1/* 2 * Copyright 2023 Google LLC. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * https://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16syntax = "proto3"; 17 18package private_join_and_compute.anonymous_counting_tokens; 19 20import "act/act.proto"; 21import "google/protobuf/timestamp.proto"; 22 23 24option java_multiple_files = true; 25 26message Transcript { 27 SchemeParameters scheme_parameters = 1; 28 ServerParameters server_parameters = 2; 29 ClientParameters client_parameters = 3; 30 repeated string messages = 4; 31 repeated bytes fingerprints = 5; 32 TokensRequest tokens_request = 6; 33 TokensRequestPrivateState tokens_request_private_state = 7; 34 TokensResponse tokens_response = 8; 35 repeated Token tokens = 9; 36} 37 38message MessagesSet { 39 repeated string message = 1; 40} 41 42message GeneratedTokensRequestProto { 43 repeated bytes fingerprints_bytes = 1; 44 TokensRequest token_request = 2; 45 TokensRequestPrivateState tokens_request_private_state = 3; 46} 47 48message TokensSet { 49 repeated Token tokens = 1; 50} 51 52message Timestamp { 53 // Represents seconds of UTC time since Unix epoch 54 // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 55 // 9999-12-31T23:59:59Z inclusive. 56 int64 seconds = 1; 57 58 // Non-negative fractions of a second at nanosecond resolution. Negative 59 // second values with fractions must still have non-negative nanos values 60 // that count forward in time. Must be from 0 to 999,999,999 61 // inclusive. 62 int32 nanos = 2; 63} 64 65 66// Server public params request. 67message GetServerPublicParamsRequest { 68 // The response should contain the latest server params corresponding to this 69 // scheme_params_version. 70 string scheme_params_version = 1; 71} 72 73// Server public params response. 74message GetServerPublicParamsResponse { 75 // The name of the return parameters, to be used in subsequent token requests. 76 string server_params_version = 1; 77 ServerPublicParameters server_public_params = 2; 78 // The time when tokens can be requested for these parameters. 79 // After this expires, clients registered with these server params must 80 // re-register with a new unexpired server_params. 81 Timestamp server_params_sign_expiry = 3; 82 // The time when tokens can be redeemed for these parameters. 83 Timestamp server_params_join_expiry = 4; 84} 85 86message RequestMetadata { 87 // AuthType decouples the authentication method from the platform or client. 88 enum AuthType { 89 AUTH_TYPE_UNSPECIFIED = 0; 90 AUTH_GAIA = 1; 91 AUTH_DEVICE_ATTESTATION = 2; 92 } 93 AuthType auth_type = 1; 94 // Currently, only Android clients need to send metadata for authentication. 95 oneof client { 96 AndroidRequestMetadata android_request_metadata = 2; 97 } 98} 99 100enum AttestationScheme { 101 SCHEME_UNSPECIFIED = 0; 102 SCHEME_X509_CERTIFICATE_CHAIN = 1; 103} 104 105// Authentication for Android devices, an alternative to Gaia. 106message AndroidRequestMetadata { 107 // Id of the client owning the device with the given attestation. 108 bytes client_id = 1; 109 // Android device attestation. 110 bytes attestation = 2; 111 AttestationScheme attestation_scheme = 3; 112} 113 114// Client registration request. 115message RegisterClientRequest { 116 reserved 3, 4; 117 ClientPublicParameters client_public_params = 1; 118 string server_params_version = 2; 119 RequestMetadata request_metadata = 5; 120} 121 122// Client registration response. 123message RegisterClientResponse { 124 // The name given to the client parameters, to be used for all subsequent 125 // token requests. 126 string client_params_version = 1; 127 // The time when tokens can be issued and redeemed for these parameters. 128 Timestamp client_params_expiry = 2; 129 // The time after which the client needs to reregister params. 130 Timestamp client_reregister_expiry = 3; 131} 132 133message GetKeyAttestationChallengeResponse { 134 // Transparently passed KA Challenge from KAVS 135 bytes attestation_challenge = 1; 136 // Timestamp of challenge expiration; given and managed by KAVS. 137 Timestamp expiry = 2; 138} 139 140// Request to get tokens. 141message GetTokensRequest { 142 reserved 2, 5, 6; 143 144 string client_params_version = 1; 145 TokensRequest tokens_request = 3; 146 147 // Client fingerprints are cryptographic objects that allow the server to 148 // check whether the messages underlying tokens_request are different from 149 // all previous requests from this client with these parameters. 150 repeated bytes client_fingerprints_bytes = 4; 151 152 RequestMetadata request_metadata = 7; 153} 154 155// Response containing tokens. 156message GetTokensResponse { 157 TokensResponse tokens_response = 1; 158 // The time when tokens extracted from this response can be redeemed. 159 Timestamp tokens_expiry = 3; 160} 161 162// Redeem token request. 163message RedeemTokenRequest { 164 reserved 3; 165 // The token to be redeemed. 166 Token token = 1; 167 // The server params version associated with this token. 168 string server_params_version = 2; 169 // The message signed by this token. 170 bytes token_message_bytes = 4; 171} 172 173// Redeem token response. 174message RedeemTokenResponse {} 175 176message JoinSetRequest { 177 // The name of the set to join in types/{type}/sets/{set} format. 178 // The type will have a maximum of 8 characters. 179 // The set identifier will have a maximum of 64 characters. 180 string name = 1; 181 182 // The shortened (j-bit) client identifier. 183 uint32 short_client_identifier = 4; 184 185 reserved 2, 3; 186} 187