Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(341)

Unified Diff: components/policy/proto/device_management_backend.proto

Issue 2261763002: Device enterprise registration with a certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Initialize pointers to nullptr. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: components/policy/proto/device_management_backend.proto
diff --git a/components/policy/proto/device_management_backend.proto b/components/policy/proto/device_management_backend.proto
index 2c2d6131c5887079be226b811c1ece270973bbcd..f80cd1be2a5c829bdfd90c53be111a15e2df0891 100644
--- a/components/policy/proto/device_management_backend.proto
+++ b/components/policy/proto/device_management_backend.proto
@@ -8,14 +8,15 @@ option optimize_for = LITE_RUNTIME;
package enterprise_management;
-// The wrapper message of any data and its signature.
-// Note: this should be compatible with the definition of SignedData in:
-// "third_party/chromiumos_platform_cryptohome/attestation.proto"
+// Data along with a cryptographic signature verifying their authenticity.
message SignedData {
// The data to be signed.
optional bytes data = 1;
// The signature of the data field.
optional bytes signature = 2;
+ // How many bytes were added to the end of original data before signature
+ // (e.g. a nonce to avoid proxy attacks of the signing service).
+ optional int32 extra_data_bytes = 3;
}
// Request from device to server to register device.
@@ -1093,10 +1094,12 @@ message CheckAndroidManagementResponse {}
// certificate).
// The response message will be the DeviceRegisterReponse.
message CertificateBasedDeviceRegisterRequest {
- // signed_request.data is CertificateBasedDeviceRegistrationData type
- // signed_request.signature is a signature generated with device cert's
- // private key
- optional SignedData signed_request = 2;
+ // Signed request to register with a certificate. The signed_request.data
+ // field contains a CertificateBasedDeviceRegistrationData with a nonce
+ // (as added by the Chrome OS cryptohome client) appended. The
+ // signed_request.signature field is a signature of the data field signed
+ // with the enrollment certificate's private key.
+ optional SignedData signed_request = 1;
}
message CertificateBasedDeviceRegistrationData {
@@ -1142,6 +1145,7 @@ message CertificateBasedDeviceRegistrationData {
// * attribute_update
// * gcm_id_update
// * check_android_management
+// * certificate_based_register
//
// * devicetype: MUST BE "1" for Android or "2" for Chrome OS.
// * apptype: MUST BE Android or Chrome.
@@ -1155,9 +1159,10 @@ message CertificateBasedDeviceRegistrationData {
// and gcm id update requests
// Authorization: GoogleDMToken token=<dm token from register>
//
-// * The Authorization header isn't used for enterprise_check
-// request, nor for register requests using OAuth. In the latter case,
-// the OAuth token is passed in the "oauth" parameter.
+// * The Authorization header isn't used for enterprise_check or for
+// certificate_based_register requests, nor for register requests
+// using OAuth. In the latter case, the OAuth token is passed in the
+// "oauth" parameter.
//
// DeviceManagementRequest should only contain one request which matches the
// HTTP query parameter - request, as listed below. Other requests within the
@@ -1177,6 +1182,7 @@ message CertificateBasedDeviceRegistrationData {
// attribute_update: device_attribute_update_request
// gcm_id_update: gcm_id_update_request
// check_android_management: check_android_management_request
+// certificate_based_register: cert_based_register_request
//
message DeviceManagementRequest {
// Register request.
@@ -1229,6 +1235,11 @@ message DeviceManagementRequest {
// Check if user is a managed Android-for-Work user with DPC enforcement.
optional CheckAndroidManagementRequest check_android_management_request = 17;
+
+ // Request to register with a registration certificate.
+ optional CertificateBasedDeviceRegisterRequest
+ cert_based_register_request = 18;
+
}
// Response from server to device.
« no previous file with comments | « components/policy/core/common/remote_commands/remote_commands_service_unittest.cc ('k') | components/policy_strings.grdp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698