Merge remote-tracking branch 'origin/main' into stevenwarejones_separ…

…ate_fulfill_certificate
world-federation-of-advertisers · Nov 6, 2023 · 5c4cf1b · 5c4cf1b
2 parents 54164f8 + d576157
commit 5c4cf1b
Show file tree

Hide file tree

Showing 13 changed files with 183 additions and 50 deletions.
diff --git a/src/main/proto/wfa/measurement/api/v2alpha/BUILD.bazel b/src/main/proto/wfa/measurement/api/v2alpha/BUILD.bazel
@@ -16,7 +16,10 @@ proto_library(
     name = "crypto_proto",
     srcs = ["crypto.proto"],
     strip_import_prefix = IMPORT_PREFIX,
-    deps = ["@com_google_googleapis//google/api:field_behavior_proto"],
+    deps = [
+        "@com_google_googleapis//google/api:field_behavior_proto",
+        "@com_google_protobuf//:any_proto",
+    ],
 )
 
 proto_library(
@@ -48,6 +51,7 @@ proto_library(
         "@com_google_googleapis//google/api:field_behavior_proto",
         "@com_google_googleapis//google/api:resource_proto",
         "@com_google_googleapis//google/type:interval_proto",
+        "@com_google_protobuf//:any_proto",
     ],
 )
 
@@ -162,6 +166,7 @@ proto_library(
         ":differential_privacy_proto",
         "@com_google_googleapis//google/api:field_behavior_proto",
         "@com_google_googleapis//google/api:resource_proto",
+        "@com_google_protobuf//:any_proto",
         "@com_google_protobuf//:duration_proto",
     ],
 )
@@ -195,6 +200,7 @@ proto_library(
         ":protocol_config_proto",
         "@com_google_googleapis//google/api:field_behavior_proto",
         "@com_google_googleapis//google/api:resource_proto",
+        "@com_google_protobuf//:any_proto",
         "@com_google_protobuf//:duration_proto",
     ],
 )
@@ -385,6 +391,7 @@ proto_library(
         "@com_google_googleapis//google/api:field_behavior_proto",
         "@com_google_googleapis//google/api:resource_proto",
         "@com_google_googleapis//google/type:date_proto",
+        "@com_google_protobuf//:any_proto",
     ],
 )
 
@@ -407,6 +414,7 @@ proto_library(
         "@com_google_googleapis//google/api:field_behavior_proto",
         "@com_google_googleapis//google/api:resource_proto",
         "@com_google_googleapis//google/type:date_proto",
+        "@com_google_protobuf//:any_proto",
     ],
 )
 
@@ -471,6 +479,7 @@ proto_library(
     srcs = ["requisitions_service.proto"],
     strip_import_prefix = IMPORT_PREFIX,
     deps = [
+        ":crypto_proto",
         ":measurement_proto",
         ":requisition_proto",
         "@com_google_googleapis//google/api:client_proto",

diff --git a/src/main/proto/wfa/measurement/api/v2alpha/crypto.proto b/src/main/proto/wfa/measurement/api/v2alpha/crypto.proto
@@ -17,6 +17,7 @@ syntax = "proto3";
 package wfa.measurement.api.v2alpha;
 
 import "google/api/field_behavior.proto";
+import "google/protobuf/any.proto";
 
 option java_package = "org.wfanet.measurement.api.v2alpha";
 option java_multiple_files = true;
@@ -36,21 +37,42 @@ message ElGamalPublicKey {
   bytes element = 3 [(google.api.field_behavior) = REQUIRED];
 }
 
-// Data with an accompanying digital signature.
-message SignedData {
-  // Arbitrary data to sign.
-  bytes data = 1 [(google.api.field_behavior) = REQUIRED];
+// A serialized protobuf message with an accompanying digital signature.
+message SignedMessage {
+  // Message to sign.
+  //
+  // Required for new requests. If not specified, use the `data` field instead.
+  google.protobuf.Any message = 4;
+
+  // Serialized protobuf message to sign.
+  //
+  // Deprecated: Use the `message` field except for legacy resources where it is
+  // not set.
+  bytes data = 1 [deprecated = true];
 
-  // Cryptographic digital signature of `data`.
+  // Cryptographic digital signature of `message.value` (or of `data` for legacy
+  // resources).
   bytes signature = 2 [(google.api.field_behavior) = REQUIRED];
 
   // Object identifier (OID) of the signature algorithm in dot notation.
   //
-  // If not specified, this is assumed to be the signature algorithm of the
-  // accompanying certificate.
+  // Required for new requests. If not specified, this is assumed to be the
+  // signature algorithm of the accompanying certificate.
   string signature_algorithm_oid = 3;
 }
 
+// An encrypted protobuf message.
+message EncryptedMessage {
+  // Protobuf message ciphertext.
+  bytes ciphertext = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Type URL of the protobuf message. See google.protobuf.Any.
+  //
+  // (-- api-linter: core::0140::uri=disabled
+  //     aip.dev/not-precedent: Referencing a well-known field name. --)
+  string type_url = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
 // A public key for asymmetric encryption.
 message EncryptionPublicKey {
   // Format of data for a public key.

diff --git a/src/main/proto/wfa/measurement/api/v2alpha/data_provider.proto b/src/main/proto/wfa/measurement/api/v2alpha/data_provider.proto
@@ -52,7 +52,10 @@ message DataProvider {
 
   // Serialized `EncryptionPublicKey` for this `DataProvider`, which can be
   // verified using `certificate`.
-  SignedData public_key = 4 [(google.api.field_behavior) = REQUIRED];
+  //
+  // The version of the `EncryptionPublicKey` message must match the API version
+  // used to last update this resource.
+  SignedMessage public_key = 4 [(google.api.field_behavior) = REQUIRED];
 
   // Display name of the data provider.
   string display_name = 5;

diff --git a/src/main/proto/wfa/measurement/api/v2alpha/event_group.proto b/src/main/proto/wfa/measurement/api/v2alpha/event_group.proto
@@ -36,6 +36,8 @@ message EventGroup {
     plural: "eventGroups"
   };
 
+  reserved 8;
+
   // Resource name.
   //
   // Canonical format: dataProviders/{data_provider}/eventGroups/{event_group}
@@ -58,7 +60,14 @@ message EventGroup {
   // Pre-shared serialized `EncryptionPublicKey`, which can be verified using
   // `measurement_consumer_certificate`. Must be set if `encrypted_metadata` is
   // set.
-  SignedData measurement_consumer_public_key = 4;
+  //
+  // The version of the `EncryptionPublicKey` message must match the API version
+  // used to last update this resource.
+  //
+  // (-- TODO(@SanjayVas): Include the `message` directly rather than
+  // wrapping it in a `SignedMessage`. The signature is not needed here, as
+  // the `DataProvider` should have already verified it. --)
+  SignedMessage measurement_consumer_public_key = 4;
 
   // ID referencing the `EventGroup` in an external system, provided by the
   // `DataProvider`.
@@ -97,9 +106,12 @@ message EventGroup {
     google.protobuf.Any metadata = 2 [(google.api.field_behavior) = REQUIRED];
   }
 
-  // Encrypted serialized `Metadata`. The encryption uses
-  // `measurement_consumer_public_key` as the recipient public key.
-  bytes encrypted_metadata = 8;
+  // `Metadata` encrypted using the `measurement_consumer_public_key` as the
+  // recipient public key.
+  //
+  // The version of the `Metadata` message type must match the API version used
+  // to last update this resource.
+  EncryptedMessage encrypted_metadata = 10;
 
   // Possible states of Event Group.
   enum State {

diff --git a/src/main/proto/wfa/measurement/api/v2alpha/exchange_step.proto b/src/main/proto/wfa/measurement/api/v2alpha/exchange_step.proto
@@ -18,6 +18,7 @@ package wfa.measurement.api.v2alpha;
 
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
+import "google/protobuf/any.proto";
 import "google/type/date.proto";
 
 option java_package = "org.wfanet.measurement.api.v2alpha";
@@ -35,6 +36,8 @@ message ExchangeStep {
     plural: "exchangeSteps"
   };
 
+  reserved 3;
+
   // Resource name.
   string name = 1;
 
@@ -68,9 +71,9 @@ message ExchangeStep {
     ];
   }
 
-  // Serialized denormalized `exchange_workflow` field from the ancestor
+  // Denormalized `exchange_workflow` field from the ancestor
   // `RecurringExchange`.
-  bytes serialized_exchange_workflow = 3 [
+  google.protobuf.Any exchange_workflow = 8 [
     (google.api.field_behavior) = OUTPUT_ONLY,
     (google.api.field_behavior) = IMMUTABLE
   ];

diff --git a/src/main/proto/wfa/measurement/api/v2alpha/measurement.proto b/src/main/proto/wfa/measurement/api/v2alpha/measurement.proto
@@ -20,8 +20,8 @@ import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/protobuf/duration.proto";
 import "wfa/measurement/api/v2alpha/crypto.proto";
-import "wfa/measurement/api/v2alpha/protocol_config.proto";
 import "wfa/measurement/api/v2alpha/direct_computation.proto";
+import "wfa/measurement/api/v2alpha/protocol_config.proto";
 
 option java_package = "org.wfanet.measurement.api.v2alpha";
 option java_multiple_files = true;
@@ -50,7 +50,10 @@ message Measurement {
 
   // Serialized `MeasurementSpec` for requisitions, which can be verified using
   // `measurement_consumer_certificate`.
-  SignedData measurement_spec = 3 [
+  //
+  // The version of the `MeasurementSpec` message type must correspond to the
+  // API version that this resource was created in.
+  SignedMessage measurement_spec = 3 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.field_behavior) = IMMUTABLE
   ];
@@ -65,6 +68,8 @@ message Measurement {
 
     // Value of a map entry.
     message Value {
+      reserved 3;
+
       // Resource name of the `Certificate` belonging to `data_provider`.
       string data_provider_certificate = 1 [
         (google.api.resource_reference).type = "halo.wfanet.org/Certificate",
@@ -73,16 +78,27 @@ message Measurement {
 
       // Pre-shared serialized `EncryptionPublicKey`, which can be verified
       // using `data_provider_certificate`.
-      SignedData data_provider_public_key = 2
+      //
+      // The version of the `EncryptionPublicKey` message type must correspond
+      // to the API version that this resource was created in.
+      //
+      // (-- TODO(@SanjayVas): Include the `message` directly rather than
+      // wrapping it in a `SignedMessage`. The signature is not needed here, as
+      // the `MeasurementConsumer` should have already verified it. --)
+      SignedMessage data_provider_public_key = 2
           [(google.api.field_behavior) = REQUIRED];
 
-      // Encrypted `SignedData` containing the serialized `RequisitionSpec` for
-      // this entry, which can be verified using
+      // Encrypted `SignedMessage` containing the serialized `RequisitionSpec`
+      // for this entry, which can be verified using
       // `measurement_consumer_certificate`.
       //
       // The encryption uses `data_provider_public_key` as the recipient public
       // key.
-      bytes encrypted_requisition_spec = 3
+      //
+      // The versions of the `SignedMessage` and `EncryptionPublicKey` message
+      // types must correspond to the API version that this resource was created
+      // in.
+      EncryptedMessage encrypted_requisition_spec = 5
           [(google.api.field_behavior) = REQUIRED];
 
       // SHA256 hash of the `nonce` from `encrypted_requisition_spec`, where the
@@ -272,23 +288,31 @@ message Measurement {
     Population population = 5;
   }
 
-  // Pair of `Result` to `Certificate`.
-  message ResultPair {
-    // Encrypted `SignedData` containing the serialized `Result`
+  // Output message for a `Result`.
+  message ResultOutput {
+    reserved 1;
+
+    // Encrypted `SignedMessage` containing the serialized `Result`
     // which can be verified using `certificate`.
     //
     // The encryption uses the `measurement_public_key` from `measurement_spec`
     // as the recipient public key.
-    bytes encrypted_result = 1;
+    EncryptedMessage encrypted_result = 3 [
+      (google.api.field_behavior) = REQUIRED,
+      (google.api.field_behavior) = IMMUTABLE
+    ];
 
     // Resource name of a `Certificate` belonging to the entity that produced
     // the result, which can be `Duchy` or `DataProvider`.
-    string certificate = 2
-        [(google.api.resource_reference).type = "halo.wfanet.org/Certificate"];
+    string certificate = 2 [
+      (google.api.resource_reference).type = "halo.wfanet.org/Certificate",
+      (google.api.field_behavior) = REQUIRED,
+      (google.api.field_behavior) = IMMUTABLE
+    ];
   }
 
   // Results of this `Measurement`. Only set if `state` is `SUCCEEDED`.
-  repeated ResultPair results = 8 [
+  repeated ResultOutput results = 8 [
     (google.api.field_behavior) = OUTPUT_ONLY,
     (google.api.field_behavior) = UNORDERED_LIST
   ];

diff --git a/src/main/proto/wfa/measurement/api/v2alpha/measurement_consumer.proto b/src/main/proto/wfa/measurement/api/v2alpha/measurement_consumer.proto
@@ -51,7 +51,10 @@ message MeasurementConsumer {
 
   // Serialized `EncryptionPublicKey` for this `MeasurementConsumer`, which can
   // be verified using `certificate`.
-  SignedData public_key = 4 [(google.api.field_behavior) = REQUIRED];
+  //
+  // The version of the `EncryptionPublicKey` message must match the API version
+  // used to last update this resource.
+  SignedMessage public_key = 4 [(google.api.field_behavior) = REQUIRED];
 
   // Display name of the `MeasurementConsumer`.
   string display_name = 5;

diff --git a/src/main/proto/wfa/measurement/api/v2alpha/measurement_spec.proto b/src/main/proto/wfa/measurement/api/v2alpha/measurement_spec.proto
@@ -18,6 +18,7 @@ package wfa.measurement.api.v2alpha;
 
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
+import "google/protobuf/any.proto";
 import "google/protobuf/duration.proto";
 import "wfa/measurement/api/v2alpha/differential_privacy.proto";
 
@@ -27,12 +28,25 @@ option java_outer_classname = "MeasurementSpecProto";
 
 // Specification for a `Measurement`. Immutable.
 message MeasurementSpec {
+  // `EncryptionPublicKey` for the `Measurement` that this `MeasurementSpec` is
+  // associated with.
+  //
+  // This is serialized so it can be compared with the same field in
+  // `RequisitionSpec`.
+  //
+  // Required for new requests. If not specified, use
+  // `serialized_measurement_public_key`.
+  google.protobuf.Any measurement_public_key = 10;
+
   // Serialized `EncryptionPublicKey` for the `Measurement` that this
   // `MeasurementSpec` is associated with.
   //
   // This is serialized so it can be easily compared with the same field in
   // `RequisitionSpec`.
-  bytes measurement_public_key = 1 [(google.api.field_behavior) = REQUIRED];
+  //
+  // Deprecated: Use `measurement_public_key` except for reading legacy
+  // resources.
+  bytes serialized_measurement_public_key = 1 [deprecated = true];
 
   // List of `nonce_hash` values from `data_providers` of the corresponding
   // `Measurement`.

diff --git a/src/main/proto/wfa/measurement/api/v2alpha/public_key.proto b/src/main/proto/wfa/measurement/api/v2alpha/public_key.proto
@@ -39,7 +39,10 @@ message PublicKey {
 
   // Serialized `EncryptionPublicKey` for the parent resource, which can be
   // verified using `certificate`.
-  SignedData public_key = 2 [(google.api.field_behavior) = REQUIRED];
+  //
+  // The version of the `EncryptionPublicKey` message must match the API version
+  // used to last update this resource.
+  SignedMessage public_key = 2 [(google.api.field_behavior) = REQUIRED];
 
   // Resource name of the `Certificate` that can be used to verify `public_key`.
   //

diff --git a/src/main/proto/wfa/measurement/api/v2alpha/recurring_exchange.proto b/src/main/proto/wfa/measurement/api/v2alpha/recurring_exchange.proto
@@ -18,6 +18,7 @@ package wfa.measurement.api.v2alpha;
 
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
+import "google/protobuf/any.proto";
 import "google/type/date.proto";
 import "wfa/measurement/api/v2alpha/exchange_workflow.proto";
 
@@ -41,8 +42,11 @@ message RecurringExchange {
   // Resource name.
   string name = 1;
 
-  // The ExchangeWorkflow for this recurring exchange.
-  ExchangeWorkflow exchange_workflow = 2 [
+  // The `ExchangeWorkflow` for this `RecurringExchange`.
+  //
+  // The version of the `ExchangeWorkflow` message type must match the API
+  // version used to create this resource.
+  google.protobuf.Any exchange_workflow = 2 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.field_behavior) = IMMUTABLE
   ];