-
Notifications
You must be signed in to change notification settings - Fork 13
/
keybroker.proto
72 lines (55 loc) · 1.54 KB
/
keybroker.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
syntax = "proto3";
package keybroker;
message BundleRequest {
// for platform verification
// the cert chain includes the PDH
string CertificateChain = 1;
// Required to construct launch blob
uint32 Policy = 2;
}
message BundleResponse {
string GuestOwnerPublicKey = 1;
string LaunchBlob = 2;
// GUID
string LaunchId = 3;
}
message RequestDetails {
string Guid = 1;
string Format = 2;
string SecretType = 3;
string Id = 4;
}
message SecretRequest {
// b64 encoded string
string LaunchMeasurement = 1;
string LaunchId = 2;
uint32 Policy = 3;
// Hints for secret validation,
uint32 ApiMajor = 4;
uint32 ApiMinor = 5;
uint32 BuildId = 6;
// The fw digest that the guest was launched with. Hopefully we can
// get this from QEMU. Pass this in as a base64 string.
string FwDigest = 7;
// Flexible description of launch provided by orchestrator
// and logged by KBS.
string LaunchDescription = 8;
repeated RequestDetails SecretRequests = 9;
}
message SecretResponse {
string LaunchSecretHeader = 1;
string LaunchSecretData = 2;
}
message OnlineSecretRequest {
string ClientId = 1;
repeated RequestDetails SecretRequests = 2;
}
message OnlineSecretResponse {
string Payload = 1;
string IV = 2;
}
service KeyBrokerService {
rpc GetBundle(BundleRequest) returns (BundleResponse) {};
rpc GetSecret(SecretRequest) returns (SecretResponse) {};
rpc GetOnlineSecret(OnlineSecretRequest) returns (OnlineSecretResponse) {};
}