1 // Copyright 2015 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 option optimize_for = LITE_RUNTIME; 6 7 package attestation; 8 9 // Describes key type. 10 enum KeyType { 11 KEY_TYPE_RSA = 1; 12 KEY_TYPE_ECC = 2; 13 } 14 15 // Describes allowed key usage. 16 enum KeyUsage { 17 KEY_USAGE_SIGN = 1; 18 KEY_USAGE_DECRYPT = 2; 19 } 20 21 // Enumerates various certificate profiles supported by the Attestation CA. 22 enum CertificateProfile { 23 // A certificate intended for enterprise-owned devices. It has the following 24 // subjectName fields: 25 // CN=<stable device identifier> 26 // OU=state:[verified|developer] 27 // O=Chrome Device Enterprise 28 ENTERPRISE_MACHINE_CERTIFICATE = 0; 29 30 // A certificate intended for enterprise-owned user accounts. It has the 31 // following subjectName fields: 32 // OU=state:[verified|developer] 33 // O=Chrome Device Enterprise 34 ENTERPRISE_USER_CERTIFICATE = 1; 35 36 // A certificate intended for platform verification by providers of protected 37 // content. It has the following subjectName fields: 38 // O=Chrome Device Content Protection 39 CONTENT_PROTECTION_CERTIFICATE = 2; 40 41 // Like above, but it also includes a stable ID and origin. 42 // CN=<origin-specific device identifier> 43 // OU=<origin> 44 // O=Chrome Device Content Protection 45 CONTENT_PROTECTION_CERTIFICATE_WITH_STABLE_ID = 3; 46 47 // A certificate intended for cast devices. 48 CAST_CERTIFICATE = 4; 49 50 GFSC_CERTIFICATE = 5; 51 } 52 53 // Holds information about a quote generated by the TPM. 54 message Quote { 55 // The quote; a signature generated with the AIK. 56 optional bytes quote = 1; 57 // The serialized data that was quoted; this assists in verifying the quote. 58 optional bytes quoted_data = 2; 59 // The value of the PCR(s) at the time the quote was generated. 60 optional bytes quoted_pcr_value = 3; 61 // Source data which was originally used to extend the PCR. If this field 62 // exists it can be expected that SHA1(pcr_source_hint) was extended into the 63 // PCR. 64 optional bytes pcr_source_hint = 4; 65 } 66 67 // Holds encrypted data and information required to decrypt it. 68 message EncryptedData { 69 // A key that has been sealed to the TPM or wrapped by another key. 70 optional bytes wrapped_key = 2; 71 // The initialization vector used during encryption. 72 optional bytes iv = 3; 73 // MAC of (iv || encrypted_data). 74 optional bytes mac = 4; 75 optional bytes encrypted_data = 5; 76 // An identifier for the wrapping key to assist in decryption. 77 optional bytes wrapping_key_id = 6; 78 } 79 80 // The wrapper message of any data and its signature. 81 message SignedData { 82 // The data to be signed. 83 optional bytes data = 1; 84 // The signature of the data field. 85 optional bytes signature = 2; 86 } 87 88 // These two fields are suitable for passing to Tspi_TPM_ActivateIdentity() 89 // directly. 90 message EncryptedIdentityCredential { 91 // TPM_ASYM_CA_CONTENTS, encrypted with EK public key. 92 optional bytes asym_ca_contents = 1; 93 // TPM_SYM_CA_ATTESTATION, encrypted with the key in aysm_ca_contents. 94 optional bytes sym_ca_attestation = 2; 95 } 96 97
