Encrypt certificate logger requests for extended reporting

chrome/browser/net/cert_logger.proto

Index: chrome/browser/net/cert_logger.proto
diff --git a/chrome/browser/net/cert_logger.proto b/chrome/browser/net/cert_logger.proto
index be95005b70d2defe857551e8b7c2c95456ea0124..45c2c814007d47ac3d40b17e567731a09b61ed6c 100644
--- a/chrome/browser/net/cert_logger.proto
+++ b/chrome/browser/net/cert_logger.proto
@@ -53,3 +53,23 @@ message CertLoggerResponse {
   required ResponseCode response = 1;
 };
 
+// A wrapper proto containing an encrypted CertLoggerRequest
+message EncryptedCertLoggerRequest {
+  // An encrypted, serialized CertLoggerRequest
+  required bytes encrypted_report = 1;
+  // An identifier for the server public key that was used to encrypt
+  // this report.
+  required uint32 server_public_key = 2;
+  // The ephemeral client public key used to encrypt the report.
+  required bytes client_public_key = 3;
+
+  required bytes nonce = 4;

[agl, 2015/03/05 19:22:25]

Since the key is random per-message, the nonce can be fixed and thus omitted
from the protobuf if you like.

+  required bytes mac = 5;

[agl, 2015/03/05 19:22:25]

this shouldn't be split out, it should be appended to the ciphertext. AEADs work
on opaque ciphertext blocks and don't generally expose their internals like
this.

+
+  enum Algorithm {
+    UNKNOWN_ALGORITHM = 0;
+    ECDH_AES_CTR_128_HMAC_SHA256 = 1;

[agl, 2015/03/05 19:22:25]

the server side that I reviewed was using AES_256.

+  }
+
+  optional Algorithm algorithm = 6 [default = UNKNOWN_ALGORITHM];

[agl, 2015/03/05 19:22:25]

the default is UNKNOWN_ALGORITHM? Don't you want the default to be
ECDH_AES_CTR_128_HMAC_SHA256?

+}