Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Presence] Generate identity token hmac keys for V1 advertisement sections #2476

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

[Presence] Generate identity token hmac keys for V1 advertisement sections #2476

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 12 additions & 3 deletions internal/proto/credential.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ enum CredentialType {
// The shared credential is derived from local credential, and distributed to
// remote devices based on the trust token for identity decryption and
// authentication.
// NEXT_ID=18
// NEXT_ID=19
// LINT.IfChange(SharedCredential)
message SharedCredential {
// The randomly generated unique id of the public credential.
Expand Down Expand Up @@ -92,8 +92,9 @@ message SharedCredential {
// metadata_encryption_key.
bytes encrypted_metadata_bytes_v1 = 12;

// The tag for verifying metadata_encryption_key for an unsigned V1 adv.
bytes metadata_encryption_key_unsigned_adv_tag_v1 = 13;
// The HMAC of the plaintext identity token included (in encrypted form) in an
// unsigned, short salt, V1 advertisement.
bytes identity_token_short_salt_adv_hmac_key_v1 = 13;

// The randomly generated positive unique id of the shared credential.
int64 id = 14;
Expand All @@ -105,5 +106,13 @@ message SharedCredential {
// Signature algorithm version. Used to determine which algorithm to use to
// verify incoming signatures.
string signature_version = 16;

// The HMAC of the plaintext identity token included (in encrypted form) in an
// unsigned, extended salt, V1 advertisement.
bytes identity_token_extended_salt_adv_hmac_key_v1 = 17;

// The HMAC of the plaintext identity token included (in encrypted form) in a
// signed V1 advertisement.
bytes identity_token_signed_adv_hmac_key_v1 = 18;
}
// LINT.ThenChange(//depot/google3/google/internal/location/nearby/presence/v1/nearby_resources.proto:SharedCredential)
6 changes: 4 additions & 2 deletions internal/proto/local_credential.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,10 @@ message LocalCredential {
// The set of 2-byte salts already used to encrypt the metadata key.
map<uint32, bool> consumed_salts = 9;

// The 16 bytes aes key to encrypt metadata in PublicCredential.
bytes metadata_encryption_key_v1 = 10;
// 16 bytes of crypto-grade random data that the credential's identity
// provider can use to encrypt metadata in a DiscoveryCredential
// (SharedCredential).
bytes identity_token_v1 = 10;

// The positive unique id of (and hashed based on) a pair of Secret Key and
// X509Certificate's public key.
Expand Down
Loading