generated from TrueCloudLab/basic
44 lines
1.7 KiB
Protocol Buffer
44 lines
1.7 KiB
Protocol Buffer
edition = "2023";
|
|
|
|
package mfa;
|
|
|
|
option go_package = "/mfa";
|
|
|
|
// Unlocker is a message that contains encrypted key which has been used during
|
|
// encryption of 'Secrets' message in 'EncryptedSecrets' field of MFABox.
|
|
message Unlocker {
|
|
// PublicKeys is 33-byte ECDSA P-256 curve public key which identifies
|
|
// unlocker who can decrypt 'Secrets'.
|
|
bytes PublicKey = 1 [json_name = "publicKey"];
|
|
|
|
// EncryptedSecretsKey is a binary encoded encryption key of MFA Secrets,
|
|
// encrypted by ChaCha20-Poly1305 AEAD algorithm.
|
|
bytes EncryptedSecretsKey = 2 [json_name = "encryptedSecretsKey"];
|
|
|
|
// Salt for HKDF function to derive key for encryption of 'EncryptedSecreteKey'.
|
|
bytes Salt = 3 [json_name = "salt"];
|
|
}
|
|
|
|
message MFABox {
|
|
// Unlockers are the set of messages contain key that has been used
|
|
// to encrypt 'Secrets' message in 'EncrytedSecrets' field.
|
|
repeated Unlocker Unlockers = 1 [json_name = "unlockers"];
|
|
|
|
// ECDHPublicKey is 33-byte ECDSA P-256 curve key to derive
|
|
// unique encryption keys for every unlocker with ECDH algorithm
|
|
bytes ECDHPublicKey = 2 [json_name = "ecdhPublicKey"];
|
|
|
|
// EncryptedSecrets is a binary encoded 'Secrets' message, encrypted by
|
|
// ChaCha20-Poly1305 AEAD algorithm.
|
|
bytes EncryptedSecrets = 3 [json_name = "encryptedSecrets"];
|
|
|
|
// Salt for HKDF function to derive key for encryption of 'EncryptedSecrets'.
|
|
bytes Salt = 4 [json_name = "salt"];
|
|
}
|
|
|
|
// Secrets is a message that contains private data about MFA Device
|
|
message Secrets {
|
|
// MFAURL is a seed for virtual authenticator device.
|
|
// Format is described in https://github.com/google/google-authenticator/wiki/Key-Uri-Format
|
|
string MFAURL = 2 [json_name = "mfaURL"];
|
|
}
|