| // Copyright 2015 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| // Definitions related to the SecureMessage format, used by CryptAuth. Do not |
| // edit unless transcribing from server definitions. |
| syntax = "proto2"; |
| |
| package securemessage; |
| |
| option optimize_for = LITE_RUNTIME; |
| |
| message SecureMessage { |
| // Must contain a HeaderAndBody message. |
| required bytes header_and_body = 1; |
| // Signature of header_and_body. |
| required bytes signature = 2; |
| } |
| |
| // Supported "signature" schemes (both symmetric key and public key based). |
| enum SigScheme { |
| HMAC_SHA256 = 1; |
| ECDSA_P256_SHA256 = 2; |
| // Not recommended -- use ECDSA_P256_SHA256 instead |
| RSA2048_SHA256 = 3; |
| } |
| |
| // Supported encryption schemes. |
| enum EncScheme { |
| // No encryption. |
| NONE = 1; |
| AES_256_CBC = 2; |
| } |
| |
| message Header { |
| required SigScheme signature_scheme = 1; |
| required EncScheme encryption_scheme = 2; |
| // Identifies the verification key. |
| optional bytes verification_key_id = 3; |
| // Identifies the decryption key. |
| optional bytes decryption_key_id = 4; |
| // Encryption may use an IV. |
| optional bytes iv = 5; |
| // Arbitrary per-protocol public data, to be sent with the plain-text header. |
| optional bytes public_metadata = 6; |
| // The length of some associated data that is not sent in this SecureMessage, |
| // but which will be bound to the signature. |
| optional uint32 associated_data_length = 7 [default = 0]; |
| } |
| |
| message HeaderAndBody { |
| // Public data about this message (to be bound in the signature). |
| required Header header = 1; |
| // Payload data. |
| required bytes body = 2; |
| } |
| |
| // A list of supported public key types. |
| enum PublicKeyType { |
| EC_P256 = 1; |
| RSA2048 = 2; |
| // 2048-bit MODP group 14, from RFC 3526. |
| DH2048_MODP = 3; |
| } |
| |
| // A convenience proto for encoding NIST P-256 elliptic curve public keys. |
| message EcP256PublicKey { |
| // x and y are encoded in big-endian two's complement (slightly wasteful) |
| // Client MUST verify (x,y) is a valid point on NIST P256. |
| required bytes x = 1; |
| required bytes y = 2; |
| } |
| |
| // A convenience proto for encoding RSA public keys with small exponents. |
| message SimpleRsaPublicKey { |
| // Encoded in big-endian two's complement. |
| required bytes n = 1; |
| optional int32 e = 2 [default = 65537]; |
| } |
| |
| // A convenience proto for encoding Diffie-Hellman public keys, |
| // for use only when Elliptic Curve based key exchanges are not possible. |
| // (Note that the group parameters must be specified separately). |
| message DhPublicKey { |
| // Big-endian two's complement encoded group element. |
| required bytes y = 1; |
| } |
| |
| message GenericPublicKey { |
| required PublicKeyType type = 1; |
| optional EcP256PublicKey ec_p256_public_key = 2; |
| optional SimpleRsaPublicKey rsa2048_public_key = 3; |
| // Use only as a last resort. |
| optional DhPublicKey dh2048_public_key = 4; |
| } |
| |
| // Used by protocols for communicating between a pair of devices. |
| message DeviceToDeviceMessage { |
| // The payload of the message. |
| optional bytes message = 1; |
| |
| // The sequence number of the message - must be increasing. |
| optional int32 sequence_number = 2; |
| } |
| |
| // Sent as the first message from initiator to responder in an unauthenticated |
| // Diffie-Hellman Key Exchange. |
| message InitiatorHello { |
| // The session public key to send to the responder. |
| optional GenericPublicKey public_dh_key = 1; |
| |
| // The protocol version. |
| optional int32 protocol_version = 2 [default = 0]; |
| } |
| |
| // Sent inside the header of the first message from the responder to the |
| // initiator in an unauthenticated Diffie-Hellman Key Exchange. |
| message ResponderHello { |
| // The session public key to send to the initiator. |
| optional GenericPublicKey public_dh_key = 1; |
| |
| // The protocol version. |
| optional int32 protocol_version = 2 [default = 0]; |
| } |