1// Copyright 2018 Google LLC. All Rights Reserved.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17option go_package = "github.com/google/certificate-transparency-go/trillian/migrillian/configpb";
18
19package configpb;
20
21import "trillian/ctfe/configpb/config.proto";
22import "crypto/keyspb/keyspb.proto";
23
24// IdentityFunction specifies how Trillian identity hash is computed.
25enum IdentityFunction {
26 UNKNOWN_IDENTITY_FUNCTION = 0;
27
28 // Returns SHA256 hash of the certificate DER. This is the same function that
29 // CTFE uses when submitting add-[pre-]chain entries to Trillian.
30 //
31 // For example, it can be used when migrating a CT log to Trillian. Using the
32 // same function as CTFE makes any newly submitted entries compatible with the
33 // ones that migrated from the source log.
34 SHA256_CERT_DATA = 1;
35 // Returns SHA256 hash of the leaf index.
36 //
37 // For example, this function can be used for mirroring CT logs. Since the
38 // source logs might have duplicates of different kinds (depends on the
39 // operator), this function allows storing them all (unlike SHA256_CERT_DATA).
40 // Note that the CTFE log must stay read-only (mirror), as CTFE's identity
41 // hash is incompatible.
42 SHA256_LEAF_INDEX = 2;
43}
44
45// MigrationConfig describes the configuration options for a single CT log
46// migration instance.
47message MigrationConfig {
48 // The URI of the source CT log, e.g. "https://ct.googleapis.com/pilot".
49 string source_uri = 1;
50 // The public key of the source log.
51 keyspb.PublicKey public_key = 2;
52
53 // The name of the backend which this log migrates to. The name must be one of
54 // those defined in the LogBackendSet.
55 //
56 // Deprecated. TODO(pavelkalinnikov): Remove it.
57 string log_backend_name = 3 [deprecated=true];
58 // The ID of a Trillian PREORDERED_LOG tree that stores the log data.
59 int64 log_id = 4;
60
61 // Max number of entries per get-entries request from the source log.
62 int32 batch_size = 5;
63
64 // Determines whether the migration should run continuously, i.e. watch and
65 // follow the updates of the source log's STH. For example, this mode can be
66 // used to support a mirror CT log.
67 bool is_continuous = 6;
68 // The log entry index to start fetching at. If negative, then it is assumed
69 // equal to the current Trillian tree size.
70 // Ignored in continuous mode which starts at the point where it stopped (e.g.
71 // the current Trillian tree size in a simple case).
72 int64 start_index = 7;
73 // The log index to end fetching at, non-inclusive. If zero, fetch up to the
74 // source log's current STH. Ignored in continuous mode which keeps updating
75 // STH and fetching up to that.
76 int64 end_index = 8;
77
78 // The number of parallel get-entries fetchers. Assumed equal to 1 if not
79 // specified.
80 int32 num_fetchers = 9;
81 // The number of parallel workers submitting entries to Trillian. Assumed
82 // equal to 1 if not specified.
83 int32 num_submitters = 10;
84 // Max number of batches in fetchers->submitters channel.
85 int32 channel_size = 11;
86
87 // The function that computes LeafIdentityHash for Trillian log entries.
88 IdentityFunction identity_function = 12;
89
90 // If set to false (by default), then Migrillian verifies that the tree as
91 // seen by Trillian is consistent with the current STH of the source CT log.
92 // It invokes the get-sth-consistency endpoint (section 4.4 of RFC 6962) with
93 // the corresponding tree sizes, and verifies the returned proof.
94 bool no_consistency_check = 13;
95
96 // TODO(pavelkalinnikov): Fetch and push quotas, priorities, etc.
97}
98
99// MigrationConfigSet is a set of MigrationConfig messages.
100message MigrationConfigSet {
101 repeated MigrationConfig config = 1;
102}
103
104// MigrillianConfig holds configuration for multiple migration / mirroring jobs.
105message MigrillianConfig {
106 // The set of backends that this configuration will use to send requests to.
107 // The names of the backends in the LogBackendSet must all be distinct.
108 //
109 // Deprecated. TODO(pavelkalinnikov): Remove it.
110 LogBackendSet backends = 1 [deprecated=true];
111 // The set of migrations that will use the above backends. All the protos in
112 // it must set a valid log_backend_name for the config to be usable.
113 MigrationConfigSet migration_configs = 2;
114}
View as plain text