1// Copyright 2019 The Chromium OS Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5syntax = "proto3"; 6option optimize_for = LITE_RUNTIME; 7 8package u2f; 9 10// UserNotification signal payload. 11message UserNotification { 12 enum EventType { 13 // This event is periodically sent when confirming physical presence is 14 // required for the integrated U2F device. In response, the UI should 15 // start/continue showing the 'touch powerbutton' user prompt. 16 TOUCH_NEEDED = 0; 17 } 18 EventType event_type = 1; 19} 20 21enum VerificationType { 22 VERIFICATION_UNKNOWN = 0; 23 VERIFICATION_USER_PRESENCE = 1; 24 VERIFICATION_USER_VERIFICATION = 2; 25} 26 27message MakeCredentialRequest { 28 VerificationType verification_type = 1; 29 // String representing a valid domain name. 30 string rp_id = 2; 31 // Whether to store as a resident credential. Currently not implemented. 32 bool resident_credential = 3; 33 // Resident credentials not implemented yet; this field will be ignored. 34 bytes user_entity = 4; 35} 36 37message MakeCredentialResponse { 38 enum MakeCredentialStatus { 39 UNKNOWN = 0; 40 SUCCESS = 1; 41 VERIFICATION_FAILED = 2; 42 VERIFICATION_TIMEOUT = 3; 43 INVALID_REQUEST = 4; 44 INTERNAL_ERROR = 5; 45 } 46 47 MakeCredentialStatus status = 1; 48 49 // Attestation object for newly created credential. 50 // 51 // See https://www.w3.org/TR/webauthn/#attestation-object for details 52 // on the format of these fields. 53 // 54 // Note that currently only 'none' attestation is supported. 55 56 // Includes the newly created credential ID and public key. 57 bytes authenticator_data = 2; 58 59 // Use of 'none' attestation means these fields always have values of "none" 60 // and "\xa0" respectively. 61 string attestation_format = 3; 62 bytes attestation_statement = 4; 63} 64 65message GetAssertionRequest { 66 VerificationType verification_type = 1; 67 // String representing a valid domain name. 68 string rp_id = 2; 69 // SHA-256 hash of client data. 70 bytes client_data_hash = 3; 71 // Currently must not be empty; resident credentials not implemented yet. 72 repeated bytes allowed_credential_id = 4; 73} 74 75message Assertion { 76 bytes credential_id = 1; 77 bytes authenticator_data = 2; 78 bytes signature = 3; 79 // Resident credentials not imlemented yet; this field is always empty. 80 bytes user_entity = 4; 81} 82 83message GetAssertionResponse { 84 enum GetAssertionStatus { 85 UNKNOWN = 0; 86 SUCCESS = 1; 87 VERIFICATION_FAILED = 2; 88 VERIFICATION_TIMEOUT = 3; 89 INVALID_REQUEST = 4; 90 INTERNAL_ERROR = 5; 91 } 92 93 GetAssertionStatus status = 1; 94 repeated Assertion assertion = 2; 95} 96 97// Check whether the specified |credential_id|s are valid given |rp_id|. Invalid 98// credentials will not be present in the response. If no |credential_id|s are 99// specified, returns any resident credentials for |rp_id|. 100message HasCredentialsRequest { 101 // String representing a valid domain name. 102 string rp_id = 1; 103 repeated bytes credential_id = 2; 104} 105 106message HasCredentialsResponse { 107 // Valid or resident credentials for the specified rp_id. 108 repeated bytes credential_id = 1; 109} 110