// Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package stet.proto; import "proto/attest.proto"; option go_package = "github.com/GoogleCloudPlatform/stet/proto/attestation_evidence_go_proto"; // All fields are optional. This proto message will be extended in the future as // new types of evidence are supported. message AttestationEvidence { attest.Attestation attestation = 1; } // The types of evidence that may be presented in AttestationEvidence. These // enumerated values are used to negotiate between the client and server. Each // enumeration value corresponds with an optional field of the // AttestationEvidence message. enum AttestationEvidenceType { UNKNOWN_EVIDENCE_TYPE = 0; NULL_ATTESTATION = 1; // Indicates workload unable to produce attestation. TPM2_QUOTE = 2; // AttestationEvidence.attestation.quotes TCG_EVENT_LOG = 3; // AttestationEvidence.attestation.canonical_event_log } // The types of nonces that may be used to generate attestations. This exists to // allow for servers and clients to negotiate what nonces they understand to // facilitate a migration period for servers without breaking multi-EKM // connections from the same client. enum NonceType { NONCE_TYPE_UNKNOWN = 0; NONCE_EKM32 = 1; // uses 32-byte exported keying material (EKM) } message AttestationEvidenceTypeList { repeated AttestationEvidenceType types = 1; repeated NonceType nonce_types = 2; }