1*e7b1675dSTing-Kang Chang// Copyright 2017 Google Inc. 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changsyntax = "proto3"; 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changpackage google.crypto.tink; 20*e7b1675dSTing-Kang Chang 21*e7b1675dSTing-Kang Changoption java_package = "com.google.crypto.tink.proto"; 22*e7b1675dSTing-Kang Changoption java_multiple_files = true; 23*e7b1675dSTing-Kang Changoption go_package = "github.com/google/tink/go/proto/aes_gcm_go_proto"; 24*e7b1675dSTing-Kang Changoption objc_class_prefix = "TINKPB"; 25*e7b1675dSTing-Kang Chang 26*e7b1675dSTing-Kang Changmessage AesGcmKeyFormat { 27*e7b1675dSTing-Kang Chang uint32 key_size = 2; 28*e7b1675dSTing-Kang Chang uint32 version = 3; 29*e7b1675dSTing-Kang Chang} 30*e7b1675dSTing-Kang Chang 31*e7b1675dSTing-Kang Chang// key_type: type.googleapis.com/google.crypto.tink.AesGcmKey 32*e7b1675dSTing-Kang Chang// 33*e7b1675dSTing-Kang Chang// A AesGcmKey is an AEAD key. Mathematically, it represents the functions 34*e7b1675dSTing-Kang Chang// Encrypt and Decrypt which we define in the following. 35*e7b1675dSTing-Kang Chang// 36*e7b1675dSTing-Kang Chang// First, Tink computes a "output prefix" OP by considering the 37*e7b1675dSTing-Kang Chang// "OutputPrefixType" message in Keyset.Key and the ID of the key using the 38*e7b1675dSTing-Kang Chang// Tink function "AEAD-OutputPrefix": (AesGcmKeys must always be stored in a 39*e7b1675dSTing-Kang Chang// keyset). 40*e7b1675dSTing-Kang Chang// 41*e7b1675dSTing-Kang Chang// AEAD-OutputPrefix(output_prefix_type, id): 42*e7b1675dSTing-Kang Chang// if output_prefix_type == RAW: 43*e7b1675dSTing-Kang Chang// return ""; 44*e7b1675dSTing-Kang Chang// if output_prefix_type == TINK: 45*e7b1675dSTing-Kang Chang// return 0x01 + BigEndian(id) 46*e7b1675dSTing-Kang Chang// if output_prefix_type == CRUNCHY: 47*e7b1675dSTing-Kang Chang// return 0x00 + BigEndian(id) 48*e7b1675dSTing-Kang Chang// 49*e7b1675dSTing-Kang Chang// Then, the function defined by this is defined as: 50*e7b1675dSTing-Kang Chang// [GCM], Section 5.2.1: 51*e7b1675dSTing-Kang Chang// * "Encrypt" maps a plaintext P and associated data A to a ciphertext given 52*e7b1675dSTing-Kang Chang// by the concatenation OP || IV || C || T. In addition to [GCM], Tink 53*e7b1675dSTing-Kang Chang// has the following restriction: IV is a uniformly random initialization 54*e7b1675dSTing-Kang Chang// vector of length 12 bytes and T is restricted to 16 bytes. 55*e7b1675dSTing-Kang Chang// 56*e7b1675dSTing-Kang Chang// * If OP matches the result of AEAD-OutputPrefix, then "Decrypt" maps the 57*e7b1675dSTing-Kang Chang// input OP || IV || C || T and A to the the output P in the manner as 58*e7b1675dSTing-Kang Chang// described in [GCM], Section 5.2.2. If OP does not match, then "Decrypt" 59*e7b1675dSTing-Kang Chang// returns an error. 60*e7b1675dSTing-Kang Chang// [GCM]: NIST Special Publication 800-38D: Recommendation for Block Cipher 61*e7b1675dSTing-Kang Chang// Modes of Operation: Galois/Counter Mode (GCM) and GMAC. 62*e7b1675dSTing-Kang Chang// http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf. 63*e7b1675dSTing-Kang Chang 64*e7b1675dSTing-Kang Changmessage AesGcmKey { 65*e7b1675dSTing-Kang Chang uint32 version = 1; 66*e7b1675dSTing-Kang Chang bytes key_value = 3; 67*e7b1675dSTing-Kang Chang} 68