1*cc02d7e2SAndroid Build Coastguard Worker// Copyright 2018 The gRPC Authors 2*cc02d7e2SAndroid Build Coastguard Worker// 3*cc02d7e2SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*cc02d7e2SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*cc02d7e2SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*cc02d7e2SAndroid Build Coastguard Worker// 7*cc02d7e2SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*cc02d7e2SAndroid Build Coastguard Worker// 9*cc02d7e2SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*cc02d7e2SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*cc02d7e2SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*cc02d7e2SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*cc02d7e2SAndroid Build Coastguard Worker// limitations under the License. 14*cc02d7e2SAndroid Build Coastguard Worker 15*cc02d7e2SAndroid Build Coastguard Worker// The canonical version of this proto can be found at 16*cc02d7e2SAndroid Build Coastguard Worker// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/handshaker.proto 17*cc02d7e2SAndroid Build Coastguard Worker 18*cc02d7e2SAndroid Build Coastguard Workersyntax = "proto3"; 19*cc02d7e2SAndroid Build Coastguard Worker 20*cc02d7e2SAndroid Build Coastguard Workerpackage grpc.gcp; 21*cc02d7e2SAndroid Build Coastguard Worker 22*cc02d7e2SAndroid Build Coastguard Workerimport "src/proto/grpc/gcp/transport_security_common.proto"; 23*cc02d7e2SAndroid Build Coastguard Worker 24*cc02d7e2SAndroid Build Coastguard Workeroption go_package = "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"; 25*cc02d7e2SAndroid Build Coastguard Workeroption java_multiple_files = true; 26*cc02d7e2SAndroid Build Coastguard Workeroption java_outer_classname = "HandshakerProto"; 27*cc02d7e2SAndroid Build Coastguard Workeroption java_package = "io.grpc.alts.internal"; 28*cc02d7e2SAndroid Build Coastguard Worker 29*cc02d7e2SAndroid Build Coastguard Worker 30*cc02d7e2SAndroid Build Coastguard Workerenum HandshakeProtocol { 31*cc02d7e2SAndroid Build Coastguard Worker // Default value. 32*cc02d7e2SAndroid Build Coastguard Worker HANDSHAKE_PROTOCOL_UNSPECIFIED = 0; 33*cc02d7e2SAndroid Build Coastguard Worker 34*cc02d7e2SAndroid Build Coastguard Worker // TLS handshake protocol. 35*cc02d7e2SAndroid Build Coastguard Worker TLS = 1; 36*cc02d7e2SAndroid Build Coastguard Worker 37*cc02d7e2SAndroid Build Coastguard Worker // Application Layer Transport Security handshake protocol. 38*cc02d7e2SAndroid Build Coastguard Worker ALTS = 2; 39*cc02d7e2SAndroid Build Coastguard Worker} 40*cc02d7e2SAndroid Build Coastguard Worker 41*cc02d7e2SAndroid Build Coastguard Workerenum NetworkProtocol { 42*cc02d7e2SAndroid Build Coastguard Worker NETWORK_PROTOCOL_UNSPECIFIED = 0; 43*cc02d7e2SAndroid Build Coastguard Worker TCP = 1; 44*cc02d7e2SAndroid Build Coastguard Worker UDP = 2; 45*cc02d7e2SAndroid Build Coastguard Worker} 46*cc02d7e2SAndroid Build Coastguard Worker 47*cc02d7e2SAndroid Build Coastguard Workermessage Endpoint { 48*cc02d7e2SAndroid Build Coastguard Worker // IP address. It should contain an IPv4 or IPv6 string literal, e.g. 49*cc02d7e2SAndroid Build Coastguard Worker // "192.168.0.1" or "2001:db8::1". 50*cc02d7e2SAndroid Build Coastguard Worker string ip_address = 1; 51*cc02d7e2SAndroid Build Coastguard Worker 52*cc02d7e2SAndroid Build Coastguard Worker // Port number. 53*cc02d7e2SAndroid Build Coastguard Worker int32 port = 2; 54*cc02d7e2SAndroid Build Coastguard Worker 55*cc02d7e2SAndroid Build Coastguard Worker // Network protocol (e.g., TCP, UDP) associated with this endpoint. 56*cc02d7e2SAndroid Build Coastguard Worker NetworkProtocol protocol = 3; 57*cc02d7e2SAndroid Build Coastguard Worker} 58*cc02d7e2SAndroid Build Coastguard Worker 59*cc02d7e2SAndroid Build Coastguard Workermessage Identity { 60*cc02d7e2SAndroid Build Coastguard Worker oneof identity_oneof { 61*cc02d7e2SAndroid Build Coastguard Worker // Service account of a connection endpoint. 62*cc02d7e2SAndroid Build Coastguard Worker string service_account = 1; 63*cc02d7e2SAndroid Build Coastguard Worker 64*cc02d7e2SAndroid Build Coastguard Worker // Hostname of a connection endpoint. 65*cc02d7e2SAndroid Build Coastguard Worker string hostname = 2; 66*cc02d7e2SAndroid Build Coastguard Worker } 67*cc02d7e2SAndroid Build Coastguard Worker 68*cc02d7e2SAndroid Build Coastguard Worker // Additional attributes of the identity. 69*cc02d7e2SAndroid Build Coastguard Worker map<string, string> attributes = 3; 70*cc02d7e2SAndroid Build Coastguard Worker} 71*cc02d7e2SAndroid Build Coastguard Worker 72*cc02d7e2SAndroid Build Coastguard Workermessage StartClientHandshakeReq { 73*cc02d7e2SAndroid Build Coastguard Worker // Handshake security protocol requested by the client. 74*cc02d7e2SAndroid Build Coastguard Worker HandshakeProtocol handshake_security_protocol = 1; 75*cc02d7e2SAndroid Build Coastguard Worker 76*cc02d7e2SAndroid Build Coastguard Worker // The application protocols supported by the client, e.g., "h2" (for http2), 77*cc02d7e2SAndroid Build Coastguard Worker // "grpc". 78*cc02d7e2SAndroid Build Coastguard Worker repeated string application_protocols = 2; 79*cc02d7e2SAndroid Build Coastguard Worker 80*cc02d7e2SAndroid Build Coastguard Worker // The record protocols supported by the client, e.g., 81*cc02d7e2SAndroid Build Coastguard Worker // "ALTSRP_GCM_AES128". 82*cc02d7e2SAndroid Build Coastguard Worker repeated string record_protocols = 3; 83*cc02d7e2SAndroid Build Coastguard Worker 84*cc02d7e2SAndroid Build Coastguard Worker // (Optional) Describes which server identities are acceptable by the client. 85*cc02d7e2SAndroid Build Coastguard Worker // If target identities are provided and none of them matches the peer 86*cc02d7e2SAndroid Build Coastguard Worker // identity of the server, handshake will fail. 87*cc02d7e2SAndroid Build Coastguard Worker repeated Identity target_identities = 4; 88*cc02d7e2SAndroid Build Coastguard Worker 89*cc02d7e2SAndroid Build Coastguard Worker // (Optional) Application may specify a local identity. Otherwise, the 90*cc02d7e2SAndroid Build Coastguard Worker // handshaker chooses a default local identity. 91*cc02d7e2SAndroid Build Coastguard Worker Identity local_identity = 5; 92*cc02d7e2SAndroid Build Coastguard Worker 93*cc02d7e2SAndroid Build Coastguard Worker // (Optional) Local endpoint information of the connection to the server, 94*cc02d7e2SAndroid Build Coastguard Worker // such as local IP address, port number, and network protocol. 95*cc02d7e2SAndroid Build Coastguard Worker Endpoint local_endpoint = 6; 96*cc02d7e2SAndroid Build Coastguard Worker 97*cc02d7e2SAndroid Build Coastguard Worker // (Optional) Endpoint information of the remote server, such as IP address, 98*cc02d7e2SAndroid Build Coastguard Worker // port number, and network protocol. 99*cc02d7e2SAndroid Build Coastguard Worker Endpoint remote_endpoint = 7; 100*cc02d7e2SAndroid Build Coastguard Worker 101*cc02d7e2SAndroid Build Coastguard Worker // (Optional) If target name is provided, a secure naming check is performed 102*cc02d7e2SAndroid Build Coastguard Worker // to verify that the peer authenticated identity is indeed authorized to run 103*cc02d7e2SAndroid Build Coastguard Worker // the target name. 104*cc02d7e2SAndroid Build Coastguard Worker string target_name = 8; 105*cc02d7e2SAndroid Build Coastguard Worker 106*cc02d7e2SAndroid Build Coastguard Worker // (Optional) RPC protocol versions supported by the client. 107*cc02d7e2SAndroid Build Coastguard Worker RpcProtocolVersions rpc_versions = 9; 108*cc02d7e2SAndroid Build Coastguard Worker 109*cc02d7e2SAndroid Build Coastguard Worker // (Optional) Maximum frame size supported by the client. 110*cc02d7e2SAndroid Build Coastguard Worker uint32 max_frame_size = 10; 111*cc02d7e2SAndroid Build Coastguard Worker} 112*cc02d7e2SAndroid Build Coastguard Worker 113*cc02d7e2SAndroid Build Coastguard Workermessage ServerHandshakeParameters { 114*cc02d7e2SAndroid Build Coastguard Worker // The record protocols supported by the server, e.g., 115*cc02d7e2SAndroid Build Coastguard Worker // "ALTSRP_GCM_AES128". 116*cc02d7e2SAndroid Build Coastguard Worker repeated string record_protocols = 1; 117*cc02d7e2SAndroid Build Coastguard Worker 118*cc02d7e2SAndroid Build Coastguard Worker // (Optional) A list of local identities supported by the server, if 119*cc02d7e2SAndroid Build Coastguard Worker // specified. Otherwise, the handshaker chooses a default local identity. 120*cc02d7e2SAndroid Build Coastguard Worker repeated Identity local_identities = 2; 121*cc02d7e2SAndroid Build Coastguard Worker} 122*cc02d7e2SAndroid Build Coastguard Worker 123*cc02d7e2SAndroid Build Coastguard Workermessage StartServerHandshakeReq { 124*cc02d7e2SAndroid Build Coastguard Worker // The application protocols supported by the server, e.g., "h2" (for http2), 125*cc02d7e2SAndroid Build Coastguard Worker // "grpc". 126*cc02d7e2SAndroid Build Coastguard Worker repeated string application_protocols = 1; 127*cc02d7e2SAndroid Build Coastguard Worker 128*cc02d7e2SAndroid Build Coastguard Worker // Handshake parameters (record protocols and local identities supported by 129*cc02d7e2SAndroid Build Coastguard Worker // the server) mapped by the handshake protocol. Each handshake security 130*cc02d7e2SAndroid Build Coastguard Worker // protocol (e.g., TLS or ALTS) has its own set of record protocols and local 131*cc02d7e2SAndroid Build Coastguard Worker // identities. Since protobuf does not support enum as key to the map, the key 132*cc02d7e2SAndroid Build Coastguard Worker // to handshake_parameters is the integer value of HandshakeProtocol enum. 133*cc02d7e2SAndroid Build Coastguard Worker map<int32, ServerHandshakeParameters> handshake_parameters = 2; 134*cc02d7e2SAndroid Build Coastguard Worker 135*cc02d7e2SAndroid Build Coastguard Worker // Bytes in out_frames returned from the peer's HandshakerResp. It is possible 136*cc02d7e2SAndroid Build Coastguard Worker // that the peer's out_frames are split into multiple HandshakReq messages. 137*cc02d7e2SAndroid Build Coastguard Worker bytes in_bytes = 3; 138*cc02d7e2SAndroid Build Coastguard Worker 139*cc02d7e2SAndroid Build Coastguard Worker // (Optional) Local endpoint information of the connection to the client, 140*cc02d7e2SAndroid Build Coastguard Worker // such as local IP address, port number, and network protocol. 141*cc02d7e2SAndroid Build Coastguard Worker Endpoint local_endpoint = 4; 142*cc02d7e2SAndroid Build Coastguard Worker 143*cc02d7e2SAndroid Build Coastguard Worker // (Optional) Endpoint information of the remote client, such as IP address, 144*cc02d7e2SAndroid Build Coastguard Worker // port number, and network protocol. 145*cc02d7e2SAndroid Build Coastguard Worker Endpoint remote_endpoint = 5; 146*cc02d7e2SAndroid Build Coastguard Worker 147*cc02d7e2SAndroid Build Coastguard Worker // (Optional) RPC protocol versions supported by the server. 148*cc02d7e2SAndroid Build Coastguard Worker RpcProtocolVersions rpc_versions = 6; 149*cc02d7e2SAndroid Build Coastguard Worker 150*cc02d7e2SAndroid Build Coastguard Worker // (Optional) Maximum frame size supported by the server. 151*cc02d7e2SAndroid Build Coastguard Worker uint32 max_frame_size = 7; 152*cc02d7e2SAndroid Build Coastguard Worker} 153*cc02d7e2SAndroid Build Coastguard Worker 154*cc02d7e2SAndroid Build Coastguard Workermessage NextHandshakeMessageReq { 155*cc02d7e2SAndroid Build Coastguard Worker // Bytes in out_frames returned from the peer's HandshakerResp. It is possible 156*cc02d7e2SAndroid Build Coastguard Worker // that the peer's out_frames are split into multiple NextHandshakerMessageReq 157*cc02d7e2SAndroid Build Coastguard Worker // messages. 158*cc02d7e2SAndroid Build Coastguard Worker bytes in_bytes = 1; 159*cc02d7e2SAndroid Build Coastguard Worker} 160*cc02d7e2SAndroid Build Coastguard Worker 161*cc02d7e2SAndroid Build Coastguard Workermessage HandshakerReq { 162*cc02d7e2SAndroid Build Coastguard Worker oneof req_oneof { 163*cc02d7e2SAndroid Build Coastguard Worker // The start client handshake request message. 164*cc02d7e2SAndroid Build Coastguard Worker StartClientHandshakeReq client_start = 1; 165*cc02d7e2SAndroid Build Coastguard Worker 166*cc02d7e2SAndroid Build Coastguard Worker // The start server handshake request message. 167*cc02d7e2SAndroid Build Coastguard Worker StartServerHandshakeReq server_start = 2; 168*cc02d7e2SAndroid Build Coastguard Worker 169*cc02d7e2SAndroid Build Coastguard Worker // The next handshake request message. 170*cc02d7e2SAndroid Build Coastguard Worker NextHandshakeMessageReq next = 3; 171*cc02d7e2SAndroid Build Coastguard Worker } 172*cc02d7e2SAndroid Build Coastguard Worker} 173*cc02d7e2SAndroid Build Coastguard Worker 174*cc02d7e2SAndroid Build Coastguard Workermessage HandshakerResult { 175*cc02d7e2SAndroid Build Coastguard Worker // The application protocol negotiated for this connection. 176*cc02d7e2SAndroid Build Coastguard Worker string application_protocol = 1; 177*cc02d7e2SAndroid Build Coastguard Worker 178*cc02d7e2SAndroid Build Coastguard Worker // The record protocol negotiated for this connection. 179*cc02d7e2SAndroid Build Coastguard Worker string record_protocol = 2; 180*cc02d7e2SAndroid Build Coastguard Worker 181*cc02d7e2SAndroid Build Coastguard Worker // Cryptographic key data. The key data may be more than the key length 182*cc02d7e2SAndroid Build Coastguard Worker // required for the record protocol, thus the client of the handshaker 183*cc02d7e2SAndroid Build Coastguard Worker // service needs to truncate the key data into the right key length. 184*cc02d7e2SAndroid Build Coastguard Worker bytes key_data = 3; 185*cc02d7e2SAndroid Build Coastguard Worker 186*cc02d7e2SAndroid Build Coastguard Worker // The authenticated identity of the peer. 187*cc02d7e2SAndroid Build Coastguard Worker Identity peer_identity = 4; 188*cc02d7e2SAndroid Build Coastguard Worker 189*cc02d7e2SAndroid Build Coastguard Worker // The local identity used in the handshake. 190*cc02d7e2SAndroid Build Coastguard Worker Identity local_identity = 5; 191*cc02d7e2SAndroid Build Coastguard Worker 192*cc02d7e2SAndroid Build Coastguard Worker // Indicate whether the handshaker service client should keep the channel 193*cc02d7e2SAndroid Build Coastguard Worker // between the handshaker service open, e.g., in order to handle 194*cc02d7e2SAndroid Build Coastguard Worker // post-handshake messages in the future. 195*cc02d7e2SAndroid Build Coastguard Worker bool keep_channel_open = 6; 196*cc02d7e2SAndroid Build Coastguard Worker 197*cc02d7e2SAndroid Build Coastguard Worker // The RPC protocol versions supported by the peer. 198*cc02d7e2SAndroid Build Coastguard Worker RpcProtocolVersions peer_rpc_versions = 7; 199*cc02d7e2SAndroid Build Coastguard Worker 200*cc02d7e2SAndroid Build Coastguard Worker // The maximum frame size of the peer. 201*cc02d7e2SAndroid Build Coastguard Worker uint32 max_frame_size = 8; 202*cc02d7e2SAndroid Build Coastguard Worker} 203*cc02d7e2SAndroid Build Coastguard Worker 204*cc02d7e2SAndroid Build Coastguard Workermessage HandshakerStatus { 205*cc02d7e2SAndroid Build Coastguard Worker // The status code. This could be the gRPC status code. 206*cc02d7e2SAndroid Build Coastguard Worker uint32 code = 1; 207*cc02d7e2SAndroid Build Coastguard Worker 208*cc02d7e2SAndroid Build Coastguard Worker // The status details. 209*cc02d7e2SAndroid Build Coastguard Worker string details = 2; 210*cc02d7e2SAndroid Build Coastguard Worker} 211*cc02d7e2SAndroid Build Coastguard Worker 212*cc02d7e2SAndroid Build Coastguard Workermessage HandshakerResp { 213*cc02d7e2SAndroid Build Coastguard Worker // Frames to be given to the peer for the NextHandshakeMessageReq. May be 214*cc02d7e2SAndroid Build Coastguard Worker // empty if no out_frames have to be sent to the peer or if in_bytes in the 215*cc02d7e2SAndroid Build Coastguard Worker // HandshakerReq are incomplete. All the non-empty out frames must be sent to 216*cc02d7e2SAndroid Build Coastguard Worker // the peer even if the handshaker status is not OK as these frames may 217*cc02d7e2SAndroid Build Coastguard Worker // contain the alert frames. 218*cc02d7e2SAndroid Build Coastguard Worker bytes out_frames = 1; 219*cc02d7e2SAndroid Build Coastguard Worker 220*cc02d7e2SAndroid Build Coastguard Worker // Number of bytes in the in_bytes consumed by the handshaker. It is possible 221*cc02d7e2SAndroid Build Coastguard Worker // that part of in_bytes in HandshakerReq was unrelated to the handshake 222*cc02d7e2SAndroid Build Coastguard Worker // process. 223*cc02d7e2SAndroid Build Coastguard Worker uint32 bytes_consumed = 2; 224*cc02d7e2SAndroid Build Coastguard Worker 225*cc02d7e2SAndroid Build Coastguard Worker // This is set iff the handshake was successful. out_frames may still be set 226*cc02d7e2SAndroid Build Coastguard Worker // to frames that needs to be forwarded to the peer. 227*cc02d7e2SAndroid Build Coastguard Worker HandshakerResult result = 3; 228*cc02d7e2SAndroid Build Coastguard Worker 229*cc02d7e2SAndroid Build Coastguard Worker // Status of the handshaker. 230*cc02d7e2SAndroid Build Coastguard Worker HandshakerStatus status = 4; 231*cc02d7e2SAndroid Build Coastguard Worker} 232*cc02d7e2SAndroid Build Coastguard Worker 233*cc02d7e2SAndroid Build Coastguard Workerservice HandshakerService { 234*cc02d7e2SAndroid Build Coastguard Worker // Handshaker service accepts a stream of handshaker request, returning a 235*cc02d7e2SAndroid Build Coastguard Worker // stream of handshaker response. Client is expected to send exactly one 236*cc02d7e2SAndroid Build Coastguard Worker // message with either client_start or server_start followed by one or more 237*cc02d7e2SAndroid Build Coastguard Worker // messages with next. Each time client sends a request, the handshaker 238*cc02d7e2SAndroid Build Coastguard Worker // service expects to respond. Client does not have to wait for service's 239*cc02d7e2SAndroid Build Coastguard Worker // response before sending next request. 240*cc02d7e2SAndroid Build Coastguard Worker rpc DoHandshake(stream HandshakerReq) 241*cc02d7e2SAndroid Build Coastguard Worker returns (stream HandshakerResp) { 242*cc02d7e2SAndroid Build Coastguard Worker } 243*cc02d7e2SAndroid Build Coastguard Worker} 244