encrypted_message.proto - cobalt - Git at Google

 // Copyright 2016 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 syntax = "proto3";

 package cobalt;

 option go_package = "cobalt";

 ////////////////////////////////////////////////////////////////////////////////
 //
 // NOTE: This copy of encrypted_message.proto is used by the Cobalt client.
 // A second copy of this file is used by the Cobalt Shuffler and Analyzer
 // running in Google production. It is necessary to have two copies due to
 // requirements by the Google Logs Privacy team regarding the location of
 // of .proto files used in logs processing pipelines. Any changes to this
 // file must be replicated in the other copy of the file.
 //
 ////////////////////////////////////////////////////////////////////////////////

 // An EncryptedMessage carries the encrypted bytes of another proto message,
 // along with information about how it is encrypted.
 //
 // Observations collected via Cobalt are doubly encrypted. First each individual
 // message is encrypted to the Analyzer that will process it. Second each
 // Envelope containing many observations is encrypted to the Shuffler. We use
 // the EncryptedMessage proto to carry the ciphertext in both cases.
 message EncryptedMessage {
   // The different schemes used in Cobalt to encrypt a message.
   enum EncryptionScheme {
     // The message is not encrypted. |ciphertext| contains plaintext bytes of a
     // serialized protocol buffer message. This scheme must only be used in
     // tests.
     NONE = 0;

     // Hybrid Cipher using elliptic curve Diffie-Hellman, version 1.
     HYBRID_ECDH_V1 = 1;

     // Hybrid cipher compatible with Tink hybrid encryption/decryption
     // primitives declared in
     // third_party/tink/cc/hybrid/hybrid_key_templates.h
     // Multiple hybrid encryption schemes are supported and indicated by the
     // type of key used.
     HYBRID_TINK = 2;
   }
   // Which scheme was used to encrypt this message?
   EncryptionScheme scheme = 1;

   // 32-byte fingerprint (SHA256) of the recipient’s public key.
   // This is used to facilitate key rotation.
   bytes public_key_fingerprint = 2;

   // The |ciphertext| field contains the bytes of the encryption of the standard
   // serialization of one of the following types of proto messages:
   //
   // - A cobalt.Envelope, as defined in envelope.proto.
   //   EncryptedMessages containing Envelopes are the input to the Shuffler.
   //
   // - A cobalt.Observation2, as defined in observation2.proto.
   //   An ObservationBatch (defined in observation_batch.proto) contains
   //   EncryptedMessages of this type. ObservationBatches are output from the
   //   Shuffler.
   bytes ciphertext = 3;
 }
	// Copyright 2016 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.
	syntax = "proto3";

	package cobalt;

	option go_package = "cobalt";

	////////////////////////////////////////////////////////////////////////////////
	//
	// NOTE: This copy of encrypted_message.proto is used by the Cobalt client.
	// A second copy of this file is used by the Cobalt Shuffler and Analyzer
	// running in Google production. It is necessary to have two copies due to
	// requirements by the Google Logs Privacy team regarding the location of
	// of .proto files used in logs processing pipelines. Any changes to this
	// file must be replicated in the other copy of the file.
	//
	////////////////////////////////////////////////////////////////////////////////

	// An EncryptedMessage carries the encrypted bytes of another proto message,
	// along with information about how it is encrypted.
	//
	// Observations collected via Cobalt are doubly encrypted. First each individual
	// message is encrypted to the Analyzer that will process it. Second each
	// Envelope containing many observations is encrypted to the Shuffler. We use
	// the EncryptedMessage proto to carry the ciphertext in both cases.
	message EncryptedMessage {
	// The different schemes used in Cobalt to encrypt a message.
	enum EncryptionScheme {
	// The message is not encrypted. \|ciphertext\| contains plaintext bytes of a
	// serialized protocol buffer message. This scheme must only be used in
	// tests.
	NONE = 0;

	// Hybrid Cipher using elliptic curve Diffie-Hellman, version 1.
	HYBRID_ECDH_V1 = 1;

	// Hybrid cipher compatible with Tink hybrid encryption/decryption
	// primitives declared in
	// third_party/tink/cc/hybrid/hybrid_key_templates.h
	// Multiple hybrid encryption schemes are supported and indicated by the
	// type of key used.
	HYBRID_TINK = 2;
	}
	// Which scheme was used to encrypt this message?
	EncryptionScheme scheme = 1;

	// 32-byte fingerprint (SHA256) of the recipient’s public key.
	// This is used to facilitate key rotation.
	bytes public_key_fingerprint = 2;

	// The \|ciphertext\| field contains the bytes of the encryption of the standard
	// serialization of one of the following types of proto messages:
	//
	// - A cobalt.Envelope, as defined in envelope.proto.
	// EncryptedMessages containing Envelopes are the input to the Shuffler.
	//
	// - A cobalt.Observation2, as defined in observation2.proto.
	// An ObservationBatch (defined in observation_batch.proto) contains
	// EncryptedMessages of this type. ObservationBatches are output from the
	// Shuffler.
	bytes ciphertext = 3;
	}