xref: /aosp_15_r20/external/tink/proto/ecies_aead_hkdf.proto (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1*e7b1675dSTing-Kang Chang// Copyright 2017 Google Inc.
2*e7b1675dSTing-Kang Chang//
3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang//
7*e7b1675dSTing-Kang Chang//      http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang//
9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang// limitations under the License.
14*e7b1675dSTing-Kang Chang//
15*e7b1675dSTing-Kang Chang////////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang
17*e7b1675dSTing-Kang Chang// Definitions for Elliptic Curve Digital Signature Algorithm (ECDSA).
18*e7b1675dSTing-Kang Changsyntax = "proto3";
19*e7b1675dSTing-Kang Chang
20*e7b1675dSTing-Kang Changpackage google.crypto.tink;
21*e7b1675dSTing-Kang Chang
22*e7b1675dSTing-Kang Changimport "proto/common.proto";
23*e7b1675dSTing-Kang Changimport "proto/tink.proto";
24*e7b1675dSTing-Kang Chang
25*e7b1675dSTing-Kang Changoption java_package = "com.google.crypto.tink.proto";
26*e7b1675dSTing-Kang Changoption java_multiple_files = true;
27*e7b1675dSTing-Kang Changoption go_package = "github.com/google/tink/go/proto/ecies_aead_hkdf_go_proto";
28*e7b1675dSTing-Kang Chang
29*e7b1675dSTing-Kang Chang// Protos for keys for ECIES with HKDF and AEAD encryption.
30*e7b1675dSTing-Kang Chang//
31*e7b1675dSTing-Kang Chang// These definitions follow loosely ECIES ISO 18033-2 standard
32*e7b1675dSTing-Kang Chang// (Elliptic Curve Integrated Encryption Scheme, see
33*e7b1675dSTing-Kang Chang// http://www.shoup.net/iso/std6.pdf), with but with some differences:
34*e7b1675dSTing-Kang Chang//  * use of HKDF key derivation function (instead of KDF1 and KDF2) enabling
35*e7b1675dSTing-Kang Chang//  the use
36*e7b1675dSTing-Kang Chang//    of optional parameters to the key derivation function, which strenghten
37*e7b1675dSTing-Kang Chang//    the overall security and allow for binding the key material to
38*e7b1675dSTing-Kang Chang//    application-specific information (cf. RFC 5869,
39*e7b1675dSTing-Kang Chang//    https://tools.ietf.org/html/rfc5869)
40*e7b1675dSTing-Kang Chang//  * use of modern AEAD schemes rather than "manual composition" of symmetric
41*e7b1675dSTing-Kang Chang//  encryption
42*e7b1675dSTing-Kang Chang//    with message authentication codes (as in DEM1, DEM2, and DEM3 schemes of
43*e7b1675dSTing-Kang Chang//    ISO 18033-2)
44*e7b1675dSTing-Kang Chang//
45*e7b1675dSTing-Kang Chang// ECIES-keys represent HybridEncryption resp. HybridDecryption primitives.
46*e7b1675dSTing-Kang Chang
47*e7b1675dSTing-Kang Chang// Parameters of KEM (Key Encapsulation Mechanism)
48*e7b1675dSTing-Kang Changmessage EciesHkdfKemParams {
49*e7b1675dSTing-Kang Chang  // Required.
50*e7b1675dSTing-Kang Chang  EllipticCurveType curve_type = 1;
51*e7b1675dSTing-Kang Chang
52*e7b1675dSTing-Kang Chang  // Required.
53*e7b1675dSTing-Kang Chang  HashType hkdf_hash_type = 2;
54*e7b1675dSTing-Kang Chang
55*e7b1675dSTing-Kang Chang  // Optional.
56*e7b1675dSTing-Kang Chang  bytes hkdf_salt = 11;
57*e7b1675dSTing-Kang Chang}
58*e7b1675dSTing-Kang Chang
59*e7b1675dSTing-Kang Chang// Parameters of AEAD DEM (Data Encapsulation Mechanism).
60*e7b1675dSTing-Kang Changmessage EciesAeadDemParams {
61*e7b1675dSTing-Kang Chang  // Required.
62*e7b1675dSTing-Kang Chang  // Contains an Aead or DeterministicAead key format (e.g:
63*e7b1675dSTing-Kang Chang  // AesCtrHmacAeadKeyFormat, AesGcmKeyFormat or AesSivKeyFormat).
64*e7b1675dSTing-Kang Chang  KeyTemplate aead_dem = 2;
65*e7b1675dSTing-Kang Chang}
66*e7b1675dSTing-Kang Chang
67*e7b1675dSTing-Kang Changmessage EciesAeadHkdfParams {
68*e7b1675dSTing-Kang Chang  // Key Encapsulation Mechanism.
69*e7b1675dSTing-Kang Chang  // Required.
70*e7b1675dSTing-Kang Chang  EciesHkdfKemParams kem_params = 1;
71*e7b1675dSTing-Kang Chang
72*e7b1675dSTing-Kang Chang  // Data Encapsulation Mechanism.
73*e7b1675dSTing-Kang Chang  // Required.
74*e7b1675dSTing-Kang Chang  EciesAeadDemParams dem_params = 2;
75*e7b1675dSTing-Kang Chang
76*e7b1675dSTing-Kang Chang  // EC point format.
77*e7b1675dSTing-Kang Chang  // Required.
78*e7b1675dSTing-Kang Chang  EcPointFormat ec_point_format = 3;
79*e7b1675dSTing-Kang Chang}
80*e7b1675dSTing-Kang Chang
81*e7b1675dSTing-Kang Chang// EciesAeadHkdfPublicKey represents HybridEncryption primitive.
82*e7b1675dSTing-Kang Chang// key_type: type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey
83*e7b1675dSTing-Kang Changmessage EciesAeadHkdfPublicKey {
84*e7b1675dSTing-Kang Chang  // Required.
85*e7b1675dSTing-Kang Chang  uint32 version = 1;
86*e7b1675dSTing-Kang Chang  // Required.
87*e7b1675dSTing-Kang Chang  EciesAeadHkdfParams params = 2;
88*e7b1675dSTing-Kang Chang
89*e7b1675dSTing-Kang Chang  // Affine coordinates of the public key in bigendian representation.
90*e7b1675dSTing-Kang Chang  // The public key is a point (x, y) on the curve defined by
91*e7b1675dSTing-Kang Chang  // params.kem_params.curve. Required.
92*e7b1675dSTing-Kang Chang  bytes x = 3;
93*e7b1675dSTing-Kang Chang  // Required.
94*e7b1675dSTing-Kang Chang  bytes y = 4;
95*e7b1675dSTing-Kang Chang}
96*e7b1675dSTing-Kang Chang
97*e7b1675dSTing-Kang Chang// EciesKdfAeadPrivateKey represents HybridDecryption primitive.
98*e7b1675dSTing-Kang Chang// key_type: type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey
99*e7b1675dSTing-Kang Changmessage EciesAeadHkdfPrivateKey {
100*e7b1675dSTing-Kang Chang  // Required.
101*e7b1675dSTing-Kang Chang  uint32 version = 1;
102*e7b1675dSTing-Kang Chang
103*e7b1675dSTing-Kang Chang  // Required.
104*e7b1675dSTing-Kang Chang  EciesAeadHkdfPublicKey public_key = 2;
105*e7b1675dSTing-Kang Chang
106*e7b1675dSTing-Kang Chang  // Required.
107*e7b1675dSTing-Kang Chang  bytes key_value = 3;  // Big integer in bigendian representation.
108*e7b1675dSTing-Kang Chang}
109*e7b1675dSTing-Kang Chang
110*e7b1675dSTing-Kang Changmessage EciesAeadHkdfKeyFormat {
111*e7b1675dSTing-Kang Chang  // Required.
112*e7b1675dSTing-Kang Chang  EciesAeadHkdfParams params = 1;
113*e7b1675dSTing-Kang Chang}
114