1//====== Copyright Valve Corporation, All rights reserved. ==================== 2// 3// Wire format messages for Steam networking authentication structures 4// 5//============================================================================= 6syntax = "proto2"; 7 8option optimize_for = SPEED; 9 10// We don't use the service generation functionality 11option cc_generic_services = false; 12 13// Legacy binary format. Now the string format is always used, even over 14// the wire. This is a bit wasteful. But the benefit of the string format 15// is that it's must easier to make forward comaptible. So we can add new 16// identity types without updating all old clients that may possibly interact 17// with the new identity type. In many cases, the old client doesn't really 18// need to "understand" the type, and the string format actually works great. 19message CMsgSteamNetworkingIdentityLegacyBinary 20{ 21 22 // We don't use a seperate "type" field, we just use the 23 // presence of the appropriate fields. (On the wire, we 24 // really do have a type field.) 25 26 optional fixed64 steam_id = 16; 27 28 optional bytes generic_bytes = 2; 29 optional string generic_string = 3; 30 optional bytes ipv6_and_port = 4; 31}; 32 33// A public key used for crypto key exchange and identity. 34// This is basically the portion of a certificate over which 35// the signature is generated. (It is broken into a separate 36// message to make it easy to keep the exact bytes that were 37// signed intact during transport.) 38message CMsgSteamDatagramCertificate 39{ 40 enum EKeyType 41 { 42 INVALID = 0; 43 ED25519 = 1; 44 }; 45 optional EKeyType key_type = 1; 46 optional bytes key_data = 2; 47 48 // 49 // Who is allowed to use this key? This is the set of people who we assume 50 // will have access to the corresponding private key. 51 // 52 53 // Single user key? This might not be set if the key is shared! 54 optional fixed64 legacy_steam_id = 4; 55 optional CMsgSteamNetworkingIdentityLegacyBinary legacy_identity_binary = 11; 56 optional string identity_string = 12; 57 58 // Allow any server in particular data centers to use it? 59 repeated fixed32 gameserver_datacenter_ids = 5; 60 61 // 62 // Key restrictions 63 // 64 65 // Restricted time range? 66 optional fixed32 time_created = 8; 67 optional fixed32 time_expiry = 9; 68 69 // Restrict key to be used for a particular AppID(s)? 70 repeated uint32 app_ids = 10; 71}; 72 73// Certificate signed by a certificate authority. 74message CMsgSteamDatagramCertificateSigned 75{ 76 // The public key associated with my identity. This is a longer standing key 77 // that can be used for multiple connections. It's a serialized 78 // version of CMsgSteamDatagramCertificate, but because the signature 79 // is based on a particular serialization of that message, we keep the 80 // original serialization here. 81 optional bytes cert = 4; 82 83 /// The key that was used by the certificate authority to sign 84 /// my public key. This might be empty if the key is unsigned. 85 // (It's up to the endpoint to decide if they want to accept that 86 // or not.) 87 optional fixed64 ca_key_id = 5; 88 89 /// Signature over the certificate, using the key identified 90 /// by ca_key_id. 91 optional bytes ca_signature = 6; 92 93 /// In a few instances, we want to use the same message to include the private 94 /// key and the corresponding cert. Most of the time this field should not be 95 /// present! 96 optional bytes private_key_data = 1; 97} 98 99// A request by a client to a CA to issue a cert. 100message CMsgSteamDatagramCertificateRequest 101{ 102 // An unsigned cert. The requestor will populate the fields 103 // appropriate to the request. (Who do you thin you are, 104 // what app(s) would you like access for, etc) Most importantly, 105 // the caller must fill in the public key they want to use 106 optional CMsgSteamDatagramCertificate cert = 1; 107} 108 109// Do not remove this comment due to a bug on the Mac OS X protobuf compiler 110 111