xref: /aosp_15_r20/external/tink/cc/proto/tink.proto (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2017 Google Inc.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17// Definitions for Cloud Crypto SDK (Tink) library.
18syntax = "proto3";
19
20package google.crypto.tink;
21
22option java_package = "com.google.crypto.tink.proto";
23option java_multiple_files = true;
24option go_package = "github.com/google/tink/go/proto/tink_go_proto";
25option objc_class_prefix = "TINKPB";
26
27// Each instantiation of a Tink primitive is identified by type_url,
28// which is a global URL pointing to a *Key-proto that holds key material
29// and other parameters of the instantiation.  For standard Tink key types
30// the value of type_url follows the structure of type_url-field of
31// google.protobuf.Any-protos, and is given as:
32//
33//   type.googleapis.com/packagename.messagename
34//
35// For example, for an HMAC key defined in proto google.cloud.tink.HmacKey
36// the value of type_url is:
37//
38//   type.googleapis.com/google.cloud.tink.HmacKey
39//
40// For each type_url, in addition to the *Key proto, there exist two
41// related structures:
42//   1. *Params: parameters of an instantiation of the primitive,
43//      needed when a key is being used.
44//   2. *KeyFormat: parameters needed to generate a new key; these
45//      include the corresponding Params, since when a factory generates
46//      a key based on KeyFormat, it must add Params to the resulting
47//      key proto with the actual key material.
48// The actual *KeyFormat proto is wrapped in a KeyTemplate message.
49// By convention, the name of the *KeyFormat-proto must be equal
50// to the name of the *Key-proto from type_url-field suffixed with "Format".
51
52message KeyTemplate {
53  // Required. The type_url of the key type in format
54  // type.googleapis.com/packagename.messagename -- see above for details.
55  // This is typically the protobuf type URL of the *Key proto. In particular,
56  // this is different of the protobuf type URL of the *KeyFormat proto.
57  string type_url = 1;
58
59  // Required. The serialized *KeyFormat proto.
60  bytes value = 2;
61
62  // Required. The type of prefix used when computing some primitives to
63  // identify the ciphertext/signature, etc.
64  OutputPrefixType output_prefix_type = 3;
65}
66
67enum KeyStatusType {
68  UNKNOWN_STATUS = 0;
69  ENABLED = 1;    // Can be used for crypto operations.
70  DISABLED = 2;   // Cannot be used, but exists and can become ENABLED.
71  DESTROYED = 3;  // Key data does not exist in this Keyset any more.
72}
73
74// Tink produces and accepts ciphertexts or signatures that consist
75// of a prefix and a payload. The payload and its format is determined
76// entirely by the primitive, but the prefix has to be one of the following
77// 4 types:
78//   - Legacy: prefix is 5 bytes, starts with \x00 and followed by a 4-byte
79//             key id that is computed from the key material. In addition to
80//             that, signature schemes and MACs will add a \x00 byte to the
81//             end of the data being signed / MACed when operating on keys
82//             with this OutputPrefixType.
83//   - Crunchy: prefix is 5 bytes, starts with \x00 and followed by a 4-byte
84//             key id that is generated randomly.
85//   - Tink  : prefix is 5 bytes, starts with \x01 and followed by 4-byte
86//             key id that is generated randomly.
87//   - Raw   : prefix is 0 byte, i.e., empty.
88enum OutputPrefixType {
89  UNKNOWN_PREFIX = 0;
90  TINK = 1;
91  LEGACY = 2;
92  RAW = 3;
93  CRUNCHY = 4;
94}
95
96// Each *Key proto by convention contains a version field, which
97// identifies the version of the key.
98//   message SomeInstantiationKey {
99//     uint32 version = 1;
100//     ...
101//   }
102// If a key type does not mention anything else, only version 0 is currently
103// specified. An implementation must only accept keys with versions it knows,
104// and must reject all keys with unknown version.
105
106// For public key primitives, the public and private keys are distinct entities
107// and represent distinct primitives.  However, by convention, the private key
108// of a public-key primitive contains the corresponding public key proto.
109
110// The actual *Key-proto is wrapped in a KeyData message, which in addition
111// to this serialized proto contains also type_url identifying the
112// definition of *Key-proto (as in KeyFormat-message), and some extra metadata
113// about the type key material.
114message KeyData {
115  // Required.
116  string type_url = 1;  // In format type.googleapis.com/packagename.messagename
117  // Required.
118  // Contains specific serialized *Key proto
119  bytes value = 2;  // Placeholder for ctype.
120  enum KeyMaterialType {
121    UNKNOWN_KEYMATERIAL = 0;
122    SYMMETRIC = 1;
123    ASYMMETRIC_PRIVATE = 2;
124    ASYMMETRIC_PUBLIC = 3;
125    REMOTE = 4;  // points to a remote key, i.e., in a KMS.
126  }
127  // Required.
128  KeyMaterialType key_material_type = 3;
129}
130
131// A Tink user works usually not with single keys, but with keysets,
132// to enable key rotation.  The keys in a keyset can belong to different
133// implementations/key types, but must all implement the same primitive.
134// Any given keyset (and any given key) can be used for one primitive only.
135message Keyset {
136  message Key {
137    // Contains the actual, instantiation specific key proto.
138    // By convention, each key proto contains a version field.
139    KeyData key_data = 1;
140
141    KeyStatusType status = 2;
142
143    // Identifies a key within a keyset, is a part of metadata
144    // of a ciphertext/signature.
145    uint32 key_id = 3;
146
147    // Determines the prefix of the ciphertexts/signatures produced by this key.
148    // This value is copied verbatim from the key template.
149    OutputPrefixType output_prefix_type = 4;
150  }
151
152  // Identifies key used to generate new crypto data (encrypt, sign).
153  // Required.
154  uint32 primary_key_id = 1;
155
156  // Actual keys in the Keyset.
157  // Required.
158  repeated Key key = 2;
159}
160
161// Represents a "safe" Keyset that doesn't contain any actual key material,
162// thus can be used for logging or monitoring. Most fields are copied from
163// Keyset.
164message KeysetInfo {
165  message KeyInfo {
166    // the type url of this key,
167    // e.g., type.googleapis.com/google.crypto.tink.HmacKey.
168    string type_url = 1;
169
170    // See Keyset.Key.status.
171    KeyStatusType status = 2;
172
173    // See Keyset.Key.key_id.
174    uint32 key_id = 3;
175
176    // See Keyset.Key.output_prefix_type.
177    OutputPrefixType output_prefix_type = 4;
178  }
179
180  // See Keyset.primary_key_id.
181  uint32 primary_key_id = 1;
182
183  // KeyInfos in the KeysetInfo.
184  // Each KeyInfo is corresponding to a Key in the corresponding Keyset.
185  repeated KeyInfo key_info = 2;
186}
187
188// Represents a keyset that is encrypted with a master key.
189message EncryptedKeyset {
190  // Required.
191  bytes encrypted_keyset = 2;
192  // Optional.
193  KeysetInfo keyset_info = 3;
194}
195