1/* Copyright 2018 Google LLC
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     https://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15syntax = "proto2";
16
17package securegcm;
18
19option java_package = "com.google.security.cryptauth.lib.securegcm";
20option java_outer_classname = "UkeyProto";
21
22message Ukey2Message {
23  enum Type {
24    UNKNOWN_DO_NOT_USE = 0;
25    ALERT = 1;
26    CLIENT_INIT = 2;
27    SERVER_INIT = 3;
28    CLIENT_FINISH = 4;
29  }
30
31  optional Type message_type = 1;   // Identifies message type
32  optional bytes message_data = 2;  // Actual message, to be parsed according to
33                                    // message_type
34}
35
36message Ukey2Alert {
37  enum AlertType {
38    // Framing errors
39    BAD_MESSAGE = 1;             // The message could not be deserialized
40    BAD_MESSAGE_TYPE = 2;        // message_type has an undefined value
41    INCORRECT_MESSAGE = 3;       // message_type received does not correspond to
42                                 // expected type at this stage of the protocol
43    BAD_MESSAGE_DATA = 4;        // Could not deserialize message_data as per
44                                 //  value inmessage_type
45
46    // ClientInit and ServerInit errors
47    BAD_VERSION = 100;           // version is invalid; server cannot find
48                                 // suitable version to speak with client.
49    BAD_RANDOM = 101;            // Random data is missing or of incorrect
50                                 // length
51    BAD_HANDSHAKE_CIPHER = 102;  // No suitable handshake ciphers were found
52    BAD_NEXT_PROTOCOL = 103;     // The next protocol is missing, unknown, or
53                                 // unsupported
54    BAD_PUBLIC_KEY = 104;        // The public key could not be parsed
55
56    // Other errors
57    INTERNAL_ERROR = 200;       // An internal error has occurred. error_message
58                                // may contain additional details for logging
59                                // and debugging.
60  }
61
62  optional AlertType type = 1;
63  optional string error_message = 2;
64}
65
66enum Ukey2HandshakeCipher {
67  RESERVED = 0;
68  P256_SHA512 = 100;        // NIST P-256 used for ECDH, SHA512 used for
69                            // commitment
70  CURVE25519_SHA512 = 200;  // Curve 25519 used for ECDH, SHA512 used for
71                            // commitment
72}
73
74message Ukey2ClientInit {
75  optional int32 version = 1;  // highest supported version for rollback
76                               // protection
77  optional bytes random = 2;   // random bytes for replay/reuse protection
78
79  // One commitment (hash of ClientFinished containing public key) per supported
80  // cipher
81  message CipherCommitment {
82    optional Ukey2HandshakeCipher handshake_cipher = 1;
83    optional bytes commitment = 2;
84  }
85  repeated CipherCommitment cipher_commitments = 3;
86
87  // Next protocol that the client wants to speak.
88  optional string next_protocol = 4;
89}
90
91message Ukey2ServerInit {
92  optional int32 version = 1;  // highest supported version for rollback
93                               // protection
94  optional bytes random = 2;   // random bytes for replay/reuse protection
95
96  // Selected Cipher and corresponding public key
97  optional Ukey2HandshakeCipher handshake_cipher = 3;
98  optional bytes public_key = 4;
99}
100
101message Ukey2ClientFinished {
102  optional bytes public_key = 1;  // public key matching selected handshake
103                                  // cipher
104}
105