1// Copyright 2019 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4// 5// Data structures related to Cast device certificate revocation infrastructure. 6 7// This proto must be kept in sync with google3. 8 9syntax = "proto2"; 10 11package cast.certificate; 12 13option optimize_for = LITE_RUNTIME; 14 15message CrlBundle { 16 // List of supported versions of the same revocation list. 17 repeated Crl crls = 1; 18} 19 20message Crl { 21 // Octet string of serialized TbsCrl protobuf. 22 optional bytes tbs_crl = 1; 23 24 // Binary ASN.1 DER encoding of the signer's certificate. 25 optional bytes signer_cert = 2; 26 27 // Signature calculated over the contents of the tbs_crl field. Signature 28 // algorithm is implied by TbsCrl.version. 29 optional bytes signature = 3; 30} 31 32message TbsCrl { 33 // Version 0 algorithms: 34 // revoked_public_key_hashes: SHA-256 35 // SerialNumberRange.issuer_public_key_hash: SHA-256 36 // Crl.signature: RSA-PKCS1 V1.5 with SHA-256 37 optional uint64 version = 1 [default = 0]; 38 39 // Inclusive validity range of the CRL in Unix time. 40 optional uint64 not_before_seconds = 2; 41 optional uint64 not_after_seconds = 3; 42 43 // SPKI hashes of revoked credentials. Hashing algorithm is implied by 44 // TbsCrl.version. 45 repeated bytes revoked_public_key_hashes = 4; 46 47 repeated SerialNumberRange revoked_serial_number_ranges = 5; 48} 49 50message SerialNumberRange { 51 // SPKI hash of the certificate issuer. Hashing algorithm is implied by the 52 // enclosing TbsCrl.version. 53 optional bytes issuer_public_key_hash = 1; 54 55 // Inclusive range of revoked certificate serial numbers. Only certificates 56 // with positive serial numbers that fit within 64 bits can be revoked through 57 // this mechanism. 58 optional uint64 first_serial_number = 2; 59 optional uint64 last_serial_number = 3; 60} 61