-
Notifications
You must be signed in to change notification settings - Fork 13
/
auth.proto
35 lines (29 loc) · 1.62 KB
/
auth.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
// Copyright(c) 2020 Zededa, Inc.
// All rights reserved.
syntax = "proto3";
import "evecommon/evecommon.proto";
import "evecommon/acipherinfo.proto";
package org.lfedge.eve.auth;
option go_package = "github.com/lf-edge/eve-api/go/auth";
option java_package = "org.lfedge.eve.auth";
message AuthBody {
bytes payload = 1;
}
// Envolope which can be signed OR signed and encrypted. If `cipherContext` and
// `cipherData` are defined and valid, then auth body has to be decrypted first
// by using the encrypted payload defined in the `cipherData.cipherData` member.
// Once the `cipherBlock` is decrypted, the actual result of the decryption is
// fed into the authentication as if it had been in `protectedPayload` (AuthBody
// type).
message AuthContainer {
AuthBody protectedPayload = 1; // envelope body, a marshalled protobuf data or it can be null
// if the length of senderCertHash received is not N bytes, as described in hashAlgorithm, then the protobuf
// message either is not AuthContainer type, or is corrupted. Otherwise, the
// receiver may not have the sender's signing certificate.
org.lfedge.eve.common.HashAlgorithm algo = 2; // hash algorithm used by sender Cert
bytes senderCertHash = 3; // N bytes in length, 1st N bytes of sender siging cert sha256 hash
bytes signatureHash = 4; // signature of the sha256 hash of the payload
bytes senderCert = 5; // full senderCert needed for some payloads
org.lfedge.eve.common.CipherContext cipherContext = 6; // context for decrypting payload if defined
org.lfedge.eve.common.CipherBlock cipherData = 7; // encrypted payload if defined
}