From 36a2adf5ef9ca7736db683cc4629a8d160b67a7b Mon Sep 17 00:00:00 2001 From: Tom Binder Date: Fri, 14 Jun 2024 15:39:20 +0000 Subject: [PATCH] Regenerate Rust protos. Change-Id: Icc451175e98d8264da8d1236565b95dde658730b --- oak_proto_rust/README.md | 2 +- .../generated/oak.attestation.v1.rs | 293 ++++++++++-------- oak_proto_rust/generated/oak.containers.rs | 6 +- oak_proto_rust/generated/oak.crypto.v1.rs | 10 +- oak_proto_rust/generated/oak.functions.abi.rs | 4 +- .../generated/oak.functions.lookup_data.rs | 2 +- oak_proto_rust/generated/oak.functions.rs | 30 +- .../generated/oak.functions.testing.rs | 10 +- oak_proto_rust/generated/oak.rs | 4 +- oak_proto_rust/generated/oak.session.v1.rs | 101 ++++-- 10 files changed, 280 insertions(+), 182 deletions(-) diff --git a/oak_proto_rust/README.md b/oak_proto_rust/README.md index 58a868dfce2..207375b9556 100644 --- a/oak_proto_rust/README.md +++ b/oak_proto_rust/README.md @@ -16,7 +16,7 @@ that all generated code also exists in the `generated` directory. If proto changes are made, you should run: -`blaze run oak_proto_rust:copy_generated` +`bazel run oak_proto_rust:copy_generated` to copy any added/modified files. Not that the script will not cover any _removed_ files, so take care to clean up any uneeded files if protos are diff --git a/oak_proto_rust/generated/oak.attestation.v1.rs b/oak_proto_rust/generated/oak.attestation.v1.rs index 95917aeecbf..e6ed0754f3b 100755 --- a/oak_proto_rust/generated/oak.attestation.v1.rs +++ b/oak_proto_rust/generated/oak.attestation.v1.rs @@ -2,7 +2,7 @@ /// are produced with /// #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct FirmwareAttachment { /// Maps number of vCPUs to measurement of the modified firmware binary. #[prost(btree_map = "int32, message", tag = "1")] @@ -12,7 +12,7 @@ pub struct FirmwareAttachment { /// Measurements are produced with /// #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct KernelAttachment { /// Digest of the kernel image part of the bzImage. #[prost(message, optional, tag = "1")] @@ -26,7 +26,7 @@ pub struct KernelAttachment { /// Since this layer is the initial layer for our architecture and it is /// measured during boot, its identity is represented by an attestation report. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct RootLayerEvidence { /// The platform providing the attestation report. #[prost(enumeration = "TeePlatform", tag = "1")] @@ -45,7 +45,7 @@ pub struct RootLayerEvidence { } /// DICE layer evidence containing a certificate signed by the previous layer. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct LayerEvidence { /// Certificate signing current layer's measurements and the ECA key. /// @@ -58,7 +58,7 @@ pub struct LayerEvidence { /// arbitrary data. Each of the certificates contains the final layer's /// measurement as additional claims. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ApplicationKeys { /// Certificate signing the encryption public key. /// @@ -93,7 +93,7 @@ pub struct ApplicationKeys { /// The name is chosen to match the RATS terminology: /// <> #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct Evidence { /// Layer0 attestation evidence. #[prost(message, optional, tag = "1")] @@ -122,7 +122,7 @@ pub struct Evidence { /// /// <> /// <> -#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] +#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost_derive::Enumeration)] #[repr(i32)] pub enum TeePlatform { Unspecified = 0, @@ -157,7 +157,7 @@ impl TeePlatform { /// Message for passing embedded certificate authority information between /// layers. Will never appear in the evidence that is sent to the client. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct CertificateAuthority { /// ECA private key that will be used by a layer to sign a certificate for the /// next layer. @@ -166,7 +166,7 @@ pub struct CertificateAuthority { } /// Message that is sent between DICE layers. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct DiceData { #[prost(message, optional, tag = "1")] pub evidence: ::core::option::Option, @@ -176,7 +176,7 @@ pub struct DiceData { /// Endorsement for binaries from the Transparent Release process. /// <> #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct TransparentReleaseEndorsement { /// JSON string comtaining the endorsement statement for the underlying binary. /// The format is described here: @@ -196,7 +196,7 @@ pub struct TransparentReleaseEndorsement { pub rekor_log_entry: ::prost::alloc::vec::Vec, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct RootLayerEndorsements { /// The serialized TEE certificate(s). The details of the format and how the /// certificate(s) are encoded into this byte array are implementation @@ -212,7 +212,7 @@ pub struct RootLayerEndorsements { pub stage0: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct KernelLayerEndorsements { #[prost(message, optional, tag = "1")] pub kernel: ::core::option::Option, @@ -230,13 +230,13 @@ pub struct KernelLayerEndorsements { pub kernel_image: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct SystemLayerEndorsements { #[prost(message, optional, tag = "1")] pub system_image: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ApplicationLayerEndorsements { #[prost(message, optional, tag = "1")] pub binary: ::core::option::Option, @@ -244,7 +244,7 @@ pub struct ApplicationLayerEndorsements { pub configuration: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ContainerLayerEndorsements { #[prost(message, optional, tag = "1")] pub binary: ::core::option::Option, @@ -252,7 +252,7 @@ pub struct ContainerLayerEndorsements { pub configuration: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct OakRestrictedKernelEndorsements { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, @@ -262,7 +262,7 @@ pub struct OakRestrictedKernelEndorsements { pub application_layer: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct OakContainersEndorsements { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, @@ -274,7 +274,7 @@ pub struct OakContainersEndorsements { pub container_layer: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct CbEndorsements { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, @@ -286,7 +286,7 @@ pub struct CbEndorsements { /// The name is chosen to match the RATS terminology: /// <> #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct Endorsements { #[prost(oneof = "endorsements::Type", tags = "1, 2, 3")] pub r#type: ::core::option::Option, @@ -294,7 +294,7 @@ pub struct Endorsements { /// Nested message and enum types in `Endorsements`. pub mod endorsements { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Type { #[prost(message, tag = "1")] OakRestrictedKernel(super::OakRestrictedKernelEndorsements), @@ -307,7 +307,7 @@ pub mod endorsements { /// The versions of the components in the AMD SEV-SNP platform Trusted Compute /// Base (TCB). #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct TcbVersion { /// The current security version number (SVN) of the secure processor (PSP) /// bootloader. @@ -324,16 +324,16 @@ pub struct TcbVersion { pub microcode: u32, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct VerificationSkipped {} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct RawDigests { #[prost(message, repeated, tag = "1")] pub digests: ::prost::alloc::vec::Vec, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ExpectedDigests { #[prost(oneof = "expected_digests::Type", tags = "1, 2")] pub r#type: ::core::option::Option, @@ -341,7 +341,7 @@ pub struct ExpectedDigests { /// Nested message and enum types in `ExpectedDigests`. pub mod expected_digests { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Type { /// If the reference value was set to SkipVerification, we represent that /// here. @@ -356,7 +356,7 @@ pub mod expected_digests { /// The expected values for kernel image and setup data, computed from previously /// provided endorsements and reference values. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct KernelExpectedValues { /// Allowable digests for the image. #[prost(message, optional, tag = "1")] @@ -366,7 +366,7 @@ pub struct KernelExpectedValues { pub setup_data: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct AmdSevExpectedValues { #[prost(message, optional, tag = "1")] pub stage0_expected: ::core::option::Option, @@ -378,25 +378,25 @@ pub struct AmdSevExpectedValues { pub allow_debug: bool, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct IntelTdxExpectedValues {} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct InsecureExpectedValues {} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ExpectedRegex { #[prost(string, tag = "1")] pub value: ::prost::alloc::string::String, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ExpectedStringLiterals { #[prost(string, repeated, tag = "1")] pub value: ::prost::alloc::vec::Vec<::prost::alloc::string::String>, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct TextExpectedValue { #[prost(oneof = "text_expected_value::Type", tags = "1, 2, 3")] pub r#type: ::core::option::Option, @@ -404,7 +404,7 @@ pub struct TextExpectedValue { /// Nested message and enum types in `TextExpectedValue`. pub mod text_expected_value { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Type { /// If the reference value was set to SkipVerification, we represent that /// here. @@ -417,7 +417,7 @@ pub mod text_expected_value { } } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct RootLayerExpectedValues { /// Switches between AMD SEV-SNP and Intel TDX based on TeePlatform value. /// Verification is skipped when not running in a TEE. @@ -433,7 +433,7 @@ pub struct RootLayerExpectedValues { } /// Reference values of the kernel layer, as measured by stage0. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct KernelLayerExpectedValues { /// Verifies the kernel based on endorsement. #[prost(message, optional, tag = "1")] @@ -452,7 +452,7 @@ pub struct KernelLayerExpectedValues { } /// The expected binary digests for a system layer image. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct SystemLayerExpectedValues { /// The allowable digest values for a system layer image. #[prost(message, optional, tag = "1")] @@ -460,7 +460,7 @@ pub struct SystemLayerExpectedValues { } /// The expected bundle and configuration digests for a container layer. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ContainerLayerExpectedValues { /// The allowable digest values for a container bundle. #[prost(message, optional, tag = "1")] @@ -471,7 +471,7 @@ pub struct ContainerLayerExpectedValues { } /// The expected binary and configuration digests for an application layer. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ApplicationLayerExpectedValues { /// The allowable digest values for an application binary. #[prost(message, optional, tag = "1")] @@ -481,26 +481,15 @@ pub struct ApplicationLayerExpectedValues { #[prost(message, optional, tag = "2")] pub configuration: ::core::option::Option, } -/// Represents digest of application task config. +/// Represents digest of an event. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] -pub struct CbApplicationLayerExpectedValues { - /// Verifies the application task config. +#[derive(Clone, PartialEq, ::prost_derive::Message)] +pub struct EventExpectedValues { #[prost(message, optional, tag = "1")] - pub binary: ::core::option::Option, -} -/// Represents digest of application task config. -#[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] -pub struct CbSystemLayerExpectedValues { - /// Verifies the application task config. - #[prost(message, optional, tag = "1")] - pub system_image: ::core::option::Option, - #[prost(message, optional, tag = "2")] - pub system_cmd_line: ::core::option::Option, + pub event: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct OakRestrictedKernelExpectedValues { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, @@ -510,7 +499,7 @@ pub struct OakRestrictedKernelExpectedValues { pub application_layer: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct OakContainersExpectedValues { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, @@ -522,13 +511,19 @@ pub struct OakContainersExpectedValues { pub container_layer: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct CbExpectedValues { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, + #[prost(message, optional, tag = "2")] + pub kernel_layer: ::core::option::Option, + #[prost(message, optional, tag = "3")] + pub system_layer: ::core::option::Option, + #[prost(message, optional, tag = "4")] + pub application_layer: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ExpectedValues { #[prost(oneof = "expected_values::Type", tags = "1, 2, 3")] pub r#type: ::core::option::Option, @@ -536,7 +531,7 @@ pub struct ExpectedValues { /// Nested message and enum types in `ExpectedValues`. pub mod expected_values { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Type { #[prost(message, tag = "1")] OakRestrictedKernel(super::OakRestrictedKernelExpectedValues), @@ -546,12 +541,59 @@ pub mod expected_values { Cb(super::CbExpectedValues), } } +/// All the related measurements for Stage 0. +#[allow(clippy::derive_partial_eq_without_eq)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] +pub struct Stage0Measurements { + /// Kernel setup data digest. + #[prost(bytes = "vec", tag = "1")] + pub setup_data_digest: ::prost::alloc::vec::Vec, + /// Kernel digest. + #[prost(bytes = "vec", tag = "2")] + pub kernel_measurement: ::prost::alloc::vec::Vec, + /// Initial RAM disk digest. + #[prost(bytes = "vec", tag = "3")] + pub ram_disk_digest: ::prost::alloc::vec::Vec, + /// E820 table digest. + #[prost(bytes = "vec", tag = "4")] + pub memory_map_digest: ::prost::alloc::vec::Vec, + /// ACPI table generation digest + #[prost(bytes = "vec", tag = "5")] + pub acpi_digest: ::prost::alloc::vec::Vec, + /// Kernel Command line. + #[prost(string, tag = "6")] + pub kernel_cmdline: ::prost::alloc::string::String, +} +/// Represents an event intended for inclusion in attestation. +/// For example, in an attested measured boot, each event is a reference to the +/// code identity of the boot layer being launched next. +/// An Event message contain what's necessary for an attestation verifier to +/// verify the Event against a Reference Value. +/// TODO: b/333748757 - Make other CB layers use this definition. +#[allow(clippy::derive_partial_eq_without_eq)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] +pub struct Event { + /// Represents what is contained in the event. For example, the tag for + /// TaskConfig for the Layer 2 is "layer2". + /// TODO: b/333748757 - Consider making the tag a UUID instead of string. + #[prost(string, tag = "1")] + pub tag: ::prost::alloc::string::String, + #[prost(message, optional, tag = "2")] + pub event: ::core::option::Option<::prost_types::Any>, +} +/// A sequence of Events intended for inclusion in attestation evidence. +#[allow(clippy::derive_partial_eq_without_eq)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] +pub struct EventLog { + #[prost(message, repeated, tag = "1")] + pub events: ::prost::alloc::vec::Vec, +} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct SkipVerification {} /// Verifies the transparency log entry, including signatures and the digest. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct EndorsementReferenceValue { /// The endorser's public signing key for signature verification. #[prost(bytes = "vec", tag = "1")] @@ -561,7 +603,7 @@ pub struct EndorsementReferenceValue { pub rekor_public_key: ::prost::alloc::vec::Vec, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct BinaryReferenceValue { #[prost(oneof = "binary_reference_value::Type", tags = "1, 2, 3")] pub r#type: ::core::option::Option, @@ -569,7 +611,7 @@ pub struct BinaryReferenceValue { /// Nested message and enum types in `BinaryReferenceValue`. pub mod binary_reference_value { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Type { /// Deliberately skips a verification step, rather than failing. For example: /// root_layer { stage0 { skip {} } } @@ -589,7 +631,7 @@ pub mod binary_reference_value { /// Similar to the `Digests` message, but allows to specify digests for the /// split components of the bzImage separately. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct KernelDigests { /// Contains admissible digests for the kernel image part of the kernel. #[prost(message, optional, tag = "2")] @@ -601,7 +643,7 @@ pub struct KernelDigests { /// Follows the lines of `BinaryReferenceValue`, but provides a custom proto /// to facilitate the digest matching. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct KernelBinaryReferenceValue { #[prost(oneof = "kernel_binary_reference_value::Type", tags = "1, 2, 3")] pub r#type: ::core::option::Option, @@ -609,7 +651,7 @@ pub struct KernelBinaryReferenceValue { /// Nested message and enum types in `KernelBinaryReferenceValue`. pub mod kernel_binary_reference_value { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Type { #[prost(message, tag = "1")] Skip(super::SkipVerification), @@ -621,7 +663,7 @@ pub mod kernel_binary_reference_value { } /// Reference value for a file including its digests. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct FileReferenceValue { /// Allowable digests for the file. #[prost(message, optional, tag = "1")] @@ -634,13 +676,13 @@ pub struct FileReferenceValue { /// Verifies that a particular string is equal to at least one of the specified /// ones. No checks are performed if this is empty. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct StringReferenceValue { #[prost(string, repeated, tag = "1")] pub values: ::prost::alloc::vec::Vec<::prost::alloc::string::String>, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct Regex { #[prost(string, tag = "1")] pub value: ::prost::alloc::string::String, @@ -648,13 +690,13 @@ pub struct Regex { /// A match in at least one value is considered a success. At least one value /// must be specified, otherwise verification fails. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct StringLiterals { #[prost(string, repeated, tag = "1")] pub value: ::prost::alloc::vec::Vec<::prost::alloc::string::String>, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct RegexReferenceValue { #[prost(oneof = "regex_reference_value::Type", tags = "1, 2")] pub r#type: ::core::option::Option, @@ -662,7 +704,7 @@ pub struct RegexReferenceValue { /// Nested message and enum types in `RegexReferenceValue`. pub mod regex_reference_value { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Type { #[prost(message, tag = "1")] Skip(super::SkipVerification), @@ -673,7 +715,7 @@ pub mod regex_reference_value { /// Reference value to match text via endorsement, or directly via constants /// or a regular expression. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct TextReferenceValue { #[prost(oneof = "text_reference_value::Type", tags = "1, 4, 2, 3")] pub r#type: ::core::option::Option, @@ -681,7 +723,7 @@ pub struct TextReferenceValue { /// Nested message and enum types in `TextReferenceValue`. pub mod text_reference_value { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Type { #[prost(message, tag = "1")] Skip(super::SkipVerification), @@ -694,7 +736,7 @@ pub mod text_reference_value { } } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct RootLayerReferenceValues { /// Switches between AMD SEV-SNP and Intel TDX based on TeePlatform value. /// Verification is skipped when not running in a TEE. @@ -709,7 +751,7 @@ pub struct RootLayerReferenceValues { pub insecure: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct AmdSevReferenceValues { /// Minimum accepted versions of all TCB components. #[prost(message, optional, tag = "5")] @@ -722,23 +764,23 @@ pub struct AmdSevReferenceValues { pub stage0: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct IntelTdxReferenceValues {} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct InsecureReferenceValues {} /// Verifies that the field contains at least one of the given digests. /// No checks are performed if this is empty. A match in at least one /// digest is considered a success. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct Digests { #[prost(message, repeated, tag = "1")] pub digests: ::prost::alloc::vec::Vec, } /// Reference values of the kernel layer, as measured by stage0. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct KernelLayerReferenceValues { /// Verifies the kernel based on endorsement. #[prost(message, optional, tag = "1")] @@ -770,25 +812,15 @@ pub struct KernelLayerReferenceValues { pub acpi: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct SystemLayerReferenceValues { /// Verifies the system image binary based on endorsement. #[prost(message, optional, tag = "1")] pub system_image: ::core::option::Option, } -#[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] -pub struct CbSystemLayerReferenceValues { - /// Verifies the system image binary. - #[prost(message, optional, tag = "1")] - pub system_image: ::core::option::Option, - /// Verifies the command line by which the system image was built. - #[prost(message, optional, tag = "2")] - pub system_cmd_line: ::core::option::Option, -} /// Represents an application running under Oak Restricted Kernel. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ApplicationLayerReferenceValues { /// Verifies the application binary based on endorsement. #[prost(message, optional, tag = "1")] @@ -797,16 +829,8 @@ pub struct ApplicationLayerReferenceValues { #[prost(message, optional, tag = "2")] pub configuration: ::core::option::Option, } -/// Represents digest of application task config. -#[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] -pub struct CbApplicationLayerReferenceValues { - /// Verifies the application task config. - #[prost(message, optional, tag = "1")] - pub binary: ::core::option::Option, -} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ContainerLayerReferenceValues { /// Verifies the container binary based on endorsement. #[prost(message, optional, tag = "1")] @@ -815,8 +839,15 @@ pub struct ContainerLayerReferenceValues { #[prost(message, optional, tag = "2")] pub configuration: ::core::option::Option, } +/// Represents digest of an event. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] +pub struct EventReferenceValues { + #[prost(message, optional, tag = "1")] + pub event: ::core::option::Option, +} +#[allow(clippy::derive_partial_eq_without_eq)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct OakRestrictedKernelReferenceValues { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, @@ -826,7 +857,7 @@ pub struct OakRestrictedKernelReferenceValues { pub application_layer: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct OakContainersReferenceValues { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, @@ -838,19 +869,19 @@ pub struct OakContainersReferenceValues { pub container_layer: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct CbReferenceValues { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, #[prost(message, optional, tag = "2")] - pub kernel_layer: ::core::option::Option, + pub kernel_layer: ::core::option::Option, #[prost(message, optional, tag = "3")] - pub system_layer: ::core::option::Option, + pub system_layer: ::core::option::Option, #[prost(message, optional, tag = "4")] - pub application_layer: ::core::option::Option, + pub application_layer: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ReferenceValues { #[prost(oneof = "reference_values::Type", tags = "1, 2, 3")] pub r#type: ::core::option::Option, @@ -858,7 +889,7 @@ pub struct ReferenceValues { /// Nested message and enum types in `ReferenceValues`. pub mod reference_values { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Type { #[prost(message, tag = "1")] OakRestrictedKernel(super::OakRestrictedKernelReferenceValues), @@ -872,7 +903,7 @@ pub mod reference_values { /// measurements and other detail to the client for further processing. /// Nomenclature follows RFC 9334. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct AttestationResults { /// Indicates whether the verification passed and perhaps more. #[prost(enumeration = "attestation_results::Status", tag = "1")] @@ -913,7 +944,7 @@ pub mod attestation_results { Hash, PartialOrd, Ord, - ::prost::Enumeration + ::prost_derive::Enumeration )] #[repr(i32)] pub enum Status { @@ -946,7 +977,7 @@ pub mod attestation_results { } /// Evidence values extracted from attestation evidence during verification. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ExtractedEvidence { /// Contains the public key for encryption. The key is serialized as an X25519 /// octet string. @@ -962,7 +993,7 @@ pub struct ExtractedEvidence { /// Nested message and enum types in `ExtractedEvidence`. pub mod extracted_evidence { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum EvidenceValues { #[prost(message, tag = "1")] OakRestrictedKernel(super::OakRestrictedKernelData), @@ -974,7 +1005,7 @@ pub mod extracted_evidence { } /// Values extracted from the root layer evidence. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct RootLayerData { #[prost(oneof = "root_layer_data::Report", tags = "1, 2, 3")] pub report: ::core::option::Option, @@ -982,7 +1013,7 @@ pub struct RootLayerData { /// Nested message and enum types in `RootLayerData`. pub mod root_layer_data { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Report { /// Values extracted from an AMD SEV-SNP attestation report. #[prost(message, tag = "1")] @@ -997,7 +1028,7 @@ pub mod root_layer_data { } /// Values extracted from an AMD SEV-SNP attestation report. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct AmdAttestationReport { /// The custom bytes that were passed to the report when it was requested. #[prost(bytes = "vec", tag = "1")] @@ -1035,7 +1066,7 @@ pub struct AmdAttestationReport { } /// Values extracted from an Intel TDX attestation report. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct IntelTdxAttestationReport { /// The custom bytes that were passed to the report when it was requested. #[prost(bytes = "vec", tag = "1")] @@ -1043,7 +1074,7 @@ pub struct IntelTdxAttestationReport { } /// Values extracted from a fake attestation report when not running in a TEE. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct FakeAttestationReport { /// The custom bytes that were passed to the report when it was requested. #[prost(bytes = "vec", tag = "1")] @@ -1051,7 +1082,7 @@ pub struct FakeAttestationReport { } /// Values extracted from the the kernel layer evidence, as measured by stage0. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct KernelLayerData { /// Measured digests of the image part of the kernel. #[prost(message, optional, tag = "1")] @@ -1084,7 +1115,7 @@ pub struct KernelLayerData { /// Values extracted from the evidence that represents an application running /// under the Oak Restricted Kernel. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ApplicationLayerData { /// Measurement RawDigest of the application binary. #[prost(message, optional, tag = "1")] @@ -1096,7 +1127,7 @@ pub struct ApplicationLayerData { /// Values extracted from the evidence that represents the Oak Containers system /// image. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct SystemLayerData { /// Measurement RawDigest of the system image. #[prost(message, optional, tag = "1")] @@ -1105,7 +1136,7 @@ pub struct SystemLayerData { /// Values extracted from the evidence that represents the Container Runtime /// Bundle used in Oak Containers. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ContainerLayerData { /// Measurement RawDigest of the container bundle. #[prost(message, optional, tag = "1")] @@ -1114,9 +1145,17 @@ pub struct ContainerLayerData { #[prost(message, optional, tag = "2")] pub config: ::core::option::Option, } +/// Values extracted from the evidence that represents an event. +#[allow(clippy::derive_partial_eq_without_eq)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] +pub struct EventData { + /// Measurement RawDigest of an event. + #[prost(message, optional, tag = "1")] + pub event: ::core::option::Option, +} /// Values extracted from the evidence for a restricted kernel application. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct OakRestrictedKernelData { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, @@ -1127,7 +1166,7 @@ pub struct OakRestrictedKernelData { } /// Values extracted from the evidence for an Oak Containers instance. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct OakContainersData { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, @@ -1140,8 +1179,14 @@ pub struct OakContainersData { } /// Reserved for future use. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct CbData { #[prost(message, optional, tag = "1")] pub root_layer: ::core::option::Option, + #[prost(message, optional, tag = "2")] + pub kernel_layer: ::core::option::Option, + #[prost(message, optional, tag = "3")] + pub system_layer: ::core::option::Option, + #[prost(message, optional, tag = "4")] + pub application_layer: ::core::option::Option, } diff --git a/oak_proto_rust/generated/oak.containers.rs b/oak_proto_rust/generated/oak.containers.rs index 7b520e18da5..3a734c4635f 100755 --- a/oak_proto_rust/generated/oak.containers.rs +++ b/oak_proto_rust/generated/oak.containers.rs @@ -2,13 +2,13 @@ /// response into smaller pieces to respect proto/gRPC limits. The image needs to /// be reassembled in the stage1 or the orchestrator. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct GetImageResponse { #[prost(bytes = "vec", tag = "1")] pub image_chunk: ::prost::alloc::vec::Vec, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct GetApplicationConfigResponse { /// Arbitrary config that the container can retrieve from the orchestrator. /// Included in the attestation measurements conducted by the orchestrator. @@ -16,7 +16,7 @@ pub struct GetApplicationConfigResponse { pub config: ::prost::alloc::vec::Vec, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct SendAttestationEvidenceRequest { #[prost(message, optional, tag = "2")] pub dice_evidence: ::core::option::Option, diff --git a/oak_proto_rust/generated/oak.crypto.v1.rs b/oak_proto_rust/generated/oak.crypto.v1.rs index 7ead3c8f378..fbf448e523f 100755 --- a/oak_proto_rust/generated/oak.crypto.v1.rs +++ b/oak_proto_rust/generated/oak.crypto.v1.rs @@ -1,7 +1,7 @@ /// Request message encrypted using Hybrid Public Key Encryption (HPKE). /// <> #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct EncryptedRequest { /// Message encrypted with Authenticated Encryption with Associated Data (AEAD) /// using the derived session key. @@ -18,7 +18,7 @@ pub struct EncryptedRequest { /// response key generated as part of bidirectional encryption. /// <> #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct EncryptedResponse { /// Message encrypted with Authenticated Encryption with Associated Data (AEAD) /// using the derived session key. @@ -28,7 +28,7 @@ pub struct EncryptedResponse { /// Message encrypted with Authenticated Encryption with Associated Data (AEAD). /// <> #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct AeadEncryptedMessage { #[prost(bytes = "vec", tag = "1")] pub ciphertext: ::prost::alloc::vec::Vec, @@ -41,7 +41,7 @@ pub struct AeadEncryptedMessage { /// a secure session. Needed to serialize contexts in order to send them over an /// RPC. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct SessionKeys { /// AEAD key for encrypting/decrypting client requests. #[prost(bytes = "vec", tag = "1")] @@ -51,7 +51,7 @@ pub struct SessionKeys { pub response_key: ::prost::alloc::vec::Vec, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct Signature { #[prost(bytes = "vec", tag = "1")] pub signature: ::prost::alloc::vec::Vec, diff --git a/oak_proto_rust/generated/oak.functions.abi.rs b/oak_proto_rust/generated/oak.functions.abi.rs index 3ad743a511d..c251736708e 100755 --- a/oak_proto_rust/generated/oak.functions.abi.rs +++ b/oak_proto_rust/generated/oak.functions.abi.rs @@ -1,7 +1,7 @@ /// The client can check the configuration report for the configuration of the /// Oak Functions runtime. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ConfigurationReport { /// Hash of the loaded Wasm module. #[prost(bytes = "vec", tag = "1")] @@ -13,7 +13,7 @@ pub struct ConfigurationReport { /// / Server-side policy describing limits on the size of the response and /// / response processing time to avoid side-channel leaks. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ServerPolicy { /// A fixed size for responses returned by the trusted runtime. /// diff --git a/oak_proto_rust/generated/oak.functions.lookup_data.rs b/oak_proto_rust/generated/oak.functions.lookup_data.rs index b11808aca04..19728e87940 100755 --- a/oak_proto_rust/generated/oak.functions.lookup_data.rs +++ b/oak_proto_rust/generated/oak.functions.lookup_data.rs @@ -1,6 +1,6 @@ /// An individual entry to be made available for lookup to an Oak Function. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct Entry { #[prost(bytes = "vec", tag = "1")] pub key: ::prost::alloc::vec::Vec, diff --git a/oak_proto_rust/generated/oak.functions.rs b/oak_proto_rust/generated/oak.functions.rs index 62955c2e8c0..ff141643c1c 100755 --- a/oak_proto_rust/generated/oak.functions.rs +++ b/oak_proto_rust/generated/oak.functions.rs @@ -1,5 +1,5 @@ #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct InitializeRequest { #[prost(bytes = "vec", tag = "1")] pub wasm_module: ::prost::alloc::vec::Vec, @@ -7,25 +7,25 @@ pub struct InitializeRequest { pub constant_response_size: u32, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct InitializeResponse { #[prost(message, optional, tag = "2")] pub evidence: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct InvokeRequest { #[prost(message, optional, tag = "2")] pub encrypted_request: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct InvokeResponse { #[prost(message, optional, tag = "2")] pub encrypted_response: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct LookupDataEntry { #[prost(bytes = "vec", tag = "1")] pub key: ::prost::alloc::vec::Vec, @@ -33,7 +33,7 @@ pub struct LookupDataEntry { pub value: ::prost::alloc::vec::Vec, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct LookupDataChunk { #[prost(message, repeated, tag = "1")] pub items: ::prost::alloc::vec::Vec, @@ -41,7 +41,7 @@ pub struct LookupDataChunk { /// If the definition of ExtendNextLookupData changes, the estimation of the size /// when serialized in the Oak Functions Launcher needs to change, too. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ExtendNextLookupDataRequest { #[prost(oneof = "extend_next_lookup_data_request::Data", tags = "1, 2")] pub data: ::core::option::Option, @@ -49,7 +49,7 @@ pub struct ExtendNextLookupDataRequest { /// Nested message and enum types in `ExtendNextLookupDataRequest`. pub mod extend_next_lookup_data_request { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Data { #[prost(message, tag = "1")] Chunk(super::LookupDataChunk), @@ -63,26 +63,26 @@ pub mod extend_next_lookup_data_request { } } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ExtendNextLookupDataResponse {} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct FinishNextLookupDataRequest {} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct FinishNextLookupDataResponse {} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct AbortNextLookupDataResponse {} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct Empty {} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ReserveRequest { #[prost(uint64, tag = "1")] pub additional_entries: u64, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct ReserveResponse {} diff --git a/oak_proto_rust/generated/oak.functions.testing.rs b/oak_proto_rust/generated/oak.functions.testing.rs index 78d486d87f4..4376047ebcf 100755 --- a/oak_proto_rust/generated/oak.functions.testing.rs +++ b/oak_proto_rust/generated/oak.functions.testing.rs @@ -1,5 +1,5 @@ #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct LookupRequest { #[prost(bytes = "vec", repeated, tag = "1")] pub keys: ::prost::alloc::vec::Vec<::prost::alloc::vec::Vec>, @@ -17,7 +17,7 @@ pub mod lookup_request { Hash, PartialOrd, Ord, - ::prost::Enumeration + ::prost_derive::Enumeration )] #[repr(i32)] pub enum Mode { @@ -46,20 +46,20 @@ pub mod lookup_request { } } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct LookupResponse { #[prost(bytes = "vec", repeated, tag = "1")] pub values: ::prost::alloc::vec::Vec<::prost::alloc::vec::Vec>, } /// Echo the bytes back, and then panic. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct EchoAndPanicRequest { #[prost(bytes = "vec", tag = "5")] pub data: ::prost::alloc::vec::Vec, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct EchoAndPanicResponse { #[prost(bytes = "vec", tag = "2")] pub data: ::prost::alloc::vec::Vec, diff --git a/oak_proto_rust/generated/oak.rs b/oak_proto_rust/generated/oak.rs index 8f9a2f6748e..6a43ae61db1 100755 --- a/oak_proto_rust/generated/oak.rs +++ b/oak_proto_rust/generated/oak.rs @@ -5,7 +5,7 @@ /// The wire numbers are the codec IDs in /// #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct RawDigest { #[prost(bytes = "vec", tag = "16")] pub psha2: ::prost::alloc::vec::Vec, @@ -34,7 +34,7 @@ pub struct RawDigest { /// For example, the field sha2_256 could contain /// "82aac1adbfe3ada1244c1f54b7c949519e1f048067d0c3b236b7ae048fc7e227". #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct HexDigest { #[prost(string, tag = "16")] pub psha2: ::prost::alloc::string::String, diff --git a/oak_proto_rust/generated/oak.session.v1.rs b/oak_proto_rust/generated/oak.session.v1.rs index aae183f2aac..a224a157146 100755 --- a/oak_proto_rust/generated/oak.session.v1.rs +++ b/oak_proto_rust/generated/oak.session.v1.rs @@ -1,7 +1,7 @@ /// Endorsed evidence contains an attestation evidence provided by the enclave /// and the corresponding attestation endorsements provided by the hostlib. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct EndorsedEvidence { #[prost(message, optional, tag = "1")] pub evidence: ::core::option::Option, @@ -11,16 +11,16 @@ pub struct EndorsedEvidence { >, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct GetEndorsedEvidenceRequest {} #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct GetEndorsedEvidenceResponse { #[prost(message, optional, tag = "1")] pub endorsed_evidence: ::core::option::Option, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct InvokeRequest { /// Body of the request, encrypted using Hybrid Public Key Encryption (HPKE). /// <> @@ -30,7 +30,7 @@ pub struct InvokeRequest { >, } #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct InvokeResponse { /// Body of the request, encrypted using Hybrid Public Key Encryption (HPKE). /// <> @@ -41,49 +41,102 @@ pub struct InvokeResponse { } /// Request message for the remote attestation. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct AttestRequest { #[prost(message, repeated, tag = "1")] pub endorsed_evidence: ::prost::alloc::vec::Vec, } /// Request message for the remote attestation. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct AttestResponse { #[prost(message, repeated, tag = "1")] pub endorsed_evidence: ::prost::alloc::vec::Vec, } -/// Request message for the crypto handshake request needed to establish a set of -/// session keys. +/// Noise handshake message containing fields for all handshake patterns. +/// <> #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] -pub struct HandshakeRequest { +#[derive(Clone, PartialEq, ::prost_derive::Message)] +pub struct NoiseHandshakeMessage { /// Noise Protocol ephemeral public key 'e'. /// <> #[prost(bytes = "vec", tag = "1")] pub ephemeral_public_key: ::prost::alloc::vec::Vec, - /// Payload encrypted with the current chaining key. + /// Noise Protocol static public key 's'. + /// <> + /// + /// Note: For some Noise patterns (such as XX and IX) static public key may be + /// encrypted with the chaining key to hide peer's identity. + /// <> #[prost(bytes = "vec", tag = "2")] + pub static_public_key: ::prost::alloc::vec::Vec, + /// Payload encrypted with the current chaining key. + #[prost(bytes = "vec", tag = "3")] pub ciphertext: ::prost::alloc::vec::Vec, } +/// Message to be signed as part of the attestation binding. +#[allow(clippy::derive_partial_eq_without_eq)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] +pub struct AttestationBindingMessage { + #[prost(bytes = "vec", tag = "1")] + pub handshake_hash: ::prost::alloc::vec::Vec, + #[prost(bytes = "vec", tag = "2")] + pub endorsements_hash: ::prost::alloc::vec::Vec, + #[prost(bytes = "vec", tag = "3")] + pub peer_reference_values_hash: ::prost::alloc::vec::Vec, +} +/// Message that binds the Noise session (and optionally Attestation Endorsement +/// and peer Reference Values) to the Attestation Evidence. +#[allow(clippy::derive_partial_eq_without_eq)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] +pub struct AttestationBinding { + /// Signature of the serialized `AttestationBindingMessage` Protobuf message. + #[prost(bytes = "vec", tag = "1")] + pub signature: ::prost::alloc::vec::Vec, +} +/// Request message for the crypto handshake request needed to establish a set of +/// session keys. +#[allow(clippy::derive_partial_eq_without_eq)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] +pub struct HandshakeRequest { + #[prost(message, optional, tag = "2")] + pub attestation_binding: ::core::option::Option, + #[prost(oneof = "handshake_request::HandshakeType", tags = "1")] + pub handshake_type: ::core::option::Option, +} +/// Nested message and enum types in `HandshakeRequest`. +pub mod handshake_request { + #[allow(clippy::derive_partial_eq_without_eq)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] + pub enum HandshakeType { + #[prost(message, tag = "1")] + NoiseHandshakeMessage(super::NoiseHandshakeMessage), + } +} /// Response message for the crypto handshake request needed to establish a set /// of session keys. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct HandshakeResponse { - /// Noise Protocol ephemeral public key 'e'. - /// <> - #[prost(bytes = "vec", tag = "1")] - pub ephemeral_public_key: ::prost::alloc::vec::Vec, - /// Payload encrypted with the current chaining key. - #[prost(bytes = "vec", tag = "2")] - pub ciphertext: ::prost::alloc::vec::Vec, + #[prost(message, optional, tag = "2")] + pub attestation_binding: ::core::option::Option, + #[prost(oneof = "handshake_response::HandshakeType", tags = "1")] + pub handshake_type: ::core::option::Option, +} +/// Nested message and enum types in `HandshakeResponse`. +pub mod handshake_response { + #[allow(clippy::derive_partial_eq_without_eq)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] + pub enum HandshakeType { + #[prost(message, tag = "1")] + NoiseHandshakeMessage(super::NoiseHandshakeMessage), + } } /// Request message for the Oak protocol attested secure session. /// This message is a wrapper containing different message types including: /// attestation, handshake and encrypted data exchange. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct SessionRequest { #[prost(oneof = "session_request::Request", tags = "1, 2, 3")] pub request: ::core::option::Option, @@ -91,7 +144,7 @@ pub struct SessionRequest { /// Nested message and enum types in `SessionRequest`. pub mod session_request { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Request { #[prost(message, tag = "1")] AttestRequest(super::AttestRequest), @@ -105,7 +158,7 @@ pub mod session_request { /// This message is a wrapper containing different message types including: /// attestation, handshake and encrypted data exchange. #[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, ::prost_derive::Message)] pub struct SessionResponse { #[prost(oneof = "session_response::Response", tags = "1, 2, 3")] pub response: ::core::option::Option, @@ -113,7 +166,7 @@ pub struct SessionResponse { /// Nested message and enum types in `SessionResponse`. pub mod session_response { #[allow(clippy::derive_partial_eq_without_eq)] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, ::prost_derive::Oneof)] pub enum Response { #[prost(message, tag = "1")] AttestResponse(super::AttestResponse),