diff --git a/src/main/proto/wfa/measurement/api/v2alpha/BUILD.bazel b/src/main/proto/wfa/measurement/api/v2alpha/BUILD.bazel index 345df489d..0a500dc82 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/BUILD.bazel +++ b/src/main/proto/wfa/measurement/api/v2alpha/BUILD.bazel @@ -16,7 +16,10 @@ proto_library( name = "crypto_proto", srcs = ["crypto.proto"], strip_import_prefix = IMPORT_PREFIX, - deps = ["@com_google_googleapis//google/api:field_behavior_proto"], + deps = [ + "@com_google_googleapis//google/api:field_behavior_proto", + "@com_google_protobuf//:any_proto", + ], ) proto_library( @@ -48,6 +51,7 @@ proto_library( "@com_google_googleapis//google/api:field_behavior_proto", "@com_google_googleapis//google/api:resource_proto", "@com_google_googleapis//google/type:interval_proto", + "@com_google_protobuf//:any_proto", ], ) @@ -162,6 +166,7 @@ proto_library( ":differential_privacy_proto", "@com_google_googleapis//google/api:field_behavior_proto", "@com_google_googleapis//google/api:resource_proto", + "@com_google_protobuf//:any_proto", "@com_google_protobuf//:duration_proto", ], ) @@ -195,6 +200,7 @@ proto_library( ":protocol_config_proto", "@com_google_googleapis//google/api:field_behavior_proto", "@com_google_googleapis//google/api:resource_proto", + "@com_google_protobuf//:any_proto", "@com_google_protobuf//:duration_proto", ], ) @@ -385,6 +391,7 @@ proto_library( "@com_google_googleapis//google/api:field_behavior_proto", "@com_google_googleapis//google/api:resource_proto", "@com_google_googleapis//google/type:date_proto", + "@com_google_protobuf//:any_proto", ], ) @@ -407,6 +414,7 @@ proto_library( "@com_google_googleapis//google/api:field_behavior_proto", "@com_google_googleapis//google/api:resource_proto", "@com_google_googleapis//google/type:date_proto", + "@com_google_protobuf//:any_proto", ], ) @@ -471,6 +479,7 @@ proto_library( srcs = ["requisitions_service.proto"], strip_import_prefix = IMPORT_PREFIX, deps = [ + ":crypto_proto", ":measurement_proto", ":requisition_proto", "@com_google_googleapis//google/api:client_proto", diff --git a/src/main/proto/wfa/measurement/api/v2alpha/crypto.proto b/src/main/proto/wfa/measurement/api/v2alpha/crypto.proto index 72a4a2c90..6b9c4b139 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/crypto.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/crypto.proto @@ -17,6 +17,7 @@ syntax = "proto3"; package wfa.measurement.api.v2alpha; import "google/api/field_behavior.proto"; +import "google/protobuf/any.proto"; option java_package = "org.wfanet.measurement.api.v2alpha"; option java_multiple_files = true; @@ -36,21 +37,42 @@ message ElGamalPublicKey { bytes element = 3 [(google.api.field_behavior) = REQUIRED]; } -// Data with an accompanying digital signature. -message SignedData { - // Arbitrary data to sign. - bytes data = 1 [(google.api.field_behavior) = REQUIRED]; +// A serialized protobuf message with an accompanying digital signature. +message SignedMessage { + // Message to sign. + // + // Required for new requests. If not specified, use the `data` field instead. + google.protobuf.Any message = 4; + + // Serialized protobuf message to sign. + // + // Deprecated: Use the `message` field except for legacy resources where it is + // not set. + bytes data = 1 [deprecated = true]; - // Cryptographic digital signature of `data`. + // Cryptographic digital signature of `message.value` (or of `data` for legacy + // resources). bytes signature = 2 [(google.api.field_behavior) = REQUIRED]; // Object identifier (OID) of the signature algorithm in dot notation. // - // If not specified, this is assumed to be the signature algorithm of the - // accompanying certificate. + // Required for new requests. If not specified, this is assumed to be the + // signature algorithm of the accompanying certificate. string signature_algorithm_oid = 3; } +// An encrypted protobuf message. +message EncryptedMessage { + // Protobuf message ciphertext. + bytes ciphertext = 1 [(google.api.field_behavior) = REQUIRED]; + + // Type URL of the protobuf message. See google.protobuf.Any. + // + // (-- api-linter: core::0140::uri=disabled + // aip.dev/not-precedent: Referencing a well-known field name. --) + string type_url = 2 [(google.api.field_behavior) = REQUIRED]; +} + // A public key for asymmetric encryption. message EncryptionPublicKey { // Format of data for a public key. diff --git a/src/main/proto/wfa/measurement/api/v2alpha/data_provider.proto b/src/main/proto/wfa/measurement/api/v2alpha/data_provider.proto index 2122c9baf..107661e8a 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/data_provider.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/data_provider.proto @@ -52,7 +52,10 @@ message DataProvider { // Serialized `EncryptionPublicKey` for this `DataProvider`, which can be // verified using `certificate`. - SignedData public_key = 4 [(google.api.field_behavior) = REQUIRED]; + // + // The version of the `EncryptionPublicKey` message must match the API version + // used to last update this resource. + SignedMessage public_key = 4 [(google.api.field_behavior) = REQUIRED]; // Display name of the data provider. string display_name = 5; diff --git a/src/main/proto/wfa/measurement/api/v2alpha/event_group.proto b/src/main/proto/wfa/measurement/api/v2alpha/event_group.proto index 1555719ad..572eed636 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/event_group.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/event_group.proto @@ -36,6 +36,8 @@ message EventGroup { plural: "eventGroups" }; + reserved 8; + // Resource name. // // Canonical format: dataProviders/{data_provider}/eventGroups/{event_group} @@ -58,7 +60,10 @@ message EventGroup { // Pre-shared serialized `EncryptionPublicKey`, which can be verified using // `measurement_consumer_certificate`. Must be set if `encrypted_metadata` is // set. - SignedData measurement_consumer_public_key = 4; + // + // The version of the `EncryptionPublicKey` message must match the API version + // used to last update this resource. + SignedMessage measurement_consumer_public_key = 4; // ID referencing the `EventGroup` in an external system, provided by the // `DataProvider`. @@ -97,9 +102,12 @@ message EventGroup { google.protobuf.Any metadata = 2 [(google.api.field_behavior) = REQUIRED]; } - // Encrypted serialized `Metadata`. The encryption uses - // `measurement_consumer_public_key` as the recipient public key. - bytes encrypted_metadata = 8; + // `Metadata` encrypted using the `measurement_consumer_public_key` as the + // recipient public key. + // + // The version of the `Metadata` message type must match the API version used + // to last update this resource. + EncryptedMessage encrypted_metadata = 10; // Possible states of Event Group. enum State { diff --git a/src/main/proto/wfa/measurement/api/v2alpha/exchange_step.proto b/src/main/proto/wfa/measurement/api/v2alpha/exchange_step.proto index 91df85a10..655ee7a48 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/exchange_step.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/exchange_step.proto @@ -18,6 +18,7 @@ package wfa.measurement.api.v2alpha; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; +import "google/protobuf/any.proto"; import "google/type/date.proto"; option java_package = "org.wfanet.measurement.api.v2alpha"; @@ -68,13 +69,20 @@ message ExchangeStep { ]; } - // Serialized denormalized `exchange_workflow` field from the ancestor + // Denormalized `exchange_workflow` field from the ancestor // `RecurringExchange`. - bytes serialized_exchange_workflow = 3 [ + google.protobuf.Any exchange_workflow = 8 [ (google.api.field_behavior) = OUTPUT_ONLY, (google.api.field_behavior) = IMMUTABLE ]; + // Denormalized `value` of the `exchange_workflow` field from the ancestor + // `RecurringExchange`. + // + // Deprecated: Use `exchange_workflow` instead. + bytes serialized_exchange_workflow = 3 + [(google.api.field_behavior) = OUTPUT_ONLY, deprecated = true]; + // State of an `ExchangeStep`. enum State { // Default value used if the state is omitted. diff --git a/src/main/proto/wfa/measurement/api/v2alpha/measurement.proto b/src/main/proto/wfa/measurement/api/v2alpha/measurement.proto index 75f5da280..a09c0f77e 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/measurement.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/measurement.proto @@ -20,8 +20,8 @@ import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/protobuf/duration.proto"; import "wfa/measurement/api/v2alpha/crypto.proto"; -import "wfa/measurement/api/v2alpha/protocol_config.proto"; import "wfa/measurement/api/v2alpha/direct_computation.proto"; +import "wfa/measurement/api/v2alpha/protocol_config.proto"; option java_package = "org.wfanet.measurement.api.v2alpha"; option java_multiple_files = true; @@ -50,7 +50,10 @@ message Measurement { // Serialized `MeasurementSpec` for requisitions, which can be verified using // `measurement_consumer_certificate`. - SignedData measurement_spec = 3 [ + // + // The version of the `MeasurementSpec` message type must correspond to the + // API version that this resource was created in. + SignedMessage measurement_spec = 3 [ (google.api.field_behavior) = REQUIRED, (google.api.field_behavior) = IMMUTABLE ]; @@ -65,6 +68,8 @@ message Measurement { // Value of a map entry. message Value { + reserved 3; + // Resource name of the `Certificate` belonging to `data_provider`. string data_provider_certificate = 1 [ (google.api.resource_reference).type = "halo.wfanet.org/Certificate", @@ -73,16 +78,23 @@ message Measurement { // Pre-shared serialized `EncryptionPublicKey`, which can be verified // using `data_provider_certificate`. - SignedData data_provider_public_key = 2 + // + // The version of the `EncryptionPublicKey` message type must correspond + // to the API version that this resource was created in. + SignedMessage data_provider_public_key = 2 [(google.api.field_behavior) = REQUIRED]; - // Encrypted `SignedData` containing the serialized `RequisitionSpec` for - // this entry, which can be verified using + // Encrypted `SignedMessage` containing the serialized `RequisitionSpec` + // for this entry, which can be verified using // `measurement_consumer_certificate`. // // The encryption uses `data_provider_public_key` as the recipient public // key. - bytes encrypted_requisition_spec = 3 + // + // The versions of the `SignedMessage` and `EncryptionPublicKey` message + // types must correspond to the API version that this resource was created + // in. + EncryptedMessage encrypted_requisition_spec = 5 [(google.api.field_behavior) = REQUIRED]; // SHA256 hash of the `nonce` from `encrypted_requisition_spec`, where the @@ -272,23 +284,31 @@ message Measurement { Population population = 5; } - // Pair of `Result` to `Certificate`. - message ResultPair { - // Encrypted `SignedData` containing the serialized `Result` + // Output message for a `Result`. + message ResultOutput { + reserved 1; + + // Encrypted `SignedMessage` containing the serialized `Result` // which can be verified using `certificate`. // // The encryption uses the `measurement_public_key` from `measurement_spec` // as the recipient public key. - bytes encrypted_result = 1; + EncryptedMessage encrypted_result = 3 [ + (google.api.field_behavior) = REQUIRED, + (google.api.field_behavior) = IMMUTABLE + ]; // Resource name of a `Certificate` belonging to the entity that produced // the result, which can be `Duchy` or `DataProvider`. - string certificate = 2 - [(google.api.resource_reference).type = "halo.wfanet.org/Certificate"]; + string certificate = 2 [ + (google.api.resource_reference).type = "halo.wfanet.org/Certificate", + (google.api.field_behavior) = REQUIRED, + (google.api.field_behavior) = IMMUTABLE + ]; } // Results of this `Measurement`. Only set if `state` is `SUCCEEDED`. - repeated ResultPair results = 8 [ + repeated ResultOutput results = 8 [ (google.api.field_behavior) = OUTPUT_ONLY, (google.api.field_behavior) = UNORDERED_LIST ]; diff --git a/src/main/proto/wfa/measurement/api/v2alpha/measurement_consumer.proto b/src/main/proto/wfa/measurement/api/v2alpha/measurement_consumer.proto index 01649c1e4..9061e8cde 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/measurement_consumer.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/measurement_consumer.proto @@ -51,7 +51,10 @@ message MeasurementConsumer { // Serialized `EncryptionPublicKey` for this `MeasurementConsumer`, which can // be verified using `certificate`. - SignedData public_key = 4 [(google.api.field_behavior) = REQUIRED]; + // + // The version of the `EncryptionPublicKey` message must match the API version + // used to last update this resource. + SignedMessage public_key = 4 [(google.api.field_behavior) = REQUIRED]; // Display name of the `MeasurementConsumer`. string display_name = 5; diff --git a/src/main/proto/wfa/measurement/api/v2alpha/measurement_spec.proto b/src/main/proto/wfa/measurement/api/v2alpha/measurement_spec.proto index 9da5ec810..465ce8627 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/measurement_spec.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/measurement_spec.proto @@ -18,6 +18,7 @@ package wfa.measurement.api.v2alpha; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "wfa/measurement/api/v2alpha/differential_privacy.proto"; @@ -27,12 +28,25 @@ option java_outer_classname = "MeasurementSpecProto"; // Specification for a `Measurement`. Immutable. message MeasurementSpec { + // `EncryptionPublicKey` for the `Measurement` that this `MeasurementSpec` is + // associated with. + // + // This is serialized so it can be compared with the same field in + // `RequisitionSpec`. + // + // Required for new requests. If not specified, use + // `serialized_measurement_public_key`. + google.protobuf.Any measurement_public_key = 10; + // Serialized `EncryptionPublicKey` for the `Measurement` that this // `MeasurementSpec` is associated with. // // This is serialized so it can be easily compared with the same field in // `RequisitionSpec`. - bytes measurement_public_key = 1 [(google.api.field_behavior) = REQUIRED]; + // + // Deprecated: Use `measurement_public_key` except for reading legacy + // resources. + bytes serialized_measurement_public_key = 1 [deprecated = true]; // List of `nonce_hash` values from `data_providers` of the corresponding // `Measurement`. diff --git a/src/main/proto/wfa/measurement/api/v2alpha/public_key.proto b/src/main/proto/wfa/measurement/api/v2alpha/public_key.proto index 36e13bcfd..f63e2704f 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/public_key.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/public_key.proto @@ -39,7 +39,10 @@ message PublicKey { // Serialized `EncryptionPublicKey` for the parent resource, which can be // verified using `certificate`. - SignedData public_key = 2 [(google.api.field_behavior) = REQUIRED]; + // + // The version of the `EncryptionPublicKey` message must match the API version + // used to last update this resource. + SignedMessage public_key = 2 [(google.api.field_behavior) = REQUIRED]; // Resource name of the `Certificate` that can be used to verify `public_key`. // diff --git a/src/main/proto/wfa/measurement/api/v2alpha/recurring_exchange.proto b/src/main/proto/wfa/measurement/api/v2alpha/recurring_exchange.proto index 552d331df..d1293a025 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/recurring_exchange.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/recurring_exchange.proto @@ -18,6 +18,7 @@ package wfa.measurement.api.v2alpha; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; +import "google/protobuf/any.proto"; import "google/type/date.proto"; import "wfa/measurement/api/v2alpha/exchange_workflow.proto"; @@ -41,8 +42,11 @@ message RecurringExchange { // Resource name. string name = 1; - // The ExchangeWorkflow for this recurring exchange. - ExchangeWorkflow exchange_workflow = 2 [ + // The `ExchangeWorkflow` for this `RecurringExchange`. + // + // The version of the `ExchangeWorkflow` message type must match the API + // version used to create this resource. + google.protobuf.Any exchange_workflow = 2 [ (google.api.field_behavior) = REQUIRED, (google.api.field_behavior) = IMMUTABLE ]; diff --git a/src/main/proto/wfa/measurement/api/v2alpha/requisition.proto b/src/main/proto/wfa/measurement/api/v2alpha/requisition.proto index 18c321cd9..458309836 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/requisition.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/requisition.proto @@ -57,19 +57,19 @@ message Requisition { // `measurement. string measurement_consumer_certificate = 3 [ (google.api.resource_reference).type = "halo.wfanet.org/Certificate", - (google.api.field_behavior) = REQUIRED, + (google.api.field_behavior) = OUTPUT_ONLY, (google.api.field_behavior) = IMMUTABLE ]; // Denormalized `measurement_spec` field from `measurement`. - SignedData measurement_spec = 4 [ - (google.api.field_behavior) = REQUIRED, + SignedMessage measurement_spec = 4 [ + (google.api.field_behavior) = OUTPUT_ONLY, (google.api.field_behavior) = IMMUTABLE ]; // Denormalized `protocol_config` field from `measurement`. ProtocolConfig protocol_config = 5 [ - (google.api.field_behavior) = REQUIRED, + (google.api.field_behavior) = OUTPUT_ONLY, (google.api.field_behavior) = IMMUTABLE ]; @@ -77,24 +77,31 @@ message Requisition { // `DataProviderEntry` in `measurement`. string data_provider_certificate = 6 [ (google.api.resource_reference).type = "halo.wfanet.org/Certificate", - (google.api.field_behavior) = REQUIRED, + (google.api.field_behavior) = OUTPUT_ONLY, (google.api.field_behavior) = IMMUTABLE ]; // Denormalized `data_provider_public_key` field from the corresponding // `DataProviderEntry` in `measurement`. - SignedData data_provider_public_key = 7 [ - (google.api.field_behavior) = REQUIRED, + SignedMessage data_provider_public_key = 7 [ + (google.api.field_behavior) = OUTPUT_ONLY, (google.api.field_behavior) = IMMUTABLE ]; // Denormalized `encrypted_requisition_spec` field from the corresponding // `DataProviderEntry` in `measurement`. - bytes encrypted_requisition_spec = 8 [ - (google.api.field_behavior) = REQUIRED, + EncryptedMessage encrypted_requisition_spec = 14 [ + (google.api.field_behavior) = OUTPUT_ONLY, (google.api.field_behavior) = IMMUTABLE ]; + // Denormalized `encrypted_requisition_spec.ciphertext` from the corresponding + // `DataProviderEntry` in `measurement`. + // + // Deprecated: Use `encrypted_requisition_spec`. + bytes encrypted_requisition_spec_ciphertext = 8 + [(google.api.field_behavior) = OUTPUT_ONLY, deprecated = true]; + // Entry in the `duchies` map. message DuchyEntry { // Key of the map entry, which is a `Duchy` resource name. @@ -106,7 +113,7 @@ message Requisition { // Information for the Liquid Legions v2 protocols including Reach-Only. message LiquidLegionsV2 { // The `ElGamalPublicKey` generated by the `Duchy` for this `Requisition`. - SignedData el_gamal_public_key = 1 + SignedMessage el_gamal_public_key = 1 [(google.api.field_behavior) = REQUIRED]; } diff --git a/src/main/proto/wfa/measurement/api/v2alpha/requisition_spec.proto b/src/main/proto/wfa/measurement/api/v2alpha/requisition_spec.proto index 00afb2925..e992a3d0f 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/requisition_spec.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/requisition_spec.proto @@ -18,6 +18,7 @@ package wfa.measurement.api.v2alpha; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; +import "google/protobuf/any.proto"; import "google/type/interval.proto"; option java_package = "org.wfanet.measurement.api.v2alpha"; @@ -60,15 +61,27 @@ message RequisitionSpec { // Deprecated list of `EventGroupEntry`s for a measurement repeated EventGroupEntry event_groups = 1 [deprecated = true]; + // `EncryptionPublicKey` for the `Measurement` that this `RequisitionSpec` is + // associated with. + // + // This is serialized so it can be compared with the same field in + // `MeasurementSpec`. + // + // Required for new requests. If not specified, use + // `serialized_measurement_public_key`. + google.protobuf.Any measurement_public_key = 6 + [(google.api.field_behavior) = IMMUTABLE]; + // Serialized `EncryptionPublicKey` for the `Measurement` that this // `RequisitionSpec` is associated with. // // This is serialized so it can be easily compared with the same field in // `MeasurementSpec`. - bytes measurement_public_key = 2 [ - (google.api.field_behavior) = REQUIRED, - (google.api.field_behavior) = IMMUTABLE - ]; + // + // Deprecated: Use `measurement_public_key` except when reading legacy + // resources. + bytes serialized_measurement_public_key = 2 + [(google.api.field_behavior) = IMMUTABLE, deprecated = true]; // Non-zero cryptographic nonce for this `RequisitionSpec`. // (-- api-linter: core::0141::forbidden-types=disabled diff --git a/src/main/proto/wfa/measurement/api/v2alpha/requisitions_service.proto b/src/main/proto/wfa/measurement/api/v2alpha/requisitions_service.proto index 25d47c482..a6c1c4036 100644 --- a/src/main/proto/wfa/measurement/api/v2alpha/requisitions_service.proto +++ b/src/main/proto/wfa/measurement/api/v2alpha/requisitions_service.proto @@ -19,6 +19,7 @@ package wfa.measurement.api.v2alpha; import "google/api/client.proto"; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; +import "wfa/measurement/api/v2alpha/crypto.proto"; import "wfa/measurement/api/v2alpha/measurement.proto"; import "wfa/measurement/api/v2alpha/requisition.proto"; @@ -123,12 +124,27 @@ message FulfillDirectRequisitionRequest { (google.api.field_behavior) = REQUIRED ]; - // Encrypted `SignedData` containing the data (serialized Measurement.Result - // message) for fulfillment. + // Encrypted `SignedMessage` containing a `Measurement.Result`. // // The encryption uses the measurement_public_key from measurement_spec as // the recipient's public key. - bytes encrypted_data = 2 [(google.api.field_behavior) = REQUIRED]; + // + // The versions of the `SignedMessage` and `Measurement.Result` message types + // must match the API version of this request message. + // + // This may be required in the future. + EncryptedMessage encrypted_result = 4; + + // Encrypted `SignedMessage` containing a `Measurement.Result`. + // + // The encryption uses the measurement_public_key from measurement_spec as + // the recipient's public key. + // + // The versions of the `SignedMessage` and `Measurement.Result` message types + // must match the API version of this request message. + // + // Deprecated: Use `encrypted_result`. + bytes encrypted_result_ciphertext = 5 [deprecated = true]; // The `nonce` value from the `encrypted_requisition_spec`. //