| // Copyright 2023 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // https://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS-IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| syntax = "proto3"; |
| |
| package privacy.ppn; |
| |
| import "quiche/blind_sign_auth/proto/any.proto"; |
| |
| option java_multiple_files = true; |
| option java_outer_classname = "AttestationProto"; |
| option java_package = "com.google.android.libraries.privacy.ppn.proto"; |
| |
| message NonceRequest {} |
| |
| message NonceResponse { |
| // A nonce with the following format: |
| // ECDSA( |
| // SHA256( |
| // <random bytes of length [64, 128]>.<expiry time in ms>)). |
| bytes nonce = 1; |
| |
| // Nonce signature. |
| bytes sig = 2; |
| |
| // Algorithm used to sign the nonce. Should be "es256". |
| bytes alg = 3; |
| } |
| |
| message ValidateDeviceRequest { |
| // Attestation data that is returned by the client. |
| oneof attestation_data { |
| AndroidAttestationData android_attestation_data = 1; |
| IosAttestationData ios_attestation_data = 2; |
| } |
| AttestationData attestation = 3; |
| |
| string package_name = 4; |
| |
| // If attestation is AndroidAttestationData device models should be listed in: |
| // https://storage.googleapis.com/play_public/supported_devices.html |
| repeated string allowed_models = 5; |
| } |
| |
| message ValidateDeviceResponse { |
| // True iff all checks passed |
| // (integrity token, nonce, hardware properties are legitimate). |
| // Hardware properties check will be performed by the calling service |
| // as attestation only checks to see if the device's hardware properties |
| // are genuine. |
| bool device_verified = 1; |
| |
| // Detailed information on what specifically passed and what did not. |
| VerdictBreakdown breakdown = 2; |
| |
| // If verified, contains the device model. |
| string verified_device_type = 3; |
| } |
| |
| message VerdictBreakdown { |
| enum Verdict { |
| VERDICT_UNKNOWN = 0; |
| VERDICT_PASS = 1; |
| VERDICT_FAIL = 2; |
| } |
| |
| // Integrity verdict as determined by either Play Server or AppAttest. |
| Verdict integrity_verdict = 1; |
| |
| // Whether nonce check passed. |
| Verdict nonce_verdict = 2; |
| |
| // Whether or not the device properties sent by the client are |
| // legitimate. |
| Verdict device_properties_verdict = 3; |
| } |
| |
| message PrepareAttestationData { |
| bytes attestation_nonce = 2; |
| } |
| |
| message AndroidAttestationData { |
| // Play IntegrityToken returned by Play Integrity API is detailed in |
| // https://developer.android.com/google/play/integrity/verdict. |
| string attestation_token = 1; |
| |
| // X509 Certificate chain generated by Android Keystore used for |
| // Hardware-Backed Key Attestation. |
| repeated bytes hardware_backed_certs = 2; |
| } |
| |
| message IosAttestationData { |
| // AppAttest attestation token. |
| // Encoded in CBOR format. |
| bytes attestation_token = 1; |
| } |
| |
| message AttestationData { |
| quiche.protobuf.Any attestation_data = 1; |
| } |