slackhq.nebula/cert/cert_v1.proto

syntax = "proto3";
package cert;

option go_package = "github.com/slackhq/nebula/cert";

//import "google/protobuf/timestamp.proto";

enum Curve {
  CURVE25519 = 0;
  P256 = 1;
}

message RawNebulaCertificate {
    RawNebulaCertificateDetails Details = 1;
    bytes Signature = 2;
}

message RawNebulaCertificateDetails {
    string Name = 1;

    // Ips and Subnets are in big endian 32 bit pairs, 1st the ip, 2nd the mask
    repeated uint32 Ips = 2;
    repeated uint32 Subnets = 3;

    repeated string Groups = 4;
    int64 NotBefore = 5;
    int64 NotAfter = 6;
    bytes PublicKey = 7;

    bool IsCA = 8;

    // sha-256 of the issuer certificate, if this field is blank the cert is self-signed
    bytes Issuer = 9;

    Curve curve = 100;
}

message RawNebulaEncryptedData {
	RawNebulaEncryptionMetadata EncryptionMetadata = 1;
	bytes Ciphertext = 2;
}

message RawNebulaEncryptionMetadata {
	string EncryptionAlgorithm = 1;
	RawNebulaArgon2Parameters Argon2Parameters = 2;
}

message RawNebulaArgon2Parameters {
	int32 version = 1; // rune in Go
	uint32 memory = 2;
	uint32 parallelism = 4; // uint8 in Go
	uint32 iterations = 3;
	bytes salt = 5;
}