From d6137fb6418ede4a6db9ccfcc0139c972ed08df6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Tremblay?=
 <1619947+marctrem@users.noreply.github.com>
Date: Wed, 27 May 2026 22:56:54 -0400
Subject: [PATCH] teamresource: add exchange_hkswdk to TeamBaseInfo
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Public exchange keyset for the team. The private side is deterministically
derived from the same team root as the team's signing keyset, so it is
reconstructible by the team's threshold via the existing share material —
no new shares introduced. Used to IES-encrypt data targeted at the team.
Persists through all team rotations (per-team, not per-version).
---
 .../teamresource/v1/team_base_info_pb.ts      | 16 +++++++-
 .../teamresource/v1/team_base_info.pb.go      | 38 ++++++++++++++-----
 .../teamresource/v1/team_base_info.proto      | 10 +++++
 3 files changed, 53 insertions(+), 11 deletions(-)

diff --git a/gen/es/proto/splitsecure/teamresource/v1/team_base_info_pb.ts b/gen/es/proto/splitsecure/teamresource/v1/team_base_info_pb.ts
index c1a9fba..6888afd 100644
--- a/gen/es/proto/splitsecure/teamresource/v1/team_base_info_pb.ts
+++ b/gen/es/proto/splitsecure/teamresource/v1/team_base_info_pb.ts
@@ -4,13 +4,15 @@
 
 import type { GenFile, GenMessage } from "@bufbuild/protobuf/codegenv2";
 import { fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv2";
+import type { HybridKeySetWithDetachedKeys } from "../../hybridkeyset/v1/hybrid_key_set_with_detached_keys_pb";
+import { file_splitsecure_hybridkeyset_v1_hybrid_key_set_with_detached_keys } from "../../hybridkeyset/v1/hybrid_key_set_with_detached_keys_pb";
 import type { Message } from "@bufbuild/protobuf";
 
 /**
  * Describes the file splitsecure/teamresource/v1/team_base_info.proto.
  */
 export const file_splitsecure_teamresource_v1_team_base_info: GenFile = /*@__PURE__*/
-  fileDesc("CjBzcGxpdHNlY3VyZS90ZWFtcmVzb3VyY2UvdjEvdGVhbV9iYXNlX2luZm8ucHJvdG8SG3NwbGl0c2VjdXJlLnRlYW1yZXNvdXJjZS52MSJACgxUZWFtQmFzZUluZm8SEAoIaWRlbnRpdHkYASABKAwSHgoWbWlzc2luZ19waWVjZV9jaGVja3N1bRgCIAEoDEKXAgofY29tLnNwbGl0c2VjdXJlLnRlYW1yZXNvdXJjZS52MUIRVGVhbUJhc2VJbmZvUHJvdG9QAVpTZ2l0aHViLmNvbS9zcGxpdHNlY3VyZS9hcGlzL2dlbi9nby9wcm90by9zcGxpdHNlY3VyZS90ZWFtcmVzb3VyY2UvdjE7dGVhbXJlc291cmNldjGiAgNTVFiqAhtTcGxpdHNlY3VyZS5UZWFtcmVzb3VyY2UuVjHKAhtTcGxpdHNlY3VyZVxUZWFtcmVzb3VyY2VcVjHiAidTcGxpdHNlY3VyZVxUZWFtcmVzb3VyY2VcVjFcR1BCTWV0YWRhdGHqAh1TcGxpdHNlY3VyZTo6VGVhbXJlc291cmNlOjpWMWIGcHJvdG8z");
+  fileDesc("CjBzcGxpdHNlY3VyZS90ZWFtcmVzb3VyY2UvdjEvdGVhbV9iYXNlX2luZm8ucHJvdG8SG3NwbGl0c2VjdXJlLnRlYW1yZXNvdXJjZS52MSKUAQoMVGVhbUJhc2VJbmZvEhAKCGlkZW50aXR5GAEgASgMEh4KFm1pc3NpbmdfcGllY2VfY2hlY2tzdW0YAiABKAwSUgoPZXhjaGFuZ2VfaGtzd2RrGAMgASgLMjkuc3BsaXRzZWN1cmUuaHlicmlka2V5c2V0LnYxLkh5YnJpZEtleVNldFdpdGhEZXRhY2hlZEtleXNClwIKH2NvbS5zcGxpdHNlY3VyZS50ZWFtcmVzb3VyY2UudjFCEVRlYW1CYXNlSW5mb1Byb3RvUAFaU2dpdGh1Yi5jb20vc3BsaXRzZWN1cmUvYXBpcy9nZW4vZ28vcHJvdG8vc3BsaXRzZWN1cmUvdGVhbXJlc291cmNlL3YxO3RlYW1yZXNvdXJjZXYxogIDU1RYqgIbU3BsaXRzZWN1cmUuVGVhbXJlc291cmNlLlYxygIbU3BsaXRzZWN1cmVcVGVhbXJlc291cmNlXFYx4gInU3BsaXRzZWN1cmVcVGVhbXJlc291cmNlXFYxXEdQQk1ldGFkYXRh6gIdU3BsaXRzZWN1cmU6OlRlYW1yZXNvdXJjZTo6VjFiBnByb3RvMw", [file_splitsecure_hybridkeyset_v1_hybrid_key_set_with_detached_keys]);
 
 /**
  * TeamBaseInfo carries fields that persist across team rotations.
@@ -36,6 +38,18 @@ export type TeamBaseInfo = Message<"splitsecure.teamresource.v1.TeamBaseInfo"> &
    * @generated from field: bytes missing_piece_checksum = 2;
    */
   missingPieceChecksum: Uint8Array;
+
+  /**
+   * exchange_hkswdk is the team's public exchange keyset. The private side
+   * is deterministically derived from the same team root as the team's
+   * signing keyset, so it is reconstructible by the team's threshold via
+   * the existing share material — no new shares are introduced. Used to
+   * IES-encrypt data targeted at the team. Persists through all team
+   * rotations (per-team, not per-version).
+   *
+   * @generated from field: splitsecure.hybridkeyset.v1.HybridKeySetWithDetachedKeys exchange_hkswdk = 3;
+   */
+  exchangeHkswdk?: HybridKeySetWithDetachedKeys;
 };
 
 /**
diff --git a/gen/go/proto/splitsecure/teamresource/v1/team_base_info.pb.go b/gen/go/proto/splitsecure/teamresource/v1/team_base_info.pb.go
index 342903f..a3bb59b 100644
--- a/gen/go/proto/splitsecure/teamresource/v1/team_base_info.pb.go
+++ b/gen/go/proto/splitsecure/teamresource/v1/team_base_info.pb.go
@@ -7,6 +7,7 @@
 package teamresourcev1
 
 import (
+	v1 "github.com/splitsecure/apis/gen/go/proto/splitsecure/hybridkeyset/v1"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	reflect "reflect"
@@ -33,8 +34,15 @@ type TeamBaseInfo struct {
 	// Empty when the team does not use this feature.
 	// This persists through all team rotations (per-team, not per-version).
 	MissingPieceChecksum []byte `protobuf:"bytes,2,opt,name=missing_piece_checksum,json=missingPieceChecksum,proto3" json:"missing_piece_checksum,omitempty"`
-	unknownFields        protoimpl.UnknownFields
-	sizeCache            protoimpl.SizeCache
+	// exchange_hkswdk is the team's public exchange keyset. The private side
+	// is deterministically derived from the same team root as the team's
+	// signing keyset, so it is reconstructible by the team's threshold via
+	// the existing share material — no new shares are introduced. Used to
+	// IES-encrypt data targeted at the team. Persists through all team
+	// rotations (per-team, not per-version).
+	ExchangeHkswdk *v1.HybridKeySetWithDetachedKeys `protobuf:"bytes,3,opt,name=exchange_hkswdk,json=exchangeHkswdk,proto3" json:"exchange_hkswdk,omitempty"`
+	unknownFields  protoimpl.UnknownFields
+	sizeCache      protoimpl.SizeCache
 }
 
 func (x *TeamBaseInfo) Reset() {
@@ -81,14 +89,22 @@ func (x *TeamBaseInfo) GetMissingPieceChecksum() []byte {
 	return nil
 }
 
+func (x *TeamBaseInfo) GetExchangeHkswdk() *v1.HybridKeySetWithDetachedKeys {
+	if x != nil {
+		return x.ExchangeHkswdk
+	}
+	return nil
+}
+
 var File_splitsecure_teamresource_v1_team_base_info_proto protoreflect.FileDescriptor
 
 const file_splitsecure_teamresource_v1_team_base_info_proto_rawDesc = "" +
 	"\n" +
-	"0splitsecure/teamresource/v1/team_base_info.proto\x12\x1bsplitsecure.teamresource.v1\"`\n" +
+	"0splitsecure/teamresource/v1/team_base_info.proto\x12\x1bsplitsecure.teamresource.v1\x1aCsplitsecure/hybridkeyset/v1/hybrid_key_set_with_detached_keys.proto\"\xc4\x01\n" +
 	"\fTeamBaseInfo\x12\x1a\n" +
 	"\bidentity\x18\x01 \x01(\fR\bidentity\x124\n" +
-	"\x16missing_piece_checksum\x18\x02 \x01(\fR\x14missingPieceChecksumB\x97\x02\n" +
+	"\x16missing_piece_checksum\x18\x02 \x01(\fR\x14missingPieceChecksum\x12b\n" +
+	"\x0fexchange_hkswdk\x18\x03 \x01(\v29.splitsecure.hybridkeyset.v1.HybridKeySetWithDetachedKeysR\x0eexchangeHkswdkB\x97\x02\n" +
 	"\x1fcom.splitsecure.teamresource.v1B\x11TeamBaseInfoProtoP\x01ZSgithub.com/splitsecure/apis/gen/go/proto/splitsecure/teamresource/v1;teamresourcev1\xa2\x02\x03STX\xaa\x02\x1bSplitsecure.Teamresource.V1\xca\x02\x1bSplitsecure\\Teamresource\\V1\xe2\x02'Splitsecure\\Teamresource\\V1\\GPBMetadata\xea\x02\x1dSplitsecure::Teamresource::V1b\x06proto3"
 
 var (
@@ -105,14 +121,16 @@ func file_splitsecure_teamresource_v1_team_base_info_proto_rawDescGZIP() []byte
 
 var file_splitsecure_teamresource_v1_team_base_info_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
 var file_splitsecure_teamresource_v1_team_base_info_proto_goTypes = []any{
-	(*TeamBaseInfo)(nil), // 0: splitsecure.teamresource.v1.TeamBaseInfo
+	(*TeamBaseInfo)(nil),                    // 0: splitsecure.teamresource.v1.TeamBaseInfo
+	(*v1.HybridKeySetWithDetachedKeys)(nil), // 1: splitsecure.hybridkeyset.v1.HybridKeySetWithDetachedKeys
 }
 var file_splitsecure_teamresource_v1_team_base_info_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
+	1, // 0: splitsecure.teamresource.v1.TeamBaseInfo.exchange_hkswdk:type_name -> splitsecure.hybridkeyset.v1.HybridKeySetWithDetachedKeys
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
 }
 
 func init() { file_splitsecure_teamresource_v1_team_base_info_proto_init() }
diff --git a/proto/splitsecure/teamresource/v1/team_base_info.proto b/proto/splitsecure/teamresource/v1/team_base_info.proto
index 5b46610..50e9c9e 100644
--- a/proto/splitsecure/teamresource/v1/team_base_info.proto
+++ b/proto/splitsecure/teamresource/v1/team_base_info.proto
@@ -1,6 +1,8 @@
 syntax = "proto3";
 package splitsecure.teamresource.v1;
 
+import "splitsecure/hybridkeyset/v1/hybrid_key_set_with_detached_keys.proto";
+
 // TeamBaseInfo carries fields that persist across team rotations.
 message TeamBaseInfo {
   // serialized splitsecure.delegationgraph.v1.IdentityVertex
@@ -13,4 +15,12 @@ message TeamBaseInfo {
   // Empty when the team does not use this feature.
   // This persists through all team rotations (per-team, not per-version).
   bytes missing_piece_checksum = 2;
+
+  // exchange_hkswdk is the team's public exchange keyset. The private side
+  // is deterministically derived from the same team root as the team's
+  // signing keyset, so it is reconstructible by the team's threshold via
+  // the existing share material — no new shares are introduced. Used to
+  // IES-encrypt data targeted at the team. Persists through all team
+  // rotations (per-team, not per-version).
+  splitsecure.hybridkeyset.v1.HybridKeySetWithDetachedKeys exchange_hkswdk = 3;
 }