syntax = "proto3";
package privacy.ppn;
import "quiche/blind_sign_auth/proto/any.proto";
import "storage/datapol/annotations/proto/semantic_annotations.proto";
option go_api_flag = "OPEN_TO_OPAQUE_HYBRID";
option java_api_version = 2;
option java_multiple_files = true;
option java_outer_classname = "AttestationProto";
option java_package = "";
option cc_api_version = 2;
option (datapol.file_vetting_status) = "latest";
message NonceRequest {}
message NonceResponse {
// A nonce with the following format:
// SHA256(
// <random bytes of length [64, 128]>.<expiry time in ms>)).
bytes nonce = 1 ;
// Nonce signature.
bytes sig = 2;
// Algorithm used to sign the nonce. Should be "es256".
bytes alg = 3;
message ValidateDeviceRequest {
// Attestation data that is returned by the client.
oneof attestation_data {
AndroidAttestationData android_attestation_data = 1 [deprecated = true];
IosAttestationData ios_attestation_data = 2 [deprecated = true];
AttestationData attestation = 3;
string package_name = 4;
// If attestation is AndroidAttestationData device models should be listed in:
repeated string allowed_models = 5;
message ValidateDeviceResponse {
// True iff all checks passed
// (integrity token, nonce, hardware properties are legitimate).
// Hardware properties check will be performed by the calling service
// as attestation only checks to see if the device's hardware properties
// are genuine.
bool device_verified = 1;
// Detailed information on what specifically passed and what did not.
VerdictBreakdown breakdown = 2;
// If verified, contains the device model.
string verified_device_type = 3;
message VerdictBreakdown {
enum Verdict {
// Integrity verdict as determined by either Play Server or AppAttest.
Verdict integrity_verdict = 1;
// Whether nonce check passed.
Verdict nonce_verdict = 2;
// Whether or not the device properties sent by the client are
// legitimate.
Verdict device_properties_verdict = 3;
message PrepareAttestationData {
bytes attestation_nonce = 2 [
json_name = "attestation_nonce"
message AndroidAttestationData {
// Play IntegrityToken returned by Play Integrity API is detailed in
string attestation_token = 1 ;
// X509 Certificate chain generated by Android Keystore used for
// Hardware-Backed Key Attestation.
repeated bytes hardware_backed_certs = 2;
message IosAttestationData {
// AppAttest attestation token.
// Encoded in CBOR format.
bytes attestation_token = 1 ;
message AttestationData {
quiche.protobuf.Any attestation_data = 1;