// Copyright 2017 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

option go_package = "github.com/google/trillian/crypto/keyspb";

package keyspb;

// Specification for a private key.
message Specification {
  /// ECDSA defines parameters for an ECDSA key.
  message ECDSA {
    // The supported elliptic curves.
    enum Curve {
      DEFAULT_CURVE = 0;  // Curve will be chosen by Trillian.
      P256 = 1;
      P384 = 2;
      P521 = 3;
    }

    // The elliptic curve to use.
    // Optional. If not set, the default curve will be used.
    Curve curve = 1;
  }

  // RSA defines parameters for an RSA key.
  message RSA {
    // Size of the keys in bits. Must be sufficiently large to allow two primes
    // to be generated.
    // Optional. If not set, the key size will be chosen by Trillian.
    int32 bits = 1;
  }

  // Ed25519 defines (empty) parameters for an Ed25519 private key.
  message Ed25519 {
  }

  // The type of parameters provided determines the algorithm used for the key.
  oneof params {
    // The parameters for an ECDSA key.
    ECDSA ecdsa_params = 1;

    // The parameters for an RSA key.
    RSA rsa_params = 2;

    // The parameters for an Ed25519 key.
    Ed25519 ed25519_params = 3;
  }
}

// PEMKeyFile identifies a private key stored in a PEM-encoded file.
message PEMKeyFile {
  // File path of the private key.
  string path = 1;

  // Password for decrypting the private key.
  // If empty, indicates that the private key is not encrypted.
  string password = 2;
}

// PrivateKey is a private key, used for generating signatures.
message PrivateKey {
  // The key in DER-encoded form.
  // The specific format (e.g. PKCS8) is not specified.
  bytes der = 1;
}

// PublicKey is a public key, used for verifying signatures.
message PublicKey {
  // The key in DER-encoded PKIX form.
  bytes der = 1;
}

// PKCS11Config identifies a private key accessed using PKCS #11.
message PKCS11Config {
  // The label of the PKCS#11 token.
  string token_label = 1;
  // The PIN for the specific token.
  string pin = 2;
  // The PEM public key assosciated with the private key to be used.
  string public_key = 3;
}