feat: Added support for signed container image and custom audience and nonce requests (#11525)

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Anthonios Partheniou <partheniou@google.com>

Author: gcf-owl-bot[bot]

packages/google-cloud-confidentialcomputing/.flake8

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

packages/google-cloud-confidentialcomputing/CONTRIBUTING.rst

@@ -236,7 +236,7 @@ We support:
 
 Supported versions can be found in our ``noxfile.py`` `config`_.
 
-.. _config: https://github.com/googleapis/google-cloud-python/blob/main/noxfile.py
+.. _config: https://github.com/googleapis/google-cloud-python/blob/main/packages/google-cloud-confidentialcomputing/noxfile.py
 
 
 **********

packages/google-cloud-confidentialcomputing/MANIFEST.in

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

packages/google-cloud-confidentialcomputing/README.rst

@@ -36,21 +36,24 @@ In order to use this library, you first need to go through the following steps:
 Installation
 ~~~~~~~~~~~~
 
-Install this library in a `virtualenv`_ using pip. `virtualenv`_ is a tool to
-create isolated Python environments. The basic problem it addresses is one of
-dependencies and versions, and indirectly permissions.
+Install this library in a virtual environment using `venv`_. `venv`_ is a tool that
+creates isolated Python environments. These isolated environments can have separate
+versions of Python packages, which allows you to isolate one project's dependencies
+from the dependencies of other projects.
 
-With `virtualenv`_, it's possible to install this library without needing system
+With `venv`_, it's possible to install this library without needing system
 install permissions, and without clashing with the installed system
 dependencies.
 
-.. _`virtualenv`: https://virtualenv.pypa.io/en/latest/
+.. _`venv`: https://docs.python.org/3/library/venv.html
 
 
 Code samples and snippets
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Code samples and snippets live in the `samples/` folder.
+Code samples and snippets live in the `samples/`_ folder.
+
+.. _samples/: https://github.com/googleapis/google-cloud-python/tree/main/packages/google-cloud-confidentialcomputing/samples
 
 
 Supported Python Versions
@@ -77,21 +80,19 @@ Mac/Linux
 
 .. code-block:: console
 
- pip install virtualenv
- virtualenv <your-env>
+ python3 -m venv <your-env>
  source <your-env>/bin/activate
- <your-env>/bin/pip install google-cloud-confidentialcomputing
+ pip install google-cloud-confidentialcomputing
 
 
 Windows
 ^^^^^^^
 
 .. code-block:: console
 
- pip install virtualenv
- virtualenv <your-env>
- <your-env>\Scripts\activate
- <your-env>\Scripts\pip.exe install google-cloud-confidentialcomputing
+ py -m venv <your-env>
+ .\<your-env>\Scripts\activate
+ pip install google-cloud-confidentialcomputing
 
 Next Steps
 ~~~~~~~~~~

packages/google-cloud-confidentialcomputing/docs/conf.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Copyright 2021 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

packages/google-cloud-confidentialcomputing/google/cloud/confidentialcomputing/__init__.py

@@ -26,8 +26,13 @@
 )
 from google.cloud.confidentialcomputing_v1.types.service import (
  Challenge,
+ ConfidentialSpaceInfo,
+ ContainerImageSignature,
  CreateChallengeRequest,
  GcpCredentials,
+ SignedEntity,
+ SigningAlgorithm,
+ TokenOptions,
  TpmAttestation,
  VerifyAttestationRequest,
  VerifyAttestationResponse,
@@ -37,9 +42,14 @@
  "ConfidentialComputingClient",
  "ConfidentialComputingAsyncClient",
  "Challenge",
+ "ConfidentialSpaceInfo",
+ "ContainerImageSignature",
  "CreateChallengeRequest",
  "GcpCredentials",
+ "SignedEntity",
+ "TokenOptions",
  "TpmAttestation",
  "VerifyAttestationRequest",
  "VerifyAttestationResponse",
+ "SigningAlgorithm",
 )

packages/google-cloud-confidentialcomputing/google/cloud/confidentialcomputing_v1/__init__.py

@@ -24,8 +24,13 @@
 )
 from .types.service import (
  Challenge,
+ ConfidentialSpaceInfo,
+ ContainerImageSignature,
  CreateChallengeRequest,
  GcpCredentials,
+ SignedEntity,
+ SigningAlgorithm,
+ TokenOptions,
  TpmAttestation,
  VerifyAttestationRequest,
  VerifyAttestationResponse,
@@ -35,8 +40,13 @@
  "ConfidentialComputingAsyncClient",
  "Challenge",
  "ConfidentialComputingClient",
+ "ConfidentialSpaceInfo",
+ "ContainerImageSignature",
  "CreateChallengeRequest",
  "GcpCredentials",
+ "SignedEntity",
+ "SigningAlgorithm",
+ "TokenOptions",
  "TpmAttestation",
  "VerifyAttestationRequest",
  "VerifyAttestationResponse",

packages/google-cloud-confidentialcomputing/google/cloud/confidentialcomputing_v1/types/__init__.py

@@ -15,18 +15,28 @@
 #
 from .service import (
  Challenge,
+ ConfidentialSpaceInfo,
+ ContainerImageSignature,
  CreateChallengeRequest,
  GcpCredentials,
+ SignedEntity,
+ SigningAlgorithm,
+ TokenOptions,
  TpmAttestation,
  VerifyAttestationRequest,
  VerifyAttestationResponse,
 )
 
 __all__ = (
  "Challenge",
+ "ConfidentialSpaceInfo",
+ "ContainerImageSignature",
  "CreateChallengeRequest",
  "GcpCredentials",
+ "SignedEntity",
+ "TokenOptions",
  "TpmAttestation",
  "VerifyAttestationRequest",
  "VerifyAttestationResponse",
+ "SigningAlgorithm",
 )

packages/google-cloud-confidentialcomputing/google/cloud/confidentialcomputing_v1/types/service.py

@@ -23,16 +23,42 @@
 __protobuf__ = proto.module(
  package="google.cloud.confidentialcomputing.v1",
  manifest={
+ "SigningAlgorithm",
  "Challenge",
  "CreateChallengeRequest",
  "VerifyAttestationRequest",
  "VerifyAttestationResponse",
  "GcpCredentials",
+ "TokenOptions",
  "TpmAttestation",
+ "ConfidentialSpaceInfo",
+ "SignedEntity",
+ "ContainerImageSignature",
  },
 )
 
 
+class SigningAlgorithm(proto.Enum):
+ r"""SigningAlgorithm enumerates all the supported signing
+ algorithms.
+
+ Values:
+ SIGNING_ALGORITHM_UNSPECIFIED (0):
+ Unspecified signing algorithm.
+ RSASSA_PSS_SHA256 (1):
+ RSASSA-PSS with a SHA256 digest.
+ RSASSA_PKCS1V15_SHA256 (2):
+ RSASSA-PKCS1 v1.5 with a SHA256 digest.
+ ECDSA_P256_SHA256 (3):
+ ECDSA on the P-256 Curve with a SHA256
+ digest.
+ """
+ SIGNING_ALGORITHM_UNSPECIFIED = 0
+ RSASSA_PSS_SHA256 = 1
+ RSASSA_PKCS1V15_SHA256 = 2
+ ECDSA_P256_SHA256 = 3
+
+
 class Challenge(proto.Message):
  r"""A Challenge from the server used to guarantee freshness of
  attestations
@@ -124,6 +150,13 @@ class VerifyAttestationRequest(proto.Message):
  Required. The TPM-specific data provided by
  the attesting platform, used to populate any of
  the claims regarding platform state.
+ confidential_space_info (google.cloud.confidentialcomputing_v1.types.ConfidentialSpaceInfo):
+ Optional. Optional information related to the
+ Confidential Space TEE.
+ token_options (google.cloud.confidentialcomputing_v1.types.TokenOptions):
+ Optional. A collection of optional,
+ workload-specified claims that modify the token
+ output.
  """
 
  challenge: str = proto.Field(
@@ -140,6 +173,16 @@ class VerifyAttestationRequest(proto.Message):
  number=3,
  message="TpmAttestation",
  )
+ confidential_space_info: "ConfidentialSpaceInfo" = proto.Field(
+ proto.MESSAGE,
+ number=4,
+ message="ConfidentialSpaceInfo",
+ )
+ token_options: "TokenOptions" = proto.Field(
+ proto.MESSAGE,
+ number=5,
+ message="TokenOptions",
+ )
 
 
 class VerifyAttestationResponse(proto.Message):
@@ -173,6 +216,32 @@ class GcpCredentials(proto.Message):
  )
 
 
+class TokenOptions(proto.Message):
+ r"""Options to modify claims in the token to generate
+ custom-purpose tokens.
+
+ Attributes:
+ audience (str):
+ Optional. Optional string to issue the token
+ with a custom audience claim. Required if one or
+ more nonces are specified.
+ nonce (MutableSequence[str]):
+ Optional. Optional parameter to place one or more nonces in
+ the eat_nonce claim in the output token. The minimum size
+ for JSON-encoded EATs is 10 bytes and the maximum size is 74
+ bytes.
+ """
+
+ audience: str = proto.Field(
+ proto.STRING,
+ number=1,
+ )
+ nonce: MutableSequence[str] = proto.RepeatedField(
+ proto.STRING,
+ number=2,
+ )
+
+
 class TpmAttestation(proto.Message):
  r"""TPM2 data containing everything necessary to validate any
  platform state measured into the TPM.
@@ -260,4 +329,88 @@ class Quote(proto.Message):
  )
 
 
+class ConfidentialSpaceInfo(proto.Message):
+ r"""ConfidentialSpaceInfo contains information related to the
+ Confidential Space TEE.
+
+ Attributes:
+ signed_entities (MutableSequence[google.cloud.confidentialcomputing_v1.types.SignedEntity]):
+ Optional. A list of signed entities
+ containing container image signatures that can
+ be used for server-side signature verification.
+ """
+
+ signed_entities: MutableSequence["SignedEntity"] = proto.RepeatedField(
+ proto.MESSAGE,
+ number=1,
+ message="SignedEntity",
+ )
+
+
+class SignedEntity(proto.Message):
+ r"""SignedEntity represents an OCI image object containing
+ everything necessary to verify container image signatures.
+
+ Attributes:
+ container_image_signatures (MutableSequence[google.cloud.confidentialcomputing_v1.types.ContainerImageSignature]):
+ Optional. A list of container image
+ signatures attached to an OCI image object.
+ """
+
+ container_image_signatures: MutableSequence[
+ "ContainerImageSignature"
+ ] = proto.RepeatedField(
+ proto.MESSAGE,
+ number=1,
+ message="ContainerImageSignature",
+ )
+
+
+class ContainerImageSignature(proto.Message):
+ r"""ContainerImageSignature holds necessary metadata to verify a
+ container image signature.
+
+ Attributes:
+ payload (bytes):
+ Required. The binary signature payload following the
+ SimpleSigning format
+ https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing.
+ This payload includes the container image digest.
+ signature (bytes):
+ Required. A signature over the payload. The container image
+ digest is incorporated into the signature as follows:
+
+ 1. Generate a SimpleSigning format payload that includes the
+ container image digest.
+ 2. Generate a signature over SHA256 digest of the payload.
+ The signature generation process can be represented as
+ follows:
+ ``Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))``
+ public_key (bytes):
+ Required. An associated public key used to
+ verify the signature.
+ sig_alg (google.cloud.confidentialcomputing_v1.types.SigningAlgorithm):
+ Required. The algorithm used to produce the
+ container image signature.
+ """
+
+ payload: bytes = proto.Field(
+ proto.BYTES,
+ number=1,
+ )
+ signature: bytes = proto.Field(
+ proto.BYTES,
+ number=2,
+ )
+ public_key: bytes = proto.Field(
+ proto.BYTES,
+ number=3,
+ )
+ sig_alg: "SigningAlgorithm" = proto.Field(
+ proto.ENUM,
+ number=4,
+ enum="SigningAlgorithm",
+ )
+
+
 __all__ = tuple(sorted(__protobuf__.manifest))

packages/google-cloud-confidentialcomputing/noxfile.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright 2018 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.