Chromium Code Reviews Chromium Code Reviews
Issue 1060483002:
Add SecureMessage definitions to CryptAuth. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 // Definitions related to the SecureMessage format, used by CryptAuth. Do not | |
| 6 // edit unless transcribing from server definitions. | |
| 7 syntax = "proto2"; | |
| 8 | |
| 9 package securemessage; | |
| 10 | |
| 11 option optimize_for = LITE_RUNTIME; | |
| 12 | |
| 13 message SecureMessage { | |
| 14 // Must contain a HeaderAndBody message. | |
| 15 required bytes header_and_body = 1; | |
| 16 // Signature of header_and_body. | |
| 17 required bytes signature = 2; | |
| 18 } | |
| 19 | |
| 20 // Supported "signature" schemes (both symmetric key and public key based). | |
| 21 enum SigScheme { | |
| 22 HMAC_SHA256 = 1; | |
| 23 ECDSA_P256_SHA256 = 2; | |
| 24 // Not recommended -- use ECDSA_P256_SHA256 instead | |
| 25 RSA2048_SHA256 = 3; | |
| 26 } | |
| 27 | |
| 28 // Supported encryption schemes. | |
| 29 enum EncScheme { | |
| 30 // No encryption. | |
| 31 NONE = 1; | |
| 32 AES_256_CBC = 2; | |
| 33 } | |
| 34 | |
| 35 message Header { | |
| 36 required SigScheme signature_scheme = 1; | |
| 37 required EncScheme encryption_scheme = 2; | |
| 38 // Identifies the verification key. | |
| 39 optional bytes verification_key_id = 3; | |
| 40 // Identifies the decryption key. | |
| 41 optional bytes decryption_key_id = 4; | |
| 42 // Encryption may use an IV. | |
| 43 optional bytes iv = 5; | |
| 44 // Arbitrary per-protocol public data, to be sent with the plain-text header. | |
| 45 optional bytes public_metadata = 6; | |
| 46 // The length of some associated data this is not sent in this SecureMessage, | |
|
Ilya Sherman
2015/04/03 02:13:05
nit: s/this/that?
Tim Song
2015/04/03 02:46:34
Done. This is copied from the server .proto file.
| |
| 47 // but which will be bound to the signature. | |
| 48 optional uint32 associated_data_length = 7 [default = 0]; | |
| 49 } | |
| 50 | |
| 51 message HeaderAndBody { | |
| 52 // Public data about this message (to be bound in the signature). | |
| 53 required Header header = 1; | |
| 54 // Payload data. | |
| 55 required bytes body = 2; | |
| 56 } | |
| 57 | |
| 58 // A list of supported public key types. | |
| 59 enum PublicKeyType { | |
| 60 EC_P256 = 1; | |
| 61 RSA2048 = 2; | |
| 62 // 2048-bit MODP group 14, from RFC 3526. | |
| 63 DH2048_MODP = 3; | |
| 64 } | |
| 65 | |
| 66 // A convenience proto for encoding NIST P-256 elliptic curve public keys. | |
| 67 message EcP256PublicKey { | |
| 68 // x and y are encoded in big-endian two's complement (slightly wasteful) | |
| 69 // Client MUST verify (x,y) is a valid point on NIST P256. | |
| 70 required bytes x = 1; | |
| 71 required bytes y = 2; | |
| 72 } | |
| 73 | |
| 74 // A convenience proto for encoding RSA public keys with small exponents. | |
| 75 message SimpleRsaPublicKey { | |
| 76 // Encoded in big-endian two's complement. | |
| 77 required bytes n = 1; | |
| 78 optional int32 e = 2 [default = 65537]; | |
| 79 } | |
| 80 | |
| 81 // A convenience proto for encoding Diffie-Hellman public keys, | |
| 82 // for use only when Elliptic Curve based key exchanges are not possible. | |
| 83 // (Note that the group parameters must be specified separately). | |
| 84 message DhPublicKey { | |
| 85 // Big-endian two's complement encoded group element. | |
| 86 required bytes y = 1; | |
| 87 } | |
| 88 | |
| 89 message GenericPublicKey { | |
| 90 required PublicKeyType type = 1; | |
| 91 optional EcP256PublicKey ec_p256_public_key = 2; | |
| 92 optional SimpleRsaPublicKey rsa2048_public_key = 3; | |
| 93 // Use only as a last resort. | |
| 94 optional DhPublicKey dh2048_public_key = 4; | |
| 95 } | |
| OLD | NEW |
