netbird/signal/proto/signalexchange.proto

syntax = "proto3";

import "google/protobuf/descriptor.proto";

option go_package = "/proto";

package signalexchange;

service SignalExchange {
  // Synchronously connect to the Signal Exchange service offering connection candidates and waiting for connection candidates from the other party (remote peer)
  rpc Send(EncryptedMessage) returns (EncryptedMessage) {}
  // Connect to the Signal Exchange service offering connection candidates and maintain a channel for receiving candidates from the other party (remote peer)
  rpc ConnectStream(stream EncryptedMessage) returns (stream EncryptedMessage) {}
}

// Used for sending through signal.
// The body of this message is the Body message encrypted with the Wireguard private key and the remote Peer key
message EncryptedMessage {

  // Wireguard public key
  string key = 2;

  // Wireguard public key of the remote peer to connect to
  string remoteKey = 3;

  // encrypted message Body
  bytes body = 4;
}

// A decrypted representation of the EncryptedMessage. Used locally before/after encryption
message Message {
  // WireGuard public key
  string key = 2;

  // WireGuard public key of the remote peer to connect to
  string remoteKey = 3;

  Body body = 4;
}

// Actual body of the message that can contain credentials (type OFFER/ANSWER) or connection Candidate
// This part will be encrypted
message Body {
  // Message type
  enum Type {
    OFFER = 0;
    ANSWER = 1;
    CANDIDATE = 2;
    MODE = 4;
  }
  Type type = 1;
  string payload = 2;
  // wgListenPort is an actual WireGuard listen port
  uint32 wgListenPort = 3;
  string netBirdVersion = 4;
  Mode mode = 5;

  // featuresSupported list of supported features by the client of this protocol
  repeated uint32 featuresSupported = 6;

  // RosenpassConfig is a Rosenpass config of the remote peer our peer tries to connect to
  RosenpassConfig rosenpassConfig = 7;

  // relayServerAddress is url of the relay server
  string relayServerAddress = 8;
}

// Mode indicates a connection mode
message Mode {
  optional bool direct = 1;
}

message RosenpassConfig {
  bytes rosenpassPubKey = 1;
  // rosenpassServerAddr is an IP:port of the rosenpass service
  string rosenpassServerAddr = 2;
}
project init 2021-05-01 12:45:37 +02:00			`syntax = "proto3";`

			`import "google/protobuf/descriptor.proto";`

update signal gRpc, enable TLS and add keepalive params (#62) * chore: update signal gRpc * chore: add Signal keep alive params and policy * feature: add signal TLS support * refactor: move signal Dockerfile to the corresponding folder Co-authored-by: braginini <m.bragin@wiretrustee.com> 2021-07-21 20:23:11 +02:00			`option go_package = "/proto";`
project init 2021-05-01 12:45:37 +02:00
			`package signalexchange;`

			`service SignalExchange {`
			`// Synchronously connect to the Signal Exchange service offering connection candidates and waiting for connection candidates from the other party (remote peer)`
feat: add encryption of the payload exchanged via signal 2021-05-01 18:29:59 +02:00			`rpc Send(EncryptedMessage) returns (EncryptedMessage) {}`
project init 2021-05-01 12:45:37 +02:00			`// Connect to the Signal Exchange service offering connection candidates and maintain a channel for receiving candidates from the other party (remote peer)`
feat: add encryption of the payload exchanged via signal 2021-05-01 18:29:59 +02:00			`rpc ConnectStream(stream EncryptedMessage) returns (stream EncryptedMessage) {}`
project init 2021-05-01 12:45:37 +02:00			`}`

feat: add encryption of the payload exchanged via signal 2021-05-01 18:29:59 +02:00			`// Used for sending through signal.`
			`// The body of this message is the Body message encrypted with the Wireguard private key and the remote Peer key`
			`message EncryptedMessage {`

			`// Wireguard public key`
			`string key = 2;`

			`// Wireguard public key of the remote peer to connect to`
			`string remoteKey = 3;`

			`// encrypted message Body`
			`bytes body = 4;`
			`}`

			`// A decrypted representation of the EncryptedMessage. Used locally before/after encryption`
project init 2021-05-01 12:45:37 +02:00			`message Message {`
Integrate Rosenpass (#1153) This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command. If two peers are both support and have the Rosenpass feature enabled they will create a post-quantum secure connection. If one of the peers or both don't have this feature enabled or are running an older version that does not have this feature yet, the NetBird client will fall back to a plain Wireguard connection without pre-shared keys for those connections (keeping Rosenpass negotiation for the rest). Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. --------- Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> 2024-01-08 12:25:35 +01:00			`// WireGuard public key`
feat: add encryption of the payload exchanged via signal 2021-05-01 18:29:59 +02:00			`string key = 2;`

Integrate Rosenpass (#1153) This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command. If two peers are both support and have the Rosenpass feature enabled they will create a post-quantum secure connection. If one of the peers or both don't have this feature enabled or are running an older version that does not have this feature yet, the NetBird client will fall back to a plain Wireguard connection without pre-shared keys for those connections (keeping Rosenpass negotiation for the rest). Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. --------- Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> 2024-01-08 12:25:35 +01:00			`// WireGuard public key of the remote peer to connect to`
feat: add encryption of the payload exchanged via signal 2021-05-01 18:29:59 +02:00			`string remoteKey = 3;`

			`Body body = 4;`
			`}`
project init 2021-05-01 12:45:37 +02:00
feat: add encryption of the payload exchanged via signal 2021-05-01 18:29:59 +02:00			`// Actual body of the message that can contain credentials (type OFFER/ANSWER) or connection Candidate`
			`// This part will be encrypted`
			`message Body {`
project init 2021-05-01 12:45:37 +02:00			`// Message type`
			`enum Type {`
			`OFFER = 0;`
			`ANSWER = 1;`
			`CANDIDATE = 2;`
Exchange proxy mode via signal (#727) Before defining if we will use direct or proxy connection we will exchange a message with the other peer if the modes match we keep the decision from the shouldUseProxy function otherwise we skip using direct connection. Added a feature support message to the signal protocol 2023-03-16 16:46:17 +01:00			`MODE = 4;`
project init 2021-05-01 12:45:37 +02:00			`}`
			`Type type = 1;`
feat: add encryption of the payload exchanged via signal 2021-05-01 18:29:59 +02:00			`string payload = 2;`
Load WgPort from config file and exchange via signal (#449) Added additional common blacklisted interfaces Updated the signal protocol to pass the peer port and netbird version Co-authored-by: braginini <bangvalo@gmail.com> 2022-09-02 19:33:35 +02:00			`// wgListenPort is an actual WireGuard listen port`
			`uint32 wgListenPort = 3;`
			`string netBirdVersion = 4;`
Exchange proxy mode via signal (#727) Before defining if we will use direct or proxy connection we will exchange a message with the other peer if the modes match we keep the decision from the shouldUseProxy function otherwise we skip using direct connection. Added a feature support message to the signal protocol 2023-03-16 16:46:17 +01:00			`Mode mode = 5;`

			`// featuresSupported list of supported features by the client of this protocol`
			`repeated uint32 featuresSupported = 6;`
Integrate Rosenpass (#1153) This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command. If two peers are both support and have the Rosenpass feature enabled they will create a post-quantum secure connection. If one of the peers or both don't have this feature enabled or are running an older version that does not have this feature yet, the NetBird client will fall back to a plain Wireguard connection without pre-shared keys for those connections (keeping Rosenpass negotiation for the rest). Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. --------- Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> 2024-01-08 12:25:35 +01:00
			`// RosenpassConfig is a Rosenpass config of the remote peer our peer tries to connect to`
			`RosenpassConfig rosenpassConfig = 7;`
[relay] Feature/relay integration (#2244) This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port. - Adds new relay implementation with websocket with single port relaying mechanism - refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection - peer connections are faster since it connects first to relay and then upgrades to P2P - maintains compatibility with old clients by not using the new relay - updates infrastructure scripts with new relay service 2024-09-08 12:06:14 +02:00
			`// relayServerAddress is url of the relay server`
			`string relayServerAddress = 8;`
Exchange proxy mode via signal (#727) Before defining if we will use direct or proxy connection we will exchange a message with the other peer if the modes match we keep the decision from the shouldUseProxy function otherwise we skip using direct connection. Added a feature support message to the signal protocol 2023-03-16 16:46:17 +01:00			`}`

			`// Mode indicates a connection mode`
			`message Mode {`
			`optional bool direct = 1;`
Integrate Rosenpass (#1153) This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command. If two peers are both support and have the Rosenpass feature enabled they will create a post-quantum secure connection. If one of the peers or both don't have this feature enabled or are running an older version that does not have this feature yet, the NetBird client will fall back to a plain Wireguard connection without pre-shared keys for those connections (keeping Rosenpass negotiation for the rest). Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. --------- Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> 2024-01-08 12:25:35 +01:00			`}`

			`message RosenpassConfig {`
			`bytes rosenpassPubKey = 1;`
			`// rosenpassServerAddr is an IP:port of the rosenpass service`
			`string rosenpassServerAddr = 2;`
project init 2021-05-01 12:45:37 +02:00			`}`