Cast device revocation checking.

components/cast_certificate/proto/revocation.proto

Index: components/cast_certificate/proto/revocation.proto
diff --git a/components/cast_certificate/proto/revocation.proto b/components/cast_certificate/proto/revocation.proto
new file mode 100644
index 0000000000000000000000000000000000000000..7d37e051b373441f0cb60eb6fe4ee6c4eaa54eff
--- /dev/null
+++ b/components/cast_certificate/proto/revocation.proto
@@ -0,0 +1,47 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Data structures related to Cast device certificate revocation infrastructure.
+
+// This proto must be kept in sync with google3.
+
+syntax = "proto2";
+
+option optimize_for = LITE_RUNTIME;
+
+package cast_certificate;
+
+message CrlBundle {
+  // List of supported versions of the same revocation list.
+  repeated Crl crls = 1;
+}
+
+message Crl {
+  // Octet string of serialized TbsCrl protobuf.
+  optional bytes tbs_crl = 1;
+
+  // Binary ASN.1 DER encoding of the signer's certificate.
+  optional bytes signer_cert = 2;
+
+  // Signature calculated over the contents of the tbs_crl field.
+  optional bytes signature = 3;
+}
+
+message TbsCrl {
+  // Version 0 algorithms:
+  //  revoked_public_key_hashes: SHA-256
+  //  SerialNumberRange.issuer_public_key_hash: SHA-256
+  //  Crl.signature: RSA-PKCS1 V1.5 with SHA-256
+  optional uint64 version = 1 [default = 0];
+  optional uint64 issuance_time_millis = 2;
+  optional uint64 validity_period_millis = 3;
+  repeated bytes revoked_public_key_hashes = 4;
+  repeated SerialNumberRange revoked_serial_number_ranges = 5;
+}
+
+message SerialNumberRange {
+  optional bytes issuer_public_key_hash = 1;
+  optional uint64 first_serial_number = 2;
+  optional uint64 last_serial_number = 3;
+}