1*d5c09012SAndroid Build Coastguard Worker// Copyright 2023 Google LLC 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage google.cloud.confidentialcomputing.v1; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport "google/api/annotations.proto"; 20*d5c09012SAndroid Build Coastguard Workerimport "google/api/client.proto"; 21*d5c09012SAndroid Build Coastguard Workerimport "google/api/field_behavior.proto"; 22*d5c09012SAndroid Build Coastguard Workerimport "google/api/resource.proto"; 23*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/timestamp.proto"; 24*d5c09012SAndroid Build Coastguard Workerimport "google/rpc/status.proto"; 25*d5c09012SAndroid Build Coastguard Worker 26*d5c09012SAndroid Build Coastguard Workeroption csharp_namespace = "Google.Cloud.ConfidentialComputing.V1"; 27*d5c09012SAndroid Build Coastguard Workeroption go_package = "cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb"; 28*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 29*d5c09012SAndroid Build Coastguard Workeroption java_outer_classname = "ServiceProto"; 30*d5c09012SAndroid Build Coastguard Workeroption java_package = "com.google.cloud.confidentialcomputing.v1"; 31*d5c09012SAndroid Build Coastguard Workeroption php_namespace = "Google\\Cloud\\ConfidentialComputing\\V1"; 32*d5c09012SAndroid Build Coastguard Workeroption ruby_package = "Google::Cloud::ConfidentialComputing::V1"; 33*d5c09012SAndroid Build Coastguard Worker 34*d5c09012SAndroid Build Coastguard Worker// Service describing handlers for resources 35*d5c09012SAndroid Build Coastguard Workerservice ConfidentialComputing { 36*d5c09012SAndroid Build Coastguard Worker option (google.api.default_host) = "confidentialcomputing.googleapis.com"; 37*d5c09012SAndroid Build Coastguard Worker option (google.api.oauth_scopes) = 38*d5c09012SAndroid Build Coastguard Worker "https://www.googleapis.com/auth/cloud-platform"; 39*d5c09012SAndroid Build Coastguard Worker 40*d5c09012SAndroid Build Coastguard Worker // Creates a new Challenge in a given project and location. 41*d5c09012SAndroid Build Coastguard Worker rpc CreateChallenge(CreateChallengeRequest) returns (Challenge) { 42*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 43*d5c09012SAndroid Build Coastguard Worker post: "/v1/{parent=projects/*/locations/*}/challenges" 44*d5c09012SAndroid Build Coastguard Worker body: "challenge" 45*d5c09012SAndroid Build Coastguard Worker }; 46*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "parent,challenge"; 47*d5c09012SAndroid Build Coastguard Worker } 48*d5c09012SAndroid Build Coastguard Worker 49*d5c09012SAndroid Build Coastguard Worker // Verifies the provided attestation info, returning a signed OIDC token. 50*d5c09012SAndroid Build Coastguard Worker rpc VerifyAttestation(VerifyAttestationRequest) 51*d5c09012SAndroid Build Coastguard Worker returns (VerifyAttestationResponse) { 52*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 53*d5c09012SAndroid Build Coastguard Worker post: "/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation" 54*d5c09012SAndroid Build Coastguard Worker body: "*" 55*d5c09012SAndroid Build Coastguard Worker }; 56*d5c09012SAndroid Build Coastguard Worker } 57*d5c09012SAndroid Build Coastguard Worker} 58*d5c09012SAndroid Build Coastguard Worker 59*d5c09012SAndroid Build Coastguard Worker// SigningAlgorithm enumerates all the supported signing algorithms. 60*d5c09012SAndroid Build Coastguard Workerenum SigningAlgorithm { 61*d5c09012SAndroid Build Coastguard Worker // Unspecified signing algorithm. 62*d5c09012SAndroid Build Coastguard Worker SIGNING_ALGORITHM_UNSPECIFIED = 0; 63*d5c09012SAndroid Build Coastguard Worker 64*d5c09012SAndroid Build Coastguard Worker // RSASSA-PSS with a SHA256 digest. 65*d5c09012SAndroid Build Coastguard Worker RSASSA_PSS_SHA256 = 1; 66*d5c09012SAndroid Build Coastguard Worker 67*d5c09012SAndroid Build Coastguard Worker // RSASSA-PKCS1 v1.5 with a SHA256 digest. 68*d5c09012SAndroid Build Coastguard Worker RSASSA_PKCS1V15_SHA256 = 2; 69*d5c09012SAndroid Build Coastguard Worker 70*d5c09012SAndroid Build Coastguard Worker // ECDSA on the P-256 Curve with a SHA256 digest. 71*d5c09012SAndroid Build Coastguard Worker ECDSA_P256_SHA256 = 3; 72*d5c09012SAndroid Build Coastguard Worker} 73*d5c09012SAndroid Build Coastguard Worker 74*d5c09012SAndroid Build Coastguard Worker// Token type enum contains the different types of token responses Confidential 75*d5c09012SAndroid Build Coastguard Worker// Space supports 76*d5c09012SAndroid Build Coastguard Workerenum TokenType { 77*d5c09012SAndroid Build Coastguard Worker // Unspecified token type 78*d5c09012SAndroid Build Coastguard Worker TOKEN_TYPE_UNSPECIFIED = 0; 79*d5c09012SAndroid Build Coastguard Worker 80*d5c09012SAndroid Build Coastguard Worker // OpenID Connect (OIDC) token type 81*d5c09012SAndroid Build Coastguard Worker TOKEN_TYPE_OIDC = 1; 82*d5c09012SAndroid Build Coastguard Worker 83*d5c09012SAndroid Build Coastguard Worker // Public Key Infrastructure (PKI) token type 84*d5c09012SAndroid Build Coastguard Worker TOKEN_TYPE_PKI = 2; 85*d5c09012SAndroid Build Coastguard Worker 86*d5c09012SAndroid Build Coastguard Worker // Limited claim token type for AWS integration 87*d5c09012SAndroid Build Coastguard Worker TOKEN_TYPE_LIMITED_AWS = 3; 88*d5c09012SAndroid Build Coastguard Worker} 89*d5c09012SAndroid Build Coastguard Worker 90*d5c09012SAndroid Build Coastguard Worker// A Challenge from the server used to guarantee freshness of attestations 91*d5c09012SAndroid Build Coastguard Workermessage Challenge { 92*d5c09012SAndroid Build Coastguard Worker option (google.api.resource) = { 93*d5c09012SAndroid Build Coastguard Worker type: "confidentialcomputing.googleapis.com/Challenge" 94*d5c09012SAndroid Build Coastguard Worker pattern: "projects/{project}/locations/{location}/challenges/{uuid}" 95*d5c09012SAndroid Build Coastguard Worker }; 96*d5c09012SAndroid Build Coastguard Worker 97*d5c09012SAndroid Build Coastguard Worker // Output only. The resource name for this Challenge in the format 98*d5c09012SAndroid Build Coastguard Worker // `projects/*/locations/*/challenges/*` 99*d5c09012SAndroid Build Coastguard Worker string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 100*d5c09012SAndroid Build Coastguard Worker 101*d5c09012SAndroid Build Coastguard Worker // Output only. The time at which this Challenge was created 102*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp create_time = 2 103*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OUTPUT_ONLY]; 104*d5c09012SAndroid Build Coastguard Worker 105*d5c09012SAndroid Build Coastguard Worker // Output only. The time at which this Challenge will no longer be usable. It 106*d5c09012SAndroid Build Coastguard Worker // is also the expiration time for any tokens generated from this Challenge. 107*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp expire_time = 3 108*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OUTPUT_ONLY]; 109*d5c09012SAndroid Build Coastguard Worker 110*d5c09012SAndroid Build Coastguard Worker // Output only. Indicates if this challenge has been used to generate a token. 111*d5c09012SAndroid Build Coastguard Worker bool used = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 112*d5c09012SAndroid Build Coastguard Worker 113*d5c09012SAndroid Build Coastguard Worker // Output only. Identical to nonce, but as a string. 114*d5c09012SAndroid Build Coastguard Worker string tpm_nonce = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 115*d5c09012SAndroid Build Coastguard Worker} 116*d5c09012SAndroid Build Coastguard Worker 117*d5c09012SAndroid Build Coastguard Worker// Message for creating a Challenge 118*d5c09012SAndroid Build Coastguard Workermessage CreateChallengeRequest { 119*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the location where the Challenge will be 120*d5c09012SAndroid Build Coastguard Worker // used, in the format `projects/*/locations/*`. 121*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 122*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 123*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 124*d5c09012SAndroid Build Coastguard Worker type: "locations.googleapis.com/Location" 125*d5c09012SAndroid Build Coastguard Worker } 126*d5c09012SAndroid Build Coastguard Worker ]; 127*d5c09012SAndroid Build Coastguard Worker 128*d5c09012SAndroid Build Coastguard Worker // Required. The Challenge to be created. Currently this field can be empty as 129*d5c09012SAndroid Build Coastguard Worker // all the Challenge fields are set by the server. 130*d5c09012SAndroid Build Coastguard Worker Challenge challenge = 2 [(google.api.field_behavior) = REQUIRED]; 131*d5c09012SAndroid Build Coastguard Worker} 132*d5c09012SAndroid Build Coastguard Worker 133*d5c09012SAndroid Build Coastguard Worker// A request for an OIDC token, providing all the necessary information needed 134*d5c09012SAndroid Build Coastguard Worker// for this service to verify the plaform state of the requestor. 135*d5c09012SAndroid Build Coastguard Workermessage VerifyAttestationRequest { 136*d5c09012SAndroid Build Coastguard Worker // Required. The name of the Challenge whose nonce was used to generate the 137*d5c09012SAndroid Build Coastguard Worker // attestation, in the format `projects/*/locations/*/challenges/*`. The 138*d5c09012SAndroid Build Coastguard Worker // provided Challenge will be consumed, and cannot be used again. 139*d5c09012SAndroid Build Coastguard Worker string challenge = 1 [ 140*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 141*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 142*d5c09012SAndroid Build Coastguard Worker type: "confidentialcomputing.googleapis.com/Challenge" 143*d5c09012SAndroid Build Coastguard Worker } 144*d5c09012SAndroid Build Coastguard Worker ]; 145*d5c09012SAndroid Build Coastguard Worker 146*d5c09012SAndroid Build Coastguard Worker // Optional. Credentials used to populate the "emails" claim in the 147*d5c09012SAndroid Build Coastguard Worker // claims_token. 148*d5c09012SAndroid Build Coastguard Worker GcpCredentials gcp_credentials = 2 [(google.api.field_behavior) = OPTIONAL]; 149*d5c09012SAndroid Build Coastguard Worker 150*d5c09012SAndroid Build Coastguard Worker // Required. The TPM-specific data provided by the attesting platform, used to 151*d5c09012SAndroid Build Coastguard Worker // populate any of the claims regarding platform state. 152*d5c09012SAndroid Build Coastguard Worker TpmAttestation tpm_attestation = 3 [(google.api.field_behavior) = REQUIRED]; 153*d5c09012SAndroid Build Coastguard Worker 154*d5c09012SAndroid Build Coastguard Worker // Optional. Optional information related to the Confidential Space TEE. 155*d5c09012SAndroid Build Coastguard Worker ConfidentialSpaceInfo confidential_space_info = 4 156*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 157*d5c09012SAndroid Build Coastguard Worker 158*d5c09012SAndroid Build Coastguard Worker // Optional. A collection of optional, workload-specified claims that modify 159*d5c09012SAndroid Build Coastguard Worker // the token output. 160*d5c09012SAndroid Build Coastguard Worker TokenOptions token_options = 5 [(google.api.field_behavior) = OPTIONAL]; 161*d5c09012SAndroid Build Coastguard Worker} 162*d5c09012SAndroid Build Coastguard Worker 163*d5c09012SAndroid Build Coastguard Worker// A response once an attestation has been successfully verified, containing a 164*d5c09012SAndroid Build Coastguard Worker// signed OIDC token. 165*d5c09012SAndroid Build Coastguard Workermessage VerifyAttestationResponse { 166*d5c09012SAndroid Build Coastguard Worker // Output only. Same as claims_token, but as a string. 167*d5c09012SAndroid Build Coastguard Worker string oidc_claims_token = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 168*d5c09012SAndroid Build Coastguard Worker 169*d5c09012SAndroid Build Coastguard Worker // Output only. A list of messages that carry the partial error details 170*d5c09012SAndroid Build Coastguard Worker // related to VerifyAttestation. 171*d5c09012SAndroid Build Coastguard Worker repeated google.rpc.Status partial_errors = 3 172*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OUTPUT_ONLY]; 173*d5c09012SAndroid Build Coastguard Worker} 174*d5c09012SAndroid Build Coastguard Worker 175*d5c09012SAndroid Build Coastguard Worker// Credentials issued by GCP which are linked to the platform attestation. These 176*d5c09012SAndroid Build Coastguard Worker// will be verified server-side as part of attestaion verification. 177*d5c09012SAndroid Build Coastguard Workermessage GcpCredentials { 178*d5c09012SAndroid Build Coastguard Worker // Same as id_tokens, but as a string. 179*d5c09012SAndroid Build Coastguard Worker repeated string service_account_id_tokens = 2; 180*d5c09012SAndroid Build Coastguard Worker} 181*d5c09012SAndroid Build Coastguard Worker 182*d5c09012SAndroid Build Coastguard Worker// Options to modify claims in the token to generate custom-purpose tokens. 183*d5c09012SAndroid Build Coastguard Workermessage TokenOptions { 184*d5c09012SAndroid Build Coastguard Worker // Optional. Optional string to issue the token with a custom audience claim. 185*d5c09012SAndroid Build Coastguard Worker // Required if one or more nonces are specified. 186*d5c09012SAndroid Build Coastguard Worker string audience = 1 [(google.api.field_behavior) = OPTIONAL]; 187*d5c09012SAndroid Build Coastguard Worker 188*d5c09012SAndroid Build Coastguard Worker // Optional. Optional parameter to place one or more nonces in the eat_nonce 189*d5c09012SAndroid Build Coastguard Worker // claim in the output token. The minimum size for JSON-encoded EATs is 10 190*d5c09012SAndroid Build Coastguard Worker // bytes and the maximum size is 74 bytes. 191*d5c09012SAndroid Build Coastguard Worker repeated string nonce = 2 [(google.api.field_behavior) = OPTIONAL]; 192*d5c09012SAndroid Build Coastguard Worker 193*d5c09012SAndroid Build Coastguard Worker // Optional. Optional token type to select what type of token to return. 194*d5c09012SAndroid Build Coastguard Worker TokenType token_type = 3 [(google.api.field_behavior) = OPTIONAL]; 195*d5c09012SAndroid Build Coastguard Worker} 196*d5c09012SAndroid Build Coastguard Worker 197*d5c09012SAndroid Build Coastguard Worker// TPM2 data containing everything necessary to validate any platform state 198*d5c09012SAndroid Build Coastguard Worker// measured into the TPM. 199*d5c09012SAndroid Build Coastguard Workermessage TpmAttestation { 200*d5c09012SAndroid Build Coastguard Worker // Information about Platform Control Registers (PCRs) including a signature 201*d5c09012SAndroid Build Coastguard Worker // over their values, which can be used for remote validation. 202*d5c09012SAndroid Build Coastguard Worker message Quote { 203*d5c09012SAndroid Build Coastguard Worker // The hash algorithm of the PCR bank being quoted, encoded as a TPM_ALG_ID 204*d5c09012SAndroid Build Coastguard Worker int32 hash_algo = 1; 205*d5c09012SAndroid Build Coastguard Worker 206*d5c09012SAndroid Build Coastguard Worker // Raw binary values of each PCRs being quoted. 207*d5c09012SAndroid Build Coastguard Worker map<int32, bytes> pcr_values = 2; 208*d5c09012SAndroid Build Coastguard Worker 209*d5c09012SAndroid Build Coastguard Worker // TPM2 quote, encoded as a TPMS_ATTEST 210*d5c09012SAndroid Build Coastguard Worker bytes raw_quote = 3; 211*d5c09012SAndroid Build Coastguard Worker 212*d5c09012SAndroid Build Coastguard Worker // TPM2 signature, encoded as a TPMT_SIGNATURE 213*d5c09012SAndroid Build Coastguard Worker bytes raw_signature = 4; 214*d5c09012SAndroid Build Coastguard Worker } 215*d5c09012SAndroid Build Coastguard Worker 216*d5c09012SAndroid Build Coastguard Worker // TPM2 PCR Quotes generated by calling TPM2_Quote on each PCR bank. 217*d5c09012SAndroid Build Coastguard Worker repeated Quote quotes = 1; 218*d5c09012SAndroid Build Coastguard Worker 219*d5c09012SAndroid Build Coastguard Worker // The binary TCG Event Log containing events measured into the TPM by the 220*d5c09012SAndroid Build Coastguard Worker // platform firmware and operating system. Formatted as described in the 221*d5c09012SAndroid Build Coastguard Worker // "TCG PC Client Platform Firmware Profile Specification". 222*d5c09012SAndroid Build Coastguard Worker bytes tcg_event_log = 2; 223*d5c09012SAndroid Build Coastguard Worker 224*d5c09012SAndroid Build Coastguard Worker // An Event Log containing additional events measured into the TPM that are 225*d5c09012SAndroid Build Coastguard Worker // not already present in the tcg_event_log. Formatted as described in the 226*d5c09012SAndroid Build Coastguard Worker // "Canonical Event Log Format" TCG Specification. 227*d5c09012SAndroid Build Coastguard Worker bytes canonical_event_log = 3; 228*d5c09012SAndroid Build Coastguard Worker 229*d5c09012SAndroid Build Coastguard Worker // DER-encoded X.509 certificate of the Attestation Key (otherwise known as 230*d5c09012SAndroid Build Coastguard Worker // an AK or a TPM restricted signing key) used to generate the quotes. 231*d5c09012SAndroid Build Coastguard Worker bytes ak_cert = 4; 232*d5c09012SAndroid Build Coastguard Worker 233*d5c09012SAndroid Build Coastguard Worker // List of DER-encoded X.509 certificates which, together with the ak_cert, 234*d5c09012SAndroid Build Coastguard Worker // chain back to a trusted Root Certificate. 235*d5c09012SAndroid Build Coastguard Worker repeated bytes cert_chain = 5; 236*d5c09012SAndroid Build Coastguard Worker} 237*d5c09012SAndroid Build Coastguard Worker 238*d5c09012SAndroid Build Coastguard Worker// ConfidentialSpaceInfo contains information related to the Confidential Space 239*d5c09012SAndroid Build Coastguard Worker// TEE. 240*d5c09012SAndroid Build Coastguard Workermessage ConfidentialSpaceInfo { 241*d5c09012SAndroid Build Coastguard Worker // Optional. A list of signed entities containing container image signatures 242*d5c09012SAndroid Build Coastguard Worker // that can be used for server-side signature verification. 243*d5c09012SAndroid Build Coastguard Worker repeated SignedEntity signed_entities = 1 244*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 245*d5c09012SAndroid Build Coastguard Worker} 246*d5c09012SAndroid Build Coastguard Worker 247*d5c09012SAndroid Build Coastguard Worker// SignedEntity represents an OCI image object containing everything necessary 248*d5c09012SAndroid Build Coastguard Worker// to verify container image signatures. 249*d5c09012SAndroid Build Coastguard Workermessage SignedEntity { 250*d5c09012SAndroid Build Coastguard Worker // Optional. A list of container image signatures attached to an OCI image 251*d5c09012SAndroid Build Coastguard Worker // object. 252*d5c09012SAndroid Build Coastguard Worker repeated ContainerImageSignature container_image_signatures = 1 253*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 254*d5c09012SAndroid Build Coastguard Worker} 255*d5c09012SAndroid Build Coastguard Worker 256*d5c09012SAndroid Build Coastguard Worker// ContainerImageSignature holds necessary metadata to verify a container image 257*d5c09012SAndroid Build Coastguard Worker// signature. 258*d5c09012SAndroid Build Coastguard Workermessage ContainerImageSignature { 259*d5c09012SAndroid Build Coastguard Worker // Optional. The binary signature payload following the SimpleSigning format 260*d5c09012SAndroid Build Coastguard Worker // https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing. 261*d5c09012SAndroid Build Coastguard Worker // This payload includes the container image digest. 262*d5c09012SAndroid Build Coastguard Worker bytes payload = 1 [(google.api.field_behavior) = OPTIONAL]; 263*d5c09012SAndroid Build Coastguard Worker 264*d5c09012SAndroid Build Coastguard Worker // Optional. A signature over the payload. 265*d5c09012SAndroid Build Coastguard Worker // The container image digest is incorporated into the signature as follows: 266*d5c09012SAndroid Build Coastguard Worker // 1. Generate a SimpleSigning format payload that includes the container 267*d5c09012SAndroid Build Coastguard Worker // image digest. 268*d5c09012SAndroid Build Coastguard Worker // 2. Generate a signature over SHA256 digest of the payload. 269*d5c09012SAndroid Build Coastguard Worker // The signature generation process can be represented as follows: 270*d5c09012SAndroid Build Coastguard Worker // `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))` 271*d5c09012SAndroid Build Coastguard Worker bytes signature = 2 [(google.api.field_behavior) = OPTIONAL]; 272*d5c09012SAndroid Build Coastguard Worker 273*d5c09012SAndroid Build Coastguard Worker // Optional. Reserved for future use. 274*d5c09012SAndroid Build Coastguard Worker bytes public_key = 3 [(google.api.field_behavior) = OPTIONAL]; 275*d5c09012SAndroid Build Coastguard Worker 276*d5c09012SAndroid Build Coastguard Worker // Optional. Reserved for future use. 277*d5c09012SAndroid Build Coastguard Worker SigningAlgorithm sig_alg = 4 [(google.api.field_behavior) = OPTIONAL]; 278*d5c09012SAndroid Build Coastguard Worker} 279