1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.confidentialcomputing.v1alpha1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/protobuf/timestamp.proto"; 24 25option csharp_namespace = "Google.Cloud.ConfidentialComputing.V1Alpha1"; 26option go_package = "cloud.google.com/go/confidentialcomputing/apiv1alpha1/confidentialcomputingpb;confidentialcomputingpb"; 27option java_multiple_files = true; 28option java_outer_classname = "ServiceProto"; 29option java_package = "com.google.cloud.confidentialcomputing.v1alpha1"; 30option php_namespace = "Google\\Cloud\\ConfidentialComputing\\V1alpha1"; 31option ruby_package = "Google::Cloud::ConfidentialComputing::V1alpha1"; 32 33// Service describing handlers for resources 34service ConfidentialComputing { 35 option (google.api.default_host) = "confidentialcomputing.googleapis.com"; 36 option (google.api.oauth_scopes) = 37 "https://www.googleapis.com/auth/cloud-platform"; 38 39 // Creates a new Challenge in a given project and location. 40 rpc CreateChallenge(CreateChallengeRequest) returns (Challenge) { 41 option (google.api.http) = { 42 post: "/v1alpha1/{parent=projects/*/locations/*}/challenges" 43 body: "challenge" 44 }; 45 option (google.api.method_signature) = "parent,challenge"; 46 } 47 48 // Verifies the provided attestation info, returning a signed OIDC token. 49 rpc VerifyAttestation(VerifyAttestationRequest) 50 returns (VerifyAttestationResponse) { 51 option (google.api.http) = { 52 post: "/v1alpha1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation" 53 body: "*" 54 }; 55 } 56} 57 58// A Challenge from the server used to guarantee freshness of attestations 59message Challenge { 60 option (google.api.resource) = { 61 type: "confidentialcomputing.googleapis.com/Challenge" 62 pattern: "projects/{project}/locations/{location}/challenges/{uuid}" 63 }; 64 65 // Output only. The resource name for this Challenge in the format 66 // `projects/*/locations/*/challenges/*` 67 string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 68 69 // Output only. The time at which this Challenge was created 70 google.protobuf.Timestamp create_time = 2 71 [(google.api.field_behavior) = OUTPUT_ONLY]; 72 73 // Output only. The time at which this Challenge will no longer be usable. It 74 // is also the expiration time for any tokens generated from this Challenge. 75 google.protobuf.Timestamp expire_time = 3 76 [(google.api.field_behavior) = OUTPUT_ONLY]; 77 78 // Output only. Indicates if this challenge has been used to generate a token. 79 bool used = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 80 81 // Output only. Random data which should be used when calling TPM2_Quote. 82 // -- 83 bytes nonce = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 84} 85 86// Message for creating a Challenge 87message CreateChallengeRequest { 88 // Required. The resource name of the location where the Challenge will be 89 // used, in the format `projects/*/locations/*`. 90 string parent = 1 [ 91 (google.api.field_behavior) = REQUIRED, 92 (google.api.resource_reference) = { 93 type: "locations.googleapis.com/Location" 94 } 95 ]; 96 97 // Required. The Challenge to be created. Currently this field can be empty as 98 // all the Challenge fields are set by the server. 99 Challenge challenge = 2 [(google.api.field_behavior) = REQUIRED]; 100} 101 102// A request for an OIDC token, providing all the necessary information needed 103// for this service to verify the plaform state of the requestor. 104message VerifyAttestationRequest { 105 // Required. The name of the Challenge whose nonce was used to generate the 106 // attestation, in the format `projects/*/locations/*/challenges/*`. The 107 // provided Challenge will be consumed, and cannot be used again. 108 string challenge = 1 [ 109 (google.api.field_behavior) = REQUIRED, 110 (google.api.resource_reference) = { 111 type: "confidentialcomputing.googleapis.com/Challenge" 112 } 113 ]; 114 115 // Optional. Credentials used to populate the "emails" claim in the 116 // claims_token. 117 GcpCredentials gcp_credentials = 2 [(google.api.field_behavior) = OPTIONAL]; 118 119 // Required. The TPM-specific data provided by the attesting platform, used to 120 // populate any of the claims regarding platform state. 121 TpmAttestation tpm_attestation = 3 [(google.api.field_behavior) = REQUIRED]; 122} 123 124// A response once an attestation has been successfully verified, containing a 125// signed OIDC token. 126message VerifyAttestationResponse { 127 // Output only. The OIDC token issued by this service. It contains specific 128 // platform claims based on the contents of the provided attestation. 129 // -- 130 bytes claims_token = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 131} 132 133// Credentials issued by GCP which are linked to the platform attestation. These 134// will be verified server-side as part of attestaion verification. 135message GcpCredentials { 136 // A list of service account OpenID Connect ID tokens identifying which 137 // service account identities should be included in the claims_token. These 138 // can be generated by calling `serviceAccounts.generateIdToken`. The 139 // Challenge.name must be used as the `audience` parameter, and the 140 // `includeEmail` parameter must be `true`. 141 // -- 142 repeated bytes id_tokens = 1; 143} 144 145// TPM2 data containing everything necessary to validate any platform state 146// measured into the TPM. 147message TpmAttestation { 148 // Information about Platform Control Registers (PCRs) including a signature 149 // over their values, which can be used for remote validation. 150 message Quote { 151 // The hash algorithm of the PCR bank being quoted, encoded as a TPM_ALG_ID 152 int32 hash_algo = 1; 153 154 // Raw binary values of each PCRs being quoted. 155 map<int32, bytes> pcr_values = 2; 156 157 // TPM2 quote, encoded as a TPMS_ATTEST 158 bytes raw_quote = 3; 159 160 // TPM2 signature, encoded as a TPMT_SIGNATURE 161 bytes raw_signature = 4; 162 } 163 164 // TPM2 PCR Quotes generated by calling TPM2_Quote on each PCR bank. 165 repeated Quote quotes = 1; 166 167 // The binary TCG Event Log containing events measured into the TPM by the 168 // platform firmware and operating system. Formatted as described in the 169 // "TCG PC Client Platform Firmware Profile Specification". 170 bytes tcg_event_log = 2; 171 172 // An Event Log containing additional events measured into the TPM that are 173 // not already present in the tcg_event_log. Formatted as described in the 174 // "Canonical Event Log Format" TCG Specification. 175 bytes canonical_event_log = 3; 176 177 // DER-encoded X.509 certificate of the Attestation Key (otherwise known as 178 // an AK or a TPM restricted signing key) used to generate the quotes. 179 bytes ak_cert = 4; 180 181 // List of DER-encoded X.509 certificates which, together with the ak_cert, 182 // chain back to a trusted Root Certificate. 183 repeated bytes cert_chain = 5; 184} 185