| syntax = "proto2"; |
| |
| package ct; |
| |
| |
| //////////////////////////////////////////////////////////////////////////////// |
| // These protocol buffers should be kept aligned with the I-D. // |
| //////////////////////////////////////////////////////////////////////////////// |
| |
| // RFC 5246 |
| message DigitallySigned { |
| enum HashAlgorithm { |
| NONE = 0; |
| MD5 = 1; |
| SHA1 = 2; |
| SHA224 = 3; |
| SHA256 = 4; |
| SHA384 = 5; |
| SHA512 = 6; |
| } |
| |
| enum SignatureAlgorithm { |
| ANONYMOUS = 0; |
| RSA = 1; |
| DSA = 2; |
| ECDSA = 3; |
| } |
| |
| // 1 byte |
| optional HashAlgorithm hash_algorithm = 1 [ default = NONE ]; |
| // 1 byte |
| optional SignatureAlgorithm sig_algorithm = 2 [ default = ANONYMOUS ]; |
| // 0..2^16-1 bytes |
| optional bytes signature = 3; |
| } |
| |
| enum LogEntryType { |
| X509_ENTRY = 0; |
| PRECERT_ENTRY = 1; |
| PRECERT_ENTRY_V2 = 2; |
| // Not part of the I-D, and outside the valid range. |
| X_JSON_ENTRY = 32768; // Experimental, don't rely on this! |
| UNKNOWN_ENTRY_TYPE = 65536; |
| } |
| |
| message X509ChainEntry { |
| // For V1 this entry just includes the certificate in the leaf_certificate |
| // field |
| // <1..2^24-1> |
| optional bytes leaf_certificate = 1; |
| // For V2 it includes the cert and key hash using CertInfo. The |
| // leaf_certificate field is not used |
| optional CertInfo cert_info = 3; |
| // <0..2^24-1> |
| // A chain from the leaf to a trusted root |
| // (excluding leaf and possibly root). |
| repeated bytes certificate_chain = 2; |
| } |
| |
| // opaque TBSCertificate<1..2^16-1>; |
| // struct { |
| // opaque issuer_key_hash[32]; |
| // TBSCertificate tbs_certificate; |
| // } PreCert; |
| // Retained for V1 API compatibility. May be removed in a future release. |
| message PreCert { |
| optional bytes issuer_key_hash = 1; |
| optional bytes tbs_certificate = 2; |
| } |
| |
| // In V2 this is used for both certificates and precertificates in SCTs. It |
| // replaces PreCert and has the same structure. The older message remains for |
| // compatibility with existing code that depends on this proto. |
| message CertInfo { |
| optional bytes issuer_key_hash = 1; |
| optional bytes tbs_certificate = 2; |
| } |
| |
| message PrecertChainEntry { |
| // <1..2^24-1> |
| optional bytes pre_certificate = 1; |
| // <0..2^24-1> |
| // The chain certifying the precertificate, as submitted by the CA. |
| repeated bytes precertificate_chain = 2; |
| |
| // PreCert input to the SCT. Can be computed from the above. |
| // Store it alongside the entry data so that the signers don't have to |
| // parse certificates to recompute it. |
| optional PreCert pre_cert = 3; |
| // As above for V2 messages. Only one of these fields will be set in a |
| // valid message |
| optional CertInfo cert_info = 4; |
| } |
| |
| message XJSONEntry { |
| optional string json = 1; |
| } |
| |
| // TODO(alcutter): Consider using extensions here instead. |
| message LogEntry { |
| optional LogEntryType type = 1 [ default = UNKNOWN_ENTRY_TYPE ]; |
| |
| optional X509ChainEntry x509_entry = 2; |
| |
| optional PrecertChainEntry precert_entry = 3; |
| |
| optional XJSONEntry x_json_entry = 4; |
| } |
| |
| enum SignatureType { |
| CERTIFICATE_TIMESTAMP = 0; |
| // TODO(ekasper): called tree_hash in I-D. |
| TREE_HEAD = 1; |
| } |
| |
| enum Version { |
| V1 = 0; |
| V2 = 1; |
| // Not part of the I-D, and outside the valid range. |
| UNKNOWN_VERSION = 256; |
| } |
| |
| message LogID { |
| // 32 bytes |
| optional bytes key_id = 1; |
| } |
| |
| message SctExtension { |
| // Valid range is 0-65534 |
| optional uint32 sct_extension_type = 1; |
| // Data is opaque and type specific. <0..2^16-1> bytes |
| optional bytes sct_extension_data = 2; |
| } |
| |
| // TODO(ekasper): implement support for id. |
| message SignedCertificateTimestamp { |
| optional Version version = 1 [ default = UNKNOWN_VERSION ]; |
| optional LogID id = 2; |
| // UTC time in milliseconds, since January 1, 1970, 00:00. |
| optional uint64 timestamp = 3; |
| optional DigitallySigned signature = 4; |
| // V1 extensions |
| optional bytes extensions = 5; |
| // V2 extensions <0..2^16-1>. Must be ordered by type (lowest first) |
| repeated SctExtension sct_extension = 6; |
| } |
| |
| message SignedCertificateTimestampList { |
| // One or more SCTs, <1..2^16-1> bytes each |
| repeated bytes sct_list = 1; |
| } |
| |
| enum MerkleLeafType { |
| TIMESTAMPED_ENTRY = 0; |
| UNKNOWN_LEAF_TYPE = 256; |
| } |
| |
| message SignedEntry { |
| // For V1 signed entries either the x509 or precert field will be set |
| optional bytes x509 = 1; |
| optional PreCert precert = 2; |
| optional bytes json = 3; |
| // For V2 all entries use the CertInfo field and the above fields are |
| // not set |
| optional CertInfo cert_info = 4; |
| } |
| |
| message TimestampedEntry { |
| optional uint64 timestamp = 1; |
| optional LogEntryType entry_type = 2; |
| optional SignedEntry signed_entry = 3; |
| // V1 extensions |
| optional bytes extensions = 4; |
| // V2 extensions <0..2^16-1>. Must be ordered by type (lowest first) |
| repeated SctExtension sct_extension = 5; |
| } |
| |
| // Stuff that's hashed into a Merkle leaf. |
| message MerkleTreeLeaf { |
| // The version of the corresponding SCT. |
| optional Version version = 1 [ default = UNKNOWN_VERSION ]; |
| optional MerkleLeafType type = 2 [ default = UNKNOWN_LEAF_TYPE ]; |
| optional TimestampedEntry timestamped_entry = 3; |
| } |
| |
| // TODO(benl): No longer needed? |
| // |
| // Used by cpp/client/ct: it assembles the one from the I-D JSON |
| // protocol. |
| // |
| // Used by cpp/server/blob-server: it uses one to call a variant of |
| // LogLookup::AuditProof. |
| message MerkleAuditProof { |
| optional Version version = 1 [ default = UNKNOWN_VERSION ]; |
| optional LogID id = 2; |
| optional int64 tree_size = 3; |
| optional uint64 timestamp = 4; |
| optional int64 leaf_index = 5; |
| repeated bytes path_node = 6; |
| optional DigitallySigned tree_head_signature = 7; |
| } |
| |
| message ShortMerkleAuditProof { |
| required int64 leaf_index = 1; |
| repeated bytes path_node = 2; |
| } |
| |
| //////////////////////////////////////////////////////////////////////////////// |
| // Finally, stuff that's not in the I-D but that we use internally // |
| // for logging entries and tree head state. // |
| //////////////////////////////////////////////////////////////////////////////// |
| |
| // TODO(alcutter): Come up with a better name :/ |
| message LoggedEntryPB { |
| optional int64 sequence_number = 1; |
| optional bytes merkle_leaf_hash = 2; |
| message Contents { |
| optional SignedCertificateTimestamp sct = 1; |
| optional LogEntry entry = 2; |
| } |
| required Contents contents = 3; |
| } |
| |
| message SthExtension { |
| // Valid range is 0-65534 |
| optional uint32 sth_extension_type = 1; |
| // Data is opaque and type specific <0..2^16-1> bytes |
| optional bytes sth_extension_data = 2; |
| } |
| |
| message SignedTreeHead { |
| // The version of the tree head signature. |
| // (Note that each leaf has its own version, so a V2 tree |
| // can contain V1 leaves, too. |
| optional Version version = 1 [ default = UNKNOWN_VERSION ]; |
| optional LogID id = 2; |
| optional uint64 timestamp = 3; |
| optional int64 tree_size = 4; |
| optional bytes sha256_root_hash = 5; |
| optional DigitallySigned signature = 6; |
| // Only supported in V2. <0..2^16-1> |
| repeated SthExtension sth_extension = 7; |
| } |
| |
| // Stuff the SSL client spits out from a connection. |
| message SSLClientCTData { |
| optional LogEntry reconstructed_entry = 1; |
| optional bytes certificate_sha256_hash = 2; |
| |
| message SCTInfo { |
| // There is an entry + sct -> leaf hash mapping. |
| optional SignedCertificateTimestamp sct = 1; |
| optional bytes merkle_leaf_hash = 2; |
| } |
| repeated SCTInfo attached_sct_info = 3; |
| } |
| |
| message ClusterNodeState { |
| optional string node_id = 1; |
| optional int64 contiguous_tree_size = 2 [deprecated = true]; |
| optional SignedTreeHead newest_sth = 3; |
| optional SignedTreeHead current_serving_sth = 4; |
| |
| // The following host_name/log_port pair are used to allow a log node to |
| // contact other nodes in the cluster, primarily for the purposes of |
| // replication. |
| // hostname/ip which can be used to contact [just] this log node |
| optional string hostname = 5; |
| // port on which this log node is listening. |
| optional int32 log_port = 6; |
| } |
| |
| message ClusterControl { |
| optional bool accept_new_entries = 1 [ default = true ]; |
| } |
| |
| message ClusterConfig { |
| ///////////////////////////////// |
| // This section of the config affects the selection of the cluster's current |
| // serving STH. |
| // The cluster will always attempt to determine the newest (and |
| // largest) possible STH which meets the constraints defined below from the |
| // set of STHs available at the individual cluster nodes. |
| // (Note that nodes with newer/larger STHs can, of course, serve |
| // earlier/smaller STHs.) |
| |
| |
| // The minimum number of nodes which must be able to serve a given STH. |
| // This setting allows you to configure the level of cluster resiliency |
| // against data (in the form of node/node database) loss. |
| // i.e.: Once an STH has been created, it must have been replicated to |
| // at least this many nodes before being considered as a candidate for |
| // the overall cluster serving STH. |
| optional int32 minimum_serving_nodes = 1; |
| |
| // The minimum fraction of nodes which must be able to serve a given STH. |
| // This setting allows you to configure the serving capacity redundancy of |
| // your cluster. |
| // e.g. you determine you need 3 nodes to serve your expected peak traffic |
| // levels, but want to be over-provisioned by 25% to ensure the cluster will |
| // continue to be able to handle the traffic in the case of a single node |
| // failure, you might set this to 0.75 to ensure that any cluster-wide |
| // serving STH candidate must be servable from at least 3 of your 4 nodes. |
| optional double minimum_serving_fraction = 2; |
| ///////////////////////////////// |
| |
| // When the number of entries in the EtcedConsistentStore exceeds this value, |
| // the log server will reject all calls to add-[pre-]chain to protect itself |
| // and etcd. |
| optional double etcd_reject_add_pending_threshold = 3 [default = 30000]; |
| } |
| |
| message SequenceMapping { |
| message Mapping { |
| optional bytes entry_hash = 1; |
| optional int64 sequence_number = 2; |
| } |
| |
| repeated Mapping mapping = 1; |
| } |