chromium/chromeos/ash/services/device_sync/proto/cryptauth_directive.proto

// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Contains messages sent from CryptAuth to clients who registered keys using
// the v2 Enrollment protocol. The messages provide instructions to clients such
// as how frequently to check in with CryptAuth via a SyncKeysRequest, how long
// to wait between failed enrollment attempts, and what other keys are required
// to cross-sign for a particular key.
syntax = "proto3";

package cryptauthv2;

option optimize_for = LITE_RUNTIME;

import "cryptauth_common.proto";

// The policy to be handed down to the party which registered the public key
// with the server. It is produced on the fly from current ServerSidePolicy
// and PolicyConfig (PC).
message KeyDirective {
  // The specific policy which was used to generate this message.
  PolicyReference policy_reference = 1;

  // When rotating the current key, 'crossproof_key_name' keys should be used
  // to cross sign. This is retrieved from PolicyConfig.crossproof_key_name .
  repeated string crossproof_key_names = 2;

  // The time when the key was enrolled/rotated (as observed by the server).
  // This should be the same as ServerSidePolicy.enroll_time_millis .
  int64 enroll_time_millis = 3;
}

// This contains the directives handed down to the party which registered the
// public key with the server. These directives are aggregated from across all
// the policies of the keys that have been registered by this first party.
message ClientDirective {
  // The specific policy which was used to generate this message.
  PolicyReference policy_reference = 1;

  // The first party should check in with the server after this period.
  // The server may require the client (first party) to rotate the key
  // (based on PolicyConfig.rotate_delay_millis from across all the policies
  // of the registered keys).
  // For each policy of a registered key a value is randomly drawn from
  // [PC.checkin_delay_millis - PC.checkin_delay_millis_interval,
  // PC.checkin_delay_millis + PC.checkin_delay_millis_interval].
  // The minimum value from across all these values is used.
  //
  // Whenever such a time period is coming due, the client should check in
  // all its keys with the server. The server tells the client which of those
  // keys need to be rotated and the rotation process proceeds for all these
  // keys (bundled together).
  int64 checkin_delay_millis = 2;

  // In case any call to CryptAuth v2 failed, the first party should retry
  // at most these many times right away, without the need to wait at all.
  // Passed in from PC.retry_attempts.
  // For example, a value of 1 means one original request, and if failed, a
  // single retry should follow.
  int32 retry_attempts = 3;

  // In case any call to CryptAuth v2 failed retry_attempts + 1 times, the first
  // party should retry the call again after this time period. If this latter
  // retry fails, the first party should wait this time period again then retry
  // and repeat until the request succeeds.
  // For each policy of a registered key a value is randomly drawn from
  // [PC.retry_period_millis - PC.retry_period_millis_interval,
  // PC.retry_period_millis + PC.retry_period_millis_interval].
  // The maximum value from across all these values is used.
  int64 retry_period_millis = 4;

  // The timestamp when this policy was minted.
  // This can help the client sync with the server's time.
  // checkin_delay_millis and retry_period_millis are relative to this time.
  // Without this timestamp, the client should act right away with regard to
  // the *_millis fields (ie, schedule something at NOW + *_millis).
  // With this timestamp (considering the times of both server and client are
  // in sync), the client would have all the required information for
  // a later action.
  int64 create_time_millis = 5;

  // Which other services should be invoked after this interaction is complete.
  repeated InvokeNext invoke_next = 6;
}

// Instructing the client to invoke a specific service.
message InvokeNext {
  // Target service to be involved next.
  TargetService service = 1;

  // Key name to be processed for target service.
  string key_name = 2;
}

// The policy to be handed down to a third party along with the corresponding
// public key of the device it asked for. It is produced on the fly from current
// PolicyConfig and ServerSidePolicy (defined in
// java/com/google/security/cryptauth/v2/backend/common/policy/policy.proto).
message ThirdPartyKeyDirective {
  // The specific policy which was used to generate this message.
  PolicyReference policy_reference = 1;

  // The third party should not use this key after this timestamp.
  // It should sync with CryptAuth for getting a fresh one after this timestamp.
  // This should be consistent with what the latest first party directive states
  // (in its create_time_millis field), combined with
  // PolicyConfig.rotate_delay_millis .
  int64 expire_time_millis = 2;

  // The timestamp when this policy was distributed to the third party.
  int64 distribute_time_millis = 3;
}