1// Copyright 2021 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16syntax = "proto3"; 17 18package google.crypto.tink; 19 20import "proto/common.proto"; 21import "proto/tink.proto"; 22 23option java_package = "com.google.crypto.tink.proto"; 24option java_multiple_files = true; 25option go_package = "github.com/google/tink/proto/cecpq2_aead_hkdf_go_proto"; 26 27// Protos for keys for CECPQ2 with HKDF and AEAD encryption. 28// 29// These definitions follow loosely ECIES ISO 18033-2 standard 30// (Elliptic Curve Integrated Encryption Scheme, see 31// http://www.shoup.net/iso/std6.pdf), with but with some differences: 32// * use of CECPQ2 as the KEM instead of ECC-only KEM 33// * use of HKDF key derivation function (instead of KDF1 and KDF2) enabling 34// the use 35// of optional parameters to the key derivation function, which strenghten 36// the overall security and allow for binding the key material to 37// application-specific information (cf. RFC 5869, 38// https://tools.ietf.org/html/rfc5869) 39// * use of modern AEAD schemes rather than "manual composition" of symmetric 40// encryption 41// with message authentication codes (as in DEM1, DEM2, and DEM3 schemes of 42// ISO 18033-2) 43// 44// CECPQ2-keys represent HybridEncryption resp. HybridDecryption primitives. 45 46// Parameters of KEM (Key Encapsulation Mechanism) 47message Cecpq2HkdfKemParams { 48 // Required. 49 EllipticCurveType curve_type = 1; 50 51 // Required. 52 EcPointFormat ec_point_format = 2; 53 54 // Required. 55 HashType hkdf_hash_type = 3; 56 57 // Optional. 58 bytes hkdf_salt = 11; 59} 60 61// Parameters of AEAD DEM (Data Encapsulation Mechanism). 62message Cecpq2AeadDemParams { 63 // Contains e.g. AesCtrHmacAeadKeyFormat or AesGcmKeyFormat. 64 // Required. 65 KeyTemplate aead_dem = 2; 66} 67 68message Cecpq2AeadHkdfParams { 69 // Key Encapsulation Mechanism. 70 // Required. 71 Cecpq2HkdfKemParams kem_params = 1; 72 73 // Data Encapsulation Mechanism. 74 // Required. 75 Cecpq2AeadDemParams dem_params = 2; 76} 77 78// Cecpq2AeadHkdfPublicKey represents HybridEncryption primitive. 79// key_type: type.googleapis.com/google.crypto.tink.Cecpq2AeadHkdfPublicKey 80message Cecpq2AeadHkdfPublicKey { 81 // Required. 82 uint32 version = 1; 83 // Required. 84 Cecpq2AeadHkdfParams params = 2; 85 86 // X25519 public key: Affine coordinates of the public key in bigendian 87 // representation. The public key is a point (x, y) on the Curve25519. 88 // Required. 89 bytes x25519_public_key_x = 3; 90 // Required. 91 bytes x25519_public_key_y = 4; 92 93 // HRSS public key: 94 // Required. 95 bytes hrss_public_key_marshalled = 5; 96} 97 98// Cecpq2KdfAeadPrivateKey represents HybridDecryption primitive. 99// key_type: type.googleapis.com/google.crypto.tink.Cecpq2AeadHkdfPrivateKey 100message Cecpq2AeadHkdfPrivateKey { 101 // Required. 102 uint32 version = 1; 103 104 // Required. 105 Cecpq2AeadHkdfPublicKey public_key = 2; 106 107 // X25519 private key: 108 // Required. 109 bytes x25519_private_key = 3; // Big integer in bigendian representation. 110 111 // HRSS private key seed: 112 // Required. 113 bytes hrss_private_key_seed = 4; 114} 115 116message Cecpq2AeadHkdfKeyFormat { 117 // Required. 118 Cecpq2AeadHkdfParams params = 1; 119} 120