const (
S2AService_SetUpSession_FullMethodName = "/s2a.proto.S2AService/SetUpSession"
)
var File_internal_proto_s2a_s2a_proto protoreflect.FileDescriptor
S2AService_ServiceDesc is the grpc.ServiceDesc for S2AService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
var S2AService_ServiceDesc = grpc.ServiceDesc{ ServiceName: "s2a.proto.S2AService", HandlerType: (*S2AServiceServer)(nil), Methods: []grpc.MethodDesc{}, Streams: []grpc.StreamDesc{ { StreamName: "SetUpSession", Handler: _S2AService_SetUpSession_Handler, ServerStreams: true, ClientStreams: true, }, }, Metadata: "internal/proto/s2a/s2a.proto", }
func RegisterS2AServiceServer(s grpc.ServiceRegistrar, srv S2AServiceServer)
type AuthenticationMechanism struct {
// (Optional) Application may specify an identity associated to an
// authentication mechanism. Otherwise, S2A assumes that the authentication
// mechanism is associated with the default identity. If the default identity
// cannot be determined, session setup fails.
Identity *common_go_proto.Identity `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
// Types that are assignable to MechanismOneof:
//
// *AuthenticationMechanism_Token
MechanismOneof isAuthenticationMechanism_MechanismOneof `protobuf_oneof:"mechanism_oneof"`
// contains filtered or unexported fields
}
func (*AuthenticationMechanism) Descriptor() ([]byte, []int)
Deprecated: Use AuthenticationMechanism.ProtoReflect.Descriptor instead.
func (x *AuthenticationMechanism) GetIdentity() *common_go_proto.Identity
func (m *AuthenticationMechanism) GetMechanismOneof() isAuthenticationMechanism_MechanismOneof
func (x *AuthenticationMechanism) GetToken() string
func (*AuthenticationMechanism) ProtoMessage()
func (x *AuthenticationMechanism) ProtoReflect() protoreflect.Message
func (x *AuthenticationMechanism) Reset()
func (x *AuthenticationMechanism) String() string
type AuthenticationMechanism_Token struct {
// A token that the application uses to authenticate itself to the S2A.
Token string `protobuf:"bytes,2,opt,name=token,proto3,oneof"`
}
type ClientSessionStartReq struct {
// The application protocols supported by the client, e.g., "grpc".
ApplicationProtocols []string `protobuf:"bytes,1,rep,name=application_protocols,json=applicationProtocols,proto3" json:"application_protocols,omitempty"`
// (Optional) The minimum TLS version number that the S2A's handshaker module
// will use to set up the session. If this field is not provided, S2A will use
// the minimum version it supports.
MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"min_tls_version,omitempty"`
// (Optional) The maximum TLS version number that the S2A's handshaker module
// will use to set up the session. If this field is not provided, S2A will use
// the maximum version it supports.
MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"max_tls_version,omitempty"`
// The TLS ciphersuites that the client is willing to support.
TlsCiphersuites []common_go_proto.Ciphersuite `protobuf:"varint,4,rep,packed,name=tls_ciphersuites,json=tlsCiphersuites,proto3,enum=s2a.proto.Ciphersuite" json:"tls_ciphersuites,omitempty"`
// (Optional) Describes which server identities are acceptable by the client.
// If target identities are provided and none of them matches the peer
// identity of the server, session setup fails.
TargetIdentities []*common_go_proto.Identity `protobuf:"bytes,5,rep,name=target_identities,json=targetIdentities,proto3" json:"target_identities,omitempty"`
// (Optional) Application may specify a local identity. Otherwise, S2A chooses
// the default local identity. If the default identity cannot be determined,
// session setup fails.
LocalIdentity *common_go_proto.Identity `protobuf:"bytes,6,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
// The target name that is used by S2A to configure SNI in the TLS handshake.
// It is also used to perform server authorization check if avaiable. This
// check is intended to verify that the peer authenticated identity is
// authorized to run a service with the target name.
// This field MUST only contain the host portion of the server address. It
// MUST not contain the scheme or the port number. For example, if the server
// address is dns://www.example.com:443, the value of this field should be
// set to www.example.com.
TargetName string `protobuf:"bytes,7,opt,name=target_name,json=targetName,proto3" json:"target_name,omitempty"`
// contains filtered or unexported fields
}
func (*ClientSessionStartReq) Descriptor() ([]byte, []int)
Deprecated: Use ClientSessionStartReq.ProtoReflect.Descriptor instead.
func (x *ClientSessionStartReq) GetApplicationProtocols() []string
func (x *ClientSessionStartReq) GetLocalIdentity() *common_go_proto.Identity
func (x *ClientSessionStartReq) GetMaxTlsVersion() common_go_proto.TLSVersion
func (x *ClientSessionStartReq) GetMinTlsVersion() common_go_proto.TLSVersion
func (x *ClientSessionStartReq) GetTargetIdentities() []*common_go_proto.Identity
func (x *ClientSessionStartReq) GetTargetName() string
func (x *ClientSessionStartReq) GetTlsCiphersuites() []common_go_proto.Ciphersuite
func (*ClientSessionStartReq) ProtoMessage()
func (x *ClientSessionStartReq) ProtoReflect() protoreflect.Message
func (x *ClientSessionStartReq) Reset()
func (x *ClientSessionStartReq) String() string
type ResumptionTicketReq struct {
// The byte representation of a NewSessionTicket message received from the
// server.
InBytes [][]byte `protobuf:"bytes,1,rep,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
// A connection identifier that was created and sent by S2A at the end of a
// handshake.
ConnectionId uint64 `protobuf:"varint,2,opt,name=connection_id,json=connectionId,proto3" json:"connection_id,omitempty"`
// The local identity that was used by S2A during session setup and included
// in |SessionResult|.
LocalIdentity *common_go_proto.Identity `protobuf:"bytes,3,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
// contains filtered or unexported fields
}
func (*ResumptionTicketReq) Descriptor() ([]byte, []int)
Deprecated: Use ResumptionTicketReq.ProtoReflect.Descriptor instead.
func (x *ResumptionTicketReq) GetConnectionId() uint64
func (x *ResumptionTicketReq) GetInBytes() [][]byte
func (x *ResumptionTicketReq) GetLocalIdentity() *common_go_proto.Identity
func (*ResumptionTicketReq) ProtoMessage()
func (x *ResumptionTicketReq) ProtoReflect() protoreflect.Message
func (x *ResumptionTicketReq) Reset()
func (x *ResumptionTicketReq) String() string
S2AServiceClient is the client API for S2AService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
type S2AServiceClient interface {
// S2A service accepts a stream of session setup requests and returns a stream
// of session setup responses. The client of this service is expected to send
// exactly one client_start or server_start message followed by at least one
// next message. Applications running TLS clients can send requests with
// resumption_ticket messages only after the session is successfully set up.
//
// Every time S2A client sends a request, this service sends a response.
// However, clients do not have to wait for service response before sending
// the next request.
SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error)
}
func NewS2AServiceClient(cc grpc.ClientConnInterface) S2AServiceClient
S2AServiceServer is the server API for S2AService service. All implementations must embed UnimplementedS2AServiceServer for forward compatibility
type S2AServiceServer interface {
// S2A service accepts a stream of session setup requests and returns a stream
// of session setup responses. The client of this service is expected to send
// exactly one client_start or server_start message followed by at least one
// next message. Applications running TLS clients can send requests with
// resumption_ticket messages only after the session is successfully set up.
//
// Every time S2A client sends a request, this service sends a response.
// However, clients do not have to wait for service response before sending
// the next request.
SetUpSession(S2AService_SetUpSessionServer) error
// contains filtered or unexported methods
}
type S2AService_SetUpSessionClient interface {
Send(*SessionReq) error
Recv() (*SessionResp, error)
grpc.ClientStream
}
type S2AService_SetUpSessionServer interface {
Send(*SessionResp) error
Recv() (*SessionReq, error)
grpc.ServerStream
}
type ServerSessionStartReq struct {
// The application protocols supported by the server, e.g., "grpc".
ApplicationProtocols []string `protobuf:"bytes,1,rep,name=application_protocols,json=applicationProtocols,proto3" json:"application_protocols,omitempty"`
// (Optional) The minimum TLS version number that the S2A's handshaker module
// will use to set up the session. If this field is not provided, S2A will use
// the minimum version it supports.
MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"min_tls_version,omitempty"`
// (Optional) The maximum TLS version number that the S2A's handshaker module
// will use to set up the session. If this field is not provided, S2A will use
// the maximum version it supports.
MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"max_tls_version,omitempty"`
// The TLS ciphersuites that the server is willing to support.
TlsCiphersuites []common_go_proto.Ciphersuite `protobuf:"varint,4,rep,packed,name=tls_ciphersuites,json=tlsCiphersuites,proto3,enum=s2a.proto.Ciphersuite" json:"tls_ciphersuites,omitempty"`
// (Optional) A list of local identities supported by the server, if
// specified. Otherwise, S2A chooses the default local identity. If the
// default identity cannot be determined, session setup fails.
LocalIdentities []*common_go_proto.Identity `protobuf:"bytes,5,rep,name=local_identities,json=localIdentities,proto3" json:"local_identities,omitempty"`
// The byte representation of the first handshake message received from the
// client peer. It is possible that this first message is split into multiple
// chunks. In this case, the first chunk is sent using this field and the
// following chunks are sent using the in_bytes field of SessionNextReq
// Specifically, if the client peer is using S2A, this field contains the
// bytes in the out_frames field of SessionResp message that the client peer
// received from its S2A after initiating the handshake.
InBytes []byte `protobuf:"bytes,6,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
// contains filtered or unexported fields
}
func (*ServerSessionStartReq) Descriptor() ([]byte, []int)
Deprecated: Use ServerSessionStartReq.ProtoReflect.Descriptor instead.
func (x *ServerSessionStartReq) GetApplicationProtocols() []string
func (x *ServerSessionStartReq) GetInBytes() []byte
func (x *ServerSessionStartReq) GetLocalIdentities() []*common_go_proto.Identity
func (x *ServerSessionStartReq) GetMaxTlsVersion() common_go_proto.TLSVersion
func (x *ServerSessionStartReq) GetMinTlsVersion() common_go_proto.TLSVersion
func (x *ServerSessionStartReq) GetTlsCiphersuites() []common_go_proto.Ciphersuite
func (*ServerSessionStartReq) ProtoMessage()
func (x *ServerSessionStartReq) ProtoReflect() protoreflect.Message
func (x *ServerSessionStartReq) Reset()
func (x *ServerSessionStartReq) String() string
type SessionNextReq struct {
// The byte representation of session setup, i.e., handshake messages.
// Specifically:
// - All handshake messages sent from the server to the client.
// - All, except for the first, handshake messages sent from the client to
// the server. Note that the first message is communicated to S2A using the
// in_bytes field of ServerSessionStartReq.
//
// If the peer is using S2A, this field contains the bytes in the out_frames
// field of SessionResp message that the peer received from its S2A.
InBytes []byte `protobuf:"bytes,1,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
// contains filtered or unexported fields
}
func (*SessionNextReq) Descriptor() ([]byte, []int)
Deprecated: Use SessionNextReq.ProtoReflect.Descriptor instead.
func (x *SessionNextReq) GetInBytes() []byte
func (*SessionNextReq) ProtoMessage()
func (x *SessionNextReq) ProtoReflect() protoreflect.Message
func (x *SessionNextReq) Reset()
func (x *SessionNextReq) String() string
type SessionReq struct {
// Types that are assignable to ReqOneof:
//
// *SessionReq_ClientStart
// *SessionReq_ServerStart
// *SessionReq_Next
// *SessionReq_ResumptionTicket
ReqOneof isSessionReq_ReqOneof `protobuf_oneof:"req_oneof"`
// (Optional) The authentication mechanisms that the client wishes to use to
// authenticate to the S2A, ordered by preference. The S2A will always use the
// first authentication mechanism that appears in the list and is supported by
// the S2A.
AuthMechanisms []*AuthenticationMechanism `protobuf:"bytes,5,rep,name=auth_mechanisms,json=authMechanisms,proto3" json:"auth_mechanisms,omitempty"`
// contains filtered or unexported fields
}
func (*SessionReq) Descriptor() ([]byte, []int)
Deprecated: Use SessionReq.ProtoReflect.Descriptor instead.
func (x *SessionReq) GetAuthMechanisms() []*AuthenticationMechanism
func (x *SessionReq) GetClientStart() *ClientSessionStartReq
func (x *SessionReq) GetNext() *SessionNextReq
func (m *SessionReq) GetReqOneof() isSessionReq_ReqOneof
func (x *SessionReq) GetResumptionTicket() *ResumptionTicketReq
func (x *SessionReq) GetServerStart() *ServerSessionStartReq
func (*SessionReq) ProtoMessage()
func (x *SessionReq) ProtoReflect() protoreflect.Message
func (x *SessionReq) Reset()
func (x *SessionReq) String() string
type SessionReq_ClientStart struct {
// The client session setup request message.
ClientStart *ClientSessionStartReq `protobuf:"bytes,1,opt,name=client_start,json=clientStart,proto3,oneof"`
}
type SessionReq_Next struct {
// The next session setup message request message.
Next *SessionNextReq `protobuf:"bytes,3,opt,name=next,proto3,oneof"`
}
type SessionReq_ResumptionTicket struct {
// The resumption ticket that is received from the server. This message is
// only accepted by S2A if it is running as a client and if it is received
// after session setup is complete. If S2A is running as a server and it
// receives this message, the session is terminated.
ResumptionTicket *ResumptionTicketReq `protobuf:"bytes,4,opt,name=resumption_ticket,json=resumptionTicket,proto3,oneof"`
}
type SessionReq_ServerStart struct {
// The server session setup request message.
ServerStart *ServerSessionStartReq `protobuf:"bytes,2,opt,name=server_start,json=serverStart,proto3,oneof"`
}
type SessionResp struct {
// The local identity used during session setup. This could be:
// - The local identity that the client specifies in ClientSessionStartReq.
// - One of the local identities that the server specifies in
// ServerSessionStartReq.
// - If neither client or server specifies local identities, the S2A picks the
// default one. In this case, this field will contain that identity.
//
// If the SessionResult is populated, then this must coincide with the local
// identity specified in the SessionResult; otherwise, the handshake must
// fail.
LocalIdentity *common_go_proto.Identity `protobuf:"bytes,1,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
// The byte representation of the frames that should be sent to the peer. May
// be empty if nothing needs to be sent to the peer or if in_bytes in the
// SessionReq is incomplete. All bytes in a non-empty out_frames must be sent
// to the peer even if the session setup status is not OK as these frames may
// contain appropriate alerts.
OutFrames []byte `protobuf:"bytes,2,opt,name=out_frames,json=outFrames,proto3" json:"out_frames,omitempty"`
// Number of bytes in the in_bytes field that are consumed by S2A. It is
// possible that part of in_bytes is unrelated to the session setup process.
BytesConsumed uint32 `protobuf:"varint,3,opt,name=bytes_consumed,json=bytesConsumed,proto3" json:"bytes_consumed,omitempty"`
// This is set if the session is successfully set up. out_frames may
// still be set to frames that needs to be forwarded to the peer.
Result *SessionResult `protobuf:"bytes,4,opt,name=result,proto3" json:"result,omitempty"`
// Status of session setup at the current stage.
Status *SessionStatus `protobuf:"bytes,5,opt,name=status,proto3" json:"status,omitempty"`
// contains filtered or unexported fields
}
func (*SessionResp) Descriptor() ([]byte, []int)
Deprecated: Use SessionResp.ProtoReflect.Descriptor instead.
func (x *SessionResp) GetBytesConsumed() uint32
func (x *SessionResp) GetLocalIdentity() *common_go_proto.Identity
func (x *SessionResp) GetOutFrames() []byte
func (x *SessionResp) GetResult() *SessionResult
func (x *SessionResp) GetStatus() *SessionStatus
func (*SessionResp) ProtoMessage()
func (x *SessionResp) ProtoReflect() protoreflect.Message
func (x *SessionResp) Reset()
func (x *SessionResp) String() string
type SessionResult struct {
// The application protocol negotiated for this session.
ApplicationProtocol string `protobuf:"bytes,1,opt,name=application_protocol,json=applicationProtocol,proto3" json:"application_protocol,omitempty"`
// The session state at the end. This state contains all cryptographic
// material required to initialize the record protocol object.
State *SessionState `protobuf:"bytes,2,opt,name=state,proto3" json:"state,omitempty"`
// The authenticated identity of the peer.
PeerIdentity *common_go_proto.Identity `protobuf:"bytes,4,opt,name=peer_identity,json=peerIdentity,proto3" json:"peer_identity,omitempty"`
// The local identity used during session setup. This could be:
// - The local identity that the client specifies in ClientSessionStartReq.
// - One of the local identities that the server specifies in
// ServerSessionStartReq.
// - If neither client or server specifies local identities, the S2A picks the
// default one. In this case, this field will contain that identity.
LocalIdentity *common_go_proto.Identity `protobuf:"bytes,5,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
// The SHA256 hash of the local certificate used in the handshake.
LocalCertFingerprint []byte `protobuf:"bytes,6,opt,name=local_cert_fingerprint,json=localCertFingerprint,proto3" json:"local_cert_fingerprint,omitempty"`
// The SHA256 hash of the peer certificate used in the handshake.
PeerCertFingerprint []byte `protobuf:"bytes,7,opt,name=peer_cert_fingerprint,json=peerCertFingerprint,proto3" json:"peer_cert_fingerprint,omitempty"`
// contains filtered or unexported fields
}
func (*SessionResult) Descriptor() ([]byte, []int)
Deprecated: Use SessionResult.ProtoReflect.Descriptor instead.
func (x *SessionResult) GetApplicationProtocol() string
func (x *SessionResult) GetLocalCertFingerprint() []byte
func (x *SessionResult) GetLocalIdentity() *common_go_proto.Identity
func (x *SessionResult) GetPeerCertFingerprint() []byte
func (x *SessionResult) GetPeerIdentity() *common_go_proto.Identity
func (x *SessionResult) GetState() *SessionState
func (*SessionResult) ProtoMessage()
func (x *SessionResult) ProtoReflect() protoreflect.Message
func (x *SessionResult) Reset()
func (x *SessionResult) String() string
type SessionState struct {
// The TLS version number that the S2A's handshaker module used to set up the
// session.
TlsVersion common_go_proto.TLSVersion `protobuf:"varint,1,opt,name=tls_version,json=tlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"tls_version,omitempty"`
// The TLS ciphersuite negotiated by the S2A's handshaker module.
TlsCiphersuite common_go_proto.Ciphersuite `protobuf:"varint,2,opt,name=tls_ciphersuite,json=tlsCiphersuite,proto3,enum=s2a.proto.Ciphersuite" json:"tls_ciphersuite,omitempty"`
// The sequence number of the next, incoming, TLS record.
InSequence uint64 `protobuf:"varint,3,opt,name=in_sequence,json=inSequence,proto3" json:"in_sequence,omitempty"`
// The sequence number of the next, outgoing, TLS record.
OutSequence uint64 `protobuf:"varint,4,opt,name=out_sequence,json=outSequence,proto3" json:"out_sequence,omitempty"`
// The key for the inbound direction.
InKey []byte `protobuf:"bytes,5,opt,name=in_key,json=inKey,proto3" json:"in_key,omitempty"`
// The key for the outbound direction.
OutKey []byte `protobuf:"bytes,6,opt,name=out_key,json=outKey,proto3" json:"out_key,omitempty"`
// The constant part of the record nonce for the outbound direction.
InFixedNonce []byte `protobuf:"bytes,7,opt,name=in_fixed_nonce,json=inFixedNonce,proto3" json:"in_fixed_nonce,omitempty"`
// The constant part of the record nonce for the inbound direction.
OutFixedNonce []byte `protobuf:"bytes,8,opt,name=out_fixed_nonce,json=outFixedNonce,proto3" json:"out_fixed_nonce,omitempty"`
// A connection identifier that can be provided to S2A to perform operations
// related to this connection. This identifier will be stored by the record
// protocol, and included in the |ResumptionTicketReq| message that is later
// sent back to S2A. This field is set only for client-side connections.
ConnectionId uint64 `protobuf:"varint,9,opt,name=connection_id,json=connectionId,proto3" json:"connection_id,omitempty"`
// Set to true if a cached session was reused to do an abbreviated handshake.
IsHandshakeResumed bool `protobuf:"varint,10,opt,name=is_handshake_resumed,json=isHandshakeResumed,proto3" json:"is_handshake_resumed,omitempty"`
// contains filtered or unexported fields
}
func (*SessionState) Descriptor() ([]byte, []int)
Deprecated: Use SessionState.ProtoReflect.Descriptor instead.
func (x *SessionState) GetConnectionId() uint64
func (x *SessionState) GetInFixedNonce() []byte
func (x *SessionState) GetInKey() []byte
func (x *SessionState) GetInSequence() uint64
func (x *SessionState) GetIsHandshakeResumed() bool
func (x *SessionState) GetOutFixedNonce() []byte
func (x *SessionState) GetOutKey() []byte
func (x *SessionState) GetOutSequence() uint64
func (x *SessionState) GetTlsCiphersuite() common_go_proto.Ciphersuite
func (x *SessionState) GetTlsVersion() common_go_proto.TLSVersion
func (*SessionState) ProtoMessage()
func (x *SessionState) ProtoReflect() protoreflect.Message
func (x *SessionState) Reset()
func (x *SessionState) String() string
type SessionStatus struct {
// The status code that is specific to the application and the implementation
// of S2A, e.g., gRPC status code.
Code uint32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
// The status details.
Details string `protobuf:"bytes,2,opt,name=details,proto3" json:"details,omitempty"`
// contains filtered or unexported fields
}
func (*SessionStatus) Descriptor() ([]byte, []int)
Deprecated: Use SessionStatus.ProtoReflect.Descriptor instead.
func (x *SessionStatus) GetCode() uint32
func (x *SessionStatus) GetDetails() string
func (*SessionStatus) ProtoMessage()
func (x *SessionStatus) ProtoReflect() protoreflect.Message
func (x *SessionStatus) Reset()
func (x *SessionStatus) String() string
UnimplementedS2AServiceServer must be embedded to have forward compatible implementations.
type UnimplementedS2AServiceServer struct {
}
func (UnimplementedS2AServiceServer) SetUpSession(S2AService_SetUpSessionServer) error
UnsafeS2AServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to S2AServiceServer will result in compilation errors.
type UnsafeS2AServiceServer interface {
// contains filtered or unexported methods
}