• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2019 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package aftl;
18option go_package = "proto";
19
20import "trillian.proto";
21import "crypto/sigpb/sigpb.proto";
22import "google/protobuf/timestamp.proto";
23
24// These messages are used both by the frontend API and the Trillian log.
25message FirmwareInfo {
26  // This is the SHA256 hash of vbmeta.
27  bytes vbmeta_hash = 1;
28
29  // Subcomponent of the build fingerprint as defined at
30  // https://source.android.com/compatibility/android-cdd#3_2_2_build_parameters.
31  // For example, a Pixel device with the following build fingerprint
32  // google/crosshatch/crosshatch:9/PQ3A.190605.003/5524043:user/release-keys,
33  // would have 5524043 for the version incremental.
34  string version_incremental = 2;
35
36  // Public key of the platform. This is the same key used to sign the vbmeta.
37  bytes platform_key = 3;
38
39  // SHA256 of the manufacturer public key (DER-encoded, x509
40  // subjectPublicKeyInfo format). The public key MUST already be in the list
41  // of root keys known and trusted by the AFTL.
42  // Internal: This field is required to be able to identify which manufacturer
43  // this request is coming from.
44  bytes manufacturer_key_hash = 4;
45
46  // Free form description field. It can be used to annotate this message with
47  // further context on the build (e.g., carrier specific build).
48  string description = 5;
49}
50
51message SignedFirmwareInfo {
52  FirmwareInfo info = 1;
53
54  // Signature of the info field, using manufacturer_pub_key.
55  // For the signature, info is first serialized to JSON. It is not
56  // expected to be able to reconstruct the info field from scratch.
57  // When verifying the inclusion proof associated with the info, it is
58  // expected that the leaf is provided.
59  sigpb.DigitallySigned info_signature = 2;
60}
61
62message FirmwareImageInfo {
63  // This is the SHA256 hash of vbmeta.
64  bytes vbmeta_hash = 1;
65
66  // SHA256 hash of the complete binary image. In case of Pixel, this would be
67  // the hash of the ZIP file that is offered for download at:
68  // https://developers.google.com/android/images
69  bytes hash = 2;
70
71  // Build fingerprint, e.g. in case of Pixel
72  // google/crosshatch/crosshatch:9/PQ3A.190605.003/5524043:user/release-keys
73  // See https://source.android.com/compatibility/android-cdd.html#3_2_2_build_parameters
74  // for the expected format of this field.
75  string build_fingerprint = 3;
76}
77
78message SignedFirmwareImageInfo {
79  FirmwareImageInfo image_info = 1;
80  sigpb.DigitallySigned image_info_signature = 2;
81}
82
83
84message InclusionProof {
85  trillian.Proof proof = 1;
86  trillian.SignedLogRoot sth = 2;
87}
88
89// Trillian-specific data types
90message Leaf {
91  int32 version = 1;
92
93  // Timestamp when the entry was added to the log.
94  google.protobuf.Timestamp timestamp = 2;
95
96  oneof value {
97    bytes vbmeta = 3;
98    FirmwareInfoAnnotation fw_info = 4;
99    FirmwareImageInfoAnnotation fw_image_info = 5;
100  }
101}
102
103message FirmwareInfoAnnotation {
104  SignedFirmwareInfo info = 1;
105}
106
107message FirmwareImageInfoAnnotation {
108  SignedFirmwareImageInfo info = 1;
109
110  // URL of the firmware image in the Cloud Storage bucket populated by AFTL.
111  string url = 2;
112}
113