xref: /aosp_15_r20/external/googleapis/google/cloud/confidentialcomputing/v1/service.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.confidentialcomputing.v1;
18
19import "google/api/annotations.proto";
20import "google/api/client.proto";
21import "google/api/field_behavior.proto";
22import "google/api/resource.proto";
23import "google/protobuf/timestamp.proto";
24import "google/rpc/status.proto";
25
26option csharp_namespace = "Google.Cloud.ConfidentialComputing.V1";
27option go_package = "cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb";
28option java_multiple_files = true;
29option java_outer_classname = "ServiceProto";
30option java_package = "com.google.cloud.confidentialcomputing.v1";
31option php_namespace = "Google\\Cloud\\ConfidentialComputing\\V1";
32option ruby_package = "Google::Cloud::ConfidentialComputing::V1";
33
34// Service describing handlers for resources
35service ConfidentialComputing {
36  option (google.api.default_host) = "confidentialcomputing.googleapis.com";
37  option (google.api.oauth_scopes) =
38      "https://www.googleapis.com/auth/cloud-platform";
39
40  // Creates a new Challenge in a given project and location.
41  rpc CreateChallenge(CreateChallengeRequest) returns (Challenge) {
42    option (google.api.http) = {
43      post: "/v1/{parent=projects/*/locations/*}/challenges"
44      body: "challenge"
45    };
46    option (google.api.method_signature) = "parent,challenge";
47  }
48
49  // Verifies the provided attestation info, returning a signed OIDC token.
50  rpc VerifyAttestation(VerifyAttestationRequest)
51      returns (VerifyAttestationResponse) {
52    option (google.api.http) = {
53      post: "/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation"
54      body: "*"
55    };
56  }
57}
58
59// SigningAlgorithm enumerates all the supported signing algorithms.
60enum SigningAlgorithm {
61  // Unspecified signing algorithm.
62  SIGNING_ALGORITHM_UNSPECIFIED = 0;
63
64  // RSASSA-PSS with a SHA256 digest.
65  RSASSA_PSS_SHA256 = 1;
66
67  // RSASSA-PKCS1 v1.5 with a SHA256 digest.
68  RSASSA_PKCS1V15_SHA256 = 2;
69
70  // ECDSA on the P-256 Curve with a SHA256 digest.
71  ECDSA_P256_SHA256 = 3;
72}
73
74// Token type enum contains the different types of token responses Confidential
75// Space supports
76enum TokenType {
77  // Unspecified token type
78  TOKEN_TYPE_UNSPECIFIED = 0;
79
80  // OpenID Connect (OIDC) token type
81  TOKEN_TYPE_OIDC = 1;
82
83  // Public Key Infrastructure (PKI) token type
84  TOKEN_TYPE_PKI = 2;
85
86  // Limited claim token type for AWS integration
87  TOKEN_TYPE_LIMITED_AWS = 3;
88}
89
90// A Challenge from the server used to guarantee freshness of attestations
91message Challenge {
92  option (google.api.resource) = {
93    type: "confidentialcomputing.googleapis.com/Challenge"
94    pattern: "projects/{project}/locations/{location}/challenges/{uuid}"
95  };
96
97  // Output only. The resource name for this Challenge in the format
98  // `projects/*/locations/*/challenges/*`
99  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
100
101  // Output only. The time at which this Challenge was created
102  google.protobuf.Timestamp create_time = 2
103      [(google.api.field_behavior) = OUTPUT_ONLY];
104
105  // Output only. The time at which this Challenge will no longer be usable. It
106  // is also the expiration time for any tokens generated from this Challenge.
107  google.protobuf.Timestamp expire_time = 3
108      [(google.api.field_behavior) = OUTPUT_ONLY];
109
110  // Output only. Indicates if this challenge has been used to generate a token.
111  bool used = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
112
113  // Output only. Identical to nonce, but as a string.
114  string tpm_nonce = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
115}
116
117// Message for creating a Challenge
118message CreateChallengeRequest {
119  // Required. The resource name of the location where the Challenge will be
120  // used, in the format `projects/*/locations/*`.
121  string parent = 1 [
122    (google.api.field_behavior) = REQUIRED,
123    (google.api.resource_reference) = {
124      type: "locations.googleapis.com/Location"
125    }
126  ];
127
128  // Required. The Challenge to be created. Currently this field can be empty as
129  // all the Challenge fields are set by the server.
130  Challenge challenge = 2 [(google.api.field_behavior) = REQUIRED];
131}
132
133// A request for an OIDC token, providing all the necessary information needed
134// for this service to verify the plaform state of the requestor.
135message VerifyAttestationRequest {
136  // Required. The name of the Challenge whose nonce was used to generate the
137  // attestation, in the format `projects/*/locations/*/challenges/*`. The
138  // provided Challenge will be consumed, and cannot be used again.
139  string challenge = 1 [
140    (google.api.field_behavior) = REQUIRED,
141    (google.api.resource_reference) = {
142      type: "confidentialcomputing.googleapis.com/Challenge"
143    }
144  ];
145
146  // Optional. Credentials used to populate the "emails" claim in the
147  // claims_token.
148  GcpCredentials gcp_credentials = 2 [(google.api.field_behavior) = OPTIONAL];
149
150  // Required. The TPM-specific data provided by the attesting platform, used to
151  // populate any of the claims regarding platform state.
152  TpmAttestation tpm_attestation = 3 [(google.api.field_behavior) = REQUIRED];
153
154  // Optional. Optional information related to the Confidential Space TEE.
155  ConfidentialSpaceInfo confidential_space_info = 4
156      [(google.api.field_behavior) = OPTIONAL];
157
158  // Optional. A collection of optional, workload-specified claims that modify
159  // the token output.
160  TokenOptions token_options = 5 [(google.api.field_behavior) = OPTIONAL];
161}
162
163// A response once an attestation has been successfully verified, containing a
164// signed OIDC token.
165message VerifyAttestationResponse {
166  // Output only. Same as claims_token, but as a string.
167  string oidc_claims_token = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
168
169  // Output only. A list of messages that carry the partial error details
170  // related to VerifyAttestation.
171  repeated google.rpc.Status partial_errors = 3
172      [(google.api.field_behavior) = OUTPUT_ONLY];
173}
174
175// Credentials issued by GCP which are linked to the platform attestation. These
176// will be verified server-side as part of attestaion verification.
177message GcpCredentials {
178  // Same as id_tokens, but as a string.
179  repeated string service_account_id_tokens = 2;
180}
181
182// Options to modify claims in the token to generate custom-purpose tokens.
183message TokenOptions {
184  // Optional. Optional string to issue the token with a custom audience claim.
185  // Required if one or more nonces are specified.
186  string audience = 1 [(google.api.field_behavior) = OPTIONAL];
187
188  // Optional. Optional parameter to place one or more nonces in the eat_nonce
189  // claim in the output token. The minimum size for JSON-encoded EATs is 10
190  // bytes and the maximum size is 74 bytes.
191  repeated string nonce = 2 [(google.api.field_behavior) = OPTIONAL];
192
193  // Optional. Optional token type to select what type of token to return.
194  TokenType token_type = 3 [(google.api.field_behavior) = OPTIONAL];
195}
196
197// TPM2 data containing everything necessary to validate any platform state
198// measured into the TPM.
199message TpmAttestation {
200  // Information about Platform Control Registers (PCRs) including a signature
201  // over their values, which can be used for remote validation.
202  message Quote {
203    // The hash algorithm of the PCR bank being quoted, encoded as a TPM_ALG_ID
204    int32 hash_algo = 1;
205
206    // Raw binary values of each PCRs being quoted.
207    map<int32, bytes> pcr_values = 2;
208
209    // TPM2 quote, encoded as a TPMS_ATTEST
210    bytes raw_quote = 3;
211
212    // TPM2 signature, encoded as a TPMT_SIGNATURE
213    bytes raw_signature = 4;
214  }
215
216  // TPM2 PCR Quotes generated by calling TPM2_Quote on each PCR bank.
217  repeated Quote quotes = 1;
218
219  // The binary TCG Event Log containing events measured into the TPM by the
220  // platform firmware and operating system. Formatted as described in the
221  // "TCG PC Client Platform Firmware Profile Specification".
222  bytes tcg_event_log = 2;
223
224  // An Event Log containing additional events measured into the TPM that are
225  // not already present in the tcg_event_log. Formatted as described in the
226  // "Canonical Event Log Format" TCG Specification.
227  bytes canonical_event_log = 3;
228
229  // DER-encoded X.509 certificate of the Attestation Key (otherwise known as
230  // an AK or a TPM restricted signing key) used to generate the quotes.
231  bytes ak_cert = 4;
232
233  // List of DER-encoded X.509 certificates which, together with the ak_cert,
234  // chain back to a trusted Root Certificate.
235  repeated bytes cert_chain = 5;
236}
237
238// ConfidentialSpaceInfo contains information related to the Confidential Space
239// TEE.
240message ConfidentialSpaceInfo {
241  // Optional. A list of signed entities containing container image signatures
242  // that can be used for server-side signature verification.
243  repeated SignedEntity signed_entities = 1
244      [(google.api.field_behavior) = OPTIONAL];
245}
246
247// SignedEntity represents an OCI image object containing everything necessary
248// to verify container image signatures.
249message SignedEntity {
250  // Optional. A list of container image signatures attached to an OCI image
251  // object.
252  repeated ContainerImageSignature container_image_signatures = 1
253      [(google.api.field_behavior) = OPTIONAL];
254}
255
256// ContainerImageSignature holds necessary metadata to verify a container image
257// signature.
258message ContainerImageSignature {
259  // Optional. The binary signature payload following the SimpleSigning format
260  // https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing.
261  // This payload includes the container image digest.
262  bytes payload = 1 [(google.api.field_behavior) = OPTIONAL];
263
264  // Optional. A signature over the payload.
265  // The container image digest is incorporated into the signature as follows:
266  // 1. Generate a SimpleSigning format payload that includes the container
267  // image digest.
268  // 2. Generate a signature over SHA256 digest of the payload.
269  // The signature generation process can be represented as follows:
270  // `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))`
271  bytes signature = 2 [(google.api.field_behavior) = OPTIONAL];
272
273  // Optional. Reserved for future use.
274  bytes public_key = 3 [(google.api.field_behavior) = OPTIONAL];
275
276  // Optional. Reserved for future use.
277  SigningAlgorithm sig_alg = 4 [(google.api.field_behavior) = OPTIONAL];
278}
279