Add key attestation challenge proto in rejection info.

Test: mma
BUG=272322600

Change-Id: Ic1119ec9f8d6486d5801cb04c5beac005b14e8a4

1 files changed, 21 insertions, 2 deletions

diff --git a/fcp/protos/federatedcompute/common.proto b/fcp/protos/federatedcompute/common.proto
index 9b4bd5a..2c6f05c 100644
--- a/fcp/protos/federatedcompute/common.proto
+++ b/fcp/protos/federatedcompute/common.proto
@@ -117,7 +117,7 @@ enum ResourceCompressionFormat {
 
 // Currently empty message which is sent when client (device) is rejected for
 // participation and is not assigned a task.
-// Next id: 1003
+// Next id: 1004
 message RejectionInfo {
 
   RejectionReason.Enum reason = 1001;
@@ -126,10 +126,26 @@ message RejectionInfo {
   oneof metadata {
     // Retry after a period of time.
     RetryWindow retry_window = 1002;
+
+    // The field is used when the RejectionReason is UNAUTHENTICATED.
+    AuthenticationMetadata auth_metadata = 1003;
   }
 }
 
-// Next id: 3
+// The metadata used to authenticate a device.
+// Next Id: 2
+message AuthenticationMetadata {
+  KeyAttestationAuthMetadata key_attestation_metadata = 1;
+}
+
+// The metadata to authenticate with key attestation.
+// Next Id: 2
+message KeyAttestationAuthMetadata {
+  // The challenge to generate hardware-backed key pairs on device.
+  bytes challenge = 1;
+}
+
+// Next id: 4
 message RejectionReason {
   enum Enum {
     // Unknown status.
@@ -140,6 +156,9 @@ message RejectionReason {
 
     // No permission to do the operation.
     UNAUTHORIZED = 2;
+
+    // The device is not authenticated to the server.
+    UNAUTHENTICATED = 3;
   }
 }