package proto.control_plane.v1
Get desktop application:
View/edit binary Protocol Buffers messages
rpc ChainRenewal (, )
renewal.proto:26RenewChain creates a chain from the chain request.
message
renewal.proto:29optional signed_request = 1
The signed certificate chain renewal requests. The body of the SignedMessage is the serialized ChainRenewalRequestBody.
bytes cms_signed_request = 2
The certificate signing request. The content is an ASN.1 DER encoded CMS SignedData structure that contains an ASN.1 DER encoded PKCS #10 request.
message
renewal.proto:44optional signed_response = 1
The signed certificate chain renewal response. The body of the SignedMessage is the serialized ChainRenewalResponseBody.
bytes cms_signed_response = 2
The renewed certificate chain. The content is an ASN.1 DER encoded CMS SignedData structure that contains the certificate chain. The chain is the concatenation of the ASN.1 DER encoded certificates.
service DRKeyInterService
drkey.proto:24rpc DRKeyLevel1 (, )
drkey.proto:26Return the Level1Key that matches the request
message
drkey.proto:61DRKeyLevel1Request leaves out the 'dstIA' field which can be extracted from the transport itself (ideally from authenticated information).
optional val_time = 1
Point in time where requested key is valid.
drkey.v1.Protocol protocol_id = 2
Protocol value.
message
drkey.proto:71DRKeyLevel1Response leaves out the 'dstIA' and 'srcIA' fields which can be extracted from the transport itself (ideally from authenticated information).
optional epoch_begin = 1
Begin of the validity period
optional epoch_end = 2
End of the validity period
bytes key = 3
Level1 key
service DRKeyIntraService
drkey.proto:29rpc DRKeyIntraLevel1 (, )
drkey.proto:31Return the ASAS that matches the request
message
drkey.proto:80optional val_time = 1
Point in time where requested key is valid.
drkey.v1.Protocol protocol_id = 2
Protocol value.
uint64 src_ia = 3
Src ISD-AS of the requested DRKey.
uint64 dst_ia = 4
Dst ISD-AS of the requested DRKey.
message
drkey.proto:91optional epoch_begin = 1
Begin of validity period of DRKey.
optional epoch_end = 2
End of validity period of DRKey.
bytes key = 3
Level1 key.
rpc DRKeyASHost (, )
drkey.proto:33Return the AS-Host that matches the request
message
drkey.proto:122optional val_time = 1
Point in time where requested key is valid.
drkey.v1.Protocol protocol_id = 2
Protocol value.
uint64 src_ia = 3
Src ISD-AS of the requested DRKey.
uint64 dst_ia = 4
Dst ISD-AS of the requested DRKey.
string dst_host = 5
Dst Host of the request DRKey.
message
drkey.proto:135optional epoch_begin = 1
Begin of validity period of DRKey.
optional epoch_end = 2
End of validity period of DRKey.
bytes key = 3
Level2 key.
rpc DRKeyHostAS (, )
drkey.proto:35Return the Host-AS that matches the request
message
drkey.proto:100optional val_time = 1
Point in time where requested key is valid.
drkey.v1.Protocol protocol_id = 2
Protocol value.
uint64 src_ia = 3
Src ISD-AS of the requested DRKey.
uint64 dst_ia = 4
Dst ISD-AS of the requested DRKey.
string src_host = 5
Src Host of the request DRKey.
message
drkey.proto:113optional epoch_begin = 1
Begin of validity period of DRKey.
optional epoch_end = 2
End of validity period of DRKey.
bytes key = 3
Level2 key.
rpc DRKeyHostHost (, )
drkey.proto:37Return the Host-Host that matches the request
message
drkey.proto:144optional val_time = 1
Point in time where requested key is valid.
drkey.v1.Protocol protocol_id = 2
Protocol value.
uint64 src_ia = 3
Src ISD-AS of the requested DRKey.
uint64 dst_ia = 4
Dst ISD-AS of the requested DRKey.
string src_host = 5
Src Host of the request DRKey.
string dst_host = 6
Dst Host of the request DRKey.
message
drkey.proto:159optional epoch_begin = 1
Begin of validity period of DRKey.
optional epoch_end = 2
End of validity period of DRKey.
bytes key = 3
Level2 key.
rpc DRKeySecretValue (, )
drkey.proto:39Return the SecretValue that matches the request
message
drkey.proto:43optional val_time = 1
Point in time when the requested key is valid.
drkey.v1.Protocol protocol_id = 2
Protocol value.
message
drkey.proto:50optional epoch_begin = 1
Begin of the validity period.
optional epoch_end = 2
End of the validity period.
bytes key = 3
SecretValue key.
rpc Beacon (, )
seg.proto:82Beacon sends a beacon to the remote.
message
seg.proto:85optional segment = 1
Beacon in form of a partial path segment.
message
seg.proto:90(message has no fields)
service SegmentLookupService
seg.proto:36rpc Segments (, )
seg.proto:38Segments returns all segments that match the request.
message
seg.proto:41uint64 src_isd_as = 1
The source ISD-AS of the segment.
uint64 dst_isd_as = 2
The destination ISD-AS of the segment.
message
seg.proto:48map<int32, > segments = 1
Mapping from path segment type to path segments. The key is the integer representation of the SegmentType enum.
repeated bytes deprecated_signed_revocations = 1000
Deprecated list of signed revocations. Will be removed with header v1.
rpc SegmentsRegistration (, )
seg.proto:64SegmentsRegistration registers segments at the remote.
message
seg.proto:67map<int32, > segments = 1
Mapping from path segment type to path segments. The key is the integer representation of the SegmentType enum.
message
seg.proto:78(message has no fields)
rpc Chains (, )
cppki.proto:25Return the certificate chains that match the request.
message
cppki.proto:30uint64 isd_as = 1
ISD-AS of Subject in the AS certificate.
bytes subject_key_id = 2
SubjectKeyID in the AS certificate.
optional at_least_valid_until = 3
Point in time at which the AS certificate must still be valid. In seconds since UNIX epoch.
optional at_least_valid_since = 4
Point in time at which the AS certificate must be or must have been valid. In seconds since UNIX epoch.
message
cppki.proto:43repeated chains = 1
List of chains that match the request.
rpc TRC (, )
cppki.proto:27Return a specific TRC that matches the request.
message
cppki.proto:55uint32 isd = 1
ISD of the TRC.
uint64 base = 2
BaseNumber of the TRC.
uint64 serial = 3
SerialNumber of the TRC.
message
cppki.proto:64bytes trc = 1
Raw TRC.
message
seg.proto:108Used in:
optional signed = 1
The signed part of the AS entry. The body of the SignedMessage is the serialized ASEntrySignedBody. The signature input is defined as following: input(ps, i) = signed.header_and_body || associated_data(ps, i) associated_data(ps, i) = ps.segment_info || ps.as_entries[1].signed.header_and_body || ps.as_entries[1].signed.signature || ... ps.as_entries[i-1].signed.header_and_body || ps.as_entries[i-1].signed.signature
optional unsigned = 2
The unsigned part of the AS entry.
message
seg.proto:126uint64 isd_as = 1
ISD-AS of the AS that created this AS entry.
uint64 next_isd_as = 2
ISD-AS of the downstream AS.
optional hop_entry = 3
The required regular hop entry.
repeated peer_entries = 4
Optional peer entries.
uint32 mtu = 5
Intra AS MTU.
optional extensions = 6
Optional extensions.
message
seg_extensions.proto:89BandwidthInfo specifies approximate maximum link bandwidth. The separate intra and inter AS bandwidth information allows to reconstruct bandwidth values for all paths (cross-over, shortcut, peering) based on this ASEntry. All values are in Kbit/s.
Used in:
map<uint64, uint64> intra = 1
Bandwidth between construction-egress interface and the relevant other interfaces. These are: - construction-ingress interface (if any) - sibling child interfaces, - core interfaces, if this is the start of a segment, or the end of a core segment - peer interfaces The key is the interface identifier of the other interface.
map<uint64, uint64> inter = 2
Bandwidth between the local interface and the interface in the neighbor AS for the relevant links. These are: - link at construction-egress interface (if any) - peer links The key is the interface identifier of the local interface associated with the link.
message
cppki.proto:48Used in: ,
bytes as_cert = 1
AS certificate in the chain.
bytes ca_cert = 2
CA certificate in the chain.
message
renewal.proto:39bytes csr = 1
The raw certificate signature request (PKCS #10).
message
renewal.proto:54optional chain = 1
The renewed certificate chain.
message
seg_extensions.proto:127Used in:
optional epic = 1000
The digest of the detached EPIC extension. The hash input is defined as follows: input = totalLen || epic.Detached.AuthHopEntry || epic.Detached.AuthPeerEntries[0] || epic.Detached.AuthPeerEntries[1] || ... epic.Detached.AuthPeerEntries[n-1] Here, 'n' denotes the number of peer entries. 'totalLen' is equal to (n+1), and therefore encodes the total number of authenticators used in the hash.
message
seg_extensions.proto:128Used in:
bytes digest = 1
Raw digest of the metadata.
message
seg_extensions.proto:107Used in:
float latitude = 1
Latitude of the geographic coordinate, in the WGS 84 datum.
float longitude = 2
Longitude of the geographic coordinate, in the WGS 84 datum.
string address = 3
Civic address of the location.
message
seg_extensions.proto:33Used in:
bool is_hidden = 1
Indicate if this is a hidden path.
message
seg.proto:141Used in:
optional hop_field = 1
Material to create the data-plane hop field.
uint32 ingress_mtu = 2
MTU on the ingress link.
message
seg.proto:161Used in: ,
uint64 ingress = 1
Ingress interface identifier.
uint64 egress = 2
Egress interface identifier.
uint32 exp_time = 3
8-bit encoded expiration offset relative to the segment creation timestamp.
bytes mac = 4
MAC used in the dataplane to verify the hop field.
message
seg_extensions.proto:66LatencyInfo specifies approximate lower-bound latency values. The separate intra and inter AS latency information allows to reconstruct latency values for all paths (cross-over, shortcut, peering) based on this ASEntry. All values are in microseconds.
Used in:
map<uint64, uint32> intra = 1
Latency between construction-egress interface and the relevant other interfaces. These are: - construction-ingress interface (if any) - sibling child interfaces, - core interfaces, at start or end of a segment - peer interfaces The key is the interface identifier of the other interface.
map<uint64, uint32> inter = 2
Latency between the local interface and the interface in the neighbor AS for the relevant links. These are: - link at construction-egress interface (if any) - peer links The key is the interface identifier of the local interface associated with the link.
Used in:
LINK_TYPE_UNSPECIFIED = 0
Unspecified link type.
LINK_TYPE_DIRECT = 1
Direct physical connection.
LINK_TYPE_MULTI_HOP = 2
Connection with local routing/switching.
LINK_TYPE_OPEN_NET = 3
Connection overlayed over publicly routed Internet.
message
seg.proto:92Used in: , , ,
bytes segment_info = 1
The encoded SegmentInformation. It is used for signature input.
repeated as_entries = 2
Entries of ASes on the path.
message
seg_extensions.proto:23Used in:
optional static_info = 1
Optional static info extension.
optional hidden_path = 2
Optional hidden path extension.
optional digests = 1000
Optional digests of detached extensions.
message
seg_extensions.proto:150Used in:
optional epic = 1000
Optional EPIC extension.
message
seg.proto:148Used in:
uint64 peer_isd_as = 1
ISD-AS of peer AS. This is used to match peering segments during path construction.
uint64 peer_interface = 2
Remote peer interface identifier. This is used to match peering segments during path construction.
uint32 peer_mtu = 3
MTU on the peering link.
optional hop_field = 4
Material to create the data-plane hop field
message
seg.proto:99int64 timestamp = 1
Segment creation time set by the originating AS. Segment expiration time is computed relative to this timestamp. The timestamp is encoded as number of seconds elapsed since January 1, 1970 UTC.
uint32 segment_id = 2
The 16-bit segment ID integer used for MAC computation.
SEGMENT_TYPE_UNSPECIFIED = 0
Unknown segment type.
SEGMENT_TYPE_UP = 1
Up segment.
SEGMENT_TYPE_DOWN = 2
Down segment.
SEGMENT_TYPE_CORE = 3
Core segment.
message
seg.proto:68Used in:
repeated segments = 1
List of path segments.
message
seg.proto:49Used in:
repeated segments = 1
List of path segments.
message
svc_resolution.proto:24A ServiceResolutionRequest must always fit within a UDP datagram. If the request does not fit, there is no mechanism for clients and servers to establish control-plane reachability.
(message has no fields)
message
svc_resolution.proto:29A ServiceResolutionResponse must always fit within a UDP datagram. If the response does not fit, there is no mechanism for clients and servers to establish control-plane reachability.
map<string, > transports = 1
Supported transports to reach the service, List of known transports: - QUIC Unknown values should be ignored by clients.
message
seg_extensions.proto:38Used in:
optional latency = 1
Approximate, lower-bound latency for paths based on this ASEntry.
optional bandwidth = 2
Approximate, maximum bandwidth for paths based on this ASEntry.
map<uint64, > geo = 3
Geographical coordinates describing the location of the routers for relevant interfaces of this AS. The key is the interface identifier.
map<uint64, LinkType> link_type = 4
Description of the underlying network for the inter-AS links, for the relevant interfaces of this AS. The key is the interface identifier.
map<uint64, uint32> internal_hops = 5
Number of AS internal hops between the construction-egress and the relevant other interfaces. These are: - construction-ingress interface (if any) - sibling child interfaces, - core interfaces, at start or end of a segment - peer interfaces The key is the interface identifier of the other interface.
string note = 6
Generic note
message
svc_resolution.proto:39Used in:
string address = 1
Protocol specific server address descriptor. Supported address format for QUIC: 192.168.0.1:80 [2001:db8::1]:80 Missing ports / zero port / invalid port values should be treated by clients as errors.
message
cppki.proto:71VerificationKeyID is used to identify certificates that authenticate the verification key used to verify signatures.
uint64 isd_as = 1
ISD-AS of the subject.
bytes subject_key_id = 2
SubjectKeyID referenced in the certificate.
uint64 trc_base = 3
Base number of the latest TRC available to the signer at the time of signature creation.
uint64 trc_serial = 4
Serial number of the latest TRC available to the signer at the time of signature creation.