• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2016 Google Inc. All Rights Reserved.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17option java_multiple_files = true;
18option java_package = "com.google.trillian.proto";
19option java_outer_classname = "TrillianProto";
20option go_package = "github.com/google/trillian";
21
22package trillian;
23
24import "crypto/keyspb/keyspb.proto";
25import "crypto/sigpb/sigpb.proto";
26import "google/protobuf/any.proto";
27import "google/protobuf/duration.proto";
28import "google/protobuf/timestamp.proto";
29
30// LogRootFormat specifies the fields that are covered by the
31// SignedLogRoot signature, as well as their ordering and formats.
32enum LogRootFormat {
33  LOG_ROOT_FORMAT_UNKNOWN = 0;
34  LOG_ROOT_FORMAT_V1 = 1;
35}
36
37// MapRootFormat specifies the fields that are covered by the
38// SignedMapRoot signature, as well as their ordering and formats.
39enum MapRootFormat {
40  MAP_ROOT_FORMAT_UNKNOWN = 0;
41  MAP_ROOT_FORMAT_V1 = 1;
42}
43
44// What goes in here?
45// Things which are exposed through the public trillian APIs.
46
47// Defines the way empty / node / leaf hashes are constructed incorporating
48// preimage protection, which can be application specific.
49enum HashStrategy {
50  // Hash strategy cannot be determined. Included to enable detection of
51  // mismatched proto versions being used. Represents an invalid value.
52  UNKNOWN_HASH_STRATEGY = 0;
53
54  // Certificate Transparency strategy: leaf hash prefix = 0x00, node prefix =
55  // 0x01, empty hash is digest([]byte{}), as defined in the specification.
56  RFC6962_SHA256 = 1;
57
58  // Sparse Merkle Tree strategy:  leaf hash prefix = 0x00, node prefix = 0x01,
59  // empty branch is recursively computed from empty leaf nodes.
60  // NOT secure in a multi tree environment. For testing only.
61  TEST_MAP_HASHER = 2;
62
63  // Append-only log strategy where leaf nodes are defined as the ObjectHash.
64  // All other properties are equal to RFC6962_SHA256.
65  OBJECT_RFC6962_SHA256 = 3;
66
67  // The CONIKS sparse tree hasher with SHA512_256 as the hash algorithm.
68  CONIKS_SHA512_256 = 4;
69
70  // The CONIKS sparse tree hasher with SHA256 as the hash algorithm.
71  CONIKS_SHA256 = 5;
72}
73
74// State of the tree.
75enum TreeState {
76  // Tree state cannot be determined. Included to enable detection of
77  // mismatched proto versions being used. Represents an invalid value.
78  UNKNOWN_TREE_STATE = 0;
79
80  // Active trees are able to respond to both read and write requests.
81  ACTIVE = 1;
82
83  // Frozen trees are only able to respond to read requests, writing to a frozen
84  // tree is forbidden. Trees should not be frozen when there are entries
85  // in the queue that have not yet been integrated. See the DRAINING
86  // state for this case.
87  FROZEN = 2;
88
89  // Deprecated: now tracked in Tree.deleted.
90  DEPRECATED_SOFT_DELETED = 3 [deprecated = true];
91
92  // Deprecated: now tracked in Tree.deleted.
93  DEPRECATED_HARD_DELETED = 4 [deprecated = true];
94
95  // A tree that is draining will continue to integrate queued entries.
96  // No new entries should be accepted.
97  DRAINING = 5;
98}
99
100// Type of the tree.
101enum TreeType {
102  // Tree type cannot be determined. Included to enable detection of mismatched
103  // proto versions being used. Represents an invalid value.
104  UNKNOWN_TREE_TYPE = 0;
105
106  // Tree represents a verifiable log.
107  LOG = 1;
108
109  // Tree represents a verifiable map.
110  MAP = 2;
111
112  // Tree represents a verifiable pre-ordered log, i.e., a log whose entries are
113  // placed according to sequence numbers assigned outside of Trillian.
114  PREORDERED_LOG = 3;
115}
116
117// Represents a tree, which may be either a verifiable log or map.
118// Readonly attributes are assigned at tree creation, after which they may not
119// be modified.
120//
121// Note: Many APIs within the rest of the code require these objects to
122// be provided. For safety they should be obtained via Admin API calls and
123// not created dynamically.
124message Tree {
125  // ID of the tree.
126  // Readonly.
127  int64 tree_id = 1;
128
129  // State of the tree.
130  // Trees are ACTIVE after creation. At any point the tree may transition
131  // between ACTIVE, DRAINING and FROZEN states.
132  TreeState tree_state = 2;
133
134  // Type of the tree.
135  // Readonly after Tree creation. Exception: Can be switched from
136  // PREORDERED_LOG to LOG if the Tree is and remains in the FROZEN state.
137  TreeType tree_type = 3;
138
139  // Hash strategy to be used by the tree.
140  // Readonly.
141  HashStrategy hash_strategy = 4;
142
143  // Hash algorithm to be used by the tree.
144  // Readonly.
145  sigpb.DigitallySigned.HashAlgorithm hash_algorithm = 5;
146
147  // Signature algorithm to be used by the tree.
148  // Readonly.
149  sigpb.DigitallySigned.SignatureAlgorithm signature_algorithm = 6;
150
151  reserved 18;  // Signature cipher suite (removed)
152  reserved 7;   // DuplicatePolicy (removed)
153
154  // Display name of the tree.
155  // Optional.
156  string display_name = 8;
157
158  // Description of the tree,
159  // Optional.
160  string description = 9;
161
162  reserved 10;  // create_time_millis_since_epoch (removed)
163  reserved 11;  // update_time_millis_since_epoch (removed)
164
165  // Identifies the private key used for signing tree heads and entry
166  // timestamps.
167  // This can be any type of message to accommodate different key management
168  // systems, e.g. PEM files, HSMs, etc.
169  // Private keys are write-only: they're never returned by RPCs.
170  // The private_key message can be changed after a tree is created, but the
171  // underlying key must remain the same - this is to enable migrating a key
172  // from one provider to another.
173  google.protobuf.Any private_key = 12;
174
175  // Storage-specific settings.
176  // Varies according to the storage implementation backing Trillian.
177  google.protobuf.Any storage_settings = 13;
178
179  // The public key used for verifying tree heads and entry timestamps.
180  // Readonly.
181  keyspb.PublicKey public_key = 14;
182
183  // Interval after which a new signed root is produced even if there have been
184  // no submission.  If zero, this behavior is disabled.
185  google.protobuf.Duration max_root_duration = 15;
186
187  // Time of tree creation.
188  // Readonly.
189  google.protobuf.Timestamp create_time = 16;
190
191  // Time of last tree update.
192  // Readonly (automatically assigned on updates).
193  google.protobuf.Timestamp update_time = 17;
194
195  // If true, the tree has been deleted.
196  // Deleted trees may be undeleted during a certain time window, after which
197  // they're permanently deleted (and unrecoverable).
198  // Readonly.
199  bool deleted = 19;
200
201  // Time of tree deletion, if any.
202  // Readonly.
203  google.protobuf.Timestamp delete_time = 20;
204}
205
206message SignedEntryTimestamp {
207  int64 timestamp_nanos = 1;
208  int64 log_id = 2;
209  sigpb.DigitallySigned signature = 3;
210}
211
212// SignedLogRoot represents a commitment by a Log to a particular tree.
213message SignedLogRoot {
214  // Deleted: TimestampNanos moved to LogRoot.
215  reserved 1;
216  // Deleted: RootHash moved to LogRoot.
217  reserved 2;
218  // Deleted: TreeSize moved to LogRoot.
219  reserved 3;
220  // Deleted: Signature replaced by LogRootSignature.
221  reserved 4;
222  // Deleted: LogID is associated with the public key that validates signature.
223  reserved 5;
224  // Deleted: TreeRevision moved to LogRoot.
225  reserved 6;
226
227  // key_hint is a hint to identify the public key for signature verification.
228  // key_hint is not authenticated and may be incorrect or missing, in which
229  // case all known public keys may be used to verify the signature.
230  // When directly communicating with a Trillian gRPC server, the key_hint will
231  // typically contain the LogID encoded as a big-endian 64-bit integer;
232  // however, in other contexts the key_hint is likely to have different
233  // contents (e.g. it could be a GUID, a URL + TreeID, or it could be
234  // derived from the public key itself).
235  bytes key_hint = 7;
236
237  // log_root holds the TLS-serialization of the following structure (described
238  // in RFC5246 notation): Clients should validate log_root_signature with
239  // VerifySignedLogRoot before deserializing log_root.
240  // enum { v1(1), (65535)} Version;
241  // struct {
242  //   uint64 tree_size;
243  //   opaque root_hash<0..128>;
244  //   uint64 timestamp_nanos;
245  //   uint64 revision;
246  //   opaque metadata<0..65535>;
247  // } LogRootV1;
248  // struct {
249  //   Version version;
250  //   select(version) {
251  //     case v1: LogRootV1;
252  //   }
253  // } LogRoot;
254  //
255  // A serialized v1 log root will therefore be laid out as:
256  //
257  // +---+---+---+---+---+---+---+---+---+---+---+---+---+---+-....--+
258  // | ver=1 |          tree_size            |len|    root_hashlen   |
259  // +---+---+---+---+---+---+---+---+---+---+---+---+---+---+-....--+
260  //
261  // +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
262  // |        timestamp_nanos        |      revision                 |
263  // +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
264  //
265  // +---+---+---+---+---+-....---+
266  // |  len  |    metadata        |
267  // +---+---+---+---+---+-....---+
268  //
269  // (with all integers encoded big-endian).
270  bytes log_root = 8;
271
272  // log_root_signature is the raw signature over log_root.
273  bytes log_root_signature = 9;
274}
275
276// SignedMapRoot represents a commitment by a Map to a particular tree.
277message SignedMapRoot {
278  reserved 1;  // Deprecated: Was timestamp_nanos. Use map_root.
279  reserved 2;  // Deprecated: Was root_hash. Use map_root.
280  reserved 3;  // Deprecated: Was MapperMetadata. Use map_root.
281  reserved 5;  // Deprecated: Was map_id. Use signature.
282  reserved 6;  // Deprecated: Was map_revision. Use map_root.
283  reserved 7;  // Deprecated: Was metadata Any. Use map_root.
284  reserved 8;  // Deprecated: Was metadata bytes. Use map_root.
285
286  // map_root holds the TLS-serialization of the following structure (described
287  // in RFC5246 notation): Clients should validate signature with
288  // VerifySignedMapRoot before deserializing map_root.
289  // enum { v1(1), (65535)} Version;
290  // struct {
291  //   opaque root_hash<0..128>;
292  //   uint64 timestamp_nanos;
293  //   uint64 revision;
294  //   opaque metadata<0..65535>;
295  // } MapRootV1;
296  // struct {
297  //   Version version;
298  //   select(version) {
299  //     case v1: MapRootV1;
300  //   }
301  // } MapRoot;
302  bytes map_root = 9;
303  // Signature is the raw signature over MapRoot.
304  bytes signature = 4;
305}
306
307// Proof holds a consistency or inclusion proof for a Merkle tree, as returned
308// by the API.
309message Proof {
310  // leaf_index indicates the requested leaf index when this message is used for
311  // a leaf inclusion proof.  This field is set to zero when this message is
312  // used for a consistency proof.
313  int64 leaf_index = 1;
314  reserved 2; // Contained internal node details (removed)
315  repeated bytes hashes = 3;
316}
317