// Copyright 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package aftl;
option go_package = "proto";

import "trillian.proto";
import "crypto/sigpb/sigpb.proto";
import "google/protobuf/timestamp.proto";

// These messages are used both by the frontend API and the Trillian log.
message FirmwareInfo {
  // This is the SHA256 hash of vbmeta.
  bytes vbmeta_hash = 1;

  // Subcomponent of the build fingerprint as defined at
  // https://source.android.com/compatibility/android-cdd#3_2_2_build_parameters.
  // For example, a Pixel device with the following build fingerprint
  // google/crosshatch/crosshatch:9/PQ3A.190605.003/5524043:user/release-keys,
  // would have 5524043 for the version incremental.
  string version_incremental = 2;

  // Public key of the platform. This is the same key used to sign the vbmeta.
  bytes platform_key = 3;

  // SHA256 of the manufacturer public key (DER-encoded, x509
  // subjectPublicKeyInfo format). The public key MUST already be in the list
  // of root keys known and trusted by the AFTL.
  // Internal: This field is required to be able to identify which manufacturer
  // this request is coming from.
  bytes manufacturer_key_hash = 4;

  // Free form description field. It can be used to annotate this message with
  // further context on the build (e.g., carrier specific build).
  string description = 5;
}

message SignedFirmwareInfo {
  FirmwareInfo info = 1;

  // Signature of the info field, using manufacturer_pub_key.
  // For the signature, info is first serialized to JSON. It is not
  // expected to be able to reconstruct the info field from scratch.
  // When verifying the inclusion proof associated with the info, it is
  // expected that the leaf is provided.
  sigpb.DigitallySigned info_signature = 2;
}

message FirmwareImageInfo {
  // This is the SHA256 hash of vbmeta.
  bytes vbmeta_hash = 1;

  // SHA256 hash of the complete binary image. In case of Pixel, this would be
  // the hash of the ZIP file that is offered for download at:
  // https://developers.google.com/android/images
  bytes hash = 2;

  // Build fingerprint, e.g. in case of Pixel
  // google/crosshatch/crosshatch:9/PQ3A.190605.003/5524043:user/release-keys
  // See https://source.android.com/compatibility/android-cdd.html#3_2_2_build_parameters
  // for the expected format of this field.
  string build_fingerprint = 3;
}

message SignedFirmwareImageInfo {
  FirmwareImageInfo image_info = 1;
  sigpb.DigitallySigned image_info_signature = 2;
}


message InclusionProof {
  trillian.Proof proof = 1;
  trillian.SignedLogRoot sth = 2;
}

// Trillian-specific data types
message Leaf {
  int32 version = 1;

  // Timestamp when the entry was added to the log.
  google.protobuf.Timestamp timestamp = 2;

  oneof value {
    bytes vbmeta = 3;
    FirmwareInfoAnnotation fw_info = 4;
    FirmwareImageInfoAnnotation fw_image_info = 5;
  }
}

message FirmwareInfoAnnotation {
  SignedFirmwareInfo info = 1;
}

message FirmwareImageInfoAnnotation {
  SignedFirmwareImageInfo info = 1;

  // URL of the firmware image in the Cloud Storage bucket populated by AFTL.
  string url = 2;
}