OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This protobuffer is intended to store reports from Chrome users of | 5 // This protobuffer is intended to store reports from Chrome users of |
6 // certificate pinning errors. A report will be sent from Chrome when it gets | 6 // certificate pinning errors. A report will be sent from Chrome when it gets |
7 // e.g. a certificate for google.com that chains up to a root CA not expected by | 7 // e.g. a certificate for google.com that chains up to a root CA not expected by |
8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or | 8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or |
9 // other pinning errors such as a blacklisted cert in the chain. The | 9 // other pinning errors such as a blacklisted cert in the chain. The |
10 // report from the user will include the hostname being accessed, | 10 // report from the user will include the hostname being accessed, |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
46 OK = 1; | 46 OK = 1; |
47 MALFORMED_CERT_DATA = 2; | 47 MALFORMED_CERT_DATA = 2; |
48 HOST_CERT_DONT_MATCH = 3; | 48 HOST_CERT_DONT_MATCH = 3; |
49 ROOT_NOT_RECOGNIZED = 4; | 49 ROOT_NOT_RECOGNIZED = 4; |
50 ROOT_NOT_UNEXPECTED = 5; | 50 ROOT_NOT_UNEXPECTED = 5; |
51 OTHER_ERROR = 6; | 51 OTHER_ERROR = 6; |
52 }; | 52 }; |
53 required ResponseCode response = 1; | 53 required ResponseCode response = 1; |
54 }; | 54 }; |
55 | 55 |
56 // A wrapper proto containing an encrypted CertLoggerRequest | |
57 message EncryptedCertLoggerRequest { | |
58 // An encrypted, serialized CertLoggerRequest | |
59 required bytes encrypted_report = 1; | |
60 // An identifier for the server public key that was used to encrypt | |
61 // this report. | |
62 required uint32 server_public_key = 2; | |
63 // The ephemeral client public key used to encrypt the report. | |
64 required bytes client_public_key = 3; | |
65 | |
66 required bytes nonce = 4; | |
agl
2015/03/05 19:22:25
Since the key is random per-message, the nonce can
| |
67 required bytes mac = 5; | |
agl
2015/03/05 19:22:25
this shouldn't be split out, it should be appended
| |
68 | |
69 enum Algorithm { | |
70 UNKNOWN_ALGORITHM = 0; | |
71 ECDH_AES_CTR_128_HMAC_SHA256 = 1; | |
agl
2015/03/05 19:22:25
the server side that I reviewed was using AES_256.
| |
72 } | |
73 | |
74 optional Algorithm algorithm = 6 [default = UNKNOWN_ALGORITHM]; | |
agl
2015/03/05 19:22:25
the default is UNKNOWN_ALGORITHM? Don't you want t
| |
75 } | |
OLD | NEW |