All messages and enums in package ntt.api
Proto package ntt.api
ntt.api Shared Messages
Here is the list of ntt.api shared messages:
DeviceIdentity Message
| Name |
Type |
Description |
| serial_number |
string |
|
| manufacturer |
string |
|
| product_name |
string |
|
| tpm_version |
TpmVersion |
Only TPM2.0 is supported |
| ek_tpm_pub |
bytes |
TPM_PUBLIC format object obtained by tpm2.ReadPublic |
| ekcert |
bytes |
ASN.1 DER encoded EK certificate. |
| ekcerturl |
string |
For Intel TPMs, Intel hosts certificates at a public URL derived from the Public key. Clients or servers can perform an HTTP GET to this URL, and use ParseEKCertificate on the response body. |
| idevid_cert_tpm_pub |
bytes |
TPM_PUBLIC format object obtained by tpm2.ReadPublic |
| idevid_cert |
bytes |
ASN.1 DER encoded IDevID certificate. |
| ldevid_cert_tpm_pub |
bytes |
TPM_PUBLIC format object obtained by tpm2.ReadPublic |
| ldevid_cert |
bytes |
ASN.1 DER encoded LDevID certificate. |
| ak_params |
DeviceIdentity.AttestationParams |
|
| challenge_format |
DeviceIdentity.ChallengeFormat |
ChallengeFormat defines the method of generating identity activation challenge by the Verifier (server). It should affect the interpretation ChallengeResponse fields cred_encrypted_by_ekpub and secret_encrypted_by_cred. Attestor (client) is responsible for chosing the right format depending on TPM version and the presence of TrouSerS daemon. |
DeviceIdentity.AttestationParams Message
IdentityChallenge Message
One of IDevID or LDevID is mandatory for IdentityChallenge to succeed
DevID keys can be either signing or decrypt
With GlobalSign + Compulab, we use decrypt keys, but other vendors like Dell
may be using signing keys instead, so api should allow both
| Name |
Type |
Description |
| platform_attestation_nonce |
bytes |
Platform attestation |
| cred_encrypted_by_ekpub |
bytes |
AK TPM Residency check |
| secret_encrypted_by_ekcred |
bytes |
|
| cred_encrypted_by_idevid_pub |
bytes |
IDevID TPM Residency check |
| secret_encrypted_by_idevid_cred |
bytes |
|
| cred_encrypted_by_ldevid_pub |
bytes |
LDevID TPM Residency check |
| secret_encrypted_by_ldevid_cred |
bytes |
|
| digest_to_sign_with_idevid |
bytes |
IDevID verification when key is signing |
| rsa_secret_to_decrypt_with_idevid |
bytes |
IDevID verification when key is decrypt |
| digest_to_sign_with_ldevid |
bytes |
LDevID verification when key is signing |
| rsa_secret_to_decrypt_with_ldevid |
bytes |
LDevID verification when key is decrypt |
IdentityChallengeResponse Message
| Name |
Type |
Description |
| ak_activation_decrypted_secret |
bytes |
|
| idevid_activation_decrypted_secret |
bytes |
|
| ldevid_activation_decrypted_secret |
bytes |
|
| digest_signed_by_idevid |
bytes |
|
| digest_signed_by_ldevid |
bytes |
|
| rsa_decrypted_with_idevid |
bytes |
|
| rsa_decrypted_with_ldevid |
bytes |
|
| quotes |
repeated IdentityChallengeResponse.Quote |
|
| pcrs |
repeated PCR |
|
| eventlog |
bytes |
Binary contents of /sys/kernel/security/tpm0/binary_bios_measurements |
IdentityChallengeResponse.Quote Message
| Name |
Type |
Description |
| quote |
bytes |
TPMS_ATTEST (TSS_VALIDATION.Data or TSS_VALIDATION.rgbData) This contains PCR selection information for which the signature was calculated and other required data, like nonce. |
| signature |
bytes |
TSS_VALIDATION.ValidationData or TSS_VALIDATION.rgbValidationData |
PCR Message
| Name |
Type |
Description |
| index |
uint32s |
|
| digest_hex |
string |
Hex-encoded digest string (without 0x prefix, e.g. “DEADBEEF”) |
| digest_alg |
DigestAlg |
|
| comment |
string |
User’s comments for this entry |
Account Message
User Message
| Name |
Type |
Description |
| email |
string |
|
| access_token |
string |
|
| token_type |
string |
|
| refresh_token |
string |
|
| expiry |
.google.protobuf.Timestamp |
|
ServiceAccount Message
| Name |
Type |
Description |
| type |
string |
|
| client_email |
string |
|
| private_key_id |
string |
|
| private_key |
string |
|
HealthCheckSpec Message
HealthCheck describes a health check to be performed in the context of a
device or a container. Only the exec check can be truly executed inside a
container. All the other checks are run on the host device.
When run for device health check, host/IP address is mandatory for
connectivity checks. For container health checks, host/IP is optional and
would default to IP address of the container. It is important to note that a
health check for https://endpoint.com/api defined for a container would be
run from the host device and not from withthin the container
| Name |
Type |
Description |
| http_get_check |
HTTPGetCheck |
http_get_check specifies the http request to perform. |
| tcp_check |
TCPCheck |
tcp_check specifies an action involving a TCP port. |
| icmp_check |
ICMPCheck |
icmp_check specifies an icmp health check |
| grpc_check |
GRPCCheck |
GRPC specifies an action involving a GRPC port. It is essential that the grpc server inplements this api https://github.com/grpc/grpc/blob/master/doc/health-checking.md If not, tcp_check should be used. |
| exec |
ExecCheck |
Exec specifies the command to execute in the container to determine its health |
| device_file_check |
DeviceFileCheck |
device_file_check is only available for device. It can be configured to ensure specific hardware is connected (eg modem /dev/cdc-wdm0, RFID reader device /dev/ttyACM0 etc) |
| timeout |
.google.protobuf.Duration |
Timeout for the HealthCheck. Defaults to 1 second, greater than 5 seconds is not allowed |
| interval |
.google.protobuf.Duration |
Interval for health check, 60 seconds minimum interval |
| name |
string |
name for the health check. A meaningful name for this might be useful as a metrics label |
HTTPGetCheck Message
HTTPGetCheck describes health check based on HTTP Get requests.
| Name |
Type |
Description |
| url |
string |
http_url field has to be used when the IP to perform health check is a container IP that cannot not be known beforehand, In all other cases, simple url string can be used Although not explicitly declared as oneof, url and http_url is oneof type |
| http_url |
HTTPGetCheck.HTTPUrl |
|
| http_headers |
repeated HTTPGetCheck.HTTPHeader |
Custom headers to set in the request. HTTP allows repeated headers. optional |
| skip_tls_check |
bool |
|
| expected_response_code |
int32 |
optional. By default any response code >= 400 or response code == 300 are considered as failure Sometimes, the health check might actually expect 401/403/511 without proper authentication setting expected_response_code will help to consider this as successful for health check |
| enable_detailed_metrics |
bool |
By default only Success or Failure metric will be generated. This field can be used to enable response time metric and network metrics if supported |
HTTPGetCheck.HTTPUrl Message
| Name |
Type |
Description |
| path |
string |
Path to access on the HTTP server, defaults to / |
| port |
int32 |
port to access on the container. defaults to 80 for http and 443 for https Number must be in the range 1 to 65535. |
| host |
string |
Host name to connect to. For containers this defaults to the container IP or wan interface IP in host mode networking For device, this is a mandatory parameter |
| scheme |
string |
Scheme to use for connecting to the host. optional, defaults to HTTP. |
HTTPHeader describes a custom header to be used in HTTP HealthChecks
| Name |
Type |
Description |
| name |
string |
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
| value |
string |
The header field value |
ICMPCheck Message
| Name |
Type |
Description |
| host |
string |
domain name or IP Addres to perform ICMP check |
| enable_detailed_metrics |
bool |
By default only Success or Failure metric will be generated. This field can be used to enable network metrics such as latency/jitter |
TCPCheck Message
TCPCheck performs a TCP connect check.
Only TCP handshake is performed. No data is sent
| Name |
Type |
Description |
| port |
int32 |
Port number to access on the container or given destination. Number must be in the range 1 to 65535. |
| host |
string |
Host name to connect to. For containers this defaults to the container IP or wan interface IP in host mode networking For device, this is a mandatory parameter |
GRPCCheck Message
| Name |
Type |
Description |
| port |
int32 |
Port number of the gRPC service. Number must be in the range 1 to 65535. |
| service |
string |
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. |
| host |
string |
Host name to connect to. For containers this defaults to the container IP or wan interface IP in host mode networking For device, this is a mandatory parameter |
| skip_tls_check |
bool |
|
ExecCheck Message
ExecCheck describes a “run in container” action.
| Name |
Type |
Description |
| command |
repeated string |
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (' |
DeviceFileCheck Message
DeviceFileCheck.FileTypeOneOf Message
| Name |
Type |
Description |
| is_directory |
bool |
|
| is_block_device |
bool |
|
| is_char_device |
bool |
|
| is_fifo |
bool |
|
| is_regular_file |
bool |
|
ntt.api Shared Enumerations
Here is the list of ntt.api shared enumerations:
LaunchStage Enumeration
The launch stage as defined by Google Cloud Platform
Launch Stages.
| Name |
Description |
| LAUNCH_STAGE_UNSPECIFIED |
Do not use this default value. |
| EARLY_ACCESS |
Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released. |
| ALPHA |
Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects whitelisted. Alpha releases don’t have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests – just like they would in normal production cases. |
| BETA |
Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases. |
| GA |
GA features are open to all developers and are considered stable and fully qualified for production use. |
| DEPRECATED |
Deprecated features are scheduled to be shut down and removed. For more information, see the “Deprecation Policy” section of our Terms of Service and the Google Cloud Platform Subject to the Deprecation Policy documentation. |
TpmVersion Enumeration
| Name |
Description |
| TPMVAGNOSTIC |
|
| TPMV12 |
|
| TPMV20 |
|
DigestAlg Enumeration
| Name |
Description |
| SHA1 |
|
| SHA256 |
|