Christian Nennemann
1768f85258
Add RevocationLog with domain-separated leaf hashes (0x02 prefix) for tracking revoked identity keys alongside the KT MerkleLog. Includes: - RevocationLog with O(1) lookup, serialization, and double-revoke guard - MerkleLog.append_raw() for pre-computed hashes - MerkleLog.audit_log(start, end) for paginated log retrieval - RevokeKey (510), CheckRevocation (511), AuditKeyTransparency (520) RPCs - Server domain logic + v2 handlers + FileBackedStore/SqlStore persistence - 4 new revocation tests + all 21 KT tests + 65 server tests passing
85 lines
1.6 KiB
Protocol Buffer
85 lines
1.6 KiB
Protocol Buffer
syntax = "proto3";
|
|
package qpq.v1;
|
|
|
|
// Key package + hybrid key CRUD (5 methods).
|
|
// Method IDs: 300-304.
|
|
|
|
message UploadKeyPackageRequest {
|
|
bytes identity_key = 1;
|
|
bytes package = 2;
|
|
}
|
|
|
|
message UploadKeyPackageResponse {
|
|
bytes fingerprint = 1;
|
|
}
|
|
|
|
message FetchKeyPackageRequest {
|
|
bytes identity_key = 1;
|
|
}
|
|
|
|
message FetchKeyPackageResponse {
|
|
bytes package = 1;
|
|
}
|
|
|
|
message UploadHybridKeyRequest {
|
|
bytes identity_key = 1;
|
|
bytes hybrid_public_key = 2;
|
|
}
|
|
|
|
message UploadHybridKeyResponse {}
|
|
|
|
message FetchHybridKeyRequest {
|
|
bytes identity_key = 1;
|
|
}
|
|
|
|
message FetchHybridKeyResponse {
|
|
bytes hybrid_public_key = 1;
|
|
}
|
|
|
|
message FetchHybridKeysRequest {
|
|
repeated bytes identity_keys = 1;
|
|
}
|
|
|
|
message FetchHybridKeysResponse {
|
|
repeated bytes keys = 1;
|
|
}
|
|
|
|
// Key revocation (method ID 510).
|
|
message RevokeKeyRequest {
|
|
bytes identity_key = 1;
|
|
string reason = 2; // "compromised", "superseded", "user_revoked"
|
|
}
|
|
|
|
message RevokeKeyResponse {
|
|
bool success = 1;
|
|
uint64 leaf_index = 2; // Index of revocation entry in the KT Merkle log
|
|
}
|
|
|
|
// Check revocation status (method ID 511).
|
|
message CheckRevocationRequest {
|
|
bytes identity_key = 1;
|
|
}
|
|
|
|
message CheckRevocationResponse {
|
|
bool revoked = 1;
|
|
string reason = 2;
|
|
uint64 timestamp_ms = 3;
|
|
}
|
|
|
|
// KT audit log retrieval (method ID 520).
|
|
message AuditKeyTransparencyRequest {
|
|
uint64 start = 1;
|
|
uint64 end = 2; // 0 = up to current size
|
|
}
|
|
|
|
message AuditKeyTransparencyResponse {
|
|
repeated LogEntry entries = 1;
|
|
uint64 tree_size = 2;
|
|
bytes root = 3;
|
|
}
|
|
|
|
message LogEntry {
|
|
uint64 index = 1;
|
|
bytes leaf_hash = 2;
|
|
}
|