2019-11-19 10:00:20 -07:00
|
|
|
syntax = "proto3";
|
|
|
|
package cert;
|
|
|
|
|
2021-03-18 19:37:24 -06:00
|
|
|
option go_package = "github.com/slackhq/nebula/cert";
|
|
|
|
|
2019-11-19 10:00:20 -07:00
|
|
|
//import "google/protobuf/timestamp.proto";
|
|
|
|
|
2023-05-04 15:50:23 -06:00
|
|
|
enum Curve {
|
|
|
|
CURVE25519 = 0;
|
|
|
|
P256 = 1;
|
|
|
|
}
|
|
|
|
|
2019-11-19 10:00:20 -07:00
|
|
|
message RawNebulaCertificate {
|
|
|
|
RawNebulaCertificateDetails Details = 1;
|
|
|
|
bytes Signature = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
message RawNebulaCertificateDetails {
|
|
|
|
string Name = 1;
|
|
|
|
|
|
|
|
// Ips and Subnets are in big endian 32 bit pairs, 1st the ip, 2nd the mask
|
|
|
|
repeated uint32 Ips = 2;
|
|
|
|
repeated uint32 Subnets = 3;
|
|
|
|
|
|
|
|
repeated string Groups = 4;
|
|
|
|
int64 NotBefore = 5;
|
|
|
|
int64 NotAfter = 6;
|
|
|
|
bytes PublicKey = 7;
|
|
|
|
|
|
|
|
bool IsCA = 8;
|
|
|
|
|
|
|
|
// sha-256 of the issuer certificate, if this field is blank the cert is self-signed
|
|
|
|
bytes Issuer = 9;
|
2023-05-04 15:50:23 -06:00
|
|
|
|
|
|
|
Curve curve = 100;
|
2023-04-03 11:59:38 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
message RawNebulaEncryptedData {
|
|
|
|
RawNebulaEncryptionMetadata EncryptionMetadata = 1;
|
|
|
|
bytes Ciphertext = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
message RawNebulaEncryptionMetadata {
|
|
|
|
string EncryptionAlgorithm = 1;
|
|
|
|
RawNebulaArgon2Parameters Argon2Parameters = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
message RawNebulaArgon2Parameters {
|
|
|
|
int32 version = 1; // rune in Go
|
|
|
|
uint32 memory = 2;
|
|
|
|
uint32 parallelism = 4; // uint8 in Go
|
|
|
|
uint32 iterations = 3;
|
|
|
|
bytes salt = 5;
|
|
|
|
}
|