave blank 420 // if not associated with the current user. 421 optional string username = 2; 422 optional bytes payload = 3; 423} 424 425message SetKeyPayloadReply { 426 optional AttestationStatus status = 1; 427} 428 429// Delete keys either by key label prefix or by exact key label. 430message DeleteKeysRequest { 431 enum MatchBehavior { 432 // Match type not specified. Behavior defaults to |MATCH_TYPE_PREFIX|. 433 MATCH_BEHAVIOR_UNSPECIFIED = 0; 434 435 // Will delete all keys that start with |key_label_match|. 436 // If no such key exists, the operation still succeeds. 437 MATCH_BEHAVIOR_PREFIX = 1; 438 439 // Will delete the key which has a key_label exactly matching 440 // |key_label_match|. 441 // If no such key exists, the operation still succeeds. 442 MATCH_BEHAVIOR_EXACT = 2; 443 } 444 // The key label prefix or the exact key label (depends on |match_behavior|). 445 optional string key_label_match = 1; 446 // The canonical username of the active user profile. Leave blank 447 // if not associated with the current user. 448 optional string username = 2; 449 // The matching behavior - see comments on the enum values. If omitted, 450 // defaults to MATCH_BEHAVIOR_PREFIX for backwards compatibility. 451 optional MatchBehavior match_behavior = 3; 452} 453 454message DeleteKeysReply { 455 optional AttestationStatus status = 1; 456} 457 458// Create a request to be sent to the PCA which will reset the identity for 459// this device on future AIK enrollments. The |reset_token| is put in the 460// request protobuf verbatim. 461message ResetIdentityRequest { 462 optional string reset_token = 1; 463} 464 465message ResetIdentityReply { 466 optional AttestationStatus status = 1; 467 // Request to be sent to the CA. 468 optional bytes reset_request = 2; 469} 470 471message GetEnrollmentIdRequest { 472 optional bool ignore_cache = 1; 473} 474 475message GetEnrollmentIdReply { 476 optional AttestationStatus status = 1; 477 optional string enrollment_id = 2; 478} 479 480// Gets a copy of the specific NV data, signed using the key with the specified 481// label, eg "attest-ent-machine". 482message GetCertifiedNvIndexRequest { 483 optional int32 nv_index = 1; 484 optional int32 nv_size = 2; 485 optional string key_label = 3; 486} 487 488message GetCertifiedNvIndexReply { 489 optional AttestationStatus status = 1; 490 optional bytes certified_data = 2; 491 optional bytes signature = 3; 492 optional bytes key_certificate = 4; 493} 494