Package cloud.google.com/go/confidentialcomputing/apiv1alpha1/confidentialcomputingpb (v1.1.0)

Variables

File_google_cloud_confidentialcomputing_v1alpha1_service_proto

var File_google_cloud_confidentialcomputing_v1alpha1_service_proto protoreflect.FileDescriptor

Functions

func RegisterConfidentialComputingServer

func RegisterConfidentialComputingServer(s *grpc.Server, srv ConfidentialComputingServer)

Challenge

type Challenge struct {

	// Output only. The resource name for this Challenge in the format
	// `projects/*/locations/*/challenges/*`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The time at which this Challenge was created
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this Challenge will no longer be usable. It
	// is also the expiration time for any tokens generated from this Challenge.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// Output only. Indicates if this challenge has been used to generate a token.
	Used bool `protobuf:"varint,4,opt,name=used,proto3" json:"used,omitempty"`
	// Output only. Random data which should be used when calling TPM2_Quote.
	// --
	Nonce []byte `protobuf:"bytes,5,opt,name=nonce,proto3" json:"nonce,omitempty"`
	// contains filtered or unexported fields
}

A Challenge from the server used to guarantee freshness of attestations

func (*Challenge) Descriptor

func (*Challenge) Descriptor() ([]byte, []int)

Deprecated: Use Challenge.ProtoReflect.Descriptor instead.

func (*Challenge) GetCreateTime

func (x *Challenge) GetCreateTime() *timestamppb.Timestamp

func (*Challenge) GetExpireTime

func (x *Challenge) GetExpireTime() *timestamppb.Timestamp

func (*Challenge) GetName

func (x *Challenge) GetName() string

func (*Challenge) GetNonce

func (x *Challenge) GetNonce() []byte

func (*Challenge) GetUsed

func (x *Challenge) GetUsed() bool

func (*Challenge) ProtoMessage

func (*Challenge) ProtoMessage()

func (*Challenge) ProtoReflect

func (x *Challenge) ProtoReflect() protoreflect.Message

func (*Challenge) Reset

func (x *Challenge) Reset()

func (*Challenge) String

func (x *Challenge) String() string

ConfidentialComputingClient

type ConfidentialComputingClient interface {
	// Creates a new Challenge in a given project and location.
	CreateChallenge(ctx context.Context, in *CreateChallengeRequest, opts ...grpc.CallOption) (*Challenge, error)
	// Verifies the provided attestation info, returning a signed OIDC token.
	VerifyAttestation(ctx context.Context, in *VerifyAttestationRequest, opts ...grpc.CallOption) (*VerifyAttestationResponse, error)
}

ConfidentialComputingClient is the client API for ConfidentialComputing service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewConfidentialComputingClient

func NewConfidentialComputingClient(cc grpc.ClientConnInterface) ConfidentialComputingClient

ConfidentialComputingServer

type ConfidentialComputingServer interface {
	// Creates a new Challenge in a given project and location.
	CreateChallenge(context.Context, *CreateChallengeRequest) (*Challenge, error)
	// Verifies the provided attestation info, returning a signed OIDC token.
	VerifyAttestation(context.Context, *VerifyAttestationRequest) (*VerifyAttestationResponse, error)
}

ConfidentialComputingServer is the server API for ConfidentialComputing service.

CreateChallengeRequest

type CreateChallengeRequest struct {

	// Required. The resource name of the location where the Challenge will be
	// used, in the format `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The Challenge to be created. Currently this field can be empty as
	// all the Challenge fields are set by the server.
	Challenge *Challenge `protobuf:"bytes,2,opt,name=challenge,proto3" json:"challenge,omitempty"`
	// contains filtered or unexported fields
}

Message for creating a Challenge

func (*CreateChallengeRequest) Descriptor

func (*CreateChallengeRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateChallengeRequest.ProtoReflect.Descriptor instead.

func (*CreateChallengeRequest) GetChallenge

func (x *CreateChallengeRequest) GetChallenge() *Challenge

func (*CreateChallengeRequest) GetParent

func (x *CreateChallengeRequest) GetParent() string

func (*CreateChallengeRequest) ProtoMessage

func (*CreateChallengeRequest) ProtoMessage()

func (*CreateChallengeRequest) ProtoReflect

func (x *CreateChallengeRequest) ProtoReflect() protoreflect.Message

func (*CreateChallengeRequest) Reset

func (x *CreateChallengeRequest) Reset()

func (*CreateChallengeRequest) String

func (x *CreateChallengeRequest) String() string

GcpCredentials

type GcpCredentials struct {

	// A list of service account OpenID Connect ID tokens identifying which
	// service account identities should be included in the claims_token. These
	// can be generated by calling `serviceAccounts.generateIdToken`. The
	// Challenge.name must be used as the `audience` parameter, and the
	// `includeEmail` parameter must be `true`.
	// --
	IdTokens [][]byte `protobuf:"bytes,1,rep,name=id_tokens,json=idTokens,proto3" json:"id_tokens,omitempty"`
	// contains filtered or unexported fields
}

Credentials issued by GCP which are linked to the platform attestation. These will be verified server-side as part of attestaion verification.

func (*GcpCredentials) Descriptor

func (*GcpCredentials) Descriptor() ([]byte, []int)

Deprecated: Use GcpCredentials.ProtoReflect.Descriptor instead.

func (*GcpCredentials) GetIdTokens

func (x *GcpCredentials) GetIdTokens() [][]byte

func (*GcpCredentials) ProtoMessage

func (*GcpCredentials) ProtoMessage()

func (*GcpCredentials) ProtoReflect

func (x *GcpCredentials) ProtoReflect() protoreflect.Message

func (*GcpCredentials) Reset

func (x *GcpCredentials) Reset()

func (*GcpCredentials) String

func (x *GcpCredentials) String() string

TpmAttestation

type TpmAttestation struct {

	// TPM2 PCR Quotes generated by calling TPM2_Quote on each PCR bank.
	Quotes []*TpmAttestation_Quote `protobuf:"bytes,1,rep,name=quotes,proto3" json:"quotes,omitempty"`
	// The binary TCG Event Log containing events measured into the TPM by the
	// platform firmware and operating system. Formatted as described in the
	// "TCG PC Client Platform Firmware Profile Specification".
	TcgEventLog []byte `protobuf:"bytes,2,opt,name=tcg_event_log,json=tcgEventLog,proto3" json:"tcg_event_log,omitempty"`
	// An Event Log containing additional events measured into the TPM that are
	// not already present in the tcg_event_log. Formatted as described in the
	// "Canonical Event Log Format" TCG Specification.
	CanonicalEventLog []byte `protobuf:"bytes,3,opt,name=canonical_event_log,json=canonicalEventLog,proto3" json:"canonical_event_log,omitempty"`
	// DER-encoded X.509 certificate of the Attestation Key (otherwise known as
	// an AK or a TPM restricted signing key) used to generate the quotes.
	AkCert []byte `protobuf:"bytes,4,opt,name=ak_cert,json=akCert,proto3" json:"ak_cert,omitempty"`
	// List of DER-encoded X.509 certificates which, together with the ak_cert,
	// chain back to a trusted Root Certificate.
	CertChain [][]byte `protobuf:"bytes,5,rep,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"`
	// contains filtered or unexported fields
}

TPM2 data containing everything necessary to validate any platform state measured into the TPM.

func (*TpmAttestation) Descriptor

func (*TpmAttestation) Descriptor() ([]byte, []int)

Deprecated: Use TpmAttestation.ProtoReflect.Descriptor instead.

func (*TpmAttestation) GetAkCert

func (x *TpmAttestation) GetAkCert() []byte

func (*TpmAttestation) GetCanonicalEventLog

func (x *TpmAttestation) GetCanonicalEventLog() []byte

func (*TpmAttestation) GetCertChain

func (x *TpmAttestation) GetCertChain() [][]byte

func (*TpmAttestation) GetQuotes

func (x *TpmAttestation) GetQuotes() []*TpmAttestation_Quote

func (*TpmAttestation) GetTcgEventLog

func (x *TpmAttestation) GetTcgEventLog() []byte

func (*TpmAttestation) ProtoMessage

func (*TpmAttestation) ProtoMessage()

func (*TpmAttestation) ProtoReflect

func (x *TpmAttestation) ProtoReflect() protoreflect.Message

func (*TpmAttestation) Reset

func (x *TpmAttestation) Reset()

func (*TpmAttestation) String

func (x *TpmAttestation) String() string

TpmAttestation_Quote

type TpmAttestation_Quote struct {
	HashAlgo int32 `protobuf:"varint,1,opt,name=hash_algo,json=hashAlgo,proto3" json:"hash_algo,omitempty"`

	PcrValues map[int32][]byte "" /* 177 byte string literal not displayed */

	RawQuote []byte `protobuf:"bytes,3,opt,name=raw_quote,json=rawQuote,proto3" json:"raw_quote,omitempty"`

	RawSignature []byte `protobuf:"bytes,4,opt,name=raw_signature,json=rawSignature,proto3" json:"raw_signature,omitempty"`

}

Information about Platform Control Registers (PCRs) including a signature over their values, which can be used for remote validation.

func (*TpmAttestation_Quote) Descriptor

func (*TpmAttestation_Quote) Descriptor() ([]byte, []int)

Deprecated: Use TpmAttestation_Quote.ProtoReflect.Descriptor instead.

func (*TpmAttestation_Quote) GetHashAlgo

func (x *TpmAttestation_Quote) GetHashAlgo() int32

func (*TpmAttestation_Quote) GetPcrValues

func (x *TpmAttestation_Quote) GetPcrValues() map[int32][]byte

func (*TpmAttestation_Quote) GetRawQuote

func (x *TpmAttestation_Quote) GetRawQuote() []byte

func (*TpmAttestation_Quote) GetRawSignature

func (x *TpmAttestation_Quote) GetRawSignature() []byte

func (*TpmAttestation_Quote) ProtoMessage

func (*TpmAttestation_Quote) ProtoMessage()

func (*TpmAttestation_Quote) ProtoReflect

func (x *TpmAttestation_Quote) ProtoReflect() protoreflect.Message

func (*TpmAttestation_Quote) Reset

func (x *TpmAttestation_Quote) Reset()

func (*TpmAttestation_Quote) String

func (x *TpmAttestation_Quote) String() string

UnimplementedConfidentialComputingServer

type UnimplementedConfidentialComputingServer struct {
}

UnimplementedConfidentialComputingServer can be embedded to have forward compatible implementations.

func (*UnimplementedConfidentialComputingServer) CreateChallenge

func (*UnimplementedConfidentialComputingServer) VerifyAttestation

VerifyAttestationRequest

type VerifyAttestationRequest struct {

	// Required. The name of the Challenge whose nonce was used to generate the
	// attestation, in the format `projects/*/locations/*/challenges/*`. The
	// provided Challenge will be consumed, and cannot be used again.
	Challenge string `protobuf:"bytes,1,opt,name=challenge,proto3" json:"challenge,omitempty"`
	// Optional. Credentials used to populate the "emails" claim in the
	// claims_token.
	GcpCredentials *GcpCredentials `protobuf:"bytes,2,opt,name=gcp_credentials,json=gcpCredentials,proto3" json:"gcp_credentials,omitempty"`
	// Required. The TPM-specific data provided by the attesting platform, used to
	// populate any of the claims regarding platform state.
	TpmAttestation *TpmAttestation `protobuf:"bytes,3,opt,name=tpm_attestation,json=tpmAttestation,proto3" json:"tpm_attestation,omitempty"`
	// contains filtered or unexported fields
}

A request for an OIDC token, providing all the necessary information needed for this service to verify the plaform state of the requestor.

func (*VerifyAttestationRequest) Descriptor

func (*VerifyAttestationRequest) Descriptor() ([]byte, []int)

Deprecated: Use VerifyAttestationRequest.ProtoReflect.Descriptor instead.

func (*VerifyAttestationRequest) GetChallenge

func (x *VerifyAttestationRequest) GetChallenge() string

func (*VerifyAttestationRequest) GetGcpCredentials

func (x *VerifyAttestationRequest) GetGcpCredentials() *GcpCredentials

func (*VerifyAttestationRequest) GetTpmAttestation

func (x *VerifyAttestationRequest) GetTpmAttestation() *TpmAttestation

func (*VerifyAttestationRequest) ProtoMessage

func (*VerifyAttestationRequest) ProtoMessage()

func (*VerifyAttestationRequest) ProtoReflect

func (x *VerifyAttestationRequest) ProtoReflect() protoreflect.Message

func (*VerifyAttestationRequest) Reset

func (x *VerifyAttestationRequest) Reset()

func (*VerifyAttestationRequest) String

func (x *VerifyAttestationRequest) String() string

VerifyAttestationResponse

type VerifyAttestationResponse struct {

	// Output only. The OIDC token issued by this service. It contains specific
	// platform claims based on the contents of the provided attestation.
	// --
	ClaimsToken []byte `protobuf:"bytes,1,opt,name=claims_token,json=claimsToken,proto3" json:"claims_token,omitempty"`
	// contains filtered or unexported fields
}

A response once an attestation has been successfully verified, containing a signed OIDC token.

func (*VerifyAttestationResponse) Descriptor

func (*VerifyAttestationResponse) Descriptor() ([]byte, []int)

Deprecated: Use VerifyAttestationResponse.ProtoReflect.Descriptor instead.

func (*VerifyAttestationResponse) GetClaimsToken

func (x *VerifyAttestationResponse) GetClaimsToken() []byte

func (*VerifyAttestationResponse) ProtoMessage

func (*VerifyAttestationResponse) ProtoMessage()

func (*VerifyAttestationResponse) ProtoReflect

func (*VerifyAttestationResponse) Reset

func (x *VerifyAttestationResponse) Reset()

func (*VerifyAttestationResponse) String

func (x *VerifyAttestationResponse) String() string