145 lines
3.5 KiB
Protocol Buffer
145 lines
3.5 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package arbiter.user_agent;
|
|
|
|
import "google/protobuf/empty.proto";
|
|
import "evm.proto";
|
|
|
|
enum KeyType {
|
|
KEY_TYPE_UNSPECIFIED = 0;
|
|
KEY_TYPE_ED25519 = 1;
|
|
KEY_TYPE_ECDSA_SECP256K1 = 2;
|
|
KEY_TYPE_RSA = 3;
|
|
}
|
|
|
|
// --- SDK client management ---
|
|
|
|
enum SdkClientError {
|
|
SDK_CLIENT_ERROR_UNSPECIFIED = 0;
|
|
SDK_CLIENT_ERROR_ALREADY_EXISTS = 1;
|
|
SDK_CLIENT_ERROR_NOT_FOUND = 2;
|
|
SDK_CLIENT_ERROR_HAS_RELATED_DATA = 3; // hard-delete blocked by FK (client has grants or transaction logs)
|
|
SDK_CLIENT_ERROR_INTERNAL = 4;
|
|
}
|
|
|
|
message SdkClientApproveRequest {
|
|
bytes pubkey = 1; // 32-byte ed25519 public key
|
|
}
|
|
|
|
message SdkClientRevokeRequest {
|
|
int32 client_id = 1;
|
|
}
|
|
|
|
message SdkClientEntry {
|
|
int32 id = 1;
|
|
bytes pubkey = 2;
|
|
int32 created_at = 3;
|
|
}
|
|
|
|
message SdkClientList {
|
|
repeated SdkClientEntry clients = 1;
|
|
}
|
|
|
|
message SdkClientApproveResponse {
|
|
oneof result {
|
|
SdkClientEntry client = 1;
|
|
SdkClientError error = 2;
|
|
}
|
|
}
|
|
|
|
message SdkClientRevokeResponse {
|
|
oneof result {
|
|
google.protobuf.Empty ok = 1;
|
|
SdkClientError error = 2;
|
|
}
|
|
}
|
|
|
|
message SdkClientListResponse {
|
|
oneof result {
|
|
SdkClientList clients = 1;
|
|
SdkClientError error = 2;
|
|
}
|
|
}
|
|
|
|
message AuthChallengeRequest {
|
|
bytes pubkey = 1;
|
|
optional string bootstrap_token = 2;
|
|
KeyType key_type = 3;
|
|
}
|
|
|
|
message AuthChallenge {
|
|
bytes pubkey = 1;
|
|
int32 nonce = 2;
|
|
}
|
|
|
|
message AuthChallengeSolution {
|
|
bytes signature = 1;
|
|
}
|
|
|
|
message AuthOk {}
|
|
|
|
message UnsealStart {
|
|
bytes client_pubkey = 1;
|
|
}
|
|
|
|
message UnsealStartResponse {
|
|
bytes server_pubkey = 1;
|
|
}
|
|
message UnsealEncryptedKey {
|
|
bytes nonce = 1;
|
|
bytes ciphertext = 2;
|
|
bytes associated_data = 3;
|
|
}
|
|
|
|
enum UnsealResult {
|
|
UNSEAL_RESULT_UNSPECIFIED = 0;
|
|
UNSEAL_RESULT_SUCCESS = 1;
|
|
UNSEAL_RESULT_INVALID_KEY = 2;
|
|
UNSEAL_RESULT_UNBOOTSTRAPPED = 3;
|
|
}
|
|
|
|
enum VaultState {
|
|
VAULT_STATE_UNSPECIFIED = 0;
|
|
VAULT_STATE_UNBOOTSTRAPPED = 1;
|
|
VAULT_STATE_SEALED = 2;
|
|
VAULT_STATE_UNSEALED = 3;
|
|
VAULT_STATE_ERROR = 4;
|
|
}
|
|
|
|
message UserAgentRequest {
|
|
oneof payload {
|
|
AuthChallengeRequest auth_challenge_request = 1;
|
|
AuthChallengeSolution auth_challenge_solution = 2;
|
|
UnsealStart unseal_start = 3;
|
|
UnsealEncryptedKey unseal_encrypted_key = 4;
|
|
google.protobuf.Empty query_vault_state = 5;
|
|
google.protobuf.Empty evm_wallet_create = 6;
|
|
google.protobuf.Empty evm_wallet_list = 7;
|
|
arbiter.evm.EvmGrantCreateRequest evm_grant_create = 8;
|
|
arbiter.evm.EvmGrantDeleteRequest evm_grant_delete = 9;
|
|
arbiter.evm.EvmGrantListRequest evm_grant_list = 10;
|
|
// field 11 reserved: was client_connection_response (online approval removed)
|
|
SdkClientApproveRequest sdk_client_approve = 12;
|
|
SdkClientRevokeRequest sdk_client_revoke = 13;
|
|
google.protobuf.Empty sdk_client_list = 14;
|
|
}
|
|
}
|
|
message UserAgentResponse {
|
|
oneof payload {
|
|
AuthChallenge auth_challenge = 1;
|
|
AuthOk auth_ok = 2;
|
|
UnsealStartResponse unseal_start_response = 3;
|
|
UnsealResult unseal_result = 4;
|
|
VaultState vault_state = 5;
|
|
arbiter.evm.WalletCreateResponse evm_wallet_create = 6;
|
|
arbiter.evm.WalletListResponse evm_wallet_list = 7;
|
|
arbiter.evm.EvmGrantCreateResponse evm_grant_create = 8;
|
|
arbiter.evm.EvmGrantDeleteResponse evm_grant_delete = 9;
|
|
arbiter.evm.EvmGrantListResponse evm_grant_list = 10;
|
|
// fields 11, 12 reserved: were client_connection_request, client_connection_cancel (online approval removed)
|
|
SdkClientApproveResponse sdk_client_approve = 13;
|
|
SdkClientRevokeResponse sdk_client_revoke = 14;
|
|
SdkClientListResponse sdk_client_list = 15;
|
|
}
|
|
}
|