Add version to Trust Token.

This change plumbs the protocol_version and id from the key commitment
to allow it be used to determine what crypto method to use and to
include in requests via the Sec-Trust-Token-Version header.

Design: https://docs.google.com/document/d/197OckoDGNe9-gSlB3dq9bufYoVimuFdon80ERHgK87E/edit#

Change-Id: If7e06fa7ce74d7584230566898db74528d843c9c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425432
Auto-Submit: Steven Valdez <svaldez@chromium.org>
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: David Van Cleve <davidvc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#812910}

services/network/network_service_unittest.cc

@@ -1215,11 +1215,14 @@ TEST_F(NetworkServiceTestWithService, SetsTrustTokenKeyCommitments) {
   auto expectation = mojom::TrustTokenKeyCommitmentResult::New();
   ASSERT_TRUE(base::Base64Decode(
       "aaaa", &expectation->signed_redemption_record_verification_key));
+  expectation->protocol_version =
+      mojom::TrustTokenProtocolVersion::kTrustTokenV1;
+  expectation->id = 1;
   expectation->batch_size = 5;
 
   base::RunLoop run_loop;
   network_service_->SetTrustTokenKeyCommitments(
-      R"( { "https://issuer.example": { "batchsize": 5, "srrkey": "aaaa" } } )",
+      R"( { "https://issuer.example": { "protocol_version": "TrustTokenV1", "id": 1, "batchsize": 5, "srrkey": "aaaa" } } )",
       run_loop.QuitClosure());
   run_loop.Run();
 

services/network/public/mojom/trust_tokens.mojom

@@ -7,6 +7,17 @@ module network.mojom;
 import "url/mojom/origin.mojom";
 import "mojo/public/mojom/base/time.mojom";
 
+// TrustTokenProtocolVersion enumerates the versions of Trust Token that the
+// client knows about. Different versions represent different configuration
+// flows, data structure meanings, etc and may require clearing the database
+// due to incompatibilities.
+// TODO(crbug/1133969): Schema versioning needs to be implemented for future
+// versions that need to clear the database on schema changes.
+enum TrustTokenProtocolVersion {
+  kTrustTokenV1,
+};
+
+
 // TrustTokenOperationStatus enumerates (an incomplete collection of) outcomes
 // for a Trust Tokens protocol operation.
 //
@@ -160,6 +171,13 @@ struct TrustTokenVerificationKey {
 };
 
 struct TrustTokenKeyCommitmentResult {
+  // |protocol_version| is the Trust Token version that this key commitment is
+  // for.
+  TrustTokenProtocolVersion protocol_version;
+
+  // |id| is the ID for this key commitment.
+  int32 id;
+
   // |batch_size| is the issuer's number of tokens it wishes the client
   // to request per Trust Tokens issuance operation.
   int32 batch_size;

services/network/trust_tokens/boringssl_trust_token_issuance_cryptographer.cc

@@ -29,13 +29,20 @@ BoringsslTrustTokenIssuanceCryptographer::
     ~BoringsslTrustTokenIssuanceCryptographer() = default;
 
 bool BoringsslTrustTokenIssuanceCryptographer::Initialize(
+    mojom::TrustTokenProtocolVersion issuer_configured_version,
     int issuer_configured_batch_size) {
   if (!base::IsValueInRangeForNumericType<size_t>(issuer_configured_batch_size))
     return false;
 
+  const TRUST_TOKEN_METHOD* method = nullptr;
+  switch (issuer_configured_version) {
+    case mojom::TrustTokenProtocolVersion::kTrustTokenV1:
+      method = TRUST_TOKEN_experiment_v1();
+      break;
+  }
+
   ctx_ = bssl::UniquePtr<TRUST_TOKEN_CLIENT>(TRUST_TOKEN_CLIENT_new(
-      TRUST_TOKEN_experiment_v1(),
-      static_cast<size_t>(issuer_configured_batch_size)));
+      method, static_cast<size_t>(issuer_configured_batch_size)));
   return !!ctx_;
 }
 

services/network/trust_tokens/boringssl_trust_token_issuance_cryptographer.h

@@ -22,7 +22,8 @@ class BoringsslTrustTokenIssuanceCryptographer
   ~BoringsslTrustTokenIssuanceCryptographer() override;
 
   // TrustTokenRequestIssuanceHelper::Cryptographer implementation:
-  bool Initialize(int issuer_configured_batch_size) override;
+  bool Initialize(mojom::TrustTokenProtocolVersion issuer_configured_version,
+                  int issuer_configured_batch_size) override;
   bool AddKey(base::StringPiece key) override;
   base::Optional<std::string> BeginIssuance(size_t num_tokens) override;
   std::unique_ptr<UnblindedTokens> ConfirmIssuance(

services/network/trust_tokens/boringssl_trust_token_issuance_cryptographer_unittest.cc

@@ -38,7 +38,9 @@ TEST(BoringsslTrustTokenIssuanceCryptographer, RespectsKeyLimit) {
   // kMaximumConcurrentlyValidTrustTokenVerificationKeys is no greater than
   // BoringSSL's internally-configured maximum number of permitted keys.
   BoringsslTrustTokenIssuanceCryptographer cryptographer;
-  ASSERT_TRUE(cryptographer.Initialize(/*issuer_configured_batch_size=*/10));
+  ASSERT_TRUE(
+      cryptographer.Initialize(mojom::TrustTokenProtocolVersion::kTrustTokenV1,
+                               /*issuer_configured_batch_size=*/10));
 
   for (size_t i = 0; i < kMaximumConcurrentlyValidTrustTokenVerificationKeys;
        ++i) {

services/network/trust_tokens/boringssl_trust_token_redemption_cryptographer.cc

@@ -25,14 +25,21 @@ BoringsslTrustTokenRedemptionCryptographer::
     ~BoringsslTrustTokenRedemptionCryptographer() = default;
 
 bool BoringsslTrustTokenRedemptionCryptographer::Initialize(
+    mojom::TrustTokenProtocolVersion issuer_configured_version,
     int issuer_configured_batch_size,
     base::StringPiece signed_redemption_record_verification_key) {
   if (!base::IsValueInRangeForNumericType<size_t>(issuer_configured_batch_size))
     return false;
 
+  const TRUST_TOKEN_METHOD* method = nullptr;
+  switch (issuer_configured_version) {
+    case mojom::TrustTokenProtocolVersion::kTrustTokenV1:
+      method = TRUST_TOKEN_experiment_v1();
+      break;
+  }
+
   ctx_ = bssl::UniquePtr<TRUST_TOKEN_CLIENT>(TRUST_TOKEN_CLIENT_new(
-      TRUST_TOKEN_experiment_v1(),
-      static_cast<size_t>(issuer_configured_batch_size)));
+      method, static_cast<size_t>(issuer_configured_batch_size)));
   if (!ctx_)
     return false;
 

services/network/trust_tokens/boringssl_trust_token_redemption_cryptographer.h

@@ -20,6 +20,7 @@ class BoringsslTrustTokenRedemptionCryptographer
 
   // TrustTokenRequestRedemptionHelper::Cryptographer implementation:
   bool Initialize(
+      mojom::TrustTokenProtocolVersion issuer_configured_version,
       int issuer_configured_batch_size,
       base::StringPiece signed_redemption_record_verification_key) override;
   base::Optional<std::string> BeginRedemption(

services/network/trust_tokens/test/test_server_handler_registration.cc

@@ -64,7 +64,8 @@ void RegisterTrustTokenTestHandlers(net::EmbeddedTestServer* test_server,
         if (request.relative_url != kIssuanceRelativePath)
           return nullptr;
 
-        if (!base::Contains(request.headers, "Sec-Trust-Token"))
+        if (!base::Contains(request.headers, "Sec-Trust-Token") ||
+            !base::Contains(request.headers, "Sec-Trust-Token-Version"))
           return MakeTrustTokenFailureResponse();
 
         base::Optional<std::string> operation_result =
@@ -82,7 +83,8 @@ void RegisterTrustTokenTestHandlers(net::EmbeddedTestServer* test_server,
         if (request.relative_url != kRedemptionRelativePath)
           return nullptr;
 
-        if (!base::Contains(request.headers, "Sec-Trust-Token"))
+        if (!base::Contains(request.headers, "Sec-Trust-Token") ||
+            !base::Contains(request.headers, "Sec-Trust-Token-Version"))
           return MakeTrustTokenFailureResponse();
 
         base::Optional<std::string> operation_result =

services/network/trust_tokens/test/trust_token_request_handler.cc

@@ -67,6 +67,12 @@ bool HasKeyPairExpired(const IssuanceKeyPair& p) {
 }  // namespace
 
 struct TrustTokenRequestHandler::Rep {
+  // The protocol version to use.
+  std::string protocol_version;
+
+  // The commitment ID to use.
+  int id;
+
   // Issue at most this many tokens per issuance.
   int batch_size;
 
@@ -222,6 +228,8 @@ std::string TrustTokenRequestHandler::GetKeyCommitmentRecord() const {
   base::Value value(base::Value::Type::DICTIONARY);
   value.SetStringKey(
       "srrkey", base::Base64Encode(base::make_span(rep_->srr_verification)));
+  value.SetStringKey("protocol_version", rep_->protocol_version);
+  value.SetIntKey("id", rep_->id);
   value.SetIntKey("batchsize", rep_->batch_size);
 
   for (size_t i = 0; i < rep_->issuance_keys.size(); ++i) {
@@ -449,6 +457,8 @@ void TrustTokenRequestHandler::UpdateOptions(Options options) {
 
   rep_ = std::make_unique<Rep>();
 
+  rep_->protocol_version = options.protocol_version;
+  rep_->id = options.id;
   rep_->batch_size = options.batch_size;
   rep_->client_signing_outcome = options.client_signing_outcome;
   rep_->issuance_outcome = options.issuance_outcome;

services/network/trust_tokens/test/trust_token_request_handler.h

@@ -59,6 +59,12 @@ class TrustTokenRequestHandler {
     // the expected request.
     SigningOutcome client_signing_outcome = SigningOutcome::kSuccess;
 
+    // The protocol version to use.
+    std::string protocol_version = "TrustTokenV1";
+
+    // The commitment ID to use.
+    int id = 1;
+
     // The number of tokens to sign per issuance operation; this value is also
     // provided to the client as part of key commitment results.
     int batch_size = 10;
@@ -78,8 +84,9 @@ class TrustTokenRequestHandler {
   // Returns a key commitment record suitable for inserting into a {issuer:
   // commitment} dictionary passed to the network service via
   // NetworkService::SetTrustTokenKeyCommitments. This comprises |num_keys|
-  // token verification keys and a batch size of |batch_size| (or none if
-  // |batch_size| is nullopt).
+  // token verification keys, a protocol version of |protocol_version|, an ID of
+  // |id| and  a batch size of |batch_size| (or none if |batch_size| is
+  // nullopt).
   std::string GetKeyCommitmentRecord() const;
 
   // Given a base64-encoded issuance request, processes the

services/network/trust_tokens/trust_token_cryptographers_test.cc

@@ -48,6 +48,9 @@ struct ProtocolKeys {
   std::vector<uint8_t> srr_verification;
 };
 
+const mojom::TrustTokenProtocolVersion kProtocolVersion =
+    mojom::TrustTokenProtocolVersion::kTrustTokenV1;
+
 // Choose this number to be > 1 but fairly small: setting it to 10
 // led to the test running for 2.5 sec on a debug build.
 constexpr size_t kNumTokensToRequest = 3;
@@ -112,7 +115,8 @@ void RequestManyTokensAndRetainOneArbitrarily(
     TRUST_TOKEN_ISSUER* issuer_ctx,
     TrustToken* out_token) {
   BoringsslTrustTokenIssuanceCryptographer issuance_cryptographer;
-  ASSERT_TRUE(issuance_cryptographer.Initialize(kNumTokensToRequest));
+  ASSERT_TRUE(
+      issuance_cryptographer.Initialize(kProtocolVersion, kNumTokensToRequest));
 
   for (const TokenKeyPair& token_keys : keys.token_keys) {
     ASSERT_TRUE(issuance_cryptographer.AddKey(std::string(
@@ -165,7 +169,7 @@ void RedeemSingleToken(const ProtocolKeys& keys,
       url::Origin::Create(GURL("https://topframe.example"));
 
   ASSERT_TRUE(redemption_cryptographer.Initialize(
-      kNumTokensToRequest, as_string(keys.srr_verification)));
+      kProtocolVersion, kNumTokensToRequest, as_string(keys.srr_verification)));
 
   base::Optional<std::string> maybe_base64_encoded_redemption_request =
       redemption_cryptographer.BeginRedemption(

services/network/trust_tokens/trust_token_http_headers.cc

@@ -14,6 +14,7 @@ const std::vector<base::StringPiece>& TrustTokensRequestHeaders() {
       {kTrustTokensRequestHeaderSecSignature,
        kTrustTokensRequestHeaderSecSignedRedemptionRecord,
        kTrustTokensRequestHeaderSecTime, kTrustTokensSecTrustTokenHeader,
+       kTrustTokensSecTrustTokenVersionHeader,
        kTrustTokensRequestHeaderSecTrustTokensAdditionalSigningData}};
   return *headers;
 }

services/network/trust_tokens/trust_token_http_headers.h

@@ -25,6 +25,11 @@ namespace network {
 // Record.
 constexpr char kTrustTokensSecTrustTokenHeader[] = "Sec-Trust-Token";
 
+// As a request header, provides the version of Trust Token being used in the
+// Sec-Trust-Token header.
+constexpr char kTrustTokensSecTrustTokenVersionHeader[] =
+    "Sec-Trust-Token-Version";
+
 // As a request header, provides a timestamp associated with a
 // particular Trust Tokens signature-bearing request.
 constexpr char kTrustTokensRequestHeaderSecTime[] = "Sec-Time";

services/network/trust_tokens/trust_token_key_commitment_parser.cc

@@ -78,6 +78,24 @@ mojom::TrustTokenKeyCommitmentResultPtr ParseSingleIssuer(
 
   auto result = mojom::TrustTokenKeyCommitmentResult::New();
 
+  // Confirm that the protocol_version field is present.
+  const std::string* maybe_version =
+      value.FindStringKey(kTrustTokenKeyCommitmentProtocolVersionField);
+  if (!maybe_version)
+    return nullptr;
+  if (*maybe_version == "TrustTokenV1") {
+    result->protocol_version = mojom::TrustTokenProtocolVersion::kTrustTokenV1;
+  } else {
+    return nullptr;
+  }
+
+  // Confirm that the id field is present and type-safe.
+  base::Optional<int> maybe_id =
+      value.FindIntKey(kTrustTokenKeyCommitmentIDField);
+  if (!maybe_id || *maybe_id <= 0)
+    return nullptr;
+  result->id = *maybe_id;
+
   // Confirm that the batchsize field is present and type-safe.
   base::Optional<int> maybe_batch_size =
       value.FindIntKey(kTrustTokenKeyCommitmentBatchsizeField);
@@ -137,6 +155,8 @@ mojom::TrustTokenKeyCommitmentResultPtr& commitment(Entry& e) {
 
 }  // namespace
 
+const char kTrustTokenKeyCommitmentProtocolVersionField[] = "protocol_version";
+const char kTrustTokenKeyCommitmentIDField[] = "id";
 const char kTrustTokenKeyCommitmentBatchsizeField[] = "batchsize";
 const char kTrustTokenKeyCommitmentSrrkeyField[] = "srrkey";
 const char kTrustTokenKeyCommitmentExpiryField[] = "expiry";
@@ -144,18 +164,21 @@ const char kTrustTokenKeyCommitmentKeyField[] = "Y";
 
 // https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#bookmark=id.6wh9crbxdizi
 // {
-//   "batchsize" : ..., // Batch size; value of type int.
-//   "srrkey" : ...,    // Required Signed Redemption Record (SRR)
-//                      // verification key, in base64.
+//   "protocol_version" : ..., // Protocol Version; value of type string.
+//   "id" : ...,               // ID; value of type int.
+//   "batchsize" : ...,        // Batch size; value of type int.
+//   "srrkey" : ...,           // Required Signed Redemption Record (SRR)
+//                             // verification key, in base64.
 //
-//   "1" : {            // Key label, a number in uint32_t range; ignored except
-//                      // for checking that it is present and type-safe.
-//     "Y" : ...,       // Required token issuance verification key, in
-//                      // base64.
-//     "expiry" : ...,  // Required token issuance key expiry time, in
-//                      // microseconds since the Unix epoch.
+//   "1" : {                   // Key label, a number in uint32_t range; ignored
+//                             // except for checking that it is present and
+//                             // type-safe.
+//     "Y" : ...,              // Required token issuance verification key, in
+//                             // base64.
+//     "expiry" : ...,         // Required token issuance key expiry time, in
+//                             // microseconds since the Unix epoch.
 //   },
-//   "17" : {           // No guarantee that key labels (1, 17) are dense.
+//   "17" : {                  // No guarantee that key labels (1, 7) are dense.
 //     "Y" : ...,
 //     "expiry" : ...,
 //   }

services/network/trust_tokens/trust_token_key_commitment_parser.h

@@ -17,6 +17,10 @@ namespace network {
 // Field names from the key commitment JSON format specified in the Trust Tokens
 // design doc
 // (https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#bookmark=id.6wh9crbxdizi):
+// - "protocol_version" (version of Trust Token used for this commitment)
+extern const char kTrustTokenKeyCommitmentProtocolVersionField[];
+// - "id" (ID for this key commitment)
+extern const char kTrustTokenKeyCommitmentIDField[];
 // - "batch size" (number of blinded tokens to provide per issuance request)
 extern const char kTrustTokenKeyCommitmentBatchsizeField[];
 // - verification key for the signatures the issuer provides over its Signed

services/network/trust_tokens/trust_token_key_commitments_unittest.cc

@@ -64,6 +64,9 @@ TEST(TrustTokenKeyCommitments, CanRetrieveRecordForSuitableOrigin) {
   TrustTokenKeyCommitments commitments;
 
   auto expectation = mojom::TrustTokenKeyCommitmentResult::New();
+  expectation->protocol_version =
+      mojom::TrustTokenProtocolVersion::kTrustTokenV1;
+  expectation->id = 1;
   expectation->batch_size = 5;
 
   auto suitable_origin = *SuitableTrustTokenOrigin::Create(
@@ -88,6 +91,9 @@ TEST(TrustTokenKeyCommitments, CantRetrieveRecordForOriginNotPresent) {
   auto an_origin =
       *SuitableTrustTokenOrigin::Create(GURL("https://an-origin.example"));
   auto an_expectation = mojom::TrustTokenKeyCommitmentResult::New();
+  an_expectation->protocol_version =
+      mojom::TrustTokenProtocolVersion::kTrustTokenV1;
+  an_expectation->id = 1;
   an_expectation->batch_size = 5;
 
   base::flat_map<url::Origin, mojom::TrustTokenKeyCommitmentResultPtr> to_set;
@@ -114,7 +120,13 @@ TEST(TrustTokenKeyCommitments, MultipleOrigins) {
       mojom::TrustTokenKeyCommitmentResult::New(),
   };
 
+  expectations[0]->protocol_version =
+      mojom::TrustTokenProtocolVersion::kTrustTokenV1;
+  expectations[0]->id = 1;
   expectations[0]->batch_size = 0;
+  expectations[1]->protocol_version =
+      mojom::TrustTokenProtocolVersion::kTrustTokenV1;
+  expectations[1]->id = 1;
   expectations[1]->batch_size = 1;
 
   base::flat_map<url::Origin, mojom::TrustTokenKeyCommitmentResultPtr> to_set;
@@ -132,7 +144,7 @@ TEST(TrustTokenKeyCommitments, MultipleOrigins) {
 TEST(TrustTokenKeyCommitments, ParseAndSet) {
   TrustTokenKeyCommitments commitments;
   commitments.ParseAndSet(
-      R"( { "https://issuer.example": { "batchsize": 5, "srrkey": "aaaa" } } )");
+      R"( { "https://issuer.example": { "protocol_version": "TrustTokenV1", "id": 1, "batchsize": 5, "srrkey": "aaaa" } } )");
 
   EXPECT_TRUE(GetCommitmentForOrigin(
       commitments,
@@ -143,7 +155,7 @@ TEST(TrustTokenKeyCommitments, KeysFromCommandLine) {
   base::test::ScopedCommandLine command_line;
   command_line.GetProcessCommandLine()->AppendSwitchASCII(
       switches::kAdditionalTrustTokenKeyCommitments,
-      R"( { "https://issuer.example": { "batchsize": 5, "srrkey": "aaaa" } } )");
+      R"( { "https://issuer.example": { "protocol_version": "TrustTokenV1", "id": 1, "batchsize": 5, "srrkey": "aaaa" } } )");
 
   TrustTokenKeyCommitments commitments;
 
@@ -152,7 +164,7 @@ TEST(TrustTokenKeyCommitments, KeysFromCommandLine) {
       *SuitableTrustTokenOrigin::Create(GURL("https://issuer.example"))));
 
   commitments.ParseAndSet(
-      R"( { "https://issuer.example": { "batchsize": 10, "srrkey": "bbbb" } } )");
+      R"( { "https://issuer.example": { "protocol_version": "TrustTokenV1", "id": 1, "batchsize": 10, "srrkey": "bbbb" } } )");
 
   // A commitment provided through |Set| should defer to the one passed
   // through the command line.
@@ -164,6 +176,9 @@ TEST(TrustTokenKeyCommitments, KeysFromCommandLine) {
       *SuitableTrustTokenOrigin::Create(GURL("https://issuer.example")));
   ASSERT_TRUE(result);
   EXPECT_EQ(result->signed_redemption_record_verification_key, expected_srrkey);
+  EXPECT_EQ(result->protocol_version,
+            mojom::TrustTokenProtocolVersion::kTrustTokenV1);
+  EXPECT_EQ(result->id, 1);
   EXPECT_EQ(result->batch_size, 5);
 }
 
@@ -216,6 +231,9 @@ TEST(TrustTokenKeyCommitments, GetSync) {
   TrustTokenKeyCommitments commitments;
 
   auto expectation = mojom::TrustTokenKeyCommitmentResult::New();
+  expectation->protocol_version =
+      mojom::TrustTokenProtocolVersion::kTrustTokenV1;
+  expectation->id = 1;
   expectation->batch_size = 5;
 
   auto suitable_origin = *SuitableTrustTokenOrigin::Create(

services/network/trust_tokens/trust_token_request_issuance_helper.cc

@@ -144,8 +144,10 @@ void TrustTokenRequestIssuanceHelper::OnGotKeyCommitment(
     return;
   }
 
+  protocol_version_ = commitment_result->protocol_version;
   if (!commitment_result->batch_size ||
-      !cryptographer_->Initialize(commitment_result->batch_size)) {
+      !cryptographer_->Initialize(protocol_version_,
+                                  commitment_result->batch_size)) {
     LogOutcome(net_log_, kBegin,
                "Internal error initializing cryptography delegate");
     std::move(done).Run(mojom::TrustTokenOperationStatus::kInternalError);
@@ -198,6 +200,12 @@ void TrustTokenRequestIssuanceHelper::OnDelegateBeginIssuanceCallComplete(
                                        std::move(*maybe_blinded_tokens),
                                        /*overwrite=*/true);
 
+  std::string protocol_string_version =
+      internal::ProtocolVersionToString(protocol_version_);
+  request->SetExtraRequestHeaderByName(kTrustTokensSecTrustTokenVersionHeader,
+                                       protocol_string_version,
+                                       /*overwrite=*/true);
+
   // We don't want cache reads, because the highest priority is to execute the
   // protocol operation by sending the server the Trust Tokens request header
   // and getting the corresponding response header, but we want cache writes

services/network/trust_tokens/trust_token_request_issuance_helper.h

@@ -55,12 +55,15 @@ class TrustTokenRequestIssuanceHelper : public TrustTokenRequestHelper {
    public:
     virtual ~Cryptographer() = default;
 
-    // Initializes the delegate. |issuer_configured_batch_size| must be the
-    // "batchsize" value from an issuer-provided key commitment result.
+    // Initializes the delegate. |issuer_configured_version| and
+    // |issuer_configured_batch_size| must be the "protocol_version" and
+    // "batchsize" values from an issuer-provided key commitment result.
     //
     // Returns true on success and false if the batch size is unacceptable or an
     // internal error occurred in the underlying cryptographic library.
-    virtual bool Initialize(int issuer_configured_batch_size) = 0;
+    virtual bool Initialize(
+        mojom::TrustTokenProtocolVersion issuer_configured_version,
+        int issuer_configured_batch_size) = 0;
 
     // Stores a Trust Tokens issuance verification key for subsequent use
     // verifying signed tokens in |ConfirmIssuance|. May be called multiple
@@ -211,6 +214,8 @@ class TrustTokenRequestIssuanceHelper : public TrustTokenRequestHelper {
   TrustTokenStore* const token_store_;
   const TrustTokenKeyCommitmentGetter* const key_commitment_getter_;
 
+  mojom::TrustTokenProtocolVersion protocol_version_;
+
   // Relinquishes ownership during posted tasks for the potentially
   // computationally intensive cryptographic operations
   // (Cryptographer::BeginIssuance, Cryptographer::ConfirmIssuance); repopulated

services/network/trust_tokens/trust_token_request_redemption_helper.cc

@@ -135,7 +135,7 @@ void TrustTokenRequestRedemptionHelper::OnGotKeyCommitment(
 
   if (!commitment_result->batch_size ||
       !cryptographer_->Initialize(
-          commitment_result->batch_size,
+          commitment_result->protocol_version, commitment_result->batch_size,
           commitment_result->signed_redemption_record_verification_key)) {
     LogOutcome(net_log_, kBegin,
                "Internal error initializing BoringSSL redemption state "
@@ -166,6 +166,12 @@ void TrustTokenRequestRedemptionHelper::OnGotKeyCommitment(
                                        std::move(*maybe_redemption_header),
                                        /*overwrite=*/true);
 
+  std::string protocol_string_version =
+      internal::ProtocolVersionToString(commitment_result->protocol_version);
+  request->SetExtraRequestHeaderByName(kTrustTokensSecTrustTokenVersionHeader,
+                                       protocol_string_version,
+                                       /*overwrite=*/true);
+
   // We don't want cache reads, because the highest priority is to execute the
   // protocol operation by sending the server the Trust Tokens request header
   // and getting the corresponding response header, but we want cache writes

services/network/trust_tokens/trust_token_request_redemption_helper.h

@@ -68,14 +68,16 @@ class TrustTokenRequestRedemptionHelper : public TrustTokenRequestHelper {
    public:
     virtual ~Cryptographer() = default;
 
-    // Initializes the delegate. |issuer_configured_batch_size| must be the
-    // "batchsize" value, and |signed_Redemption_record_verification_key| the
+    // Initializes the delegate. |issuer_configured_version| and
+    // |issuer_configured_batch_size| must be the "protocol_version" and
+    // "batchsize" values, and |signed_redemption_record_verification_key| the
     // "srrkey" value, from an issuer-provided key commitment result.
     //
     // Returns true on success and false if the batch size or key is
     // unacceptable or an internal error occurred in the underlying
     // cryptographic library.
     virtual bool Initialize(
+        mojom::TrustTokenProtocolVersion issuer_configured_version,
         int issuer_configured_batch_size,
         base::StringPiece signed_redemption_record_verification_key) = 0;
 

services/network/trust_tokens/types.cc

@@ -33,5 +33,13 @@ base::StringPiece TrustTokenOperationTypeToString(
   }
 }
 
+std::string ProtocolVersionToString(
+    mojom::TrustTokenProtocolVersion my_version) {
+  switch (my_version) {
+    case mojom::TrustTokenProtocolVersion::kTrustTokenV1:
+      return "TrustTokenV1";
+  }
+}
+
 }  // namespace internal
 }  // namespace network

services/network/trust_tokens/types.h

@@ -29,6 +29,9 @@ std::string TimeToString(base::Time my_time);
 base::StringPiece TrustTokenOperationTypeToString(
     mojom::TrustTokenOperationType type);
 
+// Serializes a mojom::TrustTokenProtocolVersion.
+std::string ProtocolVersionToString(mojom::TrustTokenProtocolVersion);
+
 }  // namespace internal
 }  // namespace network