Variables
SigningAlgorithm_name, SigningAlgorithm_value
var (
SigningAlgorithm_name = map[int32]string{
0: "SIGNING_ALGORITHM_UNSPECIFIED",
1: "RSASSA_PSS_SHA256",
2: "RSASSA_PKCS1V15_SHA256",
3: "ECDSA_P256_SHA256",
}
SigningAlgorithm_value = map[string]int32{
"SIGNING_ALGORITHM_UNSPECIFIED": 0,
"RSASSA_PSS_SHA256": 1,
"RSASSA_PKCS1V15_SHA256": 2,
"ECDSA_P256_SHA256": 3,
}
)
Enum value maps for SigningAlgorithm.
TokenType_name, TokenType_value
var (
TokenType_name = map[int32]string{
0: "TOKEN_TYPE_UNSPECIFIED",
1: "TOKEN_TYPE_OIDC",
2: "TOKEN_TYPE_PKI",
3: "TOKEN_TYPE_LIMITED_AWS",
}
TokenType_value = map[string]int32{
"TOKEN_TYPE_UNSPECIFIED": 0,
"TOKEN_TYPE_OIDC": 1,
"TOKEN_TYPE_PKI": 2,
"TOKEN_TYPE_LIMITED_AWS": 3,
}
)
Enum value maps for TokenType.
File_google_cloud_confidentialcomputing_v1_service_proto
var File_google_cloud_confidentialcomputing_v1_service_proto protoreflect.FileDescriptor
Functions
func RegisterConfidentialComputingServer
func RegisterConfidentialComputingServer(s *grpc.Server, srv ConfidentialComputingServer)
Challenge
type Challenge struct {
// Output only. The resource name for this Challenge in the format
// `projects/*/locations/*/challenges/*`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Output only. The time at which this Challenge was created
CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. The time at which this Challenge will no longer be usable. It
// is also the expiration time for any tokens generated from this Challenge.
ExpireTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
// Output only. Indicates if this challenge has been used to generate a token.
Used bool `protobuf:"varint,4,opt,name=used,proto3" json:"used,omitempty"`
// Output only. Identical to nonce, but as a string.
TpmNonce string `protobuf:"bytes,6,opt,name=tpm_nonce,json=tpmNonce,proto3" json:"tpm_nonce,omitempty"`
// contains filtered or unexported fields
}
A Challenge from the server used to guarantee freshness of attestations
func (*Challenge) Descriptor
Deprecated: Use Challenge.ProtoReflect.Descriptor instead.
func (*Challenge) GetCreateTime
func (x *Challenge) GetCreateTime() *timestamppb.Timestamp
func (*Challenge) GetExpireTime
func (x *Challenge) GetExpireTime() *timestamppb.Timestamp
func (*Challenge) GetName
func (*Challenge) GetTpmNonce
func (*Challenge) GetUsed
func (*Challenge) ProtoMessage
func (*Challenge) ProtoMessage()
func (*Challenge) ProtoReflect
func (x *Challenge) ProtoReflect() protoreflect.Message
func (*Challenge) Reset
func (x *Challenge) Reset()
func (*Challenge) String
ConfidentialComputingClient
type ConfidentialComputingClient interface {
// Creates a new Challenge in a given project and location.
CreateChallenge(ctx context.Context, in *CreateChallengeRequest, opts ...grpc.CallOption) (*Challenge, error)
// Verifies the provided attestation info, returning a signed OIDC token.
VerifyAttestation(ctx context.Context, in *VerifyAttestationRequest, opts ...grpc.CallOption) (*VerifyAttestationResponse, error)
}
ConfidentialComputingClient is the client API for ConfidentialComputing service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewConfidentialComputingClient
func NewConfidentialComputingClient(cc grpc.ClientConnInterface) ConfidentialComputingClient
ConfidentialComputingServer
type ConfidentialComputingServer interface {
// Creates a new Challenge in a given project and location.
CreateChallenge(context.Context, *CreateChallengeRequest) (*Challenge, error)
// Verifies the provided attestation info, returning a signed OIDC token.
VerifyAttestation(context.Context, *VerifyAttestationRequest) (*VerifyAttestationResponse, error)
}
ConfidentialComputingServer is the server API for ConfidentialComputing service.
ConfidentialSpaceInfo
type ConfidentialSpaceInfo struct {
// Optional. A list of signed entities containing container image signatures
// that can be used for server-side signature verification.
SignedEntities []*SignedEntity `protobuf:"bytes,1,rep,name=signed_entities,json=signedEntities,proto3" json:"signed_entities,omitempty"`
// contains filtered or unexported fields
}
ConfidentialSpaceInfo contains information related to the Confidential Space TEE.
func (*ConfidentialSpaceInfo) Descriptor
func (*ConfidentialSpaceInfo) Descriptor() ([]byte, []int)
Deprecated: Use ConfidentialSpaceInfo.ProtoReflect.Descriptor instead.
func (*ConfidentialSpaceInfo) GetSignedEntities
func (x *ConfidentialSpaceInfo) GetSignedEntities() []*SignedEntity
func (*ConfidentialSpaceInfo) ProtoMessage
func (*ConfidentialSpaceInfo) ProtoMessage()
func (*ConfidentialSpaceInfo) ProtoReflect
func (x *ConfidentialSpaceInfo) ProtoReflect() protoreflect.Message
func (*ConfidentialSpaceInfo) Reset
func (x *ConfidentialSpaceInfo) Reset()
func (*ConfidentialSpaceInfo) String
func (x *ConfidentialSpaceInfo) String() string
ContainerImageSignature
type ContainerImageSignature struct {
Payload []byte `protobuf:"bytes,1,opt,name=payload,proto3" json:"payload,omitempty"`
Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
PublicKey []byte `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
SigAlg SigningAlgorithm "" /* 140 byte string literal not displayed */
}
ContainerImageSignature holds necessary metadata to verify a container image signature.
func (*ContainerImageSignature) Descriptor
func (*ContainerImageSignature) Descriptor() ([]byte, []int)
Deprecated: Use ContainerImageSignature.ProtoReflect.Descriptor instead.
func (*ContainerImageSignature) GetPayload
func (x *ContainerImageSignature) GetPayload() []byte
func (*ContainerImageSignature) GetPublicKey
func (x *ContainerImageSignature) GetPublicKey() []byte
func (*ContainerImageSignature) GetSigAlg
func (x *ContainerImageSignature) GetSigAlg() SigningAlgorithm
func (*ContainerImageSignature) GetSignature
func (x *ContainerImageSignature) GetSignature() []byte
func (*ContainerImageSignature) ProtoMessage
func (*ContainerImageSignature) ProtoMessage()
func (*ContainerImageSignature) ProtoReflect
func (x *ContainerImageSignature) ProtoReflect() protoreflect.Message
func (*ContainerImageSignature) Reset
func (x *ContainerImageSignature) Reset()
func (*ContainerImageSignature) String
func (x *ContainerImageSignature) String() string
CreateChallengeRequest
type CreateChallengeRequest struct {
// Required. The resource name of the location where the Challenge will be
// used, in the format `projects/*/locations/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The Challenge to be created. Currently this field can be empty as
// all the Challenge fields are set by the server.
Challenge *Challenge `protobuf:"bytes,2,opt,name=challenge,proto3" json:"challenge,omitempty"`
// contains filtered or unexported fields
}
Message for creating a Challenge
func (*CreateChallengeRequest) Descriptor
func (*CreateChallengeRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateChallengeRequest.ProtoReflect.Descriptor instead.
func (*CreateChallengeRequest) GetChallenge
func (x *CreateChallengeRequest) GetChallenge() *Challenge
func (*CreateChallengeRequest) GetParent
func (x *CreateChallengeRequest) GetParent() string
func (*CreateChallengeRequest) ProtoMessage
func (*CreateChallengeRequest) ProtoMessage()
func (*CreateChallengeRequest) ProtoReflect
func (x *CreateChallengeRequest) ProtoReflect() protoreflect.Message
func (*CreateChallengeRequest) Reset
func (x *CreateChallengeRequest) Reset()
func (*CreateChallengeRequest) String
func (x *CreateChallengeRequest) String() string
GcpCredentials
type GcpCredentials struct {
ServiceAccountIdTokens []string "" /* 131 byte string literal not displayed */
}
Credentials issued by GCP which are linked to the platform attestation. These will be verified server-side as part of attestaion verification.
func (*GcpCredentials) Descriptor
func (*GcpCredentials) Descriptor() ([]byte, []int)
Deprecated: Use GcpCredentials.ProtoReflect.Descriptor instead.
func (*GcpCredentials) GetServiceAccountIdTokens
func (x *GcpCredentials) GetServiceAccountIdTokens() []string
func (*GcpCredentials) ProtoMessage
func (*GcpCredentials) ProtoMessage()
func (*GcpCredentials) ProtoReflect
func (x *GcpCredentials) ProtoReflect() protoreflect.Message
func (*GcpCredentials) Reset
func (x *GcpCredentials) Reset()
func (*GcpCredentials) String
func (x *GcpCredentials) String() string
SevSnpAttestation
type SevSnpAttestation struct {
// Optional. The SEV-SNP Attestation Report
// Format is in revision 1.55, §7.3 Attestation, Table 22. ATTESTATION_REPORT
// Structure in this document:
// https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf
Report []byte `protobuf:"bytes,1,opt,name=report,proto3" json:"report,omitempty"`
// Optional. Certificate bundle defined in the GHCB protocol definition
// Format is documented in GHCB revision 2.03, section 4.1.8.1 struct
// cert_table in this document:
// https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
AuxBlob []byte `protobuf:"bytes,2,opt,name=aux_blob,json=auxBlob,proto3" json:"aux_blob,omitempty"`
// contains filtered or unexported fields
}
An SEV-SNP Attestation Report. Contains the attestation report and the certificate bundle that the client collects.
func (*SevSnpAttestation) Descriptor
func (*SevSnpAttestation) Descriptor() ([]byte, []int)
Deprecated: Use SevSnpAttestation.ProtoReflect.Descriptor instead.
func (*SevSnpAttestation) GetAuxBlob
func (x *SevSnpAttestation) GetAuxBlob() []byte
func (*SevSnpAttestation) GetReport
func (x *SevSnpAttestation) GetReport() []byte
func (*SevSnpAttestation) ProtoMessage
func (*SevSnpAttestation) ProtoMessage()
func (*SevSnpAttestation) ProtoReflect
func (x *SevSnpAttestation) ProtoReflect() protoreflect.Message
func (*SevSnpAttestation) Reset
func (x *SevSnpAttestation) Reset()
func (*SevSnpAttestation) String
func (x *SevSnpAttestation) String() string
SignedEntity
type SignedEntity struct {
ContainerImageSignatures []*ContainerImageSignature "" /* 135 byte string literal not displayed */
}
SignedEntity represents an OCI image object containing everything necessary to verify container image signatures.
func (*SignedEntity) Descriptor
func (*SignedEntity) Descriptor() ([]byte, []int)
Deprecated: Use SignedEntity.ProtoReflect.Descriptor instead.
func (*SignedEntity) GetContainerImageSignatures
func (x *SignedEntity) GetContainerImageSignatures() []*ContainerImageSignature
func (*SignedEntity) ProtoMessage
func (*SignedEntity) ProtoMessage()
func (*SignedEntity) ProtoReflect
func (x *SignedEntity) ProtoReflect() protoreflect.Message
func (*SignedEntity) Reset
func (x *SignedEntity) Reset()
func (*SignedEntity) String
func (x *SignedEntity) String() string
SigningAlgorithm
type SigningAlgorithm int32
SigningAlgorithm enumerates all the supported signing algorithms.
SigningAlgorithm_SIGNING_ALGORITHM_UNSPECIFIED, SigningAlgorithm_RSASSA_PSS_SHA256, SigningAlgorithm_RSASSA_PKCS1V15_SHA256, SigningAlgorithm_ECDSA_P256_SHA256
const (
// Unspecified signing algorithm.
SigningAlgorithm_SIGNING_ALGORITHM_UNSPECIFIED SigningAlgorithm = 0
// RSASSA-PSS with a SHA256 digest.
SigningAlgorithm_RSASSA_PSS_SHA256 SigningAlgorithm = 1
// RSASSA-PKCS1 v1.5 with a SHA256 digest.
SigningAlgorithm_RSASSA_PKCS1V15_SHA256 SigningAlgorithm = 2
// ECDSA on the P-256 Curve with a SHA256 digest.
SigningAlgorithm_ECDSA_P256_SHA256 SigningAlgorithm = 3
)
func (SigningAlgorithm) Descriptor
func (SigningAlgorithm) Descriptor() protoreflect.EnumDescriptor
func (SigningAlgorithm) Enum
func (x SigningAlgorithm) Enum() *SigningAlgorithm
func (SigningAlgorithm) EnumDescriptor
func (SigningAlgorithm) EnumDescriptor() ([]byte, []int)
Deprecated: Use SigningAlgorithm.Descriptor instead.
func (SigningAlgorithm) Number
func (x SigningAlgorithm) Number() protoreflect.EnumNumber
func (SigningAlgorithm) String
func (x SigningAlgorithm) String() string
func (SigningAlgorithm) Type
func (SigningAlgorithm) Type() protoreflect.EnumType
TdxCcelAttestation
type TdxCcelAttestation struct {
// Optional. The Confidential Computing Event Log (CCEL) ACPI table. Formatted
// as described in the ACPI Specification 6.5.
CcelAcpiTable []byte `protobuf:"bytes,1,opt,name=ccel_acpi_table,json=ccelAcpiTable,proto3" json:"ccel_acpi_table,omitempty"`
// Optional. The CCEL event log. Formatted as described in the UEFI 2.10.
CcelData []byte `protobuf:"bytes,2,opt,name=ccel_data,json=ccelData,proto3" json:"ccel_data,omitempty"`
// Optional. An Event Log containing additional events measured into the RTMR
// that are not already present in the CCEL.
CanonicalEventLog []byte `protobuf:"bytes,3,opt,name=canonical_event_log,json=canonicalEventLog,proto3" json:"canonical_event_log,omitempty"`
// Optional. The TDX attestation quote from the guest. It contains the RTMR
// values.
TdQuote []byte `protobuf:"bytes,4,opt,name=td_quote,json=tdQuote,proto3" json:"td_quote,omitempty"`
// contains filtered or unexported fields
}
A TDX Attestation quote.
func (*TdxCcelAttestation) Descriptor
func (*TdxCcelAttestation) Descriptor() ([]byte, []int)
Deprecated: Use TdxCcelAttestation.ProtoReflect.Descriptor instead.
func (*TdxCcelAttestation) GetCanonicalEventLog
func (x *TdxCcelAttestation) GetCanonicalEventLog() []byte
func (*TdxCcelAttestation) GetCcelAcpiTable
func (x *TdxCcelAttestation) GetCcelAcpiTable() []byte
func (*TdxCcelAttestation) GetCcelData
func (x *TdxCcelAttestation) GetCcelData() []byte
func (*TdxCcelAttestation) GetTdQuote
func (x *TdxCcelAttestation) GetTdQuote() []byte
func (*TdxCcelAttestation) ProtoMessage
func (*TdxCcelAttestation) ProtoMessage()
func (*TdxCcelAttestation) ProtoReflect
func (x *TdxCcelAttestation) ProtoReflect() protoreflect.Message
func (*TdxCcelAttestation) Reset
func (x *TdxCcelAttestation) Reset()
func (*TdxCcelAttestation) String
func (x *TdxCcelAttestation) String() string
TokenOptions
type TokenOptions struct {
Audience string `protobuf:"bytes,1,opt,name=audience,proto3" json:"audience,omitempty"`
Nonce []string `protobuf:"bytes,2,rep,name=nonce,proto3" json:"nonce,omitempty"`
TokenType TokenType "" /* 142 byte string literal not displayed */
}
Options to modify claims in the token to generate custom-purpose tokens.
func (*TokenOptions) Descriptor
func (*TokenOptions) Descriptor() ([]byte, []int)
Deprecated: Use TokenOptions.ProtoReflect.Descriptor instead.
func (*TokenOptions) GetAudience
func (x *TokenOptions) GetAudience() string
func (*TokenOptions) GetNonce
func (x *TokenOptions) GetNonce() []string
func (*TokenOptions) GetTokenType
func (x *TokenOptions) GetTokenType() TokenType
func (*TokenOptions) ProtoMessage
func (*TokenOptions) ProtoMessage()
func (*TokenOptions) ProtoReflect
func (x *TokenOptions) ProtoReflect() protoreflect.Message
func (*TokenOptions) Reset
func (x *TokenOptions) Reset()
func (*TokenOptions) String
func (x *TokenOptions) String() string
TokenType
type TokenType int32
Token type enum contains the different types of token responses Confidential Space supports
TokenType_TOKEN_TYPE_UNSPECIFIED, TokenType_TOKEN_TYPE_OIDC, TokenType_TOKEN_TYPE_PKI, TokenType_TOKEN_TYPE_LIMITED_AWS
const (
// Unspecified token type
TokenType_TOKEN_TYPE_UNSPECIFIED TokenType = 0
// OpenID Connect (OIDC) token type
TokenType_TOKEN_TYPE_OIDC TokenType = 1
// Public Key Infrastructure (PKI) token type
TokenType_TOKEN_TYPE_PKI TokenType = 2
// Limited claim token type for AWS integration
TokenType_TOKEN_TYPE_LIMITED_AWS TokenType = 3
)
func (TokenType) Descriptor
func (TokenType) Descriptor() protoreflect.EnumDescriptor
func (TokenType) Enum
func (TokenType) EnumDescriptor
Deprecated: Use TokenType.Descriptor instead.
func (TokenType) Number
func (x TokenType) Number() protoreflect.EnumNumber
func (TokenType) String
func (TokenType) Type
func (TokenType) Type() protoreflect.EnumType
TpmAttestation
type TpmAttestation struct {
// TPM2 PCR Quotes generated by calling TPM2_Quote on each PCR bank.
Quotes []*TpmAttestation_Quote `protobuf:"bytes,1,rep,name=quotes,proto3" json:"quotes,omitempty"`
// The binary TCG Event Log containing events measured into the TPM by the
// platform firmware and operating system. Formatted as described in the
// "TCG PC Client Platform Firmware Profile Specification".
TcgEventLog []byte `protobuf:"bytes,2,opt,name=tcg_event_log,json=tcgEventLog,proto3" json:"tcg_event_log,omitempty"`
// An Event Log containing additional events measured into the TPM that are
// not already present in the tcg_event_log. Formatted as described in the
// "Canonical Event Log Format" TCG Specification.
CanonicalEventLog []byte `protobuf:"bytes,3,opt,name=canonical_event_log,json=canonicalEventLog,proto3" json:"canonical_event_log,omitempty"`
// DER-encoded X.509 certificate of the Attestation Key (otherwise known as
// an AK or a TPM restricted signing key) used to generate the quotes.
AkCert []byte `protobuf:"bytes,4,opt,name=ak_cert,json=akCert,proto3" json:"ak_cert,omitempty"`
// List of DER-encoded X.509 certificates which, together with the ak_cert,
// chain back to a trusted Root Certificate.
CertChain [][]byte `protobuf:"bytes,5,rep,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"`
// contains filtered or unexported fields
}
TPM2 data containing everything necessary to validate any platform state measured into the TPM.
func (*TpmAttestation) Descriptor
func (*TpmAttestation) Descriptor() ([]byte, []int)
Deprecated: Use TpmAttestation.ProtoReflect.Descriptor instead.
func (*TpmAttestation) GetAkCert
func (x *TpmAttestation) GetAkCert() []byte
func (*TpmAttestation) GetCanonicalEventLog
func (x *TpmAttestation) GetCanonicalEventLog() []byte
func (*TpmAttestation) GetCertChain
func (x *TpmAttestation) GetCertChain() [][]byte
func (*TpmAttestation) GetQuotes
func (x *TpmAttestation) GetQuotes() []*TpmAttestation_Quote
func (*TpmAttestation) GetTcgEventLog
func (x *TpmAttestation) GetTcgEventLog() []byte
func (*TpmAttestation) ProtoMessage
func (*TpmAttestation) ProtoMessage()
func (*TpmAttestation) ProtoReflect
func (x *TpmAttestation) ProtoReflect() protoreflect.Message
func (*TpmAttestation) Reset
func (x *TpmAttestation) Reset()
func (*TpmAttestation) String
func (x *TpmAttestation) String() string
TpmAttestation_Quote
type TpmAttestation_Quote struct {
HashAlgo int32 `protobuf:"varint,1,opt,name=hash_algo,json=hashAlgo,proto3" json:"hash_algo,omitempty"`
PcrValues map[int32][]byte "" /* 177 byte string literal not displayed */
RawQuote []byte `protobuf:"bytes,3,opt,name=raw_quote,json=rawQuote,proto3" json:"raw_quote,omitempty"`
RawSignature []byte `protobuf:"bytes,4,opt,name=raw_signature,json=rawSignature,proto3" json:"raw_signature,omitempty"`
}
Information about Platform Control Registers (PCRs) including a signature over their values, which can be used for remote validation.
func (*TpmAttestation_Quote) Descriptor
func (*TpmAttestation_Quote) Descriptor() ([]byte, []int)
Deprecated: Use TpmAttestation_Quote.ProtoReflect.Descriptor instead.
func (*TpmAttestation_Quote) GetHashAlgo
func (x *TpmAttestation_Quote) GetHashAlgo() int32
func (*TpmAttestation_Quote) GetPcrValues
func (x *TpmAttestation_Quote) GetPcrValues() map[int32][]byte
func (*TpmAttestation_Quote) GetRawQuote
func (x *TpmAttestation_Quote) GetRawQuote() []byte
func (*TpmAttestation_Quote) GetRawSignature
func (x *TpmAttestation_Quote) GetRawSignature() []byte
func (*TpmAttestation_Quote) ProtoMessage
func (*TpmAttestation_Quote) ProtoMessage()
func (*TpmAttestation_Quote) ProtoReflect
func (x *TpmAttestation_Quote) ProtoReflect() protoreflect.Message
func (*TpmAttestation_Quote) Reset
func (x *TpmAttestation_Quote) Reset()
func (*TpmAttestation_Quote) String
func (x *TpmAttestation_Quote) String() string
UnimplementedConfidentialComputingServer
type UnimplementedConfidentialComputingServer struct {
}
UnimplementedConfidentialComputingServer can be embedded to have forward compatible implementations.
func (*UnimplementedConfidentialComputingServer) CreateChallenge
func (*UnimplementedConfidentialComputingServer) CreateChallenge(context.Context, *CreateChallengeRequest) (*Challenge, error)
func (*UnimplementedConfidentialComputingServer) VerifyAttestation
func (*UnimplementedConfidentialComputingServer) VerifyAttestation(context.Context, *VerifyAttestationRequest) (*VerifyAttestationResponse, error)
VerifyAttestationRequest
type VerifyAttestationRequest struct {
// An optional tee attestation report, used to populate hardware rooted
// claims.
//
// Types that are assignable to TeeAttestation:
//
// *VerifyAttestationRequest_TdCcel
// *VerifyAttestationRequest_SevSnpAttestation
TeeAttestation isVerifyAttestationRequest_TeeAttestation `protobuf_oneof:"tee_attestation"`
// Required. The name of the Challenge whose nonce was used to generate the
// attestation, in the format `projects/*/locations/*/challenges/*`. The
// provided Challenge will be consumed, and cannot be used again.
Challenge string `protobuf:"bytes,1,opt,name=challenge,proto3" json:"challenge,omitempty"`
// Optional. Credentials used to populate the "emails" claim in the
// claims_token.
GcpCredentials *GcpCredentials `protobuf:"bytes,2,opt,name=gcp_credentials,json=gcpCredentials,proto3" json:"gcp_credentials,omitempty"`
// Required. The TPM-specific data provided by the attesting platform, used to
// populate any of the claims regarding platform state.
TpmAttestation *TpmAttestation `protobuf:"bytes,3,opt,name=tpm_attestation,json=tpmAttestation,proto3" json:"tpm_attestation,omitempty"`
// Optional. Optional information related to the Confidential Space TEE.
ConfidentialSpaceInfo *ConfidentialSpaceInfo `protobuf:"bytes,4,opt,name=confidential_space_info,json=confidentialSpaceInfo,proto3" json:"confidential_space_info,omitempty"`
// Optional. A collection of optional, workload-specified claims that modify
// the token output.
TokenOptions *TokenOptions `protobuf:"bytes,5,opt,name=token_options,json=tokenOptions,proto3" json:"token_options,omitempty"`
// contains filtered or unexported fields
}
A request for an OIDC token, providing all the necessary information needed for this service to verify the plaform state of the requestor.
func (*VerifyAttestationRequest) Descriptor
func (*VerifyAttestationRequest) Descriptor() ([]byte, []int)
Deprecated: Use VerifyAttestationRequest.ProtoReflect.Descriptor instead.
func (*VerifyAttestationRequest) GetChallenge
func (x *VerifyAttestationRequest) GetChallenge() string
func (*VerifyAttestationRequest) GetConfidentialSpaceInfo
func (x *VerifyAttestationRequest) GetConfidentialSpaceInfo() *ConfidentialSpaceInfo
func (*VerifyAttestationRequest) GetGcpCredentials
func (x *VerifyAttestationRequest) GetGcpCredentials() *GcpCredentials
func (*VerifyAttestationRequest) GetSevSnpAttestation
func (x *VerifyAttestationRequest) GetSevSnpAttestation() *SevSnpAttestation
func (*VerifyAttestationRequest) GetTdCcel
func (x *VerifyAttestationRequest) GetTdCcel() *TdxCcelAttestation
func (*VerifyAttestationRequest) GetTeeAttestation
func (m *VerifyAttestationRequest) GetTeeAttestation() isVerifyAttestationRequest_TeeAttestation
func (*VerifyAttestationRequest) GetTokenOptions
func (x *VerifyAttestationRequest) GetTokenOptions() *TokenOptions
func (*VerifyAttestationRequest) GetTpmAttestation
func (x *VerifyAttestationRequest) GetTpmAttestation() *TpmAttestation
func (*VerifyAttestationRequest) ProtoMessage
func (*VerifyAttestationRequest) ProtoMessage()
func (*VerifyAttestationRequest) ProtoReflect
func (x *VerifyAttestationRequest) ProtoReflect() protoreflect.Message
func (*VerifyAttestationRequest) Reset
func (x *VerifyAttestationRequest) Reset()
func (*VerifyAttestationRequest) String
func (x *VerifyAttestationRequest) String() string
VerifyAttestationRequest_SevSnpAttestation
type VerifyAttestationRequest_SevSnpAttestation struct {
// Optional. An SEV-SNP Attestation Report.
SevSnpAttestation *SevSnpAttestation `protobuf:"bytes,7,opt,name=sev_snp_attestation,json=sevSnpAttestation,proto3,oneof"`
}
VerifyAttestationRequest_TdCcel
type VerifyAttestationRequest_TdCcel struct {
// Optional. A TDX with CCEL and RTMR Attestation Quote.
TdCcel *TdxCcelAttestation `protobuf:"bytes,6,opt,name=td_ccel,json=tdCcel,proto3,oneof"`
}
VerifyAttestationResponse
type VerifyAttestationResponse struct {
// Output only. Same as claims_token, but as a string.
OidcClaimsToken string `protobuf:"bytes,2,opt,name=oidc_claims_token,json=oidcClaimsToken,proto3" json:"oidc_claims_token,omitempty"`
// Output only. A list of messages that carry the partial error details
// related to VerifyAttestation.
PartialErrors []*status.Status `protobuf:"bytes,3,rep,name=partial_errors,json=partialErrors,proto3" json:"partial_errors,omitempty"`
// contains filtered or unexported fields
}
A response once an attestation has been successfully verified, containing a signed OIDC token.
func (*VerifyAttestationResponse) Descriptor
func (*VerifyAttestationResponse) Descriptor() ([]byte, []int)
Deprecated: Use VerifyAttestationResponse.ProtoReflect.Descriptor instead.
func (*VerifyAttestationResponse) GetOidcClaimsToken
func (x *VerifyAttestationResponse) GetOidcClaimsToken() string
func (*VerifyAttestationResponse) GetPartialErrors
func (x *VerifyAttestationResponse) GetPartialErrors() []*status.Status
func (*VerifyAttestationResponse) ProtoMessage
func (*VerifyAttestationResponse) ProtoMessage()
func (*VerifyAttestationResponse) ProtoReflect
func (x *VerifyAttestationResponse) ProtoReflect() protoreflect.Message
func (*VerifyAttestationResponse) Reset
func (x *VerifyAttestationResponse) Reset()
func (*VerifyAttestationResponse) String
func (x *VerifyAttestationResponse) String() string