| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| syntax = "proto3"; |
| |
| package tink_testing_api; |
| |
| option java_package = "com.google.crypto.tink.proto.testing"; |
| option java_multiple_files = true; |
| |
| // Service providing metadata about the server. |
| service Metadata { |
| // Returns some server information. A test may use this information to verify |
| // that it is talking to the right server. |
| rpc GetServerInfo(ServerInfoRequest) returns (ServerInfoResponse) {} |
| } |
| |
| message ServerInfoRequest {} |
| |
| message ServerInfoResponse { |
| string tink_version = 1; // For example '1.4' |
| string language = 2; // For example 'cc', 'java', 'go' or 'python'. |
| } |
| |
| // Service for Keyset operations. |
| service Keyset { |
| // Generates a new keyset from a template. |
| rpc Generate(KeysetGenerateRequest) returns (KeysetGenerateResponse) {} |
| // Generates a public-key keyset from a private-key keyset. |
| rpc Public(KeysetPublicRequest) returns (KeysetPublicResponse) {} |
| // Converts a Keyset from Binary to Json Format |
| rpc ToJson(KeysetToJsonRequest) returns (KeysetToJsonResponse) {} |
| // Converts a Keyset from Json to Binary Format |
| rpc FromJson(KeysetFromJsonRequest) returns (KeysetFromJsonResponse) {} |
| } |
| |
| message KeysetGenerateRequest { |
| bytes template = 1; // serialized google.crypto.tink.KeyTemplate. |
| } |
| |
| message KeysetGenerateResponse { |
| oneof result { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| string err = 2; |
| } |
| } |
| |
| message KeysetPublicRequest { |
| bytes private_keyset = 1; // serialized google.crypto.tink.Keyset. |
| } |
| |
| message KeysetPublicResponse { |
| oneof result { |
| bytes public_keyset = 1; // serialized google.crypto.tink.Keyset. |
| string err = 2; |
| } |
| } |
| |
| message KeysetToJsonRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| } |
| |
| message KeysetToJsonResponse { |
| oneof result { |
| string json_keyset = 1; |
| string err = 2; |
| } |
| } |
| |
| message KeysetFromJsonRequest { |
| string json_keyset = 1; |
| } |
| |
| message KeysetFromJsonResponse { |
| oneof result { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| string err = 2; |
| } |
| } |
| |
| // Service for AEAD encryption and decryption |
| service Aead { |
| // Encrypts a plaintext with the provided keyset |
| rpc Encrypt(AeadEncryptRequest) returns (AeadEncryptResponse) {} |
| // Decrypts a ciphertext with the provided keyset |
| rpc Decrypt(AeadDecryptRequest) returns (AeadDecryptResponse) {} |
| } |
| |
| message AeadEncryptRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes plaintext = 2; |
| bytes associated_data = 3; |
| } |
| |
| message AeadEncryptResponse { |
| oneof result { |
| bytes ciphertext = 1; |
| string err = 2; |
| } |
| } |
| |
| message AeadDecryptRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes ciphertext = 2; |
| bytes associated_data = 3; |
| } |
| |
| message AeadDecryptResponse { |
| oneof result { |
| bytes plaintext = 1; |
| string err = 2; |
| } |
| } |
| |
| // Service for Deterministic AEAD encryption and decryption |
| service DeterministicAead { |
| // Encrypts a plaintext with the provided keyset |
| rpc EncryptDeterministically(DeterministicAeadEncryptRequest) |
| returns (DeterministicAeadEncryptResponse) {} |
| // Decrypts a ciphertext with the provided keyset |
| rpc DecryptDeterministically(DeterministicAeadDecryptRequest) |
| returns (DeterministicAeadDecryptResponse) { |
| } |
| } |
| |
| message DeterministicAeadEncryptRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes plaintext = 2; |
| bytes associated_data = 3; |
| } |
| |
| message DeterministicAeadEncryptResponse { |
| oneof result { |
| bytes ciphertext = 1; |
| string err = 2; |
| } |
| } |
| |
| message DeterministicAeadDecryptRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes ciphertext = 2; |
| bytes associated_data = 3; |
| } |
| |
| message DeterministicAeadDecryptResponse { |
| oneof result { |
| bytes plaintext = 1; |
| string err = 2; |
| } |
| } |
| |
| // Service for Streaming AEAD encryption and decryption |
| service StreamingAead { |
| // Encrypts a plaintext with the provided keyset |
| rpc Encrypt(StreamingAeadEncryptRequest) |
| returns (StreamingAeadEncryptResponse) {} |
| // Decrypts a ciphertext with the provided keyset |
| rpc Decrypt(StreamingAeadDecryptRequest) |
| returns (StreamingAeadDecryptResponse) {} |
| } |
| |
| message StreamingAeadEncryptRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes plaintext = 2; |
| bytes associated_data = 3; |
| } |
| |
| message StreamingAeadEncryptResponse { |
| oneof result { |
| bytes ciphertext = 1; |
| string err = 2; |
| } |
| } |
| |
| message StreamingAeadDecryptRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes ciphertext = 2; |
| bytes associated_data = 3; |
| } |
| |
| message StreamingAeadDecryptResponse { |
| oneof result { |
| bytes plaintext = 1; |
| string err = 2; |
| } |
| } |
| |
| // Service to compute and verify MACs |
| service Mac { |
| // Computes a MAC for given data |
| rpc ComputeMac(ComputeMacRequest) returns (ComputeMacResponse) {} |
| // Verifies the validity of the MAC value, no error means success |
| rpc VerifyMac(VerifyMacRequest) returns (VerifyMacResponse) {} |
| } |
| |
| message ComputeMacRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes data = 2; |
| } |
| |
| message ComputeMacResponse { |
| oneof result { |
| bytes mac_value = 1; |
| string err = 2; |
| } |
| } |
| |
| message VerifyMacRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes mac_value = 2; |
| bytes data = 3; |
| } |
| |
| message VerifyMacResponse { |
| string err = 1; |
| } |
| |
| // Service to hybrid encrypt and decrypt |
| service Hybrid { |
| // Encrypts plaintext binding context_info to the resulting ciphertext |
| rpc Encrypt(HybridEncryptRequest) returns (HybridEncryptResponse) {} |
| // Decrypts ciphertext verifying the integrity of context_info |
| rpc Decrypt(HybridDecryptRequest) returns (HybridDecryptResponse) {} |
| } |
| |
| message HybridEncryptRequest { |
| bytes public_keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes plaintext = 2; |
| bytes context_info = 3; |
| } |
| |
| message HybridEncryptResponse { |
| oneof result { |
| bytes ciphertext = 1; |
| string err = 2; |
| } |
| } |
| |
| message HybridDecryptRequest { |
| bytes private_keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes ciphertext = 2; |
| bytes context_info = 3; |
| } |
| |
| message HybridDecryptResponse { |
| oneof result { |
| bytes plaintext = 1; |
| string err = 2; |
| } |
| } |
| |
| // Service to sign and verify signatures. |
| service Signature { |
| // Computes the signature for data |
| rpc Sign(SignatureSignRequest) returns (SignatureSignResponse) {} |
| // Verifies that signature is a digital signature for data |
| rpc Verify(SignatureVerifyRequest) returns (SignatureVerifyResponse) {} |
| } |
| |
| message SignatureSignRequest { |
| bytes private_keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes data = 2; |
| } |
| |
| message SignatureSignResponse { |
| oneof result { |
| bytes signature = 1; |
| string err = 2; |
| } |
| } |
| |
| message SignatureVerifyRequest { |
| bytes public_keyset = 1; // serialized google.crypto.tink.Keyset. |
| bytes signature = 2; |
| bytes data = 3; |
| } |
| |
| message SignatureVerifyResponse { |
| string err = 1; |
| } |
| |
| // Service for PrfSet computation |
| service PrfSet { |
| // Returns the key ids and the primary key id in the keyset. |
| rpc KeyIds(PrfSetKeyIdsRequest) returns (PrfSetKeyIdsResponse) {} |
| // Computes the output of the PRF with the given key_id in the PrfSet. |
| rpc Compute(PrfSetComputeRequest) returns (PrfSetComputeResponse) {} |
| } |
| |
| message PrfSetKeyIdsRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| } |
| |
| message PrfSetKeyIdsResponse { |
| message Output { |
| uint32 primary_key_id = 1; |
| repeated uint32 key_id = 2; |
| } |
| oneof result { |
| Output output = 1; |
| string err = 2; |
| } |
| } |
| |
| message PrfSetComputeRequest { |
| bytes keyset = 1; // serialized google.crypto.tink.Keyset. |
| uint32 key_id = 2; |
| bytes input_data = 3; |
| int32 output_length = 4; |
| } |
| |
| message PrfSetComputeResponse { |
| oneof result { |
| bytes output = 1; |
| string err = 2; |
| } |
| } |