package google.cloud.confidentialcomputing.v1

Get desktop application:
View/edit binary Protocol Buffers messages

Service describing handlers for resources

• rpc CreateChallenge (CreateChallengeRequest, Challenge)

  service.proto:41

  Creates a new Challenge in a given project and location.

  message CreateChallengeRequest

  service.proto:121

  Message for creating a Challenge

  • string parent = 1

    Required. The resource name of the location where the Challenge will be used, in the format `projects/*/locations/*`.

  • optional Challenge challenge = 2

    Required. The Challenge to be created. Currently this field can be empty as all the Challenge fields are set by the server.

• rpc VerifyAttestation (VerifyAttestationRequest, VerifyAttestationResponse)

  service.proto:50

  Verifies the provided attestation info, returning a signed OIDC token.

  message VerifyAttestationRequest

  service.proto:138

  A request for an OIDC token, providing all the necessary information needed for this service to verify the platform state of the requestor.

  • oneof tee_attestation

    An optional tee attestation report, used to populate hardware rooted claims.

    • TdxCcelAttestation td_ccel = 6

      Optional. A TDX with CCEL and RTMR Attestation Quote.

    • SevSnpAttestation sev_snp_attestation = 7

      Optional. An SEV-SNP Attestation Report.

  • string challenge = 1

    Required. The name of the Challenge whose nonce was used to generate the attestation, in the format `projects/*/locations/*/challenges/*`. The provided Challenge will be consumed, and cannot be used again.

  • optional GcpCredentials gcp_credentials = 2

    Optional. Credentials used to populate the "emails" claim in the claims_token.

  • optional TpmAttestation tpm_attestation = 3

    Required. The TPM-specific data provided by the attesting platform, used to populate any of the claims regarding platform state.

  • optional ConfidentialSpaceInfo confidential_space_info = 4

    Optional. Optional information related to the Confidential Space TEE.

  • optional TokenOptions token_options = 5

    Optional. A collection of optional, workload-specified claims that modify the token output.

  • string attester = 8

    Optional. An optional indicator of the attester, only applies to certain products.

  message VerifyAttestationResponse

  service.proto:218

  A response once an attestation has been successfully verified, containing a signed OIDC token.

  • string oidc_claims_token = 2

    Output only. Same as claims_token, but as a string.

  • repeated rpc.Status partial_errors = 3

    Output only. A list of messages that carry the partial error details related to VerifyAttestation.

A Challenge from the server used to guarantee freshness of attestations

Used as response type in: ConfidentialComputing.CreateChallenge

Used as field type in: CreateChallengeRequest

• string name = 1

  Output only. The resource name for this Challenge in the format `projects/*/locations/*/challenges/*`

• optional protobuf.Timestamp create_time = 2

  Output only. The time at which this Challenge was created

• optional protobuf.Timestamp expire_time = 3

  Output only. The time at which this Challenge will no longer be usable. It is also the expiration time for any tokens generated from this Challenge.

• bool used = 4

  Output only. Indicates if this challenge has been used to generate a token.

• string tpm_nonce = 6

  Output only. Identical to nonce, but as a string.

ConfidentialSpaceInfo contains information related to the Confidential Space TEE.

Used in: VerifyAttestationRequest

• repeated SignedEntity signed_entities = 1

  Optional. A list of signed entities containing container image signatures that can be used for server-side signature verification.

ContainerImageSignature holds necessary metadata to verify a container image signature.

Used in: SignedEntity

• bytes payload = 1

  Optional. The binary signature payload following the SimpleSigning format https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing. This payload includes the container image digest.

• bytes signature = 2

  Optional. A signature over the payload. The container image digest is incorporated into the signature as follows: 1. Generate a SimpleSigning format payload that includes the container image digest. 2. Generate a signature over SHA256 digest of the payload. The signature generation process can be represented as follows: `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))`

• bytes public_key = 3

  Optional. Reserved for future use.

• SigningAlgorithm sig_alg = 4

  Optional. Reserved for future use.

Credentials issued by GCP which are linked to the platform attestation. These will be verified server-side as part of attestaion verification.

Used in: VerifyAttestationRequest

• repeated string service_account_id_tokens = 2

  Same as id_tokens, but as a string.

An SEV-SNP Attestation Report. Contains the attestation report and the certificate bundle that the client collects.

Used in: VerifyAttestationRequest

• bytes report = 1

  Optional. The SEV-SNP Attestation Report Format is in revision 1.55, §7.3 Attestation, Table 22. ATTESTATION_REPORT Structure in this document: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf

• bytes aux_blob = 2

  Optional. Certificate bundle defined in the GHCB protocol definition Format is documented in GHCB revision 2.03, section 4.1.8.1 struct cert_table in this document: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf

SignedEntity represents an OCI image object containing everything necessary to verify container image signatures.

Used in: ConfidentialSpaceInfo

• repeated ContainerImageSignature container_image_signatures = 1

  Optional. A list of container image signatures attached to an OCI image object.

SigningAlgorithm enumerates all the supported signing algorithms.

Used in: ContainerImageSignature

• SIGNING_ALGORITHM_UNSPECIFIED = 0

  Unspecified signing algorithm.

• RSASSA_PSS_SHA256 = 1

  RSASSA-PSS with a SHA256 digest.

• RSASSA_PKCS1V15_SHA256 = 2

  RSASSA-PKCS1 v1.5 with a SHA256 digest.

• ECDSA_P256_SHA256 = 3

  ECDSA on the P-256 Curve with a SHA256 digest.

A TDX Attestation quote.

Used in: VerifyAttestationRequest

• bytes ccel_acpi_table = 1

  Optional. The Confidential Computing Event Log (CCEL) ACPI table. Formatted as described in the ACPI Specification 6.5.

• bytes ccel_data = 2

  Optional. The CCEL event log. Formatted as described in the UEFI 2.10.

• bytes canonical_event_log = 3

  Optional. An Event Log containing additional events measured into the RTMR that are not already present in the CCEL.

• bytes td_quote = 4

  Optional. The TDX attestation quote from the guest. It contains the RTMR values.

Options to modify claims in the token to generate custom-purpose tokens.

Used in: VerifyAttestationRequest

• oneof token_type_options

  An optional additional configuration per token type.

  • TokenOptions.AwsPrincipalTagsOptions aws_principal_tags_options = 4

    Optional. Options for the Limited AWS token type.

• string audience = 1

  Optional. Optional string to issue the token with a custom audience claim. Required if one or more nonces are specified.

• repeated string nonce = 2

  Optional. Optional parameter to place one or more nonces in the eat_nonce claim in the output token. The minimum size for JSON-encoded EATs is 10 bytes and the maximum size is 74 bytes.

• TokenType token_type = 3

  Optional. Optional token type to select what type of token to return.

Token options that only apply to the AWS Principal Tags token type.

Used in: TokenOptions

• optional AwsPrincipalTagsOptions.AllowedPrincipalTags allowed_principal_tags = 1

  Optional. Principal tags to allow in the token.

Allowed principal tags is used to define what principal tags will be placed in the token.

Used in: AwsPrincipalTagsOptions

• optional AllowedPrincipalTags.ContainerImageSignatures container_image_signatures = 1

  Optional. Container image signatures allowed in the token.

Allowed Container Image Signatures. Key IDs are required to allow this claim to fit within the narrow AWS IAM restrictions.

Used in: AllowedPrincipalTags

• repeated string key_ids = 1

  Optional. List of key ids to filter into the Principal tags. Only keys that have been validated and added to the token will be filtered into principal tags. Unrecognized key ids will be ignored.

Token type enum contains the different types of token responses Confidential Space supports

Used in: TokenOptions

• TOKEN_TYPE_UNSPECIFIED = 0

  Unspecified token type

• TOKEN_TYPE_OIDC = 1

  OpenID Connect (OIDC) token type

• TOKEN_TYPE_PKI = 2

  Public Key Infrastructure (PKI) token type

• TOKEN_TYPE_LIMITED_AWS = 3

  Limited claim token type for AWS integration

• TOKEN_TYPE_AWS_PRINCIPALTAGS = 4

  Principal-tag-based token for AWS integration

TPM2 data containing everything necessary to validate any platform state measured into the TPM.

Used in: VerifyAttestationRequest

• repeated TpmAttestation.Quote quotes = 1

  TPM2 PCR Quotes generated by calling TPM2_Quote on each PCR bank.

• bytes tcg_event_log = 2

  The binary TCG Event Log containing events measured into the TPM by the platform firmware and operating system. Formatted as described in the "TCG PC Client Platform Firmware Profile Specification".

• bytes canonical_event_log = 3

  An Event Log containing additional events measured into the TPM that are not already present in the tcg_event_log. Formatted as described in the "Canonical Event Log Format" TCG Specification.

• bytes ak_cert = 4

  DER-encoded X.509 certificate of the Attestation Key (otherwise known as an AK or a TPM restricted signing key) used to generate the quotes.

• repeated bytes cert_chain = 5

  List of DER-encoded X.509 certificates which, together with the ak_cert, chain back to a trusted Root Certificate.

Information about Platform Control Registers (PCRs) including a signature over their values, which can be used for remote validation.

Used in: TpmAttestation

• int32 hash_algo = 1

  The hash algorithm of the PCR bank being quoted, encoded as a TPM_ALG_ID

• map<int32, bytes> pcr_values = 2

  Raw binary values of each PCRs being quoted.

• bytes raw_quote = 3

  TPM2 quote, encoded as a TPMS_ATTEST

• bytes raw_signature = 4

  TPM2 signature, encoded as a TPMT_SIGNATURE