Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-02-15 12:05:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Convert service protos to line comments

Browse Source
This commit is contained in:
Ravi Khadiwala
2026-01-23 12:02:13 -06:00
committed by ravi-signal
parent 5b1d4ce95e
commit 7e7bef32cc
12 changed files with 828 additions and 1511 deletions
Download Patch File Download Diff File Expand all files Collapse all files

244
service/src/main/proto/org/signal/chat/account.proto
View File

@@ -7,103 +7,69 @@ package org.signal.chat.account;
import "org/signal/chat/common.proto";
import "org/signal/chat/errors.proto";
/**
* Provides methods for working with Signal accounts.
*/
// Provides methods for working with Signal accounts.
service Accounts {
/**
* Returns basic identifiers for the authenticated account.
*/
// Returns basic identifiers for the authenticated account.
rpc GetAccountIdentity(GetAccountIdentityRequest) returns (GetAccountIdentityResponse) {}
/**
* Deletes the authenticated account, purging all associated data in the
* process.
*/
// Deletes the authenticated account, purging all associated data in the
// process.
rpc DeleteAccount(DeleteAccountRequest) returns (DeleteAccountResponse) {}
/**
* Sets the registration lock secret for the authenticated account. To remove
* a registration lock, please use `ClearRegistrationLock`.
*/
// Sets the registration lock secret for the authenticated account. To remove
// a registration lock, please use `ClearRegistrationLock`.
rpc SetRegistrationLock(SetRegistrationLockRequest) returns (SetRegistrationLockResponse) {}
/**
* Removes any registration lock credentials from the authenticated account.
*/
// Removes any registration lock credentials from the authenticated account.
rpc ClearRegistrationLock(ClearRegistrationLockRequest) returns (ClearRegistrationLockResponse) {}
/**
* Attempts to reserve one of multiple given username hashes. Reserved
* usernames may be claimed later via `ConfirmUsernameHash`.
*/
// Attempts to reserve one of multiple given username hashes. Reserved
// usernames may be claimed later via `ConfirmUsernameHash`.
rpc ReserveUsernameHash(ReserveUsernameHashRequest) returns (ReserveUsernameHashResponse) {}
/**
* Sets the username hash/encrypted username to a previously-reserved value
* (see `ReserveUsernameHash`).
*/
// Sets the username hash/encrypted username to a previously-reserved value
// (see `ReserveUsernameHash`).
rpc ConfirmUsernameHash(ConfirmUsernameHashRequest) returns (ConfirmUsernameHashResponse) {}
/**
* Clears the current username hash, ciphertext, and link for the
* authenticated user.
*/
// Clears the current username hash, ciphertext, and link for the
// authenticated user.
rpc DeleteUsernameHash(DeleteUsernameHashRequest) returns (DeleteUsernameHashResponse) {}
/**
* Associates the given username ciphertext with the account, replacing any
* previously stored ciphertext. A new link handle will optionally be created,
* and the link handle to use will be returned in any event.
*/
// Associates the given username ciphertext with the account, replacing any
// previously stored ciphertext. A new link handle will optionally be created,
// and the link handle to use will be returned in any event.
rpc SetUsernameLink(SetUsernameLinkRequest) returns (SetUsernameLinkResponse) {}
/**
* Clears any username link associated with the authenticated account.
*/
// Clears any username link associated with the authenticated account.
rpc DeleteUsernameLink(DeleteUsernameLinkRequest) returns (DeleteUsernameLinkResponse) {}
/**
* Configures "unidentified access" keys and preferences for the authenticated
* account. Other users permitted to interact with this account anonymously
* may take actions like fetching pre-keys and profiles for this account or
* sending sealed-sender messages without providing identifying credentials.
*/
// Configures "unidentified access" keys and preferences for the authenticated
// account. Other users permitted to interact with this account anonymously
// may take actions like fetching pre-keys and profiles for this account or
// sending sealed-sender messages without providing identifying credentials.
rpc ConfigureUnidentifiedAccess(ConfigureUnidentifiedAccessRequest) returns (ConfigureUnidentifiedAccessResponse) {}
/**
* Sets whether the authenticated account may be discovered by phone number
* via the Contact Discovery Service (CDS).
*/
// Sets whether the authenticated account may be discovered by phone number
// via the Contact Discovery Service (CDS).
rpc SetDiscoverableByPhoneNumber(SetDiscoverableByPhoneNumberRequest) returns (SetDiscoverableByPhoneNumberResponse) {}
/**
* Sets the registration recovery password for the authenticated account.
*/
// Sets the registration recovery password for the authenticated account.
rpc SetRegistrationRecoveryPassword(SetRegistrationRecoveryPasswordRequest) returns (SetRegistrationRecoveryPasswordResponse) {}
}
/**
* Provides methods for looking up Signal accounts. Callers must not provide
* identifying credentials when calling methods in this service.
*/
// Provides methods for looking up Signal accounts. Callers must not provide
// identifying credentials when calling methods in this service.
service AccountsAnonymous {
/**
* Checks whether an account with the given service identifier exists.
*/
// Checks whether an account with the given service identifier exists.
rpc CheckAccountExistence(CheckAccountExistenceRequest) returns (CheckAccountExistenceResponse) {}
/**
* Finds the service identifier of the account associated with the given
* username hash.
*/
// Finds the service identifier of the account associated with the given
// username hash.
rpc LookupUsernameHash(LookupUsernameHashRequest) returns (LookupUsernameHashResponse) {}
/**
* Finds the encrypted username identified by a given username link handle.
* This method will return a `NOT_FOUND` status if no username was found for
* the given link handle.
*/
// Finds the encrypted username identified by a given username link handle.
// This method will return a `NOT_FOUND` status if no username was found for
// the given link handle.
rpc LookupUsernameLink(LookupUsernameLinkRequest) returns (LookupUsernameLinkResponse) {}
}
@@ -111,9 +77,7 @@ message GetAccountIdentityRequest {
}
message GetAccountIdentityResponse {
/**
* A set of account identifiers for the authenticated account.
*/
// A set of account identifiers for the authenticated account.
common.AccountIdentifiers account_identifiers = 1;
}
@@ -124,9 +88,7 @@ message DeleteAccountResponse {
}
message SetRegistrationLockRequest {
/**
* The new registration lock secret for the authenticated account.
*/
// The new registration lock secret for the authenticated account.
bytes registration_lock = 1;
}
@@ -140,9 +102,7 @@ message ClearRegistrationLockResponse {
}
message ReserveUsernameHashRequest {
/**
* A prioritized list of username hashes to attempt to reserve.
*/
// A prioritized list of username hashes to attempt to reserve.
repeated bytes username_hashes = 1;
}
@@ -150,66 +110,46 @@ message UsernameNotAvailable {}
message ReserveUsernameHashResponse {
oneof response {
/**
* The first username hash that was available (and actually reserved).
*/
// The first username hash that was available (and actually reserved).
bytes username_hash = 1;
/**
* Indicates that, of all of the candidate hashes provided, none were
* available. Callers may generate a new set of hashes and and retry.
*/
// Indicates that, of all of the candidate hashes provided, none were
// available. Callers may generate a new set of hashes and and retry.
UsernameNotAvailable username_not_available = 2;
}
}
message ConfirmUsernameHashRequest {
/**
* The username hash to claim for the authenticated account.
*/
// The username hash to claim for the authenticated account.
bytes username_hash = 1;
/**
* A zero-knowledge proof that the given username hash was generated by the
* Signal username algorithm.
*/
// A zero-knowledge proof that the given username hash was generated by the
// Signal username algorithm.
bytes zk_proof = 2;
/**
* The ciphertext of the chosen username for use in public-facing contexts
* (e.g. links and QR codes).
*/
// The ciphertext of the chosen username for use in public-facing contexts
// (e.g. links and QR codes).
bytes username_ciphertext = 3;
}
message ConfirmUsernameHashResponse {
message ConfirmedUsernameHash {
/**
* The newly-confirmed username hash.
*/
// The newly-confirmed username hash.
bytes username_hash = 1;
/**
* The server-generated username link handle for the newly-confirmed username.
*/
// The server-generated username link handle for the newly-confirmed username.
bytes username_link_handle = 2;
}
oneof response {
/**
* The details of the successfully confirmed username.
*/
// The details of the successfully confirmed username.
ConfirmedUsernameHash confirmed_username_hash = 1;
/**
* The provided hash was not reserved for the account.
*/
// The provided hash was not reserved for the account.
errors.FailedPrecondition reservation_not_found = 2;
/**
* The reservation has lapsed and the requested username has been claimed by
* another caller.
*/
// The reservation has lapsed and the requested username has been claimed by
// another caller.
UsernameNotAvailable username_not_available = 3;
}
}
@@ -221,30 +161,22 @@ message DeleteUsernameHashResponse {
}
message SetUsernameLinkRequest {
/**
* The username ciphertext for which to generate a new link handle.
*/
// The username ciphertext for which to generate a new link handle.
bytes username_ciphertext = 1;
/**
* If true and the account already had an encrypted username stored, the
* existing link handle will be reused. Otherwise a new link handle will be
* created.
*/
// If true and the account already had an encrypted username stored, the
// existing link handle will be reused. Otherwise a new link handle will be
// created.
bool keep_link_handle = 2;
}
message SetUsernameLinkResponse {
oneof response {
/**
* A new link handle for the given username ciphertext.
*/
// A new link handle for the given username ciphertext.
bytes username_link_handle = 1;
/**
* The authenticated account did not have a username set.
*/
// The authenticated account did not have a username set.
errors.FailedPrecondition no_username_set = 2;
}
@@ -257,19 +189,15 @@ message DeleteUsernameLinkResponse {
}
message ConfigureUnidentifiedAccessRequest {
/**
* The key that other users must provide to interact with this account
* anonymously (i.e. to retrieve keys or profiles or to send messages) unless
* unrestricted unidentified access is permitted. Must be present if
* unrestricted unidentified access is not allowed.
*/
// The key that other users must provide to interact with this account
// anonymously (i.e. to retrieve keys or profiles or to send messages) unless
// unrestricted unidentified access is permitted. Must be present if
// unrestricted unidentified access is not allowed.
bytes unidentified_access_key = 1;
/**
* If `true`, any user may interact with this account anonymously without
* providing an unidentified access key. Otherwise, users must provide the
* given unidentified access key to interact with this account anonymously.
*/
// If `true`, any user may interact with this account anonymously without
// providing an unidentified access key. Otherwise, users must provide the
// given unidentified access key to interact with this account anonymously.
bool allow_unrestricted_unidentified_access = 2;
}
@@ -277,11 +205,9 @@ message ConfigureUnidentifiedAccessResponse {
}
message SetDiscoverableByPhoneNumberRequest {
/**
* If true, the authenticated account may be discovered by phone number via
* the Contact Discovery Service (CDS). Otherwise, other users must discover
* this account by other means (i.e. by username).
*/
// If true, the authenticated account may be discovered by phone number via
// the Contact Discovery Service (CDS). Otherwise, other users must discover
// this account by other means (i.e. by username).
bool discoverable_by_phone_number = 1;
}
@@ -289,9 +215,7 @@ message SetDiscoverableByPhoneNumberResponse {
}
message SetRegistrationRecoveryPasswordRequest {
/**
* The new registration recovery password for the authenticated account.
*/
// The new registration recovery password for the authenticated account.
bytes registration_recovery_password = 1;
}
@@ -299,60 +223,44 @@ message SetRegistrationRecoveryPasswordResponse {
}
message CheckAccountExistenceRequest {
/**
* The service identifier of an account that may or may not exist.
*/
// The service identifier of an account that may or may not exist.
common.ServiceIdentifier service_identifier = 1;
}
message CheckAccountExistenceResponse {
/**
* True if an account exists with the given service identifier or false if no
* account was found.
*/
// True if an account exists with the given service identifier or false if no
// account was found.
bool account_exists = 1;
}
message LookupUsernameHashRequest {
/**
* A 32-byte username hash for which to find an account.
*/
// A 32-byte username hash for which to find an account.
bytes username_hash = 1;
}
message LookupUsernameHashResponse {
oneof response {
/**
* The service identifier associated with the provided username hash.
*/
// The service identifier associated with the provided username hash.
common.ServiceIdentifier service_identifier = 1;
/**
* No account was found for the provided username hash.
*/
// No account was found for the provided username hash.
errors.NotFound not_found = 2;
}
}
message LookupUsernameLinkRequest {
/**
* The link handle for which to find an encrypted username. Link handles are
* 16-byte representations of UUIDs.
*/
// The link handle for which to find an encrypted username. Link handles are
// 16-byte representations of UUIDs.
bytes username_link_handle = 1;
}
message LookupUsernameLinkResponse {
oneof response {
/**
* The ciphertext of the username identified by the provided link handle.
*/
// The ciphertext of the username identified by the provided link handle.
bytes username_ciphertext = 1;
/**
* No username was found for the provided link handle.
*/
// No username was found for the provided link handle.
errors.NotFound not_found = 2;
}
}

588
service/src/main/proto/org/signal/chat/backups.proto
View File

@@ -15,76 +15,63 @@ import "org/signal/chat/errors.proto";
import "org/signal/chat/require.proto";
import "org/signal/chat/tag.proto";
/**
* Service for backup operations that require account authentication.
*
* Most actual backup operations operate on the backup-id and cannot be linked
* to the caller's account, but setting up anonymous credentials and changing
* backup tier requires account authentication.
*/
// Service for backup operations that require account authentication.
//
// Most actual backup operations operate on the backup-id and cannot be linked
// to the caller's account, but setting up anonymous credentials and changing
// backup tier requires account authentication.
service Backups {
option (require.auth) = AUTH_ONLY_AUTHENTICATED;
/**
* Set (blinded) backup-id(s) for the account.
*
* Each account may have a single active backup-id for each credential type
* that can be used to store and retrieve backups. Once the backup-id is set,
* BackupAuthCredentials can be generated using GetBackupAuthCredentials.
*
* The blinded backup-id and the key-pair used to blind it must be derived
* from a recoverable secret.
*
* At least one of the credential types must be set on the request.
* Only the primary device can set a blinded backup-id.
*/
// Set (blinded) backup-id(s) for the account.
//
// Each account may have a single active backup-id for each credential type
// that can be used to store and retrieve backups. Once the backup-id is set,
// BackupAuthCredentials can be generated using GetBackupAuthCredentials.
//
// The blinded backup-id and the key-pair used to blind it must be derived
// from a recoverable secret.
//
// At least one of the credential types must be set on the request.
// Only the primary device can set a blinded backup-id.
rpc SetBackupId(SetBackupIdRequest) returns (SetBackupIdResponse) {}
/**
* Redeem a receipt acquired from /v1/subscription/{subscriberId}/receipt_credentials
* to mark the account as eligible for the paid backup tier.
*
* After successful redemption, subsequent requests to
* GetBackupAuthCredentials will return credentials with the level on the
* provided receipt until the expiration time on the receipt.
*/
// Redeem a receipt acquired from /v1/subscription/{subscriberId}/receipt_credentials
// to mark the account as eligible for the paid backup tier.
//
// After successful redemption, subsequent requests to
// GetBackupAuthCredentials will return credentials with the level on the
// provided receipt until the expiration time on the receipt.
rpc RedeemReceipt(RedeemReceiptRequest) returns (RedeemReceiptResponse) {}
/**
* After setting a blinded backup-id with PUT /v1/archives/, this fetches
* credentials that can be used to perform operations against that backup-id.
* Clients may (and should) request up to 7 days of credentials at a time.
*
* The redemption_start and redemption_end seconds must be UTC day aligned, and
* must not span more than 7 days.
*
* Each credential contains a receipt level which indicates the backup level
* the credential is good for. If the account has paid backup access that
* expires at some point in the provided redemption window, credentials with
* redemption times after the expiration may be on a lower backup level.
*
* Clients must validate the receipt level on the credential matches a known
* receipt level before using it.
*
*/
// After setting a blinded backup-id with PUT /v1/archives/, this fetches
// credentials that can be used to perform operations against that backup-id.
// Clients may (and should) request up to 7 days of credentials at a time.
//
// The redemption_start and redemption_end seconds must be UTC day aligned, and
// must not span more than 7 days.
//
// Each credential contains a receipt level which indicates the backup level
// the credential is good for. If the account has paid backup access that
// expires at some point in the provided redemption window, credentials with
// redemption times after the expiration may be on a lower backup level.
//
// Clients must validate the receipt level on the credential matches a known
// receipt level before using it.
rpc GetBackupAuthCredentials(GetBackupAuthCredentialsRequest) returns (GetBackupAuthCredentialsResponse) {}
}
message SetBackupIdRequest {
/**
* A BackupAuthCredentialRequest containing a blinded encrypted backup-id,
* encoded in standard padded base64. This backup-id should be used for
* message backups only, and must have the message backup type set on the
* credential. If absent, the message credential request will not be updated.
*/
// A BackupAuthCredentialRequest containing a blinded encrypted backup-id,
// encoded in standard padded base64. This backup-id should be used for
// message backups only, and must have the message backup type set on the
// credential. If absent, the message credential request will not be updated.
bytes messages_backup_auth_credential_request = 1;
/**
* A BackupAuthCredentialRequest containing a blinded encrypted backup-id,
* encoded in standard padded base64. This backup-id should be used for
* media only, and must have the media type set on the credential. If absent,
* the media credential request will not be updated.
*/
// A BackupAuthCredentialRequest containing a blinded encrypted backup-id,
// encoded in standard padded base64. This backup-id should be used for
// media only, and must have the media type set on the credential. If absent,
// the media credential request will not be updated.
bytes media_backup_auth_credential_request = 2;
}
@@ -92,196 +79,147 @@ message SetBackupIdResponse {}
message RedeemReceiptRequest {
/**
* Presentation for a previously acquired receipt, serialized with libsignal
*/
// Presentation for a previously acquired receipt, serialized with libsignal
bytes presentation = 1;
}
message RedeemReceiptResponse {
oneof outcome {
/**
* The receipt was successfully redeemed
*/
// The receipt was successfully redeemed
google.protobuf.Empty success = 1;
/**
* The target account does not have a backup-id commitment
*/
// The target account does not have a backup-id commitment
errors.FailedPrecondition account_missing_commitment = 2 [(tag.reason) = "account_missing_commitment"];
/**
* The provided receipt presentation was malformed or expired
*/
// The provided receipt presentation was malformed or expired
errors.FailedPrecondition invalid_receipt = 3 [(tag.reason) = "invalid_receipt"];
}
}
message GetBackupAuthCredentialsRequest {
/**
* The redemption time for the first credential. This must be a day-aligned
* seconds since epoch in UTC.
*/
// The redemption time for the first credential. This must be a day-aligned
// seconds since epoch in UTC.
int64 redemption_start = 1 [(require.range).min = 1];
/**
* The redemption time for the last credential. This must be a day-aligned
* seconds since epoch in UTC. The span between redemptionStart and
* redemptionEnd must not exceed 7 days.
*/
// The redemption time for the last credential. This must be a day-aligned
// seconds since epoch in UTC. The span between redemptionStart and
// redemptionEnd must not exceed 7 days.
int64 redemption_stop = 2 [(require.range).min = 1];
}
message GetBackupAuthCredentialsResponse {
message Credentials {
/**
* The requested message backup ZkCredentials indexed by the start of their
* validity period. The smallest key should be for the requested
* redemption_start, the largest for the requested redemption_end.
*/
// The requested message backup ZkCredentials indexed by the start of their
// validity period. The smallest key should be for the requested
// redemption_start, the largest for the requested redemption_end.
map<int64, common.ZkCredential> message_credentials = 1;
/**
* The requested media backup ZkCredentials indexed by the start of their
* validity period. The smallest key should be for the requested
* redemption_start, the largest for the requested redemption_end.
*/
// The requested media backup ZkCredentials indexed by the start of their
// validity period. The smallest key should be for the requested
// redemption_start, the largest for the requested redemption_end.
map<int64, common.ZkCredential> media_credentials = 2;
}
/**
* The requested credentials. If absent, there was no existing blinded
* backup id associated with the provided account.
*/
// The requested credentials. If absent, there was no existing blinded
// backup id associated with the provided account.
Credentials credentials = 1;
}
/**
* Service for backup operations with anonymous credentials
*
* This service never requires account authentication. It instead requires a
* backup-id authenticated with an anonymous credential that cannot be linked
* to the account.
*
* To register an anonymous credential:
* 1. Set a backup-id on the authenticated channel via Backups::SetBackupId
* 2. Retrieve BackupAuthCredentials via Backups::GetBackupAuthCredentials
* 3. Generate a key pair and set the public key via
* BackupsAnonymous::SetPublicKey
*
* Unless otherwise noted, requests for this service require a
* SignedPresentation, which includes:
* - a presentation generated from a BackupAuthCredential issued by
* GetBackupAuthCredentials
* - a signature of that presentation using the private key of a key pair
* previously set with SetPublicKey.
*
*/
// Service for backup operations with anonymous credentials
//
// This service never requires account authentication. It instead requires a
// backup-id authenticated with an anonymous credential that cannot be linked
// to the account.
//
// To register an anonymous credential:
// 1. Set a backup-id on the authenticated channel via Backups::SetBackupId
// 2. Retrieve BackupAuthCredentials via Backups::GetBackupAuthCredentials
// 3. Generate a key pair and set the public key via
// BackupsAnonymous::SetPublicKey
//
// Unless otherwise noted, requests for this service require a
// SignedPresentation, which includes:
// - a presentation generated from a BackupAuthCredential issued by
// GetBackupAuthCredentials
// - a signature of that presentation using the private key of a key pair
// previously set with SetPublicKey.
service BackupsAnonymous {
option (require.auth) = AUTH_ONLY_ANONYMOUS;
/**
* Retrieve credentials used to read objects stored on the backup cdn
*/
// Retrieve credentials used to read objects stored on the backup cdn
rpc GetCdnCredentials(GetCdnCredentialsRequest) returns (GetCdnCredentialsResponse) {}
/**
* Retrieve credentials used to interact with the SecureValueRecoveryB service
*/
// Retrieve credentials used to interact with the SecureValueRecoveryB service
rpc GetSvrBCredentials(GetSvrBCredentialsRequest) returns (GetSvrBCredentialsResponse) {}
/**
* Retrieve information about the currently stored backup
*/
// Retrieve information about the currently stored backup
rpc GetBackupInfo(GetBackupInfoRequest) returns (GetBackupInfoResponse) {}
/**
* Permanently set the public key of an ED25519 key-pair for the backup-id.
* All requests (including this one!) must sign their BackupAuthCredential
* presentations with the private key corresponding to the provided public key.
*/
// Permanently set the public key of an ED25519 key-pair for the backup-id.
// All requests (including this one!) must sign their BackupAuthCredential
// presentations with the private key corresponding to the provided public key.
rpc SetPublicKey(SetPublicKeyRequest) returns (SetPublicKeyResponse) {}
/**
* Refresh the backup, indicating that the backup is still active. Clients
* must periodically upload new backups or perform a refresh. If a backup has
* not been active for 30 days, it may deleted
*/
// Refresh the backup, indicating that the backup is still active. Clients
// must periodically upload new backups or perform a refresh. If a backup has
// not been active for 30 days, it may deleted
rpc Refresh(RefreshRequest) returns (RefreshResponse) {}
/**
* Retrieve an upload form that can be used to perform a resumable upload
*/
// Retrieve an upload form that can be used to perform a resumable upload
rpc GetUploadForm(GetUploadFormRequest) returns (GetUploadFormResponse) {}
/**
* Copy and re-encrypt media from the attachments cdn into the backup cdn.
* The original, already encrypted, attachments will be encrypted with the
* provided key material before being copied.
*
* The copy operation is not atomic and responses will be returned as copy
* operations complete with detailed information about the outcome. If an
* error is encountered, not all requests may be reflected in the responses.
*
* On retries, a particular destination media id must not be reused with a
* different source media id or different encryption parameters.
*/
// Copy and re-encrypt media from the attachments cdn into the backup cdn.
// The original, already encrypted, attachments will be encrypted with the
// provided key material before being copied.
//
// The copy operation is not atomic and responses will be returned as copy
// operations complete with detailed information about the outcome. If an
// error is encountered, not all requests may be reflected in the responses.
//
// On retries, a particular destination media id must not be reused with a
// different source media id or different encryption parameters.
rpc CopyMedia(CopyMediaRequest) returns (stream CopyMediaResponse) {}
/**
* Retrieve a page of media objects stored for this backup-id. A client may
* have previously stored media objects that are no longer referenced in their
* current backup. To reclaim storage space used by these orphaned objects,
* perform a list operation and remove any unreferenced media objects
* via DeleteMedia.
*/
// Retrieve a page of media objects stored for this backup-id. A client may
// have previously stored media objects that are no longer referenced in their
// current backup. To reclaim storage space used by these orphaned objects,
// perform a list operation and remove any unreferenced media objects
// via DeleteMedia.
rpc ListMedia(ListMediaRequest) returns (ListMediaResponse) {}
/**
* Delete media objects stored with this backup-id. Streams the locations of
* media items back when the item has successfully been removed.
*/
// Delete media objects stored with this backup-id. Streams the locations of
// media items back when the item has successfully been removed.
rpc DeleteMedia(DeleteMediaRequest) returns (stream DeleteMediaResponse) {}
/**
* Delete all backup metadata, objects, and stored public key. To use
* backups again, a public key must be resupplied.
*/
// Delete all backup metadata, objects, and stored public key. To use
// backups again, a public key must be resupplied.
rpc DeleteAll(DeleteAllRequest) returns (DeleteAllResponse) {}
}
message SignedPresentation {
/**
* Presentation of a BackupAuthCredential previously retrieved from
* GetBackupAuthCredentials on the authenticated channel
*/
// Presentation of a BackupAuthCredential previously retrieved from
// GetBackupAuthCredentials on the authenticated channel
bytes presentation = 1;
/**
* The presentation signed with the private key corresponding to the public
* key set with SetPublicKey
*/
// The presentation signed with the private key corresponding to the public
// key set with SetPublicKey
bytes presentation_signature = 2;
}
message SetPublicKeyRequest {
SignedPresentation signed_presentation = 1;
/**
* The public key, serialized in libsignal's elliptic-curve public key format.
*/
// The public key, serialized in libsignal's elliptic-curve public key format.
bytes public_key = 2;
}
message SetPublicKeyResponse {
/**
* The provided backup auth credential presentation could not be
* authenticated. Either, the presentation could not be verified, or
* the public key signature was invalid, or there is no backup associated
* with the backup-id in the presentation.
*
* This may also be returned if there was an existing public key and the
* provided public key did not match.
*/
// The provided backup auth credential presentation could not be
// authenticated. Either, the presentation could not be verified, or
// the public key signature was invalid, or there is no backup associated
// with the backup-id in the presentation.
//
// This may also be returned if there was an existing public key and the
// provided public key did not match.
errors.FailedZkAuthentication failed_authentication = 1 [(tag.reason) = "failed_authentication"];
}
@@ -294,18 +232,14 @@ message GetCdnCredentialsResponse {
map<string, string> headers = 1;
}
oneof outcome {
/**
* Headers to include with requests to the read from the backup CDN. Includes
* time limited read-only credentials.
*/
// Headers to include with requests to the read from the backup CDN. Includes
// time limited read-only credentials.
CdnCredentials cdn_credentials = 1;
/**
* The provided backup auth credential presentation could not be
* authenticated. Either, the presentation could not be verified, or
* the public key signature was invalid, or there is no backup associated
* with the backup-id in the presentation.
*/
// The provided backup auth credential presentation could not be
// authenticated. Either, the presentation could not be verified, or
// the public key signature was invalid, or there is no backup associated
// with the backup-id in the presentation.
errors.FailedZkAuthentication failed_authentication = 2 [(tag.reason) = "failed_authentication"];
}
}
@@ -316,26 +250,20 @@ message GetSvrBCredentialsRequest {
message GetSvrBCredentialsResponse {
message SvrBCredentials {
/**
* A username that can be presented to authenticate with SVRB
*/
// A username that can be presented to authenticate with SVRB
string username = 1;
/**
* A password that can be presented to authenticate with SVRB
*/
// A password that can be presented to authenticate with SVRB
string password = 2;
}
oneof outcome {
SvrBCredentials svrb_credentials = 1;
/**
* The provided backup auth credential presentation could not be
* authenticated. Either, the presentation could not be verified, or
* the public key signature was invalid, or there is no backup associated
* with the backup-id in the presentation.
*/
// The provided backup auth credential presentation could not be
// authenticated. Either, the presentation could not be verified, or
// the public key signature was invalid, or there is no backup associated
// with the backup-id in the presentation.
errors.FailedZkAuthentication failed_authentication = 2 [(tag.reason) = "failed_authentication"];
}
}
@@ -345,47 +273,35 @@ message GetBackupInfoRequest {
}
message GetBackupInfoResponse {
message BackupInfo {
/**
* The base directory of your backup data on the cdn. The message backup can
* be found in the returned cdn at /backup_dir/backup_name and stored media can
* be found at /backup_dir/media_dir/media_id
*/
// The base directory of your backup data on the cdn. The message backup can
// be found in the returned cdn at /backup_dir/backup_name and stored media can
// be found at /backup_dir/media_dir/media_id
string backup_dir = 1;
/**
* The prefix path component for media objects on a cdn. Stored media for a
* media_id can be found at /backup_dir/media_dir/media_id, where the media_id
* is encoded in unpadded url-safe base64.
*/
// The prefix path component for media objects on a cdn. Stored media for a
// media_id can be found at /backup_dir/media_dir/media_id, where the media_id
// is encoded in unpadded url-safe base64.
string media_dir = 2;
/**
* The CDN type where the message backup is stored. Media may be stored
* elsewhere. If absent, no message backup currently exists.
*/
// The CDN type where the message backup is stored. Media may be stored
// elsewhere. If absent, no message backup currently exists.
optional int32 cdn = 3;
/**
* The name of the most recent message backup on the cdn. The backup is at
* /backup_dir/backup_name. If absent, no message backup currently exists.
*/
// The name of the most recent message backup on the cdn. The backup is at
// /backup_dir/backup_name. If absent, no message backup currently exists.
optional string backup_name = 4;
/**
* The amount of space used to store media
*/
// The amount of space used to store media
uint64 used_space = 5;
}
oneof outcome {
BackupInfo backup_info = 1;
/**
* The provided backup auth credential presentation could not be
* authenticated. Either, the presentation could not be verified, or
* the public key signature was invalid, or there is no backup associated
* with the backup-id in the presentation.
*/
// The provided backup auth credential presentation could not be
// authenticated. Either, the presentation could not be verified, or
// the public key signature was invalid, or there is no backup associated
// with the backup-id in the presentation.
errors.FailedZkAuthentication failed_authentication = 2 [(tag.reason) = "failed_authentication"];
}
}
@@ -395,12 +311,10 @@ message RefreshRequest {
}
message RefreshResponse {
oneof outcome {
/**
* The provided backup auth credential presentation could not be
* authenticated. Either, the presentation could not be verified, or
* the public key signature was invalid, or there is no backup associated
* with the backup-id in the presentation.
*/
// The provided backup auth credential presentation could not be
// authenticated. Either, the presentation could not be verified, or
// the public key signature was invalid, or there is no backup associated
// with the backup-id in the presentation.
errors.FailedZkAuthentication failed_authentication = 1 [(tag.reason) = "failed_authentication"];
}
}
@@ -413,104 +327,74 @@ message GetUploadFormRequest {
}
message MediaUploadType {}
oneof upload_type {
/**
* Retrieve an upload form that can be used to perform a resumable upload of
* a message backup. The finished upload will be available on the backup cdn.
*/
// Retrieve an upload form that can be used to perform a resumable upload of
// a message backup. The finished upload will be available on the backup cdn.
MessagesUploadType messages = 2;
/**
* Retrieve an upload form for a temporary location that can be used to
* perform a resumable upload of an attachment. After uploading, the
* attachment can be copied into the backup via CopyMedia.
*
* Behaves identically to the account authenticated version at /attachments.
*/
// Retrieve an upload form for a temporary location that can be used to
// perform a resumable upload of an attachment. After uploading, the
// attachment can be copied into the backup via CopyMedia.
//
// Behaves identically to the account authenticated version at /attachments.
MediaUploadType media = 3;
}
}
message GetUploadFormResponse {
message UploadForm {
/**
* Indicates the CDN type. 3 indicates resumable uploads using TUS
*/
// Indicates the CDN type. 3 indicates resumable uploads using TUS
int32 cdn = 1;
/**
* The location within the specified cdn where the finished upload can be found
*/
// The location within the specified cdn where the finished upload can be found
string key = 2;
/**
* A map of headers to include with all upload requests. Potentially contains
* time-limited upload credentials
*/
// A map of headers to include with all upload requests. Potentially contains
// time-limited upload credentials
map<string, string> headers = 3;
/**
* The URL to upload to with the appropriate protocol
*/
// The URL to upload to with the appropriate protocol
string signed_upload_location = 4;
}
oneof outcome {
UploadForm upload_form = 1;
/**
* The provided backup auth credential presentation could not be
* authenticated. Either, the presentation could not be verified, or
* the public key signature was invalid, or there is no backup associated
* with the backup-id in the presentation.
*/
// The provided backup auth credential presentation could not be
// authenticated. Either, the presentation could not be verified, or
// the public key signature was invalid, or there is no backup associated
// with the backup-id in the presentation.
errors.FailedZkAuthentication failed_authentication = 2 [(tag.reason) = "failed_authentication"];
/**
* The request size was larger than the maximum supported upload size. The
* maximum upload size is subject to change.
*/
// The request size was larger than the maximum supported upload size. The
// maximum upload size is subject to change.
errors.FailedPrecondition exceeds_max_upload_length = 3 [(tag.reason) = "oversize_upload"];
}
}
message CopyMediaItem {
/**
* The attachment cdn of the object to copy into the backup
*/
// The attachment cdn of the object to copy into the backup
int32 source_attachment_cdn = 1 [(require.range).min = 1, (require.range).max = 3];
/**
* The attachment key of the object to copy into the backup
*/
// The attachment key of the object to copy into the backup
string source_key = 2 [(require.nonEmpty) = true];
/**
* The length of the source attachment before the encryption applied by the
* copy operation
*/
// The length of the source attachment before the encryption applied by the
// copy operation
uint32 object_length = 3;
/**
* media_id to copy on to the backup CDN
*/
// media_id to copy on to the backup CDN
bytes media_id = 4 [(require.exactlySize) = 15];
/**
* A 32-byte key for the MAC
*/
// A 32-byte key for the MAC
bytes hmac_key = 5 [(require.exactlySize) = 32];
/**
* A 32-byte encryption key for AES
*/
// A 32-byte encryption key for AES
bytes encryption_key = 6 [(require.exactlySize) = 32];
}
message CopyMediaRequest {
SignedPresentation signed_presentation = 1;
/**
* Items to copy
*/
// Items to copy
repeated CopyMediaItem items = 2;
}
@@ -519,44 +403,30 @@ message CopyMediaResponse {
message WrongSourceLength {}
message OutOfSpace {}
message CopySuccess {
/**
* The backup cdn where this media object is stored
*/
// The backup cdn where this media object is stored
int32 cdn = 1;
}
/**
* The 15-byte media_id from the corresponding CopyMediaItem in the request
*/
// The 15-byte media_id from the corresponding CopyMediaItem in the request
bytes media_id = 1;
oneof outcome {
/**
* The media item was successfully copied into the backup
*/
// The media item was successfully copied into the backup
CopySuccess success = 2;
/**
* The provided backup auth credential presentation could not be
* authenticated. Either, the presentation could not be verified, or
* the public key signature was invalid, or there is no backup associated
* with the backup-id in the presentation.
*/
// The provided backup auth credential presentation could not be
// authenticated. Either, the presentation could not be verified, or
// the public key signature was invalid, or there is no backup associated
// with the backup-id in the presentation.
errors.FailedZkAuthentication failed_authentication = 3 [(tag.reason) = "failed_authentication"];
/**
* The source object was not found
*/
// The source object was not found
SourceNotFound source_not_found = 4;
/**
* The provided object length was incorrect
*/
// The provided object length was incorrect
WrongSourceLength wrong_source_length = 5;
/**
* All media capacity has been consumed. Free some space to continue.
*/
// All media capacity has been consumed. Free some space to continue.
OutOfSpace out_of_space = 6;
}
}
@@ -564,69 +434,49 @@ message CopyMediaResponse {
message ListMediaRequest {
SignedPresentation signed_presentation = 1;
/**
* A cursor returned by a previous call to ListMedia, absent on the first call
*/
// A cursor returned by a previous call to ListMedia, absent on the first call
optional string cursor = 2;
/**
* If provided, the maximum number of entries to return in a page
*/
// If provided, the maximum number of entries to return in a page
uint32 limit = 3 [(require.range) = {min: 0, max: 10000}];
}
message ListMediaResponse {
message ListEntry {
/**
* The backup cdn where this media object is stored
*/
// The backup cdn where this media object is stored
int32 cdn = 1;
/**
* The media_id of the object
*/
// The media_id of the object
bytes media_id = 2;
/**
* The length of the object in bytes
*/
// The length of the object in bytes
uint64 length = 3;
}
message ListResult {
/**
* A page of media objects stored for this backup ID
*/
// A page of media objects stored for this backup ID
repeated ListEntry page = 1;
/**
* The base directory of the backup data on the cdn. The stored media can be
* found at /backup_dir/media_dir/media_id, where the media_id is encoded with
* unpadded url-safe base64.
*/
// The base directory of the backup data on the cdn. The stored media can be
// found at /backup_dir/media_dir/media_id, where the media_id is encoded with
// unpadded url-safe base64.
string backup_dir = 2;
/**
* The prefix path component for the media objects. The stored media for
* media_id can be found at /backup_dir/media_dir/media_id, where the media_id
* is encoded with unpadded url-safe base64.
*/
// The prefix path component for the media objects. The stored media for
// media_id can be found at /backup_dir/media_dir/media_id, where the media_id
// is encoded with unpadded url-safe base64.
string media_dir = 3;
/**
* If set, the cursor value to pass to the next list request to continue
* listing. If absent, all objects have been listed
*/
// If set, the cursor value to pass to the next list request to continue
// listing. If absent, all objects have been listed
optional string cursor = 4;
}
oneof outcome {
ListResult list_result = 1;
/**
* The provided backup auth credential presentation could not be
* authenticated. Either, the presentation could not be verified, or
* the public key signature was invalid, or there is no backup associated
* with the backup-id in the presentation.
*/
// The provided backup auth credential presentation could not be
// authenticated. Either, the presentation could not be verified, or
// the public key signature was invalid, or there is no backup associated
// with the backup-id in the presentation.
errors.FailedZkAuthentication failed_authentication = 2 [(tag.reason) = "failed_authentication"];
}
}
@@ -636,25 +486,19 @@ message DeleteAllRequest {
}
message DeleteAllResponse {
oneof outcome {
/**
* The provided backup auth credential presentation could not be
* authenticated. Either, the presentation could not be verified, or
* the public key signature was invalid, or there is no backup associated
* with the backup-id in the presentation.
*/
// The provided backup auth credential presentation could not be
// authenticated. Either, the presentation could not be verified, or
// the public key signature was invalid, or there is no backup associated
// with the backup-id in the presentation.
errors.FailedZkAuthentication failed_authentication = 1 [(tag.reason) = "failed_authentication"];
}
}
message DeleteMediaItem {
/**
* The backup cdn where this media object is stored
*/
// The backup cdn where this media object is stored
int32 cdn = 1;
/**
* The media_id of the object to delete
*/
// The media_id of the object to delete
bytes media_id = 2;
}
@@ -668,12 +512,10 @@ message DeleteMediaResponse {
oneof outcome {
DeleteMediaItem deleted_item = 1;
/**
* The provided backup auth credential presentation could not be
* authenticated. Either, the presentation could not be verified, or
* the public key signature was invalid, or there is no backup associated
* with the backup-id in the presentation.
*/
// The provided backup auth credential presentation could not be
// authenticated. Either, the presentation could not be verified, or
// the public key signature was invalid, or there is no backup associated
// with the backup-id in the presentation.
errors.FailedZkAuthentication failed_authentication = 2 [(tag.reason) = "failed_authentication"];
}
}

32
service/src/main/proto/org/signal/chat/calling.proto
View File

@@ -9,38 +9,28 @@ option java_multiple_files = true;
package org.signal.chat.calling;
/**
* Provides methods for getting credentials for one-on-one and group calls.
*/
// Provides methods for getting credentials for one-on-one and group calls.
service Calling {
/**
* Generates and returns TURN credentials for the caller.
*
* This RPC may fail with a `RESOURCE_EXHAUSTED` status if a rate limit for
* generating TURN credentials has been exceeded, in which case a
* `retry-after` header containing an ISO 8601 duration string will be present
* in the response trailers.
*/
// Generates and returns TURN credentials for the caller.
//
// This RPC may fail with a `RESOURCE_EXHAUSTED` status if a rate limit for
// generating TURN credentials has been exceeded, in which case a
// `retry-after` header containing an ISO 8601 duration string will be present
// in the response trailers.
rpc GetTurnCredentials(GetTurnCredentialsRequest) returns (GetTurnCredentialsResponse) {}
}
message GetTurnCredentialsRequest {}
message GetTurnCredentialsResponse {
/**
* A username that can be presented to authenticate with a TURN server.
*/
// A username that can be presented to authenticate with a TURN server.
string username = 1;
/**
* A password that can be presented to authenticate with a TURN server.
*/
// A password that can be presented to authenticate with a TURN server.
string password = 2;
/**
* A list of TURN (or TURNS or STUN) servers where the provided credentials
* may be used.
*/
// A list of TURN (or TURNS or STUN) servers where the provided credentials
// may be used.
repeated string urls = 3;
}

58
service/src/main/proto/org/signal/chat/common.proto
View File

@@ -16,80 +16,54 @@ enum IdentityType {
}
message ServiceIdentifier {
/**
* The type of identity represented by this service identifier.
*/
// The type of identity represented by this service identifier.
IdentityType identity_type = 1;
/**
* The UUID of the identity represented by this service identifier.
*/
// The UUID of the identity represented by this service identifier.
bytes uuid = 2;
}
message AccountIdentifiers {
/**
* A list of service identifiers for the identified account.
*/
// A list of service identifiers for the identified account.
repeated ServiceIdentifier service_identifiers = 1;
/**
* The phone number associated with the identified account.
*/
// The phone number associated with the identified account.
string e164 = 2;
/**
* The username hash (if any) associated with the identified account. May be
* empty if no username is associated with the identified account.
*/
// The username hash (if any) associated with the identified account. May be
// empty if no username is associated with the identified account.
bytes username_hash = 3;
}
message EcPreKey {
/**
* A locally-unique identifier for this key.
*/
// A locally-unique identifier for this key.
uint64 key_id = 1;
/**
* The serialized form of the public key.
*/
// The serialized form of the public key.
bytes public_key = 2;
}
message EcSignedPreKey {
/**
* A locally-unique identifier for this key.
*/
// A locally-unique identifier for this key.
uint64 key_id = 1;
/**
* The serialized form of the public key.
*/
// The serialized form of the public key.
bytes public_key = 2;
/**
* A signature of the public key, verifiable with the identity key for the
* account/identity associated with this pre-key.
*/
// A signature of the public key, verifiable with the identity key for the
// account/identity associated with this pre-key.
bytes signature = 3;
}
message KemSignedPreKey {
/**
* A locally-unique identifier for this key.
*/
// A locally-unique identifier for this key.
uint64 key_id = 1;
/**
* The serialized form of the public key.
*/
// The serialized form of the public key.
bytes public_key = 2;
/**
* A signature of the public key, verifiable with the identity key for the
* account/identity associated with this pre-key.
*/
// A signature of the public key, verifiable with the identity key for the
// account/identity associated with this pre-key.
bytes signature = 3;
}

94
service/src/main/proto/org/signal/chat/credentials.proto
View File

@@ -9,40 +9,34 @@ option java_multiple_files = true;
package org.signal.chat.credentials;
/**
* Provides methods for obtaining and verifying credentials for "external" services
* (i.e. services that are not a part of the chat server deployment).
* All methods of this service require authentication.
*/
// Provides methods for obtaining and verifying credentials for "external" services
// (i.e. services that are not a part of the chat server deployment).
// All methods of this service require authentication.
service ExternalServiceCredentials {
/**
* Generates and returns an external service credentials for the caller.
*
* `UNAUTHENTICATED` status is returned if the call is made on unauthenticated channel.
*
* `INVALID_ARGUMENT` status is returned if service is not configured for the service type
* found in the request OR if `externalService` is not specified in the request.
*
* `RESOURCE_EXHAUSTED` status is returned if a rate limit for
* generating credentials has been exceeded, in which case a
* `retry-after` header containing an ISO 8601 duration string will be present
* in the response trailers.
*/
// Generates and returns an external service credentials for the caller.
//
// `UNAUTHENTICATED` status is returned if the call is made on unauthenticated channel.
//
// `INVALID_ARGUMENT` status is returned if service is not configured for the service type
// found in the request OR if `externalService` is not specified in the request.
//
// `RESOURCE_EXHAUSTED` status is returned if a rate limit for
// generating credentials has been exceeded, in which case a
// `retry-after` header containing an ISO 8601 duration string will be present
// in the response trailers.
rpc GetExternalServiceCredentials(GetExternalServiceCredentialsRequest)
returns (GetExternalServiceCredentialsResponse) {}
}
service ExternalServiceCredentialsAnonymous {
/**
* Given a list of secure value recovery (SVR) service credentials and a phone number,
* checks, which of the provided credentials were generated by the user with the given phone number
* and have not yet expired.
*
* `UNAUTHENTICATED` status is returned if the call is made on unauthenticated channel.
*
* `INVALID_ARGUMENT` status is returned if request contains more than 10 passwords to be checked.
*/
// Given a list of secure value recovery (SVR) service credentials and a phone number,
// checks, which of the provided credentials were generated by the user with the given phone number
// and have not yet expired.
//
// `UNAUTHENTICATED` status is returned if the call is made on unauthenticated channel.
//
// `INVALID_ARGUMENT` status is returned if request contains more than 10 passwords to be checked.
rpc CheckSvrCredentials(CheckSvrCredentialsRequest)
returns (CheckSvrCredentialsResponse) {}
}
@@ -56,60 +50,42 @@ enum ExternalServiceType {
}
message GetExternalServiceCredentialsRequest {
/**
* A service to request credentials for.
*/
// A service to request credentials for.
ExternalServiceType externalService = 1;
}
message GetExternalServiceCredentialsResponse {
/**
* A username that can be presented to authenticate with the external service.
*/
// A username that can be presented to authenticate with the external service.
string username = 1;
/**
* A password that can be presented to authenticate with the external service.
*/
// A password that can be presented to authenticate with the external service.
string password = 2;
}
enum AuthCheckResult {
AUTH_CHECK_RESULT_UNSPECIFIED = 0;
/**
* The credentials could be used to make a call to SVR service by the user
* associated with the `CheckSvrCredentialsRequest.number` phone number.
*/
// The credentials could be used to make a call to SVR service by the user
// associated with the `CheckSvrCredentialsRequest.number` phone number.
AUTH_CHECK_RESULT_MATCH = 1;
/**
* The credentials were generated by a different user.
*/
// The credentials were generated by a different user.
AUTH_CHECK_RESULT_NO_MATCH = 2;
/**
* This status indicates that the corresponding credentials token should no longer be used.
* This may be because it has expired or invalid, but it can also mean that there is a more
* recent token in the request which should be used instead.
*/
// This status indicates that the corresponding credentials token should no longer be used.
// This may be because it has expired or invalid, but it can also mean that there is a more
// recent token in the request which should be used instead.
AUTH_CHECK_RESULT_INVALID = 3;
}
message CheckSvrCredentialsRequest {
/**
* A phone number in the E164 format to check the passwords against.
* Only passwords generated for the user associated with the given number will be marked as `AUTH_CHECK_RESULT_MATCH`.
*/
// A phone number in the E164 format to check the passwords against.
// Only passwords generated for the user associated with the given number will be marked as `AUTH_CHECK_RESULT_MATCH`.
string number = 1;
/**
* A list of credentials from previously made calls to `ExternalServiceCredentials.GetExternalServiceCredentials()`
* for `EXTERNAL_SERVICE_TYPE_SVR`. This list may contain credentials generated by different users.
*/
// A list of credentials from previously made calls to `ExternalServiceCredentials.GetExternalServiceCredentials()`
// for `EXTERNAL_SERVICE_TYPE_SVR`. This list may contain credentials generated by different users.
repeated string passwords = 2;
}
/**
* For each of the credentials tokens in the `CheckSvrCredentialsRequest` contains the result of the check.
*/
// For each of the credentials tokens in the `CheckSvrCredentialsRequest` contains the result of the check.
message CheckSvrCredentialsResponse {
map<string, AuthCheckResult> matches = 1;

124
service/src/main/proto/org/signal/chat/device.proto
View File

@@ -12,50 +12,36 @@ package org.signal.chat.device;
import "org/signal/chat/common.proto";
import "org/signal/chat/require.proto";
/**
* Provides methods for working with devices attached to a Signal account.
*/
// Provides methods for working with devices attached to a Signal account.
service Devices {
/**
* Returns a list of devices associated with the caller's account.
*/
// Returns a list of devices associated with the caller's account.
rpc GetDevices(GetDevicesRequest) returns (GetDevicesResponse) {}
/**
* Removes a linked device from the caller's account. This call will fail with
* a status of `PERMISSION_DENIED` if not called from the primary device
* associated with an account. It will also fail with a status of
* `INVALID_ARGUMENT` if the targeted device is the primary device associated
* with the account.
*/
// Removes a linked device from the caller's account. This call will fail with
// a status of `PERMISSION_DENIED` if not called from the primary device
// associated with an account. It will also fail with a status of
// `INVALID_ARGUMENT` if the targeted device is the primary device associated
// with the account.
rpc RemoveDevice(RemoveDeviceRequest) returns (RemoveDeviceResponse) {}
/**
* Sets the encrypted human-readable name for a specific devices. Primary
* devices may change the name of any device associated with their account,
* but linked devices may only change their own name. This call will fail with
* a status of `NOT_FOUND` if no device was found with the given identifier.
* It will also fail with a status of `PERMISSION_DENIED` if a linked device
* tries to change the name of any device other than itself.
*/
// Sets the encrypted human-readable name for a specific devices. Primary
// devices may change the name of any device associated with their account,
// but linked devices may only change their own name. This call will fail with
// a status of `NOT_FOUND` if no device was found with the given identifier.
// It will also fail with a status of `PERMISSION_DENIED` if a linked device
// tries to change the name of any device other than itself.
rpc SetDeviceName(SetDeviceNameRequest) returns (SetDeviceNameResponse) {}
/**
* Sets the token(s) the server should use to send new message notifications
* to the authenticated device.
*/
// Sets the token(s) the server should use to send new message notifications
// to the authenticated device.
rpc SetPushToken(SetPushTokenRequest) returns (SetPushTokenResponse) {}
/**
* Removes any push tokens associated with the authenticated device. After
* calling this method, the server will assume that the authenticated device
* will periodically poll for new messages.
*/
// Removes any push tokens associated with the authenticated device. After
// calling this method, the server will assume that the authenticated device
// will periodically poll for new messages.
rpc ClearPushToken(ClearPushTokenRequest) returns (ClearPushTokenResponse) {}
/**
* Declares that the authenticated device supports certain features.
*/
// Declares that the authenticated device supports certain features.
rpc SetCapabilities(SetCapabilitiesRequest) returns (SetCapabilitiesResponse) {}
}
@@ -63,65 +49,45 @@ message GetDevicesRequest {}
message GetDevicesResponse {
message LinkedDevice {
/**
* The identifier for the device within an account.
*/
// The identifier for the device within an account.
uint32 id = 1;
/**
* A sequence of bytes that encodes an encrypted human-readable name for
* this device.
*/
// A sequence of bytes that encodes an encrypted human-readable name for
// this device.
bytes name = 2;
/**
* The time, in milliseconds since the epoch, at which this device was
* attached to its parent account.
*/
// The time, in milliseconds since the epoch, at which this device was
// attached to its parent account.
uint64 created = 3;
/**
* The approximate time, in milliseconds since the epoch, at which this
* device last connected to the server.
*/
// The approximate time, in milliseconds since the epoch, at which this
// device last connected to the server.
uint64 last_seen = 4;
/**
* The registration ID of the given device.
*/
// The registration ID of the given device.
uint32 registration_id = 5 [(require.range).max = 0x3fff];
/**
* A sequence of bytes that encodes the time,
* in milliseconds since the epoch, at which this device was
* attached to its parent account.
*/
// A sequence of bytes that encodes the time,
// in milliseconds since the epoch, at which this device was
// attached to its parent account.
bytes created_at_ciphertext = 6;
}
/**
* A list of devices linked to the authenticated account.
*/
// A list of devices linked to the authenticated account.
repeated LinkedDevice devices = 1;
}
message RemoveDeviceRequest {
/**
* The identifier for the device to remove from the authenticated account.
*/
// The identifier for the device to remove from the authenticated account.
uint32 id = 1;
}
message SetDeviceNameRequest {
/**
* A sequence of bytes that encodes an encrypted human-readable name for this
* device.
*/
// A sequence of bytes that encodes an encrypted human-readable name for this
// device.
bytes name = 1;
/**
* The identifier for the device for which to set a name.
*/
// The identifier for the device for which to set a name.
uint32 id = 2;
}
@@ -131,30 +97,22 @@ message RemoveDeviceResponse {}
message SetPushTokenRequest {
message ApnsTokenRequest {
/**
* A "standard" APNs device token.
*/
// A "standard" APNs device token.
string apns_token = 1;
}
message FcmTokenRequest {
/**
* An FCM push token.
*/
// An FCM push token.
string fcm_token = 1;
}
oneof token_request {
/**
* If present, specifies the APNs device token(s) the server will use to
* send new message notifications to the authenticated device.
*/
// If present, specifies the APNs device token(s) the server will use to
// send new message notifications to the authenticated device.
ApnsTokenRequest apns_token_request = 1;
/**
* If present, specifies the FCM push token the server will use to send new
* message notifications to the authenticated device.
*/
// If present, specifies the FCM push token the server will use to send new
// message notifications to the authenticated device.
FcmTokenRequest fcm_token_request = 2;
}
}

24
service/src/main/proto/org/signal/chat/errors.proto
View File

@@ -9,29 +9,19 @@ option java_multiple_files = true;
package org.signal.chat.errors;
/**
* Response message that indicates a particular resource was not found.
*/
// Response message that indicates a particular resource was not found.
message NotFound {}
/**
* Response message that indicates that some precondition of the request was not
* met. For example, if there was a request to update foo, but foo had not been
* set, this would be an appropriate error.
*/
// Response message that indicates that some precondition of the request was not
// met. For example, if there was a request to update foo, but foo had not been
// set, this would be an appropriate error.
message FailedPrecondition {
/**
* An optional description indicating what precondition failed.
*/
// An optional description indicating what precondition failed.
string description = 1;
}
/**
* Response message that authentication via an anonymous credential failed.
*/
// Response message that authentication via an anonymous credential failed.
message FailedZkAuthentication {
/**
* An optional description with additional information about the failure.
*/
// An optional description with additional information about the failure.
string description = 1;
}

276
service/src/main/proto/org/signal/chat/keys.proto
View File

@@ -11,106 +11,86 @@ package org.signal.chat.keys;
import "org/signal/chat/common.proto";
/**
* Provides methods for working with pre-keys.
*/
// Provides methods for working with pre-keys.
service Keys {
/**
* Retrieves an approximate count of the number of the various kinds of
* pre-keys stored for the authenticated device.
*/
// Retrieves an approximate count of the number of the various kinds of
// pre-keys stored for the authenticated device.
rpc GetPreKeyCount (GetPreKeyCountRequest) returns (GetPreKeyCountResponse) {}
/**
* Retrieves a set of pre-keys for establishing a session with the targeted
* device or devices. Note that callers with an unidentified access key for
* the targeted account should use the version of this method in
* `KeysAnonymous` instead.
*
* This RPC may fail with a `NOT_FOUND` status if the target account was not
* found, if no active device with the given ID (if specified) was found on
* the target account, or if the account has no active devices. It may also
* fail with a `RESOURCE_EXHAUSTED` if a rate limit for fetching keys has been
* exceeded, in which case a `retry-after` header containing an ISO 8601
* duration string will be present in the response trailers.
*/
// Retrieves a set of pre-keys for establishing a session with the targeted
// device or devices. Note that callers with an unidentified access key for
// the targeted account should use the version of this method in
// `KeysAnonymous` instead.
//
// This RPC may fail with a `NOT_FOUND` status if the target account was not
// found, if no active device with the given ID (if specified) was found on
// the target account, or if the account has no active devices. It may also
// fail with a `RESOURCE_EXHAUSTED` if a rate limit for fetching keys has been
// exceeded, in which case a `retry-after` header containing an ISO 8601
// duration string will be present in the response trailers.
rpc GetPreKeys(GetPreKeysRequest) returns (GetPreKeysResponse) {}
/**
* Uploads a new set of one-time EC pre-keys for the authenticated device,
* clearing any previously-stored pre-keys. Note that all keys submitted via
* a single call to this method _must_ have the same identity type (i.e. if
* the first key has an ACI identity type, then all other keys in the same
* stream must also have an ACI identity type).
*
* This RPC may fail with an `INVALID_ARGUMENT` status if one or more of the
* given pre-keys was structurally invalid or if the list of pre-keys was
* empty.
*/
// Uploads a new set of one-time EC pre-keys for the authenticated device,
// clearing any previously-stored pre-keys. Note that all keys submitted via
// a single call to this method _must_ have the same identity type (i.e. if
// the first key has an ACI identity type, then all other keys in the same
// stream must also have an ACI identity type).
//
// This RPC may fail with an `INVALID_ARGUMENT` status if one or more of the
// given pre-keys was structurally invalid or if the list of pre-keys was
// empty.
rpc SetOneTimeEcPreKeys (SetOneTimeEcPreKeysRequest) returns (SetPreKeyResponse) {}
/**
* Uploads a new set of one-time KEM pre-keys for the authenticated device,
* clearing any previously-stored pre-keys. Note that all keys submitted via
* a single call to this method _must_ have the same identity type (i.e. if
* the first key has an ACI identity type, then all other keys in the same
* stream must also have an ACI identity type).
*
* This RPC may fail with an `INVALID_ARGUMENT` status if one or more of the
* given pre-keys was structurally invalid, had an invalid signature, or if
* the list of pre-keys was empty.
*/
// Uploads a new set of one-time KEM pre-keys for the authenticated device,
// clearing any previously-stored pre-keys. Note that all keys submitted via
// a single call to this method _must_ have the same identity type (i.e. if
// the first key has an ACI identity type, then all other keys in the same
// stream must also have an ACI identity type).
//
// This RPC may fail with an `INVALID_ARGUMENT` status if one or more of the
// given pre-keys was structurally invalid, had an invalid signature, or if
// the list of pre-keys was empty.
rpc SetOneTimeKemSignedPreKeys (SetOneTimeKemSignedPreKeysRequest) returns (SetPreKeyResponse) {}
/**
* Sets the signed EC pre-key for one identity (i.e. ACI or PNI) associated
* with the authenticated device.
*
* This RPC may fail with an `INVALID_ARGUMENT` status if the given pre-key
* was structurally invalid, had a bad signature, or was missing entirely.
*/
// Sets the signed EC pre-key for one identity (i.e. ACI or PNI) associated
// with the authenticated device.
//
// This RPC may fail with an `INVALID_ARGUMENT` status if the given pre-key
// was structurally invalid, had a bad signature, or was missing entirely.
rpc SetEcSignedPreKey (SetEcSignedPreKeyRequest) returns (SetPreKeyResponse) {}
/**
* Sets the last-resort KEM pre-key for one identity (i.e. ACI or PNI)
* associated with the authenticated device.
*
* This RPC may fail with an `INVALID_ARGUMENT` status if the given pre-key
* was structurally invalid, had a bad signature, or was missing entirely.
*/
// Sets the last-resort KEM pre-key for one identity (i.e. ACI or PNI)
// associated with the authenticated device.
//
// This RPC may fail with an `INVALID_ARGUMENT` status if the given pre-key
// was structurally invalid, had a bad signature, or was missing entirely.
rpc SetKemLastResortPreKey (SetKemLastResortPreKeyRequest) returns (SetPreKeyResponse) {}
}
/**
* Provides methods for working with pre-keys using "unidentified access"
* credentials.
*/
// Provides methods for working with pre-keys using "unidentified access"
// credentials.
service KeysAnonymous {
/**
* Retrieves a set of pre-keys for establishing a session with the targeted
* device or devices. Callers must not submit any self-identifying credentials
* when calling this method and must instead present the targeted account's
* unidentified access key as an anonymous authentication mechanism. Callers
* without an unidentified access key should use the equivalent, authenticated
* method in `Keys` instead.
*
* This RPC may fail with an `UNAUTHENTICATED` status if the given
* unidentified access key did not match the target account's unidentified
* access key or if the target account was not found. It may also fail with a
* `NOT_FOUND` status if no active device with the given ID (if specified) was
* found on the target account, or if the target account has no active
* devices.
*/
// Retrieves a set of pre-keys for establishing a session with the targeted
// device or devices. Callers must not submit any self-identifying credentials
// when calling this method and must instead present the targeted account's
// unidentified access key as an anonymous authentication mechanism. Callers
// without an unidentified access key should use the equivalent, authenticated
// method in `Keys` instead.
//
// This RPC may fail with an `UNAUTHENTICATED` status if the given
// unidentified access key did not match the target account's unidentified
// access key or if the target account was not found. It may also fail with a
// `NOT_FOUND` status if no active device with the given ID (if specified) was
// found on the target account, or if the target account has no active
// devices.
rpc GetPreKeys(GetPreKeysAnonymousRequest) returns (GetPreKeysResponse) {}
/**
* Checks identity key fingerprints of the target accounts.
*
* Returns a stream of elements, each one representing an account that had a mismatched
* identity key fingerprint with the server and the corresponding identity key stored by the server.
*/
// Checks identity key fingerprints of the target accounts.
//
// Returns a stream of elements, each one representing an account that had a mismatched
// identity key fingerprint with the server and the corresponding identity key stored by the server.
rpc CheckIdentityKeys(stream CheckIdentityKeyRequest) returns (stream CheckIdentityKeyResponse) {}
}
@@ -118,151 +98,103 @@ message GetPreKeyCountRequest {
}
message GetPreKeyCountResponse {
/**
* The approximate number of one-time EC pre-keys stored for the
* authenticated device and associated with the caller's ACI.
*/
// The approximate number of one-time EC pre-keys stored for the
// authenticated device and associated with the caller's ACI.
uint32 aci_ec_pre_key_count = 1;
/**
* The approximate number of one-time Kyber pre-keys stored for the
* authenticated device and associated with the caller's ACI.
*/
// The approximate number of one-time Kyber pre-keys stored for the
// authenticated device and associated with the caller's ACI.
uint32 aci_kem_pre_key_count = 2;
/**
* The approximate number of one-time EC pre-keys stored for the
* authenticated device and associated with the caller's PNI.
*/
// The approximate number of one-time EC pre-keys stored for the
// authenticated device and associated with the caller's PNI.
uint32 pni_ec_pre_key_count = 3;
/**
* The approximate number of one-time KEM pre-keys stored for the
* authenticated device and associated with the caller's PNI.
*/
// The approximate number of one-time KEM pre-keys stored for the
// authenticated device and associated with the caller's PNI.
uint32 pni_kem_pre_key_count = 4;
}
message GetPreKeysRequest {
/**
* The service identifier of the account for which to retrieve pre-keys.
*/
// The service identifier of the account for which to retrieve pre-keys.
common.ServiceIdentifier target_identifier = 1;
/**
* The ID of the device associated with the targeted account for which to
* retrieve pre-keys. If not set, pre-keys are returned for all devices
* associated with the targeted account.
*/
// The ID of the device associated with the targeted account for which to
// retrieve pre-keys. If not set, pre-keys are returned for all devices
// associated with the targeted account.
optional uint32 device_id = 2;
}
message GetPreKeysAnonymousRequest {
/**
* The request to retrieve pre-keys for a specific account/device(s).
*/
// The request to retrieve pre-keys for a specific account/device(s).
GetPreKeysRequest request = 1;
/**
* A means to authorize the request.
*/
// A means to authorize the request.
oneof authorization {
/**
* The unidentified access key (UAK) for the targeted account.
*/
// The unidentified access key (UAK) for the targeted account.
bytes unidentified_access_key = 2;
/**
* A group send endorsement token for the targeted account.
*/
// A group send endorsement token for the targeted account.
bytes group_send_token = 3;
}
}
message GetPreKeysResponse {
message PreKeyBundle {
/**
* The EC signed pre-key associated with the targeted
* account/device/identity.
*/
// The EC signed pre-key associated with the targeted
// account/device/identity.
common.EcSignedPreKey ec_signed_pre_key = 1;
/**
* A one-time EC pre-key for the targeted account/device/identity. May not
* be set if no one-time EC pre-keys are available.
*/
// A one-time EC pre-key for the targeted account/device/identity. May not
// be set if no one-time EC pre-keys are available.
common.EcPreKey ec_one_time_pre_key = 2;
/**
* A one-time KEM pre-key (or a last-resort KEM pre-key) for the targeted
* account/device/identity.
*/
// A one-time KEM pre-key (or a last-resort KEM pre-key) for the targeted
// account/device/identity.
common.KemSignedPreKey kem_one_time_pre_key = 3;
/**
* The registration ID for the targeted account/device/identity.
*/
// The registration ID for the targeted account/device/identity.
uint32 registration_id = 4;
}
/**
* The identity key associated with the targeted account/identity.
*/
// The identity key associated with the targeted account/identity.
bytes identity_key = 1;
/**
* A map of device IDs to pre-key "bundles" for the targeted account.
*/
// A map of device IDs to pre-key "bundles" for the targeted account.
map<uint32, PreKeyBundle> pre_keys = 2;
}
message SetOneTimeEcPreKeysRequest {
/**
* The identity type (i.e. ACI/PNI) with which the keys in this request are
* associated.
*/
// The identity type (i.e. ACI/PNI) with which the keys in this request are
// associated.
common.IdentityType identity_type = 1;
/**
* The unsigned EC pre-keys to be stored.
*/
// The unsigned EC pre-keys to be stored.
repeated common.EcPreKey pre_keys = 2;
}
message SetOneTimeKemSignedPreKeysRequest {
/**
* The identity type (i.e. ACI/PNI) with which the keys in this request are
* associated.
*/
// The identity type (i.e. ACI/PNI) with which the keys in this request are
// associated.
common.IdentityType identity_type = 1;
/**
* The KEM pre-keys to be stored.
*/
// The KEM pre-keys to be stored.
repeated common.KemSignedPreKey pre_keys = 2;
}
message SetEcSignedPreKeyRequest {
/**
* The identity type (i.e. ACI/PNI) with which this key is associated.
*/
// The identity type (i.e. ACI/PNI) with which this key is associated.
common.IdentityType identity_type = 1;
/**
* The signed EC pre-key itself.
*/
// The signed EC pre-key itself.
common.EcSignedPreKey signed_pre_key = 2;
}
message SetKemLastResortPreKeyRequest {
/**
* The identity type (i.e. ACI/PNI) with which this key is associated.
*/
// The identity type (i.e. ACI/PNI) with which this key is associated.
common.IdentityType identity_type = 1;
/**
* The signed KEM pre-key itself.
*/
// The signed KEM pre-key itself.
common.KemSignedPreKey signed_pre_key = 2;
}
@@ -270,23 +202,15 @@ message SetPreKeyResponse {
}
message CheckIdentityKeyRequest {
/**
* The service identifier of the account for which we want to check the associated identity key fingerprint.
*/
// The service identifier of the account for which we want to check the associated identity key fingerprint.
common.ServiceIdentifier target_identifier = 1;
/**
* The most significant 4 bytes of the SHA-256 hash of the identity key associated with the target account/identity type.
*/
// The most significant 4 bytes of the SHA-256 hash of the identity key associated with the target account/identity type.
bytes fingerprint = 2;
}
message CheckIdentityKeyResponse {
/**
* The service identifier of the account for which there is a mismatch between the client and server identity key fingerprints.
*/
// The service identifier of the account for which there is a mismatch between the client and server identity key fingerprints.
common.ServiceIdentifier target_identifier = 1;
/**
* The identity key that is stored by the server for the target account/identity type.
*/
// The identity key that is stored by the server for the target account/identity type.
bytes identity_key = 2;
}

510
service/src/main/proto/org/signal/chat/messages.proto
View File

@@ -12,454 +12,346 @@ package org.signal.chat.messages;
import "org/signal/chat/common.proto";
import "org/signal/chat/require.proto";
/**
* Provides methods for sending "unsealed sender" messages.
*/
// Provides methods for sending "unsealed sender" messages.
service Messages {
option (require.auth) = AUTH_ONLY_AUTHENTICATED;
/**
* Sends an "unsealed sender" message to all devices linked to a single
* destination account.
*
* This RPC may fail with a `NOT_FOUND` status if the destination account was
* not found. It may also fail with an `INVALID_ARGUMENT` status if the
* destination account is the same as the authenticated caller (callers should
* use `SendSyncMessage` to send messages to themselves). It may also fail
* with a `RESOURCE_EXHAUSTED` status if a rate limit for sending messages has
* been exceeded, in which case a `retry-after` header containing an ISO 8601
* duration string may be present in the response trailers.
*
* Note that message delivery may not succeed even if this RPC returns an `OK`
* status; callers must check the response object to verify that the message
* was actually accepted and sent.
*/
// Sends an "unsealed sender" message to all devices linked to a single
// destination account.
//
// This RPC may fail with a `NOT_FOUND` status if the destination account was
// not found. It may also fail with an `INVALID_ARGUMENT` status if the
// destination account is the same as the authenticated caller (callers should
// use `SendSyncMessage` to send messages to themselves). It may also fail
// with a `RESOURCE_EXHAUSTED` status if a rate limit for sending messages has
// been exceeded, in which case a `retry-after` header containing an ISO 8601
// duration string may be present in the response trailers.
//
// Note that message delivery may not succeed even if this RPC returns an `OK`
// status; callers must check the response object to verify that the message
// was actually accepted and sent.
rpc SendMessage(SendAuthenticatedSenderMessageRequest) returns (SendMessageResponse) {}
/**
* Sends a "sync" message to all other devices linked to the authenticated
* sender's account. This RPC may fail with a `RESOURCE_EXHAUSTED` status if a
* rate limit for sending messages has been exceeded, in which case a
* `retry-after` header containing an ISO 8601 duration string may be present
* in the response trailers.
*
* Note that message delivery may not succeed even if this RPC returns an `OK`
* status; callers must check the response object to verify that the message
* was actually accepted and sent.
*/
// Sends a "sync" message to all other devices linked to the authenticated
// sender's account. This RPC may fail with a `RESOURCE_EXHAUSTED` status if a
// rate limit for sending messages has been exceeded, in which case a
// `retry-after` header containing an ISO 8601 duration string may be present
// in the response trailers.
//
// Note that message delivery may not succeed even if this RPC returns an `OK`
// status; callers must check the response object to verify that the message
// was actually accepted and sent.
rpc SendSyncMessage(SendSyncMessageRequest) returns (SendMessageResponse) {}
}
/**
* Provides methods for sending "sealed sender" messages.
*/
// Provides methods for sending "sealed sender" messages.
service MessagesAnonymous {
option (require.auth) = AUTH_ONLY_ANONYMOUS;
/**
* Sends a "sealed sender" message to all devices linked to a single
* destination account.
*
* This RPC may fail with an `UNAUTHENTICATED` status if the given credentials
* were not accepted for any reason or if the destination account was not
* found while using an unidentified access key (UAK) for authorization. It
* may also fail with a `NOT_FOUND` status if the destination account was not
* found while using a group send token for authorization. It may also fail
* with a `RESOURCE_EXHAUSTED` status if a rate limit for sending messages has
* been exceeded, in which case a `retry-after` header containing an ISO 8601
* duration string may be present in the response trailers.
*
* Note that message delivery may not succeed even if this RPC returns an `OK`
* status; callers must check the response object to verify that the message
* was actually accepted and sent.
*/
// Sends a "sealed sender" message to all devices linked to a single
// destination account.
//
// This RPC may fail with an `UNAUTHENTICATED` status if the given credentials
// were not accepted for any reason or if the destination account was not
// found while using an unidentified access key (UAK) for authorization. It
// may also fail with a `NOT_FOUND` status if the destination account was not
// found while using a group send token for authorization. It may also fail
// with a `RESOURCE_EXHAUSTED` status if a rate limit for sending messages has
// been exceeded, in which case a `retry-after` header containing an ISO 8601
// duration string may be present in the response trailers.
//
// Note that message delivery may not succeed even if this RPC returns an `OK`
// status; callers must check the response object to verify that the message
// was actually accepted and sent.
rpc SendSingleRecipientMessage(SendSealedSenderMessageRequest) returns (SendMessageResponse) {}
/**
* Sends a "sealed sender" message with a common payload to all devices linked
* to multiple destination accounts.
*
* This RPC may fail with a `NOT_FOUND` status if one or more destination
* accounts were not found. It may also fail with an `UNAUTHENTICATED` status
* if the given credentials were not accepted for any reason. It may also fail
* with a `RESOURCE_EXHAUSTED` status if a rate limit for sending messages has
* been exceeded, in which case a `retry-after` header containing an ISO 8601
* duration string may be present in the response trailers.
*
* Note that message delivery may not succeed even if this RPC returns an `OK`
* status; callers must check the response object to verify that the message
* was actually accepted and sent.
*/
// Sends a "sealed sender" message with a common payload to all devices linked
// to multiple destination accounts.
//
// This RPC may fail with a `NOT_FOUND` status if one or more destination
// accounts were not found. It may also fail with an `UNAUTHENTICATED` status
// if the given credentials were not accepted for any reason. It may also fail
// with a `RESOURCE_EXHAUSTED` status if a rate limit for sending messages has
// been exceeded, in which case a `retry-after` header containing an ISO 8601
// duration string may be present in the response trailers.
//
// Note that message delivery may not succeed even if this RPC returns an `OK`
// status; callers must check the response object to verify that the message
// was actually accepted and sent.
rpc SendMultiRecipientMessage(SendMultiRecipientMessageRequest) returns (SendMultiRecipientMessageResponse) {}
/**
* Sends a story message to devices linked to a single destination account.
*
* This RPC may fail with a `RESOURCE_EXHAUSTED` status if a rate limit for
* sending stories has been exceeded, in which case a `retry-after` header
* containing an ISO 8601 duration string may be present in the response
* trailers.
*
* Note that message delivery may not succeed even if this RPC returns an `OK`
* status; callers must check the response object to verify that the message
* was actually accepted and sent.
*/
// Sends a story message to devices linked to a single destination account.
//
// This RPC may fail with a `RESOURCE_EXHAUSTED` status if a rate limit for
// sending stories has been exceeded, in which case a `retry-after` header
// containing an ISO 8601 duration string may be present in the response
// trailers.
//
// Note that message delivery may not succeed even if this RPC returns an `OK`
// status; callers must check the response object to verify that the message
// was actually accepted and sent.
rpc SendStory(SendStoryMessageRequest) returns (SendMessageResponse) {}
/**
* Sends a story message with a common payload to devices linked to devices
* linked to multiple destination accounts.
*
* This RPC may fail with a `RESOURCE_EXHAUSTED` status if a rate limit for
* sending stories has been exceeded, in which case a `retry-after` header
* containing an ISO 8601 duration string may be present in the response
* trailers.
*
* Note that message delivery may not succeed even if this RPC returns an `OK`
* status; callers must check the response object to verify that the message
* was actually accepted and sent.
*/
// Sends a story message with a common payload to devices linked to devices
// linked to multiple destination accounts.
//
// This RPC may fail with a `RESOURCE_EXHAUSTED` status if a rate limit for
// sending stories has been exceeded, in which case a `retry-after` header
// containing an ISO 8601 duration string may be present in the response
// trailers.
//
// Note that message delivery may not succeed even if this RPC returns an `OK`
// status; callers must check the response object to verify that the message
// was actually accepted and sent.
rpc SendMultiRecipientStory(SendMultiRecipientStoryRequest) returns (SendMultiRecipientMessageResponse) {}
}
message IndividualRecipientMessageBundle {
/**
* A message for an individual device linked to a destination account.
*/
// A message for an individual device linked to a destination account.
message Message {
/**
* The registration ID for the destination device.
*/
// The registration ID for the destination device.
uint32 registration_id = 1 [(require.range).max = 0x3fff];
/**
* The content of the message to deliver to the destination device.
*/
// The content of the message to deliver to the destination device.
bytes payload = 2 [(require.size).max = 262144]; // 256 KiB
}
/**
* The time, in milliseconds since the epoch, at which this message was
* originally sent from the perspective of the sender. Note that the maximum
* allowable timestamp for JavaScript clients is less than Long.MAX_VALUE; see
* https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date#the_epoch_timestamps_and_invalid_date
* for additional details and discussion.
*/
// The time, in milliseconds since the epoch, at which this message was
// originally sent from the perspective of the sender. Note that the maximum
// allowable timestamp for JavaScript clients is less than Long.MAX_VALUE; see
// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date#the_epoch_timestamps_and_invalid_date
// for additional details and discussion.
uint64 timestamp = 1 [(require.range).min = 1, (require.range).max = 8640000000000000];
/**
* A map of device IDs to individual messages. Generally, callers must include
* one message for each device linked to the destination account. In cases of
* "sync messages" where a sender is distributing information to other devices
* linked to the sender's account, senders may omit a message for the sending
* device.
*/
// A map of device IDs to individual messages. Generally, callers must include
// one message for each device linked to the destination account. In cases of
// "sync messages" where a sender is distributing information to other devices
// linked to the sender's account, senders may omit a message for the sending
// device.
map<uint32, Message> messages = 2 [(require.nonEmpty) = true];
}
enum AuthenticatedSenderMessageType {
UNSPECIFIED = 0;
/**
* A double-ratchet message represents a "normal," "unsealed-sender" message
* encrypted using the Double Ratchet within an established Signal session.
*/
// A double-ratchet message represents a "normal," "unsealed-sender" message
// encrypted using the Double Ratchet within an established Signal session.
DOUBLE_RATCHET = 1;
/**
* A prekey message begins a new Signal session. The `content` of a prekey
* message is a superset of a double-ratchet message's `content` and
* contains the sender's identity public key and information identifying the
* pre-keys used in the message's ciphertext.
*/
// A prekey message begins a new Signal session. The `content` of a prekey
// message is a superset of a double-ratchet message's `content` and
// contains the sender's identity public key and information identifying the
// pre-keys used in the message's ciphertext.
PREKEY_MESSAGE = 2;
/**
* A plaintext message is used solely to convey encryption error receipts
* and never contains encrypted message content. Encryption error receipts
* must be delivered in plaintext because, encryption/decryption of a prior
* message failed and there is no reason to believe that
* encryption/decryption of subsequent messages with the same key material
* would succeed.
*
* Critically, plaintext messages never have "real" message content
* generated by users. Plaintext messages include sender information.
*/
// A plaintext message is used solely to convey encryption error receipts
// and never contains encrypted message content. Encryption error receipts
// must be delivered in plaintext because, encryption/decryption of a prior
// message failed and there is no reason to believe that
// encryption/decryption of subsequent messages with the same key material
// would succeed.
//
// Critically, plaintext messages never have "real" message content
// generated by users. Plaintext messages include sender information.
PLAINTEXT_CONTENT = 3;
}
message SendAuthenticatedSenderMessageRequest {
/**
* The service identifier of the account to which to deliver the message.
*/
// The service identifier of the account to which to deliver the message.
common.ServiceIdentifier destination = 1;
/**
* The type identifier for this message.
*/
// The type identifier for this message.
AuthenticatedSenderMessageType type = 2 [(require.specified) = true];
/**
* If true, this message will only be delivered to destination devices that
* have an active message delivery channel with a Signal server.
*/
// If true, this message will only be delivered to destination devices that
// have an active message delivery channel with a Signal server.
bool ephemeral = 3;
/**
* Indicates whether this message is urgent and should trigger a high-priority
* notification if the destination device does not have an active message
* delivery channel with a Signal server
*/
// Indicates whether this message is urgent and should trigger a high-priority
// notification if the destination device does not have an active message
// delivery channel with a Signal server
bool urgent = 4;
/**
* The messages to send to the destination account.
*/
// The messages to send to the destination account.
IndividualRecipientMessageBundle messages = 5;
}
message SendSyncMessageRequest {
/**
* The type identifier for this message.
*/
// The type identifier for this message.
AuthenticatedSenderMessageType type = 1 [(require.specified) = true];
/**
* Indicates whether this message is urgent and should trigger a high-priority
* notification if the destination device does not have an active message
* delivery channel with a Signal server
*/
// Indicates whether this message is urgent and should trigger a high-priority
// notification if the destination device does not have an active message
// delivery channel with a Signal server
bool urgent = 2;
/**
* The messages to send to the destination account.
*/
// The messages to send to the destination account.
IndividualRecipientMessageBundle messages = 3;
}
message SendSealedSenderMessageRequest {
/**
* The service identifier of the account to which to deliver the message.
*/
// The service identifier of the account to which to deliver the message.
common.ServiceIdentifier destination = 1;
/**
* If true, this message will only be delivered to destination devices that
* have an active message delivery channel with a Signal server.
*/
// If true, this message will only be delivered to destination devices that
// have an active message delivery channel with a Signal server.
bool ephemeral = 2;
/**
* Indicates whether this message is urgent and should trigger a high-priority
* notification if the destination device does not have an active message
* delivery channel with a Signal server
*/
// Indicates whether this message is urgent and should trigger a high-priority
// notification if the destination device does not have an active message
// delivery channel with a Signal server
bool urgent = 3;
/**
* The messages to send to the destination account.
*/
// The messages to send to the destination account.
IndividualRecipientMessageBundle messages = 4;
/**
* A means to authorize the request.
*/
// A means to authorize the request.
oneof authorization {
/**
* The unidentified access key (UAK) for the destination account.
*/
// The unidentified access key (UAK) for the destination account.
bytes unidentified_access_key = 5;
/**
* A group send endorsement token for the destination account.
*/
// A group send endorsement token for the destination account.
bytes group_send_token = 6;
}
}
message SendStoryMessageRequest {
/**
* The service identifier of the account to which to deliver the message.
*/
// The service identifier of the account to which to deliver the message.
common.ServiceIdentifier destination = 1;
/**
* Indicates whether this message is urgent and should trigger a high-priority
* notification if the destination device does not have an active message
* delivery channel with a Signal server
*/
// Indicates whether this message is urgent and should trigger a high-priority
// notification if the destination device does not have an active message
// delivery channel with a Signal server
bool urgent = 2;
/**
* The messages to send to the destination account.
*/
// The messages to send to the destination account.
IndividualRecipientMessageBundle messages = 3;
}
message SendMessageResponse {
/**
* An error preventing message delivery. If not set, then the message(s) in
* the original request were sent to all destination devices.
*/
// An error preventing message delivery. If not set, then the message(s) in
// the original request were sent to all destination devices.
oneof error {
/**
* A list of discrepancies between the destination devices identified in a
* request to send a message and the devices that are actually linked to an
* account.
*/
// A list of discrepancies between the destination devices identified in a
// request to send a message and the devices that are actually linked to an
// account.
MismatchedDevices mismatched_devices = 1;
/**
* A description of a challenge callers must complete before sending
* additional messages.
*/
// A description of a challenge callers must complete before sending
// additional messages.
ChallengeRequired challenge_required = 2;
}
}
message MultiRecipientMessage {
/**
* The time, in milliseconds since the epoch, at which this message was
* originally sent from the perspective of the sender. Note that the maximum
* allowable timestamp for JavaScript clients is less than Long.MAX_VALUE; see
* https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date#the_epoch_timestamps_and_invalid_date
* for additional details and discussion.
*/
// The time, in milliseconds since the epoch, at which this message was
// originally sent from the perspective of the sender. Note that the maximum
// allowable timestamp for JavaScript clients is less than Long.MAX_VALUE; see
// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date#the_epoch_timestamps_and_invalid_date
// for additional details and discussion.
uint64 timestamp = 1 [(require.range).min = 1, (require.range).max = 8640000000000000];
/**
* The serialized multi-recipient message payload.
*/
// The serialized multi-recipient message payload.
bytes payload = 2 [(require.size).max = 762144]; // 256 KiB payload + (5000 * 100) of overhead
}
message SendMultiRecipientMessageRequest {
/**
* If true, this message will only be delivered to destination devices that
* have an active message delivery channel with a Signal server.
*/
// If true, this message will only be delivered to destination devices that
// have an active message delivery channel with a Signal server.
bool ephemeral = 1;
/**
* Indicates whether this message is urgent and should trigger a high-priority
* notification if the destination device does not have an active message
* delivery channel with a Signal server
*/
// Indicates whether this message is urgent and should trigger a high-priority
// notification if the destination device does not have an active message
// delivery channel with a Signal server
bool urgent = 2;
/**
* The multi-recipient message to send to all destination accounts and
* devices.
*/
// The multi-recipient message to send to all destination accounts and
// devices.
MultiRecipientMessage message = 3;
/**
* A group send endorsement token for the destination account.
*/
// A group send endorsement token for the destination account.
bytes group_send_token = 4;
}
message SendMultiRecipientStoryRequest {
/**
* Indicates whether this message is urgent and should trigger a high-priority
* notification if the destination device does not have an active message
* delivery channel with a Signal server
*/
// Indicates whether this message is urgent and should trigger a high-priority
// notification if the destination device does not have an active message
// delivery channel with a Signal server
bool urgent = 1;
/**
* The multi-recipient story message to send to all destination accounts and
* devices.
*/
// The multi-recipient story message to send to all destination accounts and
// devices.
MultiRecipientMessage message = 2;
}
message SendMultiRecipientMessageResponse {
/**
* A list of destination service identifiers that could not be resolved to
* registered Signal accounts. If `mismatched_devices` is empty, then the
* message in the original request was sent to all service identifiers/devices
* in the original request except for the destination devices associated with
* the service identifiers in this list.
*/
// A list of destination service identifiers that could not be resolved to
// registered Signal accounts. If `mismatched_devices` is empty, then the
// message in the original request was sent to all service identifiers/devices
// in the original request except for the destination devices associated with
// the service identifiers in this list.
repeated common.ServiceIdentifier unresolved_recipients = 1;
/**
* An error preventing message delivery. If not set, then the message was sent
* to some or all destination accounts/devices identified in the original
* request.
*/
// An error preventing message delivery. If not set, then the message was sent
// to some or all destination accounts/devices identified in the original
// request.
oneof error {
/**
* A list of sets of discrepancies between the destination devices
* identified in a request to send a message and the devices that are
* actually linked to a destination account.
*/
// A list of sets of discrepancies between the destination devices
// identified in a request to send a message and the devices that are
// actually linked to a destination account.
MultiRecipientMismatchedDevices mismatched_devices = 2;
/**
* A description of a challenge callers must complete before sending
* additional messages.
*/
// A description of a challenge callers must complete before sending
// additional messages.
ChallengeRequired challenge_required = 3;
}
}
message MismatchedDevices {
/**
* The service identifier to which the devices named in this object are
* linked.
*/
// The service identifier to which the devices named in this object are
// linked.
common.ServiceIdentifier service_identifier = 1;
/**
* A list of device IDs that are linked to the destination account, but were
* not included in the collection of messages bound for the destination
* account.
*/
// A list of device IDs that are linked to the destination account, but were
// not included in the collection of messages bound for the destination
// account.
repeated uint32 missing_devices = 2 [(require.range).max = 0x7f];
/**
* A list of device IDs that were included in the collection of messages bound
* for the destination account, but are not currently linked to the
* destination account.
*/
// A list of device IDs that were included in the collection of messages bound
// for the destination account, but are not currently linked to the
// destination account.
repeated uint32 extra_devices = 3 [(require.range).max = 0x7f];
/**
* A list of device IDs that present in the collection of messages bound for
* the destination account and are linked to the destination account, but have
* a different registration ID than the registration ID presented by the
* sender (indicating that the destination device has likely been replaced by
* another device).
*/
// A list of device IDs that present in the collection of messages bound for
// the destination account and are linked to the destination account, but have
// a different registration ID than the registration ID presented by the
// sender (indicating that the destination device has likely been replaced by
// another device).
repeated uint32 stale_devices = 4 [(require.range).max = 0x7f];
}
message MultiRecipientMismatchedDevices {
/**
* A list of sets of discrepancies between the destination devices identified
* in a request to send a message and the devices that are actually linked to
* a destination account.
*/
// A list of sets of discrepancies between the destination devices identified
// in a request to send a message and the devices that are actually linked to
// a destination account.
repeated MismatchedDevices mismatched_devices = 1;
}
@@ -468,35 +360,25 @@ message ChallengeRequired {
enum ChallengeType {
UNSPECIFIED = 0;
/**
* A challenge that callers can fulfill by completing a captcha.
*/
// A challenge that callers can fulfill by completing a captcha.
CAPTCHA = 1;
/**
* A challenge that callers can fulfill by supplying a token delivered via
* push notification.
*/
// A challenge that callers can fulfill by supplying a token delivered via
// push notification.
PUSH_CHALLENGE = 2;
};
/**
* An opaque token identifying this challenge request. Clients must generally
* submit this token when submitting a challenge response.
*/
// An opaque token identifying this challenge request. Clients must generally
// submit this token when submitting a challenge response.
bytes token = 1;
/**
* A list of challenge types callers may choose to complete to resolve the
* challenge requirement. May be empty, in which case callers cannot resolve
* the challenge by any means other than waiting.
*/
// A list of challenge types callers may choose to complete to resolve the
// challenge requirement. May be empty, in which case callers cannot resolve
// the challenge by any means other than waiting.
repeated ChallengeType challenge_options = 2;
/**
* A duration (in seconds) after which the challenge requirement may be
* resolved by simply waiting. May not be set if the challenge cannot be
* resolved by waiting.
*/
// A duration (in seconds) after which the challenge requirement may be
// resolved by simply waiting. May not be set if the challenge cannot be
// resolved by waiting.
optional uint64 retry_after_seconds = 3;
}

7
service/src/main/proto/org/signal/chat/payments.proto
View File

@@ -9,12 +9,9 @@ option java_multiple_files = true;
package org.signal.chat.payments;
/**
* Provides methods for working with payments.
*/
// Provides methods for working with payments.
service Payments {
/**
*/
rpc GetCurrencyConversions(GetCurrencyConversionsRequest) returns (GetCurrencyConversionsResponse) {}
}

336
service/src/main/proto/org/signal/chat/profile.proto
View File

@@ -11,90 +11,72 @@ package org.signal.chat.profile;
import "org/signal/chat/common.proto";
/**
* Provides methods for working with profiles and profile-related data.
*/
// Provides methods for working with profiles and profile-related data.
service Profile {
/**
* Sets profile data and if needed, returns S3 credentials used by clients to upload an avatar.
*
* This RPC may fail with `PERMISSION_DENIED` if it attempts to set the MobileCoin wallet ID
* on an account whose profile does not currently have a MobileCoin wallet ID and
* whose phone number contains a disallowed country prefix.
*/
// Sets profile data and if needed, returns S3 credentials used by clients to upload an avatar.
//
// This RPC may fail with `PERMISSION_DENIED` if it attempts to set the MobileCoin wallet ID
// on an account whose profile does not currently have a MobileCoin wallet ID and
// whose phone number contains a disallowed country prefix.
rpc SetProfile(SetProfileRequest) returns (SetProfileResponse) {}
/**
* Retrieves versioned profile data. Callers with an unidentified access key for the account
* should use the version of this method in `ProfileAnonymous` instead.
*
* This RPC may fail with a `NOT_FOUND` status if the target account was not
* found. It may fail with a `RESOURCE_EXHAUSTED` if a rate limit for fetching profiles has been
* exceeded, in which case a `retry-after` header containing an ISO 8601
* duration string will be present in the response trailers.
*/
// Retrieves versioned profile data. Callers with an unidentified access key for the account
// should use the version of this method in `ProfileAnonymous` instead.
//
// This RPC may fail with a `NOT_FOUND` status if the target account was not
// found. It may fail with a `RESOURCE_EXHAUSTED` if a rate limit for fetching profiles has been
// exceeded, in which case a `retry-after` header containing an ISO 8601
// duration string will be present in the response trailers.
rpc GetVersionedProfile(GetVersionedProfileRequest) returns (GetVersionedProfileResponse) {}
/**
* Retrieves unversioned profile data. Callers with an unidentified access key for the account
* should use the version of this method in `ProfileAnonymous` instead.
*
* This RPC may fail with a `NOT_FOUND` status if the target account was not
* found. It may fail with a `RESOURCE_EXHAUSTED` if a rate limit for fetching profiles has been
* exceeded, in which case a `retry-after` header containing an ISO 8601
* duration string will be present in the response trailers.
*/
// Retrieves unversioned profile data. Callers with an unidentified access key for the account
// should use the version of this method in `ProfileAnonymous` instead.
//
// This RPC may fail with a `NOT_FOUND` status if the target account was not
// found. It may fail with a `RESOURCE_EXHAUSTED` if a rate limit for fetching profiles has been
// exceeded, in which case a `retry-after` header containing an ISO 8601
// duration string will be present in the response trailers.
rpc GetUnversionedProfile(GetUnversionedProfileRequest) returns (GetUnversionedProfileResponse) {}
/**
* Retrieves a profile key credential.
* Callers with an unidentified access key for the account
* should use the version of this method in `ProfileAnonymous` instead.
*
* This RPC may fail with a `NOT_FOUND` status if the target account was not
* found. It may fail with a `RESOURCE_EXHAUSTED` if a rate limit for fetching profiles has been
* exceeded, in which case a `retry-after` header containing an ISO 8601
* duration string will be present in the response trailers. It may also fail with an
* `INVALID_ARGUMENT` status if the given credential type is invalid.
*/
// Retrieves a profile key credential.
// Callers with an unidentified access key for the account
// should use the version of this method in `ProfileAnonymous` instead.
//
// This RPC may fail with a `NOT_FOUND` status if the target account was not
// found. It may fail with a `RESOURCE_EXHAUSTED` if a rate limit for fetching profiles has been
// exceeded, in which case a `retry-after` header containing an ISO 8601
// duration string will be present in the response trailers. It may also fail with an
// `INVALID_ARGUMENT` status if the given credential type is invalid.
rpc GetExpiringProfileKeyCredential(GetExpiringProfileKeyCredentialRequest) returns (GetExpiringProfileKeyCredentialResponse) {}
}
/**
* Provides methods for working with profiles and profile-related data using "unidentified access"
* credentials. Callers must not submit any self-identifying credentials
* when calling methods in this service and must instead present the targeted account's
* unidentified access key as an anonymous authentication mechanism. Callers
* without an unidentified access key should use the equivalent, authenticated
* methods in `Profile` instead.
*/
// Provides methods for working with profiles and profile-related data using "unidentified access"
// credentials. Callers must not submit any self-identifying credentials
// when calling methods in this service and must instead present the targeted account's
// unidentified access key as an anonymous authentication mechanism. Callers
// without an unidentified access key should use the equivalent, authenticated
// methods in `Profile` instead.
service ProfileAnonymous {
/**
* Retrieves versioned profile data.
*
* This RPC may fail with a `NOT_FOUND` status if the target account was not
* found. It may also fail with an `UNAUTHENTICATED` status if the given
* unidentified access key did not match the target account's unidentified
* access key.
*/
// Retrieves versioned profile data.
//
// This RPC may fail with a `NOT_FOUND` status if the target account was not
// found. It may also fail with an `UNAUTHENTICATED` status if the given
// unidentified access key did not match the target account's unidentified
// access key.
rpc GetVersionedProfile(GetVersionedProfileAnonymousRequest) returns (GetVersionedProfileResponse) {}
/**
* Retrieves unversioned profile data.
*
* This RPC may fail with a `NOT_FOUND` status if the target account was not
* found. It may also fail with an `UNAUTHENTICATED` status if the given
* unidentified access key did not match the target account's unidentified
* access key.
*/
// Retrieves unversioned profile data.
//
// This RPC may fail with a `NOT_FOUND` status if the target account was not
// found. It may also fail with an `UNAUTHENTICATED` status if the given
// unidentified access key did not match the target account's unidentified
// access key.
rpc GetUnversionedProfile(GetUnversionedProfileAnonymousRequest) returns (GetUnversionedProfileResponse) {}
/**
* Retrieves a profile key credential.
*
* This RPC may fail with a `NOT_FOUND` status if the target account was not
* found. It may also fail with an `UNAUTHENTICATED` status if the given
* unidentified access key did not match the target account's unidentified
* access key, or an `INVALID_ARGUMENT` status if the given credential type is invalid.
*/
// Retrieves a profile key credential.
//
// This RPC may fail with a `NOT_FOUND` status if the target account was not
// found. It may also fail with an `UNAUTHENTICATED` status if the given
// unidentified access key did not match the target account's unidentified
// access key, or an `INVALID_ARGUMENT` status if the given credential type is invalid.
rpc GetExpiringProfileKeyCredential(GetExpiringProfileKeyCredentialAnonymousRequest) returns (GetExpiringProfileKeyCredentialResponse) {}
}
@@ -104,258 +86,154 @@ message SetProfileRequest {
AVATAR_CHANGE_CLEAR = 1;
AVATAR_CHANGE_UPDATE = 2;
}
/**
* The profile version. Must be set.
*/
// The profile version. Must be set.
string version = 1;
/**
* The ciphertext of a name that users must set on the profile.
*/
// The ciphertext of a name that users must set on the profile.
bytes name = 2;
/**
* An enum to indicate what change, if any, is made to the avatar with this request.
*/
// An enum to indicate what change, if any, is made to the avatar with this request.
AvatarChange avatarChange = 3;
/**
* The ciphertext of an emoji that users can set on their profile.
*/
// The ciphertext of an emoji that users can set on their profile.
bytes about_emoji = 4;
/**
* The ciphertext of a description that users can set on their profile.
*/
// The ciphertext of a description that users can set on their profile.
bytes about = 5;
/**
* The ciphertext of the MobileCoin wallet ID on the profile.
*/
// The ciphertext of the MobileCoin wallet ID on the profile.
bytes payment_address = 6;
/**
* A list of badge IDs associated with the profile.
*/
// A list of badge IDs associated with the profile.
repeated string badge_ids = 7;
/**
* The ciphertext of the phone-number sharing setting on the profile. 29-byte encrypted boolean.
*/
// The ciphertext of the phone-number sharing setting on the profile. 29-byte encrypted boolean.
bytes phone_number_sharing = 8;
/**
* The profile key commitment. Used to issue a profile key credential response.
* Must be set on the request.
*/
// The profile key commitment. Used to issue a profile key credential response.
// Must be set on the request.
bytes commitment = 9;
}
message SetProfileResponse {
/**
* The policy and credential used by clients to upload an avatar to S3.
*/
// The policy and credential used by clients to upload an avatar to S3.
ProfileAvatarUploadAttributes attributes = 1;
}
message GetVersionedProfileRequest {
/**
* The ACI of the account for which to get profile data.
*/
// The ACI of the account for which to get profile data.
common.ServiceIdentifier accountIdentifier = 1;
/**
* The profile version to retrieve.
*/
// The profile version to retrieve.
string version = 2;
}
message GetVersionedProfileAnonymousRequest {
/**
* Contains the data necessary to request a versioned profile.
*/
// Contains the data necessary to request a versioned profile.
GetVersionedProfileRequest request = 1;
/**
* The unidentified access key for the targeted account.
*/
// The unidentified access key for the targeted account.
bytes unidentified_access_key = 2;
}
message GetVersionedProfileResponse {
/**
* The ciphertext of the name on the profile.
*/
// The ciphertext of the name on the profile.
bytes name = 1;
/**
* The ciphertext of the description on the profile.
*/
// The ciphertext of the description on the profile.
bytes about = 2;
/**
* The ciphertext of the emoji on the profile.
*/
// The ciphertext of the emoji on the profile.
bytes about_emoji = 3;
/**
* The S3 path of the avatar on the profile.
*/
// The S3 path of the avatar on the profile.
string avatar = 4;
/**
* The ciphertext of the MobileCoin wallet ID on the profile.
*/
// The ciphertext of the MobileCoin wallet ID on the profile.
bytes payment_address = 5;
/**
* The ciphertext of the phone-number sharing setting on the profile.
*/
// The ciphertext of the phone-number sharing setting on the profile.
bytes phone_number_sharing = 6;
}
message GetUnversionedProfileRequest {
/**
* The service identifier of the account for which to get profile data.
*/
// The service identifier of the account for which to get profile data.
common.ServiceIdentifier serviceIdentifier = 1;
}
message GetUnversionedProfileAnonymousRequest {
/**
* Contains the data necessary to request an unversioned profile.
*/
// Contains the data necessary to request an unversioned profile.
GetUnversionedProfileRequest request = 1;
oneof authentication {
/**
* The unidentified access key for the targeted account.
*/
// The unidentified access key for the targeted account.
bytes unidentified_access_key = 2;
/**
* A group send endorsement token for the targeted account.
*/
// A group send endorsement token for the targeted account.
bytes group_send_token = 3;
}
}
message GetUnversionedProfileResponse {
/**
* The identity key of the targeted account/identity type.
*/
// The identity key of the targeted account/identity type.
bytes identity_key = 1;
/**
* A checksum of the unidentified access key for the targeted account.
*/
// A checksum of the unidentified access key for the targeted account.
bytes unidentified_access = 2;
/**
* Whether the account has enabled sealed sender from anyone.
*/
// Whether the account has enabled sealed sender from anyone.
bool unrestricted_unidentified_access = 3;
/**
* A list of capabilities enabled on the account.
*/
// A list of capabilities enabled on the account.
repeated common.DeviceCapability capabilities = 4;
/**
* A list of badges associated with the account.
*/
// A list of badges associated with the account.
repeated Badge badges = 5;
}
message GetExpiringProfileKeyCredentialRequest {
/**
* The ACI of the account for which to get a profile key credential.
*/
// The ACI of the account for which to get a profile key credential.
common.ServiceIdentifier accountIdentifier = 1;
/**
* A zkgroup request for a profile key credential.
*/
// A zkgroup request for a profile key credential.
bytes credential_request = 2;
/**
* The type of credential being requested.
*/
// The type of credential being requested.
CredentialType credential_type = 3;
/**
* The profile version for which to generate a profile key credential.
*/
// The profile version for which to generate a profile key credential.
string version = 4;
}
message GetExpiringProfileKeyCredentialAnonymousRequest {
/**
* Contains the data necessary to request an expiring profile key credential.
*/
// Contains the data necessary to request an expiring profile key credential.
GetExpiringProfileKeyCredentialRequest request = 1;
/**
* The unidentified access key for the targeted account.
*/
// The unidentified access key for the targeted account.
bytes unidentified_access_key = 2;
}
message GetExpiringProfileKeyCredentialResponse {
/**
* A zkgroup credential used by a client to prove that it has the profile key
* of a targeted account.
*/
// A zkgroup credential used by a client to prove that it has the profile key
// of a targeted account.
bytes profileKeyCredential = 1;
}
message ProfileAvatarUploadAttributes {
/**
* The S3 upload path for the profile's avatar.
*/
// The S3 upload path for the profile's avatar.
string path = 1;
/**
* A scoped credential. Includes the AWS access key, date, region targeted, and AWS service.
*/
// A scoped credential. Includes the AWS access key, date, region targeted, and AWS service.
string credential = 2;
/**
* The type of access control for the avatar object.
*/
// The type of access control for the avatar object.
string acl = 3;
/**
* The algorithm used to calculate a signature on the S3 policy.
*/
// The algorithm used to calculate a signature on the S3 policy.
string algorithm = 4;
/**
* The timestamp at which the S3 policy and signature were generated.
*/
// The timestamp at which the S3 policy and signature were generated.
string date = 5;
/**
* The S3 policy used to upload the avatar object.
*/
// The S3 policy used to upload the avatar object.
string policy = 6;
/**
* A digital signature on the S3 policy.
*/
// A digital signature on the S3 policy.
bytes signature = 7;
}
message Badge {
/**
* An ID that uniquely identifies the badge.
*/
// An ID that uniquely identifies the badge.
string id = 1;
/**
* The category the badge falls in ("donor" or "other").
*/
// The category the badge falls in ("donor" or "other").
string category = 2;
/**
* The badge name.
*/
// The badge name.
string name = 3;
/**
* The badge description.
*/
// The badge description.
string description = 4;
/**
* Different size badge SVG files.
*/
// Different size badge SVG files.
repeated string sprites6 = 5;
/**
* File name of the scalable vector graphic representing this badge.
*/
// File name of the scalable vector graphic representing this badge.
string svg = 6;
/**
* Pairs of light/dark SVG files designed for display at different sizes.
*/
// Pairs of light/dark SVG files designed for display at different sizes.
repeated BadgeSvg svgs = 7;
}
message BadgeSvg {
/**
* File name of the scalable vector graphic for light mode.
*/
// File name of the scalable vector graphic for light mode.
string light = 1;
/**
* File name of the scalable vector graphic for dark mode.
*/
// File name of the scalable vector graphic for dark mode.
string dark = 2;
}

46
service/src/main/proto/org/signal/chat/tag.proto
View File

@@ -12,29 +12,27 @@ package org.signal.chat.tag;
import "google/protobuf/descriptor.proto";
extend google.protobuf.FieldOptions {
/**
* Indicate that a message which includes this field (directly or indirectly)
* was generated for a particular reason.
*
* ```
* import "org/signal/chat/tag.proto"
*
* message LookupThingResponse {
* oneof response {
* string thing = 1;
* Error not_found = 2 [(tag.reason) = "not_found"];
* Error forbidden = 3 [(tag.reason) = "forbidden"];
* }
* }
* ```
*
* Metrics middleware may then inspect `LookupThingResponse` and tag responses
* with the provided reason. This is useful when multiple outcomes are
* potentially represented with a status = "OK" RPC response.
*
* Valid messages should only have a single reason set. If a message has
* multiple fields present that have a reason option set, no guarantees are
* made about the reason that is selected.
*/
// Indicate that a message which includes this field (directly or indirectly)
// was generated for a particular reason.
//
// ```
// import "org/signal/chat/tag.proto"
//
// message LookupThingResponse {
// oneof response {
// string thing = 1;
// Error not_found = 2 [(tag.reason) = "not_found"];
// Error forbidden = 3 [(tag.reason) = "forbidden"];
// }
// }
// ```
//
// Metrics middleware may then inspect `LookupThingResponse` and tag responses
// with the provided reason. This is useful when multiple outcomes are
// potentially represented with a status = "OK" RPC response.
//
// Valid messages should only have a single reason set. If a message has
// multiple fields present that have a reason option set, no guarantees are
// made about the reason that is selected.
optional string reason = 71000;
}