// Copyright 2018 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////

// Definitions for RSA SSA (Signature Schemes with Appendix) using PSS
// (Probabilistic Signature Scheme ) encoding
// (https://tools.ietf.org/html/rfc8017#section-8.1).
syntax = "proto3";

package google.crypto.tink;

import "proto/common.proto";

option java_package = "com.google.crypto.tink.proto";
option java_multiple_files = true;
option go_package = "github.com/google/tink/proto/rsa_ssa_pss_go_proto";

message RsaSsaPssParams {
  // Hash function used in computing hash of the signing message
  // (see https://tools.ietf.org/html/rfc8017#section-9.1.1).
  // Required.
  HashType sig_hash = 1;
  // Hash function used in MGF1 (a mask generation function based on a
  // hash function) (see https://tools.ietf.org/html/rfc8017#appendix-B.2.1).
  // Required.
  HashType mgf1_hash = 2;
  // Salt length (see https://tools.ietf.org/html/rfc8017#section-9.1.1)
  // Required.
  int32 salt_length = 3;
}

// key_type: type.googleapis.com/google.crypto.tink.RsaSsaPssPublicKey
message RsaSsaPssPublicKey {
  // Required.
  uint32 version = 1;
  // Required.
  RsaSsaPssParams params = 2;
  // Modulus.
  // Unsigned big integer in bigendian representation.
  bytes n = 3;
  // Public exponent.
  // Unsigned big integer in bigendian representation.
  bytes e = 4;
}

// key_type: type.googleapis.com/google.crypto.tink.RsaSsaPssPrivateKey
message RsaSsaPssPrivateKey {
  // Required.
  uint32 version = 1;
  // Required.
  RsaSsaPssPublicKey public_key = 2;
  // Private exponent.
  // Unsigned big integer in bigendian representation.
  // Required.
  bytes d = 3;

  // The following parameters are used to optimize RSA signature computation.
  // The prime factor p of n.
  // Unsigned big integer in bigendian representation.
  // Required.
  bytes p = 4;
  // The prime factor q of n.
  // Unsigned big integer in bigendian representation.
  // Required.
  bytes q = 5;
  // d mod (p - 1).
  // Unsigned big integer in bigendian representation.
  // Required.
  bytes dp = 6;
  // d mod (q - 1).
  // Unsigned big integer in bigendian representation.
  // Required.
  bytes dq = 7;
  // Chinese Remainder Theorem coefficient q^(-1) mod p.
  // Unsigned big integer in bigendian representation.
  // Required.
  bytes crt = 8;
}

message RsaSsaPssKeyFormat {
  // Required.
  RsaSsaPssParams params = 1;
  // Required.
  uint32 modulus_size_in_bits = 2;
  // Required.
  bytes public_exponent = 3;
}