Google Git
Sign in
fuchsia / third_party / github.com / moby / moby / refs/tags/v17.03.2-ce-rc1 / . / vendor / github.com / google / certificate-transparency / proto / ct.proto
blob: 84e968fe48a510d527650bc4ea4090bf0a25cc8a [file] [log] [blame]
syntax = "proto2";
package ct;
////////////////////////////////////////////////////////////////////////////////
// These protocol buffers should be kept aligned with the I-D. //
////////////////////////////////////////////////////////////////////////////////
// RFC 5246
message DigitallySigned {
enum HashAlgorithm {
NONE = 0;
MD5 = 1;
SHA1 = 2;
SHA224 = 3;
SHA256 = 4;
SHA384 = 5;
SHA512 = 6;
}
enum SignatureAlgorithm {
ANONYMOUS = 0;
RSA = 1;
DSA = 2;
ECDSA = 3;
}
// 1 byte
optional HashAlgorithm hash_algorithm = 1 [ default = NONE ];
// 1 byte
optional SignatureAlgorithm sig_algorithm = 2 [ default = ANONYMOUS ];
// 0..2^16-1 bytes
optional bytes signature = 3;
}
enum LogEntryType {
X509_ENTRY = 0;
PRECERT_ENTRY = 1;
PRECERT_ENTRY_V2 = 2;
// Not part of the I-D, and outside the valid range.
X_JSON_ENTRY = 32768; // Experimental, don't rely on this!
UNKNOWN_ENTRY_TYPE = 65536;
}
message X509ChainEntry {
// For V1 this entry just includes the certificate in the leaf_certificate
// field
// <1..2^24-1>
optional bytes leaf_certificate = 1;
// For V2 it includes the cert and key hash using CertInfo. The
// leaf_certificate field is not used
optional CertInfo cert_info = 3;
// <0..2^24-1>
// A chain from the leaf to a trusted root
// (excluding leaf and possibly root).
repeated bytes certificate_chain = 2;
}
// opaque TBSCertificate<1..2^16-1>;
// struct {
// opaque issuer_key_hash[32];
// TBSCertificate tbs_certificate;
// } PreCert;
// Retained for V1 API compatibility. May be removed in a future release.
message PreCert {
optional bytes issuer_key_hash = 1;
optional bytes tbs_certificate = 2;
}
// In V2 this is used for both certificates and precertificates in SCTs. It
// replaces PreCert and has the same structure. The older message remains for
// compatibility with existing code that depends on this proto.
message CertInfo {
optional bytes issuer_key_hash = 1;
optional bytes tbs_certificate = 2;
}
message PrecertChainEntry {
// <1..2^24-1>
optional bytes pre_certificate = 1;
// <0..2^24-1>
// The chain certifying the precertificate, as submitted by the CA.
repeated bytes precertificate_chain = 2;
// PreCert input to the SCT. Can be computed from the above.
// Store it alongside the entry data so that the signers don't have to
// parse certificates to recompute it.
optional PreCert pre_cert = 3;
// As above for V2 messages. Only one of these fields will be set in a
// valid message
optional CertInfo cert_info = 4;
}
message XJSONEntry {
optional string json = 1;
}
// TODO(alcutter): Consider using extensions here instead.
message LogEntry {
optional LogEntryType type = 1 [ default = UNKNOWN_ENTRY_TYPE ];
optional X509ChainEntry x509_entry = 2;
optional PrecertChainEntry precert_entry = 3;
optional XJSONEntry x_json_entry = 4;
}
enum SignatureType {
CERTIFICATE_TIMESTAMP = 0;
// TODO(ekasper): called tree_hash in I-D.
TREE_HEAD = 1;
}
enum Version {
V1 = 0;
V2 = 1;
// Not part of the I-D, and outside the valid range.
UNKNOWN_VERSION = 256;
}
message LogID {
// 32 bytes
optional bytes key_id = 1;
}
message SctExtension {
// Valid range is 0-65534
optional uint32 sct_extension_type = 1;
// Data is opaque and type specific. <0..2^16-1> bytes
optional bytes sct_extension_data = 2;
}
// TODO(ekasper): implement support for id.
message SignedCertificateTimestamp {
optional Version version = 1 [ default = UNKNOWN_VERSION ];
optional LogID id = 2;
// UTC time in milliseconds, since January 1, 1970, 00:00.
optional uint64 timestamp = 3;
optional DigitallySigned signature = 4;
// V1 extensions
optional bytes extensions = 5;
// V2 extensions <0..2^16-1>. Must be ordered by type (lowest first)
repeated SctExtension sct_extension = 6;
}
message SignedCertificateTimestampList {
// One or more SCTs, <1..2^16-1> bytes each
repeated bytes sct_list = 1;
}
enum MerkleLeafType {
TIMESTAMPED_ENTRY = 0;
UNKNOWN_LEAF_TYPE = 256;
}
message SignedEntry {
// For V1 signed entries either the x509 or precert field will be set
optional bytes x509 = 1;
optional PreCert precert = 2;
optional bytes json = 3;
// For V2 all entries use the CertInfo field and the above fields are
// not set
optional CertInfo cert_info = 4;
}
message TimestampedEntry {
optional uint64 timestamp = 1;
optional LogEntryType entry_type = 2;
optional SignedEntry signed_entry = 3;
// V1 extensions
optional bytes extensions = 4;
// V2 extensions <0..2^16-1>. Must be ordered by type (lowest first)
repeated SctExtension sct_extension = 5;
}
// Stuff that's hashed into a Merkle leaf.
message MerkleTreeLeaf {
// The version of the corresponding SCT.
optional Version version = 1 [ default = UNKNOWN_VERSION ];
optional MerkleLeafType type = 2 [ default = UNKNOWN_LEAF_TYPE ];
optional TimestampedEntry timestamped_entry = 3;
}
// TODO(benl): No longer needed?
//
// Used by cpp/client/ct: it assembles the one from the I-D JSON
// protocol.
//
// Used by cpp/server/blob-server: it uses one to call a variant of
// LogLookup::AuditProof.
message MerkleAuditProof {
optional Version version = 1 [ default = UNKNOWN_VERSION ];
optional LogID id = 2;
optional int64 tree_size = 3;
optional uint64 timestamp = 4;
optional int64 leaf_index = 5;
repeated bytes path_node = 6;
optional DigitallySigned tree_head_signature = 7;
}
message ShortMerkleAuditProof {
required int64 leaf_index = 1;
repeated bytes path_node = 2;
}
////////////////////////////////////////////////////////////////////////////////
// Finally, stuff that's not in the I-D but that we use internally //
// for logging entries and tree head state. //
////////////////////////////////////////////////////////////////////////////////
// TODO(alcutter): Come up with a better name :/
message LoggedEntryPB {
optional int64 sequence_number = 1;
optional bytes merkle_leaf_hash = 2;
message Contents {
optional SignedCertificateTimestamp sct = 1;
optional LogEntry entry = 2;
}
required Contents contents = 3;
}
message SthExtension {
// Valid range is 0-65534
optional uint32 sth_extension_type = 1;
// Data is opaque and type specific <0..2^16-1> bytes
optional bytes sth_extension_data = 2;
}
message SignedTreeHead {
// The version of the tree head signature.
// (Note that each leaf has its own version, so a V2 tree
// can contain V1 leaves, too.
optional Version version = 1 [ default = UNKNOWN_VERSION ];
optional LogID id = 2;
optional uint64 timestamp = 3;
optional int64 tree_size = 4;
optional bytes sha256_root_hash = 5;
optional DigitallySigned signature = 6;
// Only supported in V2. <0..2^16-1>
repeated SthExtension sth_extension = 7;
}
// Stuff the SSL client spits out from a connection.
message SSLClientCTData {
optional LogEntry reconstructed_entry = 1;
optional bytes certificate_sha256_hash = 2;
message SCTInfo {
// There is an entry + sct -> leaf hash mapping.
optional SignedCertificateTimestamp sct = 1;
optional bytes merkle_leaf_hash = 2;
}
repeated SCTInfo attached_sct_info = 3;
}
message ClusterNodeState {
optional string node_id = 1;
optional int64 contiguous_tree_size = 2 [deprecated = true];
optional SignedTreeHead newest_sth = 3;
optional SignedTreeHead current_serving_sth = 4;
// The following host_name/log_port pair are used to allow a log node to
// contact other nodes in the cluster, primarily for the purposes of
// replication.
// hostname/ip which can be used to contact [just] this log node
optional string hostname = 5;
// port on which this log node is listening.
optional int32 log_port = 6;
}
message ClusterControl {
optional bool accept_new_entries = 1 [ default = true ];
}
message ClusterConfig {
/////////////////////////////////
// This section of the config affects the selection of the cluster's current
// serving STH.
// The cluster will always attempt to determine the newest (and
// largest) possible STH which meets the constraints defined below from the
// set of STHs available at the individual cluster nodes.
// (Note that nodes with newer/larger STHs can, of course, serve
// earlier/smaller STHs.)
// The minimum number of nodes which must be able to serve a given STH.
// This setting allows you to configure the level of cluster resiliency
// against data (in the form of node/node database) loss.
// i.e.: Once an STH has been created, it must have been replicated to
// at least this many nodes before being considered as a candidate for
// the overall cluster serving STH.
optional int32 minimum_serving_nodes = 1;
// The minimum fraction of nodes which must be able to serve a given STH.
// This setting allows you to configure the serving capacity redundancy of
// your cluster.
// e.g. you determine you need 3 nodes to serve your expected peak traffic
// levels, but want to be over-provisioned by 25% to ensure the cluster will
// continue to be able to handle the traffic in the case of a single node
// failure, you might set this to 0.75 to ensure that any cluster-wide
// serving STH candidate must be servable from at least 3 of your 4 nodes.
optional double minimum_serving_fraction = 2;
/////////////////////////////////
// When the number of entries in the EtcedConsistentStore exceeds this value,
// the log server will reject all calls to add-[pre-]chain to protect itself
// and etcd.
optional double etcd_reject_add_pending_threshold = 3 [default = 30000];
}
message SequenceMapping {
message Mapping {
optional bytes entry_hash = 1;
optional int64 sequence_number = 2;
}
repeated Mapping mapping = 1;
}