diff options
author | ambrosin <ambrosin@google.com> | 2022-05-30 02:16:42 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2022-05-30 02:17:30 -0700 |
commit | 5bb8a67f71949d471043806895ae3d2eecc08fd3 (patch) | |
tree | 2ff3be78ba3e04a7915215dbcdbd8316821e3d50 /proto | |
parent | 92967de3a53f15725335d1c72bb1a2a5ac779e43 (diff) | |
download | tink-5bb8a67f71949d471043806895ae3d2eecc08fd3.tar.gz |
Make proto/testing local to testing/(cc|java_src|python|go|cross_language).
PiperOrigin-RevId: 451828716
Diffstat (limited to 'proto')
-rw-r--r-- | proto/testing/BUILD.bazel | 11 | ||||
-rw-r--r-- | proto/testing/testing_api.proto | 537 |
2 files changed, 0 insertions, 548 deletions
diff --git a/proto/testing/BUILD.bazel b/proto/testing/BUILD.bazel deleted file mode 100644 index a6bd57448..000000000 --- a/proto/testing/BUILD.bazel +++ /dev/null @@ -1,11 +0,0 @@ -licenses(["notice"]) - -package( - default_testonly = 1, -) - -proto_library( - name = "testing_api_proto", - srcs = ["testing_api.proto"], - visibility = ["//visibility:public"], -) diff --git a/proto/testing/testing_api.proto b/proto/testing/testing_api.proto deleted file mode 100644 index d42290b69..000000000 --- a/proto/testing/testing_api.proto +++ /dev/null @@ -1,537 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -syntax = "proto3"; - -package tink_testing_api; - -option java_package = "com.google.crypto.tink.proto.testing"; -option java_multiple_files = true; -option go_package = "github.com/google/tink/proto/testing/testing_api_go_proto"; -// Placeholder for java_stubby_library - -// Service providing metadata about the server. -service Metadata { - // Returns some server information. A test may use this information to verify - // that it is talking to the right server. - rpc GetServerInfo(ServerInfoRequest) returns (ServerInfoResponse) {} -} - -message ServerInfoRequest {} - -message ServerInfoResponse { - string tink_version = 1; // For example '1.4' - string language = 2; // For example 'cc', 'java', 'go' or 'python'. -} - -// Service for Keyset operations. -service Keyset { - // Generates a key template from a key template name. - rpc GetTemplate(KeysetTemplateRequest) returns (KeysetTemplateResponse) {} - // Generates a new keyset from a template. - rpc Generate(KeysetGenerateRequest) returns (KeysetGenerateResponse) {} - // Generates a public-key keyset from a private-key keyset. - rpc Public(KeysetPublicRequest) returns (KeysetPublicResponse) {} - // Converts a Keyset from Binary to Json Format - rpc ToJson(KeysetToJsonRequest) returns (KeysetToJsonResponse) {} - // Converts a Keyset from Json to Binary Format - rpc FromJson(KeysetFromJsonRequest) returns (KeysetFromJsonResponse) {} - // Reads an encrypted keyset using KeysetHandle.read() or - // KeysetHandle.readWithAssociatedData() and the BinaryKeysetReader. - rpc ReadEncrypted(KeysetReadEncryptedRequest) - returns (KeysetReadEncryptedResponse) {} - // Writes an encrypted keyset using KeysetHandle.write() or - // KeysetHandle.writeWithAssociatedData() and the BinaryKeysetWriter. - rpc WriteEncrypted(KeysetWriteEncryptedRequest) - returns (KeysetWriteEncryptedResponse) {} -} - -message KeysetTemplateRequest { - string template_name = 1; // template name used by Tinkey -} - -message KeysetTemplateResponse { - oneof result { - bytes key_template = 1; // serialized google.crypto.tink.KeyTemplate. - string err = 2; - } -} - -message KeysetGenerateRequest { - bytes template = 1; // serialized google.crypto.tink.KeyTemplate. -} - -message KeysetGenerateResponse { - oneof result { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - string err = 2; - } -} - -message KeysetPublicRequest { - bytes private_keyset = 1; // serialized google.crypto.tink.Keyset. -} - -message KeysetPublicResponse { - oneof result { - bytes public_keyset = 1; // serialized google.crypto.tink.Keyset. - string err = 2; - } -} - -message KeysetToJsonRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. -} - -message KeysetToJsonResponse { - oneof result { - string json_keyset = 1; - string err = 2; - } -} - -message KeysetFromJsonRequest { - string json_keyset = 1; -} - -message KeysetFromJsonResponse { - oneof result { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - string err = 2; - } -} - -// Copy of google.protobuf.BytesValue -message BytesValue { - // The bytes value. - bytes value = 1; -} - -enum KeysetReaderType { - KEYSET_READER_UNKNOWN = 0; - KEYSET_READER_BINARY = 1; - KEYSET_READER_JSON = 2; -} - -message KeysetReadEncryptedRequest { - bytes encrypted_keyset = 1; - bytes master_keyset = 2; // serialized google.crypto.tink.Keyset. - BytesValue associated_data = 3; - KeysetReaderType keyset_reader_type = 4; -} - -message KeysetReadEncryptedResponse { - oneof result { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - string err = 2; - } -} - -enum KeysetWriterType { - KEYSET_WRITER_UNKNOWN = 0; - KEYSET_WRITER_BINARY = 1; - KEYSET_WRITER_JSON = 2; -} - -message KeysetWriteEncryptedRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - bytes master_keyset = 2; // serialized google.crypto.tink.Keyset. - BytesValue associated_data = 3; - KeysetWriterType keyset_writer_type = 4; -} - -message KeysetWriteEncryptedResponse { - oneof result { - bytes encrypted_keyset = 1; - string err = 2; - } -} - -// Service for AEAD encryption and decryption -service Aead { - // Encrypts a plaintext with the provided keyset - rpc Encrypt(AeadEncryptRequest) returns (AeadEncryptResponse) {} - // Decrypts a ciphertext with the provided keyset - rpc Decrypt(AeadDecryptRequest) returns (AeadDecryptResponse) {} -} - -message AeadEncryptRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - bytes plaintext = 2; - bytes associated_data = 3; -} - -message AeadEncryptResponse { - oneof result { - bytes ciphertext = 1; - string err = 2; - } -} - -message AeadDecryptRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - bytes ciphertext = 2; - bytes associated_data = 3; -} - -message AeadDecryptResponse { - oneof result { - bytes plaintext = 1; - string err = 2; - } -} - -// Service for Deterministic AEAD encryption and decryption -service DeterministicAead { - // Encrypts a plaintext with the provided keyset - rpc EncryptDeterministically(DeterministicAeadEncryptRequest) - returns (DeterministicAeadEncryptResponse) {} - // Decrypts a ciphertext with the provided keyset - rpc DecryptDeterministically(DeterministicAeadDecryptRequest) - returns (DeterministicAeadDecryptResponse) {} -} - -message DeterministicAeadEncryptRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - bytes plaintext = 2; - bytes associated_data = 3; -} - -message DeterministicAeadEncryptResponse { - oneof result { - bytes ciphertext = 1; - string err = 2; - } -} - -message DeterministicAeadDecryptRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - bytes ciphertext = 2; - bytes associated_data = 3; -} - -message DeterministicAeadDecryptResponse { - oneof result { - bytes plaintext = 1; - string err = 2; - } -} - -// Service for Streaming AEAD encryption and decryption -service StreamingAead { - // Encrypts a plaintext with the provided keyset - rpc Encrypt(StreamingAeadEncryptRequest) - returns (StreamingAeadEncryptResponse) {} - // Decrypts a ciphertext with the provided keyset - rpc Decrypt(StreamingAeadDecryptRequest) - returns (StreamingAeadDecryptResponse) {} -} - -message StreamingAeadEncryptRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - bytes plaintext = 2; - bytes associated_data = 3; -} - -message StreamingAeadEncryptResponse { - oneof result { - bytes ciphertext = 1; - string err = 2; - } -} - -message StreamingAeadDecryptRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - bytes ciphertext = 2; - bytes associated_data = 3; -} - -message StreamingAeadDecryptResponse { - oneof result { - bytes plaintext = 1; - string err = 2; - } -} - -// Service to compute and verify MACs -service Mac { - // Computes a MAC for given data - rpc ComputeMac(ComputeMacRequest) returns (ComputeMacResponse) {} - // Verifies the validity of the MAC value, no error means success - rpc VerifyMac(VerifyMacRequest) returns (VerifyMacResponse) {} -} - -message ComputeMacRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - bytes data = 2; -} - -message ComputeMacResponse { - oneof result { - bytes mac_value = 1; - string err = 2; - } -} - -message VerifyMacRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - bytes mac_value = 2; - bytes data = 3; -} - -message VerifyMacResponse { - string err = 1; -} - -// Service to hybrid encrypt and decrypt -service Hybrid { - // Encrypts plaintext binding context_info to the resulting ciphertext - rpc Encrypt(HybridEncryptRequest) returns (HybridEncryptResponse) {} - // Decrypts ciphertext verifying the integrity of context_info - rpc Decrypt(HybridDecryptRequest) returns (HybridDecryptResponse) {} -} - -message HybridEncryptRequest { - bytes public_keyset = 1; // serialized google.crypto.tink.Keyset. - bytes plaintext = 2; - bytes context_info = 3; -} - -message HybridEncryptResponse { - oneof result { - bytes ciphertext = 1; - string err = 2; - } -} - -message HybridDecryptRequest { - bytes private_keyset = 1; // serialized google.crypto.tink.Keyset. - bytes ciphertext = 2; - bytes context_info = 3; -} - -message HybridDecryptResponse { - oneof result { - bytes plaintext = 1; - string err = 2; - } -} - -// Service to sign and verify signatures. -service Signature { - // Computes the signature for data - rpc Sign(SignatureSignRequest) returns (SignatureSignResponse) {} - // Verifies that signature is a digital signature for data - rpc Verify(SignatureVerifyRequest) returns (SignatureVerifyResponse) {} -} - -message SignatureSignRequest { - bytes private_keyset = 1; // serialized google.crypto.tink.Keyset. - bytes data = 2; -} - -message SignatureSignResponse { - oneof result { - bytes signature = 1; - string err = 2; - } -} - -message SignatureVerifyRequest { - bytes public_keyset = 1; // serialized google.crypto.tink.Keyset. - bytes signature = 2; - bytes data = 3; -} - -message SignatureVerifyResponse { - string err = 1; -} - -// Service for PrfSet computation -service PrfSet { - // Returns the key ids and the primary key id in the keyset. - rpc KeyIds(PrfSetKeyIdsRequest) returns (PrfSetKeyIdsResponse) {} - // Computes the output of the PRF with the given key_id in the PrfSet. - rpc Compute(PrfSetComputeRequest) returns (PrfSetComputeResponse) {} -} - -message PrfSetKeyIdsRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. -} - -message PrfSetKeyIdsResponse { - message Output { - uint32 primary_key_id = 1; - repeated uint32 key_id = 2; - } - oneof result { - Output output = 1; - string err = 2; - } -} - -message PrfSetComputeRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - uint32 key_id = 2; - bytes input_data = 3; - int32 output_length = 4; -} - -message PrfSetComputeResponse { - oneof result { - bytes output = 1; - string err = 2; - } -} - -// Service for JSON Web Tokens (JWT) -service Jwt { - // Computes a signed compact JWT token. - rpc ComputeMacAndEncode(JwtSignRequest) returns (JwtSignResponse) {} - // Verifies the validity of the signed compact JWT token - rpc VerifyMacAndDecode(JwtVerifyRequest) returns (JwtVerifyResponse) {} - // Computes a signed compact JWT token. - rpc PublicKeySignAndEncode(JwtSignRequest) returns (JwtSignResponse) {} - // Verifies the validity of the signed compact JWT token - rpc PublicKeyVerifyAndDecode(JwtVerifyRequest) returns (JwtVerifyResponse) {} - // Converts a Keyset from Tink Binary to JWK Set Format - rpc ToJwkSet(JwtToJwkSetRequest) returns (JwtToJwkSetResponse) {} - // Converts a Keyset from JWK Set to Tink Binary Format - rpc FromJwkSet(JwtFromJwkSetRequest) returns (JwtFromJwkSetResponse) {} -} - -// Used to represent the JSON null value. -enum NullValue { - NULL_VALUE = 0; -} - -// TODO(b/179867503): Remove these copies of Timestamp, Duration and StringValue - -// Copy of google.protobuf.Timestamp -message Timestamp { - // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - // 9999-12-31T23:59:59Z inclusive. - int64 seconds = 1; - - // Non-negative fractions of a second at nanosecond resolution. Negative - // second values with fractions must still have non-negative nanos values - // that count forward in time. Must be from 0 to 999,999,999 - // inclusive. - int32 nanos = 2; -} - -// Copy of google.protobuf.Duration -message Duration { - // Signed seconds of the span of time. Must be from -315,576,000,000 - // to +315,576,000,000 inclusive. Note: these bounds are computed from: - // 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - int64 seconds = 1; - - // Signed fractions of a second at nanosecond resolution of the span - // of time. Durations less than one second are represented with a 0 - // `seconds` field and a positive or negative `nanos` field. For durations - // of one second or more, a non-zero value for the `nanos` field must be - // of the same sign as the `seconds` field. Must be from -999,999,999 - // to +999,999,999 inclusive. - int32 nanos = 2; -} - -// Copy of google.protobuf.StringValue -message StringValue { - // The string value. - string value = 1; -} - -message JwtClaimValue { - oneof kind { - NullValue null_value = 2; - double number_value = 3; - string string_value = 4; - bool bool_value = 5; - string json_object_value = 6; - string json_array_value = 7; - } -} - -message JwtToken { - StringValue issuer = 1; - StringValue subject = 2; - repeated string audiences = 3; - StringValue jwt_id = 4; - Timestamp expiration = 5; - Timestamp not_before = 6; - Timestamp issued_at = 7; - map<string, JwtClaimValue> custom_claims = 8; - StringValue type_header = 9; -} - -message JwtValidator { - StringValue expected_type_header = 7; - StringValue expected_issuer = 1; - StringValue expected_audience = 3; - bool ignore_type_header = 8; - bool ignore_issuer = 9; - bool ignore_audience = 11; - bool allow_missing_expiration = 12; - bool expect_issued_in_the_past = 13; - Timestamp now = 5; - Duration clock_skew = 6; -} - -message JwtSignRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset - JwtToken raw_jwt = 2; -} - -message JwtSignResponse { - oneof result { - string signed_compact_jwt = 1; - string err = 2; - } -} - -message JwtVerifyRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset - string signed_compact_jwt = 2; - JwtValidator validator = 3; -} - -message JwtVerifyResponse { - oneof result { - JwtToken verified_jwt = 1; - string err = 2; - } -} - -message JwtToJwkSetRequest { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. -} - -message JwtToJwkSetResponse { - oneof result { - string jwk_set = 1; - string err = 2; - } -} - -message JwtFromJwkSetRequest { - string jwk_set = 1; -} - -message JwtFromJwkSetResponse { - oneof result { - bytes keyset = 1; // serialized google.crypto.tink.Keyset. - string err = 2; - } -} |