1/* Copyright 2018 Google LLC
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     https://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15syntax = "proto2";
16
17package securegcm;
18
19option java_package = "com.google.security.cryptauth.lib.securegcm";
20option java_outer_classname = "DeviceToDeviceMessagesProto";
21option objc_class_prefix = "SGCM";
22
23import "securemessage.proto";
24
25// Used by protocols between devices
26message DeviceToDeviceMessage {
27  // the payload of the message
28  optional bytes message = 1;
29
30  // the sequence number of the message - must be increasing.
31  optional int32 sequence_number = 2;
32}
33
34// sent as the first message from initiator to responder
35// in an unauthenticated Diffie-Hellman Key Exchange
36message InitiatorHello {
37  // The session public key to send to the responder
38  optional securemessage.GenericPublicKey public_dh_key = 1;
39
40  // The protocol version
41  optional int32 protocol_version = 2 [default = 0];
42}
43
44// sent inside the header of the first message from the responder to the
45// initiator in an unauthenticated Diffie-Hellman Key Exchange
46message ResponderHello {
47  // The session public key to send to the initiator
48  optional securemessage.GenericPublicKey public_dh_key = 1;
49
50  // The protocol version
51  optional int32 protocol_version = 2 [default = 0];
52}
53
54// Type of curve
55enum Curve {
56  ED_25519 = 1;
57}
58
59// A convenience proto for encoding curve points in affine representation
60message EcPoint {
61  required Curve curve = 1;
62
63  // x and y are encoded in big-endian two's complement
64  // client MUST verify (x,y) is a valid point on the specified curve
65  required bytes x = 2;
66  required bytes y = 3;
67}
68
69message SpakeHandshakeMessage {
70  // Each flow in the protocol bumps this counter
71  optional int32 flow_number = 1;
72
73  // Some (but not all) SPAKE flows send a point on an elliptic curve
74  optional EcPoint ec_point = 2;
75
76  // Some (but not all) SPAKE flows send a hash value
77  optional bytes hash_value = 3;
78
79  // The last flow of a SPAKE protocol can send an optional payload,
80  // since the key exchange is already complete on the sender's side.
81  optional bytes payload = 4;
82}
83
84