confidentialcomputingpb

package
v1.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 16, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ConfidentialComputing_CreateChallenge_FullMethodName   = "/google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing/CreateChallenge"
	ConfidentialComputing_VerifyAttestation_FullMethodName = "/google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing/VerifyAttestation"
)

Variables

View Source 
var ConfidentialComputing_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing",
	HandlerType: (*ConfidentialComputingServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CreateChallenge",
			Handler:    _ConfidentialComputing_CreateChallenge_Handler,
		},
		{
			MethodName: "VerifyAttestation",
			Handler:    _ConfidentialComputing_VerifyAttestation_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "google/cloud/confidentialcomputing/v1alpha1/service.proto",
}

ConfidentialComputing_ServiceDesc is the grpc.ServiceDesc for ConfidentialComputing service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_google_cloud_confidentialcomputing_v1alpha1_service_proto protoreflect.FileDescriptor

Functions

func RegisterConfidentialComputingServer 

func RegisterConfidentialComputingServer(s grpc.ServiceRegistrar, srv ConfidentialComputingServer)

Types

type Challenge 

type Challenge struct {

	// Output only. The resource name for this Challenge in the format
	// `projects/*/locations/*/challenges/*`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The time at which this Challenge was created
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this Challenge will no longer be usable. It
	// is also the expiration time for any tokens generated from this Challenge.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// Output only. Indicates if this challenge has been used to generate a token.
	Used bool `protobuf:"varint,4,opt,name=used,proto3" json:"used,omitempty"`
	// Output only. Random data which should be used when calling TPM2_Quote.
	// --
	Nonce []byte `protobuf:"bytes,5,opt,name=nonce,proto3" json:"nonce,omitempty"`
	// contains filtered or unexported fields
}

A Challenge from the server used to guarantee freshness of attestations

func (*Challenge) Descriptor deprecated 

func (*Challenge) Descriptor() ([]byte, []int)

Deprecated: Use Challenge.ProtoReflect.Descriptor instead.

func (*Challenge) GetCreateTime 

func (x *Challenge) GetCreateTime() *timestamppb.Timestamp

func (*Challenge) GetExpireTime 

func (x *Challenge) GetExpireTime() *timestamppb.Timestamp

func (*Challenge) GetName 

func (x *Challenge) GetName() string

func (*Challenge) GetNonce 

func (x *Challenge) GetNonce() []byte

func (*Challenge) GetUsed 

func (x *Challenge) GetUsed() bool

func (*Challenge) ProtoMessage 

func (*Challenge) ProtoMessage()

func (*Challenge) ProtoReflect 

func (x *Challenge) ProtoReflect() protoreflect.Message

func (*Challenge) Reset 

func (x *Challenge) Reset()

func (*Challenge) String 

func (x *Challenge) String() string

type ConfidentialComputingClient 

type ConfidentialComputingClient interface {
	// Creates a new Challenge in a given project and location.
	CreateChallenge(ctx context.Context, in *CreateChallengeRequest, opts ...grpc.CallOption) (*Challenge, error)
	// Verifies the provided attestation info, returning a signed OIDC token.
	VerifyAttestation(ctx context.Context, in *VerifyAttestationRequest, opts ...grpc.CallOption) (*VerifyAttestationResponse, error)
}

ConfidentialComputingClient is the client API for ConfidentialComputing service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewConfidentialComputingClient 

func NewConfidentialComputingClient(cc grpc.ClientConnInterface) ConfidentialComputingClient

type ConfidentialComputingServer 

type ConfidentialComputingServer interface {
	// Creates a new Challenge in a given project and location.
	CreateChallenge(context.Context, *CreateChallengeRequest) (*Challenge, error)
	// Verifies the provided attestation info, returning a signed OIDC token.
	VerifyAttestation(context.Context, *VerifyAttestationRequest) (*VerifyAttestationResponse, error)
}

ConfidentialComputingServer is the server API for ConfidentialComputing service. All implementations should embed UnimplementedConfidentialComputingServer for forward compatibility

type CreateChallengeRequest 

type CreateChallengeRequest struct {

	// Required. The resource name of the location where the Challenge will be
	// used, in the format `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The Challenge to be created. Currently this field can be empty as
	// all the Challenge fields are set by the server.
	Challenge *Challenge `protobuf:"bytes,2,opt,name=challenge,proto3" json:"challenge,omitempty"`
	// contains filtered or unexported fields
}

Message for creating a Challenge

func (*CreateChallengeRequest) Descriptor deprecated 

func (*CreateChallengeRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateChallengeRequest.ProtoReflect.Descriptor instead.

func (*CreateChallengeRequest) GetChallenge 

func (x *CreateChallengeRequest) GetChallenge() *Challenge

func (*CreateChallengeRequest) GetParent 

func (x *CreateChallengeRequest) GetParent() string

func (*CreateChallengeRequest) ProtoMessage 

func (*CreateChallengeRequest) ProtoMessage()

func (*CreateChallengeRequest) ProtoReflect 

func (x *CreateChallengeRequest) ProtoReflect() protoreflect.Message

func (*CreateChallengeRequest) Reset 

func (x *CreateChallengeRequest) Reset()

func (*CreateChallengeRequest) String 

func (x *CreateChallengeRequest) String() string

type GcpCredentials 

type GcpCredentials struct {

	// A list of service account OpenID Connect ID tokens identifying which
	// service account identities should be included in the claims_token. These
	// can be generated by calling `serviceAccounts.generateIdToken`. The
	// Challenge.name must be used as the `audience` parameter, and the
	// `includeEmail` parameter must be `true`.
	// --
	IdTokens [][]byte `protobuf:"bytes,1,rep,name=id_tokens,json=idTokens,proto3" json:"id_tokens,omitempty"`
	// contains filtered or unexported fields
}

Credentials issued by GCP which are linked to the platform attestation. These will be verified server-side as part of attestaion verification.

func (*GcpCredentials) Descriptor deprecated 

func (*GcpCredentials) Descriptor() ([]byte, []int)

Deprecated: Use GcpCredentials.ProtoReflect.Descriptor instead.

func (*GcpCredentials) GetIdTokens 

func (x *GcpCredentials) GetIdTokens() [][]byte

func (*GcpCredentials) ProtoMessage 

func (*GcpCredentials) ProtoMessage()

func (*GcpCredentials) ProtoReflect 

func (x *GcpCredentials) ProtoReflect() protoreflect.Message

func (*GcpCredentials) Reset 

func (x *GcpCredentials) Reset()

func (*GcpCredentials) String 

func (x *GcpCredentials) String() string

type TpmAttestation 

type TpmAttestation struct {

	// TPM2 PCR Quotes generated by calling TPM2_Quote on each PCR bank.
	Quotes []*TpmAttestation_Quote `protobuf:"bytes,1,rep,name=quotes,proto3" json:"quotes,omitempty"`
	// The binary TCG Event Log containing events measured into the TPM by the
	// platform firmware and operating system. Formatted as described in the
	// "TCG PC Client Platform Firmware Profile Specification".
	TcgEventLog []byte `protobuf:"bytes,2,opt,name=tcg_event_log,json=tcgEventLog,proto3" json:"tcg_event_log,omitempty"`
	// An Event Log containing additional events measured into the TPM that are
	// not already present in the tcg_event_log. Formatted as described in the
	// "Canonical Event Log Format" TCG Specification.
	CanonicalEventLog []byte `protobuf:"bytes,3,opt,name=canonical_event_log,json=canonicalEventLog,proto3" json:"canonical_event_log,omitempty"`
	// DER-encoded X.509 certificate of the Attestation Key (otherwise known as
	// an AK or a TPM restricted signing key) used to generate the quotes.
	AkCert []byte `protobuf:"bytes,4,opt,name=ak_cert,json=akCert,proto3" json:"ak_cert,omitempty"`
	// List of DER-encoded X.509 certificates which, together with the ak_cert,
	// chain back to a trusted Root Certificate.
	CertChain [][]byte `protobuf:"bytes,5,rep,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"`
	// contains filtered or unexported fields
}

TPM2 data containing everything necessary to validate any platform state measured into the TPM.

func (*TpmAttestation) Descriptor deprecated 

func (*TpmAttestation) Descriptor() ([]byte, []int)

Deprecated: Use TpmAttestation.ProtoReflect.Descriptor instead.

func (*TpmAttestation) GetAkCert 

func (x *TpmAttestation) GetAkCert() []byte

func (*TpmAttestation) GetCanonicalEventLog 

func (x *TpmAttestation) GetCanonicalEventLog() []byte

func (*TpmAttestation) GetCertChain 

func (x *TpmAttestation) GetCertChain() [][]byte

func (*TpmAttestation) GetQuotes 

func (x *TpmAttestation) GetQuotes() []*TpmAttestation_Quote

func (*TpmAttestation) GetTcgEventLog 

func (x *TpmAttestation) GetTcgEventLog() []byte

func (*TpmAttestation) ProtoMessage 

func (*TpmAttestation) ProtoMessage()

func (*TpmAttestation) ProtoReflect 

func (x *TpmAttestation) ProtoReflect() protoreflect.Message

func (*TpmAttestation) Reset 

func (x *TpmAttestation) Reset()

func (*TpmAttestation) String 

func (x *TpmAttestation) String() string

type TpmAttestation_Quote 

type TpmAttestation_Quote struct {

	// The hash algorithm of the PCR bank being quoted, encoded as a TPM_ALG_ID
	HashAlgo int32 `protobuf:"varint,1,opt,name=hash_algo,json=hashAlgo,proto3" json:"hash_algo,omitempty"`
	// Raw binary values of each PCRs being quoted.
	PcrValues map[int32][]byte `` /* 177-byte string literal not displayed */
	// TPM2 quote, encoded as a TPMS_ATTEST
	RawQuote []byte `protobuf:"bytes,3,opt,name=raw_quote,json=rawQuote,proto3" json:"raw_quote,omitempty"`
	// TPM2 signature, encoded as a TPMT_SIGNATURE
	RawSignature []byte `protobuf:"bytes,4,opt,name=raw_signature,json=rawSignature,proto3" json:"raw_signature,omitempty"`
	// contains filtered or unexported fields
}

Information about Platform Control Registers (PCRs) including a signature over their values, which can be used for remote validation.

func (*TpmAttestation_Quote) Descriptor deprecated 

func (*TpmAttestation_Quote) Descriptor() ([]byte, []int)

Deprecated: Use TpmAttestation_Quote.ProtoReflect.Descriptor instead.

func (*TpmAttestation_Quote) GetHashAlgo 

func (x *TpmAttestation_Quote) GetHashAlgo() int32

func (*TpmAttestation_Quote) GetPcrValues 

func (x *TpmAttestation_Quote) GetPcrValues() map[int32][]byte

func (*TpmAttestation_Quote) GetRawQuote 

func (x *TpmAttestation_Quote) GetRawQuote() []byte

func (*TpmAttestation_Quote) GetRawSignature 

func (x *TpmAttestation_Quote) GetRawSignature() []byte

func (*TpmAttestation_Quote) ProtoMessage 

func (*TpmAttestation_Quote) ProtoMessage()

func (*TpmAttestation_Quote) ProtoReflect 

func (x *TpmAttestation_Quote) ProtoReflect() protoreflect.Message

func (*TpmAttestation_Quote) Reset 

func (x *TpmAttestation_Quote) Reset()

func (*TpmAttestation_Quote) String 

func (x *TpmAttestation_Quote) String() string

type UnimplementedConfidentialComputingServer 

type UnimplementedConfidentialComputingServer struct {
}

UnimplementedConfidentialComputingServer should be embedded to have forward compatible implementations.

func (UnimplementedConfidentialComputingServer) CreateChallenge 

func (UnimplementedConfidentialComputingServer) CreateChallenge(context.Context, *CreateChallengeRequest) (*Challenge, error)

func (UnimplementedConfidentialComputingServer) VerifyAttestation 

func (UnimplementedConfidentialComputingServer) VerifyAttestation(context.Context, *VerifyAttestationRequest) (*VerifyAttestationResponse, error)

type UnsafeConfidentialComputingServer added in v1.10.1 

type UnsafeConfidentialComputingServer interface {
	// contains filtered or unexported methods
}

UnsafeConfidentialComputingServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to ConfidentialComputingServer will result in compilation errors.

type VerifyAttestationRequest 

type VerifyAttestationRequest struct {

	// Required. The name of the Challenge whose nonce was used to generate the
	// attestation, in the format `projects/*/locations/*/challenges/*`. The
	// provided Challenge will be consumed, and cannot be used again.
	Challenge string `protobuf:"bytes,1,opt,name=challenge,proto3" json:"challenge,omitempty"`
	// Optional. Credentials used to populate the "emails" claim in the
	// claims_token.
	GcpCredentials *GcpCredentials `protobuf:"bytes,2,opt,name=gcp_credentials,json=gcpCredentials,proto3" json:"gcp_credentials,omitempty"`
	// Required. The TPM-specific data provided by the attesting platform, used to
	// populate any of the claims regarding platform state.
	TpmAttestation *TpmAttestation `protobuf:"bytes,3,opt,name=tpm_attestation,json=tpmAttestation,proto3" json:"tpm_attestation,omitempty"`
	// contains filtered or unexported fields
}

A request for an OIDC token, providing all the necessary information needed for this service to verify the plaform state of the requestor.

func (*VerifyAttestationRequest) Descriptor deprecated 

func (*VerifyAttestationRequest) Descriptor() ([]byte, []int)

Deprecated: Use VerifyAttestationRequest.ProtoReflect.Descriptor instead.

func (*VerifyAttestationRequest) GetChallenge 

func (x *VerifyAttestationRequest) GetChallenge() string

func (*VerifyAttestationRequest) GetGcpCredentials 

func (x *VerifyAttestationRequest) GetGcpCredentials() *GcpCredentials

func (*VerifyAttestationRequest) GetTpmAttestation 

func (x *VerifyAttestationRequest) GetTpmAttestation() *TpmAttestation

func (*VerifyAttestationRequest) ProtoMessage 

func (*VerifyAttestationRequest) ProtoMessage()

func (*VerifyAttestationRequest) ProtoReflect 

func (x *VerifyAttestationRequest) ProtoReflect() protoreflect.Message

func (*VerifyAttestationRequest) Reset 

func (x *VerifyAttestationRequest) Reset()

func (*VerifyAttestationRequest) String 

func (x *VerifyAttestationRequest) String() string

type VerifyAttestationResponse 

type VerifyAttestationResponse struct {

	// Output only. The OIDC token issued by this service. It contains specific
	// platform claims based on the contents of the provided attestation.
	// --
	ClaimsToken []byte `protobuf:"bytes,1,opt,name=claims_token,json=claimsToken,proto3" json:"claims_token,omitempty"`
	// contains filtered or unexported fields
}

A response once an attestation has been successfully verified, containing a signed OIDC token.

func (*VerifyAttestationResponse) Descriptor deprecated 

func (*VerifyAttestationResponse) Descriptor() ([]byte, []int)

Deprecated: Use VerifyAttestationResponse.ProtoReflect.Descriptor instead.

func (*VerifyAttestationResponse) GetClaimsToken 

func (x *VerifyAttestationResponse) GetClaimsToken() []byte

func (*VerifyAttestationResponse) ProtoMessage 

func (*VerifyAttestationResponse) ProtoMessage()

func (*VerifyAttestationResponse) ProtoReflect 

func (x *VerifyAttestationResponse) ProtoReflect() protoreflect.Message

func (*VerifyAttestationResponse) Reset 

func (x *VerifyAttestationResponse) Reset()

func (*VerifyAttestationResponse) String 

func (x *VerifyAttestationResponse) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.