1// Copyright 2017 Google Inc. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17// Definitions for Elliptic Curve Digital Signature Algorithm (ECDSA). 18syntax = "proto3"; 19 20package google.crypto.tink; 21 22import "proto/common.proto"; 23import "proto/tink.proto"; 24 25option java_package = "com.google.crypto.tink.proto"; 26option java_multiple_files = true; 27option go_package = "github.com/tink-crypto/tink-go/v2/proto/ecies_aead_hkdf_go_proto"; 28 29// Protos for keys for ECIES with HKDF and AEAD encryption. 30// 31// These definitions follow loosely ECIES ISO 18033-2 standard 32// (Elliptic Curve Integrated Encryption Scheme, see 33// http://www.shoup.net/iso/std6.pdf), with but with some differences: 34// * use of HKDF key derivation function (instead of KDF1 and KDF2) enabling 35// the use 36// of optional parameters to the key derivation function, which strenghten 37// the overall security and allow for binding the key material to 38// application-specific information (cf. RFC 5869, 39// https://tools.ietf.org/html/rfc5869) 40// * use of modern AEAD schemes rather than "manual composition" of symmetric 41// encryption 42// with message authentication codes (as in DEM1, DEM2, and DEM3 schemes of 43// ISO 18033-2) 44// 45// ECIES-keys represent HybridEncryption resp. HybridDecryption primitives. 46 47// Parameters of KEM (Key Encapsulation Mechanism) 48message EciesHkdfKemParams { 49 // Required. 50 EllipticCurveType curve_type = 1; 51 52 // Required. 53 HashType hkdf_hash_type = 2; 54 55 // Optional. 56 bytes hkdf_salt = 11; 57} 58 59// Parameters of AEAD DEM (Data Encapsulation Mechanism). 60message EciesAeadDemParams { 61 // Required. 62 // Contains an Aead or DeterministicAead key format (e.g: 63 // AesCtrHmacAeadKeyFormat, AesGcmKeyFormat or AesSivKeyFormat). 64 // The output_prefix_type in this template here is ignored (RAW is assumed). 65 KeyTemplate aead_dem = 2; 66} 67 68message EciesAeadHkdfParams { 69 // Key Encapsulation Mechanism. 70 // Required. 71 EciesHkdfKemParams kem_params = 1; 72 73 // Data Encapsulation Mechanism. 74 // Required. 75 EciesAeadDemParams dem_params = 2; 76 77 // EC point format. 78 // Required. 79 EcPointFormat ec_point_format = 3; 80} 81 82// EciesAeadHkdfPublicKey represents HybridEncryption primitive. 83// key_type: type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey 84message EciesAeadHkdfPublicKey { 85 // Required. 86 uint32 version = 1; 87 // Required. 88 EciesAeadHkdfParams params = 2; 89 90 // Affine coordinates of the public key in bigendian representation. 91 // The public key is a point (x, y) on the curve defined by 92 // params.kem_params.curve. Required. 93 bytes x = 3; 94 // Required. 95 bytes y = 4; 96} 97 98// EciesKdfAeadPrivateKey represents HybridDecryption primitive. 99// key_type: type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey 100message EciesAeadHkdfPrivateKey { 101 // Required. 102 uint32 version = 1; 103 104 // Required. 105 EciesAeadHkdfPublicKey public_key = 2; 106 107 // Required. 108 bytes key_value = 3 ; // Placeholder for multi-line ctype and debug_redact. // Big integer in bigendian representation. 109} 110 111message EciesAeadHkdfKeyFormat { 112 // Required. 113 EciesAeadHkdfParams params = 1; 114} 115