mc/metacrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add MEK rotation, per-engine DEKs, and v2 ciphertext format (audit #6, #22)

Browse Source 
Implement a two-level key hierarchy: the MEK now wraps per-engine DEKs
stored in a new barrier_keys table, rather than encrypting all barrier
entries directly. A v2 ciphertext format (0x02) embeds the key ID so the
barrier can resolve which DEK to use on decryption. v1 ciphertext remains
supported for backward compatibility.

Key changes:
- crypto: EncryptV2/DecryptV2/ExtractKeyID for v2 ciphertext with key IDs
- barrier: key registry (CreateKey, RotateKey, ListKeys, MigrateToV2, ReWrapKeys)
- seal: RotateMEK re-wraps DEKs without re-encrypting data
- engine: Mount auto-creates per-engine DEK
- REST + gRPC: barrier/keys, barrier/rotate-mek, barrier/rotate-key, barrier/migrate
- proto: BarrierService (v1 + v2) with ListKeys, RotateMEK, RotateKey, Migrate
- db: migration v2 adds barrier_keys table

Also includes: security audit report, CSRF protection, engine design specs
(sshca, transit, user), path-bound AAD migration tool, policy engine
enhancements, and ARCHITECTURE.md updates.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-16 18:27:44 -07:00
parent ac4577f778
commit 64d921827e
44 changed files with 5184 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

523
gen/metacrypt/v1/barrier.pb.go Normal file
View File

@@ -0,0 +1,523 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.11
// protoc v3.20.3
// source: proto/metacrypt/v1/barrier.proto
package metacryptv1
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
type ListKeysRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListKeysRequest) Reset() {
*x = ListKeysRequest{}
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListKeysRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListKeysRequest) ProtoMessage() {}
func (x *ListKeysRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListKeysRequest.ProtoReflect.Descriptor instead.
func (*ListKeysRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v1_barrier_proto_rawDescGZIP(), []int{0}
}
type ListKeysResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Keys []*BarrierKeyInfo `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListKeysResponse) Reset() {
*x = ListKeysResponse{}
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListKeysResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListKeysResponse) ProtoMessage() {}
func (x *ListKeysResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListKeysResponse.ProtoReflect.Descriptor instead.
func (*ListKeysResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v1_barrier_proto_rawDescGZIP(), []int{1}
}
func (x *ListKeysResponse) GetKeys() []*BarrierKeyInfo {
if x != nil {
return x.Keys
}
return nil
}
type BarrierKeyInfo struct {
state protoimpl.MessageState `protogen:"open.v1"`
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
Version int32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty"`
CreatedAt string `protobuf:"bytes,3,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
RotatedAt string `protobuf:"bytes,4,opt,name=rotated_at,json=rotatedAt,proto3" json:"rotated_at,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *BarrierKeyInfo) Reset() {
*x = BarrierKeyInfo{}
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *BarrierKeyInfo) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*BarrierKeyInfo) ProtoMessage() {}
func (x *BarrierKeyInfo) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use BarrierKeyInfo.ProtoReflect.Descriptor instead.
func (*BarrierKeyInfo) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v1_barrier_proto_rawDescGZIP(), []int{2}
}
func (x *BarrierKeyInfo) GetKeyId() string {
if x != nil {
return x.KeyId
}
return ""
}
func (x *BarrierKeyInfo) GetVersion() int32 {
if x != nil {
return x.Version
}
return 0
}
func (x *BarrierKeyInfo) GetCreatedAt() string {
if x != nil {
return x.CreatedAt
}
return ""
}
func (x *BarrierKeyInfo) GetRotatedAt() string {
if x != nil {
return x.RotatedAt
}
return ""
}
type RotateMEKRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RotateMEKRequest) Reset() {
*x = RotateMEKRequest{}
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RotateMEKRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RotateMEKRequest) ProtoMessage() {}
func (x *RotateMEKRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RotateMEKRequest.ProtoReflect.Descriptor instead.
func (*RotateMEKRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v1_barrier_proto_rawDescGZIP(), []int{3}
}
func (x *RotateMEKRequest) GetPassword() string {
if x != nil {
return x.Password
}
return ""
}
type RotateMEKResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Ok bool `protobuf:"varint,1,opt,name=ok,proto3" json:"ok,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RotateMEKResponse) Reset() {
*x = RotateMEKResponse{}
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RotateMEKResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RotateMEKResponse) ProtoMessage() {}
func (x *RotateMEKResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RotateMEKResponse.ProtoReflect.Descriptor instead.
func (*RotateMEKResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v1_barrier_proto_rawDescGZIP(), []int{4}
}
func (x *RotateMEKResponse) GetOk() bool {
if x != nil {
return x.Ok
}
return false
}
type RotateKeyRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RotateKeyRequest) Reset() {
*x = RotateKeyRequest{}
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RotateKeyRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RotateKeyRequest) ProtoMessage() {}
func (x *RotateKeyRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RotateKeyRequest.ProtoReflect.Descriptor instead.
func (*RotateKeyRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v1_barrier_proto_rawDescGZIP(), []int{5}
}
func (x *RotateKeyRequest) GetKeyId() string {
if x != nil {
return x.KeyId
}
return ""
}
type RotateKeyResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Ok bool `protobuf:"varint,1,opt,name=ok,proto3" json:"ok,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RotateKeyResponse) Reset() {
*x = RotateKeyResponse{}
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RotateKeyResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RotateKeyResponse) ProtoMessage() {}
func (x *RotateKeyResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[6]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RotateKeyResponse.ProtoReflect.Descriptor instead.
func (*RotateKeyResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v1_barrier_proto_rawDescGZIP(), []int{6}
}
func (x *RotateKeyResponse) GetOk() bool {
if x != nil {
return x.Ok
}
return false
}
type MigrateBarrierRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *MigrateBarrierRequest) Reset() {
*x = MigrateBarrierRequest{}
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *MigrateBarrierRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*MigrateBarrierRequest) ProtoMessage() {}
func (x *MigrateBarrierRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[7]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use MigrateBarrierRequest.ProtoReflect.Descriptor instead.
func (*MigrateBarrierRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v1_barrier_proto_rawDescGZIP(), []int{7}
}
type MigrateBarrierResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Migrated int32 `protobuf:"varint,1,opt,name=migrated,proto3" json:"migrated,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *MigrateBarrierResponse) Reset() {
*x = MigrateBarrierResponse{}
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[8]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *MigrateBarrierResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*MigrateBarrierResponse) ProtoMessage() {}
func (x *MigrateBarrierResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v1_barrier_proto_msgTypes[8]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use MigrateBarrierResponse.ProtoReflect.Descriptor instead.
func (*MigrateBarrierResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v1_barrier_proto_rawDescGZIP(), []int{8}
}
func (x *MigrateBarrierResponse) GetMigrated() int32 {
if x != nil {
return x.Migrated
}
return 0
}
var File_proto_metacrypt_v1_barrier_proto protoreflect.FileDescriptor
const file_proto_metacrypt_v1_barrier_proto_rawDesc = "" +
"\n" +
" proto/metacrypt/v1/barrier.proto\x12\fmetacrypt.v1\"\x11\n" +
"\x0fListKeysRequest\"D\n" +
"\x10ListKeysResponse\x120\n" +
"\x04keys\x18\x01 \x03(\v2\x1c.metacrypt.v1.BarrierKeyInfoR\x04keys\"\x7f\n" +
"\x0eBarrierKeyInfo\x12\x15\n" +
"\x06key_id\x18\x01 \x01(\tR\x05keyId\x12\x18\n" +
"\aversion\x18\x02 \x01(\x05R\aversion\x12\x1d\n" +
"\n" +
"created_at\x18\x03 \x01(\tR\tcreatedAt\x12\x1d\n" +
"\n" +
"rotated_at\x18\x04 \x01(\tR\trotatedAt\".\n" +
"\x10RotateMEKRequest\x12\x1a\n" +
"\bpassword\x18\x01 \x01(\tR\bpassword\"#\n" +
"\x11RotateMEKResponse\x12\x0e\n" +
"\x02ok\x18\x01 \x01(\bR\x02ok\")\n" +
"\x10RotateKeyRequest\x12\x15\n" +
"\x06key_id\x18\x01 \x01(\tR\x05keyId\"#\n" +
"\x11RotateKeyResponse\x12\x0e\n" +
"\x02ok\x18\x01 \x01(\bR\x02ok\"\x17\n" +
"\x15MigrateBarrierRequest\"4\n" +
"\x16MigrateBarrierResponse\x12\x1a\n" +
"\bmigrated\x18\x01 \x01(\x05R\bmigrated2\xcd\x02\n" +
"\x0eBarrierService\x12I\n" +
"\bListKeys\x12\x1d.metacrypt.v1.ListKeysRequest\x1a\x1e.metacrypt.v1.ListKeysResponse\x12L\n" +
"\tRotateMEK\x12\x1e.metacrypt.v1.RotateMEKRequest\x1a\x1f.metacrypt.v1.RotateMEKResponse\x12L\n" +
"\tRotateKey\x12\x1e.metacrypt.v1.RotateKeyRequest\x1a\x1f.metacrypt.v1.RotateKeyResponse\x12T\n" +
"\aMigrate\x12#.metacrypt.v1.MigrateBarrierRequest\x1a$.metacrypt.v1.MigrateBarrierResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
var (
file_proto_metacrypt_v1_barrier_proto_rawDescOnce sync.Once
file_proto_metacrypt_v1_barrier_proto_rawDescData []byte
)
func file_proto_metacrypt_v1_barrier_proto_rawDescGZIP() []byte {
file_proto_metacrypt_v1_barrier_proto_rawDescOnce.Do(func() {
file_proto_metacrypt_v1_barrier_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_proto_metacrypt_v1_barrier_proto_rawDesc), len(file_proto_metacrypt_v1_barrier_proto_rawDesc)))
})
return file_proto_metacrypt_v1_barrier_proto_rawDescData
}
var file_proto_metacrypt_v1_barrier_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
var file_proto_metacrypt_v1_barrier_proto_goTypes = []any{
(*ListKeysRequest)(nil), // 0: metacrypt.v1.ListKeysRequest
(*ListKeysResponse)(nil), // 1: metacrypt.v1.ListKeysResponse
(*BarrierKeyInfo)(nil), // 2: metacrypt.v1.BarrierKeyInfo
(*RotateMEKRequest)(nil), // 3: metacrypt.v1.RotateMEKRequest
(*RotateMEKResponse)(nil), // 4: metacrypt.v1.RotateMEKResponse
(*RotateKeyRequest)(nil), // 5: metacrypt.v1.RotateKeyRequest
(*RotateKeyResponse)(nil), // 6: metacrypt.v1.RotateKeyResponse
(*MigrateBarrierRequest)(nil), // 7: metacrypt.v1.MigrateBarrierRequest
(*MigrateBarrierResponse)(nil), // 8: metacrypt.v1.MigrateBarrierResponse
}
var file_proto_metacrypt_v1_barrier_proto_depIdxs = []int32{
2, // 0: metacrypt.v1.ListKeysResponse.keys:type_name -> metacrypt.v1.BarrierKeyInfo
0, // 1: metacrypt.v1.BarrierService.ListKeys:input_type -> metacrypt.v1.ListKeysRequest
3, // 2: metacrypt.v1.BarrierService.RotateMEK:input_type -> metacrypt.v1.RotateMEKRequest
5, // 3: metacrypt.v1.BarrierService.RotateKey:input_type -> metacrypt.v1.RotateKeyRequest
7, // 4: metacrypt.v1.BarrierService.Migrate:input_type -> metacrypt.v1.MigrateBarrierRequest
1, // 5: metacrypt.v1.BarrierService.ListKeys:output_type -> metacrypt.v1.ListKeysResponse
4, // 6: metacrypt.v1.BarrierService.RotateMEK:output_type -> metacrypt.v1.RotateMEKResponse
6, // 7: metacrypt.v1.BarrierService.RotateKey:output_type -> metacrypt.v1.RotateKeyResponse
8, // 8: metacrypt.v1.BarrierService.Migrate:output_type -> metacrypt.v1.MigrateBarrierResponse
5, // [5:9] is the sub-list for method output_type
1, // [1:5] is the sub-list for method input_type
1, // [1:1] is the sub-list for extension type_name
1, // [1:1] is the sub-list for extension extendee
0, // [0:1] is the sub-list for field type_name
}
func init() { file_proto_metacrypt_v1_barrier_proto_init() }
func file_proto_metacrypt_v1_barrier_proto_init() {
if File_proto_metacrypt_v1_barrier_proto != nil {
return
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_proto_metacrypt_v1_barrier_proto_rawDesc), len(file_proto_metacrypt_v1_barrier_proto_rawDesc)),
NumEnums: 0,
NumMessages: 9,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_proto_metacrypt_v1_barrier_proto_goTypes,
DependencyIndexes: file_proto_metacrypt_v1_barrier_proto_depIdxs,
MessageInfos: file_proto_metacrypt_v1_barrier_proto_msgTypes,
}.Build()
File_proto_metacrypt_v1_barrier_proto = out.File
file_proto_metacrypt_v1_barrier_proto_goTypes = nil
file_proto_metacrypt_v1_barrier_proto_depIdxs = nil
}

235
gen/metacrypt/v1/barrier_grpc.pb.go Normal file
View File

@@ -0,0 +1,235 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.6.1
// - protoc v3.20.3
// source: proto/metacrypt/v1/barrier.proto
package metacryptv1
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.64.0 or later.
const _ = grpc.SupportPackageIsVersion9
const (
BarrierService_ListKeys_FullMethodName = "/metacrypt.v1.BarrierService/ListKeys"
BarrierService_RotateMEK_FullMethodName = "/metacrypt.v1.BarrierService/RotateMEK"
BarrierService_RotateKey_FullMethodName = "/metacrypt.v1.BarrierService/RotateKey"
BarrierService_Migrate_FullMethodName = "/metacrypt.v1.BarrierService/Migrate"
)
// BarrierServiceClient is the client API for BarrierService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
type BarrierServiceClient interface {
ListKeys(ctx context.Context, in *ListKeysRequest, opts ...grpc.CallOption) (*ListKeysResponse, error)
RotateMEK(ctx context.Context, in *RotateMEKRequest, opts ...grpc.CallOption) (*RotateMEKResponse, error)
RotateKey(ctx context.Context, in *RotateKeyRequest, opts ...grpc.CallOption) (*RotateKeyResponse, error)
Migrate(ctx context.Context, in *MigrateBarrierRequest, opts ...grpc.CallOption) (*MigrateBarrierResponse, error)
}
type barrierServiceClient struct {
cc grpc.ClientConnInterface
}
func NewBarrierServiceClient(cc grpc.ClientConnInterface) BarrierServiceClient {
return &barrierServiceClient{cc}
}
func (c *barrierServiceClient) ListKeys(ctx context.Context, in *ListKeysRequest, opts ...grpc.CallOption) (*ListKeysResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ListKeysResponse)
err := c.cc.Invoke(ctx, BarrierService_ListKeys_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *barrierServiceClient) RotateMEK(ctx context.Context, in *RotateMEKRequest, opts ...grpc.CallOption) (*RotateMEKResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(RotateMEKResponse)
err := c.cc.Invoke(ctx, BarrierService_RotateMEK_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *barrierServiceClient) RotateKey(ctx context.Context, in *RotateKeyRequest, opts ...grpc.CallOption) (*RotateKeyResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(RotateKeyResponse)
err := c.cc.Invoke(ctx, BarrierService_RotateKey_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *barrierServiceClient) Migrate(ctx context.Context, in *MigrateBarrierRequest, opts ...grpc.CallOption) (*MigrateBarrierResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(MigrateBarrierResponse)
err := c.cc.Invoke(ctx, BarrierService_Migrate_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// BarrierServiceServer is the server API for BarrierService service.
// All implementations must embed UnimplementedBarrierServiceServer
// for forward compatibility.
type BarrierServiceServer interface {
ListKeys(context.Context, *ListKeysRequest) (*ListKeysResponse, error)
RotateMEK(context.Context, *RotateMEKRequest) (*RotateMEKResponse, error)
RotateKey(context.Context, *RotateKeyRequest) (*RotateKeyResponse, error)
Migrate(context.Context, *MigrateBarrierRequest) (*MigrateBarrierResponse, error)
mustEmbedUnimplementedBarrierServiceServer()
}
// UnimplementedBarrierServiceServer must be embedded to have
// forward compatible implementations.
//
// NOTE: this should be embedded by value instead of pointer to avoid a nil
// pointer dereference when methods are called.
type UnimplementedBarrierServiceServer struct{}
func (UnimplementedBarrierServiceServer) ListKeys(context.Context, *ListKeysRequest) (*ListKeysResponse, error) {
return nil, status.Error(codes.Unimplemented, "method ListKeys not implemented")
}
func (UnimplementedBarrierServiceServer) RotateMEK(context.Context, *RotateMEKRequest) (*RotateMEKResponse, error) {
return nil, status.Error(codes.Unimplemented, "method RotateMEK not implemented")
}
func (UnimplementedBarrierServiceServer) RotateKey(context.Context, *RotateKeyRequest) (*RotateKeyResponse, error) {
return nil, status.Error(codes.Unimplemented, "method RotateKey not implemented")
}
func (UnimplementedBarrierServiceServer) Migrate(context.Context, *MigrateBarrierRequest) (*MigrateBarrierResponse, error) {
return nil, status.Error(codes.Unimplemented, "method Migrate not implemented")
}
func (UnimplementedBarrierServiceServer) mustEmbedUnimplementedBarrierServiceServer() {}
func (UnimplementedBarrierServiceServer) testEmbeddedByValue() {}
// UnsafeBarrierServiceServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to BarrierServiceServer will
// result in compilation errors.
type UnsafeBarrierServiceServer interface {
mustEmbedUnimplementedBarrierServiceServer()
}
func RegisterBarrierServiceServer(s grpc.ServiceRegistrar, srv BarrierServiceServer) {
// If the following call panics, it indicates UnimplementedBarrierServiceServer was
// embedded by pointer and is nil. This will cause panics if an
// unimplemented method is ever invoked, so we test this at initialization
// time to prevent it from happening at runtime later due to I/O.
if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
t.testEmbeddedByValue()
}
s.RegisterService(&BarrierService_ServiceDesc, srv)
}
func _BarrierService_ListKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(ListKeysRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(BarrierServiceServer).ListKeys(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: BarrierService_ListKeys_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(BarrierServiceServer).ListKeys(ctx, req.(*ListKeysRequest))
}
return interceptor(ctx, in, info, handler)
}
func _BarrierService_RotateMEK_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RotateMEKRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(BarrierServiceServer).RotateMEK(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: BarrierService_RotateMEK_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(BarrierServiceServer).RotateMEK(ctx, req.(*RotateMEKRequest))
}
return interceptor(ctx, in, info, handler)
}
func _BarrierService_RotateKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RotateKeyRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(BarrierServiceServer).RotateKey(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: BarrierService_RotateKey_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(BarrierServiceServer).RotateKey(ctx, req.(*RotateKeyRequest))
}
return interceptor(ctx, in, info, handler)
}
func _BarrierService_Migrate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MigrateBarrierRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(BarrierServiceServer).Migrate(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: BarrierService_Migrate_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(BarrierServiceServer).Migrate(ctx, req.(*MigrateBarrierRequest))
}
return interceptor(ctx, in, info, handler)
}
// BarrierService_ServiceDesc is the grpc.ServiceDesc for BarrierService service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var BarrierService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "metacrypt.v1.BarrierService",
HandlerType: (*BarrierServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "ListKeys",
Handler: _BarrierService_ListKeys_Handler,
},
{
MethodName: "RotateMEK",
Handler: _BarrierService_RotateMEK_Handler,
},
{
MethodName: "RotateKey",
Handler: _BarrierService_RotateKey_Handler,
},
{
MethodName: "Migrate",
Handler: _BarrierService_Migrate_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "proto/metacrypt/v1/barrier.proto",
}

523
gen/metacrypt/v2/barrier.pb.go Normal file
View File

@@ -0,0 +1,523 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.11
// protoc v3.20.3
// source: proto/metacrypt/v2/barrier.proto
package metacryptv2
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
type ListKeysRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListKeysRequest) Reset() {
*x = ListKeysRequest{}
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListKeysRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListKeysRequest) ProtoMessage() {}
func (x *ListKeysRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListKeysRequest.ProtoReflect.Descriptor instead.
func (*ListKeysRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_barrier_proto_rawDescGZIP(), []int{0}
}
type ListKeysResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Keys []*BarrierKeyInfo `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListKeysResponse) Reset() {
*x = ListKeysResponse{}
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListKeysResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListKeysResponse) ProtoMessage() {}
func (x *ListKeysResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListKeysResponse.ProtoReflect.Descriptor instead.
func (*ListKeysResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_barrier_proto_rawDescGZIP(), []int{1}
}
func (x *ListKeysResponse) GetKeys() []*BarrierKeyInfo {
if x != nil {
return x.Keys
}
return nil
}
type BarrierKeyInfo struct {
state protoimpl.MessageState `protogen:"open.v1"`
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
Version int32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty"`
CreatedAt string `protobuf:"bytes,3,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
RotatedAt string `protobuf:"bytes,4,opt,name=rotated_at,json=rotatedAt,proto3" json:"rotated_at,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *BarrierKeyInfo) Reset() {
*x = BarrierKeyInfo{}
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *BarrierKeyInfo) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*BarrierKeyInfo) ProtoMessage() {}
func (x *BarrierKeyInfo) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use BarrierKeyInfo.ProtoReflect.Descriptor instead.
func (*BarrierKeyInfo) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_barrier_proto_rawDescGZIP(), []int{2}
}
func (x *BarrierKeyInfo) GetKeyId() string {
if x != nil {
return x.KeyId
}
return ""
}
func (x *BarrierKeyInfo) GetVersion() int32 {
if x != nil {
return x.Version
}
return 0
}
func (x *BarrierKeyInfo) GetCreatedAt() string {
if x != nil {
return x.CreatedAt
}
return ""
}
func (x *BarrierKeyInfo) GetRotatedAt() string {
if x != nil {
return x.RotatedAt
}
return ""
}
type RotateMEKRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RotateMEKRequest) Reset() {
*x = RotateMEKRequest{}
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RotateMEKRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RotateMEKRequest) ProtoMessage() {}
func (x *RotateMEKRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RotateMEKRequest.ProtoReflect.Descriptor instead.
func (*RotateMEKRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_barrier_proto_rawDescGZIP(), []int{3}
}
func (x *RotateMEKRequest) GetPassword() string {
if x != nil {
return x.Password
}
return ""
}
type RotateMEKResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Ok bool `protobuf:"varint,1,opt,name=ok,proto3" json:"ok,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RotateMEKResponse) Reset() {
*x = RotateMEKResponse{}
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RotateMEKResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RotateMEKResponse) ProtoMessage() {}
func (x *RotateMEKResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RotateMEKResponse.ProtoReflect.Descriptor instead.
func (*RotateMEKResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_barrier_proto_rawDescGZIP(), []int{4}
}
func (x *RotateMEKResponse) GetOk() bool {
if x != nil {
return x.Ok
}
return false
}
type RotateKeyRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RotateKeyRequest) Reset() {
*x = RotateKeyRequest{}
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RotateKeyRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RotateKeyRequest) ProtoMessage() {}
func (x *RotateKeyRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RotateKeyRequest.ProtoReflect.Descriptor instead.
func (*RotateKeyRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_barrier_proto_rawDescGZIP(), []int{5}
}
func (x *RotateKeyRequest) GetKeyId() string {
if x != nil {
return x.KeyId
}
return ""
}
type RotateKeyResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Ok bool `protobuf:"varint,1,opt,name=ok,proto3" json:"ok,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RotateKeyResponse) Reset() {
*x = RotateKeyResponse{}
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RotateKeyResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RotateKeyResponse) ProtoMessage() {}
func (x *RotateKeyResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[6]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RotateKeyResponse.ProtoReflect.Descriptor instead.
func (*RotateKeyResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_barrier_proto_rawDescGZIP(), []int{6}
}
func (x *RotateKeyResponse) GetOk() bool {
if x != nil {
return x.Ok
}
return false
}
type MigrateBarrierRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *MigrateBarrierRequest) Reset() {
*x = MigrateBarrierRequest{}
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *MigrateBarrierRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*MigrateBarrierRequest) ProtoMessage() {}
func (x *MigrateBarrierRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[7]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use MigrateBarrierRequest.ProtoReflect.Descriptor instead.
func (*MigrateBarrierRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_barrier_proto_rawDescGZIP(), []int{7}
}
type MigrateBarrierResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Migrated int32 `protobuf:"varint,1,opt,name=migrated,proto3" json:"migrated,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *MigrateBarrierResponse) Reset() {
*x = MigrateBarrierResponse{}
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[8]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *MigrateBarrierResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*MigrateBarrierResponse) ProtoMessage() {}
func (x *MigrateBarrierResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_barrier_proto_msgTypes[8]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use MigrateBarrierResponse.ProtoReflect.Descriptor instead.
func (*MigrateBarrierResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_barrier_proto_rawDescGZIP(), []int{8}
}
func (x *MigrateBarrierResponse) GetMigrated() int32 {
if x != nil {
return x.Migrated
}
return 0
}
var File_proto_metacrypt_v2_barrier_proto protoreflect.FileDescriptor
const file_proto_metacrypt_v2_barrier_proto_rawDesc = "" +
"\n" +
" proto/metacrypt/v2/barrier.proto\x12\fmetacrypt.v2\"\x11\n" +
"\x0fListKeysRequest\"D\n" +
"\x10ListKeysResponse\x120\n" +
"\x04keys\x18\x01 \x03(\v2\x1c.metacrypt.v2.BarrierKeyInfoR\x04keys\"\x7f\n" +
"\x0eBarrierKeyInfo\x12\x15\n" +
"\x06key_id\x18\x01 \x01(\tR\x05keyId\x12\x18\n" +
"\aversion\x18\x02 \x01(\x05R\aversion\x12\x1d\n" +
"\n" +
"created_at\x18\x03 \x01(\tR\tcreatedAt\x12\x1d\n" +
"\n" +
"rotated_at\x18\x04 \x01(\tR\trotatedAt\".\n" +
"\x10RotateMEKRequest\x12\x1a\n" +
"\bpassword\x18\x01 \x01(\tR\bpassword\"#\n" +
"\x11RotateMEKResponse\x12\x0e\n" +
"\x02ok\x18\x01 \x01(\bR\x02ok\")\n" +
"\x10RotateKeyRequest\x12\x15\n" +
"\x06key_id\x18\x01 \x01(\tR\x05keyId\"#\n" +
"\x11RotateKeyResponse\x12\x0e\n" +
"\x02ok\x18\x01 \x01(\bR\x02ok\"\x17\n" +
"\x15MigrateBarrierRequest\"4\n" +
"\x16MigrateBarrierResponse\x12\x1a\n" +
"\bmigrated\x18\x01 \x01(\x05R\bmigrated2\xcd\x02\n" +
"\x0eBarrierService\x12I\n" +
"\bListKeys\x12\x1d.metacrypt.v2.ListKeysRequest\x1a\x1e.metacrypt.v2.ListKeysResponse\x12L\n" +
"\tRotateMEK\x12\x1e.metacrypt.v2.RotateMEKRequest\x1a\x1f.metacrypt.v2.RotateMEKResponse\x12L\n" +
"\tRotateKey\x12\x1e.metacrypt.v2.RotateKeyRequest\x1a\x1f.metacrypt.v2.RotateKeyResponse\x12T\n" +
"\aMigrate\x12#.metacrypt.v2.MigrateBarrierRequest\x1a$.metacrypt.v2.MigrateBarrierResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
var (
file_proto_metacrypt_v2_barrier_proto_rawDescOnce sync.Once
file_proto_metacrypt_v2_barrier_proto_rawDescData []byte
)
func file_proto_metacrypt_v2_barrier_proto_rawDescGZIP() []byte {
file_proto_metacrypt_v2_barrier_proto_rawDescOnce.Do(func() {
file_proto_metacrypt_v2_barrier_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_proto_metacrypt_v2_barrier_proto_rawDesc), len(file_proto_metacrypt_v2_barrier_proto_rawDesc)))
})
return file_proto_metacrypt_v2_barrier_proto_rawDescData
}
var file_proto_metacrypt_v2_barrier_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
var file_proto_metacrypt_v2_barrier_proto_goTypes = []any{
(*ListKeysRequest)(nil), // 0: metacrypt.v2.ListKeysRequest
(*ListKeysResponse)(nil), // 1: metacrypt.v2.ListKeysResponse
(*BarrierKeyInfo)(nil), // 2: metacrypt.v2.BarrierKeyInfo
(*RotateMEKRequest)(nil), // 3: metacrypt.v2.RotateMEKRequest
(*RotateMEKResponse)(nil), // 4: metacrypt.v2.RotateMEKResponse
(*RotateKeyRequest)(nil), // 5: metacrypt.v2.RotateKeyRequest
(*RotateKeyResponse)(nil), // 6: metacrypt.v2.RotateKeyResponse
(*MigrateBarrierRequest)(nil), // 7: metacrypt.v2.MigrateBarrierRequest
(*MigrateBarrierResponse)(nil), // 8: metacrypt.v2.MigrateBarrierResponse
}
var file_proto_metacrypt_v2_barrier_proto_depIdxs = []int32{
2, // 0: metacrypt.v2.ListKeysResponse.keys:type_name -> metacrypt.v2.BarrierKeyInfo
0, // 1: metacrypt.v2.BarrierService.ListKeys:input_type -> metacrypt.v2.ListKeysRequest
3, // 2: metacrypt.v2.BarrierService.RotateMEK:input_type -> metacrypt.v2.RotateMEKRequest
5, // 3: metacrypt.v2.BarrierService.RotateKey:input_type -> metacrypt.v2.RotateKeyRequest
7, // 4: metacrypt.v2.BarrierService.Migrate:input_type -> metacrypt.v2.MigrateBarrierRequest
1, // 5: metacrypt.v2.BarrierService.ListKeys:output_type -> metacrypt.v2.ListKeysResponse
4, // 6: metacrypt.v2.BarrierService.RotateMEK:output_type -> metacrypt.v2.RotateMEKResponse
6, // 7: metacrypt.v2.BarrierService.RotateKey:output_type -> metacrypt.v2.RotateKeyResponse
8, // 8: metacrypt.v2.BarrierService.Migrate:output_type -> metacrypt.v2.MigrateBarrierResponse
5, // [5:9] is the sub-list for method output_type
1, // [1:5] is the sub-list for method input_type
1, // [1:1] is the sub-list for extension type_name
1, // [1:1] is the sub-list for extension extendee
0, // [0:1] is the sub-list for field type_name
}
func init() { file_proto_metacrypt_v2_barrier_proto_init() }
func file_proto_metacrypt_v2_barrier_proto_init() {
if File_proto_metacrypt_v2_barrier_proto != nil {
return
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_proto_metacrypt_v2_barrier_proto_rawDesc), len(file_proto_metacrypt_v2_barrier_proto_rawDesc)),
NumEnums: 0,
NumMessages: 9,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_proto_metacrypt_v2_barrier_proto_goTypes,
DependencyIndexes: file_proto_metacrypt_v2_barrier_proto_depIdxs,
MessageInfos: file_proto_metacrypt_v2_barrier_proto_msgTypes,
}.Build()
File_proto_metacrypt_v2_barrier_proto = out.File
file_proto_metacrypt_v2_barrier_proto_goTypes = nil
file_proto_metacrypt_v2_barrier_proto_depIdxs = nil
}

235
gen/metacrypt/v2/barrier_grpc.pb.go Normal file
View File

@@ -0,0 +1,235 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.6.1
// - protoc v3.20.3
// source: proto/metacrypt/v2/barrier.proto
package metacryptv2
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.64.0 or later.
const _ = grpc.SupportPackageIsVersion9
const (
BarrierService_ListKeys_FullMethodName = "/metacrypt.v2.BarrierService/ListKeys"
BarrierService_RotateMEK_FullMethodName = "/metacrypt.v2.BarrierService/RotateMEK"
BarrierService_RotateKey_FullMethodName = "/metacrypt.v2.BarrierService/RotateKey"
BarrierService_Migrate_FullMethodName = "/metacrypt.v2.BarrierService/Migrate"
)
// BarrierServiceClient is the client API for BarrierService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
type BarrierServiceClient interface {
ListKeys(ctx context.Context, in *ListKeysRequest, opts ...grpc.CallOption) (*ListKeysResponse, error)
RotateMEK(ctx context.Context, in *RotateMEKRequest, opts ...grpc.CallOption) (*RotateMEKResponse, error)
RotateKey(ctx context.Context, in *RotateKeyRequest, opts ...grpc.CallOption) (*RotateKeyResponse, error)
Migrate(ctx context.Context, in *MigrateBarrierRequest, opts ...grpc.CallOption) (*MigrateBarrierResponse, error)
}
type barrierServiceClient struct {
cc grpc.ClientConnInterface
}
func NewBarrierServiceClient(cc grpc.ClientConnInterface) BarrierServiceClient {
return &barrierServiceClient{cc}
}
func (c *barrierServiceClient) ListKeys(ctx context.Context, in *ListKeysRequest, opts ...grpc.CallOption) (*ListKeysResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ListKeysResponse)
err := c.cc.Invoke(ctx, BarrierService_ListKeys_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *barrierServiceClient) RotateMEK(ctx context.Context, in *RotateMEKRequest, opts ...grpc.CallOption) (*RotateMEKResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(RotateMEKResponse)
err := c.cc.Invoke(ctx, BarrierService_RotateMEK_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *barrierServiceClient) RotateKey(ctx context.Context, in *RotateKeyRequest, opts ...grpc.CallOption) (*RotateKeyResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(RotateKeyResponse)
err := c.cc.Invoke(ctx, BarrierService_RotateKey_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *barrierServiceClient) Migrate(ctx context.Context, in *MigrateBarrierRequest, opts ...grpc.CallOption) (*MigrateBarrierResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(MigrateBarrierResponse)
err := c.cc.Invoke(ctx, BarrierService_Migrate_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// BarrierServiceServer is the server API for BarrierService service.
// All implementations must embed UnimplementedBarrierServiceServer
// for forward compatibility.
type BarrierServiceServer interface {
ListKeys(context.Context, *ListKeysRequest) (*ListKeysResponse, error)
RotateMEK(context.Context, *RotateMEKRequest) (*RotateMEKResponse, error)
RotateKey(context.Context, *RotateKeyRequest) (*RotateKeyResponse, error)
Migrate(context.Context, *MigrateBarrierRequest) (*MigrateBarrierResponse, error)
mustEmbedUnimplementedBarrierServiceServer()
}
// UnimplementedBarrierServiceServer must be embedded to have
// forward compatible implementations.
//
// NOTE: this should be embedded by value instead of pointer to avoid a nil
// pointer dereference when methods are called.
type UnimplementedBarrierServiceServer struct{}
func (UnimplementedBarrierServiceServer) ListKeys(context.Context, *ListKeysRequest) (*ListKeysResponse, error) {
return nil, status.Error(codes.Unimplemented, "method ListKeys not implemented")
}
func (UnimplementedBarrierServiceServer) RotateMEK(context.Context, *RotateMEKRequest) (*RotateMEKResponse, error) {
return nil, status.Error(codes.Unimplemented, "method RotateMEK not implemented")
}
func (UnimplementedBarrierServiceServer) RotateKey(context.Context, *RotateKeyRequest) (*RotateKeyResponse, error) {
return nil, status.Error(codes.Unimplemented, "method RotateKey not implemented")
}
func (UnimplementedBarrierServiceServer) Migrate(context.Context, *MigrateBarrierRequest) (*MigrateBarrierResponse, error) {
return nil, status.Error(codes.Unimplemented, "method Migrate not implemented")
}
func (UnimplementedBarrierServiceServer) mustEmbedUnimplementedBarrierServiceServer() {}
func (UnimplementedBarrierServiceServer) testEmbeddedByValue() {}
// UnsafeBarrierServiceServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to BarrierServiceServer will
// result in compilation errors.
type UnsafeBarrierServiceServer interface {
mustEmbedUnimplementedBarrierServiceServer()
}
func RegisterBarrierServiceServer(s grpc.ServiceRegistrar, srv BarrierServiceServer) {
// If the following call panics, it indicates UnimplementedBarrierServiceServer was
// embedded by pointer and is nil. This will cause panics if an
// unimplemented method is ever invoked, so we test this at initialization
// time to prevent it from happening at runtime later due to I/O.
if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
t.testEmbeddedByValue()
}
s.RegisterService(&BarrierService_ServiceDesc, srv)
}
func _BarrierService_ListKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(ListKeysRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(BarrierServiceServer).ListKeys(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: BarrierService_ListKeys_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(BarrierServiceServer).ListKeys(ctx, req.(*ListKeysRequest))
}
return interceptor(ctx, in, info, handler)
}
func _BarrierService_RotateMEK_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RotateMEKRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(BarrierServiceServer).RotateMEK(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: BarrierService_RotateMEK_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(BarrierServiceServer).RotateMEK(ctx, req.(*RotateMEKRequest))
}
return interceptor(ctx, in, info, handler)
}
func _BarrierService_RotateKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RotateKeyRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(BarrierServiceServer).RotateKey(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: BarrierService_RotateKey_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(BarrierServiceServer).RotateKey(ctx, req.(*RotateKeyRequest))
}
return interceptor(ctx, in, info, handler)
}
func _BarrierService_Migrate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MigrateBarrierRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(BarrierServiceServer).Migrate(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: BarrierService_Migrate_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(BarrierServiceServer).Migrate(ctx, req.(*MigrateBarrierRequest))
}
return interceptor(ctx, in, info, handler)
}
// BarrierService_ServiceDesc is the grpc.ServiceDesc for BarrierService service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var BarrierService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "metacrypt.v2.BarrierService",
HandlerType: (*BarrierServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "ListKeys",
Handler: _BarrierService_ListKeys_Handler,
},
{
MethodName: "RotateMEK",
Handler: _BarrierService_RotateMEK_Handler,
},
{
MethodName: "RotateKey",
Handler: _BarrierService_RotateKey_Handler,
},
{
MethodName: "Migrate",
Handler: _BarrierService_Migrate_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "proto/metacrypt/v2/barrier.proto",
}