| commit | 8c26c48b4fa08edc969b3fbc8b0ace848a6ace88 | [log] [tgz] |
|---|---|---|
| author | Gregor Schwarz <gschwarz@google.com> | Fri Jun 28 20:10:41 2024 |
| committer | Copybara-Service <copybara-worker@google.com> | Fri Jun 28 20:13:07 2024 |
| tree | c4d24ee85fa674a139b28191b203854063fc0fa4 | |
| parent | 0d9a71b48619e341b171676eac7b2f99b27aaea8 [diff] |
CertProv: Add SignatureAlgorithm to ProofOfPossessionInstruction proto Currently, there is only a single signature implemented and Client devices assume that this signature algorithm will be used. This behavior can cause problems when new signature algorithms are added in the future for which the client should perform different hashing and signing operations. By adding the `SignatureAlgorithm` enum to the `ProofOfPossessionInstruction` the Client is explicitly made aware of which signature algorithm the server-side code expects it to use, giving it the possibility to fail if the server-side intends to use a signature algorithm which the Client does not support. Bug: b:348346219 Change-Id: Id180a6968e5c01cb9b79d4454d4e90c876dc6191 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5662304 Auto-Submit: Gregor Schwarz <gschwarz@google.com> Reviewed-by: Michael Ershov <miersh@google.com> Reviewed-by: Sergey Poromov <poromov@chromium.org> Commit-Queue: Sergey Poromov <poromov@chromium.org> Cr-Commit-Position: refs/heads/main@{#1321158} NOKEYCHECK=True GitOrigin-RevId: 7b2039de9669f6901b70c88e621c3973381ce731
This directory contains proto definitions for communication with the device management server.
There are two protocol buffers defining the messages for user policies - chrome_settings.proto and cloud_policy.proto. Both files are auto-generated by the generate_policy_source.py script from policy_templates.json, which in turn is auto-generated from the individual policy yaml files in policy_definitions. This is all done as part of building Chrome.
The reason there are two files is a compromise between readability and performance.
chrome_settings.proto
This file lists all non-device policies including comments containing their detailed descriptions. Additionally every policy in this file has a distinct message type. For example, this is the message for the HomepageLocation policy:
message HomepageLocationProto {
optional PolicyOptions policy_options = 1;
optional string HomepageLocation = 2;
}
cloud_policy.proto
This file is generated for each target platform and it therefore contains only the policy messages that a certain platform supports. Additionally each field uses a generic type defined in policy_common_definitions.proto. For example this is the message for any string policy:
message StringPolicyProto {
optional PolicyOptions policy_options = 1;
optional string value = 2;
}
The client code for each platform uses the more compact cloud_policy.proto to parse the policy blobs it receives from the device management server. On the other hand, the device management server needs to know of all the policies that exist for all the platforms, therefore chrome_settings.proto is what the server code uses.
The two files are compatible and when the messages are serialized their binary content is equivalent. CloudPolicyProtoTest.VerifyProtobufEquivalence browser test makes sure that no regressions are introduced here.