@@ -46,14 +46,35 @@ service ConfidentialComputing {
4646 option (google.api.method_signature ) = "parent,challenge" ;
4747 }
4848
49- // Verifies the provided attestation info, returning a signed OIDC token.
49+ // Verifies the provided attestation info, returning a signed attestation
50+ // token.
5051 rpc VerifyAttestation (VerifyAttestationRequest )
5152 returns (VerifyAttestationResponse ) {
5253 option (google.api.http ) = {
5354 post : "/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation"
5455 body : "*"
5556 };
5657 }
58+
59+ // Verifies whether the provided attestation info is valid, returning a signed
60+ // attestation token if so.
61+ rpc VerifyConfidentialSpace (VerifyConfidentialSpaceRequest )
62+ returns (VerifyConfidentialSpaceResponse ) {
63+ option (google.api.http ) = {
64+ post : "/v1/{challenge=projects/*/locations/*/challenges/*}:verifyConfidentialSpace"
65+ body : "*"
66+ };
67+ }
68+
69+ // Verifies the provided Confidential GKE attestation info, returning a signed
70+ // OIDC token.
71+ rpc VerifyConfidentialGke (VerifyConfidentialGkeRequest )
72+ returns (VerifyConfidentialGkeResponse ) {
73+ option (google.api.http ) = {
74+ post : "/v1/{challenge=projects/*/locations/*/challenges/*}:verifyConfidentialGke"
75+ body : "*"
76+ };
77+ }
5778}
5879
5980// SigningAlgorithm enumerates all the supported signing algorithms.
@@ -90,6 +111,30 @@ enum TokenType {
90111 TOKEN_TYPE_AWS_PRINCIPALTAGS = 4 ;
91112}
92113
114+ // SignatureType enumerates supported signature types for attestation tokens.
115+ enum SignatureType {
116+ // Unspecified signature type.
117+ SIGNATURE_TYPE_UNSPECIFIED = 0 ;
118+
119+ // Google OIDC signature.
120+ SIGNATURE_TYPE_OIDC = 1 ;
121+
122+ // Public Key Infrastructure (PKI) signature.
123+ SIGNATURE_TYPE_PKI = 2 ;
124+ }
125+
126+ // TokenProfile enumerates the supported token claims profiles.
127+ enum TokenProfile {
128+ // Unspecified token profile.
129+ TOKEN_PROFILE_UNSPECIFIED = 0 ;
130+
131+ // EAT claims.
132+ TOKEN_PROFILE_DEFAULT_EAT = 1 ;
133+
134+ // AWS Principal Tags claims.
135+ TOKEN_PROFILE_AWS = 2 ;
136+ }
137+
93138// A Challenge from the server used to guarantee freshness of attestations
94139message Challenge {
95140 option (google.api.resource ) = {
@@ -133,8 +178,8 @@ message CreateChallengeRequest {
133178 Challenge challenge = 2 [(google.api.field_behavior ) = REQUIRED ];
134179}
135180
136- // A request for an OIDC token, providing all the necessary information needed
137- // for this service to verify the platform state of the requestor.
181+ // A request for an attestation token, providing all the necessary information
182+ // needed for this service to verify the platform state of the requestor.
138183message VerifyAttestationRequest {
139184 // An optional tee attestation report, used to populate hardware rooted
140185 // claims.
@@ -214,7 +259,7 @@ message SevSnpAttestation {
214259}
215260
216261// A response once an attestation has been successfully verified, containing a
217- // signed OIDC token.
262+ // signed attestation token.
218263message VerifyAttestationResponse {
219264 // Output only. Same as claims_token, but as a string.
220265 string oidc_claims_token = 2 [(google.api.field_behavior ) = OUTPUT_ONLY ];
@@ -234,33 +279,9 @@ message GcpCredentials {
234279
235280// Options to modify claims in the token to generate custom-purpose tokens.
236281message TokenOptions {
237- // Token options that only apply to the AWS Principal Tags token type.
238- message AwsPrincipalTagsOptions {
239- // Allowed principal tags is used to define what principal tags will be
240- // placed in the token.
241- message AllowedPrincipalTags {
242- // Allowed Container Image Signatures. Key IDs are required to allow this
243- // claim to fit within the narrow AWS IAM restrictions.
244- message ContainerImageSignatures {
245- // Optional. List of key ids to filter into the Principal tags. Only
246- // keys that have been validated and added to the token will be filtered
247- // into principal tags. Unrecognized key ids will be ignored.
248- repeated string key_ids = 1 [(google.api.field_behavior ) = OPTIONAL ];
249- }
250-
251- // Optional. Container image signatures allowed in the token.
252- ContainerImageSignatures container_image_signatures = 1
253- [(google.api.field_behavior ) = OPTIONAL ];
254- }
255-
256- // Optional. Principal tags to allow in the token.
257- AllowedPrincipalTags allowed_principal_tags = 1
258- [(google.api.field_behavior ) = OPTIONAL ];
259- }
260-
261282 // An optional additional configuration per token type.
262283 oneof token_type_options {
263- // Optional. Options for the Limited AWS token type.
284+ // Optional. Options for AWS token type.
264285 AwsPrincipalTagsOptions aws_principal_tags_options = 4
265286 [(google.api.field_behavior ) = OPTIONAL ];
266287 }
@@ -278,6 +299,30 @@ message TokenOptions {
278299 TokenType token_type = 3 [(google.api.field_behavior ) = OPTIONAL ];
279300}
280301
302+ // Token options that only apply to the AWS Principal Tags token type.
303+ message AwsPrincipalTagsOptions {
304+ // Allowed principal tags is used to define what principal tags will be
305+ // placed in the token.
306+ message AllowedPrincipalTags {
307+ // Allowed Container Image Signatures. Key IDs are required to allow
308+ // this claim to fit within the narrow AWS IAM restrictions.
309+ message ContainerImageSignatures {
310+ // Optional. List of key ids to filter into the Principal tags. Only keys
311+ // that have been validated and added to the token will be filtered into
312+ // principal tags. Unrecognized key ids will be ignored.
313+ repeated string key_ids = 1 [(google.api.field_behavior ) = OPTIONAL ];
314+ }
315+
316+ // Optional. Container image signatures allowed in the token.
317+ ContainerImageSignatures container_image_signatures = 1
318+ [(google.api.field_behavior ) = OPTIONAL ];
319+ }
320+
321+ // Optional. Principal tags to allow in the token.
322+ AllowedPrincipalTags allowed_principal_tags = 1
323+ [(google.api.field_behavior ) = OPTIONAL ];
324+ }
325+
281326// TPM2 data containing everything necessary to validate any platform state
282327// measured into the TPM.
283328message TpmAttestation {
@@ -360,3 +405,134 @@ message ContainerImageSignature {
360405 // Optional. Reserved for future use.
361406 SigningAlgorithm sig_alg = 4 [(google.api.field_behavior ) = OPTIONAL ];
362407}
408+
409+ // A request for an attestation token, providing all the necessary information
410+ // needed for this service to verify the platform state of the requestor.
411+ message VerifyConfidentialSpaceRequest {
412+ // Token options for Confidential Space attestation.
413+ message ConfidentialSpaceOptions {
414+ // An optional additional configuration per token type.
415+ oneof token_profile_options {
416+ // Optional. Options for the AWS token type.
417+ AwsPrincipalTagsOptions aws_principal_tags_options = 5
418+ [(google.api.field_behavior ) = OPTIONAL ];
419+ }
420+
421+ // Optional. Optional string to issue the token with a custom audience
422+ // claim. Required if custom nonces are specified.
423+ string audience = 1 [(google.api.field_behavior ) = OPTIONAL ];
424+
425+ // Optional. Optional specification for token claims profile.
426+ TokenProfile token_profile = 2 [(google.api.field_behavior ) = OPTIONAL ];
427+
428+ // Optional. Optional parameter to place one or more nonces in the eat_nonce
429+ // claim in the output token. The minimum size for JSON-encoded EATs is 10
430+ // bytes and the maximum size is 74 bytes.
431+ repeated string nonce = 3 [(google.api.field_behavior ) = OPTIONAL ];
432+
433+ // Optional. Optional specification for how to sign the attestation token.
434+ // Defaults to SIGNATURE_TYPE_OIDC if unspecified.
435+ SignatureType signature_type = 4 [(google.api.field_behavior ) = OPTIONAL ];
436+ }
437+
438+ // Required. A tee attestation report, used to populate hardware rooted
439+ // claims.
440+ oneof tee_attestation {
441+ // Input only. A TDX with CCEL and RTMR Attestation Quote.
442+ TdxCcelAttestation td_ccel = 3 [(google.api.field_behavior ) = INPUT_ONLY ];
443+
444+ // Input only. The TPM-specific data provided by the attesting platform,
445+ // used to populate any of the claims regarding platform state.
446+ TpmAttestation tpm_attestation = 4
447+ [(google.api.field_behavior ) = INPUT_ONLY ];
448+ }
449+
450+ // Required. The name of the Challenge whose nonce was used to generate the
451+ // attestation, in the format `projects/*/locations/*/challenges/*`. The
452+ // provided Challenge will be consumed, and cannot be used again.
453+ string challenge = 1 [
454+ (google.api.field_behavior ) = REQUIRED ,
455+ (google.api.resource_reference ) = {
456+ type : "confidentialcomputing.googleapis.com/Challenge"
457+ }
458+ ];
459+
460+ // Optional. Credentials used to populate the "emails" claim in the
461+ // claims_token. If not present, token will not contain the "emails" claim.
462+ GcpCredentials gcp_credentials = 2 [(google.api.field_behavior ) = OPTIONAL ];
463+
464+ // Optional. A list of signed entities containing container image signatures
465+ // that can be used for server-side signature verification.
466+ repeated SignedEntity signed_entities = 5
467+ [(google.api.field_behavior ) = OPTIONAL ];
468+
469+ // Optional. Information about the associated Compute Engine instance.
470+ // Required for td_ccel requests only - tpm_attestation requests will provide
471+ // this information in the attestation.
472+ GceShieldedIdentity gce_shielded_identity = 6
473+ [(google.api.field_behavior ) = OPTIONAL ];
474+
475+ // Optional. A collection of fields that modify the token output.
476+ ConfidentialSpaceOptions options = 7 [(google.api.field_behavior ) = OPTIONAL ];
477+ }
478+
479+ // GceShieldedIdentity contains information about a Compute Engine instance.
480+ message GceShieldedIdentity {
481+ // Optional. DER-encoded X.509 certificate of the Attestation Key (otherwise
482+ // known as an AK or a TPM restricted signing key) used to generate the
483+ // quotes.
484+ bytes ak_cert = 1 [(google.api.field_behavior ) = OPTIONAL ];
485+
486+ // Optional. List of DER-encoded X.509 certificates which, together with the
487+ // ak_cert, chain back to a trusted Root Certificate.
488+ repeated bytes ak_cert_chain = 2 [(google.api.field_behavior ) = OPTIONAL ];
489+ }
490+
491+ // VerifyConfidentialSpaceResponse is returned once a Confidential Space
492+ // attestation has been successfully verified, containing a signed token.
493+ message VerifyConfidentialSpaceResponse {
494+ // Output only. The attestation token issued by this service. It contains
495+ // specific platform claims based on the contents of the provided attestation.
496+ string attestation_token = 1 [(google.api.field_behavior ) = OUTPUT_ONLY ];
497+
498+ // Output only. A list of messages that carry the partial error details
499+ // related to VerifyConfidentialSpace. This field is populated by errors
500+ // during container image signature verification, which may reflect problems
501+ // in the provided image signatures. This does not block the issuing of an
502+ // attestation token, but the token will not contain claims for the failed
503+ // image signatures.
504+ repeated google.rpc.Status partial_errors = 2
505+ [(google.api.field_behavior ) = OUTPUT_ONLY ];
506+ }
507+
508+ // A request for an attestation token, providing all the necessary information
509+ // needed for this service to verify Confidential GKE platform state of the
510+ // requestor.
511+ message VerifyConfidentialGkeRequest {
512+ // Required. A tee attestation report, used to populate hardware rooted
513+ // claims.
514+ oneof tee_attestation {
515+ // The TPM-specific data provided by the attesting platform, used to
516+ // populate any of the claims regarding platform state.
517+ TpmAttestation tpm_attestation = 2 ;
518+ }
519+
520+ // Required. The name of the Challenge whose nonce was used to generate the
521+ // attestation, in the format projects/*/locations/*/challenges/*. The
522+ // provided Challenge will be consumed, and cannot be used again.
523+ string challenge = 1 [
524+ (google.api.field_behavior ) = REQUIRED ,
525+ (google.api.resource_reference ) = {
526+ type : "confidentialcomputing.googleapis.com/Challenge"
527+ }
528+ ];
529+ }
530+
531+ // VerifyConfidentialGkeResponse response is returened once a Confidential GKE
532+ // attestation has been successfully verified, containing a signed OIDC token.
533+ message VerifyConfidentialGkeResponse {
534+ // Output only. The attestation token issued by this service for Confidential
535+ // GKE. It contains specific platform claims based on the contents of the
536+ // provided attestation.
537+ string attestation_token = 1 [(google.api.field_behavior ) = OUTPUT_ONLY ];
538+ }
0 commit comments