common.proto - Android社区 - https://www.androidos.net.cn/

// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

option optimize_for = LITE_RUNTIME;

package attestation;

// Describes key type.
enum KeyType {
  KEY_TYPE_RSA = 1;
  KEY_TYPE_ECC = 2;
}

// Describes allowed key usage.
enum KeyUsage {
  KEY_USAGE_SIGN = 1;
  KEY_USAGE_DECRYPT = 2;
}

// Enumerates various certificate profiles supported by the Attestation CA.
enum CertificateProfile {
  // A certificate intended for enterprise-owned devices.  It has the following
  // subjectName fields:
  //   CN=<stable device identifier>
  //   OU=state:[verified|developer]
  //   O=Chrome Device Enterprise
  ENTERPRISE_MACHINE_CERTIFICATE = 0;

  // A certificate intended for enterprise-owned user accounts.  It has the
  // following subjectName fields:
  //   OU=state:[verified|developer]
  //   O=Chrome Device Enterprise
  ENTERPRISE_USER_CERTIFICATE = 1;

  // A certificate intended for platform verification by providers of protected
  // content.  It has the following subjectName fields:
  //   O=Chrome Device Content Protection
  CONTENT_PROTECTION_CERTIFICATE = 2;

  // Like above, but it also includes a stable ID and origin.
  //   CN=<origin-specific device identifier>
  //   OU=<origin>
  //   O=Chrome Device Content Protection
  CONTENT_PROTECTION_CERTIFICATE_WITH_STABLE_ID = 3;

  // A certificate intended for cast devices.
  CAST_CERTIFICATE = 4;

  GFSC_CERTIFICATE = 5;
}

// Holds information about a quote generated by the TPM.
message Quote {
  // The quote; a signature generated with the AIK.
  optional bytes quote = 1;
  // The serialized data that was quoted; this assists in verifying the quote.
  optional bytes quoted_data = 2;
  // The value of the PCR(s) at the time the quote was generated.
  optional bytes quoted_pcr_value = 3;
  // Source data which was originally used to extend the PCR. If this field
  // exists it can be expected that SHA1(pcr_source_hint) was extended into the
  // PCR.
  optional bytes pcr_source_hint = 4;
}

// Holds encrypted data and information required to decrypt it.
message EncryptedData {
  // A key that has been sealed to the TPM or wrapped by another key.
  optional bytes wrapped_key = 2;
  // The initialization vector used during encryption.
  optional bytes iv = 3;
  // MAC of (iv || encrypted_data).
  optional bytes mac = 4;
  optional bytes encrypted_data = 5;
  // An identifier for the wrapping key to assist in decryption.
  optional bytes wrapping_key_id = 6;
}

// The wrapper message of any data and its signature.
message SignedData {
  // The data to be signed.
  optional bytes data = 1;
  // The signature of the data field.
  optional bytes signature = 2;
}

// These two fields are suitable for passing to Tspi_TPM_ActivateIdentity()
// directly.
message EncryptedIdentityCredential {
  // TPM_ASYM_CA_CONTENTS, encrypted with EK public key.
  optional bytes asym_ca_contents = 1;
  // TPM_SYM_CA_ATTESTATION, encrypted with the key in aysm_ca_contents.
  optional bytes sym_ca_attestation = 2;
}