// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // Definitions related to the SecureMessage format, used by CryptAuth. Do not // edit unless transcribing from server definitions. syntax = "proto2"; package securemessage; option optimize_for = LITE_RUNTIME; message SecureMessage { // Must contain a HeaderAndBody message. required bytes header_and_body = 1; // Signature of header_and_body. required bytes signature = 2; } // Supported "signature" schemes (both symmetric key and public key based). enum SigScheme { HMAC_SHA256 = 1; ECDSA_P256_SHA256 = 2; // Not recommended -- use ECDSA_P256_SHA256 instead RSA2048_SHA256 = 3; } // Supported encryption schemes. enum EncScheme { // No encryption. NONE = 1; AES_256_CBC = 2; } message Header { required SigScheme signature_scheme = 1; required EncScheme encryption_scheme = 2; // Identifies the verification key. optional bytes verification_key_id = 3; // Identifies the decryption key. optional bytes decryption_key_id = 4; // Encryption may use an IV. optional bytes iv = 5; // Arbitrary per-protocol public data, to be sent with the plain-text header. optional bytes public_metadata = 6; // The length of some associated data that is not sent in this SecureMessage, // but which will be bound to the signature. optional uint32 associated_data_length = 7 [default = 0]; } message HeaderAndBody { // Public data about this message (to be bound in the signature). required Header header = 1; // Payload data. required bytes body = 2; } // A list of supported public key types. enum PublicKeyType { EC_P256 = 1; RSA2048 = 2; // 2048-bit MODP group 14, from RFC 3526. DH2048_MODP = 3; } // A convenience proto for encoding NIST P-256 elliptic curve public keys. message EcP256PublicKey { // x and y are encoded in big-endian two's complement (slightly wasteful) // Client MUST verify (x,y) is a valid point on NIST P256. required bytes x = 1; required bytes y = 2; } // A convenience proto for encoding RSA public keys with small exponents. message SimpleRsaPublicKey { // Encoded in big-endian two's complement. required bytes n = 1; optional int32 e = 2 [default = 65537]; } // A convenience proto for encoding Diffie-Hellman public keys, // for use only when Elliptic Curve based key exchanges are not possible. // (Note that the group parameters must be specified separately). message DhPublicKey { // Big-endian two's complement encoded group element. required bytes y = 1; } message GenericPublicKey { required PublicKeyType type = 1; optional EcP256PublicKey ec_p256_public_key = 2; optional SimpleRsaPublicKey rsa2048_public_key = 3; // Use only as a last resort. optional DhPublicKey dh2048_public_key = 4; } // Used by protocols for communicating between a pair of devices. message DeviceToDeviceMessage { // The payload of the message. optional bytes message = 1; // The sequence number of the message - must be increasing. optional int32 sequence_number = 2; } // Sent as the first message from initiator to responder in an unauthenticated // Diffie-Hellman Key Exchange. message InitiatorHello { // The session public key to send to the responder. optional GenericPublicKey public_dh_key = 1; // The protocol version. optional int32 protocol_version = 2 [default = 0]; } // Sent inside the header of the first message from the responder to the // initiator in an unauthenticated Diffie-Hellman Key Exchange. message ResponderHello { // The session public key to send to the initiator. optional GenericPublicKey public_dh_key = 1; // The protocol version. optional int32 protocol_version = 2 [default = 0]; }