blob: 8e658e9595cde1e15dd07da03ca9b831aafe5ef2 [file] [log] [blame]
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS-IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package privacy.ppn;
import "quiche/blind_sign_auth/proto/any.proto";
option java_multiple_files = true;
option java_outer_classname = "AttestationProto";
option java_package = "com.google.android.libraries.privacy.ppn.proto";
message NonceRequest {}
message NonceResponse {
// A nonce with the following format:
// ECDSA(
// SHA256(
// <random bytes of length [64, 128]>.<expiry time in ms>)).
bytes nonce = 1 ;
// Nonce signature.
bytes sig = 2;
// Algorithm used to sign the nonce. Should be "es256".
bytes alg = 3;
}
message ValidateDeviceRequest {
// Attestation data that is returned by the client.
oneof attestation_data {
AndroidAttestationData android_attestation_data = 1 [deprecated = true];
IosAttestationData ios_attestation_data = 2 [deprecated = true];
}
AttestationData attestation = 3;
string package_name = 4;
// If attestation is AndroidAttestationData device models should be listed in:
// https://storage.googleapis.com/play_public/supported_devices.html
repeated string allowed_models = 5;
}
message ValidateDeviceResponse {
// True iff all checks passed
// (integrity token, nonce, hardware properties are legitimate).
// Hardware properties check will be performed by the calling service
// as attestation only checks to see if the device's hardware properties
// are genuine.
bool device_verified = 1;
// Detailed information on what specifically passed and what did not.
VerdictBreakdown breakdown = 2;
// If verified, contains the device model.
string verified_device_type = 3;
}
message VerdictBreakdown {
enum Verdict {
VERDICT_UNKNOWN = 0;
VERDICT_PASS = 1;
VERDICT_FAIL = 2;
}
// Integrity verdict as determined by either Play Server or AppAttest.
Verdict integrity_verdict = 1;
// Whether nonce check passed.
Verdict nonce_verdict = 2;
// Whether or not the device properties sent by the client are
// legitimate.
Verdict device_properties_verdict = 3;
}
message PrepareAttestationData {
bytes attestation_nonce = 2 [
json_name = "attestation_nonce"
];
}
message AndroidAttestationData {
// Play IntegrityToken returned by Play Integrity API is detailed in
// https://developer.android.com/google/play/integrity/verdict.
string attestation_token = 1 ;
// X509 Certificate chain generated by Android Keystore used for
// Hardware-Backed Key Attestation.
repeated bytes hardware_backed_certs = 2;
}
message IosAttestationData {
// AppAttest attestation token.
// Encoded in CBOR format.
bytes attestation_token = 1 ;
}
message AttestationData {
quiche.protobuf.Any attestation_data = 1;
}