feat: gitea client

vendor/google.golang.org/grpc/credentials/alts/internal/authinfo/authinfo.go

@@ -0,0 +1,95 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package authinfo provide authentication information returned by handshakers.
+package authinfo
+
+import (
+	"google.golang.org/grpc/credentials"
+	altspb "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"
+)
+
+var _ credentials.AuthInfo = (*altsAuthInfo)(nil)
+
+// altsAuthInfo exposes security information from the ALTS handshake to the
+// application. altsAuthInfo is immutable and implements credentials.AuthInfo.
+type altsAuthInfo struct {
+	p *altspb.AltsContext
+	credentials.CommonAuthInfo
+}
+
+// New returns a new altsAuthInfo object given handshaker results.
+func New(result *altspb.HandshakerResult) credentials.AuthInfo {
+	return newAuthInfo(result)
+}
+
+func newAuthInfo(result *altspb.HandshakerResult) *altsAuthInfo {
+	return &altsAuthInfo{
+		p: &altspb.AltsContext{
+			ApplicationProtocol: result.GetApplicationProtocol(),
+			RecordProtocol:      result.GetRecordProtocol(),
+			// TODO: assign security level from result.
+			SecurityLevel:       altspb.SecurityLevel_INTEGRITY_AND_PRIVACY,
+			PeerServiceAccount:  result.GetPeerIdentity().GetServiceAccount(),
+			LocalServiceAccount: result.GetLocalIdentity().GetServiceAccount(),
+			PeerRpcVersions:     result.GetPeerRpcVersions(),
+			PeerAttributes:      result.GetPeerIdentity().GetAttributes(),
+		},
+		CommonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity},
+	}
+}
+
+// AuthType identifies the context as providing ALTS authentication information.
+func (s *altsAuthInfo) AuthType() string {
+	return "alts"
+}
+
+// ApplicationProtocol returns the context's application protocol.
+func (s *altsAuthInfo) ApplicationProtocol() string {
+	return s.p.GetApplicationProtocol()
+}
+
+// RecordProtocol returns the context's record protocol.
+func (s *altsAuthInfo) RecordProtocol() string {
+	return s.p.GetRecordProtocol()
+}
+
+// SecurityLevel returns the context's security level.
+func (s *altsAuthInfo) SecurityLevel() altspb.SecurityLevel {
+	return s.p.GetSecurityLevel()
+}
+
+// PeerServiceAccount returns the context's peer service account.
+func (s *altsAuthInfo) PeerServiceAccount() string {
+	return s.p.GetPeerServiceAccount()
+}
+
+// LocalServiceAccount returns the context's local service account.
+func (s *altsAuthInfo) LocalServiceAccount() string {
+	return s.p.GetLocalServiceAccount()
+}
+
+// PeerRPCVersions returns the context's peer RPC versions.
+func (s *altsAuthInfo) PeerRPCVersions() *altspb.RpcProtocolVersions {
+	return s.p.GetPeerRpcVersions()
+}
+
+// PeerAttributes returns the context's peer attributes.
+func (s *altsAuthInfo) PeerAttributes() map[string]string {
+	return s.p.GetPeerAttributes()
+}

vendor/google.golang.org/grpc/credentials/alts/internal/common.go

@@ -0,0 +1,67 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package internal contains common core functionality for ALTS.
+package internal
+
+import (
+	"context"
+	"net"
+
+	"google.golang.org/grpc/credentials"
+)
+
+const (
+	// ClientSide identifies the client in this communication.
+	ClientSide Side = iota
+	// ServerSide identifies the server in this communication.
+	ServerSide
+)
+
+// PeerNotRespondingError is returned when a peer server is not responding
+// after a channel has been established. It is treated as a temporary connection
+// error and re-connection to the server should be attempted.
+var PeerNotRespondingError = &peerNotRespondingError{}
+
+// Side identifies the party's role: client or server.
+type Side int
+
+type peerNotRespondingError struct{}
+
+// Return an error message for the purpose of logging.
+func (e *peerNotRespondingError) Error() string {
+	return "peer server is not responding and re-connection should be attempted."
+}
+
+// Temporary indicates if this connection error is temporary or fatal.
+func (e *peerNotRespondingError) Temporary() bool {
+	return true
+}
+
+// Handshaker defines a ALTS handshaker interface.
+type Handshaker interface {
+	// ClientHandshake starts and completes a client-side handshaking and
+	// returns a secure connection and corresponding auth information.
+	ClientHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error)
+	// ServerHandshake starts and completes a server-side handshaking and
+	// returns a secure connection and corresponding auth information.
+	ServerHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error)
+	// Close terminates the Handshaker. It should be called when the caller
+	// obtains the secure connection.
+	Close()
+}

vendor/google.golang.org/grpc/credentials/alts/internal/conn/aeadrekey.go

@@ -0,0 +1,131 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/binary"
+	"fmt"
+	"strconv"
+)
+
+// rekeyAEAD holds the necessary information for an AEAD based on
+// AES-GCM that performs nonce-based key derivation and XORs the
+// nonce with a random mask.
+type rekeyAEAD struct {
+	kdfKey     []byte
+	kdfCounter []byte
+	nonceMask  []byte
+	nonceBuf   []byte
+	gcmAEAD    cipher.AEAD
+}
+
+// KeySizeError signals that the given key does not have the correct size.
+type KeySizeError int
+
+func (k KeySizeError) Error() string {
+	return "alts/conn: invalid key size " + strconv.Itoa(int(k))
+}
+
+// newRekeyAEAD creates a new instance of aes128gcm with rekeying.
+// The key argument should be 44 bytes, the first 32 bytes are used as a key
+// for HKDF-expand and the remainining 12 bytes are used as a random mask for
+// the counter.
+func newRekeyAEAD(key []byte) (*rekeyAEAD, error) {
+	k := len(key)
+	if k != kdfKeyLen+nonceLen {
+		return nil, KeySizeError(k)
+	}
+	return &rekeyAEAD{
+		kdfKey:     key[:kdfKeyLen],
+		kdfCounter: make([]byte, kdfCounterLen),
+		nonceMask:  key[kdfKeyLen:],
+		nonceBuf:   make([]byte, nonceLen),
+		gcmAEAD:    nil,
+	}, nil
+}
+
+// Seal rekeys if nonce[2:8] is different than in the last call, masks the nonce,
+// and calls Seal for aes128gcm.
+func (s *rekeyAEAD) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	if err := s.rekeyIfRequired(nonce); err != nil {
+		panic(fmt.Sprintf("Rekeying failed with: %s", err.Error()))
+	}
+	maskNonce(s.nonceBuf, nonce, s.nonceMask)
+	return s.gcmAEAD.Seal(dst, s.nonceBuf, plaintext, additionalData)
+}
+
+// Open rekeys if nonce[2:8] is different than in the last call, masks the nonce,
+// and calls Open for aes128gcm.
+func (s *rekeyAEAD) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	if err := s.rekeyIfRequired(nonce); err != nil {
+		return nil, err
+	}
+	maskNonce(s.nonceBuf, nonce, s.nonceMask)
+	return s.gcmAEAD.Open(dst, s.nonceBuf, ciphertext, additionalData)
+}
+
+// rekeyIfRequired creates a new aes128gcm AEAD if the existing AEAD is nil
+// or cannot be used with given nonce.
+func (s *rekeyAEAD) rekeyIfRequired(nonce []byte) error {
+	newKdfCounter := nonce[kdfCounterOffset : kdfCounterOffset+kdfCounterLen]
+	if s.gcmAEAD != nil && bytes.Equal(newKdfCounter, s.kdfCounter) {
+		return nil
+	}
+	copy(s.kdfCounter, newKdfCounter)
+	a, err := aes.NewCipher(hkdfExpand(s.kdfKey, s.kdfCounter))
+	if err != nil {
+		return err
+	}
+	s.gcmAEAD, err = cipher.NewGCM(a)
+	return err
+}
+
+// maskNonce XORs the given nonce with the mask and stores the result in dst.
+func maskNonce(dst, nonce, mask []byte) {
+	nonce1 := binary.LittleEndian.Uint64(nonce[:sizeUint64])
+	nonce2 := binary.LittleEndian.Uint32(nonce[sizeUint64:])
+	mask1 := binary.LittleEndian.Uint64(mask[:sizeUint64])
+	mask2 := binary.LittleEndian.Uint32(mask[sizeUint64:])
+	binary.LittleEndian.PutUint64(dst[:sizeUint64], nonce1^mask1)
+	binary.LittleEndian.PutUint32(dst[sizeUint64:], nonce2^mask2)
+}
+
+// NonceSize returns the required nonce size.
+func (s *rekeyAEAD) NonceSize() int {
+	return s.gcmAEAD.NonceSize()
+}
+
+// Overhead returns the ciphertext overhead.
+func (s *rekeyAEAD) Overhead() int {
+	return s.gcmAEAD.Overhead()
+}
+
+// hkdfExpand computes the first 16 bytes of the HKDF-expand function
+// defined in RFC5869.
+func hkdfExpand(key, info []byte) []byte {
+	mac := hmac.New(sha256.New, key)
+	mac.Write(info)
+	mac.Write([]byte{0x01}[:])
+	return mac.Sum(nil)[:aeadKeyLen]
+}

vendor/google.golang.org/grpc/credentials/alts/internal/conn/aes128gcm.go

@@ -0,0 +1,105 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+
+	core "google.golang.org/grpc/credentials/alts/internal"
+)
+
+const (
+	// Overflow length n in bytes, never encrypt more than 2^(n*8) frames (in
+	// each direction).
+	overflowLenAES128GCM = 5
+)
+
+// aes128gcm is the struct that holds necessary information for ALTS record.
+// The counter value is NOT included in the payload during the encryption and
+// decryption operations.
+type aes128gcm struct {
+	// inCounter is used in ALTS record to check that incoming counters are
+	// as expected, since ALTS record guarantees that messages are unwrapped
+	// in the same order that the peer wrapped them.
+	inCounter  Counter
+	outCounter Counter
+	aead       cipher.AEAD
+}
+
+// NewAES128GCM creates an instance that uses aes128gcm for ALTS record.
+func NewAES128GCM(side core.Side, key []byte) (ALTSRecordCrypto, error) {
+	c, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	a, err := cipher.NewGCM(c)
+	if err != nil {
+		return nil, err
+	}
+	return &aes128gcm{
+		inCounter:  NewInCounter(side, overflowLenAES128GCM),
+		outCounter: NewOutCounter(side, overflowLenAES128GCM),
+		aead:       a,
+	}, nil
+}
+
+// Encrypt is the encryption function. dst can contain bytes at the beginning of
+// the ciphertext that will not be encrypted but will be authenticated. If dst
+// has enough capacity to hold these bytes, the ciphertext and the tag, no
+// allocation and copy operations will be performed. dst and plaintext do not
+// overlap.
+func (s *aes128gcm) Encrypt(dst, plaintext []byte) ([]byte, error) {
+	// If we need to allocate an output buffer, we want to include space for
+	// GCM tag to avoid forcing ALTS record to reallocate as well.
+	dlen := len(dst)
+	dst, out := SliceForAppend(dst, len(plaintext)+GcmTagSize)
+	seq, err := s.outCounter.Value()
+	if err != nil {
+		return nil, err
+	}
+	data := out[:len(plaintext)]
+	copy(data, plaintext) // data may alias plaintext
+
+	// Seal appends the ciphertext and the tag to its first argument and
+	// returns the updated slice. However, SliceForAppend above ensures that
+	// dst has enough capacity to avoid a reallocation and copy due to the
+	// append.
+	dst = s.aead.Seal(dst[:dlen], seq, data, nil)
+	s.outCounter.Inc()
+	return dst, nil
+}
+
+func (s *aes128gcm) EncryptionOverhead() int {
+	return GcmTagSize
+}
+
+func (s *aes128gcm) Decrypt(dst, ciphertext []byte) ([]byte, error) {
+	seq, err := s.inCounter.Value()
+	if err != nil {
+		return nil, err
+	}
+	// If dst is equal to ciphertext[:0], ciphertext storage is reused.
+	plaintext, err := s.aead.Open(dst, seq, ciphertext, nil)
+	if err != nil {
+		return nil, ErrAuth
+	}
+	s.inCounter.Inc()
+	return plaintext, nil
+}

vendor/google.golang.org/grpc/credentials/alts/internal/conn/aes128gcmrekey.go

@@ -0,0 +1,116 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import (
+	"crypto/cipher"
+
+	core "google.golang.org/grpc/credentials/alts/internal"
+)
+
+const (
+	// Overflow length n in bytes, never encrypt more than 2^(n*8) frames (in
+	// each direction).
+	overflowLenAES128GCMRekey = 8
+	nonceLen                  = 12
+	aeadKeyLen                = 16
+	kdfKeyLen                 = 32
+	kdfCounterOffset          = 2
+	kdfCounterLen             = 6
+	sizeUint64                = 8
+)
+
+// aes128gcmRekey is the struct that holds necessary information for ALTS record.
+// The counter value is NOT included in the payload during the encryption and
+// decryption operations.
+type aes128gcmRekey struct {
+	// inCounter is used in ALTS record to check that incoming counters are
+	// as expected, since ALTS record guarantees that messages are unwrapped
+	// in the same order that the peer wrapped them.
+	inCounter  Counter
+	outCounter Counter
+	inAEAD     cipher.AEAD
+	outAEAD    cipher.AEAD
+}
+
+// NewAES128GCMRekey creates an instance that uses aes128gcm with rekeying
+// for ALTS record. The key argument should be 44 bytes, the first 32 bytes
+// are used as a key for HKDF-expand and the remainining 12 bytes are used
+// as a random mask for the counter.
+func NewAES128GCMRekey(side core.Side, key []byte) (ALTSRecordCrypto, error) {
+	inCounter := NewInCounter(side, overflowLenAES128GCMRekey)
+	outCounter := NewOutCounter(side, overflowLenAES128GCMRekey)
+	inAEAD, err := newRekeyAEAD(key)
+	if err != nil {
+		return nil, err
+	}
+	outAEAD, err := newRekeyAEAD(key)
+	if err != nil {
+		return nil, err
+	}
+	return &aes128gcmRekey{
+		inCounter,
+		outCounter,
+		inAEAD,
+		outAEAD,
+	}, nil
+}
+
+// Encrypt is the encryption function. dst can contain bytes at the beginning of
+// the ciphertext that will not be encrypted but will be authenticated. If dst
+// has enough capacity to hold these bytes, the ciphertext and the tag, no
+// allocation and copy operations will be performed. dst and plaintext do not
+// overlap.
+func (s *aes128gcmRekey) Encrypt(dst, plaintext []byte) ([]byte, error) {
+	// If we need to allocate an output buffer, we want to include space for
+	// GCM tag to avoid forcing ALTS record to reallocate as well.
+	dlen := len(dst)
+	dst, out := SliceForAppend(dst, len(plaintext)+GcmTagSize)
+	seq, err := s.outCounter.Value()
+	if err != nil {
+		return nil, err
+	}
+	data := out[:len(plaintext)]
+	copy(data, plaintext) // data may alias plaintext
+
+	// Seal appends the ciphertext and the tag to its first argument and
+	// returns the updated slice. However, SliceForAppend above ensures that
+	// dst has enough capacity to avoid a reallocation and copy due to the
+	// append.
+	dst = s.outAEAD.Seal(dst[:dlen], seq, data, nil)
+	s.outCounter.Inc()
+	return dst, nil
+}
+
+func (s *aes128gcmRekey) EncryptionOverhead() int {
+	return GcmTagSize
+}
+
+func (s *aes128gcmRekey) Decrypt(dst, ciphertext []byte) ([]byte, error) {
+	seq, err := s.inCounter.Value()
+	if err != nil {
+		return nil, err
+	}
+	plaintext, err := s.inAEAD.Open(dst, seq, ciphertext, nil)
+	if err != nil {
+		return nil, ErrAuth
+	}
+	s.inCounter.Inc()
+	return plaintext, nil
+}

vendor/google.golang.org/grpc/credentials/alts/internal/conn/common.go

@@ -0,0 +1,70 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+)
+
+const (
+	// GcmTagSize is the GCM tag size is the difference in length between
+	// plaintext and ciphertext. From crypto/cipher/gcm.go in Go crypto
+	// library.
+	GcmTagSize = 16
+)
+
+// ErrAuth occurs on authentication failure.
+var ErrAuth = errors.New("message authentication failed")
+
+// SliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func SliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return head, tail
+}
+
+// ParseFramedMsg parse the provided buffer and returns a frame of the format
+// msgLength+msg and any remaining bytes in that buffer.
+func ParseFramedMsg(b []byte, maxLen uint32) ([]byte, []byte, error) {
+	// If the size field is not complete, return the provided buffer as
+	// remaining buffer.
+	if len(b) < MsgLenFieldSize {
+		return nil, b, nil
+	}
+	msgLenField := b[:MsgLenFieldSize]
+	length := binary.LittleEndian.Uint32(msgLenField)
+	if length > maxLen {
+		return nil, nil, fmt.Errorf("received the frame length %d larger than the limit %d", length, maxLen)
+	}
+	if len(b) < int(length)+4 { // account for the first 4 msg length bytes.
+		// Frame is not complete yet.
+		return nil, b, nil
+	}
+	return b[:MsgLenFieldSize+length], b[MsgLenFieldSize+length:], nil
+}

vendor/google.golang.org/grpc/credentials/alts/internal/conn/counter.go

@@ -0,0 +1,62 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import (
+	"errors"
+)
+
+const counterLen = 12
+
+var (
+	errInvalidCounter = errors.New("invalid counter")
+)
+
+// Counter is a 96-bit, little-endian counter.
+type Counter struct {
+	value       [counterLen]byte
+	invalid     bool
+	overflowLen int
+}
+
+// Value returns the current value of the counter as a byte slice.
+func (c *Counter) Value() ([]byte, error) {
+	if c.invalid {
+		return nil, errInvalidCounter
+	}
+	return c.value[:], nil
+}
+
+// Inc increments the counter and checks for overflow.
+func (c *Counter) Inc() {
+	// If the counter is already invalid, there is no need to increase it.
+	if c.invalid {
+		return
+	}
+	i := 0
+	for ; i < c.overflowLen; i++ {
+		c.value[i]++
+		if c.value[i] != 0 {
+			break
+		}
+	}
+	if i == c.overflowLen {
+		c.invalid = true
+	}
+}

vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go

@@ -0,0 +1,275 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package conn contains an implementation of a secure channel created by gRPC
+// handshakers.
+package conn
+
+import (
+	"encoding/binary"
+	"fmt"
+	"math"
+	"net"
+
+	core "google.golang.org/grpc/credentials/alts/internal"
+)
+
+// ALTSRecordCrypto is the interface for gRPC ALTS record protocol.
+type ALTSRecordCrypto interface {
+	// Encrypt encrypts the plaintext and computes the tag (if any) of dst
+	// and plaintext. dst and plaintext may fully overlap or not at all.
+	Encrypt(dst, plaintext []byte) ([]byte, error)
+	// EncryptionOverhead returns the tag size (if any) in bytes.
+	EncryptionOverhead() int
+	// Decrypt decrypts ciphertext and verify the tag (if any). dst and
+	// ciphertext may alias exactly or not at all. To reuse ciphertext's
+	// storage for the decrypted output, use ciphertext[:0] as dst.
+	Decrypt(dst, ciphertext []byte) ([]byte, error)
+}
+
+// ALTSRecordFunc is a function type for factory functions that create
+// ALTSRecordCrypto instances.
+type ALTSRecordFunc func(s core.Side, keyData []byte) (ALTSRecordCrypto, error)
+
+const (
+	// MsgLenFieldSize is the byte size of the frame length field of a
+	// framed message.
+	MsgLenFieldSize = 4
+	// The byte size of the message type field of a framed message.
+	msgTypeFieldSize = 4
+	// The bytes size limit for a ALTS record message.
+	altsRecordLengthLimit = 1024 * 1024 // 1 MiB
+	// The default bytes size of a ALTS record message.
+	altsRecordDefaultLength = 4 * 1024 // 4KiB
+	// Message type value included in ALTS record framing.
+	altsRecordMsgType = uint32(0x06)
+	// The initial write buffer size.
+	altsWriteBufferInitialSize = 32 * 1024 // 32KiB
+	// The maximum write buffer size. This *must* be multiple of
+	// altsRecordDefaultLength.
+	altsWriteBufferMaxSize = 512 * 1024 // 512KiB
+)
+
+var (
+	protocols = make(map[string]ALTSRecordFunc)
+)
+
+// RegisterProtocol register a ALTS record encryption protocol.
+func RegisterProtocol(protocol string, f ALTSRecordFunc) error {
+	if _, ok := protocols[protocol]; ok {
+		return fmt.Errorf("protocol %v is already registered", protocol)
+	}
+	protocols[protocol] = f
+	return nil
+}
+
+// conn represents a secured connection. It implements the net.Conn interface.
+type conn struct {
+	net.Conn
+	crypto ALTSRecordCrypto
+	// buf holds data that has been read from the connection and decrypted,
+	// but has not yet been returned by Read.
+	buf                []byte
+	payloadLengthLimit int
+	// protected holds data read from the network but have not yet been
+	// decrypted. This data might not compose a complete frame.
+	protected []byte
+	// writeBuf is a buffer used to contain encrypted frames before being
+	// written to the network.
+	writeBuf []byte
+	// nextFrame stores the next frame (in protected buffer) info.
+	nextFrame []byte
+	// overhead is the calculated overhead of each frame.
+	overhead int
+}
+
+// NewConn creates a new secure channel instance given the other party role and
+// handshaking result.
+func NewConn(c net.Conn, side core.Side, recordProtocol string, key []byte, protected []byte) (net.Conn, error) {
+	newCrypto := protocols[recordProtocol]
+	if newCrypto == nil {
+		return nil, fmt.Errorf("negotiated unknown next_protocol %q", recordProtocol)
+	}
+	crypto, err := newCrypto(side, key)
+	if err != nil {
+		return nil, fmt.Errorf("protocol %q: %v", recordProtocol, err)
+	}
+	overhead := MsgLenFieldSize + msgTypeFieldSize + crypto.EncryptionOverhead()
+	payloadLengthLimit := altsRecordDefaultLength - overhead
+	var protectedBuf []byte
+	if protected == nil {
+		// We pre-allocate protected to be of size
+		// 2*altsRecordDefaultLength-1 during initialization. We only
+		// read from the network into protected when protected does not
+		// contain a complete frame, which is at most
+		// altsRecordDefaultLength-1 (bytes). And we read at most
+		// altsRecordDefaultLength (bytes) data into protected at one
+		// time. Therefore, 2*altsRecordDefaultLength-1 is large enough
+		// to buffer data read from the network.
+		protectedBuf = make([]byte, 0, 2*altsRecordDefaultLength-1)
+	} else {
+		protectedBuf = make([]byte, len(protected))
+		copy(protectedBuf, protected)
+	}
+
+	altsConn := &conn{
+		Conn:               c,
+		crypto:             crypto,
+		payloadLengthLimit: payloadLengthLimit,
+		protected:          protectedBuf,
+		writeBuf:           make([]byte, altsWriteBufferInitialSize),
+		nextFrame:          protectedBuf,
+		overhead:           overhead,
+	}
+	return altsConn, nil
+}
+
+// Read reads and decrypts a frame from the underlying connection, and copies the
+// decrypted payload into b. If the size of the payload is greater than len(b),
+// Read retains the remaining bytes in an internal buffer, and subsequent calls
+// to Read will read from this buffer until it is exhausted.
+func (p *conn) Read(b []byte) (n int, err error) {
+	if len(p.buf) == 0 {
+		var framedMsg []byte
+		framedMsg, p.nextFrame, err = ParseFramedMsg(p.nextFrame, altsRecordLengthLimit)
+		if err != nil {
+			return n, err
+		}
+		// Check whether the next frame to be decrypted has been
+		// completely received yet.
+		if len(framedMsg) == 0 {
+			copy(p.protected, p.nextFrame)
+			p.protected = p.protected[:len(p.nextFrame)]
+			// Always copy next incomplete frame to the beginning of
+			// the protected buffer and reset nextFrame to it.
+			p.nextFrame = p.protected
+		}
+		// Check whether a complete frame has been received yet.
+		for len(framedMsg) == 0 {
+			if len(p.protected) == cap(p.protected) {
+				tmp := make([]byte, len(p.protected), cap(p.protected)+altsRecordDefaultLength)
+				copy(tmp, p.protected)
+				p.protected = tmp
+			}
+			n, err = p.Conn.Read(p.protected[len(p.protected):min(cap(p.protected), len(p.protected)+altsRecordDefaultLength)])
+			if err != nil {
+				return 0, err
+			}
+			p.protected = p.protected[:len(p.protected)+n]
+			framedMsg, p.nextFrame, err = ParseFramedMsg(p.protected, altsRecordLengthLimit)
+			if err != nil {
+				return 0, err
+			}
+		}
+		// Now we have a complete frame, decrypted it.
+		msg := framedMsg[MsgLenFieldSize:]
+		msgType := binary.LittleEndian.Uint32(msg[:msgTypeFieldSize])
+		if msgType&0xff != altsRecordMsgType {
+			return 0, fmt.Errorf("received frame with incorrect message type %v, expected lower byte %v",
+				msgType, altsRecordMsgType)
+		}
+		ciphertext := msg[msgTypeFieldSize:]
+
+		// Decrypt requires that if the dst and ciphertext alias, they
+		// must alias exactly. Code here used to use msg[:0], but msg
+		// starts MsgLenFieldSize+msgTypeFieldSize bytes earlier than
+		// ciphertext, so they alias inexactly. Using ciphertext[:0]
+		// arranges the appropriate aliasing without needing to copy
+		// ciphertext or use a separate destination buffer. For more info
+		// check: https://golang.org/pkg/crypto/cipher/#AEAD.
+		p.buf, err = p.crypto.Decrypt(ciphertext[:0], ciphertext)
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	n = copy(b, p.buf)
+	p.buf = p.buf[n:]
+	return n, nil
+}
+
+// Write encrypts, frames, and writes bytes from b to the underlying connection.
+func (p *conn) Write(b []byte) (n int, err error) {
+	n = len(b)
+	// Calculate the output buffer size with framing and encryption overhead.
+	numOfFrames := int(math.Ceil(float64(len(b)) / float64(p.payloadLengthLimit)))
+	size := len(b) + numOfFrames*p.overhead
+	// If writeBuf is too small, increase its size up to the maximum size.
+	partialBSize := len(b)
+	if size > altsWriteBufferMaxSize {
+		size = altsWriteBufferMaxSize
+		const numOfFramesInMaxWriteBuf = altsWriteBufferMaxSize / altsRecordDefaultLength
+		partialBSize = numOfFramesInMaxWriteBuf * p.payloadLengthLimit
+	}
+	if len(p.writeBuf) < size {
+		p.writeBuf = make([]byte, size)
+	}
+
+	for partialBStart := 0; partialBStart < len(b); partialBStart += partialBSize {
+		partialBEnd := partialBStart + partialBSize
+		if partialBEnd > len(b) {
+			partialBEnd = len(b)
+		}
+		partialB := b[partialBStart:partialBEnd]
+		writeBufIndex := 0
+		for len(partialB) > 0 {
+			payloadLen := len(partialB)
+			if payloadLen > p.payloadLengthLimit {
+				payloadLen = p.payloadLengthLimit
+			}
+			buf := partialB[:payloadLen]
+			partialB = partialB[payloadLen:]
+
+			// Write buffer contains: length, type, payload, and tag
+			// if any.
+
+			// 1. Fill in type field.
+			msg := p.writeBuf[writeBufIndex+MsgLenFieldSize:]
+			binary.LittleEndian.PutUint32(msg, altsRecordMsgType)
+
+			// 2. Encrypt the payload and create a tag if any.
+			msg, err = p.crypto.Encrypt(msg[:msgTypeFieldSize], buf)
+			if err != nil {
+				return n, err
+			}
+
+			// 3. Fill in the size field.
+			binary.LittleEndian.PutUint32(p.writeBuf[writeBufIndex:], uint32(len(msg)))
+
+			// 4. Increase writeBufIndex.
+			writeBufIndex += len(buf) + p.overhead
+		}
+		nn, err := p.Conn.Write(p.writeBuf[:writeBufIndex])
+		if err != nil {
+			// We need to calculate the actual data size that was
+			// written. This means we need to remove header,
+			// encryption overheads, and any partially-written
+			// frame data.
+			numOfWrittenFrames := int(math.Floor(float64(nn) / float64(altsRecordDefaultLength)))
+			return partialBStart + numOfWrittenFrames*p.payloadLengthLimit, err
+		}
+	}
+	return n, nil
+}
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}

vendor/google.golang.org/grpc/credentials/alts/internal/conn/utils.go

@@ -0,0 +1,63 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import core "google.golang.org/grpc/credentials/alts/internal"
+
+// NewOutCounter returns an outgoing counter initialized to the starting sequence
+// number for the client/server side of a connection.
+func NewOutCounter(s core.Side, overflowLen int) (c Counter) {
+	c.overflowLen = overflowLen
+	if s == core.ServerSide {
+		// Server counters in ALTS record have the little-endian high bit
+		// set.
+		c.value[counterLen-1] = 0x80
+	}
+	return
+}
+
+// NewInCounter returns an incoming counter initialized to the starting sequence
+// number for the client/server side of a connection. This is used in ALTS record
+// to check that incoming counters are as expected, since ALTS record guarantees
+// that messages are unwrapped in the same order that the peer wrapped them.
+func NewInCounter(s core.Side, overflowLen int) (c Counter) {
+	c.overflowLen = overflowLen
+	if s == core.ClientSide {
+		// Server counters in ALTS record have the little-endian high bit
+		// set.
+		c.value[counterLen-1] = 0x80
+	}
+	return
+}
+
+// CounterFromValue creates a new counter given an initial value.
+func CounterFromValue(value []byte, overflowLen int) (c Counter) {
+	c.overflowLen = overflowLen
+	copy(c.value[:], value)
+	return
+}
+
+// CounterSide returns the connection side (client/server) a sequence counter is
+// associated with.
+func CounterSide(c []byte) core.Side {
+	if c[counterLen-1]&0x80 == 0x80 {
+		return core.ServerSide
+	}
+	return core.ClientSide
+}

vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go

@@ -0,0 +1,373 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package handshaker provides ALTS handshaking functionality for GCP.
+package handshaker
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"time"
+
+	"golang.org/x/sync/semaphore"
+	grpc "google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
+	core "google.golang.org/grpc/credentials/alts/internal"
+	"google.golang.org/grpc/credentials/alts/internal/authinfo"
+	"google.golang.org/grpc/credentials/alts/internal/conn"
+	altsgrpc "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"
+	altspb "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"
+	"google.golang.org/grpc/internal/envconfig"
+)
+
+const (
+	// The maximum byte size of receive frames.
+	frameLimit              = 64 * 1024 // 64 KB
+	rekeyRecordProtocolName = "ALTSRP_GCM_AES128_REKEY"
+)
+
+var (
+	hsProtocol      = altspb.HandshakeProtocol_ALTS
+	appProtocols    = []string{"grpc"}
+	recordProtocols = []string{rekeyRecordProtocolName}
+	keyLength       = map[string]int{
+		rekeyRecordProtocolName: 44,
+	}
+	altsRecordFuncs = map[string]conn.ALTSRecordFunc{
+		// ALTS handshaker protocols.
+		rekeyRecordProtocolName: func(s core.Side, keyData []byte) (conn.ALTSRecordCrypto, error) {
+			return conn.NewAES128GCMRekey(s, keyData)
+		},
+	}
+	// control number of concurrent created (but not closed) handshakes.
+	clientHandshakes = semaphore.NewWeighted(int64(envconfig.ALTSMaxConcurrentHandshakes))
+	serverHandshakes = semaphore.NewWeighted(int64(envconfig.ALTSMaxConcurrentHandshakes))
+	// errOutOfBound occurs when the handshake service returns a consumed
+	// bytes value larger than the buffer that was passed to it originally.
+	errOutOfBound = errors.New("handshaker service consumed bytes value is out-of-bound")
+)
+
+func init() {
+	for protocol, f := range altsRecordFuncs {
+		if err := conn.RegisterProtocol(protocol, f); err != nil {
+			panic(err)
+		}
+	}
+}
+
+// ClientHandshakerOptions contains the client handshaker options that can
+// provided by the caller.
+type ClientHandshakerOptions struct {
+	// ClientIdentity is the handshaker client local identity.
+	ClientIdentity *altspb.Identity
+	// TargetName is the server service account name for secure name
+	// checking.
+	TargetName string
+	// TargetServiceAccounts contains a list of expected target service
+	// accounts. One of these accounts should match one of the accounts in
+	// the handshaker results. Otherwise, the handshake fails.
+	TargetServiceAccounts []string
+	// RPCVersions specifies the gRPC versions accepted by the client.
+	RPCVersions *altspb.RpcProtocolVersions
+}
+
+// ServerHandshakerOptions contains the server handshaker options that can
+// provided by the caller.
+type ServerHandshakerOptions struct {
+	// RPCVersions specifies the gRPC versions accepted by the server.
+	RPCVersions *altspb.RpcProtocolVersions
+}
+
+// DefaultClientHandshakerOptions returns the default client handshaker options.
+func DefaultClientHandshakerOptions() *ClientHandshakerOptions {
+	return &ClientHandshakerOptions{}
+}
+
+// DefaultServerHandshakerOptions returns the default client handshaker options.
+func DefaultServerHandshakerOptions() *ServerHandshakerOptions {
+	return &ServerHandshakerOptions{}
+}
+
+// altsHandshaker is used to complete an ALTS handshake between client and
+// server. This handshaker talks to the ALTS handshaker service in the metadata
+// server.
+type altsHandshaker struct {
+	// RPC stream used to access the ALTS Handshaker service.
+	stream altsgrpc.HandshakerService_DoHandshakeClient
+	// the connection to the peer.
+	conn net.Conn
+	// a virtual connection to the ALTS handshaker service.
+	clientConn *grpc.ClientConn
+	// client handshake options.
+	clientOpts *ClientHandshakerOptions
+	// server handshake options.
+	serverOpts *ServerHandshakerOptions
+	// defines the side doing the handshake, client or server.
+	side core.Side
+}
+
+// NewClientHandshaker creates a core.Handshaker that performs a client-side
+// ALTS handshake by acting as a proxy between the peer and the ALTS handshaker
+// service in the metadata server.
+func NewClientHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, opts *ClientHandshakerOptions) (core.Handshaker, error) {
+	return &altsHandshaker{
+		stream:     nil,
+		conn:       c,
+		clientConn: conn,
+		clientOpts: opts,
+		side:       core.ClientSide,
+	}, nil
+}
+
+// NewServerHandshaker creates a core.Handshaker that performs a server-side
+// ALTS handshake by acting as a proxy between the peer and the ALTS handshaker
+// service in the metadata server.
+func NewServerHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, opts *ServerHandshakerOptions) (core.Handshaker, error) {
+	return &altsHandshaker{
+		stream:     nil,
+		conn:       c,
+		clientConn: conn,
+		serverOpts: opts,
+		side:       core.ServerSide,
+	}, nil
+}
+
+// ClientHandshake starts and completes a client ALTS handshake for GCP. Once
+// done, ClientHandshake returns a secure connection.
+func (h *altsHandshaker) ClientHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error) {
+	if err := clientHandshakes.Acquire(ctx, 1); err != nil {
+		return nil, nil, err
+	}
+	defer clientHandshakes.Release(1)
+
+	if h.side != core.ClientSide {
+		return nil, nil, errors.New("only handshakers created using NewClientHandshaker can perform a client handshaker")
+	}
+
+	// TODO(matthewstevenson88): Change unit tests to use public APIs so
+	// that h.stream can unconditionally be set based on h.clientConn.
+	if h.stream == nil {
+		stream, err := altsgrpc.NewHandshakerServiceClient(h.clientConn).DoHandshake(ctx)
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to establish stream to ALTS handshaker service: %v", err)
+		}
+		h.stream = stream
+	}
+
+	// Create target identities from service account list.
+	targetIdentities := make([]*altspb.Identity, 0, len(h.clientOpts.TargetServiceAccounts))
+	for _, account := range h.clientOpts.TargetServiceAccounts {
+		targetIdentities = append(targetIdentities, &altspb.Identity{
+			IdentityOneof: &altspb.Identity_ServiceAccount{
+				ServiceAccount: account,
+			},
+		})
+	}
+	req := &altspb.HandshakerReq{
+		ReqOneof: &altspb.HandshakerReq_ClientStart{
+			ClientStart: &altspb.StartClientHandshakeReq{
+				HandshakeSecurityProtocol: hsProtocol,
+				ApplicationProtocols:      appProtocols,
+				RecordProtocols:           recordProtocols,
+				TargetIdentities:          targetIdentities,
+				LocalIdentity:             h.clientOpts.ClientIdentity,
+				TargetName:                h.clientOpts.TargetName,
+				RpcVersions:               h.clientOpts.RPCVersions,
+			},
+		},
+	}
+
+	conn, result, err := h.doHandshake(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	authInfo := authinfo.New(result)
+	return conn, authInfo, nil
+}
+
+// ServerHandshake starts and completes a server ALTS handshake for GCP. Once
+// done, ServerHandshake returns a secure connection.
+func (h *altsHandshaker) ServerHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error) {
+	if err := serverHandshakes.Acquire(ctx, 1); err != nil {
+		return nil, nil, err
+	}
+	defer serverHandshakes.Release(1)
+
+	if h.side != core.ServerSide {
+		return nil, nil, errors.New("only handshakers created using NewServerHandshaker can perform a server handshaker")
+	}
+
+	// TODO(matthewstevenson88): Change unit tests to use public APIs so
+	// that h.stream can unconditionally be set based on h.clientConn.
+	if h.stream == nil {
+		stream, err := altsgrpc.NewHandshakerServiceClient(h.clientConn).DoHandshake(ctx)
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to establish stream to ALTS handshaker service: %v", err)
+		}
+		h.stream = stream
+	}
+
+	p := make([]byte, frameLimit)
+	n, err := h.conn.Read(p)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Prepare server parameters.
+	params := make(map[int32]*altspb.ServerHandshakeParameters)
+	params[int32(altspb.HandshakeProtocol_ALTS)] = &altspb.ServerHandshakeParameters{
+		RecordProtocols: recordProtocols,
+	}
+	req := &altspb.HandshakerReq{
+		ReqOneof: &altspb.HandshakerReq_ServerStart{
+			ServerStart: &altspb.StartServerHandshakeReq{
+				ApplicationProtocols: appProtocols,
+				HandshakeParameters:  params,
+				InBytes:              p[:n],
+				RpcVersions:          h.serverOpts.RPCVersions,
+			},
+		},
+	}
+
+	conn, result, err := h.doHandshake(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	authInfo := authinfo.New(result)
+	return conn, authInfo, nil
+}
+
+func (h *altsHandshaker) doHandshake(req *altspb.HandshakerReq) (net.Conn, *altspb.HandshakerResult, error) {
+	resp, err := h.accessHandshakerService(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	// Check of the returned status is an error.
+	if resp.GetStatus() != nil {
+		if got, want := resp.GetStatus().Code, uint32(codes.OK); got != want {
+			return nil, nil, fmt.Errorf("%v", resp.GetStatus().Details)
+		}
+	}
+
+	var extra []byte
+	if req.GetServerStart() != nil {
+		if resp.GetBytesConsumed() > uint32(len(req.GetServerStart().GetInBytes())) {
+			return nil, nil, errOutOfBound
+		}
+		extra = req.GetServerStart().GetInBytes()[resp.GetBytesConsumed():]
+	}
+	result, extra, err := h.processUntilDone(resp, extra)
+	if err != nil {
+		return nil, nil, err
+	}
+	// The handshaker returns a 128 bytes key. It should be truncated based
+	// on the returned record protocol.
+	keyLen, ok := keyLength[result.RecordProtocol]
+	if !ok {
+		return nil, nil, fmt.Errorf("unknown resulted record protocol %v", result.RecordProtocol)
+	}
+	sc, err := conn.NewConn(h.conn, h.side, result.GetRecordProtocol(), result.KeyData[:keyLen], extra)
+	if err != nil {
+		return nil, nil, err
+	}
+	return sc, result, nil
+}
+
+func (h *altsHandshaker) accessHandshakerService(req *altspb.HandshakerReq) (*altspb.HandshakerResp, error) {
+	if err := h.stream.Send(req); err != nil {
+		return nil, err
+	}
+	resp, err := h.stream.Recv()
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// processUntilDone processes the handshake until the handshaker service returns
+// the results. Handshaker service takes care of frame parsing, so we read
+// whatever received from the network and send it to the handshaker service.
+func (h *altsHandshaker) processUntilDone(resp *altspb.HandshakerResp, extra []byte) (*altspb.HandshakerResult, []byte, error) {
+	var lastWriteTime time.Time
+	for {
+		if len(resp.OutFrames) > 0 {
+			lastWriteTime = time.Now()
+			if _, err := h.conn.Write(resp.OutFrames); err != nil {
+				return nil, nil, err
+			}
+		}
+		if resp.Result != nil {
+			return resp.Result, extra, nil
+		}
+		buf := make([]byte, frameLimit)
+		n, err := h.conn.Read(buf)
+		if err != nil && err != io.EOF {
+			return nil, nil, err
+		}
+		// If there is nothing to send to the handshaker service, and
+		// nothing is received from the peer, then we are stuck.
+		// This covers the case when the peer is not responding. Note
+		// that handshaker service connection issues are caught in
+		// accessHandshakerService before we even get here.
+		if len(resp.OutFrames) == 0 && n == 0 {
+			return nil, nil, core.PeerNotRespondingError
+		}
+		// Append extra bytes from the previous interaction with the
+		// handshaker service with the current buffer read from conn.
+		p := append(extra, buf[:n]...)
+		// Compute the time elapsed since the last write to the peer.
+		timeElapsed := time.Since(lastWriteTime)
+		timeElapsedMs := uint32(timeElapsed.Milliseconds())
+		// From here on, p and extra point to the same slice.
+		resp, err = h.accessHandshakerService(&altspb.HandshakerReq{
+			ReqOneof: &altspb.HandshakerReq_Next{
+				Next: &altspb.NextHandshakeMessageReq{
+					InBytes:          p,
+					NetworkLatencyMs: timeElapsedMs,
+				},
+			},
+		})
+		if err != nil {
+			return nil, nil, err
+		}
+		// Set extra based on handshaker service response.
+		if resp.GetBytesConsumed() > uint32(len(p)) {
+			return nil, nil, errOutOfBound
+		}
+		extra = p[resp.GetBytesConsumed():]
+	}
+}
+
+// Close terminates the Handshaker. It should be called when the caller obtains
+// the secure connection.
+func (h *altsHandshaker) Close() {
+	if h.stream != nil {
+		h.stream.CloseSend()
+	}
+}
+
+// ResetConcurrentHandshakeSemaphoreForTesting resets the handshake semaphores
+// to allow numberOfAllowedHandshakes concurrent handshakes each.
+func ResetConcurrentHandshakeSemaphoreForTesting(numberOfAllowedHandshakes int64) {
+	clientHandshakes = semaphore.NewWeighted(numberOfAllowedHandshakes)
+	serverHandshakes = semaphore.NewWeighted(numberOfAllowedHandshakes)
+}

vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go

@@ -0,0 +1,78 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package service manages connections between the VM application and the ALTS
+// handshaker service.
+package service
+
+import (
+	"sync"
+
+	grpc "google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+)
+
+var (
+	// mu guards hsConnMap and hsDialer.
+	mu sync.Mutex
+	// hsConn represents a mapping from a hypervisor handshaker service address
+	// to a corresponding connection to a hypervisor handshaker service
+	// instance.
+	hsConnMap = make(map[string]*grpc.ClientConn)
+	// hsDialer will be reassigned in tests.
+	hsDialer = grpc.Dial
+)
+
+// Dial dials the handshake service in the hypervisor. If a connection has
+// already been established, this function returns it. Otherwise, a new
+// connection is created.
+func Dial(hsAddress string) (*grpc.ClientConn, error) {
+	mu.Lock()
+	defer mu.Unlock()
+
+	hsConn, ok := hsConnMap[hsAddress]
+	if !ok {
+		// Create a new connection to the handshaker service. Note that
+		// this connection stays open until the application is closed.
+		var err error
+		hsConn, err = hsDialer(hsAddress, grpc.WithTransportCredentials(insecure.NewCredentials()))
+		if err != nil {
+			return nil, err
+		}
+		hsConnMap[hsAddress] = hsConn
+	}
+	return hsConn, nil
+}
+
+// CloseForTesting closes all open connections to the handshaker service.
+//
+// For testing purposes only.
+func CloseForTesting() error {
+	for _, hsConn := range hsConnMap {
+		if hsConn == nil {
+			continue
+		}
+		if err := hsConn.Close(); err != nil {
+			return err
+		}
+	}
+
+	// Reset the connection map.
+	hsConnMap = make(map[string]*grpc.ClientConn)
+	return nil
+}

vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go

@@ -0,0 +1,259 @@
+// Copyright 2018 The gRPC Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The canonical version of this proto can be found at
+// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/altscontext.proto
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.33.0
+// 	protoc        v4.25.2
+// source: grpc/gcp/altscontext.proto
+
+package grpc_gcp
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type AltsContext struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The application protocol negotiated for this connection.
+	ApplicationProtocol string `protobuf:"bytes,1,opt,name=application_protocol,json=applicationProtocol,proto3" json:"application_protocol,omitempty"`
+	// The record protocol negotiated for this connection.
+	RecordProtocol string `protobuf:"bytes,2,opt,name=record_protocol,json=recordProtocol,proto3" json:"record_protocol,omitempty"`
+	// The security level of the created secure channel.
+	SecurityLevel SecurityLevel `protobuf:"varint,3,opt,name=security_level,json=securityLevel,proto3,enum=grpc.gcp.SecurityLevel" json:"security_level,omitempty"`
+	// The peer service account.
+	PeerServiceAccount string `protobuf:"bytes,4,opt,name=peer_service_account,json=peerServiceAccount,proto3" json:"peer_service_account,omitempty"`
+	// The local service account.
+	LocalServiceAccount string `protobuf:"bytes,5,opt,name=local_service_account,json=localServiceAccount,proto3" json:"local_service_account,omitempty"`
+	// The RPC protocol versions supported by the peer.
+	PeerRpcVersions *RpcProtocolVersions `protobuf:"bytes,6,opt,name=peer_rpc_versions,json=peerRpcVersions,proto3" json:"peer_rpc_versions,omitempty"`
+	// Additional attributes of the peer.
+	PeerAttributes map[string]string `protobuf:"bytes,7,rep,name=peer_attributes,json=peerAttributes,proto3" json:"peer_attributes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *AltsContext) Reset() {
+	*x = AltsContext{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_grpc_gcp_altscontext_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AltsContext) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AltsContext) ProtoMessage() {}
+
+func (x *AltsContext) ProtoReflect() protoreflect.Message {
+	mi := &file_grpc_gcp_altscontext_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AltsContext.ProtoReflect.Descriptor instead.
+func (*AltsContext) Descriptor() ([]byte, []int) {
+	return file_grpc_gcp_altscontext_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *AltsContext) GetApplicationProtocol() string {
+	if x != nil {
+		return x.ApplicationProtocol
+	}
+	return ""
+}
+
+func (x *AltsContext) GetRecordProtocol() string {
+	if x != nil {
+		return x.RecordProtocol
+	}
+	return ""
+}
+
+func (x *AltsContext) GetSecurityLevel() SecurityLevel {
+	if x != nil {
+		return x.SecurityLevel
+	}
+	return SecurityLevel_SECURITY_NONE
+}
+
+func (x *AltsContext) GetPeerServiceAccount() string {
+	if x != nil {
+		return x.PeerServiceAccount
+	}
+	return ""
+}
+
+func (x *AltsContext) GetLocalServiceAccount() string {
+	if x != nil {
+		return x.LocalServiceAccount
+	}
+	return ""
+}
+
+func (x *AltsContext) GetPeerRpcVersions() *RpcProtocolVersions {
+	if x != nil {
+		return x.PeerRpcVersions
+	}
+	return nil
+}
+
+func (x *AltsContext) GetPeerAttributes() map[string]string {
+	if x != nil {
+		return x.PeerAttributes
+	}
+	return nil
+}
+
+var File_grpc_gcp_altscontext_proto protoreflect.FileDescriptor
+
+var file_grpc_gcp_altscontext_proto_rawDesc = []byte{
+	0x0a, 0x1a, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x67, 0x63, 0x70, 0x2f, 0x61, 0x6c, 0x74, 0x73, 0x63,
+	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x67, 0x72,
+	0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x1a, 0x28, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x67, 0x63, 0x70,
+	0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72,
+	0x69, 0x74, 0x79, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x22, 0xf1, 0x03, 0x0a, 0x0b, 0x41, 0x6c, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74,
+	0x12, 0x31, 0x0a, 0x14, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13,
+	0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x63, 0x6f, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x5f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65,
+	0x63, 0x6f, 0x72, 0x64, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x3e, 0x0a, 0x0e,
+	0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x17, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e,
+	0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0d, 0x73,
+	0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x30, 0x0a, 0x14,
+	0x70, 0x65, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63,
+	0x6f, 0x75, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x65, 0x65, 0x72,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x32,
+	0x0a, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f,
+	0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x12, 0x49, 0x0a, 0x11, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x72, 0x70, 0x63, 0x5f, 0x76,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e,
+	0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x52, 0x70, 0x63, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0f, 0x70, 0x65,
+	0x65, 0x72, 0x52, 0x70, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x52, 0x0a,
+	0x0f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73,
+	0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63,
+	0x70, 0x2e, 0x41, 0x6c, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x50, 0x65,
+	0x65, 0x72, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x52, 0x0e, 0x70, 0x65, 0x65, 0x72, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65,
+	0x73, 0x1a, 0x41, 0x0a, 0x13, 0x50, 0x65, 0x65, 0x72, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75,
+	0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x3a, 0x02, 0x38, 0x01, 0x42, 0x6c, 0x0a, 0x15, 0x69, 0x6f, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e,
+	0x61, 0x6c, 0x74, 0x73, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x42, 0x10, 0x41,
+	0x6c, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+	0x01, 0x5a, 0x3f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67,
+	0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x61, 0x6c, 0x73, 0x2f, 0x61, 0x6c, 0x74, 0x73, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x67,
+	0x63, 0x70, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_grpc_gcp_altscontext_proto_rawDescOnce sync.Once
+	file_grpc_gcp_altscontext_proto_rawDescData = file_grpc_gcp_altscontext_proto_rawDesc
+)
+
+func file_grpc_gcp_altscontext_proto_rawDescGZIP() []byte {
+	file_grpc_gcp_altscontext_proto_rawDescOnce.Do(func() {
+		file_grpc_gcp_altscontext_proto_rawDescData = protoimpl.X.CompressGZIP(file_grpc_gcp_altscontext_proto_rawDescData)
+	})
+	return file_grpc_gcp_altscontext_proto_rawDescData
+}
+
+var file_grpc_gcp_altscontext_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_grpc_gcp_altscontext_proto_goTypes = []interface{}{
+	(*AltsContext)(nil),         // 0: grpc.gcp.AltsContext
+	nil,                         // 1: grpc.gcp.AltsContext.PeerAttributesEntry
+	(SecurityLevel)(0),          // 2: grpc.gcp.SecurityLevel
+	(*RpcProtocolVersions)(nil), // 3: grpc.gcp.RpcProtocolVersions
+}
+var file_grpc_gcp_altscontext_proto_depIdxs = []int32{
+	2, // 0: grpc.gcp.AltsContext.security_level:type_name -> grpc.gcp.SecurityLevel
+	3, // 1: grpc.gcp.AltsContext.peer_rpc_versions:type_name -> grpc.gcp.RpcProtocolVersions
+	1, // 2: grpc.gcp.AltsContext.peer_attributes:type_name -> grpc.gcp.AltsContext.PeerAttributesEntry
+	3, // [3:3] is the sub-list for method output_type
+	3, // [3:3] is the sub-list for method input_type
+	3, // [3:3] is the sub-list for extension type_name
+	3, // [3:3] is the sub-list for extension extendee
+	0, // [0:3] is the sub-list for field type_name
+}
+
+func init() { file_grpc_gcp_altscontext_proto_init() }
+func file_grpc_gcp_altscontext_proto_init() {
+	if File_grpc_gcp_altscontext_proto != nil {
+		return
+	}
+	file_grpc_gcp_transport_security_common_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_grpc_gcp_altscontext_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AltsContext); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_grpc_gcp_altscontext_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_grpc_gcp_altscontext_proto_goTypes,
+		DependencyIndexes: file_grpc_gcp_altscontext_proto_depIdxs,
+		MessageInfos:      file_grpc_gcp_altscontext_proto_msgTypes,
+	}.Build()
+	File_grpc_gcp_altscontext_proto = out.File
+	file_grpc_gcp_altscontext_proto_rawDesc = nil
+	file_grpc_gcp_altscontext_proto_goTypes = nil
+	file_grpc_gcp_altscontext_proto_depIdxs = nil
+}

vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker_grpc.pb.go

@@ -0,0 +1,133 @@
+// Copyright 2018 The gRPC Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The canonical version of this proto can be found at
+// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/handshaker.proto
+
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             v4.25.2
+// source: grpc/gcp/handshaker.proto
+
+package grpc_gcp
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	HandshakerService_DoHandshake_FullMethodName = "/grpc.gcp.HandshakerService/DoHandshake"
+)
+
+// HandshakerServiceClient is the client API for HandshakerService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type HandshakerServiceClient interface {
+	// Handshaker service accepts a stream of handshaker request, returning a
+	// stream of handshaker response. Client is expected to send exactly one
+	// message with either client_start or server_start followed by one or more
+	// messages with next. Each time client sends a request, the handshaker
+	// service expects to respond. Client does not have to wait for service's
+	// response before sending next request.
+	DoHandshake(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[HandshakerReq, HandshakerResp], error)
+}
+
+type handshakerServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewHandshakerServiceClient(cc grpc.ClientConnInterface) HandshakerServiceClient {
+	return &handshakerServiceClient{cc}
+}
+
+func (c *handshakerServiceClient) DoHandshake(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[HandshakerReq, HandshakerResp], error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	stream, err := c.cc.NewStream(ctx, &HandshakerService_ServiceDesc.Streams[0], HandshakerService_DoHandshake_FullMethodName, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &grpc.GenericClientStream[HandshakerReq, HandshakerResp]{ClientStream: stream}
+	return x, nil
+}
+
+// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name.
+type HandshakerService_DoHandshakeClient = grpc.BidiStreamingClient[HandshakerReq, HandshakerResp]
+
+// HandshakerServiceServer is the server API for HandshakerService service.
+// All implementations must embed UnimplementedHandshakerServiceServer
+// for forward compatibility
+type HandshakerServiceServer interface {
+	// Handshaker service accepts a stream of handshaker request, returning a
+	// stream of handshaker response. Client is expected to send exactly one
+	// message with either client_start or server_start followed by one or more
+	// messages with next. Each time client sends a request, the handshaker
+	// service expects to respond. Client does not have to wait for service's
+	// response before sending next request.
+	DoHandshake(grpc.BidiStreamingServer[HandshakerReq, HandshakerResp]) error
+	mustEmbedUnimplementedHandshakerServiceServer()
+}
+
+// UnimplementedHandshakerServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedHandshakerServiceServer struct {
+}
+
+func (UnimplementedHandshakerServiceServer) DoHandshake(grpc.BidiStreamingServer[HandshakerReq, HandshakerResp]) error {
+	return status.Errorf(codes.Unimplemented, "method DoHandshake not implemented")
+}
+func (UnimplementedHandshakerServiceServer) mustEmbedUnimplementedHandshakerServiceServer() {}
+
+// UnsafeHandshakerServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to HandshakerServiceServer will
+// result in compilation errors.
+type UnsafeHandshakerServiceServer interface {
+	mustEmbedUnimplementedHandshakerServiceServer()
+}
+
+func RegisterHandshakerServiceServer(s grpc.ServiceRegistrar, srv HandshakerServiceServer) {
+	s.RegisterService(&HandshakerService_ServiceDesc, srv)
+}
+
+func _HandshakerService_DoHandshake_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(HandshakerServiceServer).DoHandshake(&grpc.GenericServerStream[HandshakerReq, HandshakerResp]{ServerStream: stream})
+}
+
+// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name.
+type HandshakerService_DoHandshakeServer = grpc.BidiStreamingServer[HandshakerReq, HandshakerResp]
+
+// HandshakerService_ServiceDesc is the grpc.ServiceDesc for HandshakerService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var HandshakerService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "grpc.gcp.HandshakerService",
+	HandlerType: (*HandshakerServiceServer)(nil),
+	Methods:     []grpc.MethodDesc{},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "DoHandshake",
+			Handler:       _HandshakerService_DoHandshake_Handler,
+			ServerStreams: true,
+			ClientStreams: true,
+		},
+	},
+	Metadata: "grpc/gcp/handshaker.proto",
+}

vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go

@@ -0,0 +1,321 @@
+// Copyright 2018 The gRPC Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The canonical version of this proto can be found at
+// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/transport_security_common.proto
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.33.0
+// 	protoc        v4.25.2
+// source: grpc/gcp/transport_security_common.proto
+
+package grpc_gcp
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The security level of the created channel. The list is sorted in increasing
+// level of security. This order must always be maintained.
+type SecurityLevel int32
+
+const (
+	SecurityLevel_SECURITY_NONE         SecurityLevel = 0
+	SecurityLevel_INTEGRITY_ONLY        SecurityLevel = 1
+	SecurityLevel_INTEGRITY_AND_PRIVACY SecurityLevel = 2
+)
+
+// Enum value maps for SecurityLevel.
+var (
+	SecurityLevel_name = map[int32]string{
+		0: "SECURITY_NONE",
+		1: "INTEGRITY_ONLY",
+		2: "INTEGRITY_AND_PRIVACY",
+	}
+	SecurityLevel_value = map[string]int32{
+		"SECURITY_NONE":         0,
+		"INTEGRITY_ONLY":        1,
+		"INTEGRITY_AND_PRIVACY": 2,
+	}
+)
+
+func (x SecurityLevel) Enum() *SecurityLevel {
+	p := new(SecurityLevel)
+	*p = x
+	return p
+}
+
+func (x SecurityLevel) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (SecurityLevel) Descriptor() protoreflect.EnumDescriptor {
+	return file_grpc_gcp_transport_security_common_proto_enumTypes[0].Descriptor()
+}
+
+func (SecurityLevel) Type() protoreflect.EnumType {
+	return &file_grpc_gcp_transport_security_common_proto_enumTypes[0]
+}
+
+func (x SecurityLevel) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use SecurityLevel.Descriptor instead.
+func (SecurityLevel) EnumDescriptor() ([]byte, []int) {
+	return file_grpc_gcp_transport_security_common_proto_rawDescGZIP(), []int{0}
+}
+
+// Max and min supported RPC protocol versions.
+type RpcProtocolVersions struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Maximum supported RPC version.
+	MaxRpcVersion *RpcProtocolVersions_Version `protobuf:"bytes,1,opt,name=max_rpc_version,json=maxRpcVersion,proto3" json:"max_rpc_version,omitempty"`
+	// Minimum supported RPC version.
+	MinRpcVersion *RpcProtocolVersions_Version `protobuf:"bytes,2,opt,name=min_rpc_version,json=minRpcVersion,proto3" json:"min_rpc_version,omitempty"`
+}
+
+func (x *RpcProtocolVersions) Reset() {
+	*x = RpcProtocolVersions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_grpc_gcp_transport_security_common_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RpcProtocolVersions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RpcProtocolVersions) ProtoMessage() {}
+
+func (x *RpcProtocolVersions) ProtoReflect() protoreflect.Message {
+	mi := &file_grpc_gcp_transport_security_common_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RpcProtocolVersions.ProtoReflect.Descriptor instead.
+func (*RpcProtocolVersions) Descriptor() ([]byte, []int) {
+	return file_grpc_gcp_transport_security_common_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *RpcProtocolVersions) GetMaxRpcVersion() *RpcProtocolVersions_Version {
+	if x != nil {
+		return x.MaxRpcVersion
+	}
+	return nil
+}
+
+func (x *RpcProtocolVersions) GetMinRpcVersion() *RpcProtocolVersions_Version {
+	if x != nil {
+		return x.MinRpcVersion
+	}
+	return nil
+}
+
+// RPC version contains a major version and a minor version.
+type RpcProtocolVersions_Version struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Major uint32 `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"`
+	Minor uint32 `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"`
+}
+
+func (x *RpcProtocolVersions_Version) Reset() {
+	*x = RpcProtocolVersions_Version{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_grpc_gcp_transport_security_common_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RpcProtocolVersions_Version) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RpcProtocolVersions_Version) ProtoMessage() {}
+
+func (x *RpcProtocolVersions_Version) ProtoReflect() protoreflect.Message {
+	mi := &file_grpc_gcp_transport_security_common_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RpcProtocolVersions_Version.ProtoReflect.Descriptor instead.
+func (*RpcProtocolVersions_Version) Descriptor() ([]byte, []int) {
+	return file_grpc_gcp_transport_security_common_proto_rawDescGZIP(), []int{0, 0}
+}
+
+func (x *RpcProtocolVersions_Version) GetMajor() uint32 {
+	if x != nil {
+		return x.Major
+	}
+	return 0
+}
+
+func (x *RpcProtocolVersions_Version) GetMinor() uint32 {
+	if x != nil {
+		return x.Minor
+	}
+	return 0
+}
+
+var File_grpc_gcp_transport_security_common_proto protoreflect.FileDescriptor
+
+var file_grpc_gcp_transport_security_common_proto_rawDesc = []byte{
+	0x0a, 0x28, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x67, 0x63, 0x70, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73,
+	0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x63, 0x6f,
+	0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x67, 0x72, 0x70, 0x63,
+	0x2e, 0x67, 0x63, 0x70, 0x22, 0xea, 0x01, 0x0a, 0x13, 0x52, 0x70, 0x63, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4d, 0x0a, 0x0f,
+	0x6d, 0x61, 0x78, 0x5f, 0x72, 0x70, 0x63, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70,
+	0x2e, 0x52, 0x70, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x61,
+	0x78, 0x52, 0x70, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x4d, 0x0a, 0x0f, 0x6d,
+	0x69, 0x6e, 0x5f, 0x72, 0x70, 0x63, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e,
+	0x52, 0x70, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x73, 0x2e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x69, 0x6e,
+	0x52, 0x70, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x1a, 0x35, 0x0a, 0x07, 0x56, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x6d,
+	0x69, 0x6e, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x69, 0x6e, 0x6f,
+	0x72, 0x2a, 0x51, 0x0a, 0x0d, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x4c, 0x65, 0x76,
+	0x65, 0x6c, 0x12, 0x11, 0x0a, 0x0d, 0x53, 0x45, 0x43, 0x55, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x4e,
+	0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x49,
+	0x54, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x49, 0x4e, 0x54,
+	0x45, 0x47, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x50, 0x52, 0x49, 0x56, 0x41,
+	0x43, 0x59, 0x10, 0x02, 0x42, 0x78, 0x0a, 0x15, 0x69, 0x6f, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e,
+	0x61, 0x6c, 0x74, 0x73, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x42, 0x1c, 0x54,
+	0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
+	0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3f, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67,
+	0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c,
+	0x73, 0x2f, 0x61, 0x6c, 0x74, 0x73, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x67, 0x63, 0x70, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_grpc_gcp_transport_security_common_proto_rawDescOnce sync.Once
+	file_grpc_gcp_transport_security_common_proto_rawDescData = file_grpc_gcp_transport_security_common_proto_rawDesc
+)
+
+func file_grpc_gcp_transport_security_common_proto_rawDescGZIP() []byte {
+	file_grpc_gcp_transport_security_common_proto_rawDescOnce.Do(func() {
+		file_grpc_gcp_transport_security_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_grpc_gcp_transport_security_common_proto_rawDescData)
+	})
+	return file_grpc_gcp_transport_security_common_proto_rawDescData
+}
+
+var file_grpc_gcp_transport_security_common_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_grpc_gcp_transport_security_common_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_grpc_gcp_transport_security_common_proto_goTypes = []interface{}{
+	(SecurityLevel)(0),                  // 0: grpc.gcp.SecurityLevel
+	(*RpcProtocolVersions)(nil),         // 1: grpc.gcp.RpcProtocolVersions
+	(*RpcProtocolVersions_Version)(nil), // 2: grpc.gcp.RpcProtocolVersions.Version
+}
+var file_grpc_gcp_transport_security_common_proto_depIdxs = []int32{
+	2, // 0: grpc.gcp.RpcProtocolVersions.max_rpc_version:type_name -> grpc.gcp.RpcProtocolVersions.Version
+	2, // 1: grpc.gcp.RpcProtocolVersions.min_rpc_version:type_name -> grpc.gcp.RpcProtocolVersions.Version
+	2, // [2:2] is the sub-list for method output_type
+	2, // [2:2] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	2, // [2:2] is the sub-list for extension extendee
+	0, // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_grpc_gcp_transport_security_common_proto_init() }
+func file_grpc_gcp_transport_security_common_proto_init() {
+	if File_grpc_gcp_transport_security_common_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_grpc_gcp_transport_security_common_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RpcProtocolVersions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_grpc_gcp_transport_security_common_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RpcProtocolVersions_Version); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_grpc_gcp_transport_security_common_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_grpc_gcp_transport_security_common_proto_goTypes,
+		DependencyIndexes: file_grpc_gcp_transport_security_common_proto_depIdxs,
+		EnumInfos:         file_grpc_gcp_transport_security_common_proto_enumTypes,
+		MessageInfos:      file_grpc_gcp_transport_security_common_proto_msgTypes,
+	}.Build()
+	File_grpc_gcp_transport_security_common_proto = out.File
+	file_grpc_gcp_transport_security_common_proto_rawDesc = nil
+	file_grpc_gcp_transport_security_common_proto_goTypes = nil
+	file_grpc_gcp_transport_security_common_proto_depIdxs = nil
+}