Skip to content

Commit

Permalink
Add type URL fields for serialized messages. (#185)
Browse files Browse the repository at this point in the history 
This uses google.protobuf.Any where possible. This includes breaking changes to the API, but maintains wire compatibility for EDP requisition fulfillment.
  • Loading branch information
@SanjayVas
SanjayVas authored Nov 1, 2023
1 parent 8b30f27 commit d576157
Show file tree
Hide file tree
Showing 13 changed files with 183 additions and 50 deletions.
11 changes: 10 additions & 1 deletion src/main/proto/wfa/measurement/api/v2alpha/BUILD.bazel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,10 @@ proto_library(
name = "crypto_proto",
srcs = ["crypto.proto"],
strip_import_prefix = IMPORT_PREFIX,
deps = ["@com_google_googleapis//google/api:field_behavior_proto"],
deps = [
"@com_google_googleapis//google/api:field_behavior_proto",
"@com_google_protobuf//:any_proto",
],
)

proto_library(
Expand Down Expand Up @@ -48,6 +51,7 @@ proto_library(
"@com_google_googleapis//google/api:field_behavior_proto",
"@com_google_googleapis//google/api:resource_proto",
"@com_google_googleapis//google/type:interval_proto",
"@com_google_protobuf//:any_proto",
],
)

Expand Down Expand Up @@ -162,6 +166,7 @@ proto_library(
":differential_privacy_proto",
"@com_google_googleapis//google/api:field_behavior_proto",
"@com_google_googleapis//google/api:resource_proto",
"@com_google_protobuf//:any_proto",
"@com_google_protobuf//:duration_proto",
],
)
Expand Down Expand Up @@ -195,6 +200,7 @@ proto_library(
":protocol_config_proto",
"@com_google_googleapis//google/api:field_behavior_proto",
"@com_google_googleapis//google/api:resource_proto",
"@com_google_protobuf//:any_proto",
"@com_google_protobuf//:duration_proto",
],
)
Expand Down Expand Up @@ -385,6 +391,7 @@ proto_library(
"@com_google_googleapis//google/api:field_behavior_proto",
"@com_google_googleapis//google/api:resource_proto",
"@com_google_googleapis//google/type:date_proto",
"@com_google_protobuf//:any_proto",
],
)

Expand All @@ -407,6 +414,7 @@ proto_library(
"@com_google_googleapis//google/api:field_behavior_proto",
"@com_google_googleapis//google/api:resource_proto",
"@com_google_googleapis//google/type:date_proto",
"@com_google_protobuf//:any_proto",
],
)

Expand Down Expand Up @@ -471,6 +479,7 @@ proto_library(
srcs = ["requisitions_service.proto"],
strip_import_prefix = IMPORT_PREFIX,
deps = [
":crypto_proto",
":measurement_proto",
":requisition_proto",
"@com_google_googleapis//google/api:client_proto",
Expand Down
36 changes: 29 additions & 7 deletions src/main/proto/wfa/measurement/api/v2alpha/crypto.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ syntax = "proto3";
package wfa.measurement.api.v2alpha;

import "google/api/field_behavior.proto";
import "google/protobuf/any.proto";

option java_package = "org.wfanet.measurement.api.v2alpha";
option java_multiple_files = true;
Expand All @@ -36,21 +37,42 @@ message ElGamalPublicKey {
bytes element = 3 [(google.api.field_behavior) = REQUIRED];
}

// Data with an accompanying digital signature.
message SignedData {
// Arbitrary data to sign.
bytes data = 1 [(google.api.field_behavior) = REQUIRED];
// A serialized protobuf message with an accompanying digital signature.
message SignedMessage {
// Message to sign.
//
// Required for new requests. If not specified, use the `data` field instead.
google.protobuf.Any message = 4;

// Serialized protobuf message to sign.
//
// Deprecated: Use the `message` field except for legacy resources where it is
// not set.
bytes data = 1 [deprecated = true];

// Cryptographic digital signature of `data`.
// Cryptographic digital signature of `message.value` (or of `data` for legacy
// resources).
bytes signature = 2 [(google.api.field_behavior) = REQUIRED];

// Object identifier (OID) of the signature algorithm in dot notation.
//
// If not specified, this is assumed to be the signature algorithm of the
// accompanying certificate.
// Required for new requests. If not specified, this is assumed to be the
// signature algorithm of the accompanying certificate.
string signature_algorithm_oid = 3;
}

// An encrypted protobuf message.
message EncryptedMessage {
// Protobuf message ciphertext.
bytes ciphertext = 1 [(google.api.field_behavior) = REQUIRED];

// Type URL of the protobuf message. See google.protobuf.Any.
//
// (-- api-linter: core::0140::uri=disabled
// aip.dev/not-precedent: Referencing a well-known field name. --)
string type_url = 2 [(google.api.field_behavior) = REQUIRED];
}

// A public key for asymmetric encryption.
message EncryptionPublicKey {
// Format of data for a public key.
Expand Down
5 changes: 4 additions & 1 deletion src/main/proto/wfa/measurement/api/v2alpha/data_provider.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,10 @@ message DataProvider {

// Serialized `EncryptionPublicKey` for this `DataProvider`, which can be
// verified using `certificate`.
SignedData public_key = 4 [(google.api.field_behavior) = REQUIRED];
//
// The version of the `EncryptionPublicKey` message must match the API version
// used to last update this resource.
SignedMessage public_key = 4 [(google.api.field_behavior) = REQUIRED];

// Display name of the data provider.
string display_name = 5;
Expand Down
20 changes: 16 additions & 4 deletions src/main/proto/wfa/measurement/api/v2alpha/event_group.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ message EventGroup {
plural: "eventGroups"
};

reserved 8;

// Resource name.
//
// Canonical format: dataProviders/{data_provider}/eventGroups/{event_group}
Expand All @@ -58,7 +60,14 @@ message EventGroup {
// Pre-shared serialized `EncryptionPublicKey`, which can be verified using
// `measurement_consumer_certificate`. Must be set if `encrypted_metadata` is
// set.
SignedData measurement_consumer_public_key = 4;
//
// The version of the `EncryptionPublicKey` message must match the API version
// used to last update this resource.
//
// (-- TODO(@SanjayVas): Include the `message` directly rather than
// wrapping it in a `SignedMessage`. The signature is not needed here, as
// the `DataProvider` should have already verified it. --)
SignedMessage measurement_consumer_public_key = 4;

// ID referencing the `EventGroup` in an external system, provided by the
// `DataProvider`.
Expand Down Expand Up @@ -97,9 +106,12 @@ message EventGroup {
google.protobuf.Any metadata = 2 [(google.api.field_behavior) = REQUIRED];
}

// Encrypted serialized `Metadata`. The encryption uses
// `measurement_consumer_public_key` as the recipient public key.
bytes encrypted_metadata = 8;
// `Metadata` encrypted using the `measurement_consumer_public_key` as the
// recipient public key.
//
// The version of the `Metadata` message type must match the API version used
// to last update this resource.
EncryptedMessage encrypted_metadata = 10;

// Possible states of Event Group.
enum State {
Expand Down
7 changes: 5 additions & 2 deletions src/main/proto/wfa/measurement/api/v2alpha/exchange_step.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package wfa.measurement.api.v2alpha;

import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/any.proto";
import "google/type/date.proto";

option java_package = "org.wfanet.measurement.api.v2alpha";
Expand All @@ -35,6 +36,8 @@ message ExchangeStep {
plural: "exchangeSteps"
};

reserved 3;

// Resource name.
string name = 1;

Expand Down Expand Up @@ -68,9 +71,9 @@ message ExchangeStep {
];
}

// Serialized denormalized `exchange_workflow` field from the ancestor
// Denormalized `exchange_workflow` field from the ancestor
// `RecurringExchange`.
bytes serialized_exchange_workflow = 3 [
google.protobuf.Any exchange_workflow = 8 [
(google.api.field_behavior) = OUTPUT_ONLY,
(google.api.field_behavior) = IMMUTABLE
];
Expand Down
50 changes: 37 additions & 13 deletions src/main/proto/wfa/measurement/api/v2alpha/measurement.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/duration.proto";
import "wfa/measurement/api/v2alpha/crypto.proto";
import "wfa/measurement/api/v2alpha/protocol_config.proto";
import "wfa/measurement/api/v2alpha/direct_computation.proto";
import "wfa/measurement/api/v2alpha/protocol_config.proto";

option java_package = "org.wfanet.measurement.api.v2alpha";
option java_multiple_files = true;
Expand Down Expand Up @@ -50,7 +50,10 @@ message Measurement {

// Serialized `MeasurementSpec` for requisitions, which can be verified using
// `measurement_consumer_certificate`.
SignedData measurement_spec = 3 [
//
// The version of the `MeasurementSpec` message type must correspond to the
// API version that this resource was created in.
SignedMessage measurement_spec = 3 [
(google.api.field_behavior) = REQUIRED,
(google.api.field_behavior) = IMMUTABLE
];
Expand All @@ -65,6 +68,8 @@ message Measurement {

// Value of a map entry.
message Value {
reserved 3;

// Resource name of the `Certificate` belonging to `data_provider`.
string data_provider_certificate = 1 [
(google.api.resource_reference).type = "halo.wfanet.org/Certificate",
Expand All @@ -73,16 +78,27 @@ message Measurement {

// Pre-shared serialized `EncryptionPublicKey`, which can be verified
// using `data_provider_certificate`.
SignedData data_provider_public_key = 2
//
// The version of the `EncryptionPublicKey` message type must correspond
// to the API version that this resource was created in.
//
// (-- TODO(@SanjayVas): Include the `message` directly rather than
// wrapping it in a `SignedMessage`. The signature is not needed here, as
// the `MeasurementConsumer` should have already verified it. --)
SignedMessage data_provider_public_key = 2
[(google.api.field_behavior) = REQUIRED];

// Encrypted `SignedData` containing the serialized `RequisitionSpec` for
// this entry, which can be verified using
// Encrypted `SignedMessage` containing the serialized `RequisitionSpec`
// for this entry, which can be verified using
// `measurement_consumer_certificate`.
//
// The encryption uses `data_provider_public_key` as the recipient public
// key.
bytes encrypted_requisition_spec = 3
//
// The versions of the `SignedMessage` and `EncryptionPublicKey` message
// types must correspond to the API version that this resource was created
// in.
EncryptedMessage encrypted_requisition_spec = 5
[(google.api.field_behavior) = REQUIRED];

// SHA256 hash of the `nonce` from `encrypted_requisition_spec`, where the
Expand Down Expand Up @@ -272,23 +288,31 @@ message Measurement {
Population population = 5;
}

// Pair of `Result` to `Certificate`.
message ResultPair {
// Encrypted `SignedData` containing the serialized `Result`
// Output message for a `Result`.
message ResultOutput {
reserved 1;

// Encrypted `SignedMessage` containing the serialized `Result`
// which can be verified using `certificate`.
//
// The encryption uses the `measurement_public_key` from `measurement_spec`
// as the recipient public key.
bytes encrypted_result = 1;
EncryptedMessage encrypted_result = 3 [
(google.api.field_behavior) = REQUIRED,
(google.api.field_behavior) = IMMUTABLE
];

// Resource name of a `Certificate` belonging to the entity that produced
// the result, which can be `Duchy` or `DataProvider`.
string certificate = 2
[(google.api.resource_reference).type = "halo.wfanet.org/Certificate"];
string certificate = 2 [
(google.api.resource_reference).type = "halo.wfanet.org/Certificate",
(google.api.field_behavior) = REQUIRED,
(google.api.field_behavior) = IMMUTABLE
];
}

// Results of this `Measurement`. Only set if `state` is `SUCCEEDED`.
repeated ResultPair results = 8 [
repeated ResultOutput results = 8 [
(google.api.field_behavior) = OUTPUT_ONLY,
(google.api.field_behavior) = UNORDERED_LIST
];
Expand Down
5 changes: 4 additions & 1 deletion src/main/proto/wfa/measurement/api/v2alpha/measurement_consumer.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,10 @@ message MeasurementConsumer {

// Serialized `EncryptionPublicKey` for this `MeasurementConsumer`, which can
// be verified using `certificate`.
SignedData public_key = 4 [(google.api.field_behavior) = REQUIRED];
//
// The version of the `EncryptionPublicKey` message must match the API version
// used to last update this resource.
SignedMessage public_key = 4 [(google.api.field_behavior) = REQUIRED];

// Display name of the `MeasurementConsumer`.
string display_name = 5;
Expand Down
16 changes: 15 additions & 1 deletion src/main/proto/wfa/measurement/api/v2alpha/measurement_spec.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package wfa.measurement.api.v2alpha;

import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "wfa/measurement/api/v2alpha/differential_privacy.proto";

Expand All @@ -27,12 +28,25 @@ option java_outer_classname = "MeasurementSpecProto";

// Specification for a `Measurement`. Immutable.
message MeasurementSpec {
// `EncryptionPublicKey` for the `Measurement` that this `MeasurementSpec` is
// associated with.
//
// This is serialized so it can be compared with the same field in
// `RequisitionSpec`.
//
// Required for new requests. If not specified, use
// `serialized_measurement_public_key`.
google.protobuf.Any measurement_public_key = 10;

// Serialized `EncryptionPublicKey` for the `Measurement` that this
// `MeasurementSpec` is associated with.
//
// This is serialized so it can be easily compared with the same field in
// `RequisitionSpec`.
bytes measurement_public_key = 1 [(google.api.field_behavior) = REQUIRED];
//
// Deprecated: Use `measurement_public_key` except for reading legacy
// resources.
bytes serialized_measurement_public_key = 1 [deprecated = true];

// List of `nonce_hash` values from `data_providers` of the corresponding
// `Measurement`.
Expand Down
5 changes: 4 additions & 1 deletion src/main/proto/wfa/measurement/api/v2alpha/public_key.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,10 @@ message PublicKey {

// Serialized `EncryptionPublicKey` for the parent resource, which can be
// verified using `certificate`.
SignedData public_key = 2 [(google.api.field_behavior) = REQUIRED];
//
// The version of the `EncryptionPublicKey` message must match the API version
// used to last update this resource.
SignedMessage public_key = 2 [(google.api.field_behavior) = REQUIRED];

// Resource name of the `Certificate` that can be used to verify `public_key`.
//
Expand Down
8 changes: 6 additions & 2 deletions src/main/proto/wfa/measurement/api/v2alpha/recurring_exchange.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package wfa.measurement.api.v2alpha;

import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/any.proto";
import "google/type/date.proto";
import "wfa/measurement/api/v2alpha/exchange_workflow.proto";

Expand All @@ -41,8 +42,11 @@ message RecurringExchange {
// Resource name.
string name = 1;

// The ExchangeWorkflow for this recurring exchange.
ExchangeWorkflow exchange_workflow = 2 [
// The `ExchangeWorkflow` for this `RecurringExchange`.
//
// The version of the `ExchangeWorkflow` message type must match the API
// version used to create this resource.
google.protobuf.Any exchange_workflow = 2 [
(google.api.field_behavior) = REQUIRED,
(google.api.field_behavior) = IMMUTABLE
];
Expand Down
Loading

0 comments on commit d576157

Please sign in to comment.