1// Copyright 2021 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package s2a.proto;
18
19option go_package = "github.com/google/s2a/internal/proto/common_go_proto";
20
21// The ciphersuites supported by S2A. The name determines the confidentiality,
22// and authentication ciphers as well as the hash algorithm used for PRF in
23// TLS 1.2 or HKDF in TLS 1.3. Thus, the components of the name are:
24// - AEAD -- for encryption and authentication, e.g., AES_128_GCM.
25// - Hash algorithm -- used in PRF or HKDF, e.g., SHA256.
26enum Ciphersuite {
27 AES_128_GCM_SHA256 = 0;
28 AES_256_GCM_SHA384 = 1;
29 CHACHA20_POLY1305_SHA256 = 2;
30}
31
32// The TLS versions supported by S2A's handshaker module.
33enum TLSVersion {
34 TLS1_2 = 0;
35 TLS1_3 = 1;
36}
37
38message Identity {
39 oneof identity_oneof {
40 // The SPIFFE ID of a connection endpoint.
41 string spiffe_id = 1;
42
43 // The hostname of a connection endpoint.
44 string hostname = 2;
45
46 // The UID of a connection endpoint.
47 string uid = 4;
48
49 // The MDB username of a connection endpoint.
50 string mdb_username = 5;
51
52 // The Gaia ID of a connection endpoint.
53 string gaia_id = 6;
54 }
55
56 // Additional identity-specific attributes.
57 map<string, string> attributes = 3;
58}
View as plain text