// Copyright 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package aftl;
option go_package = "proto";

import "aftl.proto";

message AddFirmwareInfoRequest {
  // VBMeta structure as described in
  // https://android.googlesource.com/platform/external/avb/+/master/README.md.
  // In case of chained partitions, each VBMeta is added via a separate call.
  // The default size for gRPC payload is about 4MB. We expect vbmeta to be
  // in the order of 1kB.
  bytes vbmeta = 1;

  SignedFirmwareInfo fw_info = 2;
}

message AddFirmwareInfoResponse {
  // Inclusion proof and the leaf that was added to the log, which contains
  // information on the firmware.
  // It is required to have the complete leaf to validate the inclusion proof.
  // For on-device verification, only these first 2 fields are required to
  // validate the inclusion.
  InclusionProof fw_info_proof = 1;
  bytes          fw_info_leaf = 2;

  // Inclusion proof and leaf that was added to the log, which contains the full
  // vbmeta partition.
  // These fields are NOT required for validation but can still be recorded by a
  // vendor to prove that the complete VBMeta was submitted.
  InclusionProof vbmeta_proof = 3;
  bytes          vbmeta_leaf = 4;
}

message AddFirmwareImageRequest {

  SignedFirmwareImageInfo fw_image_info = 1;

  // Bytes of the binary images. These are not signed as their final
  // hash value is already signed in fw_image_info.hash
  // This is ignored if any of the requests origin_url is set.
  bytes image_chunk = 2;

  // Origin location of image. It is used to get a copy of the binary image
  // from another server (e.g., Google Cloud Storage).
  string origin_url = 3;
}

message AddFirmwareImageResponse {

  // Inclusion proof and leaf for the firmware image. The leaf contains the URL
  // where the image was stored.
  // It is not required for vendors to keep this information. However, this can
  // be used for their records to ensure the correctness of the log.
  InclusionProof fw_image_info_proof = 1;
  Leaf           fw_image_info_leaf = 2;
}

service AFTLog {

  // Insert a new VBMeta structure into the log.
  // This request will effectively create 2 log entries:
  //  - VBMeta itself
  //  - Vendor annotations, including a reference to the VBMeta leaf.
  rpc AddFirmwareInfo(AddFirmwareInfoRequest) returns (AddFirmwareInfoResponse) {}

  // Upload (or copy) the complete firmware image.
  rpc AddFirmwareImage(stream AddFirmwareImageRequest) returns (AddFirmwareImageResponse) {}

  // TODO GetProofByHash, GetSthConsistency, GetEntries, GetRootKeys
}