1*3f982cf4SFabien Sanglard// Copyright 2019 The Chromium Authors. All rights reserved. 2*3f982cf4SFabien Sanglard// Use of this source code is governed by a BSD-style license that can be 3*3f982cf4SFabien Sanglard// found in the LICENSE file. 4*3f982cf4SFabien Sanglard// 5*3f982cf4SFabien Sanglard// Data structures related to Cast device certificate revocation infrastructure. 6*3f982cf4SFabien Sanglard 7*3f982cf4SFabien Sanglard// This proto must be kept in sync with google3. 8*3f982cf4SFabien Sanglard 9*3f982cf4SFabien Sanglardsyntax = "proto2"; 10*3f982cf4SFabien Sanglard 11*3f982cf4SFabien Sanglardpackage cast.certificate; 12*3f982cf4SFabien Sanglard 13*3f982cf4SFabien Sanglardoption optimize_for = LITE_RUNTIME; 14*3f982cf4SFabien Sanglard 15*3f982cf4SFabien Sanglardmessage CrlBundle { 16*3f982cf4SFabien Sanglard // List of supported versions of the same revocation list. 17*3f982cf4SFabien Sanglard repeated Crl crls = 1; 18*3f982cf4SFabien Sanglard} 19*3f982cf4SFabien Sanglard 20*3f982cf4SFabien Sanglardmessage Crl { 21*3f982cf4SFabien Sanglard // Octet string of serialized TbsCrl protobuf. 22*3f982cf4SFabien Sanglard optional bytes tbs_crl = 1; 23*3f982cf4SFabien Sanglard 24*3f982cf4SFabien Sanglard // Binary ASN.1 DER encoding of the signer's certificate. 25*3f982cf4SFabien Sanglard optional bytes signer_cert = 2; 26*3f982cf4SFabien Sanglard 27*3f982cf4SFabien Sanglard // Signature calculated over the contents of the tbs_crl field. Signature 28*3f982cf4SFabien Sanglard // algorithm is implied by TbsCrl.version. 29*3f982cf4SFabien Sanglard optional bytes signature = 3; 30*3f982cf4SFabien Sanglard} 31*3f982cf4SFabien Sanglard 32*3f982cf4SFabien Sanglardmessage TbsCrl { 33*3f982cf4SFabien Sanglard // Version 0 algorithms: 34*3f982cf4SFabien Sanglard // revoked_public_key_hashes: SHA-256 35*3f982cf4SFabien Sanglard // SerialNumberRange.issuer_public_key_hash: SHA-256 36*3f982cf4SFabien Sanglard // Crl.signature: RSA-PKCS1 V1.5 with SHA-256 37*3f982cf4SFabien Sanglard optional uint64 version = 1 [default = 0]; 38*3f982cf4SFabien Sanglard 39*3f982cf4SFabien Sanglard // Inclusive validity range of the CRL in Unix time. 40*3f982cf4SFabien Sanglard optional uint64 not_before_seconds = 2; 41*3f982cf4SFabien Sanglard optional uint64 not_after_seconds = 3; 42*3f982cf4SFabien Sanglard 43*3f982cf4SFabien Sanglard // SPKI hashes of revoked credentials. Hashing algorithm is implied by 44*3f982cf4SFabien Sanglard // TbsCrl.version. 45*3f982cf4SFabien Sanglard repeated bytes revoked_public_key_hashes = 4; 46*3f982cf4SFabien Sanglard 47*3f982cf4SFabien Sanglard repeated SerialNumberRange revoked_serial_number_ranges = 5; 48*3f982cf4SFabien Sanglard} 49*3f982cf4SFabien Sanglard 50*3f982cf4SFabien Sanglardmessage SerialNumberRange { 51*3f982cf4SFabien Sanglard // SPKI hash of the certificate issuer. Hashing algorithm is implied by the 52*3f982cf4SFabien Sanglard // enclosing TbsCrl.version. 53*3f982cf4SFabien Sanglard optional bytes issuer_public_key_hash = 1; 54*3f982cf4SFabien Sanglard 55*3f982cf4SFabien Sanglard // Inclusive range of revoked certificate serial numbers. Only certificates 56*3f982cf4SFabien Sanglard // with positive serial numbers that fit within 64 bits can be revoked through 57*3f982cf4SFabien Sanglard // this mechanism. 58*3f982cf4SFabien Sanglard optional uint64 first_serial_number = 2; 59*3f982cf4SFabien Sanglard optional uint64 last_serial_number = 3; 60*3f982cf4SFabien Sanglard} 61