1// Copyright 2015 The Chromium OS Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5syntax = "proto2"; 6 7option optimize_for = LITE_RUNTIME; 8 9import "attestation_ca.proto"; 10import "keystore.proto"; 11 12package attestation; 13 14enum AttestationStatus { 15 STATUS_SUCCESS = 0; 16 STATUS_UNEXPECTED_DEVICE_ERROR = 1; 17 STATUS_NOT_AVAILABLE = 2; 18 STATUS_NOT_READY = 3; 19 STATUS_NOT_ALLOWED = 4; 20 STATUS_INVALID_PARAMETER = 5; 21 STATUS_REQUEST_DENIED_BY_CA = 6; 22 STATUS_CA_NOT_AVAILABLE = 7; 23 STATUS_NOT_SUPPORTED = 8; 24} 25 26enum ACAType { 27 DEFAULT_ACA = 0; 28 TEST_ACA = 1; 29} 30 31enum VAType { 32 DEFAULT_VA = 0; 33 TEST_VA = 1; 34} 35 36message GetKeyInfoRequest { 37 optional string key_label = 1; 38 optional string username = 2; 39} 40 41message GetKeyInfoReply { 42 optional AttestationStatus status = 1; 43 optional KeyType key_type = 2; 44 optional KeyUsage key_usage = 3; 45 // The public key (X.509/DER SubjectPublicKeyInfo). 46 optional bytes public_key = 4; 47 // The serialized TPM_CERTIFY_INFO or TPM2B_ATTEST for the new key. 48 optional bytes certify_info = 5; 49 // The signature of certify_info by the Attestation Key. 50 optional bytes certify_info_signature = 6; 51 // The certificate data associated with the key (if any). 52 optional bytes certificate = 7; 53 // The payload associated with the key. 54 optional bytes payload = 8; 55} 56 57message GetEndorsementInfoRequest { 58 reserved 1; 59} 60 61message GetEndorsementInfoReply { 62 optional AttestationStatus status = 1; 63 // The endorsement public key (X.509/DER SubjectPublicKeyInfo). 64 optional bytes ek_public_key = 2; 65 // The endorsement certificate (X.509/DER). 66 optional bytes ek_certificate = 3; 67 // Human-readable string with EK information. Contains EK certificate in PEM 68 // format and SHA256 hash of the raw DER encoded certificate. 69 optional string ek_info = 4; 70} 71 72message GetAttestationKeyInfoRequest { 73 reserved 1; 74 // What kind of ACA to use. 75 optional ACAType aca_type = 2; 76} 77 78message GetAttestationKeyInfoReply { 79 optional AttestationStatus status = 1; 80 // The attestation public key (X.509/DER SubjectPublicKeyInfo). 81 optional bytes public_key = 2; 82 // The attestation public key in TPM_PUBKEY form. 83 optional bytes public_key_tpm_format = 3; 84 // The attestation key certificate. 85 optional bytes certificate = 4; 86 // A quote of PCR0 at the time of attestation key creation. 87 optional Quote pcr0_quote = 5; 88 // A quote of PCR1 at the time of attestation key creation. 89 optional Quote pcr1_quote = 6; 90} 91 92message ActivateAttestationKeyRequest { 93 reserved 1; 94 optional EncryptedIdentityCredential encrypted_certificate = 2; 95 // Whether, on success, the decrypted certificate should be retained in 96 // association with the attestation key. When using an ACA, this is normally 97 // set to true. Other protocols may use a nonce as the 'certificate' and in 98 // these cases this field is normally set to false. 99 optional bool save_certificate = 3; 100 // What kind of ACA to use. 101 optional ACAType aca_type = 4; 102} 103 104message ActivateAttestationKeyReply { 105 optional AttestationStatus status = 1; 106 // The decrypted attestation key certificate. 107 optional bytes certificate = 2; 108} 109 110message CreateCertifiableKeyRequest { 111 // An arbitrary label which can be used to reference the key later. 112 optional string key_label = 1; 113 // Provided if the new key should be accessible only by a 114 // particular user. If this field is not set or is the empty 115 // string, the key will be accessible system-wide. 116 optional string username = 2; 117 optional KeyType key_type = 3; 118 optional KeyUsage key_usage = 4; 119} 120 121message CreateCertifiableKeyReply { 122 optional AttestationStatus status = 1; 123 // The new public key (X.509/DER SubjectPublicKeyInfo). 124 optional bytes public_key = 2; 125 // The serialized TPM_CERTIFY_INFO or TPM2B_ATTEST for the new key. 126 optional bytes certify_info = 3; 127 // The signature of certify_info by the Attestation Key. 128 optional bytes certify_info_signature = 4; 129} 130 131message DecryptRequest { 132 optional string key_label = 1; 133 optional string username = 2; 134 optional bytes encrypted_data = 3; 135} 136 137message DecryptReply { 138 optional AttestationStatus status = 1; 139 optional bytes decrypted_data = 2; 140} 141 142message SignRequest { 143 optional string key_label = 1; 144 optional string username = 2; 145 optional bytes data_to_sign = 3; 146} 147 148message SignReply { 149 optional AttestationStatus status = 1; 150 optional bytes signature = 2; 151} 152 153message RegisterKeyWithChapsTokenRequest { 154 optional string key_label = 1; 155 optional string username = 2; 156 optional bool include_certificates = 3; 157} 158 159message RegisterKeyWithChapsTokenReply { 160 optional AttestationStatus status = 1; 161} 162 163// Message to check whether attestation is prepared for enrollment or not. 164message GetEnrollmentPreparationsRequest { 165 optional ACAType aca_type = 1; 166} 167 168// Reply to a check of whether attestation is prepared for enrollment or not. 169message GetEnrollmentPreparationsReply { 170 optional AttestationStatus status = 1; 171 map<int32, bool> enrollment_preparations = 2; 172} 173 174message GetStatusRequest { 175 // Get extended status (see GetStatusReply below). 176 optional bool extended_status = 1; 177} 178 179message GetStatusReply { 180 message Identity { 181 // The identity features. 182 optional int32 features = 1; 183 } 184 185 message IdentityCertificate { 186 // The identity that is enrolled. 187 optional int32 identity = 1; 188 // The Privacy CA that the identity is enrolled with. 189 optional int32 aca = 2; 190 } 191 192 optional AttestationStatus status = 1; 193 // Is prepared for enrollment? True if prepared for *any* CA. 194 optional bool prepared_for_enrollment = 2; 195 // Is enrolled (AIK certificate created)? True if enrolled with *any* CA. 196 optional bool enrolled = 3; 197 // Is in verified boot mode (according to PCR0 quote)? 198 // [Only included in reply if extended_status is set] 199 optional bool verified_boot = 4; 200 // List of identities and their identity features. 201 repeated Identity identities = 5; 202 // List of identity certificates. 203 map<int32, IdentityCertificate> identity_certificates = 6; 204 // Map of CA types to whether we are prepared for enrollment with that CA. 205 map<int32, bool> enrollment_preparations = 7; 206} 207 208// Verify attestation data. 209message VerifyRequest { 210 // Use CrosCore CA to verify that the EK is endorsed. 211 optional bool cros_core = 1; 212 // Verify EK only. 213 // Otherwise, in addition to EK, verify all attestation data as a CA would. 214 optional bool ek_only = 2; 215} 216 217message VerifyReply { 218 optional AttestationStatus status = 1; 219 optional bool verified = 2; 220} 221 222// Create an enrollment request to be sent to the Privacy CA. This request 223// is a serialized AttestationEnrollmentRequest protobuf. Attestation 224// enrollment is a process by which the Privacy CA verifies the EK certificate 225// of a device and issues a certificate for an AIK. The enrollment process can 226// be finished by sending FinishEnrollRequest with the response from the CA. 227message CreateEnrollRequestRequest { 228 // What kind of ACA to use. 229 optional ACAType aca_type = 1; 230} 231 232message CreateEnrollRequestReply { 233 optional AttestationStatus status = 1; 234 // AttestationEnrollmentRequest to be sent to CA server. 235 optional bytes pca_request = 2; 236} 237 238// Finish the enrollment process. 239message FinishEnrollRequest { 240 // AttestationEnrollmentResponse received from CA server. 241 optional bytes pca_response = 1; 242 // What kind of ACA to use. 243 optional ACAType aca_type = 2; 244} 245 246message FinishEnrollReply { 247 optional AttestationStatus status = 1; 248} 249 250// Goes through the entire enrollment process, including creating enroll 251// request, sending the request to the corresponding PCA server, and storing the 252// response from PCA server if success. The message field is identical to 253// |CreateEnrollRequestRequest|. 254message EnrollRequest { 255 // What kind of ACA to use. 256 optional ACAType aca_type = 1; 257 // No matter is the device is enrolled, (re-)enroll the device. 258 optional bool forced = 2; 259} 260 261message EnrollReply { 262 optional AttestationStatus status = 1; 263} 264 265// Create an attestation certificate request to be sent to the Privacy CA. 266// The request is a serialized AttestationCertificateRequest protobuf. The 267// certificate request process generates and certifies a key in the TPM and 268// sends the AIK certificate along with information about the certified key to 269// the Privacy CA. The PCA verifies the information and issues a certificate 270// for the certified key. The certificate request process can be finished by 271// sending FinishCertificateRequestRequest with the response from the CA. 272message CreateCertificateRequestRequest { 273 // Type of certificate to be requested. 274 optional CertificateProfile certificate_profile = 1; 275 // The canonical username of the active user profile. Leave blank 276 // if not associated with the current user. 277 optional string username = 2; 278 // Some certificate requests require information about the origin 279 // of the request. If no origin is needed, this can be empty. 280 optional string request_origin = 3; 281 // What kind of ACA to use. 282 optional ACAType aca_type = 4; 283 // The key algorithm of certified key. 284 optional KeyType key_type = 5; 285} 286 287message CreateCertificateRequestReply { 288 optional AttestationStatus status = 1; 289 // The request to be sent to the Privacy CA. 290 optional bytes pca_request = 2; 291} 292 293// Finish the certificate request process. The |pca_response| from the PCA 294// is a serialized AttestationCertificateResponse protobuf. This final step 295// verifies the PCA operation succeeded and extracts the certificate for the 296// certified key. The certificate is stored with the key. 297message FinishCertificateRequestRequest { 298 // The Privacy CA's response to a certificate request. 299 optional bytes pca_response = 1; 300 // A name for the key. If a key already exists with this name it 301 // will be destroyed and replaced with this one. 302 optional string key_label = 2; 303 // This should match |username| in CreateCertificateRequestRequest. 304 optional string username = 3; 305} 306 307message FinishCertificateRequestReply { 308 optional AttestationStatus status = 1; 309 // The PCA issued certificate chain in PEM format. By 310 // convention the certified key certificate is listed 311 // first followed by intermediate CA certificate(s). 312 // The PCA root certificate is not included. 313 optional bytes certificate = 2; 314} 315 316// Goes through the entire cert process, including creating cert, sending the 317// request to the corresponding PCA server, and storing the response from PCA 318// server if success. The message fields are basically the union of 319// |CreateCertificateRequestRequest| and |FinishCertificateRequestRequest|. 320message GetCertificateRequest { 321 // Type of certificate to be requested. 322 optional CertificateProfile certificate_profile = 1; 323 // The canonical username of the active user profile. Leave blank 324 // if not associated with the current user. 325 optional string username = 2; 326 // Some certificate requests require information about the origin 327 // of the request. If no origin is needed, this can be empty. 328 optional string request_origin = 3; 329 // What kind of ACA to use. 330 optional ACAType aca_type = 4; 331 // The key algorithm of certified key. 332 optional KeyType key_type = 5; 333 // A name for the key. If a key already exists with this name it 334 // will be destroyed and replaced with this one. 335 optional string key_label = 6; 336 // Ignores the current certificate if any and gets the new certificate. 337 optional bool forced = 7; 338 // If set to |true|, this request also triggers enrollment process if the 339 // device is not enrolled yet. 340 optional bool shall_trigger_enrollment = 8; 341} 342 343message GetCertificateReply { 344 optional AttestationStatus status = 1; 345 // The PCA issued certificate chain in PEM format. By 346 // convention the certified key certificate is listed 347 // first followed by intermediate CA certificate(s). 348 // The PCA root certificate is not included. 349 optional bytes certificate = 2; 350} 351 352// Sign a challenge for an enterprise device / user. This challenge is 353// typically generated by and the response verified by the Enterprise Device 354// Verification Server (DVServer). 355message SignEnterpriseChallengeRequest { 356 // The key name. This is the same name previously passed to 357 // FinishCertficateRequestRequest. 358 optional string key_label = 1; 359 // The canonical username of the active user profile. Leave blank 360 // if not associated with the current user. 361 optional string username = 2; 362 // A domain value to be included in the challenge response. 363 optional string domain = 3; 364 // A device identifier to be included in the challenge response. 365 optional bytes device_id = 4; 366 // Whether the challenge response should include 367 // a SignedPublicKeyAndChallenge. 368 optional bool include_signed_public_key = 5; 369 // The challenge to be signed. 370 optional bytes challenge = 6; 371 // The VA server that will handle the challenge. 372 optional VAType va_type = 7; 373 // The name of the key used for SignedPublicKeyAndChallenge. If left empty, 374 // the same key used to sign the challenge response (EMK or EUK) will be used 375 // for SignedPublicKeyAndChallenge. 376 optional string key_name_for_spkac = 8; 377} 378 379message SignEnterpriseChallengeReply { 380 optional AttestationStatus status = 1; 381 // The challenge response. 382 optional bytes challenge_response = 2; 383} 384 385// Sign a challenge outside of an enterprise context: generate a random nonce 386// and append it to challenge, then sign and return the signature in the 387// |challenge_response|. 388// This challenge is typically generated by some module running within Chrome. 389message SignSimpleChallengeRequest { 390 // The key name. This is the same name previously passed to 391 // FinishCertficateRequestRequest. 392 optional string key_label = 1; 393 // The canonical username of the active user profile. Leave blank 394 // if not associated with the current user. 395 optional string username = 2; 396 // The challenge to be signed. 397 optional bytes challenge = 3; 398} 399 400message SignSimpleChallengeReply { 401 optional AttestationStatus status = 1; 402 // The challenge response. 403 optional bytes challenge_response = 2; 404} 405 406// Set a payload for a key; any previous payload will be overwritten. 407message SetKeyPayloadRequest { 408 // The key name. This is the same name previously passed to 409 // FinishCertficateRequestRequest. 410 optional string key_label = 1; 411 // The canonical username of the active user profile. Leave blank 412 // if not associated with the current user. 413 optional string username = 2; 414 optional bytes payload = 3; 415} 416 417message SetKeyPayloadReply { 418 optional AttestationStatus status = 1; 419} 420 421// Delete all keys where the key name has the given |key_prefix|. 422message DeleteKeysRequest { 423 // The key name prefix. 424 optional string key_prefix = 1; 425 // The canonical username of the active user profile. Leave blank 426 // if not associated with the current user. 427 optional string username = 2; 428} 429 430message DeleteKeysReply { 431 optional AttestationStatus status = 1; 432} 433 434// Create a request to be sent to the PCA which will reset the identity for 435// this device on future AIK enrollments. The |reset_token| is put in the 436// request protobuf verbatim. 437message ResetIdentityRequest { 438 optional string reset_token = 1; 439} 440 441message ResetIdentityReply { 442 optional AttestationStatus status = 1; 443 // Request to be sent to the CA. 444 optional bytes reset_request = 2; 445} 446 447message GetEnrollmentIdRequest { 448 optional bool ignore_cache = 1; 449} 450 451message GetEnrollmentIdReply { 452 optional AttestationStatus status = 1; 453 optional string enrollment_id = 2; 454} 455 456// Gets a copy of the specific NV data, signed using the key with the specified 457// label, eg "attest-ent-machine". 458message GetCertifiedNvIndexRequest { 459 optional int32 nv_index = 1; 460 optional int32 nv_size = 2; 461 optional string key_label = 3; 462} 463 464message GetCertifiedNvIndexReply { 465 optional AttestationStatus status = 1; 466 optional bytes certified_data = 2; 467 optional bytes signature = 3; 468 optional bytes key_certificate = 4; 469} 470