| /* Copyright 2018 Google LLC |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * https://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| syntax = "proto2"; |
| |
| package securegcm; |
| |
| option java_package = "com.google.security.cryptauth.lib.securegcm"; |
| option java_outer_classname = "UkeyProto"; |
| |
| message Ukey2Message { |
| enum Type { |
| UNKNOWN_DO_NOT_USE = 0; |
| ALERT = 1; |
| CLIENT_INIT = 2; |
| SERVER_INIT = 3; |
| CLIENT_FINISH = 4; |
| } |
| |
| optional Type message_type = 1; // Identifies message type |
| optional bytes message_data = 2; // Actual message, to be parsed according to |
| // message_type |
| } |
| |
| message Ukey2Alert { |
| enum AlertType { |
| // Framing errors |
| BAD_MESSAGE = 1; // The message could not be deserialized |
| BAD_MESSAGE_TYPE = 2; // message_type has an undefined value |
| INCORRECT_MESSAGE = 3; // message_type received does not correspond to |
| // expected type at this stage of the protocol |
| BAD_MESSAGE_DATA = 4; // Could not deserialize message_data as per |
| // value inmessage_type |
| |
| // ClientInit and ServerInit errors |
| BAD_VERSION = 100; // version is invalid; server cannot find |
| // suitable version to speak with client. |
| BAD_RANDOM = 101; // Random data is missing or of incorrect |
| // length |
| BAD_HANDSHAKE_CIPHER = 102; // No suitable handshake ciphers were found |
| BAD_NEXT_PROTOCOL = 103; // The next protocol is missing, unknown, or |
| // unsupported |
| BAD_PUBLIC_KEY = 104; // The public key could not be parsed |
| |
| // Other errors |
| INTERNAL_ERROR = 200; // An internal error has occurred. error_message |
| // may contain additional details for logging |
| // and debugging. |
| } |
| |
| optional AlertType type = 1; |
| optional string error_message = 2; |
| } |
| |
| enum Ukey2HandshakeCipher { |
| RESERVED = 0; |
| P256_SHA512 = 100; // NIST P-256 used for ECDH, SHA512 used for |
| // commitment |
| CURVE25519_SHA512 = 200; // Curve 25519 used for ECDH, SHA512 used for |
| // commitment |
| } |
| |
| message Ukey2ClientInit { |
| optional int32 version = 1; // highest supported version for rollback |
| // protection |
| optional bytes random = 2; // random bytes for replay/reuse protection |
| |
| // One commitment (hash of ClientFinished containing public key) per supported |
| // cipher |
| message CipherCommitment { |
| optional Ukey2HandshakeCipher handshake_cipher = 1; |
| optional bytes commitment = 2; |
| } |
| repeated CipherCommitment cipher_commitments = 3; |
| |
| // Next protocol that the client wants to speak. |
| optional string next_protocol = 4; |
| } |
| |
| message Ukey2ServerInit { |
| optional int32 version = 1; // highest supported version for rollback |
| // protection |
| optional bytes random = 2; // random bytes for replay/reuse protection |
| |
| // Selected Cipher and corresponding public key |
| optional Ukey2HandshakeCipher handshake_cipher = 3; |
| optional bytes public_key = 4; |
| } |
| |
| message Ukey2ClientFinished { |
| optional bytes public_key = 1; // public key matching selected handshake |
| // cipher |
| } |
