Home Explore Help
Sign In
lenn
/
grpc1.45.2
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
grpc1.45.2
/
third_party
/
googleapis
/
google
/
devtools
/
containeranalysis
/
v1beta1
/
attestation
/
attestation.proto

attestation.proto 8.1 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170 
  1. // Copyright 2018 The Grafeas Authors. All rights reserved.
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //    http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. syntax = "proto3";
    16. 

  16. 

  17. package grafeas.v1beta1.attestation;
    18. 

  18. 

  19. import "google/devtools/containeranalysis/v1beta1/common/common.proto";
    20. 

  20. 

  21. option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/attestation;attestation";
    22. 

  22. option java_multiple_files = true;
    23. 

  23. option java_package = "io.grafeas.v1beta1.attestation";
    24. 

  24. option objc_class_prefix = "GRA";
    25. 

  25. 

  26. // An attestation wrapper with a PGP-compatible signature. This message only
    27. 

  27. // supports `ATTACHED` signatures, where the payload that is signed is included
    28. 

  28. // alongside the signature itself in the same file.
    29. 

  29. message PgpSignedAttestation {
    30. 

  30.   // Required. The raw content of the signature, as output by GNU Privacy Guard
    31. 

  31.   // (GPG) or equivalent. Since this message only supports attached signatures,
    32. 

  32.   // the payload that was signed must be attached. While the signature format
    33. 

  33.   // supported is dependent on the verification implementation, currently only
    34. 

  34.   // ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
    35. 

  35.   // `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
    36. 

  36.   // --output=signature.gpg payload.json` will create the signature content
    37. 

  37.   // expected in this field in `signature.gpg` for the `payload.json`
    38. 

  38.   // attestation payload.
    39. 

  39.   string signature = 1;
    40. 

  40. 

  41.   // Type (for example schema) of the attestation payload that was signed.
    42. 

  42.   enum ContentType {
    43. 

  43.     // `ContentType` is not set.
    44. 

  44.     CONTENT_TYPE_UNSPECIFIED = 0;
    45. 

  45.     // Atomic format attestation signature. See
    46. 

  46.     // https://github.com/containers/image/blob/8a5d2f82a6e3263290c8e0276c3e0f64e77723e7/docs/atomic-signature.md
    47. 

  47.     // The payload extracted from `signature` is a JSON blob conforming to the
    48. 

  48.     // linked schema.
    49. 

  49.     SIMPLE_SIGNING_JSON = 1;
    50. 

  50.   }
    51. 

  51. 

  52.   // Type (for example schema) of the attestation payload that was signed.
    53. 

  53.   // The verifier must ensure that the provided type is one that the verifier
    54. 

  54.   // supports, and that the attestation payload is a valid instantiation of that
    55. 

  55.   // type (for example by validating a JSON schema).
    56. 

  56.   ContentType content_type = 3;
    57. 

  57. 

  58.   // This field is used by verifiers to select the public key used to validate
    59. 

  59.   // the signature. Note that the policy of the verifier ultimately determines
    60. 

  60.   // which public keys verify a signature based on the context of the
    61. 

  61.   // verification. There is no guarantee validation will succeed if the
    62. 

  62.   // verifier has no key matching this ID, even if it has a key under a
    63. 

  63.   // different ID that would verify the signature. Note that this ID should also
    64. 

  64.   // be present in the signature content above, but that is not expected to be
    65. 

  65.   // used by the verifier.
    66. 

  66.   oneof key_id {
    67. 

  67.     // The cryptographic fingerprint of the key used to generate the signature,
    68. 

  68.     // as output by, e.g. `gpg --list-keys`. This should be the version 4, full
    69. 

  69.     // 160-bit fingerprint, expressed as a 40 character hexidecimal string. See
    70. 

  70.     // https://tools.ietf.org/html/rfc4880#section-12.2 for details.
    71. 

  71.     // Implementations may choose to acknowledge "LONG", "SHORT", or other
    72. 

  72.     // abbreviated key IDs, but only the full fingerprint is guaranteed to work.
    73. 

  73.     // In gpg, the full fingerprint can be retrieved from the `fpr` field
    74. 

  74.     // returned when calling --list-keys with --with-colons.  For example:
    75. 

  75.     // ```
    76. 

  76.     // gpg --with-colons --with-fingerprint --force-v4-certs \
    77. 

  77.     //     --list-keys attester@example.com
    78. 

  78.     // tru::1:1513631572:0:3:1:5
    79. 

  79.     // pub:...<SNIP>...
    80. 

  80.     // fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
    81. 

  81.     // ```
    82. 

  82.     // Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
    83. 

  83.     string pgp_key_id = 2;
    84. 

  84.   }
    85. 

  85. }
    86. 

  86. 

  87. // An attestation wrapper that uses the Grafeas `Signature` message.
    88. 

  88. // This attestation must define the `serialized_payload` that the `signatures`
    89. 

  89. // verify and any metadata necessary to interpret that plaintext.  The
    90. 

  90. // signatures should always be over the `serialized_payload` bytestring.
    91. 

  91. message GenericSignedAttestation {
    92. 

  92.   // Type of the attestation plaintext that was signed.
    93. 

  93.   enum ContentType {
    94. 

  94.     // `ContentType` is not set.
    95. 

  95.     CONTENT_TYPE_UNSPECIFIED = 0;
    96. 

  96.     // Atomic format attestation signature. See
    97. 

  97.     // https://github.com/containers/image/blob/8a5d2f82a6e3263290c8e0276c3e0f64e77723e7/docs/atomic-signature.md
    98. 

  98.     // The payload extracted in `plaintext` is a JSON blob conforming to the
    99. 

  99.     // linked schema.
    100. 

  100.     SIMPLE_SIGNING_JSON = 1;
    101. 

  101.   }
    102. 

  102. 

  103.   // Type (for example schema) of the attestation payload that was signed.
    104. 

  104.   // The verifier must ensure that the provided type is one that the verifier
    105. 

  105.   // supports, and that the attestation payload is a valid instantiation of that
    106. 

  106.   // type (for example by validating a JSON schema).
    107. 

  107.   ContentType content_type = 1;
    108. 

  108. 

  109.   // The serialized payload that is verified by one or more `signatures`.
    110. 

  110.   // The encoding and semantic meaning of this payload must match what is set in
    111. 

  111.   // `content_type`.
    112. 

  112.   bytes serialized_payload = 2;
    113. 

  113. 

  114.   // One or more signatures over `serialized_payload`.  Verifier implementations
    115. 

  115.   // should consider this attestation message verified if at least one
    116. 

  116.   // `signature` verifies `serialized_payload`.  See `Signature` in common.proto
    117. 

  117.   // for more details on signature structure and verification.
    118. 

  118.   repeated Signature signatures = 3;
    119. 

  119. }
    120. 

  120. 

  121. // Note kind that represents a logical attestation "role" or "authority". For
    122. 

  122. // example, an organization might have one `Authority` for "QA" and one for
    123. 

  123. // "build". This note is intended to act strictly as a grouping mechanism for
    124. 

  124. // the attached occurrences (Attestations). This grouping mechanism also
    125. 

  125. // provides a security boundary, since IAM ACLs gate the ability for a principle
    126. 

  126. // to attach an occurrence to a given note. It also provides a single point of
    127. 

  127. // lookup to find all attached attestation occurrences, even if they don't all
    128. 

  128. // live in the same project.
    129. 

  129. message Authority {
    130. 

  130.   // This submessage provides human-readable hints about the purpose of the
    131. 

  131.   // authority. Because the name of a note acts as its resource reference, it is
    132. 

  132.   // important to disambiguate the canonical name of the Note (which might be a
    133. 

  133.   // UUID for security purposes) from "readable" names more suitable for debug
    134. 

  134.   // output. Note that these hints should not be used to look up authorities in
    135. 

  135.   // security sensitive contexts, such as when looking up attestations to
    136. 

  136.   // verify.
    137. 

  137.   message Hint {
    138. 

  138.     // Required. The human readable name of this attestation authority, for
    139. 

  139.     // example "qa".
    140. 

  140.     string human_readable_name = 1;
    141. 

  141.   }
    142. 

  142. 

  143.   // Hint hints at the purpose of the attestation authority.
    144. 

  144.   Hint hint = 1;
    145. 

  145. }
    146. 

  146. 

  147. // Details of an attestation occurrence.
    148. 

  148. message Details {
    149. 

  149.   // Required. Attestation for the resource.
    150. 

  150.   Attestation attestation = 1;
    151. 

  151. }
    152. 

  152. 

  153. // Occurrence that represents a single "attestation". The authenticity of an
    154. 

  154. // attestation can be verified using the attached signature. If the verifier
    155. 

  155. // trusts the public key of the signer, then verifying the signature is
    156. 

  156. // sufficient to establish trust. In this circumstance, the authority to which
    157. 

  157. // this attestation is attached is primarily useful for look-up (how to find
    158. 

  158. // this attestation if you already know the authority and artifact to be
    159. 

  159. // verified) and intent (which authority was this attestation intended to sign
    160. 

  160. // for).
    161. 

  161. message Attestation {
    162. 

  162.   // Required. The signature, generally over the `resource_url`, that verifies
    163. 

  163.   // this attestation. The semantics of the signature veracity are ultimately
    164. 

  164.   // determined by the verification engine.
    165. 

  165.   oneof signature {
    166. 

  166.     // A PGP signed attestation.
    167. 

  167.     PgpSignedAttestation pgp_signed_attestation = 1;
    168. 

  168.     GenericSignedAttestation generic_signed_attestation = 2;
    169. 

  169.   }
    170. 

  170. }
    171.