| // Copyright 2019 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| syntax = "proto3"; |
| |
| package aftl; |
| option go_package = "proto"; |
| |
| import "trillian.proto"; |
| import "crypto/sigpb/sigpb.proto"; |
| import "google/protobuf/timestamp.proto"; |
| |
| // These messages are used both by the frontend API and the Trillian log. |
| message FirmwareInfo { |
| // This is the SHA256 hash of vbmeta. |
| bytes vbmeta_hash = 1; |
| |
| // Subcomponent of the build fingerprint as defined at |
| // https://source.android.com/compatibility/android-cdd#3_2_2_build_parameters. |
| // For example, a Pixel device with the following build fingerprint |
| // google/crosshatch/crosshatch:9/PQ3A.190605.003/5524043:user/release-keys, |
| // would have 5524043 for the version incremental. |
| string version_incremental = 2; |
| |
| // Public key of the platform. This is the same key used to sign the vbmeta. |
| bytes platform_key = 3; |
| |
| // SHA256 of the manufacturer public key (DER-encoded, x509 |
| // subjectPublicKeyInfo format). The public key MUST already be in the list |
| // of root keys known and trusted by the AFTL. |
| // Internal: This field is required to be able to identify which manufacturer |
| // this request is coming from. |
| bytes manufacturer_key_hash = 4; |
| |
| // Free form description field. It can be used to annotate this message with |
| // further context on the build (e.g., carrier specific build). |
| string description = 5; |
| } |
| |
| message SignedFirmwareInfo { |
| FirmwareInfo info = 1; |
| |
| // Signature of the info field, using manufacturer_pub_key. |
| // For the signature, info is first serialized to JSON. It is not |
| // expected to be able to reconstruct the info field from scratch. |
| // When verifying the inclusion proof associated with the info, it is |
| // expected that the leaf is provided. |
| sigpb.DigitallySigned info_signature = 2; |
| } |
| |
| message FirmwareImageInfo { |
| // This is the SHA256 hash of vbmeta. |
| bytes vbmeta_hash = 1; |
| |
| // SHA256 hash of the complete binary image. In case of Pixel, this would be |
| // the hash of the ZIP file that is offered for download at: |
| // https://developers.google.com/android/images |
| bytes hash = 2; |
| |
| // Build fingerprint, e.g. in case of Pixel |
| // google/crosshatch/crosshatch:9/PQ3A.190605.003/5524043:user/release-keys |
| // See https://source.android.com/compatibility/android-cdd.html#3_2_2_build_parameters |
| // for the expected format of this field. |
| string build_fingerprint = 3; |
| } |
| |
| message SignedFirmwareImageInfo { |
| FirmwareImageInfo image_info = 1; |
| sigpb.DigitallySigned image_info_signature = 2; |
| } |
| |
| |
| message InclusionProof { |
| trillian.Proof proof = 1; |
| trillian.SignedLogRoot sth = 2; |
| } |
| |
| // Trillian-specific data types |
| message Leaf { |
| int32 version = 1; |
| |
| // Timestamp when the entry was added to the log. |
| google.protobuf.Timestamp timestamp = 2; |
| |
| oneof value { |
| bytes vbmeta = 3; |
| FirmwareInfoAnnotation fw_info = 4; |
| FirmwareImageInfoAnnotation fw_image_info = 5; |
| } |
| } |
| |
| message FirmwareInfoAnnotation { |
| SignedFirmwareInfo info = 1; |
| } |
| |
| message FirmwareImageInfoAnnotation { |
| SignedFirmwareImageInfo info = 1; |
| |
| // URL of the firmware image in the Cloud Storage bucket populated by AFTL. |
| string url = 2; |
| } |