diff --git a/docs/grpc/index.html b/docs/grpc/index.html
index 5d2dd2888a..ab2d2869e8 100644
--- a/docs/grpc/index.html
+++ b/docs/grpc/index.html
@@ -4027,6 +4027,12 @@ Algorithm
|
+
+ | ALGORITHM_HPQT_XWING |
+ 6 |
+ |
+
+
@@ -4138,6 +4144,12 @@ KasPublicKeyAlgEnum
|
+
+ | KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING |
+ 10 |
+ |
+
+
@@ -6276,7 +6288,7 @@ KeyAccess
|
Type of key wrapping used for the data encryption key
Required: Always
-Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped) |
+Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped), 'hybrid-wrapped' (experimental X-Wing-wrapped)
@@ -6333,7 +6345,7 @@ KeyAccess
|
Ephemeral public key for ECDH key derivation (ec-wrapped type only)
Required: When key_type="ec-wrapped" (experimental ECDH-based ZTDF)
-Omitted: When key_type="wrapped" (RSA-based ZTDF)
+Omitted: When key_type="wrapped" or key_type="hybrid-wrapped"
Should be a PEM-encoded PKCS#8 (ASN.1) formatted public key
Used to derive the symmetric key for unwrapping the DEK |
@@ -6661,7 +6673,7 @@ RewrapResponse
|
KAS's ephemeral session public key in PEM format
Required: For EC-based operations (key_type="ec-wrapped")
-Optional: Empty for RSA-based ZTDF (key_type="wrapped")
+Optional: Empty for RSA-based or X-Wing-based ZTDF (key_type="wrapped" or key_type="hybrid-wrapped")
Used by client to perform ECDH key agreement and decrypt the kas_wrapped_key values |
diff --git a/docs/openapi/authorization/authorization.openapi.yaml b/docs/openapi/authorization/authorization.openapi.yaml
index 1938f339fe..d05ad386eb 100644
--- a/docs/openapi/authorization/authorization.openapi.yaml
+++ b/docs/openapi/authorization/authorization.openapi.yaml
@@ -341,6 +341,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.KasPublicKeyAlgEnum:
type: string
@@ -352,6 +353,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.SourceType:
type: string
title: SourceType
diff --git a/docs/openapi/authorization/v2/authorization.openapi.yaml b/docs/openapi/authorization/v2/authorization.openapi.yaml
index 0f4f92d55f..d39556c944 100644
--- a/docs/openapi/authorization/v2/authorization.openapi.yaml
+++ b/docs/openapi/authorization/v2/authorization.openapi.yaml
@@ -175,6 +175,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.KasPublicKeyAlgEnum:
type: string
@@ -186,6 +187,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.SourceType:
type: string
title: SourceType
diff --git a/docs/openapi/kas/kas.openapi.yaml b/docs/openapi/kas/kas.openapi.yaml
index b9e18aa899..26c48e22ae 100644
--- a/docs/openapi/kas/kas.openapi.yaml
+++ b/docs/openapi/kas/kas.openapi.yaml
@@ -214,7 +214,7 @@ components:
description: |-
Type of key wrapping used for the data encryption key
Required: Always
- Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped)
+ Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped), 'hybrid-wrapped' (experimental X-Wing-wrapped)
url:
type: string
title: kas_url
@@ -261,7 +261,7 @@ components:
description: |-
Ephemeral public key for ECDH key derivation (ec-wrapped type only)
Required: When key_type="ec-wrapped" (experimental ECDH-based ZTDF)
- Omitted: When key_type="wrapped" (RSA-based ZTDF)
+ Omitted: When key_type="wrapped" or key_type="hybrid-wrapped"
Should be a PEM-encoded PKCS#8 (ASN.1) formatted public key
Used to derive the symmetric key for unwrapping the DEK
title: KeyAccess
@@ -451,7 +451,7 @@ components:
description: |-
KAS's ephemeral session public key in PEM format
Required: For EC-based operations (key_type="ec-wrapped")
- Optional: Empty for RSA-based ZTDF (key_type="wrapped")
+ Optional: Empty for RSA-based or X-Wing-based ZTDF (key_type="wrapped" or key_type="hybrid-wrapped")
Used by client to perform ECDH key agreement and decrypt the kas_wrapped_key values
schemaVersion:
type: string
diff --git a/docs/openapi/policy/actions/actions.openapi.yaml b/docs/openapi/policy/actions/actions.openapi.yaml
index ec633192ae..9b7aeb5f1d 100644
--- a/docs/openapi/policy/actions/actions.openapi.yaml
+++ b/docs/openapi/policy/actions/actions.openapi.yaml
@@ -203,6 +203,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.AttributeRuleTypeEnum:
type: string
@@ -229,6 +230,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.SourceType:
type: string
title: SourceType
diff --git a/docs/openapi/policy/attributes/attributes.openapi.yaml b/docs/openapi/policy/attributes/attributes.openapi.yaml
index 4ace6604af..1561e91fbe 100644
--- a/docs/openapi/policy/attributes/attributes.openapi.yaml
+++ b/docs/openapi/policy/attributes/attributes.openapi.yaml
@@ -724,6 +724,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.AttributeRuleTypeEnum:
type: string
@@ -750,6 +751,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.SourceType:
type: string
title: SourceType
diff --git a/docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml b/docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml
index 9cdc346918..f6d6d8413e 100644
--- a/docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml
+++ b/docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml
@@ -534,6 +534,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.KasPublicKeyAlgEnum:
type: string
@@ -545,6 +546,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.KeyMode:
type: string
title: KeyMode
@@ -1147,7 +1149,7 @@ components:
Required The algorithm to be used for the key
The key_algorithm must be one of the defined values.:
```
- this in [1, 2, 3, 4, 5]
+ this in [1, 2, 3, 4, 5, 6]
```
$ref: '#/components/schemas/policy.Algorithm'
@@ -1670,7 +1672,7 @@ components:
Filter keys by algorithm
The key_algorithm must be one of the defined values.:
```
- this in [0, 1, 2, 3, 4, 5]
+ this in [0, 1, 2, 3, 4, 5, 6]
```
$ref: '#/components/schemas/policy.Algorithm'
@@ -1932,7 +1934,7 @@ components:
Required
The key_algorithm must be one of the defined values.:
```
- this in [1, 2, 3, 4, 5]
+ this in [1, 2, 3, 4, 5, 6]
```
$ref: '#/components/schemas/policy.Algorithm'
diff --git a/docs/openapi/policy/namespaces/namespaces.openapi.yaml b/docs/openapi/policy/namespaces/namespaces.openapi.yaml
index 4a5b7e35cb..5bcf99f9ea 100644
--- a/docs/openapi/policy/namespaces/namespaces.openapi.yaml
+++ b/docs/openapi/policy/namespaces/namespaces.openapi.yaml
@@ -353,6 +353,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.KasPublicKeyAlgEnum:
type: string
@@ -364,6 +365,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.SortDirection:
type: string
title: SortDirection
diff --git a/docs/openapi/policy/objects.openapi.yaml b/docs/openapi/policy/objects.openapi.yaml
index 917017b1a0..77dc31b335 100644
--- a/docs/openapi/policy/objects.openapi.yaml
+++ b/docs/openapi/policy/objects.openapi.yaml
@@ -21,6 +21,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.AttributeRuleTypeEnum:
type: string
@@ -47,6 +48,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.KeyMode:
type: string
title: KeyMode
diff --git a/docs/openapi/policy/obligations/obligations.openapi.yaml b/docs/openapi/policy/obligations/obligations.openapi.yaml
index dbe62f43ca..108772fdb8 100644
--- a/docs/openapi/policy/obligations/obligations.openapi.yaml
+++ b/docs/openapi/policy/obligations/obligations.openapi.yaml
@@ -518,6 +518,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.AttributeRuleTypeEnum:
type: string
@@ -544,6 +545,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.SourceType:
type: string
title: SourceType
diff --git a/docs/openapi/policy/registeredresources/registered_resources.openapi.yaml b/docs/openapi/policy/registeredresources/registered_resources.openapi.yaml
index 97b2d07814..8fa2199283 100644
--- a/docs/openapi/policy/registeredresources/registered_resources.openapi.yaml
+++ b/docs/openapi/policy/registeredresources/registered_resources.openapi.yaml
@@ -413,6 +413,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.AttributeRuleTypeEnum:
type: string
@@ -439,6 +440,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.SourceType:
type: string
title: SourceType
diff --git a/docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml b/docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml
index c768b805c0..039affad4c 100644
--- a/docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml
+++ b/docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml
@@ -413,6 +413,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.AttributeRuleTypeEnum:
type: string
@@ -439,6 +440,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.SourceType:
type: string
title: SourceType
diff --git a/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml b/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
index ec2033a9c1..5315d13944 100644
--- a/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
+++ b/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
@@ -449,6 +449,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.AttributeRuleTypeEnum:
type: string
@@ -475,6 +476,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.SourceType:
type: string
title: SourceType
diff --git a/docs/openapi/policy/unsafe/unsafe.openapi.yaml b/docs/openapi/policy/unsafe/unsafe.openapi.yaml
index f52e95b427..b20949f171 100644
--- a/docs/openapi/policy/unsafe/unsafe.openapi.yaml
+++ b/docs/openapi/policy/unsafe/unsafe.openapi.yaml
@@ -387,6 +387,7 @@ components:
- ALGORITHM_EC_P256
- ALGORITHM_EC_P384
- ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
description: Supported key algorithms.
policy.AttributeRuleTypeEnum:
type: string
@@ -413,6 +414,7 @@ components:
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
- KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
policy.KeyMode:
type: string
title: KeyMode
diff --git a/lib/ocrypto/asym_decryption.go b/lib/ocrypto/asym_decryption.go
index 426f859723..aca010df53 100644
--- a/lib/ocrypto/asym_decryption.go
+++ b/lib/ocrypto/asym_decryption.go
@@ -43,6 +43,12 @@ func FromPrivatePEMWithSalt(privateKeyInPem string, salt, info []byte) (PrivateK
if block == nil {
return AsymDecryption{}, errors.New("failed to parse PEM formatted private key")
}
+ if block.Type == PEMBlockXWingPrivateKey {
+ return NewSaltedXWingDecryptor(block.Bytes, salt, info)
+ }
+ if params, ok := hybridParamsFromPrivatePEMType(block.Type); ok {
+ return newSaltedHybridECMLKEMDecryptor(params, block.Bytes, salt, info)
+ }
priv, err := x509.ParsePKCS8PrivateKey(block.Bytes)
switch {
diff --git a/lib/ocrypto/asym_encryption.go b/lib/ocrypto/asym_encryption.go
index c44aa64cce..cb4bc01a3e 100644
--- a/lib/ocrypto/asym_encryption.go
+++ b/lib/ocrypto/asym_encryption.go
@@ -23,8 +23,9 @@ import (
type SchemeType string
const (
- RSA SchemeType = "wrapped"
- EC SchemeType = "ec-wrapped"
+ RSA SchemeType = "wrapped"
+ EC SchemeType = "ec-wrapped"
+ Hybrid SchemeType = "hybrid-wrapped"
)
type PublicKeyEncryptor interface {
@@ -69,6 +70,17 @@ func FromPublicPEM(publicKeyInPem string) (PublicKeyEncryptor, error) {
}
func FromPublicPEMWithSalt(publicKeyInPem string, salt, info []byte) (PublicKeyEncryptor, error) {
+ block, _ := pem.Decode([]byte(publicKeyInPem))
+ if block == nil {
+ return nil, errors.New("failed to parse PEM formatted public key")
+ }
+ if block.Type == PEMBlockXWingPublicKey {
+ return NewXWingEncryptor(block.Bytes, salt, info)
+ }
+ if params, ok := hybridParamsFromPublicPEMType(block.Type); ok {
+ return newHybridECMLKEMEncryptor(params, block.Bytes, salt, info)
+ }
+
pub, err := getPublicPart(publicKeyInPem)
if err != nil {
return nil, err
diff --git a/lib/ocrypto/ec_key_pair.go b/lib/ocrypto/ec_key_pair.go
index f9a9554d4f..7651c93c8f 100644
--- a/lib/ocrypto/ec_key_pair.go
+++ b/lib/ocrypto/ec_key_pair.go
@@ -22,11 +22,14 @@ type ECCMode uint8
type KeyType string
const (
- RSA2048Key KeyType = "rsa:2048"
- RSA4096Key KeyType = "rsa:4096"
- EC256Key KeyType = "ec:secp256r1"
- EC384Key KeyType = "ec:secp384r1"
- EC521Key KeyType = "ec:secp521r1"
+ RSA2048Key KeyType = "rsa:2048"
+ RSA4096Key KeyType = "rsa:4096"
+ EC256Key KeyType = "ec:secp256r1"
+ EC384Key KeyType = "ec:secp384r1"
+ EC521Key KeyType = "ec:secp521r1"
+ HybridXWingKey KeyType = "hpqt:xwing"
+ HybridSecp256r1MLKEM768Key KeyType = "hpqt:secp256r1-mlkem768"
+ HybridSecp384r1MLKEM1024Key KeyType = "hpqt:secp384r1-mlkem1024"
)
const (
@@ -64,6 +67,12 @@ func NewKeyPair(kt KeyType) (KeyPair, error) {
return nil, err
}
return NewECKeyPair(mode)
+ case HybridXWingKey:
+ return NewXWingKeyPair()
+ case HybridSecp256r1MLKEM768Key:
+ return NewP256MLKEM768KeyPair()
+ case HybridSecp384r1MLKEM1024Key:
+ return NewP384MLKEM1024KeyPair()
default:
return nil, fmt.Errorf("unsupported key type: %v", kt)
}
@@ -91,6 +100,15 @@ func IsRSAKeyType(kt KeyType) bool {
}
}
+func IsHybridKeyType(kt KeyType) bool {
+ switch kt { //nolint:exhaustive // only handle hybrid types
+ case HybridXWingKey, HybridSecp256r1MLKEM768Key, HybridSecp384r1MLKEM1024Key:
+ return true
+ default:
+ return false
+ }
+}
+
// GetECCurveFromECCMode return elliptic curve from ecc mode
func GetECCurveFromECCMode(mode ECCMode) (elliptic.Curve, error) {
var c elliptic.Curve
diff --git a/lib/ocrypto/go.mod b/lib/ocrypto/go.mod
index 8328aa0e4c..1fafd3a069 100644
--- a/lib/ocrypto/go.mod
+++ b/lib/ocrypto/go.mod
@@ -5,6 +5,7 @@ go 1.25.0
toolchain go1.25.8
require (
+ github.com/cloudflare/circl v1.6.3
github.com/stretchr/testify v1.10.0
golang.org/x/crypto v0.45.0
)
@@ -14,6 +15,7 @@ require (
github.com/kr/pretty v0.3.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
+ golang.org/x/sys v0.38.0 // indirect
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
diff --git a/lib/ocrypto/go.sum b/lib/ocrypto/go.sum
index 63574bef4b..0388adaa2d 100644
--- a/lib/ocrypto/go.sum
+++ b/lib/ocrypto/go.sum
@@ -1,3 +1,5 @@
+github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=
+github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -18,6 +20,8 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
diff --git a/lib/ocrypto/hybrid_nist.go b/lib/ocrypto/hybrid_nist.go
new file mode 100644
index 0000000000..fd35bc5748
--- /dev/null
+++ b/lib/ocrypto/hybrid_nist.go
@@ -0,0 +1,449 @@
+package ocrypto
+
+import (
+ "crypto/ecdh"
+ "crypto/rand"
+ "crypto/sha256"
+ "encoding/asn1"
+ "fmt"
+ "io"
+
+ "github.com/cloudflare/circl/kem"
+ "github.com/cloudflare/circl/kem/mlkem/mlkem1024"
+ "github.com/cloudflare/circl/kem/mlkem/mlkem768"
+ "golang.org/x/crypto/hkdf"
+)
+
+const (
+ P256PrivateScalarSize = 32
+ P256PublicPointSize = 65
+ P384PrivateScalarSize = 48
+ P384PublicPointSize = 97
+ AES256KeySize = 32
+
+ P256MLKEM768PrivateKeySize = P256PrivateScalarSize + mlkem768.PrivateKeySize
+ P256MLKEM768PublicKeySize = P256PublicPointSize + mlkem768.PublicKeySize
+ P256MLKEM768CiphertextSize = P256PublicPointSize + mlkem768.CiphertextSize
+ P256MLKEM768SharedKeySize = P256PrivateScalarSize + mlkem768.SharedKeySize
+ P384MLKEM1024PrivateKeySize = P384PrivateScalarSize + mlkem1024.PrivateKeySize
+ P384MLKEM1024PublicKeySize = P384PublicPointSize + mlkem1024.PublicKeySize
+ P384MLKEM1024CiphertextSize = P384PublicPointSize + mlkem1024.CiphertextSize
+ P384MLKEM1024SharedKeySize = P384PrivateScalarSize + mlkem1024.SharedKeySize
+
+ PEMBlockP256MLKEM768PublicKey = "SECP256R1 MLKEM768 PUBLIC KEY"
+ PEMBlockP256MLKEM768PrivateKey = "SECP256R1 MLKEM768 PRIVATE KEY"
+ PEMBlockP384MLKEM1024PublicKey = "SECP384R1 MLKEM1024 PUBLIC KEY"
+ PEMBlockP384MLKEM1024PrivateKey = "SECP384R1 MLKEM1024 PRIVATE KEY"
+)
+
+type HybridWrappedKey struct {
+ HybridCiphertext []byte `asn1:"tag:0"`
+ EncryptedDEK []byte `asn1:"tag:1"`
+}
+
+type hybridECMLKEMParams struct {
+ name string
+ keyType KeyType
+ curve ecdh.Curve
+ ecPrivateSize int
+ ecPublicSize int
+ publicKeySize int
+ privateKeySize int
+ ciphertextSize int
+ sharedKeySize int
+ publicPEMType string
+ privatePEMType string
+ mlkemScheme kem.Scheme
+}
+
+type HybridECMLKEMKeyPair struct {
+ params hybridECMLKEMParams
+ publicKey []byte
+ privateKey []byte
+}
+
+type HybridECMLKEMEncryptor struct {
+ params hybridECMLKEMParams
+ publicKey []byte
+ salt []byte
+ info []byte
+}
+
+type HybridECMLKEMDecryptor struct {
+ params hybridECMLKEMParams
+ privateKey []byte
+ salt []byte
+ info []byte
+}
+
+var (
+ p256MLKEM768Params = hybridECMLKEMParams{
+ name: "SecP256r1/ML-KEM-768",
+ keyType: HybridSecp256r1MLKEM768Key,
+ curve: ecdh.P256(),
+ ecPrivateSize: P256PrivateScalarSize,
+ ecPublicSize: P256PublicPointSize,
+ publicKeySize: P256MLKEM768PublicKeySize,
+ privateKeySize: P256MLKEM768PrivateKeySize,
+ ciphertextSize: P256MLKEM768CiphertextSize,
+ sharedKeySize: P256MLKEM768SharedKeySize,
+ publicPEMType: PEMBlockP256MLKEM768PublicKey,
+ privatePEMType: PEMBlockP256MLKEM768PrivateKey,
+ mlkemScheme: mlkem768.Scheme(),
+ }
+ p384MLKEM1024Params = hybridECMLKEMParams{
+ name: "SecP384r1/ML-KEM-1024",
+ keyType: HybridSecp384r1MLKEM1024Key,
+ curve: ecdh.P384(),
+ ecPrivateSize: P384PrivateScalarSize,
+ ecPublicSize: P384PublicPointSize,
+ publicKeySize: P384MLKEM1024PublicKeySize,
+ privateKeySize: P384MLKEM1024PrivateKeySize,
+ ciphertextSize: P384MLKEM1024CiphertextSize,
+ sharedKeySize: P384MLKEM1024SharedKeySize,
+ publicPEMType: PEMBlockP384MLKEM1024PublicKey,
+ privatePEMType: PEMBlockP384MLKEM1024PrivateKey,
+ mlkemScheme: mlkem1024.Scheme(),
+ }
+)
+
+func NewP256MLKEM768KeyPair() (HybridECMLKEMKeyPair, error) {
+ return newHybridECMLKEMKeyPair(p256MLKEM768Params)
+}
+
+func NewP384MLKEM1024KeyPair() (HybridECMLKEMKeyPair, error) {
+ return newHybridECMLKEMKeyPair(p384MLKEM1024Params)
+}
+
+func (k HybridECMLKEMKeyPair) PublicKeyInPemFormat() (string, error) {
+ return xwingRawToPEM(k.params.publicPEMType, k.publicKey, k.params.publicKeySize)
+}
+
+func (k HybridECMLKEMKeyPair) PrivateKeyInPemFormat() (string, error) {
+ return xwingRawToPEM(k.params.privatePEMType, k.privateKey, k.params.privateKeySize)
+}
+
+func (k HybridECMLKEMKeyPair) GetKeyType() KeyType {
+ return k.params.keyType
+}
+
+func P256MLKEM768PubKeyFromPem(data []byte) ([]byte, error) {
+ return decodeSizedPEMBlock(data, PEMBlockP256MLKEM768PublicKey, P256MLKEM768PublicKeySize)
+}
+
+func P256MLKEM768PrivateKeyFromPem(data []byte) ([]byte, error) {
+ return decodeSizedPEMBlock(data, PEMBlockP256MLKEM768PrivateKey, P256MLKEM768PrivateKeySize)
+}
+
+func P384MLKEM1024PubKeyFromPem(data []byte) ([]byte, error) {
+ return decodeSizedPEMBlock(data, PEMBlockP384MLKEM1024PublicKey, P384MLKEM1024PublicKeySize)
+}
+
+func P384MLKEM1024PrivateKeyFromPem(data []byte) ([]byte, error) {
+ return decodeSizedPEMBlock(data, PEMBlockP384MLKEM1024PrivateKey, P384MLKEM1024PrivateKeySize)
+}
+
+func NewP256MLKEM768Encryptor(publicKey, salt, info []byte) (*HybridECMLKEMEncryptor, error) {
+ return newHybridECMLKEMEncryptor(p256MLKEM768Params, publicKey, salt, info)
+}
+
+func NewP384MLKEM1024Encryptor(publicKey, salt, info []byte) (*HybridECMLKEMEncryptor, error) {
+ return newHybridECMLKEMEncryptor(p384MLKEM1024Params, publicKey, salt, info)
+}
+
+func (e *HybridECMLKEMEncryptor) Encrypt(data []byte) ([]byte, error) {
+ return hybridWrapDEK(e.params, e.publicKey, data, e.salt, e.info)
+}
+
+func (e *HybridECMLKEMEncryptor) PublicKeyInPemFormat() (string, error) {
+ return xwingRawToPEM(e.params.publicPEMType, e.publicKey, e.params.publicKeySize)
+}
+
+func (e *HybridECMLKEMEncryptor) Type() SchemeType {
+ return Hybrid
+}
+
+func (e *HybridECMLKEMEncryptor) KeyType() KeyType {
+ return e.params.keyType
+}
+
+func (e *HybridECMLKEMEncryptor) EphemeralKey() []byte {
+ return nil
+}
+
+func (e *HybridECMLKEMEncryptor) Metadata() (map[string]string, error) {
+ return make(map[string]string), nil
+}
+
+func NewP256MLKEM768Decryptor(privateKey []byte) (*HybridECMLKEMDecryptor, error) {
+ return newSaltedHybridECMLKEMDecryptor(p256MLKEM768Params, privateKey, defaultXWingSalt(), nil)
+}
+
+func NewP384MLKEM1024Decryptor(privateKey []byte) (*HybridECMLKEMDecryptor, error) {
+ return newSaltedHybridECMLKEMDecryptor(p384MLKEM1024Params, privateKey, defaultXWingSalt(), nil)
+}
+
+func (d *HybridECMLKEMDecryptor) Decrypt(data []byte) ([]byte, error) {
+ return hybridUnwrapDEK(d.params, d.privateKey, data, d.salt, d.info)
+}
+
+func P256MLKEM768WrapDEK(publicKeyRaw, dek []byte) ([]byte, error) {
+ return hybridWrapDEK(p256MLKEM768Params, publicKeyRaw, dek, defaultXWingSalt(), nil)
+}
+
+func P256MLKEM768UnwrapDEK(privateKeyRaw, wrappedDER []byte) ([]byte, error) {
+ return hybridUnwrapDEK(p256MLKEM768Params, privateKeyRaw, wrappedDER, defaultXWingSalt(), nil)
+}
+
+func P384MLKEM1024WrapDEK(publicKeyRaw, dek []byte) ([]byte, error) {
+ return hybridWrapDEK(p384MLKEM1024Params, publicKeyRaw, dek, defaultXWingSalt(), nil)
+}
+
+func P384MLKEM1024UnwrapDEK(privateKeyRaw, wrappedDER []byte) ([]byte, error) {
+ return hybridUnwrapDEK(p384MLKEM1024Params, privateKeyRaw, wrappedDER, defaultXWingSalt(), nil)
+}
+
+func newHybridECMLKEMKeyPair(params hybridECMLKEMParams) (HybridECMLKEMKeyPair, error) {
+ ecPrivateKey, err := params.curve.GenerateKey(rand.Reader)
+ if err != nil {
+ return HybridECMLKEMKeyPair{}, fmt.Errorf("%s ECDH key generation failed: %w", params.name, err)
+ }
+
+ mlkemPublicKey, mlkemPrivateKey, err := params.mlkemScheme.GenerateKeyPair()
+ if err != nil {
+ return HybridECMLKEMKeyPair{}, fmt.Errorf("%s ML-KEM key generation failed: %w", params.name, err)
+ }
+
+ mlkemPublicKeyRaw, err := mlkemPublicKey.MarshalBinary()
+ if err != nil {
+ return HybridECMLKEMKeyPair{}, fmt.Errorf("%s ML-KEM public key marshal failed: %w", params.name, err)
+ }
+ mlkemPrivateKeyRaw, err := mlkemPrivateKey.MarshalBinary()
+ if err != nil {
+ return HybridECMLKEMKeyPair{}, fmt.Errorf("%s ML-KEM private key marshal failed: %w", params.name, err)
+ }
+
+ publicKey := append(append(make([]byte, 0, params.publicKeySize), ecPrivateKey.PublicKey().Bytes()...), mlkemPublicKeyRaw...)
+ privateKey := append(append(make([]byte, 0, params.privateKeySize), ecPrivateKey.Bytes()...), mlkemPrivateKeyRaw...)
+ if len(publicKey) != params.publicKeySize {
+ return HybridECMLKEMKeyPair{}, fmt.Errorf("%s invalid public key size: got %d want %d", params.name, len(publicKey), params.publicKeySize)
+ }
+ if len(privateKey) != params.privateKeySize {
+ return HybridECMLKEMKeyPair{}, fmt.Errorf("%s invalid private key size: got %d want %d", params.name, len(privateKey), params.privateKeySize)
+ }
+
+ return HybridECMLKEMKeyPair{
+ params: params,
+ publicKey: publicKey,
+ privateKey: privateKey,
+ }, nil
+}
+
+func newHybridECMLKEMEncryptor(params hybridECMLKEMParams, publicKey, salt, info []byte) (*HybridECMLKEMEncryptor, error) {
+ if len(publicKey) != params.publicKeySize {
+ return nil, fmt.Errorf("invalid %s public key size: got %d want %d", params.name, len(publicKey), params.publicKeySize)
+ }
+
+ return &HybridECMLKEMEncryptor{
+ params: params,
+ publicKey: append([]byte(nil), publicKey...),
+ salt: cloneOrNil(salt),
+ info: cloneOrNil(info),
+ }, nil
+}
+
+func newSaltedHybridECMLKEMDecryptor(params hybridECMLKEMParams, privateKey, salt, info []byte) (*HybridECMLKEMDecryptor, error) {
+ if len(privateKey) != params.privateKeySize {
+ return nil, fmt.Errorf("invalid %s private key size: got %d want %d", params.name, len(privateKey), params.privateKeySize)
+ }
+
+ return &HybridECMLKEMDecryptor{
+ params: params,
+ privateKey: append([]byte(nil), privateKey...),
+ salt: cloneOrNil(salt),
+ info: cloneOrNil(info),
+ }, nil
+}
+
+func hybridWrapDEK(params hybridECMLKEMParams, publicKeyRaw, dek, salt, info []byte) ([]byte, error) {
+ ecPublicKey, mlkemPublicKey, err := parseHybridPublicKey(params, publicKeyRaw)
+ if err != nil {
+ return nil, err
+ }
+
+ ecEphemeralKey, err := params.curve.GenerateKey(rand.Reader)
+ if err != nil {
+ return nil, fmt.Errorf("%s ECDH encapsulation key generation failed: %w", params.name, err)
+ }
+
+ ecSharedSecret, err := ecEphemeralKey.ECDH(ecPublicKey)
+ if err != nil {
+ return nil, fmt.Errorf("%s ECDH encapsulation failed: %w", params.name, err)
+ }
+
+ mlkemCiphertext, mlkemSharedSecret, err := params.mlkemScheme.Encapsulate(mlkemPublicKey)
+ if err != nil {
+ return nil, fmt.Errorf("%s ML-KEM encapsulate failed: %w", params.name, err)
+ }
+
+ hybridSharedSecret := append(append(make([]byte, 0, len(ecSharedSecret)+len(mlkemSharedSecret)), ecSharedSecret...), mlkemSharedSecret...)
+ wrapKey, err := deriveHybridWrapKey(params, hybridSharedSecret, salt, info)
+ if err != nil {
+ return nil, err
+ }
+
+ gcm, err := NewAESGcm(wrapKey)
+ if err != nil {
+ return nil, fmt.Errorf("NewAESGcm failed: %w", err)
+ }
+
+ encryptedDEK, err := gcm.Encrypt(dek)
+ if err != nil {
+ return nil, fmt.Errorf("AES-GCM encrypt failed: %w", err)
+ }
+
+ hybridCiphertext := append(append(make([]byte, 0, params.ciphertextSize), ecEphemeralKey.PublicKey().Bytes()...), mlkemCiphertext...)
+ if len(hybridCiphertext) != params.ciphertextSize {
+ return nil, fmt.Errorf("%s invalid ciphertext size: got %d want %d", params.name, len(hybridCiphertext), params.ciphertextSize)
+ }
+
+ wrappedDER, err := asn1.Marshal(HybridWrappedKey{
+ HybridCiphertext: hybridCiphertext,
+ EncryptedDEK: encryptedDEK,
+ })
+ if err != nil {
+ return nil, fmt.Errorf("asn1.Marshal failed: %w", err)
+ }
+
+ return wrappedDER, nil
+}
+
+func hybridUnwrapDEK(params hybridECMLKEMParams, privateKeyRaw, wrappedDER, salt, info []byte) ([]byte, error) {
+ ecPrivateKey, mlkemPrivateKey, err := parseHybridPrivateKey(params, privateKeyRaw)
+ if err != nil {
+ return nil, err
+ }
+
+ var wrappedKey HybridWrappedKey
+ rest, err := asn1.Unmarshal(wrappedDER, &wrappedKey)
+ if err != nil {
+ return nil, fmt.Errorf("asn1.Unmarshal failed: %w", err)
+ }
+ if len(rest) != 0 {
+ return nil, fmt.Errorf("asn1.Unmarshal left %d trailing bytes", len(rest))
+ }
+ if len(wrappedKey.HybridCiphertext) != params.ciphertextSize {
+ return nil, fmt.Errorf("invalid %s ciphertext size: got %d want %d", params.name, len(wrappedKey.HybridCiphertext), params.ciphertextSize)
+ }
+
+ ephemeralPublicKeyRaw := wrappedKey.HybridCiphertext[:params.ecPublicSize]
+ mlkemCiphertext := wrappedKey.HybridCiphertext[params.ecPublicSize:]
+
+ ephemeralPublicKey, err := params.curve.NewPublicKey(ephemeralPublicKeyRaw)
+ if err != nil {
+ return nil, fmt.Errorf("%s ephemeral public key parse failed: %w", params.name, err)
+ }
+
+ ecSharedSecret, err := ecPrivateKey.ECDH(ephemeralPublicKey)
+ if err != nil {
+ return nil, fmt.Errorf("%s ECDH decapsulation failed: %w", params.name, err)
+ }
+
+ mlkemSharedSecret, err := params.mlkemScheme.Decapsulate(mlkemPrivateKey, mlkemCiphertext)
+ if err != nil {
+ return nil, fmt.Errorf("%s ML-KEM decapsulate failed: %w", params.name, err)
+ }
+
+ hybridSharedSecret := append(append(make([]byte, 0, len(ecSharedSecret)+len(mlkemSharedSecret)), ecSharedSecret...), mlkemSharedSecret...)
+ wrapKey, err := deriveHybridWrapKey(params, hybridSharedSecret, salt, info)
+ if err != nil {
+ return nil, err
+ }
+
+ gcm, err := NewAESGcm(wrapKey)
+ if err != nil {
+ return nil, fmt.Errorf("NewAESGcm failed: %w", err)
+ }
+
+ plaintext, err := gcm.Decrypt(wrappedKey.EncryptedDEK)
+ if err != nil {
+ return nil, fmt.Errorf("AES-GCM decrypt failed: %w", err)
+ }
+
+ return plaintext, nil
+}
+
+func deriveHybridWrapKey(params hybridECMLKEMParams, sharedSecret, salt, info []byte) ([]byte, error) {
+ if len(sharedSecret) != params.sharedKeySize {
+ return nil, fmt.Errorf("invalid %s shared secret size: got %d want %d", params.name, len(sharedSecret), params.sharedKeySize)
+ }
+ if len(salt) == 0 {
+ salt = defaultXWingSalt()
+ }
+
+ hkdfObj := hkdf.New(sha256.New, sharedSecret, salt, info)
+ derivedKey := make([]byte, AES256KeySize)
+ if _, err := io.ReadFull(hkdfObj, derivedKey); err != nil {
+ return nil, fmt.Errorf("hkdf failure: %w", err)
+ }
+
+ return derivedKey, nil
+}
+
+func parseHybridPublicKey(params hybridECMLKEMParams, publicKeyRaw []byte) (*ecdh.PublicKey, kem.PublicKey, error) {
+ if len(publicKeyRaw) != params.publicKeySize {
+ return nil, nil, fmt.Errorf("invalid %s public key size: got %d want %d", params.name, len(publicKeyRaw), params.publicKeySize)
+ }
+
+ ecPublicKey, err := params.curve.NewPublicKey(publicKeyRaw[:params.ecPublicSize])
+ if err != nil {
+ return nil, nil, fmt.Errorf("%s ECDH public key parse failed: %w", params.name, err)
+ }
+
+ mlkemPublicKey, err := params.mlkemScheme.UnmarshalBinaryPublicKey(publicKeyRaw[params.ecPublicSize:])
+ if err != nil {
+ return nil, nil, fmt.Errorf("%s ML-KEM public key parse failed: %w", params.name, err)
+ }
+
+ return ecPublicKey, mlkemPublicKey, nil
+}
+
+func parseHybridPrivateKey(params hybridECMLKEMParams, privateKeyRaw []byte) (*ecdh.PrivateKey, kem.PrivateKey, error) {
+ if len(privateKeyRaw) != params.privateKeySize {
+ return nil, nil, fmt.Errorf("invalid %s private key size: got %d want %d", params.name, len(privateKeyRaw), params.privateKeySize)
+ }
+
+ ecPrivateKey, err := params.curve.NewPrivateKey(privateKeyRaw[:params.ecPrivateSize])
+ if err != nil {
+ return nil, nil, fmt.Errorf("%s ECDH private key parse failed: %w", params.name, err)
+ }
+
+ mlkemPrivateKey, err := params.mlkemScheme.UnmarshalBinaryPrivateKey(privateKeyRaw[params.ecPrivateSize:])
+ if err != nil {
+ return nil, nil, fmt.Errorf("%s ML-KEM private key parse failed: %w", params.name, err)
+ }
+
+ return ecPrivateKey, mlkemPrivateKey, nil
+}
+
+func hybridParamsFromPublicPEMType(blockType string) (hybridECMLKEMParams, bool) {
+ switch blockType {
+ case PEMBlockP256MLKEM768PublicKey:
+ return p256MLKEM768Params, true
+ case PEMBlockP384MLKEM1024PublicKey:
+ return p384MLKEM1024Params, true
+ default:
+ return hybridECMLKEMParams{}, false
+ }
+}
+
+func hybridParamsFromPrivatePEMType(blockType string) (hybridECMLKEMParams, bool) {
+ switch blockType {
+ case PEMBlockP256MLKEM768PrivateKey:
+ return p256MLKEM768Params, true
+ case PEMBlockP384MLKEM1024PrivateKey:
+ return p384MLKEM1024Params, true
+ default:
+ return hybridECMLKEMParams{}, false
+ }
+}
diff --git a/lib/ocrypto/hybrid_nist_test.go b/lib/ocrypto/hybrid_nist_test.go
new file mode 100644
index 0000000000..b286432c97
--- /dev/null
+++ b/lib/ocrypto/hybrid_nist_test.go
@@ -0,0 +1,185 @@
+package ocrypto
+
+import (
+ "encoding/asn1"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+type hybridTestCase struct {
+ name string
+ keyType KeyType
+ newKeyPair func() (HybridECMLKEMKeyPair, error)
+ publicFromPEM func([]byte) ([]byte, error)
+ privateFromPEM func([]byte) ([]byte, error)
+ wrap func([]byte, []byte) ([]byte, error)
+ unwrap func([]byte, []byte) ([]byte, error)
+ publicKeySize int
+ privateKeySize int
+ ciphertextSize int
+}
+
+func hybridTestCases() []hybridTestCase {
+ return []hybridTestCase{
+ {
+ name: "P256-MLKEM768",
+ keyType: HybridSecp256r1MLKEM768Key,
+ newKeyPair: NewP256MLKEM768KeyPair,
+ publicFromPEM: P256MLKEM768PubKeyFromPem,
+ privateFromPEM: P256MLKEM768PrivateKeyFromPem,
+ wrap: P256MLKEM768WrapDEK,
+ unwrap: P256MLKEM768UnwrapDEK,
+ publicKeySize: P256MLKEM768PublicKeySize,
+ privateKeySize: P256MLKEM768PrivateKeySize,
+ ciphertextSize: P256MLKEM768CiphertextSize,
+ },
+ {
+ name: "P384-MLKEM1024",
+ keyType: HybridSecp384r1MLKEM1024Key,
+ newKeyPair: NewP384MLKEM1024KeyPair,
+ publicFromPEM: P384MLKEM1024PubKeyFromPem,
+ privateFromPEM: P384MLKEM1024PrivateKeyFromPem,
+ wrap: P384MLKEM1024WrapDEK,
+ unwrap: P384MLKEM1024UnwrapDEK,
+ publicKeySize: P384MLKEM1024PublicKeySize,
+ privateKeySize: P384MLKEM1024PrivateKeySize,
+ ciphertextSize: P384MLKEM1024CiphertextSize,
+ },
+ }
+}
+
+func TestHybridNISTKeyPairAndPEM(t *testing.T) {
+ for _, tc := range hybridTestCases() {
+ t.Run(tc.name, func(t *testing.T) {
+ keyPair, err := tc.newKeyPair()
+ require.NoError(t, err)
+
+ publicPEM, err := keyPair.PublicKeyInPemFormat()
+ require.NoError(t, err)
+ privatePEM, err := keyPair.PrivateKeyInPemFormat()
+ require.NoError(t, err)
+
+ publicKey, err := tc.publicFromPEM([]byte(publicPEM))
+ require.NoError(t, err)
+ privateKey, err := tc.privateFromPEM([]byte(privatePEM))
+ require.NoError(t, err)
+
+ assert.Len(t, publicKey, tc.publicKeySize)
+ assert.Len(t, privateKey, tc.privateKeySize)
+ assert.Equal(t, tc.keyType, keyPair.GetKeyType())
+ assert.Equal(t, keyPair.publicKey, publicKey)
+ assert.Equal(t, keyPair.privateKey, privateKey)
+ })
+ }
+}
+
+func TestNewKeyPairHybridNIST(t *testing.T) {
+ for _, tc := range hybridTestCases() {
+ t.Run(tc.name, func(t *testing.T) {
+ keyPair, err := NewKeyPair(tc.keyType)
+ require.NoError(t, err)
+ require.NotNil(t, keyPair)
+ assert.Equal(t, tc.keyType, keyPair.GetKeyType())
+ })
+ }
+}
+
+func TestHybridNISTWrapUnwrapRoundTrip(t *testing.T) {
+ for _, tc := range hybridTestCases() {
+ t.Run(tc.name, func(t *testing.T) {
+ keyPair, err := tc.newKeyPair()
+ require.NoError(t, err)
+
+ dek := []byte("0123456789abcdef0123456789abcdef")
+ wrapped, err := tc.wrap(keyPair.publicKey, dek)
+ require.NoError(t, err)
+
+ plaintext, err := tc.unwrap(keyPair.privateKey, wrapped)
+ require.NoError(t, err)
+ assert.Equal(t, dek, plaintext)
+
+ var envelope HybridWrappedKey
+ rest, err := asn1.Unmarshal(wrapped, &envelope)
+ require.NoError(t, err)
+ assert.Empty(t, rest)
+ assert.Len(t, envelope.HybridCiphertext, tc.ciphertextSize)
+ assert.NotEmpty(t, envelope.EncryptedDEK)
+ })
+ }
+}
+
+func TestHybridNISTWrongKeyFails(t *testing.T) {
+ for _, tc := range hybridTestCases() {
+ t.Run(tc.name, func(t *testing.T) {
+ keyPair, err := tc.newKeyPair()
+ require.NoError(t, err)
+ wrongKeyPair, err := tc.newKeyPair()
+ require.NoError(t, err)
+
+ wrapped, err := tc.wrap(keyPair.publicKey, []byte("top secret dek"))
+ require.NoError(t, err)
+
+ _, err = tc.unwrap(wrongKeyPair.privateKey, wrapped)
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), "AES-GCM decrypt failed")
+ })
+ }
+}
+
+func TestHybridWrappedKeyASN1RoundTrip(t *testing.T) {
+ original := HybridWrappedKey{
+ HybridCiphertext: []byte("hybrid-ciphertext"),
+ EncryptedDEK: []byte("encrypted-dek"),
+ }
+
+ der, err := asn1.Marshal(original)
+ require.NoError(t, err)
+
+ var decoded HybridWrappedKey
+ rest, err := asn1.Unmarshal(der, &decoded)
+ require.NoError(t, err)
+ assert.Empty(t, rest)
+ assert.Equal(t, original, decoded)
+}
+
+func TestHybridNISTPEMDispatch(t *testing.T) {
+ for _, tc := range hybridTestCases() {
+ t.Run(tc.name, func(t *testing.T) {
+ keyPair, err := tc.newKeyPair()
+ require.NoError(t, err)
+
+ publicPEM, err := keyPair.PublicKeyInPemFormat()
+ require.NoError(t, err)
+ privatePEM, err := keyPair.PrivateKeyInPemFormat()
+ require.NoError(t, err)
+
+ encryptor, err := FromPublicPEMWithSalt(publicPEM, []byte("salt"), []byte("info"))
+ require.NoError(t, err)
+
+ decryptor, err := FromPrivatePEMWithSalt(privatePEM, []byte("salt"), []byte("info"))
+ require.NoError(t, err)
+
+ hybridEncryptor, ok := encryptor.(*HybridECMLKEMEncryptor)
+ require.True(t, ok)
+ assert.Equal(t, Hybrid, hybridEncryptor.Type())
+ assert.Equal(t, tc.keyType, hybridEncryptor.KeyType())
+ assert.Nil(t, hybridEncryptor.EphemeralKey())
+
+ metadata, err := hybridEncryptor.Metadata()
+ require.NoError(t, err)
+ assert.Empty(t, metadata)
+
+ hybridDecryptor, ok := decryptor.(*HybridECMLKEMDecryptor)
+ require.True(t, ok)
+
+ wrapped, err := hybridEncryptor.Encrypt([]byte("dispatch-dek"))
+ require.NoError(t, err)
+
+ plaintext, err := hybridDecryptor.Decrypt(wrapped)
+ require.NoError(t, err)
+ assert.Equal(t, []byte("dispatch-dek"), plaintext)
+ })
+ }
+}
diff --git a/lib/ocrypto/xwing.go b/lib/ocrypto/xwing.go
new file mode 100644
index 0000000000..8773ac554f
--- /dev/null
+++ b/lib/ocrypto/xwing.go
@@ -0,0 +1,276 @@
+package ocrypto
+
+import (
+ "crypto/rand"
+ "crypto/sha256"
+ "encoding/asn1"
+ "encoding/pem"
+ "fmt"
+ "io"
+
+ "github.com/cloudflare/circl/kem/xwing"
+ "golang.org/x/crypto/hkdf"
+)
+
+const (
+ XWingPublicKeySize = xwing.PublicKeySize
+ XWingPrivateKeySize = xwing.PrivateKeySize
+ XWingCiphertextSize = xwing.CiphertextSize
+
+ PEMBlockXWingPublicKey = "XWING PUBLIC KEY"
+ PEMBlockXWingPrivateKey = "XWING PRIVATE KEY"
+)
+
+type XWingWrappedKey struct {
+ XWingCiphertext []byte `asn1:"tag:0"`
+ EncryptedDEK []byte `asn1:"tag:1"`
+}
+
+type XWingKeyPair struct {
+ publicKey []byte
+ privateKey []byte
+}
+
+type XWingEncryptor struct {
+ publicKey []byte
+ salt []byte
+ info []byte
+}
+
+type XWingDecryptor struct {
+ privateKey []byte
+ salt []byte
+ info []byte
+}
+
+func NewXWingKeyPair() (XWingKeyPair, error) {
+ sk, pk, err := xwing.GenerateKeyPair(rand.Reader)
+ if err != nil {
+ return XWingKeyPair{}, fmt.Errorf("xwing.GenerateKeyPair failed: %w", err)
+ }
+
+ publicKey := make([]byte, XWingPublicKeySize)
+ privateKey := make([]byte, XWingPrivateKeySize)
+ pk.Pack(publicKey)
+ sk.Pack(privateKey)
+
+ return XWingKeyPair{
+ publicKey: publicKey,
+ privateKey: privateKey,
+ }, nil
+}
+
+func (k XWingKeyPair) PublicKeyInPemFormat() (string, error) {
+ return xwingRawToPEM(PEMBlockXWingPublicKey, k.publicKey, XWingPublicKeySize)
+}
+
+func (k XWingKeyPair) PrivateKeyInPemFormat() (string, error) {
+ return xwingRawToPEM(PEMBlockXWingPrivateKey, k.privateKey, XWingPrivateKeySize)
+}
+
+func (k XWingKeyPair) GetKeyType() KeyType {
+ return HybridXWingKey
+}
+
+func XWingPubKeyFromPem(data []byte) ([]byte, error) {
+ return decodeSizedPEMBlock(data, PEMBlockXWingPublicKey, XWingPublicKeySize)
+}
+
+func XWingPrivateKeyFromPem(data []byte) ([]byte, error) {
+ return decodeSizedPEMBlock(data, PEMBlockXWingPrivateKey, XWingPrivateKeySize)
+}
+
+func NewXWingEncryptor(publicKey, salt, info []byte) (*XWingEncryptor, error) {
+ if len(publicKey) != XWingPublicKeySize {
+ return nil, fmt.Errorf("invalid X-Wing public key size: got %d want %d", len(publicKey), XWingPublicKeySize)
+ }
+
+ return &XWingEncryptor{
+ publicKey: append([]byte(nil), publicKey...),
+ salt: cloneOrNil(salt),
+ info: cloneOrNil(info),
+ }, nil
+}
+
+func (e *XWingEncryptor) Encrypt(data []byte) ([]byte, error) {
+ return xwingWrapDEK(e.publicKey, data, e.salt, e.info)
+}
+
+func (e *XWingEncryptor) PublicKeyInPemFormat() (string, error) {
+ return xwingRawToPEM(PEMBlockXWingPublicKey, e.publicKey, XWingPublicKeySize)
+}
+
+func (e *XWingEncryptor) Type() SchemeType {
+ return Hybrid
+}
+
+func (e *XWingEncryptor) KeyType() KeyType {
+ return HybridXWingKey
+}
+
+func (e *XWingEncryptor) EphemeralKey() []byte {
+ return nil
+}
+
+func (e *XWingEncryptor) Metadata() (map[string]string, error) {
+ return make(map[string]string), nil
+}
+
+func NewXWingDecryptor(privateKey []byte) (*XWingDecryptor, error) {
+ return NewSaltedXWingDecryptor(privateKey, defaultXWingSalt(), nil)
+}
+
+func NewSaltedXWingDecryptor(privateKey, salt, info []byte) (*XWingDecryptor, error) {
+ if len(privateKey) != XWingPrivateKeySize {
+ return nil, fmt.Errorf("invalid X-Wing private key size: got %d want %d", len(privateKey), XWingPrivateKeySize)
+ }
+
+ return &XWingDecryptor{
+ privateKey: append([]byte(nil), privateKey...),
+ salt: cloneOrNil(salt),
+ info: cloneOrNil(info),
+ }, nil
+}
+
+func (d *XWingDecryptor) Decrypt(data []byte) ([]byte, error) {
+ return xwingUnwrapDEK(d.privateKey, data, d.salt, d.info)
+}
+
+func XWingWrapDEK(publicKeyRaw, dek []byte) ([]byte, error) {
+ return xwingWrapDEK(publicKeyRaw, dek, defaultXWingSalt(), nil)
+}
+
+func XWingUnwrapDEK(privateKeyRaw, wrappedDER []byte) ([]byte, error) {
+ return xwingUnwrapDEK(privateKeyRaw, wrappedDER, defaultXWingSalt(), nil)
+}
+
+func xwingWrapDEK(publicKeyRaw, dek, salt, info []byte) ([]byte, error) {
+ if len(publicKeyRaw) != XWingPublicKeySize {
+ return nil, fmt.Errorf("invalid X-Wing public key size: got %d want %d", len(publicKeyRaw), XWingPublicKeySize)
+ }
+
+ sharedSecret, ciphertext, err := xwing.Encapsulate(publicKeyRaw, nil)
+ if err != nil {
+ return nil, fmt.Errorf("xwing.Encapsulate failed: %w", err)
+ }
+
+ wrapKey, err := deriveXWingWrapKey(sharedSecret, salt, info)
+ if err != nil {
+ return nil, err
+ }
+
+ gcm, err := NewAESGcm(wrapKey)
+ if err != nil {
+ return nil, fmt.Errorf("NewAESGcm failed: %w", err)
+ }
+
+ encryptedDEK, err := gcm.Encrypt(dek)
+ if err != nil {
+ return nil, fmt.Errorf("AES-GCM encrypt failed: %w", err)
+ }
+
+ wrappedDER, err := asn1.Marshal(XWingWrappedKey{
+ XWingCiphertext: ciphertext,
+ EncryptedDEK: encryptedDEK,
+ })
+ if err != nil {
+ return nil, fmt.Errorf("asn1.Marshal failed: %w", err)
+ }
+
+ return wrappedDER, nil
+}
+
+func xwingUnwrapDEK(privateKeyRaw, wrappedDER, salt, info []byte) ([]byte, error) {
+ if len(privateKeyRaw) != XWingPrivateKeySize {
+ return nil, fmt.Errorf("invalid X-Wing private key size: got %d want %d", len(privateKeyRaw), XWingPrivateKeySize)
+ }
+
+ var wrappedKey XWingWrappedKey
+ rest, err := asn1.Unmarshal(wrappedDER, &wrappedKey)
+ if err != nil {
+ return nil, fmt.Errorf("asn1.Unmarshal failed: %w", err)
+ }
+ if len(rest) != 0 {
+ return nil, fmt.Errorf("asn1.Unmarshal left %d trailing bytes", len(rest))
+ }
+ if len(wrappedKey.XWingCiphertext) != XWingCiphertextSize {
+ return nil, fmt.Errorf("invalid X-Wing ciphertext size: got %d want %d", len(wrappedKey.XWingCiphertext), XWingCiphertextSize)
+ }
+
+ sharedSecret := xwing.Decapsulate(wrappedKey.XWingCiphertext, privateKeyRaw)
+
+ wrapKey, err := deriveXWingWrapKey(sharedSecret, salt, info)
+ if err != nil {
+ return nil, err
+ }
+
+ gcm, err := NewAESGcm(wrapKey)
+ if err != nil {
+ return nil, fmt.Errorf("NewAESGcm failed: %w", err)
+ }
+
+ plaintext, err := gcm.Decrypt(wrappedKey.EncryptedDEK)
+ if err != nil {
+ return nil, fmt.Errorf("AES-GCM decrypt failed: %w", err)
+ }
+
+ return plaintext, nil
+}
+
+func deriveXWingWrapKey(sharedSecret, salt, info []byte) ([]byte, error) {
+ if len(salt) == 0 {
+ salt = defaultXWingSalt()
+ }
+
+ hkdfObj := hkdf.New(sha256.New, sharedSecret, salt, info)
+ derivedKey := make([]byte, xwing.SharedKeySize)
+ if _, err := io.ReadFull(hkdfObj, derivedKey); err != nil {
+ return nil, fmt.Errorf("hkdf failure: %w", err)
+ }
+
+ return derivedKey, nil
+}
+
+func xwingRawToPEM(blockType string, raw []byte, expectedSize int) (string, error) {
+ if len(raw) != expectedSize {
+ return "", fmt.Errorf("invalid %s size: got %d want %d", blockType, len(raw), expectedSize)
+ }
+
+ pemBytes := pem.EncodeToMemory(&pem.Block{
+ Type: blockType,
+ Bytes: raw,
+ })
+ if pemBytes == nil {
+ return "", fmt.Errorf("failed to encode %s to PEM", blockType)
+ }
+
+ return string(pemBytes), nil
+}
+
+func decodeSizedPEMBlock(data []byte, blockType string, expectedSize int) ([]byte, error) {
+ block, _ := pem.Decode(data)
+ if block == nil {
+ return nil, fmt.Errorf("failed to parse PEM formatted %s", blockType)
+ }
+ if block.Type != blockType {
+ return nil, fmt.Errorf("unexpected PEM block type: got %s want %s", block.Type, blockType)
+ }
+ if len(block.Bytes) != expectedSize {
+ return nil, fmt.Errorf("invalid %s size: got %d want %d", blockType, len(block.Bytes), expectedSize)
+ }
+
+ return append([]byte(nil), block.Bytes...), nil
+}
+
+func defaultXWingSalt() []byte {
+ digest := sha256.New()
+ digest.Write([]byte("TDF"))
+ return digest.Sum(nil)
+}
+
+func cloneOrNil(data []byte) []byte {
+ if len(data) == 0 {
+ return nil
+ }
+ return append([]byte(nil), data...)
+}
diff --git a/lib/ocrypto/xwing_test.go b/lib/ocrypto/xwing_test.go
new file mode 100644
index 0000000000..6ba3932e3e
--- /dev/null
+++ b/lib/ocrypto/xwing_test.go
@@ -0,0 +1,114 @@
+package ocrypto
+
+import (
+ "encoding/asn1"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestXWingKeyPairAndPEM(t *testing.T) {
+ keyPair, err := NewXWingKeyPair()
+ require.NoError(t, err)
+
+ publicPEM, err := keyPair.PublicKeyInPemFormat()
+ require.NoError(t, err)
+ privatePEM, err := keyPair.PrivateKeyInPemFormat()
+ require.NoError(t, err)
+
+ publicKey, err := XWingPubKeyFromPem([]byte(publicPEM))
+ require.NoError(t, err)
+ privateKey, err := XWingPrivateKeyFromPem([]byte(privatePEM))
+ require.NoError(t, err)
+
+ assert.Len(t, publicKey, XWingPublicKeySize)
+ assert.Len(t, privateKey, XWingPrivateKeySize)
+ assert.Equal(t, HybridXWingKey, keyPair.GetKeyType())
+}
+
+func TestNewKeyPairXWing(t *testing.T) {
+ keyPair, err := NewKeyPair(HybridXWingKey)
+ require.NoError(t, err)
+ require.NotNil(t, keyPair)
+ assert.Equal(t, HybridXWingKey, keyPair.GetKeyType())
+}
+
+func TestXWingWrapUnwrapRoundTrip(t *testing.T) {
+ keyPair, err := NewXWingKeyPair()
+ require.NoError(t, err)
+
+ dek := []byte("0123456789abcdef0123456789abcdef")
+ wrapped, err := XWingWrapDEK(keyPair.publicKey, dek)
+ require.NoError(t, err)
+
+ plaintext, err := XWingUnwrapDEK(keyPair.privateKey, wrapped)
+ require.NoError(t, err)
+ assert.Equal(t, dek, plaintext)
+}
+
+func TestXWingWrapUnwrapWrongKeyFails(t *testing.T) {
+ keyPair, err := NewXWingKeyPair()
+ require.NoError(t, err)
+ wrongKeyPair, err := NewXWingKeyPair()
+ require.NoError(t, err)
+
+ wrapped, err := XWingWrapDEK(keyPair.publicKey, []byte("top secret dek"))
+ require.NoError(t, err)
+
+ _, err = XWingUnwrapDEK(wrongKeyPair.privateKey, wrapped)
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), "AES-GCM decrypt failed")
+}
+
+func TestXWingWrappedKeyASN1RoundTrip(t *testing.T) {
+ original := XWingWrappedKey{
+ XWingCiphertext: []byte("ciphertext"),
+ EncryptedDEK: []byte("encrypted-dek"),
+ }
+
+ der, err := asn1.Marshal(original)
+ require.NoError(t, err)
+
+ var decoded XWingWrappedKey
+ rest, err := asn1.Unmarshal(der, &decoded)
+ require.NoError(t, err)
+ assert.Empty(t, rest)
+ assert.Equal(t, original, decoded)
+}
+
+func TestXWingPEMDispatch(t *testing.T) {
+ keyPair, err := NewXWingKeyPair()
+ require.NoError(t, err)
+
+ publicPEM, err := keyPair.PublicKeyInPemFormat()
+ require.NoError(t, err)
+ privatePEM, err := keyPair.PrivateKeyInPemFormat()
+ require.NoError(t, err)
+
+ encryptor, err := FromPublicPEMWithSalt(publicPEM, []byte("salt"), []byte("info"))
+ require.NoError(t, err)
+
+ decryptor, err := FromPrivatePEMWithSalt(privatePEM, []byte("salt"), []byte("info"))
+ require.NoError(t, err)
+
+ xwingEncryptor, ok := encryptor.(*XWingEncryptor)
+ require.True(t, ok)
+ assert.Equal(t, Hybrid, xwingEncryptor.Type())
+ assert.Equal(t, HybridXWingKey, xwingEncryptor.KeyType())
+ assert.Nil(t, xwingEncryptor.EphemeralKey())
+
+ metadata, err := xwingEncryptor.Metadata()
+ require.NoError(t, err)
+ assert.Empty(t, metadata)
+
+ xwingDecryptor, ok := decryptor.(*XWingDecryptor)
+ require.True(t, ok)
+
+ wrapped, err := xwingEncryptor.Encrypt([]byte("dispatch-dek"))
+ require.NoError(t, err)
+
+ plaintext, err := xwingDecryptor.Decrypt(wrapped)
+ require.NoError(t, err)
+ assert.Equal(t, []byte("dispatch-dek"), plaintext)
+}
diff --git a/protocol/go/kas/kas.pb.go b/protocol/go/kas/kas.pb.go
index 6d6fb574e3..ff7ca4387e 100644
--- a/protocol/go/kas/kas.pb.go
+++ b/protocol/go/kas/kas.pb.go
@@ -244,7 +244,7 @@ type KeyAccess struct {
Protocol string `protobuf:"bytes,3,opt,name=protocol,proto3" json:"protocol,omitempty"`
// Type of key wrapping used for the data encryption key
// Required: Always
- // Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped)
+ // Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped), 'hybrid-wrapped' (experimental X-Wing-wrapped)
KeyType string `protobuf:"bytes,4,opt,name=key_type,json=type,proto3" json:"key_type,omitempty"`
// URL of the Key Access Server that can unwrap this key
// Optional: May be omitted if KAS URL is known from context
@@ -271,7 +271,7 @@ type KeyAccess struct {
Header []byte `protobuf:"bytes,9,opt,name=header,proto3" json:"header,omitempty"`
// Ephemeral public key for ECDH key derivation (ec-wrapped type only)
// Required: When key_type="ec-wrapped" (experimental ECDH-based ZTDF)
- // Omitted: When key_type="wrapped" (RSA-based ZTDF)
+ // Omitted: When key_type="wrapped" or key_type="hybrid-wrapped"
// Should be a PEM-encoded PKCS#8 (ASN.1) formatted public key
// Used to derive the symmetric key for unwrapping the DEK
EphemeralPublicKey string `protobuf:"bytes,10,opt,name=ephemeral_public_key,json=ephemeralPublicKey,proto3" json:"ephemeral_public_key,omitempty"`
@@ -856,7 +856,7 @@ type RewrapResponse struct {
EntityWrappedKey []byte `protobuf:"bytes,2,opt,name=entity_wrapped_key,json=entityWrappedKey,proto3" json:"entity_wrapped_key,omitempty"`
// KAS's ephemeral session public key in PEM format
// Required: For EC-based operations (key_type="ec-wrapped")
- // Optional: Empty for RSA-based ZTDF (key_type="wrapped")
+ // Optional: Empty for RSA-based or X-Wing-based ZTDF (key_type="wrapped" or key_type="hybrid-wrapped")
// Used by client to perform ECDH key agreement and decrypt the kas_wrapped_key values
SessionPublicKey string `protobuf:"bytes,3,opt,name=session_public_key,json=sessionPublicKey,proto3" json:"session_public_key,omitempty"`
// Deprecated: Legacy schema version identifier
diff --git a/protocol/go/policy/kasregistry/key_access_server_registry.pb.go b/protocol/go/policy/kasregistry/key_access_server_registry.pb.go
index 8e5c7b58b5..a61178cde6 100644
--- a/protocol/go/policy/kasregistry/key_access_server_registry.pb.go
+++ b/protocol/go/policy/kasregistry/key_access_server_registry.pb.go
@@ -4012,529 +4012,530 @@ var file_policy_kasregistry_key_access_server_registry_proto_rawDesc = []byte{
0x12, 0x34, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a,
0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x61,
0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x67, 0x69,
- 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x02, 0x18, 0x01, 0x22, 0xcc, 0x0c, 0x0a, 0x10, 0x43,
+ 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x02, 0x18, 0x01, 0x22, 0xd5, 0x0c, 0x0a, 0x10, 0x43,
0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
0x1f, 0x0a, 0x06, 0x6b, 0x61, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42,
0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x05, 0x6b, 0x61, 0x73, 0x49, 0x64,
0x12, 0x1e, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x05, 0x6b, 0x65, 0x79, 0x49, 0x64,
- 0x12, 0xa4, 0x01, 0x0a, 0x0d, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74,
+ 0x12, 0xad, 0x01, 0x0a, 0x0d, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74,
0x68, 0x6d, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
- 0x79, 0x2e, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x42, 0x6c, 0xba, 0x48, 0x69,
- 0xba, 0x01, 0x66, 0x0a, 0x15, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74,
+ 0x79, 0x2e, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x42, 0x75, 0xba, 0x48, 0x72,
+ 0xba, 0x01, 0x6f, 0x0a, 0x15, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74,
0x68, 0x6d, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x12, 0x34, 0x54, 0x68, 0x65, 0x20,
0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x20, 0x6d, 0x75,
0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65,
0x20, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x20, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x2e,
- 0x1a, 0x17, 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x5b, 0x31, 0x2c, 0x20, 0x32, 0x2c,
- 0x20, 0x33, 0x2c, 0x20, 0x34, 0x2c, 0x20, 0x35, 0x5d, 0x52, 0x0c, 0x6b, 0x65, 0x79, 0x41, 0x6c,
- 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x93, 0x01, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f,
- 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x70, 0x6f, 0x6c,
- 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x42, 0x67, 0xba, 0x48, 0x64,
- 0xba, 0x01, 0x61, 0x0a, 0x10, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x5f, 0x64, 0x65,
- 0x66, 0x69, 0x6e, 0x65, 0x64, 0x12, 0x35, 0x54, 0x68, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d,
- 0x6f, 0x64, 0x65, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x6f, 0x6e, 0x65, 0x20,
- 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x20, 0x76,
- 0x61, 0x6c, 0x75, 0x65, 0x73, 0x20, 0x28, 0x31, 0x2d, 0x34, 0x29, 0x2e, 0x1a, 0x16, 0x74, 0x68,
- 0x69, 0x73, 0x20, 0x3e, 0x3d, 0x20, 0x31, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20,
- 0x3c, 0x3d, 0x20, 0x34, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x42, 0x0a,
- 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18,
- 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50,
- 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x42, 0x06, 0xba, 0x48, 0x03,
- 0xc8, 0x01, 0x01, 0x52, 0x0c, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x43, 0x74,
- 0x78, 0x12, 0x3d, 0x0a, 0x0f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79,
- 0x5f, 0x63, 0x74, 0x78, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c,
- 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x43, 0x74,
- 0x78, 0x52, 0x0d, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78,
- 0x12, 0x2c, 0x0a, 0x12, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e,
- 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x70, 0x72,
- 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x49, 0x64, 0x12, 0x16,
- 0x0a, 0x06, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06,
- 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61,
- 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
- 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75, 0x74, 0x61, 0x62, 0x6c,
- 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x3a, 0xbb, 0x07, 0xba, 0x48,
- 0xb7, 0x07, 0x1a, 0x97, 0x03, 0x0a, 0x23, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b,
- 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x6c,
- 0x79, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0xbc, 0x01, 0x54, 0x68, 0x65,
- 0x20, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x69, 0x73, 0x20,
- 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f,
- 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45,
- 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59,
- 0x20, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x52, 0x4f,
- 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x2e, 0x20,
- 0x54, 0x68, 0x65, 0x20, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20,
- 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, 0x69, 0x66,
- 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73, 0x20, 0x4b, 0x45, 0x59,
- 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x20, 0x6f, 0x72, 0x20,
- 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f,
- 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x2e, 0x1a, 0xb0, 0x01, 0x28, 0x28, 0x74, 0x68,
- 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x31,
- 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64,
- 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x32, 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e,
- 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x2e,
- 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x21, 0x3d, 0x20, 0x27,
- 0x27, 0x29, 0x20, 0x7c, 0x7c, 0x20, 0x28, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79,
- 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x33, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68,
- 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x34,
- 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74,
- 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x2e, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65,
- 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x3d, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x1a, 0xf4, 0x02, 0x0a,
- 0x26, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
- 0x5f, 0x69, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x6c, 0x79, 0x5f, 0x72,
- 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0xa8, 0x01, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
- 0x65, 0x72, 0x20, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x20, 0x69, 0x64, 0x20, 0x69, 0x73, 0x20,
- 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f,
- 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45,
- 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b,
- 0x45, 0x59, 0x20, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52,
- 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x2e, 0x20, 0x49, 0x74, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62,
- 0x65, 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f,
- 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54,
- 0x5f, 0x4b, 0x45, 0x59, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44,
+ 0x1a, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x5b, 0x31, 0x2c, 0x20, 0x32, 0x2c,
+ 0x20, 0x33, 0x2c, 0x20, 0x34, 0x2c, 0x20, 0x35, 0x2c, 0x20, 0x36, 0x2c, 0x20, 0x37, 0x2c, 0x20,
+ 0x38, 0x5d, 0x52, 0x0c, 0x6b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d,
+ 0x12, 0x93, 0x01, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x04, 0x20,
+ 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79,
+ 0x4d, 0x6f, 0x64, 0x65, 0x42, 0x67, 0xba, 0x48, 0x64, 0xba, 0x01, 0x61, 0x0a, 0x10, 0x6b, 0x65,
+ 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x12, 0x35,
+ 0x54, 0x68, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x6d, 0x75, 0x73,
+ 0x74, 0x20, 0x62, 0x65, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x20, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x20, 0x28,
+ 0x31, 0x2d, 0x34, 0x29, 0x2e, 0x1a, 0x16, 0x74, 0x68, 0x69, 0x73, 0x20, 0x3e, 0x3d, 0x20, 0x31,
+ 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x3c, 0x3d, 0x20, 0x34, 0x52, 0x07, 0x6b,
+ 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x42, 0x0a, 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
+ 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14,
+ 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65,
+ 0x79, 0x43, 0x74, 0x78, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x0c, 0x70, 0x75,
+ 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x12, 0x3d, 0x0a, 0x0f, 0x70, 0x72,
+ 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, 0x06, 0x20,
+ 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x69,
+ 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x52, 0x0d, 0x70, 0x72, 0x69, 0x76,
+ 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x12, 0x2c, 0x0a, 0x12, 0x70, 0x72, 0x6f,
+ 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x18,
+ 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43,
+ 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x49, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x67, 0x61, 0x63,
+ 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x12,
+ 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64,
+ 0x61, 0x74, 0x61, 0x4d, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61,
+ 0x64, 0x61, 0x74, 0x61, 0x3a, 0xbb, 0x07, 0xba, 0x48, 0xb7, 0x07, 0x1a, 0x97, 0x03, 0x0a, 0x23,
+ 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x5f,
+ 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x6c, 0x79, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x69,
+ 0x72, 0x65, 0x64, 0x12, 0xbc, 0x01, 0x54, 0x68, 0x65, 0x20, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65,
+ 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x69, 0x73, 0x20, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
+ 0x64, 0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73,
+ 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47,
+ 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x20, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59,
+ 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52,
+ 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x2e, 0x20, 0x54, 0x68, 0x65, 0x20, 0x77, 0x72, 0x61,
+ 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65,
+ 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f,
+ 0x64, 0x65, 0x20, 0x69, 0x73, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52,
+ 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x20, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44,
0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c,
- 0x59, 0x2e, 0x1a, 0x9e, 0x01, 0x28, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f,
+ 0x59, 0x2e, 0x1a, 0xb0, 0x01, 0x28, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f,
0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x31, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69,
- 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x34, 0x29,
- 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
- 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x20, 0x3d, 0x3d, 0x20, 0x27,
- 0x27, 0x29, 0x20, 0x7c, 0x7c, 0x20, 0x28, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79,
- 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x32, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68,
- 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x33,
- 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64,
- 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x20, 0x21, 0x3d, 0x20,
- 0x27, 0x27, 0x29, 0x1a, 0xa3, 0x01, 0x0a, 0x23, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f,
- 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x5f, 0x66, 0x6f, 0x72, 0x5f, 0x70, 0x75, 0x62, 0x6c,
- 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x12, 0x48, 0x70, 0x72, 0x69,
- 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x20, 0x6d, 0x75, 0x73,
- 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20, 0x73, 0x65, 0x74, 0x20, 0x69, 0x66, 0x20,
- 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73, 0x20, 0x4b, 0x45, 0x59, 0x5f,
- 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f,
- 0x4f, 0x4e, 0x4c, 0x59, 0x2e, 0x1a, 0x32, 0x21, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65,
- 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x34, 0x20, 0x26, 0x26, 0x20, 0x68,
- 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f,
- 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x29, 0x29, 0x22, 0x3c, 0x0a, 0x11, 0x43, 0x72, 0x65,
- 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x27,
+ 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x32, 0x29,
+ 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65,
+ 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x2e, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64,
+ 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x20, 0x7c, 0x7c, 0x20, 0x28,
+ 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d,
+ 0x3d, 0x20, 0x33, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f,
+ 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x34, 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68,
+ 0x69, 0x73, 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63,
+ 0x74, 0x78, 0x2e, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x3d,
+ 0x3d, 0x20, 0x27, 0x27, 0x29, 0x1a, 0xf4, 0x02, 0x0a, 0x26, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64,
+ 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x5f, 0x6f, 0x70, 0x74,
+ 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x6c, 0x79, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64,
+ 0x12, 0xa8, 0x01, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x20, 0x63, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x20, 0x69, 0x64, 0x20, 0x69, 0x73, 0x20, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
+ 0x64, 0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73,
+ 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44,
+ 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x20, 0x6f, 0x72, 0x20, 0x4b,
+ 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x2e, 0x20,
+ 0x49, 0x74, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79,
+ 0x20, 0x66, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f,
+ 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x20, 0x61, 0x6e,
+ 0x64, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49,
+ 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x2e, 0x1a, 0x9e, 0x01, 0x28, 0x28,
+ 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d,
+ 0x20, 0x31, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d,
+ 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x34, 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69,
+ 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+ 0x67, 0x5f, 0x69, 0x64, 0x20, 0x3d, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x20, 0x7c, 0x7c, 0x20, 0x28,
+ 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d,
+ 0x3d, 0x20, 0x32, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f,
+ 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x33, 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68,
+ 0x69, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x5f, 0x69, 0x64, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x1a, 0xa3, 0x01, 0x0a,
+ 0x23, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78,
+ 0x5f, 0x66, 0x6f, 0x72, 0x5f, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f,
+ 0x6f, 0x6e, 0x6c, 0x79, 0x12, 0x48, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65,
+ 0x79, 0x5f, 0x63, 0x74, 0x78, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62,
+ 0x65, 0x20, 0x73, 0x65, 0x74, 0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64,
+ 0x65, 0x20, 0x69, 0x73, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55,
+ 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x2e, 0x1a, 0x32,
+ 0x21, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20,
+ 0x3d, 0x3d, 0x20, 0x34, 0x20, 0x26, 0x26, 0x20, 0x68, 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73,
+ 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78,
+ 0x29, 0x29, 0x22, 0x3c, 0x0a, 0x11, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52,
+ 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x27, 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x6b,
+ 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x6b, 0x61, 0x73, 0x4b, 0x65, 0x79,
+ 0x22, 0x7a, 0x0a, 0x0d, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+ 0x74, 0x12, 0x1a, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba,
+ 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, 0x38, 0x0a,
+ 0x03, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x6f, 0x6c,
+ 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e,
+ 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72,
+ 0x48, 0x00, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x42, 0x13, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74,
+ 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x05, 0xba, 0x48, 0x02, 0x08, 0x01, 0x22, 0x39, 0x0a, 0x0e,
+ 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x27,
0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52,
- 0x06, 0x6b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x22, 0x7a, 0x0a, 0x0d, 0x47, 0x65, 0x74, 0x4b, 0x65,
- 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02,
- 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x48, 0x00,
- 0x52, 0x02, 0x69, 0x64, 0x12, 0x38, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28,
- 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65,
- 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65,
- 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x48, 0x00, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x42, 0x13,
- 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x05, 0xba, 0x48,
- 0x02, 0x08, 0x01, 0x22, 0x39, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73,
- 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x27, 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x6b, 0x65, 0x79,
- 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
- 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x6b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x22, 0x96,
- 0x03, 0x0a, 0x0f, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
- 0x73, 0x74, 0x12, 0xa7, 0x01, 0x0a, 0x0d, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72,
- 0x69, 0x74, 0x68, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c,
- 0x69, 0x63, 0x79, 0x2e, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x42, 0x6f, 0xba,
- 0x48, 0x6c, 0xba, 0x01, 0x69, 0x0a, 0x15, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72,
- 0x69, 0x74, 0x68, 0x6d, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x12, 0x34, 0x54, 0x68,
- 0x65, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x20,
- 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x74,
- 0x68, 0x65, 0x20, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x20, 0x76, 0x61, 0x6c, 0x75, 0x65,
- 0x73, 0x2e, 0x1a, 0x1a, 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x5b, 0x30, 0x2c, 0x20,
- 0x31, 0x2c, 0x20, 0x32, 0x2c, 0x20, 0x33, 0x2c, 0x20, 0x34, 0x2c, 0x20, 0x35, 0x5d, 0x52, 0x0c,
- 0x6b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x21, 0x0a, 0x06,
- 0x6b, 0x61, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48,
- 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x48, 0x00, 0x52, 0x05, 0x6b, 0x61, 0x73, 0x49, 0x64, 0x12,
- 0x24, 0x0a, 0x08, 0x6b, 0x61, 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
- 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, 0x00, 0x52, 0x07, 0x6b, 0x61,
- 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x25, 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x75, 0x72, 0x69,
- 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x88,
- 0x01, 0x01, 0x48, 0x00, 0x52, 0x06, 0x6b, 0x61, 0x73, 0x55, 0x72, 0x69, 0x12, 0x1b, 0x0a, 0x06,
- 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x48, 0x01, 0x52, 0x06,
- 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x88, 0x01, 0x01, 0x12, 0x33, 0x0a, 0x0a, 0x70, 0x61, 0x67,
- 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e,
- 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
- 0x73, 0x74, 0x52, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x0c,
- 0x0a, 0x0a, 0x6b, 0x61, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x42, 0x09, 0x0a, 0x07,
- 0x5f, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x22, 0x73, 0x0a, 0x10, 0x4c, 0x69, 0x73, 0x74, 0x4b,
- 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x29, 0x0a, 0x08, 0x6b,
- 0x61, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e,
- 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x07, 0x6b,
- 0x61, 0x73, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x34, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c,
- 0x69, 0x63, 0x79, 0x2e, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
- 0x52, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x86, 0x03, 0x0a,
- 0x10, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
- 0x74, 0x12, 0x18, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba,
- 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, 0x64, 0x12, 0x33, 0x0a, 0x08, 0x6d,
- 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e,
- 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d,
- 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
- 0x12, 0x54, 0x0a, 0x18, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x75, 0x70, 0x64,
- 0x61, 0x74, 0x65, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x18, 0x65, 0x20, 0x01,
- 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61,
- 0x64, 0x61, 0x74, 0x61, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x16,
- 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x42, 0x65,
- 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x3a, 0xcc, 0x01, 0xba, 0x48, 0xc8, 0x01, 0x1a, 0xc5, 0x01,
- 0x0a, 0x18, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74,
- 0x65, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x12, 0x52, 0x4d, 0x65, 0x74, 0x61,
- 0x64, 0x61, 0x74, 0x61, 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x20, 0x62, 0x65, 0x68, 0x61,
- 0x76, 0x69, 0x6f, 0x72, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x69, 0x74,
- 0x68, 0x65, 0x72, 0x20, 0x41, 0x50, 0x50, 0x45, 0x4e, 0x44, 0x20, 0x6f, 0x72, 0x20, 0x52, 0x45,
- 0x50, 0x4c, 0x41, 0x43, 0x45, 0x2c, 0x20, 0x77, 0x68, 0x65, 0x6e, 0x20, 0x75, 0x70, 0x64, 0x61,
- 0x74, 0x69, 0x6e, 0x67, 0x20, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x1a, 0x55,
- 0x28, 0x28, 0x21, 0x68, 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x65, 0x74, 0x61,
- 0x64, 0x61, 0x74, 0x61, 0x29, 0x29, 0x20, 0x7c, 0x7c, 0x20, 0x28, 0x68, 0x61, 0x73, 0x28, 0x74,
- 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x29, 0x20, 0x26, 0x26,
- 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x75,
- 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x20, 0x21,
- 0x3d, 0x20, 0x30, 0x29, 0x29, 0x22, 0x3c, 0x0a, 0x11, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b,
- 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x27, 0x0a, 0x07, 0x6b, 0x61,
- 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f,
- 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x6b, 0x61, 0x73,
- 0x4b, 0x65, 0x79, 0x22, 0xa4, 0x01, 0x0a, 0x10, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x49, 0x64,
- 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x06, 0x6b, 0x61, 0x73, 0x5f,
+ 0x06, 0x6b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x22, 0x99, 0x03, 0x0a, 0x0f, 0x4c, 0x69, 0x73, 0x74,
+ 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0xaa, 0x01, 0x0a, 0x0d,
+ 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x01, 0x20,
+ 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x6c, 0x67,
+ 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x42, 0x72, 0xba, 0x48, 0x6f, 0xba, 0x01, 0x6c, 0x0a, 0x15,
+ 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x5f, 0x64, 0x65,
+ 0x66, 0x69, 0x6e, 0x65, 0x64, 0x12, 0x34, 0x54, 0x68, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x61,
+ 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65,
+ 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x64, 0x65, 0x66, 0x69,
+ 0x6e, 0x65, 0x64, 0x20, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x2e, 0x1a, 0x1d, 0x74, 0x68, 0x69,
+ 0x73, 0x20, 0x69, 0x6e, 0x20, 0x5b, 0x30, 0x2c, 0x20, 0x31, 0x2c, 0x20, 0x32, 0x2c, 0x20, 0x33,
+ 0x2c, 0x20, 0x34, 0x2c, 0x20, 0x35, 0x2c, 0x20, 0x36, 0x5d, 0x52, 0x0c, 0x6b, 0x65, 0x79, 0x41,
+ 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x21, 0x0a, 0x06, 0x6b, 0x61, 0x73, 0x5f,
0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0,
- 0x01, 0x01, 0x48, 0x00, 0x52, 0x05, 0x6b, 0x61, 0x73, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x04, 0x6e,
- 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02,
- 0x10, 0x01, 0x48, 0x00, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x03, 0x75, 0x72,
- 0x69, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01,
- 0x88, 0x01, 0x01, 0x48, 0x00, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x19, 0x0a, 0x03, 0x6b, 0x69,
- 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01,
- 0x52, 0x03, 0x6b, 0x69, 0x64, 0x42, 0x13, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66,
- 0x69, 0x65, 0x72, 0x12, 0x05, 0xba, 0x48, 0x02, 0x08, 0x01, 0x22, 0xe5, 0x0e, 0x0a, 0x10, 0x52,
- 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
- 0x1a, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05,
- 0x72, 0x03, 0xb0, 0x01, 0x01, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, 0x38, 0x0a, 0x03, 0x6b,
- 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
- 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x61,
- 0x73, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x48, 0x00,
- 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x07, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79,
- 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
- 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x6f, 0x74, 0x61,
- 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4e, 0x65, 0x77,
- 0x4b, 0x65, 0x79, 0x52, 0x06, 0x6e, 0x65, 0x77, 0x4b, 0x65, 0x79, 0x1a, 0xcf, 0x04, 0x0a, 0x06,
- 0x4e, 0x65, 0x77, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64,
- 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52,
- 0x05, 0x6b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x9d, 0x01, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72,
- 0x69, 0x74, 0x68, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c,
- 0x69, 0x63, 0x79, 0x2e, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x42, 0x6c, 0xba,
- 0x48, 0x69, 0xba, 0x01, 0x66, 0x0a, 0x15, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72,
- 0x69, 0x74, 0x68, 0x6d, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x12, 0x34, 0x54, 0x68,
- 0x65, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x20,
+ 0x01, 0x01, 0x48, 0x00, 0x52, 0x05, 0x6b, 0x61, 0x73, 0x49, 0x64, 0x12, 0x24, 0x0a, 0x08, 0x6b,
+ 0x61, 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba,
+ 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, 0x00, 0x52, 0x07, 0x6b, 0x61, 0x73, 0x4e, 0x61, 0x6d,
+ 0x65, 0x12, 0x25, 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x04, 0x20, 0x01,
+ 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x88, 0x01, 0x01, 0x48, 0x00,
+ 0x52, 0x06, 0x6b, 0x61, 0x73, 0x55, 0x72, 0x69, 0x12, 0x1b, 0x0a, 0x06, 0x6c, 0x65, 0x67, 0x61,
+ 0x63, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x48, 0x01, 0x52, 0x06, 0x6c, 0x65, 0x67, 0x61,
+ 0x63, 0x79, 0x88, 0x01, 0x01, 0x12, 0x33, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74,
+ 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2e, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x0a,
+ 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x0c, 0x0a, 0x0a, 0x6b, 0x61,
+ 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x42, 0x09, 0x0a, 0x07, 0x5f, 0x6c, 0x65, 0x67,
+ 0x61, 0x63, 0x79, 0x22, 0x73, 0x0a, 0x10, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x52,
+ 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x29, 0x0a, 0x08, 0x6b, 0x61, 0x73, 0x5f, 0x6b,
+ 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x07, 0x6b, 0x61, 0x73, 0x4b, 0x65,
+ 0x79, 0x73, 0x12, 0x34, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+ 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
+ 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0a, 0x70, 0x61,
+ 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x86, 0x03, 0x0a, 0x10, 0x55, 0x70, 0x64,
+ 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a,
+ 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03,
+ 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, 0x64, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64,
+ 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, 0x6d, 0x6d,
+ 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75, 0x74, 0x61, 0x62,
+ 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x54, 0x0a, 0x18,
+ 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f,
+ 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x18, 0x65, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a,
+ 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+ 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x16, 0x6d, 0x65, 0x74, 0x61,
+ 0x64, 0x61, 0x74, 0x61, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69,
+ 0x6f, 0x72, 0x3a, 0xcc, 0x01, 0xba, 0x48, 0xc8, 0x01, 0x1a, 0xc5, 0x01, 0x0a, 0x18, 0x6d, 0x65,
+ 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x62, 0x65,
+ 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x12, 0x52, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+ 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x20, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72,
+ 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x69, 0x74, 0x68, 0x65, 0x72, 0x20,
+ 0x41, 0x50, 0x50, 0x45, 0x4e, 0x44, 0x20, 0x6f, 0x72, 0x20, 0x52, 0x45, 0x50, 0x4c, 0x41, 0x43,
+ 0x45, 0x2c, 0x20, 0x77, 0x68, 0x65, 0x6e, 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x69, 0x6e, 0x67,
+ 0x20, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x1a, 0x55, 0x28, 0x28, 0x21, 0x68,
+ 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+ 0x29, 0x29, 0x20, 0x7c, 0x7c, 0x20, 0x28, 0x68, 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e,
+ 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69,
+ 0x73, 0x2e, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74,
+ 0x65, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x20, 0x21, 0x3d, 0x20, 0x30, 0x29,
+ 0x29, 0x22, 0x3c, 0x0a, 0x11, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65,
+ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x27, 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x6b, 0x65,
+ 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+ 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x6b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x22,
+ 0xa4, 0x01, 0x0a, 0x10, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69,
+ 0x66, 0x69, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x06, 0x6b, 0x61, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x02,
+ 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x48, 0x00,
+ 0x52, 0x05, 0x6b, 0x61, 0x73, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+ 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, 0x00,
+ 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x04, 0x20,
+ 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x88, 0x01, 0x01, 0x48,
+ 0x00, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x19, 0x0a, 0x03, 0x6b, 0x69, 0x64, 0x18, 0x05, 0x20,
+ 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x03, 0x6b, 0x69,
+ 0x64, 0x42, 0x13, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12,
+ 0x05, 0xba, 0x48, 0x02, 0x08, 0x01, 0x22, 0xee, 0x0e, 0x0a, 0x10, 0x52, 0x6f, 0x74, 0x61, 0x74,
+ 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x02, 0x69,
+ 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01,
+ 0x01, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, 0x38, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61,
+ 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79,
+ 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x48, 0x00, 0x52, 0x03, 0x6b, 0x65,
+ 0x79, 0x12, 0x44, 0x0a, 0x07, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72,
+ 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65,
+ 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4e, 0x65, 0x77, 0x4b, 0x65, 0x79, 0x52,
+ 0x06, 0x6e, 0x65, 0x77, 0x4b, 0x65, 0x79, 0x1a, 0xd8, 0x04, 0x0a, 0x06, 0x4e, 0x65, 0x77, 0x4b,
+ 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01,
+ 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x05, 0x6b, 0x65, 0x79,
+ 0x49, 0x64, 0x12, 0xa6, 0x01, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d,
+ 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
+ 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x42, 0x75, 0xba, 0x48, 0x72, 0xba, 0x01,
+ 0x6f, 0x0a, 0x15, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d,
+ 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x12, 0x34, 0x54, 0x68, 0x65, 0x20, 0x6b, 0x65,
+ 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x20, 0x6d, 0x75, 0x73, 0x74,
+ 0x20, 0x62, 0x65, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x64,
+ 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x20, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x2e, 0x1a, 0x20,
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x5b, 0x31, 0x2c, 0x20, 0x32, 0x2c, 0x20, 0x33,
+ 0x2c, 0x20, 0x34, 0x2c, 0x20, 0x35, 0x2c, 0x20, 0x36, 0x2c, 0x20, 0x37, 0x2c, 0x20, 0x38, 0x5d,
+ 0x52, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x9e, 0x01, 0x0a, 0x08,
+ 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f,
+ 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x42,
+ 0x72, 0xba, 0x48, 0x6f, 0xba, 0x01, 0x67, 0x0a, 0x14, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79,
+ 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x12, 0x39, 0x54,
+ 0x68, 0x65, 0x20, 0x6e, 0x65, 0x77, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20,
0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x74,
0x68, 0x65, 0x20, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x20, 0x76, 0x61, 0x6c, 0x75, 0x65,
- 0x73, 0x2e, 0x1a, 0x17, 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x5b, 0x31, 0x2c, 0x20,
- 0x32, 0x2c, 0x20, 0x33, 0x2c, 0x20, 0x34, 0x2c, 0x20, 0x35, 0x5d, 0x52, 0x09, 0x61, 0x6c, 0x67,
- 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x9e, 0x01, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x6d,
- 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
- 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x42, 0x72, 0xba, 0x48, 0x6f, 0xba,
- 0x01, 0x67, 0x0a, 0x14, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65,
- 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x12, 0x39, 0x54, 0x68, 0x65, 0x20, 0x6e, 0x65,
- 0x77, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20,
- 0x62, 0x65, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x64, 0x65,
- 0x66, 0x69, 0x6e, 0x65, 0x64, 0x20, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x20, 0x28, 0x31, 0x2d,
- 0x34, 0x29, 0x2e, 0x1a, 0x14, 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x5b, 0x31, 0x2c,
- 0x20, 0x32, 0x2c, 0x20, 0x33, 0x2c, 0x20, 0x34, 0x5d, 0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x07,
- 0x6b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x42, 0x0a, 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69,
- 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
- 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b,
- 0x65, 0x79, 0x43, 0x74, 0x78, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x0c, 0x70,
- 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x12, 0x3d, 0x0a, 0x0f, 0x70,
- 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, 0x05,
- 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72,
- 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x52, 0x0d, 0x70, 0x72, 0x69,
- 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x12, 0x2c, 0x0a, 0x12, 0x70, 0x72,
- 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64,
- 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
- 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x49, 0x64, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61,
- 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, 0x6d,
- 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75, 0x74, 0x61,
- 0x62, 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x3a, 0xcd, 0x08,
- 0xba, 0x48, 0xc9, 0x08, 0x1a, 0xd8, 0x03, 0x0a, 0x23, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65,
- 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61,
- 0x6c, 0x6c, 0x79, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0xcd, 0x01, 0x46,
- 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x6e, 0x65, 0x77, 0x20, 0x6b, 0x65, 0x79, 0x2c, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20,
- 0x69, 0x73, 0x20, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x20, 0x69, 0x66, 0x20, 0x6b,
- 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d,
- 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f,
- 0x4b, 0x45, 0x59, 0x20, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f,
- 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45,
- 0x59, 0x2e, 0x20, 0x54, 0x68, 0x65, 0x20, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b,
- 0x65, 0x79, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79,
+ 0x73, 0x20, 0x28, 0x31, 0x2d, 0x34, 0x29, 0x2e, 0x1a, 0x14, 0x74, 0x68, 0x69, 0x73, 0x20, 0x69,
+ 0x6e, 0x20, 0x5b, 0x31, 0x2c, 0x20, 0x32, 0x2c, 0x20, 0x33, 0x2c, 0x20, 0x34, 0x5d, 0x82, 0x01,
+ 0x02, 0x10, 0x01, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x42, 0x0a, 0x0e,
+ 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, 0x04,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x75,
+ 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8,
+ 0x01, 0x01, 0x52, 0x0c, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78,
+ 0x12, 0x3d, 0x0a, 0x0f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f,
+ 0x63, 0x74, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78,
+ 0x52, 0x0d, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x12,
+ 0x2c, 0x0a, 0x12, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x70, 0x72, 0x6f,
+ 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x49, 0x64, 0x12, 0x33, 0x0a,
+ 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32,
+ 0x17, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
+ 0x61, 0x4d, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61,
+ 0x74, 0x61, 0x3a, 0xcd, 0x08, 0xba, 0x48, 0xc9, 0x08, 0x1a, 0xd8, 0x03, 0x0a, 0x23, 0x70, 0x72,
+ 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x5f, 0x6f, 0x70,
+ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x6c, 0x79, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
+ 0x64, 0x12, 0xcd, 0x01, 0x46, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x6e, 0x65, 0x77, 0x20,
+ 0x6b, 0x65, 0x79, 0x2c, 0x20, 0x74, 0x68, 0x65, 0x20, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64,
+ 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x69, 0x73, 0x20, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64,
0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73, 0x20,
- 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x20,
- 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c,
- 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x2e, 0x1a, 0xe0, 0x01, 0x28,
- 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b, 0x65,
- 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x31, 0x20, 0x7c, 0x7c, 0x20, 0x74,
- 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b, 0x65, 0x79, 0x5f,
- 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x32, 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68,
- 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61,
- 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x2e, 0x77, 0x72, 0x61, 0x70, 0x70,
- 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x20, 0x7c, 0x7c,
- 0x20, 0x28, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e,
- 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x33, 0x20, 0x7c, 0x7c,
- 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b, 0x65,
- 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x34, 0x29, 0x20, 0x26, 0x26, 0x20,
- 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72, 0x69,
- 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x2e, 0x77, 0x72, 0x61,
- 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x3d, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x1a,
- 0xb5, 0x03, 0x0a, 0x26, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e,
- 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x6c,
- 0x79, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0xb9, 0x01, 0x46, 0x6f, 0x72,
- 0x20, 0x74, 0x68, 0x65, 0x20, 0x6e, 0x65, 0x77, 0x20, 0x6b, 0x65, 0x79, 0x2c, 0x20, 0x70, 0x72,
- 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x20, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x20, 0x69, 0x64,
- 0x20, 0x69, 0x73, 0x20, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x20, 0x69, 0x66, 0x20,
- 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73, 0x20, 0x4b, 0x45, 0x59, 0x5f,
- 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f,
- 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x20, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f,
- 0x44, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x2e, 0x20, 0x49, 0x74, 0x20, 0x6d, 0x75,
- 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20,
0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f,
- 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x4b, 0x45, 0x59,
- 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59,
- 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x2e, 0x1a, 0xce, 0x01, 0x28, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e,
- 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65,
- 0x20, 0x3d, 0x3d, 0x20, 0x31, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65,
+ 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x20, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f,
+ 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f,
+ 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x2e, 0x20, 0x54, 0x68, 0x65, 0x20, 0x77, 0x72, 0x61, 0x70,
+ 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20,
+ 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64,
+ 0x65, 0x20, 0x69, 0x73, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52, 0x45,
+ 0x4d, 0x4f, 0x54, 0x45, 0x20, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45,
+ 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59,
+ 0x2e, 0x1a, 0xe0, 0x01, 0x28, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b,
+ 0x65, 0x79, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x31,
+ 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79,
+ 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x32, 0x29, 0x20,
+ 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e,
+ 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x2e,
+ 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x21, 0x3d, 0x20, 0x27,
+ 0x27, 0x29, 0x20, 0x7c, 0x7c, 0x20, 0x28, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77,
+ 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d,
+ 0x20, 0x33, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b,
+ 0x65, 0x79, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x34,
+ 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65,
+ 0x79, 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74,
+ 0x78, 0x2e, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x20, 0x3d, 0x3d,
+ 0x20, 0x27, 0x27, 0x29, 0x1a, 0xb5, 0x03, 0x0a, 0x26, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
+ 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69,
+ 0x6f, 0x6e, 0x61, 0x6c, 0x6c, 0x79, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12,
+ 0xb9, 0x01, 0x46, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x6e, 0x65, 0x77, 0x20, 0x6b, 0x65,
+ 0x79, 0x2c, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x20, 0x63, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x20, 0x69, 0x64, 0x20, 0x69, 0x73, 0x20, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
+ 0x64, 0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73,
+ 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44,
+ 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x20, 0x6f, 0x72, 0x20, 0x4b,
+ 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x2e, 0x20,
+ 0x49, 0x74, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79,
+ 0x20, 0x66, 0x6f, 0x72, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f,
+ 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x20, 0x61, 0x6e,
+ 0x64, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49,
+ 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x2e, 0x1a, 0xce, 0x01, 0x28, 0x28,
+ 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b, 0x65, 0x79,
+ 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x31, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68,
+ 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d,
+ 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x34, 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69,
+ 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64,
+ 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x20, 0x3d, 0x3d, 0x20,
+ 0x27, 0x27, 0x29, 0x20, 0x7c, 0x7c, 0x20, 0x28, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65,
0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d,
- 0x3d, 0x20, 0x34, 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77,
- 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f,
- 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x20, 0x3d, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x20, 0x7c,
- 0x7c, 0x20, 0x28, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79,
- 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x32, 0x20, 0x7c,
- 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b,
- 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x33, 0x29, 0x20, 0x26, 0x26,
- 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72,
- 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x69, 0x64,
- 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x1a, 0xb3, 0x01, 0x0a, 0x23, 0x70, 0x72, 0x69, 0x76,
- 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x5f, 0x66, 0x6f, 0x72, 0x5f,
- 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x12,
- 0x48, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78,
- 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20, 0x73, 0x65, 0x74,
- 0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x69, 0x73, 0x20,
- 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f,
- 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x2e, 0x1a, 0x42, 0x21, 0x28, 0x74, 0x68, 0x69,
- 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f,
- 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x34, 0x20, 0x26, 0x26, 0x20, 0x68, 0x61, 0x73, 0x28, 0x74,
- 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72, 0x69, 0x76,
- 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x29, 0x29, 0x42, 0x13, 0x0a,
- 0x0a, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x12, 0x05, 0xba, 0x48, 0x02,
- 0x08, 0x01, 0x22, 0x32, 0x0a, 0x0e, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x4d, 0x61, 0x70, 0x70,
- 0x69, 0x6e, 0x67, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
- 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x71, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
- 0x09, 0x52, 0x03, 0x66, 0x71, 0x6e, 0x22, 0xe3, 0x02, 0x0a, 0x10, 0x52, 0x6f, 0x74, 0x61, 0x74,
- 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x36, 0x0a, 0x0f, 0x72,
- 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x75, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01,
- 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61,
- 0x73, 0x4b, 0x65, 0x79, 0x52, 0x0d, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x4f, 0x75, 0x74,
- 0x4b, 0x65, 0x79, 0x12, 0x66, 0x0a, 0x1d, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65,
- 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x61, 0x70, 0x70,
- 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x6f, 0x6c,
+ 0x3d, 0x20, 0x32, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f,
+ 0x6b, 0x65, 0x79, 0x2e, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20,
+ 0x33, 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b,
+ 0x65, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x5f, 0x69, 0x64, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x1a, 0xb3, 0x01, 0x0a,
+ 0x23, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78,
+ 0x5f, 0x66, 0x6f, 0x72, 0x5f, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f,
+ 0x6f, 0x6e, 0x6c, 0x79, 0x12, 0x48, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65,
+ 0x79, 0x5f, 0x63, 0x74, 0x78, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62,
+ 0x65, 0x20, 0x73, 0x65, 0x74, 0x20, 0x69, 0x66, 0x20, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64,
+ 0x65, 0x20, 0x69, 0x73, 0x20, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55,
+ 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x2e, 0x1a, 0x42,
+ 0x21, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6b,
+ 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x3d, 0x3d, 0x20, 0x34, 0x20, 0x26, 0x26, 0x20,
+ 0x68, 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6e, 0x65, 0x77, 0x5f, 0x6b, 0x65, 0x79,
+ 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78,
+ 0x29, 0x29, 0x42, 0x13, 0x0a, 0x0a, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x6b, 0x65, 0x79,
+ 0x12, 0x05, 0xba, 0x48, 0x02, 0x08, 0x01, 0x22, 0x32, 0x0a, 0x0e, 0x43, 0x68, 0x61, 0x6e, 0x67,
+ 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18,
+ 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x71, 0x6e,
+ 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x66, 0x71, 0x6e, 0x22, 0xe3, 0x02, 0x0a, 0x10,
+ 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73,
+ 0x12, 0x36, 0x0a, 0x0f, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x75, 0x74, 0x5f,
+ 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x0d, 0x72, 0x6f, 0x74, 0x61, 0x74,
+ 0x65, 0x64, 0x4f, 0x75, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x66, 0x0a, 0x1d, 0x61, 0x74, 0x74, 0x72,
+ 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+ 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
+ 0x22, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69,
+ 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69,
+ 0x6e, 0x67, 0x73, 0x52, 0x1b, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x44, 0x65,
+ 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73,
+ 0x12, 0x5c, 0x0a, 0x18, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x76, 0x61,
+ 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03,
+ 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72,
+ 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x4d, 0x61,
+ 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x16, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
+ 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x51,
+ 0x0a, 0x12, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70,
+ 0x69, 0x6e, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x6f, 0x6c,
0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e,
- 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x1b,
- 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
- 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x5c, 0x0a, 0x18, 0x61,
- 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d,
- 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e,
- 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74,
- 0x72, 0x79, 0x2e, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
- 0x73, 0x52, 0x16, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75,
- 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x51, 0x0a, 0x12, 0x6e, 0x61, 0x6d,
- 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18,
- 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b,
- 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x68, 0x61, 0x6e, 0x67,
- 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x11, 0x6e, 0x61, 0x6d, 0x65, 0x73,
- 0x70, 0x61, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x8f, 0x01, 0x0a,
- 0x11, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
- 0x73, 0x65, 0x12, 0x27, 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
- 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73,
- 0x4b, 0x65, 0x79, 0x52, 0x06, 0x6b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x51, 0x0a, 0x11, 0x72,
- 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73,
- 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
- 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x6f, 0x74, 0x61,
- 0x74, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x10, 0x72, 0x6f,
- 0x74, 0x61, 0x74, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x22, 0x7e,
- 0x0a, 0x11, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75,
- 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42,
- 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12,
- 0x38, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70,
- 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
- 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69,
- 0x65, 0x72, 0x48, 0x00, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x42, 0x13, 0x0a, 0x0a, 0x61, 0x63, 0x74,
- 0x69, 0x76, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x12, 0x05, 0xba, 0x48, 0x02, 0x08, 0x01, 0x22, 0x13,
- 0x0a, 0x11, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75,
- 0x65, 0x73, 0x74, 0x22, 0x45, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65,
- 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2f, 0x0a, 0x08, 0x62, 0x61, 0x73,
- 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f,
- 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, 0x61, 0x73, 0x4b, 0x65,
- 0x79, 0x52, 0x07, 0x62, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x22, 0x8e, 0x01, 0x0a, 0x12, 0x53,
- 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
- 0x65, 0x12, 0x36, 0x0a, 0x0c, 0x6e, 0x65, 0x77, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x6b, 0x65,
- 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
- 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x0a, 0x6e,
- 0x65, 0x77, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x40, 0x0a, 0x11, 0x70, 0x72, 0x65,
- 0x76, 0x69, 0x6f, 0x75, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02,
- 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x53, 0x69,
- 0x6d, 0x70, 0x6c, 0x65, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x0f, 0x70, 0x72, 0x65, 0x76,
- 0x69, 0x6f, 0x75, 0x73, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x22, 0x36, 0x0a, 0x12, 0x4d,
- 0x61, 0x70, 0x70, 0x65, 0x64, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4f, 0x62, 0x6a, 0x65, 0x63,
- 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69,
- 0x64, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x71, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
- 0x66, 0x71, 0x6e, 0x22, 0xb4, 0x02, 0x0a, 0x0a, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69,
- 0x6e, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x03, 0x6b, 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x18,
- 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6b, 0x61, 0x73, 0x55, 0x72, 0x69, 0x12, 0x55, 0x0a,
- 0x12, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69,
- 0x6e, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
- 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4d,
- 0x61, 0x70, 0x70, 0x65, 0x64, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4f, 0x62, 0x6a, 0x65, 0x63,
- 0x74, 0x52, 0x11, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70,
- 0x69, 0x6e, 0x67, 0x73, 0x12, 0x55, 0x0a, 0x12, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
- 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b,
- 0x32, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67,
- 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x61, 0x70, 0x70, 0x65, 0x64, 0x50, 0x6f, 0x6c, 0x69,
- 0x63, 0x79, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x11, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62,
- 0x75, 0x74, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4d, 0x0a, 0x0e, 0x76,
- 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x05, 0x20,
- 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73,
- 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x61, 0x70, 0x70, 0x65, 0x64, 0x50,
- 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x0d, 0x76, 0x61, 0x6c,
- 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x22, 0xb8, 0x01, 0x0a, 0x16, 0x4c,
- 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65,
- 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28,
- 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x48, 0x00, 0x52, 0x02, 0x69,
- 0x64, 0x12, 0x38, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24,
- 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73,
- 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69,
- 0x66, 0x69, 0x65, 0x72, 0x48, 0x00, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x33, 0x0a, 0x0a, 0x70,
- 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32,
- 0x13, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71,
- 0x75, 0x65, 0x73, 0x74, 0x52, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
- 0x42, 0x13, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x05,
- 0xba, 0x48, 0x02, 0x08, 0x00, 0x22, 0x92, 0x01, 0x0a, 0x17, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65,
- 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
- 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
- 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
- 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x79,
- 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x0b, 0x6b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70,
- 0x69, 0x6e, 0x67, 0x73, 0x12, 0x34, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69,
- 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
- 0x79, 0x2e, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0a,
- 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0xb5, 0x0c, 0x0a, 0x1e, 0x4b,
- 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65,
- 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x99, 0x01,
- 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53,
- 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x2f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
- 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74,
- 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73,
- 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
- 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73,
- 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
- 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1e, 0x82, 0xd3, 0xe4, 0x93, 0x02,
- 0x15, 0x12, 0x13, 0x2f, 0x6b, 0x65, 0x79, 0x2d, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x2d, 0x73,
- 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x90, 0x02, 0x01, 0x12, 0x78, 0x0a, 0x12, 0x47, 0x65, 0x74,
- 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12,
- 0x2d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69,
- 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73,
- 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e,
- 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73,
- 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73,
- 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03,
- 0x90, 0x02, 0x01, 0x12, 0x7e, 0x0a, 0x15, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79,
- 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x30, 0x2e, 0x70,
- 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
- 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73,
- 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31,
+ 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x11,
+ 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
+ 0x73, 0x22, 0x8f, 0x01, 0x0a, 0x11, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52,
+ 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x27, 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x6b,
+ 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x6b, 0x61, 0x73, 0x4b, 0x65, 0x79,
+ 0x12, 0x51, 0x0a, 0x11, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f,
+ 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x6f,
+ 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79,
+ 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+ 0x73, 0x52, 0x10, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72,
+ 0x63, 0x65, 0x73, 0x22, 0x7e, 0x0a, 0x11, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65,
+ 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x48, 0x00,
+ 0x52, 0x02, 0x69, 0x64, 0x12, 0x38, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65,
+ 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65,
+ 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x48, 0x00, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x42, 0x13,
+ 0x0a, 0x0a, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x12, 0x05, 0xba, 0x48,
+ 0x02, 0x08, 0x01, 0x22, 0x13, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65,
+ 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x45, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x42,
+ 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2f,
+ 0x0a, 0x08, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+ 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65,
+ 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x07, 0x62, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x22,
+ 0x8e, 0x01, 0x0a, 0x12, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65,
+ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x36, 0x0a, 0x0c, 0x6e, 0x65, 0x77, 0x5f, 0x62, 0x61,
+ 0x73, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70,
+ 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, 0x61, 0x73, 0x4b,
+ 0x65, 0x79, 0x52, 0x0a, 0x6e, 0x65, 0x77, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x40,
+ 0x0a, 0x11, 0x70, 0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x5f,
+ 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52,
+ 0x0f, 0x70, 0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79,
+ 0x22, 0x36, 0x0a, 0x12, 0x4d, 0x61, 0x70, 0x70, 0x65, 0x64, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+ 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01,
+ 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x71, 0x6e, 0x18, 0x02, 0x20,
+ 0x01, 0x28, 0x09, 0x52, 0x03, 0x66, 0x71, 0x6e, 0x22, 0xb4, 0x02, 0x0a, 0x0a, 0x4b, 0x65, 0x79,
+ 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x69, 0x64, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x6b, 0x61, 0x73,
+ 0x5f, 0x75, 0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6b, 0x61, 0x73, 0x55,
+ 0x72, 0x69, 0x12, 0x55, 0x0a, 0x12, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f,
+ 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26,
0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73,
- 0x74, 0x72, 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63,
- 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
- 0x65, 0x22, 0x00, 0x12, 0x7e, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79,
- 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x30, 0x2e, 0x70,
+ 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x61, 0x70, 0x70, 0x65, 0x64, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+ 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x11, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63,
+ 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x55, 0x0a, 0x12, 0x61, 0x74, 0x74,
+ 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18,
+ 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b,
+ 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x61, 0x70, 0x70, 0x65,
+ 0x64, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x11, 0x61,
+ 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73,
+ 0x12, 0x4d, 0x0a, 0x0e, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e,
+ 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x61,
+ 0x70, 0x70, 0x65, 0x64, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74,
+ 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x22,
+ 0xb8, 0x01, 0x0a, 0x16, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69,
+ 0x6e, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x02, 0x69, 0x64,
+ 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01,
+ 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, 0x38, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20,
+ 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73,
+ 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x49,
+ 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x48, 0x00, 0x52, 0x03, 0x6b, 0x65, 0x79,
+ 0x12, 0x33, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x61,
+ 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e,
+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x13, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66,
+ 0x69, 0x65, 0x72, 0x12, 0x05, 0xba, 0x48, 0x02, 0x08, 0x00, 0x22, 0x92, 0x01, 0x0a, 0x17, 0x4c,
+ 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65,
+ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x61,
+ 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70,
0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
- 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73,
- 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31,
- 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73,
- 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63,
- 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
- 0x65, 0x22, 0x00, 0x12, 0x7e, 0x0a, 0x15, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x79,
- 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x30, 0x2e, 0x70,
+ 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x0b, 0x6b, 0x65,
+ 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x34, 0x0a, 0x0a, 0x70, 0x61, 0x67,
+ 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e,
+ 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
+ 0x6e, 0x73, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32,
+ 0xb5, 0x0c, 0x0a, 0x1e, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72,
+ 0x76, 0x65, 0x72, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69,
+ 0x63, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63,
+ 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x2f, 0x2e, 0x70, 0x6f,
+ 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79,
+ 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65,
+ 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x70,
0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
- 0x79, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73,
- 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31,
- 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73,
- 0x74, 0x72, 0x79, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63,
- 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
- 0x65, 0x22, 0x00, 0x12, 0x90, 0x01, 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41,
- 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x61, 0x6e, 0x74,
- 0x73, 0x12, 0x34, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65,
- 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63,
- 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73,
- 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
- 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73,
- 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
- 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x06,
- 0x88, 0x02, 0x01, 0x90, 0x02, 0x01, 0x12, 0x5a, 0x0a, 0x09, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
- 0x4b, 0x65, 0x79, 0x12, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73,
+ 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53,
+ 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1e,
+ 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, 0x12, 0x13, 0x2f, 0x6b, 0x65, 0x79, 0x2d, 0x61, 0x63, 0x63,
+ 0x65, 0x73, 0x73, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x90, 0x02, 0x01, 0x12, 0x78,
+ 0x0a, 0x12, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65,
+ 0x72, 0x76, 0x65, 0x72, 0x12, 0x2d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61,
+ 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79,
+ 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
+ 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73,
+ 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x41,
+ 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f,
+ 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x7e, 0x0a, 0x15, 0x43, 0x72, 0x65, 0x61,
+ 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65,
+ 0x72, 0x12, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65,
+ 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79,
+ 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
+ 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73,
0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b,
- 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
- 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43,
- 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
- 0x22, 0x00, 0x12, 0x51, 0x0a, 0x06, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x21, 0x2e, 0x70,
+ 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65,
+ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x7e, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61,
+ 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65,
+ 0x72, 0x12, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65,
+ 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79,
+ 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
+ 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73,
+ 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b,
+ 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65,
+ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x7e, 0x0a, 0x15, 0x44, 0x65, 0x6c, 0x65,
+ 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65,
+ 0x72, 0x12, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65,
+ 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x79,
+ 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
+ 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73,
+ 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b,
+ 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65,
+ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x90, 0x01, 0x0a, 0x19, 0x4c, 0x69, 0x73,
+ 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+ 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x12, 0x34, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
+ 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74,
+ 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47,
+ 0x72, 0x61, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, 0x70,
0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
- 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
- 0x22, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69,
- 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f,
- 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x57, 0x0a, 0x08, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79,
- 0x73, 0x12, 0x23, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65,
- 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x52,
- 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
+ 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53,
+ 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f,
+ 0x6e, 0x73, 0x65, 0x22, 0x06, 0x88, 0x02, 0x01, 0x90, 0x02, 0x01, 0x12, 0x5a, 0x0a, 0x09, 0x43,
+ 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x72,
+ 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25,
+ 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73,
+ 0x74, 0x72, 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73,
+ 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x51, 0x0a, 0x06, 0x47, 0x65, 0x74, 0x4b, 0x65,
+ 0x79, 0x12, 0x21, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65,
+ 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71,
+ 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61,
+ 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79,
+ 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x57, 0x0a, 0x08, 0x4c, 0x69,
+ 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x23, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74,
- 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5a,
- 0x0a, 0x09, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x2e, 0x70, 0x6f,
+ 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x6f,
0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79,
- 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
- 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65,
- 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79,
- 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5a, 0x0a, 0x09, 0x52, 0x6f,
- 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
- 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x6f, 0x74,
- 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e,
+ 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+ 0x65, 0x22, 0x00, 0x12, 0x5a, 0x0a, 0x09, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79,
+ 0x12, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67,
+ 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52,
+ 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
+ 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61,
+ 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12,
+ 0x5a, 0x0a, 0x09, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x2e, 0x70,
+ 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
+ 0x79, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
+ 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72,
+ 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65,
+ 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5d, 0x0a, 0x0a, 0x53,
+ 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53,
+ 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+ 0x1a, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67,
+ 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79,
+ 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5d, 0x0a, 0x0a, 0x47, 0x65,
+ 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65,
+ 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+ 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69,
+ 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52,
+ 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x6c, 0x0a, 0x0f, 0x4c, 0x69, 0x73,
+ 0x74, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x2a, 0x2e, 0x70,
+ 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
+ 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
+ 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69,
+ 0x73, 0x74, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x73,
+ 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0xdb, 0x01, 0x0a, 0x16, 0x63, 0x6f, 0x6d, 0x2e,
0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74,
- 0x72, 0x79, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70,
- 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5d, 0x0a, 0x0a, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73,
- 0x65, 0x4b, 0x65, 0x79, 0x12, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61,
- 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73,
- 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x70, 0x6f,
- 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79,
- 0x2e, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f,
- 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5d, 0x0a, 0x0a, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65,
- 0x4b, 0x65, 0x79, 0x12, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73,
- 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65,
- 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x70, 0x6f, 0x6c,
- 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e,
- 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
- 0x73, 0x65, 0x22, 0x00, 0x12, 0x6c, 0x0a, 0x0f, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x4d,
- 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x2a, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
- 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73,
- 0x74, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75,
- 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73,
- 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79,
- 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
- 0x22, 0x00, 0x42, 0xdb, 0x01, 0x0a, 0x16, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
- 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x42, 0x1c, 0x4b,
- 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65,
- 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3a, 0x67,
- 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64,
- 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x6b, 0x61,
- 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x4b, 0x58, 0xaa,
- 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69,
- 0x73, 0x74, 0x72, 0x79, 0xca, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x4b, 0x61,
- 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x1e, 0x50, 0x6f, 0x6c, 0x69,
- 0x63, 0x79, 0x5c, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5c, 0x47,
- 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x13, 0x50, 0x6f, 0x6c,
- 0x69, 0x63, 0x79, 0x3a, 0x3a, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79,
- 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x72, 0x79, 0x42, 0x1c, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72,
+ 0x76, 0x65, 0x72, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+ 0x50, 0x01, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f,
+ 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f,
+ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2f, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xa2, 0x02,
+ 0x03, 0x50, 0x4b, 0x58, 0xaa, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61,
+ 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xca, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x5c, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xe2, 0x02,
+ 0x1e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73,
+ 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea,
+ 0x02, 0x13, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x3a, 0x3a, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67,
+ 0x69, 0x73, 0x74, 0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
diff --git a/protocol/go/policy/objects.pb.go b/protocol/go/policy/objects.pb.go
index d2c0921c8b..f6ba0c3aa2 100644
--- a/protocol/go/policy/objects.pb.go
+++ b/protocol/go/policy/objects.pb.go
@@ -237,31 +237,40 @@ func (SourceType) EnumDescriptor() ([]byte, []int) {
type KasPublicKeyAlgEnum int32
const (
- KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED KasPublicKeyAlgEnum = 0
- KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 KasPublicKeyAlgEnum = 1
- KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 KasPublicKeyAlgEnum = 2
- KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 KasPublicKeyAlgEnum = 5
- KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 KasPublicKeyAlgEnum = 6
- KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 KasPublicKeyAlgEnum = 7
+ KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED KasPublicKeyAlgEnum = 0
+ KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 KasPublicKeyAlgEnum = 1
+ KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 KasPublicKeyAlgEnum = 2
+ KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 KasPublicKeyAlgEnum = 5
+ KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 KasPublicKeyAlgEnum = 6
+ KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 KasPublicKeyAlgEnum = 7
+ KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING KasPublicKeyAlgEnum = 10
+ KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 KasPublicKeyAlgEnum = 11
+ KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 KasPublicKeyAlgEnum = 12
)
// Enum value maps for KasPublicKeyAlgEnum.
var (
KasPublicKeyAlgEnum_name = map[int32]string{
- 0: "KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED",
- 1: "KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048",
- 2: "KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096",
- 5: "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1",
- 6: "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1",
- 7: "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1",
+ 0: "KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED",
+ 1: "KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048",
+ 2: "KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096",
+ 5: "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1",
+ 6: "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1",
+ 7: "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1",
+ 10: "KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING",
+ 11: "KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768",
+ 12: "KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024",
}
KasPublicKeyAlgEnum_value = map[string]int32{
- "KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED": 0,
- "KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048": 1,
- "KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096": 2,
- "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1": 5,
- "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1": 6,
- "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1": 7,
+ "KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED": 0,
+ "KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048": 1,
+ "KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096": 2,
+ "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1": 5,
+ "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1": 6,
+ "KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1": 7,
+ "KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING": 10,
+ "KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768": 11,
+ "KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024": 12,
}
)
@@ -296,12 +305,15 @@ func (KasPublicKeyAlgEnum) EnumDescriptor() ([]byte, []int) {
type Algorithm int32
const (
- Algorithm_ALGORITHM_UNSPECIFIED Algorithm = 0
- Algorithm_ALGORITHM_RSA_2048 Algorithm = 1
- Algorithm_ALGORITHM_RSA_4096 Algorithm = 2
- Algorithm_ALGORITHM_EC_P256 Algorithm = 3
- Algorithm_ALGORITHM_EC_P384 Algorithm = 4
- Algorithm_ALGORITHM_EC_P521 Algorithm = 5
+ Algorithm_ALGORITHM_UNSPECIFIED Algorithm = 0
+ Algorithm_ALGORITHM_RSA_2048 Algorithm = 1
+ Algorithm_ALGORITHM_RSA_4096 Algorithm = 2
+ Algorithm_ALGORITHM_EC_P256 Algorithm = 3
+ Algorithm_ALGORITHM_EC_P384 Algorithm = 4
+ Algorithm_ALGORITHM_EC_P521 Algorithm = 5
+ Algorithm_ALGORITHM_HPQT_XWING Algorithm = 6
+ Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768 Algorithm = 7
+ Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024 Algorithm = 8
)
// Enum value maps for Algorithm.
@@ -313,14 +325,20 @@ var (
3: "ALGORITHM_EC_P256",
4: "ALGORITHM_EC_P384",
5: "ALGORITHM_EC_P521",
+ 6: "ALGORITHM_HPQT_XWING",
+ 7: "ALGORITHM_HPQT_SECP256R1_MLKEM768",
+ 8: "ALGORITHM_HPQT_SECP384R1_MLKEM1024",
}
Algorithm_value = map[string]int32{
- "ALGORITHM_UNSPECIFIED": 0,
- "ALGORITHM_RSA_2048": 1,
- "ALGORITHM_RSA_4096": 2,
- "ALGORITHM_EC_P256": 3,
- "ALGORITHM_EC_P384": 4,
- "ALGORITHM_EC_P521": 5,
+ "ALGORITHM_UNSPECIFIED": 0,
+ "ALGORITHM_RSA_2048": 1,
+ "ALGORITHM_RSA_4096": 2,
+ "ALGORITHM_EC_P256": 3,
+ "ALGORITHM_EC_P384": 4,
+ "ALGORITHM_EC_P521": 5,
+ "ALGORITHM_HPQT_XWING": 6,
+ "ALGORITHM_HPQT_SECP256R1_MLKEM768": 7,
+ "ALGORITHM_HPQT_SECP384R1_MLKEM1024": 8,
}
)
@@ -3697,7 +3715,7 @@ var file_policy_objects_proto_rawDesc = []byte{
0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x45,
0x52, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45,
0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x02,
- 0x2a, 0x88, 0x02, 0x0a, 0x13, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65,
+ 0x2a, 0x9b, 0x03, 0x0a, 0x13, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65,
0x79, 0x41, 0x6c, 0x67, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x27, 0x0a, 0x23, 0x4b, 0x41, 0x53, 0x5f,
0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45,
0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
@@ -3713,41 +3731,57 @@ var file_policy_objects_proto_rawDesc = []byte{
0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x10,
0x06, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f,
0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f,
- 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x10, 0x07, 0x2a, 0x9b, 0x01, 0x0a, 0x09,
- 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x19, 0x0a, 0x15, 0x41, 0x4c, 0x47,
- 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
- 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48,
- 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12,
- 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30,
- 0x39, 0x36, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48,
- 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x41,
- 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x33, 0x38, 0x34,
- 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f,
- 0x45, 0x43, 0x5f, 0x50, 0x35, 0x32, 0x31, 0x10, 0x05, 0x2a, 0x56, 0x0a, 0x09, 0x4b, 0x65, 0x79,
- 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54,
- 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
- 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53,
- 0x5f, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x45, 0x59,
- 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x4f, 0x54, 0x41, 0x54, 0x45, 0x44, 0x10,
- 0x02, 0x2a, 0x94, 0x01, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a,
- 0x14, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
- 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45, 0x59, 0x5f, 0x4d,
- 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f,
- 0x4b, 0x45, 0x59, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44,
- 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f,
- 0x4b, 0x45, 0x59, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44,
- 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45,
- 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45,
- 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x04, 0x42, 0x82, 0x01, 0x0a, 0x0a, 0x63, 0x6f, 0x6d,
- 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x0c, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73,
- 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
- 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74,
- 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f,
- 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x06,
- 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xca, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xe2,
- 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
- 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x62, 0x06, 0x70,
- 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x10, 0x07, 0x12, 0x26, 0x0a, 0x22, 0x4b,
+ 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c,
+ 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x58, 0x57, 0x49, 0x4e,
+ 0x47, 0x10, 0x0a, 0x12, 0x33, 0x0a, 0x2f, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49,
+ 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48,
+ 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x5f, 0x4d, 0x4c,
+ 0x4b, 0x45, 0x4d, 0x37, 0x36, 0x38, 0x10, 0x0b, 0x12, 0x34, 0x0a, 0x30, 0x4b, 0x41, 0x53, 0x5f,
+ 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45,
+ 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34,
+ 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x31, 0x30, 0x32, 0x34, 0x10, 0x0c, 0x2a, 0x84,
+ 0x02, 0x0a, 0x09, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x19, 0x0a, 0x15,
+ 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
+ 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52,
+ 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12,
+ 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41,
+ 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52,
+ 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x15,
+ 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50,
+ 0x33, 0x38, 0x34, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54,
+ 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x35, 0x32, 0x31, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14,
+ 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x58,
+ 0x57, 0x49, 0x4e, 0x47, 0x10, 0x06, 0x12, 0x25, 0x0a, 0x21, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49,
+ 0x54, 0x48, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36,
+ 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x37, 0x36, 0x38, 0x10, 0x07, 0x12, 0x26, 0x0a,
+ 0x22, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f,
+ 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x31,
+ 0x30, 0x32, 0x34, 0x10, 0x08, 0x2a, 0x56, 0x0a, 0x09, 0x4b, 0x65, 0x79, 0x53, 0x74, 0x61, 0x74,
+ 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53,
+ 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15,
+ 0x0a, 0x11, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x41, 0x43, 0x54,
+ 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41,
+ 0x54, 0x55, 0x53, 0x5f, 0x52, 0x4f, 0x54, 0x41, 0x54, 0x45, 0x44, 0x10, 0x02, 0x2a, 0x94, 0x01,
+ 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x45, 0x59,
+ 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
+ 0x44, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f,
+ 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x10,
+ 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x52,
+ 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x10,
+ 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52, 0x45,
+ 0x4d, 0x4f, 0x54, 0x45, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f,
+ 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e,
+ 0x4c, 0x59, 0x10, 0x04, 0x42, 0x82, 0x01, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c,
+ 0x69, 0x63, 0x79, 0x42, 0x0c, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x74,
+ 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+ 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d,
+ 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c,
+ 0x69, 0x63, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0xca, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xe2, 0x02, 0x12, 0x50, 0x6f,
+ 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+ 0xea, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+ 0x33,
}
var (
diff --git a/sdk/basekey.go b/sdk/basekey.go
index 5f3cc12004..45a2634ac5 100644
--- a/sdk/basekey.go
+++ b/sdk/basekey.go
@@ -33,6 +33,12 @@ func getKasKeyAlg(alg string) policy.Algorithm {
return policy.Algorithm_ALGORITHM_EC_P384
case string(ocrypto.EC521Key):
return policy.Algorithm_ALGORITHM_EC_P521
+ case string(ocrypto.HybridXWingKey):
+ return policy.Algorithm_ALGORITHM_HPQT_XWING
+ case string(ocrypto.HybridSecp256r1MLKEM768Key):
+ return policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768
+ case string(ocrypto.HybridSecp384r1MLKEM1024Key):
+ return policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024
default:
return policy.Algorithm_ALGORITHM_UNSPECIFIED
}
@@ -51,6 +57,12 @@ func formatAlg(alg policy.Algorithm) (string, error) {
return string(ocrypto.EC384Key), nil
case policy.Algorithm_ALGORITHM_EC_P521:
return string(ocrypto.EC521Key), nil
+ case policy.Algorithm_ALGORITHM_HPQT_XWING:
+ return string(ocrypto.HybridXWingKey), nil
+ case policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768:
+ return string(ocrypto.HybridSecp256r1MLKEM768Key), nil
+ case policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024:
+ return string(ocrypto.HybridSecp384r1MLKEM1024Key), nil
case policy.Algorithm_ALGORITHM_UNSPECIFIED:
fallthrough
default:
diff --git a/sdk/basekey_test.go b/sdk/basekey_test.go
index ea0210bdf0..1bd0c17fb3 100644
--- a/sdk/basekey_test.go
+++ b/sdk/basekey_test.go
@@ -93,6 +93,21 @@ func TestGetKasKeyAlg(t *testing.T) {
algStr: string(ocrypto.EC521Key),
expected: policy.Algorithm_ALGORITHM_EC_P521,
},
+ {
+ name: "hybrid xwing",
+ algStr: string(ocrypto.HybridXWingKey),
+ expected: policy.Algorithm_ALGORITHM_HPQT_XWING,
+ },
+ {
+ name: "hybrid secp256r1 mlkem768",
+ algStr: string(ocrypto.HybridSecp256r1MLKEM768Key),
+ expected: policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768,
+ },
+ {
+ name: "hybrid secp384r1 mlkem1024",
+ algStr: string(ocrypto.HybridSecp384r1MLKEM1024Key),
+ expected: policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024,
+ },
{
name: "unsupported algorithm",
algStr: "unsupported",
@@ -150,6 +165,24 @@ func TestFormatAlg(t *testing.T) {
expected: string(ocrypto.EC521Key), // Note: This matches the implementation
expectError: false,
},
+ {
+ name: "Hybrid X-Wing",
+ alg: policy.Algorithm_ALGORITHM_HPQT_XWING,
+ expected: string(ocrypto.HybridXWingKey),
+ expectError: false,
+ },
+ {
+ name: "Hybrid SecP256r1 ML-KEM-768",
+ alg: policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768,
+ expected: string(ocrypto.HybridSecp256r1MLKEM768Key),
+ expectError: false,
+ },
+ {
+ name: "Hybrid SecP384r1 ML-KEM-1024",
+ alg: policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024,
+ expected: string(ocrypto.HybridSecp384r1MLKEM1024Key),
+ expectError: false,
+ },
{
name: "Unspecified algorithm",
alg: policy.Algorithm_ALGORITHM_UNSPECIFIED,
@@ -324,6 +357,9 @@ func TestFormatAlg_GetKasKeyAlg_RoundTrip(t *testing.T) {
{"EC-P256", policy.Algorithm_ALGORITHM_EC_P256},
{"EC-P384", policy.Algorithm_ALGORITHM_EC_P384},
{"EC-P521", policy.Algorithm_ALGORITHM_EC_P521},
+ {"HPQT-XWing", policy.Algorithm_ALGORITHM_HPQT_XWING},
+ {"HPQT-SecP256r1-MLKEM768", policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768},
+ {"HPQT-SecP384r1-MLKEM1024", policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024},
}
for _, tc := range supportedAlgs {
diff --git a/sdk/experimental/tdf/key_access.go b/sdk/experimental/tdf/key_access.go
index 6e97701ad5..a1462234fd 100644
--- a/sdk/experimental/tdf/key_access.go
+++ b/sdk/experimental/tdf/key_access.go
@@ -165,6 +165,9 @@ func wrapKeyWithPublicKey(symKey []byte, pubKeyInfo keysplit.KASPublicKey) (stri
// Determine key type based on algorithm
ktype := ocrypto.KeyType(pubKeyInfo.Algorithm)
+ if ocrypto.IsHybridKeyType(ktype) {
+ return wrapKeyWithHybrid(pubKeyInfo.Algorithm, pubKeyInfo.PEM, symKey)
+ }
if ocrypto.IsECKeyType(ktype) {
// Handle EC key wrapping
return wrapKeyWithEC(ktype, pubKeyInfo.PEM, symKey)
@@ -245,3 +248,38 @@ func wrapKeyWithRSA(kasPublicKeyPEM string, symKey []byte) (string, error) {
return string(ocrypto.Base64Encode(encryptedKey)), nil
}
+
+func wrapKeyWithHybrid(alg, kasPublicKeyPEM string, symKey []byte) (string, string, string, error) {
+ var (
+ wrappedKey []byte
+ err error
+ )
+
+ switch ocrypto.KeyType(alg) { //nolint:exhaustive // only hybrid key types are supported here
+ case ocrypto.HybridXWingKey:
+ publicKey, parseErr := ocrypto.XWingPubKeyFromPem([]byte(kasPublicKeyPEM))
+ if parseErr != nil {
+ return "", "", "", fmt.Errorf("failed to parse X-Wing public key: %w", parseErr)
+ }
+ wrappedKey, err = ocrypto.XWingWrapDEK(publicKey, symKey)
+ case ocrypto.HybridSecp256r1MLKEM768Key:
+ publicKey, parseErr := ocrypto.P256MLKEM768PubKeyFromPem([]byte(kasPublicKeyPEM))
+ if parseErr != nil {
+ return "", "", "", fmt.Errorf("failed to parse SecP256r1/ML-KEM-768 public key: %w", parseErr)
+ }
+ wrappedKey, err = ocrypto.P256MLKEM768WrapDEK(publicKey, symKey)
+ case ocrypto.HybridSecp384r1MLKEM1024Key:
+ publicKey, parseErr := ocrypto.P384MLKEM1024PubKeyFromPem([]byte(kasPublicKeyPEM))
+ if parseErr != nil {
+ return "", "", "", fmt.Errorf("failed to parse SecP384r1/ML-KEM-1024 public key: %w", parseErr)
+ }
+ wrappedKey, err = ocrypto.P384MLKEM1024WrapDEK(publicKey, symKey)
+ default:
+ return "", "", "", fmt.Errorf("unsupported hybrid algorithm: %s", alg)
+ }
+ if err != nil {
+ return "", "", "", fmt.Errorf("failed to hybrid wrap key: %w", err)
+ }
+
+ return string(ocrypto.Base64Encode(wrappedKey)), "hybrid-wrapped", "", nil
+}
diff --git a/sdk/experimental/tdf/key_access_test.go b/sdk/experimental/tdf/key_access_test.go
index 9dac3ca3b6..adfd40bf8f 100644
--- a/sdk/experimental/tdf/key_access_test.go
+++ b/sdk/experimental/tdf/key_access_test.go
@@ -35,7 +35,7 @@ SQIDAQAB
)
// createTestSplitResult creates a mock SplitResult for testing key access operations
-func createTestSplitResult(kasURL, pubKey string, algorithm string) *keysplit.SplitResult {
+func createTestSplitResult(pubKey string, algorithm string) *keysplit.SplitResult {
// Generate random split data
splitData := make([]byte, 32)
_, err := rand.Read(splitData)
@@ -46,11 +46,11 @@ func createTestSplitResult(kasURL, pubKey string, algorithm string) *keysplit.Sp
split := keysplit.Split{
ID: "test-split-1",
Data: splitData,
- KASURLs: []string{kasURL},
+ KASURLs: []string{testKAS1URL},
}
pubKeyInfo := keysplit.KASPublicKey{
- URL: kasURL,
+ URL: testKAS1URL,
Algorithm: algorithm,
KID: "test-kid-1",
PEM: pubKey,
@@ -58,14 +58,14 @@ func createTestSplitResult(kasURL, pubKey string, algorithm string) *keysplit.Sp
return &keysplit.SplitResult{
Splits: []keysplit.Split{split},
- KASPublicKeys: map[string]keysplit.KASPublicKey{kasURL: pubKeyInfo},
+ KASPublicKeys: map[string]keysplit.KASPublicKey{testKAS1URL: pubKeyInfo},
}
}
func TestBuildKeyAccessObjects(t *testing.T) {
t.Run("successfully creates key access objects with RSA public key", func(t *testing.T) {
// Test that buildKeyAccessObjects correctly processes RSA keys and creates valid KeyAccess objects
- splitResult := createTestSplitResult(testKAS1URL, testRSAPublicKey, "rsa:2048")
+ splitResult := createTestSplitResult(testRSAPublicKey, "rsa:2048")
policyBytes := []byte(testPolicyJSON)
metadata := testMetadata
@@ -96,7 +96,7 @@ func TestBuildKeyAccessObjects(t *testing.T) {
ecPublicKeyPEM, err := ecKeyPair.PublicKeyInPemFormat()
require.NoError(t, err, "Should get public key in PEM format")
- splitResult := createTestSplitResult(testKAS1URL, ecPublicKeyPEM, "ec:secp256r1")
+ splitResult := createTestSplitResult(ecPublicKeyPEM, "ec:secp256r1")
policyBytes := []byte(testPolicyJSON)
metadata := testMetadata
@@ -112,6 +112,55 @@ func TestBuildKeyAccessObjects(t *testing.T) {
assert.NotEmpty(t, keyAccess.WrappedKey, "Should contain wrapped key data")
})
+ for _, tc := range []struct {
+ name string
+ algorithm string
+ newKeyPair func() (ocrypto.KeyPair, error)
+ }{
+ {
+ name: "X-Wing",
+ algorithm: string(ocrypto.HybridXWingKey),
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewXWingKeyPair()
+ },
+ },
+ {
+ name: "SecP256r1-MLKEM768",
+ algorithm: string(ocrypto.HybridSecp256r1MLKEM768Key),
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewP256MLKEM768KeyPair()
+ },
+ },
+ {
+ name: "SecP384r1-MLKEM1024",
+ algorithm: string(ocrypto.HybridSecp384r1MLKEM1024Key),
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewP384MLKEM1024KeyPair()
+ },
+ },
+ } {
+ t.Run("successfully creates key access objects with hybrid public key "+tc.name, func(t *testing.T) {
+ keyPair, err := tc.newKeyPair()
+ require.NoError(t, err)
+
+ publicKeyPEM, err := keyPair.PublicKeyInPemFormat()
+ require.NoError(t, err)
+
+ splitResult := createTestSplitResult(publicKeyPEM, tc.algorithm)
+ policyBytes := []byte(testPolicyJSON)
+
+ keyAccessList, err := buildKeyAccessObjects(splitResult, policyBytes, testMetadata)
+
+ require.NoError(t, err, "Should successfully create key access objects with valid hybrid key")
+ require.Len(t, keyAccessList, 1)
+
+ keyAccess := keyAccessList[0]
+ assert.Equal(t, "hybrid-wrapped", keyAccess.KeyType)
+ assert.NotEmpty(t, keyAccess.WrappedKey)
+ assert.Empty(t, keyAccess.EphemeralPublicKey)
+ })
+ }
+
t.Run("handles multiple KAS URLs in single split", func(t *testing.T) {
// Test that multiple KAS URLs in one split create separate KeyAccess objects
splitData := make([]byte, 32)
@@ -172,7 +221,7 @@ func TestBuildKeyAccessObjects(t *testing.T) {
t.Run("handles empty metadata correctly", func(t *testing.T) {
// Test that empty metadata is handled without creating encrypted metadata
- splitResult := createTestSplitResult(testKAS1URL, testRSAPublicKey, "rsa:2048")
+ splitResult := createTestSplitResult(testRSAPublicKey, "rsa:2048")
keyAccessList, err := buildKeyAccessObjects(splitResult, []byte(testPolicyJSON), "")
@@ -424,6 +473,72 @@ func TestWrapKeyWithPublicKey(t *testing.T) {
"Ephemeral key should end with PEM footer")
})
+ for _, tc := range []struct {
+ name string
+ algorithm string
+ newKeyPair func() (ocrypto.KeyPair, error)
+ }{
+ {
+ name: "X-Wing",
+ algorithm: string(ocrypto.HybridXWingKey),
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewXWingKeyPair()
+ },
+ },
+ {
+ name: "SecP256r1-MLKEM768",
+ algorithm: string(ocrypto.HybridSecp256r1MLKEM768Key),
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewP256MLKEM768KeyPair()
+ },
+ },
+ {
+ name: "SecP384r1-MLKEM1024",
+ algorithm: string(ocrypto.HybridSecp384r1MLKEM1024Key),
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewP384MLKEM1024KeyPair()
+ },
+ },
+ } {
+ t.Run("wraps key with hybrid public key "+tc.name, func(t *testing.T) {
+ symKey := make([]byte, 32)
+ _, err := rand.Read(symKey)
+ require.NoError(t, err)
+
+ keyPair, err := tc.newKeyPair()
+ require.NoError(t, err)
+
+ publicKeyPEM, err := keyPair.PublicKeyInPemFormat()
+ require.NoError(t, err)
+
+ pubKeyInfo := keysplit.KASPublicKey{
+ URL: testKAS1URL,
+ Algorithm: tc.algorithm,
+ KID: "test-kid",
+ PEM: publicKeyPEM,
+ }
+
+ wrappedKey, keyType, ephemeralPubKey, err := wrapKeyWithPublicKey(symKey, pubKeyInfo)
+
+ require.NoError(t, err, "Should wrap key with hybrid public key")
+ assert.NotEmpty(t, wrappedKey)
+ assert.Equal(t, "hybrid-wrapped", keyType)
+ assert.Empty(t, ephemeralPubKey)
+
+ decodedWrappedKey, err := ocrypto.Base64Decode([]byte(wrappedKey))
+ require.NoError(t, err)
+
+ privateKeyPEM, err := keyPair.PrivateKeyInPemFormat()
+ require.NoError(t, err)
+ decryptor, err := ocrypto.FromPrivatePEM(privateKeyPEM)
+ require.NoError(t, err)
+
+ plaintext, err := decryptor.Decrypt(decodedWrappedKey)
+ require.NoError(t, err)
+ assert.Equal(t, symKey, plaintext)
+ })
+ }
+
t.Run("returns error for empty PEM", func(t *testing.T) {
// Test error handling for missing public key PEM
symKey := make([]byte, 32)
diff --git a/sdk/experimental/tdf/keysplit/attributes.go b/sdk/experimental/tdf/keysplit/attributes.go
index e12d838e97..a74b1882ba 100644
--- a/sdk/experimental/tdf/keysplit/attributes.go
+++ b/sdk/experimental/tdf/keysplit/attributes.go
@@ -199,6 +199,12 @@ func formatAlgorithm(alg policy.Algorithm) string {
return "rsa:2048"
case policy.Algorithm_ALGORITHM_RSA_4096:
return "rsa:4096"
+ case policy.Algorithm_ALGORITHM_HPQT_XWING:
+ return "hpqt:xwing"
+ case policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768:
+ return "hpqt:secp256r1-mlkem768"
+ case policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024:
+ return "hpqt:secp384r1-mlkem1024"
default:
return unknownAlgorithm
}
@@ -217,6 +223,12 @@ func convertAlgEnum2Simple(a policy.KasPublicKeyAlgEnum) policy.Algorithm {
return policy.Algorithm_ALGORITHM_RSA_2048
case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096:
return policy.Algorithm_ALGORITHM_RSA_4096
+ case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING:
+ return policy.Algorithm_ALGORITHM_HPQT_XWING
+ case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768:
+ return policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768
+ case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024:
+ return policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024
case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED:
return policy.Algorithm_ALGORITHM_UNSPECIFIED
default:
diff --git a/sdk/experimental/tdf/keysplit/attributes_test.go b/sdk/experimental/tdf/keysplit/attributes_test.go
index 4ed96d38a2..8189636d93 100644
--- a/sdk/experimental/tdf/keysplit/attributes_test.go
+++ b/sdk/experimental/tdf/keysplit/attributes_test.go
@@ -46,6 +46,21 @@ func TestFormatAlgorithm(t *testing.T) {
alg: policy.Algorithm_ALGORITHM_RSA_4096,
expected: "rsa:4096",
},
+ {
+ name: "HPQT X-Wing",
+ alg: policy.Algorithm_ALGORITHM_HPQT_XWING,
+ expected: "hpqt:xwing",
+ },
+ {
+ name: "HPQT SecP256r1 ML-KEM-768",
+ alg: policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768,
+ expected: "hpqt:secp256r1-mlkem768",
+ },
+ {
+ name: "HPQT SecP384r1 ML-KEM-1024",
+ alg: policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024,
+ expected: "hpqt:secp384r1-mlkem1024",
+ },
{
name: "unknown algorithm value",
alg: policy.Algorithm(999),
@@ -97,6 +112,21 @@ func TestConvertAlgEnum2Simple(t *testing.T) {
algEnum: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096,
expected: policy.Algorithm_ALGORITHM_RSA_4096,
},
+ {
+ name: "HPQT X-Wing",
+ algEnum: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING,
+ expected: policy.Algorithm_ALGORITHM_HPQT_XWING,
+ },
+ {
+ name: "HPQT SecP256r1 ML-KEM-768",
+ algEnum: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768,
+ expected: policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768,
+ },
+ {
+ name: "HPQT SecP384r1 ML-KEM-1024",
+ algEnum: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024,
+ expected: policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024,
+ },
{
name: "unknown enum value",
algEnum: policy.KasPublicKeyAlgEnum(999),
diff --git a/sdk/granter.go b/sdk/granter.go
index 8275a04f42..251be7a323 100644
--- a/sdk/granter.go
+++ b/sdk/granter.go
@@ -286,6 +286,12 @@ func convertAlgEnum2Simple(a policy.KasPublicKeyAlgEnum) policy.Algorithm {
return policy.Algorithm_ALGORITHM_RSA_2048
case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096:
return policy.Algorithm_ALGORITHM_RSA_4096
+ case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING:
+ return policy.Algorithm_ALGORITHM_HPQT_XWING
+ case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768:
+ return policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768
+ case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024:
+ return policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024
case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED:
return policy.Algorithm_ALGORITHM_UNSPECIFIED
default:
@@ -306,6 +312,12 @@ func convertStringToAlgorithm(alg string) policy.Algorithm {
return policy.Algorithm_ALGORITHM_RSA_2048
case ocrypto.RSA4096Key:
return policy.Algorithm_ALGORITHM_RSA_4096
+ case ocrypto.HybridXWingKey:
+ return policy.Algorithm_ALGORITHM_HPQT_XWING
+ case ocrypto.HybridSecp256r1MLKEM768Key:
+ return policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768
+ case ocrypto.HybridSecp384r1MLKEM1024Key:
+ return policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024
default:
return policy.Algorithm_ALGORITHM_UNSPECIFIED
}
@@ -490,6 +502,12 @@ func algProto2String(e policy.KasPublicKeyAlgEnum) string {
return string(ocrypto.RSA2048Key)
case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096:
return string(ocrypto.RSA4096Key)
+ case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING:
+ return string(ocrypto.HybridXWingKey)
+ case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768:
+ return string(ocrypto.HybridSecp256r1MLKEM768Key)
+ case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024:
+ return string(ocrypto.HybridSecp384r1MLKEM1024Key)
case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED:
return ""
}
@@ -508,6 +526,12 @@ func algProto2OcryptoKeyType(e policy.Algorithm) ocrypto.KeyType {
return ocrypto.RSA2048Key
case policy.Algorithm_ALGORITHM_RSA_4096:
return ocrypto.RSA4096Key
+ case policy.Algorithm_ALGORITHM_HPQT_XWING:
+ return ocrypto.HybridXWingKey
+ case policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768:
+ return ocrypto.HybridSecp256r1MLKEM768Key
+ case policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024:
+ return ocrypto.HybridSecp384r1MLKEM1024Key
case policy.Algorithm_ALGORITHM_UNSPECIFIED:
return ocrypto.KeyType("")
default:
diff --git a/sdk/schema/manifest-lax.schema.json b/sdk/schema/manifest-lax.schema.json
index a31abd75fb..eb605f0e91 100644
--- a/sdk/schema/manifest-lax.schema.json
+++ b/sdk/schema/manifest-lax.schema.json
@@ -52,7 +52,7 @@
"type": {
"description": "The type of key access object.",
"type": "string",
- "enum": ["wrapped", "remote"]
+ "enum": ["wrapped", "hybrid-wrapped", "remote"]
},
"url": {
"description": "A fully qualified URL pointing to a key access service responsible for managing access to the encryption keys.",
diff --git a/sdk/schema/manifest.schema.json b/sdk/schema/manifest.schema.json
index 6488623fa2..8a0e47ac94 100644
--- a/sdk/schema/manifest.schema.json
+++ b/sdk/schema/manifest.schema.json
@@ -52,7 +52,7 @@
"type": {
"description": "The type of key access object.",
"type": "string",
- "enum": ["ec-wrapped", "remote", "wrapped"]
+ "enum": ["ec-wrapped", "hybrid-wrapped", "remote", "wrapped"]
},
"url": {
"description": "A fully qualified URL pointing to a key access service responsible for managing access to the encryption keys.",
@@ -239,4 +239,4 @@
}
},
"required": ["payload", "encryptionInformation"]
- }
\ No newline at end of file
+ }
diff --git a/sdk/tdf.go b/sdk/tdf.go
index dbfdedabf3..0c980840ca 100644
--- a/sdk/tdf.go
+++ b/sdk/tdf.go
@@ -43,6 +43,7 @@ const (
kKeySize = 32
kWrapped = "wrapped"
kECWrapped = "ec-wrapped"
+ kHybridWrapped = "hybrid-wrapped"
kKasProtocol = "kas"
kSplitKeyType = "split"
kGCMCipherAlgorithm = "AES-256-GCM"
@@ -674,7 +675,15 @@ func createKeyAccess(kasInfo KASInfo, symKey []byte, policyBinding PolicyBinding
}
ktype := ocrypto.KeyType(kasInfo.Algorithm)
- if ocrypto.IsECKeyType(ktype) {
+ switch {
+ case ocrypto.IsHybridKeyType(ktype):
+ wrappedKey, err := generateWrapKeyWithHybrid(kasInfo.Algorithm, kasInfo.PublicKey, symKey)
+ if err != nil {
+ return KeyAccess{}, err
+ }
+ keyAccess.KeyType = kHybridWrapped
+ keyAccess.WrappedKey = wrappedKey
+ case ocrypto.IsECKeyType(ktype):
mode, err := ocrypto.ECKeyTypeToMode(ktype)
if err != nil {
return KeyAccess{}, err
@@ -686,7 +695,7 @@ func createKeyAccess(kasInfo KASInfo, symKey []byte, policyBinding PolicyBinding
keyAccess.KeyType = kECWrapped
keyAccess.WrappedKey = wrappedKeyInfo.wrappedKey
keyAccess.EphemeralPublicKey = wrappedKeyInfo.publicKey
- } else {
+ default:
wrappedKey, err := generateWrapKeyWithRSA(kasInfo.PublicKey, symKey)
if err != nil {
return KeyAccess{}, err
@@ -761,6 +770,41 @@ func generateWrapKeyWithRSA(publicKey string, symKey []byte) (string, error) {
return string(ocrypto.Base64Encode(wrappedKey)), nil
}
+func generateWrapKeyWithHybrid(alg, publicKeyPEM string, symKey []byte) (string, error) {
+ var (
+ wrappedKey []byte
+ err error
+ )
+
+ switch ocrypto.KeyType(alg) { //nolint:exhaustive // only hybrid key types are supported here
+ case ocrypto.HybridXWingKey:
+ publicKey, parseErr := ocrypto.XWingPubKeyFromPem([]byte(publicKeyPEM))
+ if parseErr != nil {
+ return "", fmt.Errorf("generateWrapKeyWithHybrid: ocrypto.XWingPubKeyFromPem failed: %w", parseErr)
+ }
+ wrappedKey, err = ocrypto.XWingWrapDEK(publicKey, symKey)
+ case ocrypto.HybridSecp256r1MLKEM768Key:
+ publicKey, parseErr := ocrypto.P256MLKEM768PubKeyFromPem([]byte(publicKeyPEM))
+ if parseErr != nil {
+ return "", fmt.Errorf("generateWrapKeyWithHybrid: ocrypto.P256MLKEM768PubKeyFromPem failed: %w", parseErr)
+ }
+ wrappedKey, err = ocrypto.P256MLKEM768WrapDEK(publicKey, symKey)
+ case ocrypto.HybridSecp384r1MLKEM1024Key:
+ publicKey, parseErr := ocrypto.P384MLKEM1024PubKeyFromPem([]byte(publicKeyPEM))
+ if parseErr != nil {
+ return "", fmt.Errorf("generateWrapKeyWithHybrid: ocrypto.P384MLKEM1024PubKeyFromPem failed: %w", parseErr)
+ }
+ wrappedKey, err = ocrypto.P384MLKEM1024WrapDEK(publicKey, symKey)
+ default:
+ return "", fmt.Errorf("generateWrapKeyWithHybrid: unsupported hybrid algorithm: %s", alg)
+ }
+ if err != nil {
+ return "", fmt.Errorf("generateWrapKeyWithHybrid: hybrid wrap failed: %w", err)
+ }
+
+ return string(ocrypto.Base64Encode(wrappedKey)), nil
+}
+
// create policy object
func createPolicyObject(attributes []AttributeValueFQN) (PolicyObject, error) {
uuidObj, err := uuid.NewUUID()
diff --git a/sdk/tdf_hybrid_test.go b/sdk/tdf_hybrid_test.go
new file mode 100644
index 0000000000..10130f76da
--- /dev/null
+++ b/sdk/tdf_hybrid_test.go
@@ -0,0 +1,79 @@
+package sdk
+
+import (
+ "testing"
+
+ "github.com/opentdf/platform/lib/ocrypto"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestCreateKeyAccessWithHybridKey(t *testing.T) {
+ testCases := []struct {
+ name string
+ kid string
+ algorithm string
+ newKeyPair func() (ocrypto.KeyPair, error)
+ }{
+ {
+ name: "X-Wing",
+ kid: "xwing-kid",
+ algorithm: string(ocrypto.HybridXWingKey),
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewXWingKeyPair()
+ },
+ },
+ {
+ name: "SecP256r1-MLKEM768",
+ kid: "p256-mlkem768-kid",
+ algorithm: string(ocrypto.HybridSecp256r1MLKEM768Key),
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewP256MLKEM768KeyPair()
+ },
+ },
+ {
+ name: "SecP384r1-MLKEM1024",
+ kid: "p384-mlkem1024-kid",
+ algorithm: string(ocrypto.HybridSecp384r1MLKEM1024Key),
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewP384MLKEM1024KeyPair()
+ },
+ },
+ }
+
+ for _, tc := range testCases {
+ t.Run(tc.name, func(t *testing.T) {
+ keyPair, err := tc.newKeyPair()
+ require.NoError(t, err)
+
+ publicKeyPEM, err := keyPair.PublicKeyInPemFormat()
+ require.NoError(t, err)
+
+ privateKeyPEM, err := keyPair.PrivateKeyInPemFormat()
+ require.NoError(t, err)
+
+ symKey := []byte("0123456789abcdef0123456789abcdef")
+ keyAccess, err := createKeyAccess(KASInfo{
+ URL: "https://kas.example.com",
+ KID: tc.kid,
+ Algorithm: tc.algorithm,
+ PublicKey: publicKeyPEM,
+ }, symKey, PolicyBinding{}, "", "")
+ require.NoError(t, err)
+
+ assert.Equal(t, kHybridWrapped, keyAccess.KeyType)
+ assert.Empty(t, keyAccess.EphemeralPublicKey)
+ assert.NotEmpty(t, keyAccess.WrappedKey)
+
+ decryptor, err := ocrypto.FromPrivatePEM(privateKeyPEM)
+ require.NoError(t, err)
+
+ wrappedKey, err := ocrypto.Base64Decode([]byte(keyAccess.WrappedKey))
+ require.NoError(t, err)
+
+ plaintext, err := decryptor.Decrypt(wrappedKey)
+ require.NoError(t, err)
+ assert.Equal(t, symKey, plaintext)
+ })
+ }
+}
diff --git a/sdk/tdf_test.go b/sdk/tdf_test.go
index b1d5c0acf3..e46148adb3 100644
--- a/sdk/tdf_test.go
+++ b/sdk/tdf_test.go
@@ -2913,6 +2913,25 @@ func (f *FakeKas) getRewrapResponse(rewrapRequest string, fulfillableObligations
entityWrappedKey, err = asymEncrypt.Encrypt(symmetricKey)
f.s.Require().NoError(err, "ocrypto.AsymEncryption.encrypt failed")
+ case "hybrid-wrapped":
+ kasPrivateKey := strings.ReplaceAll(f.privateKey, "\n\t", "\n")
+ if kao.GetKid() != "" && kao.GetKid() != f.KID {
+ lk, ok := f.legakeys[kaoReq.GetKeyAccessObject().GetKid()]
+ f.s.Require().True(ok, "unable to find key [%s]", kao.GetKid())
+ kasPrivateKey = strings.ReplaceAll(lk.private, "\n\t", "\n")
+ }
+
+ asymDecrypt, err := ocrypto.FromPrivatePEM(kasPrivateKey)
+ f.s.Require().NoError(err, "failed to create hybrid decryptor")
+
+ symmetricKey, err := asymDecrypt.Decrypt(wrappedKey)
+ f.s.Require().NoError(err, "failed to unwrap hybrid wrapped key")
+
+ asymEncrypt, err := ocrypto.FromPublicPEM(bodyData.GetClientPublicKey())
+ f.s.Require().NoError(err, "ocrypto.FromPublicPEM failed")
+ entityWrappedKey, err = asymEncrypt.Encrypt(symmetricKey)
+ f.s.Require().NoError(err, "ocrypto.encrypt failed")
+
case "wrapped":
kasPrivateKey := strings.ReplaceAll(f.privateKey, "\n\t", "\n")
if kao.GetKid() != "" && kao.GetKid() != f.KID {
diff --git a/service/internal/security/basic_manager.go b/service/internal/security/basic_manager.go
index 6197e50eb3..360bd96700 100644
--- a/service/internal/security/basic_manager.go
+++ b/service/internal/security/basic_manager.go
@@ -97,6 +97,20 @@ func (b *BasicManager) Decrypt(ctx context.Context, keyDetails trust.KeyDetails,
return nil, fmt.Errorf("failed to create protected key: %w", err)
}
return protectedKey, nil
+ case ocrypto.HybridXWingKey, ocrypto.HybridSecp256r1MLKEM768Key, ocrypto.HybridSecp384r1MLKEM1024Key:
+ if len(ephemeralPublicKey) > 0 {
+ return nil, errors.New("ephemeral public key should not be provided for hybrid decryption")
+ }
+
+ plaintext, err := decrypter.Decrypt(ciphertext)
+ if err != nil {
+ return nil, fmt.Errorf("failed to decrypt with hybrid key: %w", err)
+ }
+ protectedKey, err := ocrypto.NewAESProtectedKey(plaintext)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create protected key: %w", err)
+ }
+ return protectedKey, nil
}
return nil, fmt.Errorf("unsupported algorithm: %s", keyDetails.Algorithm())
diff --git a/service/internal/security/basic_manager_test.go b/service/internal/security/basic_manager_test.go
index ad237c9662..a25579b237 100644
--- a/service/internal/security/basic_manager_test.go
+++ b/service/internal/security/basic_manager_test.go
@@ -455,6 +455,74 @@ func TestBasicManager_Decrypt(t *testing.T) {
})
}
+ for _, tc := range []struct {
+ name string
+ algorithm string
+ kid string
+ newKeyPair func() (ocrypto.KeyPair, error)
+ }{
+ {
+ name: "X-Wing",
+ algorithm: string(ocrypto.HybridXWingKey),
+ kid: "hybrid-kid-xwing",
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewXWingKeyPair()
+ },
+ },
+ {
+ name: "SecP256r1-MLKEM768",
+ algorithm: string(ocrypto.HybridSecp256r1MLKEM768Key),
+ kid: "hybrid-kid-p256",
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewP256MLKEM768KeyPair()
+ },
+ },
+ {
+ name: "SecP384r1-MLKEM1024",
+ algorithm: string(ocrypto.HybridSecp384r1MLKEM1024Key),
+ kid: "hybrid-kid-p384",
+ newKeyPair: func() (ocrypto.KeyPair, error) {
+ return ocrypto.NewP384MLKEM1024KeyPair()
+ },
+ },
+ } {
+ t.Run("successful hybrid decryption "+tc.name, func(t *testing.T) {
+ keyPair, err := tc.newKeyPair()
+ require.NoError(t, err)
+
+ privateKeyPEM, err := keyPair.PrivateKeyInPemFormat()
+ require.NoError(t, err)
+ publicKeyPEM, err := keyPair.PublicKeyInPemFormat()
+ require.NoError(t, err)
+
+ wrappedPrivateKeyStr, err := wrapKeyWithAESGCM([]byte(privateKeyPEM), rootKey)
+ require.NoError(t, err)
+
+ mockDetails := new(MockKeyDetails)
+ mockDetails.MID = tc.kid
+ mockDetails.MAlgorithm = tc.algorithm
+ mockDetails.MPrivateKey = &policy.PrivateKeyCtx{WrappedKey: wrappedPrivateKeyStr}
+
+ mockDetails.On("ID").Return(trust.KeyIdentifier(mockDetails.MID))
+ mockDetails.On("Algorithm").Return(mockDetails.MAlgorithm)
+ mockDetails.On("ExportPrivateKey").Return(&trust.PrivateKey{WrappingKeyID: trust.KeyIdentifier(mockDetails.MPrivateKey.GetKeyId()), WrappedKey: mockDetails.MPrivateKey.GetWrappedKey()}, nil)
+
+ hybridEncryptor, err := ocrypto.FromPublicPEM(publicKeyPEM)
+ require.NoError(t, err)
+ ciphertext, err := hybridEncryptor.Encrypt(samplePayload)
+ require.NoError(t, err)
+
+ protectedKey, err := bm.Decrypt(t.Context(), mockDetails, ciphertext, nil)
+ require.NoError(t, err)
+ require.NotNil(t, protectedKey)
+
+ noOpEnc := &noOpEncapsulator{}
+ decryptedPayload, err := noOpEnc.Encapsulate(protectedKey)
+ require.NoError(t, err)
+ assert.Equal(t, samplePayload, decryptedPayload)
+ })
+ }
+
t.Run("fail ExportPrivateKey", func(t *testing.T) {
mockDetails := new(MockKeyDetails)
mockDetails.On("ID").Return(trust.KeyIdentifier("fail-export"))
diff --git a/service/internal/security/crypto_provider.go b/service/internal/security/crypto_provider.go
index 24f0f3c2ea..92a61350d0 100644
--- a/service/internal/security/crypto_provider.go
+++ b/service/internal/security/crypto_provider.go
@@ -11,4 +11,9 @@ const (
// Used for encryption with RSA of the KAO
AlgorithmRSA2048 = "rsa:2048"
AlgorithmRSA4096 = "rsa:4096"
+
+ // Used for hybrid X-Wing wrapping of the KAO
+ AlgorithmHPQTXWing = "hpqt:xwing"
+ AlgorithmHPQTSecp256r1MLKEM768 = "hpqt:secp256r1-mlkem768"
+ AlgorithmHPQTSecp384r1MLKEM1024 = "hpqt:secp384r1-mlkem1024"
)
diff --git a/service/internal/security/in_process_provider.go b/service/internal/security/in_process_provider.go
index 67c86487aa..3f54d62c73 100644
--- a/service/internal/security/in_process_provider.go
+++ b/service/internal/security/in_process_provider.go
@@ -64,8 +64,11 @@ func (k *KeyDetailsAdapter) ExportPublicKey(_ context.Context, format trust.KeyT
kid := string(k.id)
switch format {
case trust.KeyTypeJWK:
+ if ocrypto.IsHybridKeyType(k.algorithm) {
+ return "", errors.New("JWK export is not supported for hybrid keys")
+ }
// For JWK format (currently only supported for RSA)
- if k.algorithm == AlgorithmRSA2048 {
+ if k.algorithm == AlgorithmRSA2048 || k.algorithm == AlgorithmRSA4096 {
return k.cryptoProvider.RSAPublicKeyAsJSON(kid)
}
// For EC keys, we return the public key in PEM format
@@ -73,17 +76,15 @@ func (k *KeyDetailsAdapter) ExportPublicKey(_ context.Context, format trust.KeyT
if err != nil {
return "", err
}
- jwkKey, err := convertPEMToJWK(pemKey)
- if err != nil {
- return "", err
- }
-
- return jwkKey, nil
+ return convertPEMToJWK(pemKey)
case trust.KeyTypePKCS8:
// Try to get the key as an RSA key first
if rsaKey, err := k.cryptoProvider.RSAPublicKey(kid); err == nil {
return rsaKey, nil
}
+ if hybridKey, err := k.cryptoProvider.HybridPublicKey(kid); err == nil {
+ return hybridKey, nil
+ }
return k.cryptoProvider.ECPublicKey(kid)
default:
return "", ErrCertNotFound
@@ -170,31 +171,17 @@ func (a *InProcessProvider) FindKeyByAlgorithm(_ context.Context, algorithm stri
// FindKeyByID finds a key by ID
func (a *InProcessProvider) FindKeyByID(_ context.Context, id trust.KeyIdentifier) (trust.KeyDetails, error) {
- // Try to determine the algorithm by checking if the key works with known algorithms
- for _, alg := range []string{AlgorithmECP256R1, AlgorithmRSA2048} {
- // This is a hack since the original provider doesn't have a way to check if a key exists
- switch alg {
- case AlgorithmECP256R1:
- if _, err := a.cryptoProvider.ECPublicKey(string(id)); err == nil {
- return &KeyDetailsAdapter{
- id: id,
- algorithm: ocrypto.KeyType(alg),
- legacy: a.legacyKeys[string(id)],
- cryptoProvider: a.cryptoProvider,
- }, nil
- }
- case AlgorithmRSA2048:
- if _, err := a.cryptoProvider.RSAPublicKey(string(id)); err == nil {
- return &KeyDetailsAdapter{
- id: id,
- algorithm: ocrypto.KeyType(alg),
- legacy: a.legacyKeys[string(id)],
- cryptoProvider: a.cryptoProvider,
- }, nil
- }
- }
+ keyType, err := a.determineKeyType(string(id))
+ if err != nil {
+ return nil, ErrCertNotFound
}
- return nil, ErrCertNotFound
+
+ return &KeyDetailsAdapter{
+ id: id,
+ algorithm: ocrypto.KeyType(keyType),
+ legacy: a.legacyKeys[string(id)],
+ cryptoProvider: a.cryptoProvider,
+ }, nil
}
// ListKeys lists all available keys
@@ -207,7 +194,14 @@ func (a *InProcessProvider) ListKeysWith(ctx context.Context, opts trust.ListKey
var keys []trust.KeyDetails
// Try to find keys for known algorithms
- for _, alg := range []string{AlgorithmRSA2048, AlgorithmECP256R1} {
+ for _, alg := range []string{
+ AlgorithmRSA2048,
+ AlgorithmRSA4096,
+ AlgorithmECP256R1,
+ AlgorithmHPQTXWing,
+ AlgorithmHPQTSecp256r1MLKEM768,
+ AlgorithmHPQTSecp384r1MLKEM1024,
+ } {
if kids, err := a.cryptoProvider.ListKIDsByAlgorithm(alg); err == nil && len(kids) > 0 {
for _, kid := range kids {
if opts.LegacyOnly && !a.legacyKeys[kid] {
@@ -242,7 +236,7 @@ func (a *InProcessProvider) Decrypt(ctx context.Context, keyDetails trust.KeyDet
var err error
// Try to determine the key type
- keyType, err := a.determineKeyType(ctx, kid)
+ keyType, err := a.determineKeyType(kid)
if err != nil {
return nil, err
}
@@ -250,6 +244,8 @@ func (a *InProcessProvider) Decrypt(ctx context.Context, keyDetails trust.KeyDet
var rawKey []byte
switch keyType {
case AlgorithmRSA2048:
+ fallthrough
+ case AlgorithmRSA4096:
if len(ephemeralPublicKey) > 0 {
return nil, errors.New("ephemeral public key should not be provided for RSA decryption")
}
@@ -261,6 +257,12 @@ func (a *InProcessProvider) Decrypt(ctx context.Context, keyDetails trust.KeyDet
}
protectedKey, err = a.cryptoProvider.ECDecrypt(ctx, kid, ephemeralPublicKey, ciphertext)
+ case AlgorithmHPQTXWing, AlgorithmHPQTSecp256r1MLKEM768, AlgorithmHPQTSecp384r1MLKEM1024:
+ if len(ephemeralPublicKey) > 0 {
+ return nil, errors.New("ephemeral public key should not be provided for hybrid decryption")
+ }
+ return a.cryptoProvider.Decrypt(ctx, trust.KeyIdentifier(kid), ciphertext, nil)
+
default:
return nil, errors.New("unsupported key algorithm")
}
@@ -335,17 +337,20 @@ func (a *InProcessProvider) Close() {
a.cryptoProvider.Close()
}
-// determineKeyType tries to determine the algorithm of a key based on its ID
-// This is a helper method for the Decrypt method
-func (a *InProcessProvider) determineKeyType(_ context.Context, kid string) (string, error) {
- // First try RSA
- if _, err := a.cryptoProvider.RSAPublicKey(kid); err == nil {
- return AlgorithmRSA2048, nil
+// determineKeyType returns the configured algorithm for a loaded key.
+func (a *InProcessProvider) determineKeyType(kid string) (string, error) {
+ key, ok := a.cryptoProvider.keysByID[kid]
+ if !ok {
+ return "", errors.New("could not determine key type")
}
- // Then try EC
- if _, err := a.cryptoProvider.ECPublicKey(kid); err == nil {
- return AlgorithmECP256R1, nil
+ switch key := key.(type) {
+ case StandardRSACrypto:
+ return key.Algorithm, nil
+ case StandardECCrypto:
+ return key.Algorithm, nil
+ case StandardHybridCrypto:
+ return key.Algorithm, nil
}
return "", errors.New("could not determine key type")
diff --git a/service/internal/security/standard_crypto.go b/service/internal/security/standard_crypto.go
index 6b86abdcbe..976e63850e 100644
--- a/service/internal/security/standard_crypto.go
+++ b/service/internal/security/standard_crypto.go
@@ -67,6 +67,12 @@ type StandardECCrypto struct {
sk *ecdh.PrivateKey
}
+type StandardHybridCrypto struct {
+ KeyPairInfo
+ hybridPrivateKeyPEM string
+ hybridPublicKeyPEM string
+}
+
// List of keys by identifier
type keylist map[string]any
@@ -150,6 +156,12 @@ func loadKey(k KeyPairInfo) (any, error) {
ecPrivateKeyPem: string(privatePEM),
ecCertificatePEM: string(certPEM),
}, nil
+ case AlgorithmHPQTXWing, AlgorithmHPQTSecp256r1MLKEM768, AlgorithmHPQTSecp384r1MLKEM1024:
+ return StandardHybridCrypto{
+ KeyPairInfo: k,
+ hybridPrivateKeyPEM: string(privatePEM),
+ hybridPublicKeyPEM: string(certPEM),
+ }, nil
case AlgorithmRSA2048, AlgorithmRSA4096:
asymDecryption, err := ocrypto.NewAsymDecryption(string(privatePEM))
if err != nil {
@@ -329,6 +341,25 @@ func (s StandardCrypto) ECPublicKey(kid string) (string, error) {
return string(pemBytes), nil
}
+func (s StandardCrypto) HybridPublicKey(kid string) (string, error) {
+ k, ok := s.keysByID[kid]
+ if !ok {
+ return "", fmt.Errorf("no hybrid key with id [%s]: %w", kid, ErrCertNotFound)
+ }
+ hybrid, ok := k.(StandardHybridCrypto)
+ if !ok {
+ return "", fmt.Errorf("key with id [%s] is not a hybrid key: %w", kid, ErrCertNotFound)
+ }
+ if hybrid.hybridPublicKeyPEM == "" {
+ return "", fmt.Errorf("no hybrid public key with id [%s]: %w", kid, ErrCertNotFound)
+ }
+ return hybrid.hybridPublicKeyPEM, nil
+}
+
+func (s StandardCrypto) XWingPublicKey(kid string) (string, error) {
+ return s.HybridPublicKey(kid)
+}
+
func (s StandardCrypto) RSADecrypt(_ crypto.Hash, kid string, _ string, ciphertext []byte) ([]byte, error) {
k, ok := s.keysByID[kid]
if !ok {
@@ -439,9 +470,56 @@ func (s *StandardCrypto) Decrypt(_ context.Context, keyID trust.KeyIdentifier, c
return nil, fmt.Errorf("error decrypting data: %w", err)
}
+ case StandardHybridCrypto:
+ if len(ephemeralPublicKey) > 0 {
+ return nil, fmt.Errorf("ephemeral public key should not be provided for hybrid decryption (%s)", key.Algorithm)
+ }
+
+ rawKey, err = unwrapHybridCiphertext(key.Algorithm, key.hybridPrivateKeyPEM, ciphertext)
+ if err != nil {
+ return nil, err
+ }
+
default:
return nil, fmt.Errorf("unsupported key type for key ID [%s]", kid)
}
return ocrypto.NewAESProtectedKey(rawKey)
}
+
+func unwrapHybridCiphertext(algorithm, privateKeyPEM string, ciphertext []byte) ([]byte, error) {
+ switch algorithm {
+ case AlgorithmHPQTXWing:
+ privateKey, err := ocrypto.XWingPrivateKeyFromPem([]byte(privateKeyPEM))
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse X-Wing private key: %w", err)
+ }
+ rawKey, err := ocrypto.XWingUnwrapDEK(privateKey, ciphertext)
+ if err != nil {
+ return nil, fmt.Errorf("failed to decrypt with X-Wing: %w", err)
+ }
+ return rawKey, nil
+ case AlgorithmHPQTSecp256r1MLKEM768:
+ privateKey, err := ocrypto.P256MLKEM768PrivateKeyFromPem([]byte(privateKeyPEM))
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse SecP256r1/ML-KEM-768 private key: %w", err)
+ }
+ rawKey, err := ocrypto.P256MLKEM768UnwrapDEK(privateKey, ciphertext)
+ if err != nil {
+ return nil, fmt.Errorf("failed to decrypt with SecP256r1/ML-KEM-768: %w", err)
+ }
+ return rawKey, nil
+ case AlgorithmHPQTSecp384r1MLKEM1024:
+ privateKey, err := ocrypto.P384MLKEM1024PrivateKeyFromPem([]byte(privateKeyPEM))
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse SecP384r1/ML-KEM-1024 private key: %w", err)
+ }
+ rawKey, err := ocrypto.P384MLKEM1024UnwrapDEK(privateKey, ciphertext)
+ if err != nil {
+ return nil, fmt.Errorf("failed to decrypt with SecP384r1/ML-KEM-1024: %w", err)
+ }
+ return rawKey, nil
+ default:
+ return nil, fmt.Errorf("unsupported hybrid algorithm [%s]", algorithm)
+ }
+}
diff --git a/service/kas/access/provider.go b/service/kas/access/provider.go
index e9c01dbe0c..89f90b5e85 100644
--- a/service/kas/access/provider.go
+++ b/service/kas/access/provider.go
@@ -52,13 +52,15 @@ type KASConfig struct {
// Enabling is required to parse KAOs with the `ec-wrapped` type,
// and (currently) also enables responding with ECIES encrypted responses.
ECTDFEnabled bool `mapstructure:"ec_tdf_enabled" json:"ec_tdf_enabled"`
+ HybridTDFEnabled bool `mapstructure:"hybrid_tdf_enabled" json:"hybrid_tdf_enabled"`
Preview Preview `mapstructure:"preview" json:"preview"`
RegisteredKASURI string `mapstructure:"registered_kas_uri" json:"registered_kas_uri"`
}
type Preview struct {
- ECTDFEnabled bool `mapstructure:"ec_tdf_enabled" json:"ec_tdf_enabled"`
- KeyManagement bool `mapstructure:"key_management" json:"key_management"`
+ ECTDFEnabled bool `mapstructure:"ec_tdf_enabled" json:"ec_tdf_enabled"`
+ HybridTDFEnabled bool `mapstructure:"hybrid_tdf_enabled" json:"hybrid_tdf_enabled"`
+ KeyManagement bool `mapstructure:"key_management" json:"key_management"`
}
// Specifies the preferred/default key for a given algorithm type.
@@ -143,13 +145,14 @@ func (kasCfg KASConfig) String() string {
}
return fmt.Sprintf(
- "KASConfig{Keyring:%v, ECCertID:%q, RSACertID:%q, RootKey:%s, KeyCacheExpiration:%s, ECTDFEnabled:%t, Preview:%+v, RegisteredKASURI:%q}",
+ "KASConfig{Keyring:%v, ECCertID:%q, RSACertID:%q, RootKey:%s, KeyCacheExpiration:%s, ECTDFEnabled:%t, HybridTDFEnabled:%t, Preview:%+v, RegisteredKASURI:%q}",
kasCfg.Keyring,
kasCfg.ECCertID,
kasCfg.RSACertID,
rootKeySummary,
kasCfg.KeyCacheExpiration,
kasCfg.ECTDFEnabled,
+ kasCfg.HybridTDFEnabled,
kasCfg.Preview,
kasCfg.RegisteredKASURI,
)
@@ -168,6 +171,7 @@ func (kasCfg KASConfig) LogValue() slog.Value {
slog.String("root_key", rootKeyVal),
slog.Duration("key_cache_expiration", kasCfg.KeyCacheExpiration),
slog.Bool("ec_tdf_enabled", kasCfg.ECTDFEnabled),
+ slog.Bool("hybrid_tdf_enabled", kasCfg.HybridTDFEnabled),
slog.Any("preview", kasCfg.Preview),
slog.String("registered_kas_uri", kasCfg.RegisteredKASURI),
)
diff --git a/service/kas/access/publicKey.go b/service/kas/access/publicKey.go
index eb5b1fe780..907d2de2f6 100644
--- a/service/kas/access/publicKey.go
+++ b/service/kas/access/publicKey.go
@@ -76,9 +76,7 @@ func (p *Provider) LegacyPublicKey(ctx context.Context, req *connect.Request[kas
p.Logger.ErrorContext(ctx, "keyDetails.ExportCertificate failed", slog.Any("error", err))
return nil, connect.NewError(connect.CodeInternal, errors.Join(ErrConfig, errors.New("configuration error")))
}
- case security.AlgorithmRSA2048:
- fallthrough
- case "":
+ case security.AlgorithmRSA2048, security.AlgorithmHPQTXWing, "":
// For RSA keys, return the public key in PKCS8 format
pem, err = keyDetails.ExportPublicKey(ctx, trust.KeyTypePKCS8)
if err != nil {
@@ -153,6 +151,16 @@ func (p *Provider) PublicKey(ctx context.Context, req *connect.Request[kaspb.Pub
// For EC keys, export the public key
ecPublicKeyPem, err := keyDetails.ExportPublicKey(ctx, trust.KeyTypePKCS8)
return r(ecPublicKeyPem, kid, err)
+ case security.AlgorithmHPQTXWing, security.AlgorithmHPQTSecp256r1MLKEM768, security.AlgorithmHPQTSecp384r1MLKEM1024:
+ switch fmt {
+ case "jwk":
+ return nil, connect.NewError(connect.CodeInvalidArgument, errors.New("JWK export is not supported for hybrid algorithms"))
+ case "pkcs8":
+ fallthrough
+ case "":
+ publicKeyPEM, err := keyDetails.ExportPublicKey(ctx, trust.KeyTypePKCS8)
+ return r(publicKeyPEM, kid, err)
+ }
case security.AlgorithmRSA2048:
fallthrough
case "":
diff --git a/service/kas/access/publicKey_test.go b/service/kas/access/publicKey_test.go
index dd8bac58f7..4b333af1a2 100644
--- a/service/kas/access/publicKey_test.go
+++ b/service/kas/access/publicKey_test.go
@@ -189,6 +189,28 @@ func TestPublicKeyWithSecurityProvider(t *testing.T) {
certData: "-----BEGIN CERTIFICATE-----\nMIIBcTCCARegAwIBAgIUTxgZ1CzWBXgysrV4bKVGw+1iBTwwCgYIKoZIzj0EAwIw\nDjEMMAoGA1UEAwwDa2FzMB4XDTIzMDYxMzAwMDAwMFoXDTI4MDYxMzAwMDAwMFow\nDjEMMAoGA1UEAwwDa2FzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEn6WYEj3s\nxP/IR0W1O5TYHKPyhceFki4Y/9YYeK/D3QkYQrv+DkKXPKkR/MQS6uzmHZY9NS8X\nbcwJ4cGpR6l4FaNmMGQwHQYDVR0OBBYEFFQ8TIybvYhMKH0E+lOVDS0F7r9PMB8G\nA1UdIwQYMBaAFFQ8TIybvYhMKH0E+lOVDS0F7r9PMA8GA1UdEwEB/wQFMAMBAf8w\nEQYDVR0gBAowCDAGBgRVHSAAMAoGCCqGSM49BAMCA0gAMEUCIQD5adIeKGCpbI1E\nJr3jVwQNJL6+bLGXRORhIeKjpvd3egIgRZ7qwTpjZwrkXpDS2i1ODQjj2Ap9ZeMN\nzuDaXdOl90E=\n-----END CERTIFICATE-----",
})
+ p256HybridKeyPair, err := ocrypto.NewP256MLKEM768KeyPair()
+ require.NoError(t, err)
+ p256HybridPublicPEM, err := p256HybridKeyPair.PublicKeyInPemFormat()
+ require.NoError(t, err)
+ mockProvider.AddKey(&MockKeyDetails{
+ id: "hybrid-p256-key",
+ algorithm: security.AlgorithmHPQTSecp256r1MLKEM768,
+ legacy: false,
+ pemData: p256HybridPublicPEM,
+ })
+
+ p384HybridKeyPair, err := ocrypto.NewP384MLKEM1024KeyPair()
+ require.NoError(t, err)
+ p384HybridPublicPEM, err := p384HybridKeyPair.PublicKeyInPemFormat()
+ require.NoError(t, err)
+ mockProvider.AddKey(&MockKeyDetails{
+ id: "hybrid-p384-key",
+ algorithm: security.AlgorithmHPQTSecp384r1MLKEM1024,
+ legacy: false,
+ pemData: p384HybridPublicPEM,
+ })
+
// Create Provider with the mock security provider
delegator := trust.NewDelegatingKeyService(mockProvider, logger.CreateTestLogger(), nil)
delegator.RegisterKeyManagerCtx(mockProvider.Name(), func(_ context.Context, _ *trust.KeyManagerFactoryOptions) (trust.KeyManager, error) {
@@ -206,6 +228,14 @@ func TestPublicKeyWithSecurityProvider(t *testing.T) {
Algorithm: security.AlgorithmRSA2048,
KID: "rsa-key",
},
+ {
+ Algorithm: security.AlgorithmHPQTSecp256r1MLKEM768,
+ KID: "hybrid-p256-key",
+ },
+ {
+ Algorithm: security.AlgorithmHPQTSecp384r1MLKEM1024,
+ KID: "hybrid-p384-key",
+ },
},
},
Logger: logger.CreateTestLogger(),
@@ -276,6 +306,47 @@ func TestPublicKeyWithSecurityProvider(t *testing.T) {
assert.Contains(t, result.Msg.GetValue(), "BEGIN PUBLIC KEY")
})
+ for _, tc := range []struct {
+ name string
+ algorithm string
+ kid string
+ }{
+ {
+ name: "Hybrid P256 ML-KEM-768",
+ algorithm: security.AlgorithmHPQTSecp256r1MLKEM768,
+ kid: "hybrid-p256-key",
+ },
+ {
+ name: "Hybrid P384 ML-KEM-1024",
+ algorithm: security.AlgorithmHPQTSecp384r1MLKEM1024,
+ kid: "hybrid-p384-key",
+ },
+ } {
+ t.Run("PublicKey with "+tc.name, func(t *testing.T) {
+ result, err := kas.PublicKey(t.Context(), &connect.Request[kaspb.PublicKeyRequest]{
+ Msg: &kaspb.PublicKeyRequest{
+ Algorithm: tc.algorithm,
+ },
+ })
+ require.NoError(t, err)
+ require.NotNil(t, result)
+ assert.Contains(t, result.Msg.GetPublicKey(), "BEGIN")
+ assert.Equal(t, tc.kid, result.Msg.GetKid())
+ })
+
+ t.Run("PublicKey with "+tc.name+" in JWK format is rejected", func(t *testing.T) {
+ result, err := kas.PublicKey(t.Context(), &connect.Request[kaspb.PublicKeyRequest]{
+ Msg: &kaspb.PublicKeyRequest{
+ Algorithm: tc.algorithm,
+ Fmt: "jwk",
+ },
+ })
+ require.Error(t, err)
+ assert.Nil(t, result)
+ assert.Equal(t, connect.CodeInvalidArgument, connect.CodeOf(err))
+ })
+ }
+
// Test with invalid algorithm
t.Run("PublicKey with invalid algorithm", func(t *testing.T) {
result, err := kas.PublicKey(t.Context(), &connect.Request[kaspb.PublicKeyRequest]{
diff --git a/service/kas/access/rewrap.go b/service/kas/access/rewrap.go
index 274e09e256..71db5e4922 100644
--- a/service/kas/access/rewrap.go
+++ b/service/kas/access/rewrap.go
@@ -734,6 +734,20 @@ func (p *Provider) verifyRewrapRequests(ctx context.Context, req *kaspb.Unsigned
failedKAORewrap(results, kao, err400("bad request"))
continue
}
+ case "hybrid-wrapped":
+ if !p.HybridTDFEnabled && !p.Preview.HybridTDFEnabled {
+ p.Logger.WarnContext(ctx, "hybrid-wrapped not enabled")
+ failedKAORewrap(results, kao, err400("bad request"))
+ continue
+ }
+
+ kid := trust.KeyIdentifier(kao.GetKeyAccessObject().GetKid())
+ dek, err = p.KeyDelegator.Decrypt(ctx, kid, kao.GetKeyAccessObject().GetWrappedKey(), nil)
+ if err != nil {
+ p.Logger.WarnContext(ctx, "failed to decrypt hybrid key", slog.Any("error", err))
+ failedKAORewrap(results, kao, err400("bad request"))
+ continue
+ }
case "wrapped":
var kidsToCheck []trust.KeyIdentifier
if kao.GetKeyAccessObject().GetKid() != "" {
diff --git a/service/kas/kas.go b/service/kas/kas.go
index caaff1d6df..376930e973 100644
--- a/service/kas/kas.go
+++ b/service/kas/kas.go
@@ -192,7 +192,13 @@ func initSecurityProviderAdapter(cryptoProvider *security.StandardCrypto, kasCfg
}
}
if len(defaults) == 0 && len(legacies) == 0 {
- for _, alg := range []string{security.AlgorithmECP256R1, security.AlgorithmRSA2048} {
+ for _, alg := range []string{
+ security.AlgorithmECP256R1,
+ security.AlgorithmRSA2048,
+ security.AlgorithmHPQTXWing,
+ security.AlgorithmHPQTSecp256r1MLKEM768,
+ security.AlgorithmHPQTSecp384r1MLKEM1024,
+ } {
kid := cryptoProvider.FindKID(alg)
if kid != "" {
defaults = append(defaults, kid)
diff --git a/service/kas/kas.proto b/service/kas/kas.proto
index 7563a25e49..aad584ed18 100644
--- a/service/kas/kas.proto
+++ b/service/kas/kas.proto
@@ -68,7 +68,7 @@ message KeyAccess {
// Type of key wrapping used for the data encryption key
// Required: Always
- // Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped)
+ // Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped), 'hybrid-wrapped' (experimental X-Wing-wrapped)
string key_type = 4 [json_name = "type"];
// URL of the Key Access Server that can unwrap this key
@@ -101,7 +101,7 @@ message KeyAccess {
// Ephemeral public key for ECDH key derivation (ec-wrapped type only)
// Required: When key_type="ec-wrapped" (experimental ECDH-based ZTDF)
- // Omitted: When key_type="wrapped" (RSA-based ZTDF)
+ // Omitted: When key_type="wrapped" or key_type="hybrid-wrapped"
// Should be a PEM-encoded PKCS#8 (ASN.1) formatted public key
// Used to derive the symmetric key for unwrapping the DEK
string ephemeral_public_key = 10;
@@ -258,7 +258,7 @@ message RewrapResponse {
// KAS's ephemeral session public key in PEM format
// Required: For EC-based operations (key_type="ec-wrapped")
- // Optional: Empty for RSA-based ZTDF (key_type="wrapped")
+ // Optional: Empty for RSA-based or X-Wing-based ZTDF (key_type="wrapped" or key_type="hybrid-wrapped")
// Used by client to perform ECDH key agreement and decrypt the kas_wrapped_key values
string session_public_key = 3;
diff --git a/service/kas/key_indexer.go b/service/kas/key_indexer.go
index 021b3f418a..60cd11e8a2 100644
--- a/service/kas/key_indexer.go
+++ b/service/kas/key_indexer.go
@@ -58,6 +58,12 @@ func convertEnumToAlg(alg policy.Algorithm) ocrypto.KeyType {
return ocrypto.EC384Key
case policy.Algorithm_ALGORITHM_EC_P521:
return ocrypto.EC521Key
+ case policy.Algorithm_ALGORITHM_HPQT_XWING:
+ return ocrypto.HybridXWingKey
+ case policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768:
+ return ocrypto.HybridSecp256r1MLKEM768Key
+ case policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024:
+ return ocrypto.HybridSecp384r1MLKEM1024Key
case policy.Algorithm_ALGORITHM_UNSPECIFIED:
fallthrough
default:
@@ -77,6 +83,12 @@ func convertAlgToEnum(alg string) (policy.Algorithm, error) {
return policy.Algorithm_ALGORITHM_EC_P384, nil
case string(ocrypto.EC521Key):
return policy.Algorithm_ALGORITHM_EC_P521, nil
+ case string(ocrypto.HybridXWingKey):
+ return policy.Algorithm_ALGORITHM_HPQT_XWING, nil
+ case string(ocrypto.HybridSecp256r1MLKEM768Key):
+ return policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768, nil
+ case string(ocrypto.HybridSecp384r1MLKEM1024Key):
+ return policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024, nil
default:
return policy.Algorithm_ALGORITHM_UNSPECIFIED, fmt.Errorf("unsupported algorithm: %s", alg)
}
@@ -278,18 +290,16 @@ func (p *KeyAdapter) ExportPublicKey(ctx context.Context, format trust.KeyType)
switch format {
case trust.KeyTypeJWK:
+ if ocrypto.IsHybridKeyType(convertEnumToAlg(p.key.GetKey().GetKeyAlgorithm())) {
+ return "", errors.New("JWK export is not supported for hybrid keys")
+ }
// For JWK format (currently only supported for RSA)
if p.key.GetKey().GetKeyAlgorithm() == policy.Algorithm_ALGORITHM_RSA_2048 ||
p.key.GetKey().GetKeyAlgorithm() == policy.Algorithm_ALGORITHM_RSA_4096 {
return rsaPublicKeyAsJSON(ctx, string(decodedPubKey))
}
// For EC keys, we return the public key in PEM format
- jwkKey, err := convertPEMToJWK(string(decodedPubKey))
- if err != nil {
- return "", err
- }
-
- return jwkKey, nil
+ return convertPEMToJWK(string(decodedPubKey))
case trust.KeyTypePKCS8:
return string(decodedPubKey), nil
default:
diff --git a/service/kas/key_indexer_test.go b/service/kas/key_indexer_test.go
index eba2f8278d..5e256b135b 100644
--- a/service/kas/key_indexer_test.go
+++ b/service/kas/key_indexer_test.go
@@ -168,6 +168,27 @@ func (s *KeyIndexTestSuite) TestKeyDetails_Legacy() {
s.True(legacyKey.IsLegacy())
}
+func (s *KeyIndexTestSuite) TestAlgorithmConversions_HybridXWing() {
+ s.Equal(ocrypto.HybridXWingKey, convertEnumToAlg(policy.Algorithm_ALGORITHM_HPQT_XWING))
+
+ alg, err := convertAlgToEnum(string(ocrypto.HybridXWingKey))
+ s.Require().NoError(err)
+ s.Equal(policy.Algorithm_ALGORITHM_HPQT_XWING, alg)
+}
+
+func (s *KeyIndexTestSuite) TestAlgorithmConversions_HybridNIST() {
+ s.Equal(ocrypto.HybridSecp256r1MLKEM768Key, convertEnumToAlg(policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768))
+ s.Equal(ocrypto.HybridSecp384r1MLKEM1024Key, convertEnumToAlg(policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024))
+
+ alg, err := convertAlgToEnum(string(ocrypto.HybridSecp256r1MLKEM768Key))
+ s.Require().NoError(err)
+ s.Equal(policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768, alg)
+
+ alg, err = convertAlgToEnum(string(ocrypto.HybridSecp384r1MLKEM1024Key))
+ s.Require().NoError(err)
+ s.Equal(policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024, alg)
+}
+
func (s *KeyIndexTestSuite) TestListKeysWith() {
mockClient := new(MockKeyAccessServerRegistryClient)
keyIndexer := &KeyIndexer{
diff --git a/service/pkg/db/marshalHelpers.go b/service/pkg/db/marshalHelpers.go
index 667ab27e21..c78b91ab5f 100644
--- a/service/pkg/db/marshalHelpers.go
+++ b/service/pkg/db/marshalHelpers.go
@@ -157,6 +157,12 @@ func FormatAlg(alg policy.Algorithm) (string, error) {
return "ec:secp384r1", nil
case policy.Algorithm_ALGORITHM_EC_P521:
return "ec:secp521r1", nil
+ case policy.Algorithm_ALGORITHM_HPQT_XWING:
+ return "hpqt:xwing", nil
+ case policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768:
+ return "hpqt:secp256r1-mlkem768", nil
+ case policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024:
+ return "hpqt:secp384r1-mlkem1024", nil
case policy.Algorithm_ALGORITHM_UNSPECIFIED:
fallthrough
default:
diff --git a/service/pkg/db/marshalHelpers_test.go b/service/pkg/db/marshalHelpers_test.go
index a516a3b129..22f027ed4f 100644
--- a/service/pkg/db/marshalHelpers_test.go
+++ b/service/pkg/db/marshalHelpers_test.go
@@ -12,11 +12,14 @@ import (
// reverseAlgMap mirrors the SDK's getKasKeyAlg mapping: ocrypto.KeyType string → policy.Algorithm.
// If FormatAlg produces a string that isn't in this map, the SDK would return ALGORITHM_UNSPECIFIED.
var reverseAlgMap = map[string]policy.Algorithm{
- string(ocrypto.RSA2048Key): policy.Algorithm_ALGORITHM_RSA_2048,
- string(ocrypto.RSA4096Key): policy.Algorithm_ALGORITHM_RSA_4096,
- string(ocrypto.EC256Key): policy.Algorithm_ALGORITHM_EC_P256,
- string(ocrypto.EC384Key): policy.Algorithm_ALGORITHM_EC_P384,
- string(ocrypto.EC521Key): policy.Algorithm_ALGORITHM_EC_P521,
+ string(ocrypto.RSA2048Key): policy.Algorithm_ALGORITHM_RSA_2048,
+ string(ocrypto.RSA4096Key): policy.Algorithm_ALGORITHM_RSA_4096,
+ string(ocrypto.EC256Key): policy.Algorithm_ALGORITHM_EC_P256,
+ string(ocrypto.EC384Key): policy.Algorithm_ALGORITHM_EC_P384,
+ string(ocrypto.EC521Key): policy.Algorithm_ALGORITHM_EC_P521,
+ string(ocrypto.HybridXWingKey): policy.Algorithm_ALGORITHM_HPQT_XWING,
+ string(ocrypto.HybridSecp256r1MLKEM768Key): policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768,
+ string(ocrypto.HybridSecp384r1MLKEM1024Key): policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024,
}
func TestFormatAlg_RoundTrip(t *testing.T) {
@@ -32,6 +35,9 @@ func TestFormatAlg_RoundTrip(t *testing.T) {
{"EC-P256", policy.Algorithm_ALGORITHM_EC_P256},
{"EC-P384", policy.Algorithm_ALGORITHM_EC_P384},
{"EC-P521", policy.Algorithm_ALGORITHM_EC_P521},
+ {"HPQT-XWing", policy.Algorithm_ALGORITHM_HPQT_XWING},
+ {"HPQT-SecP256r1-MLKEM768", policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768},
+ {"HPQT-SecP384r1-MLKEM1024", policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024},
}
for _, tc := range supportedAlgs {
diff --git a/service/policy/db/grant_mappings.go b/service/policy/db/grant_mappings.go
index 7c3688af58..7cd8830f92 100644
--- a/service/policy/db/grant_mappings.go
+++ b/service/policy/db/grant_mappings.go
@@ -22,6 +22,12 @@ func mapAlgorithmToKasPublicKeyAlg(alg policy.Algorithm) policy.KasPublicKeyAlgE
return policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
case policy.Algorithm_ALGORITHM_EC_P521: // ALGORITHM_EC_P521 is an alias
return policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ case policy.Algorithm_ALGORITHM_HPQT_XWING:
+ return policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
+ case policy.Algorithm_ALGORITHM_HPQT_SECP256R1_MLKEM768:
+ return policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768
+ case policy.Algorithm_ALGORITHM_HPQT_SECP384R1_MLKEM1024:
+ return policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024
case policy.Algorithm_ALGORITHM_UNSPECIFIED:
return policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED
default:
diff --git a/service/policy/kasregistry/key_access_server_registry.proto b/service/policy/kasregistry/key_access_server_registry.proto
index f7c4bdf7f8..99847947ed 100644
--- a/service/policy/kasregistry/key_access_server_registry.proto
+++ b/service/policy/kasregistry/key_access_server_registry.proto
@@ -403,7 +403,7 @@ message CreateKeyRequest {
Algorithm key_algorithm = 3 [(buf.validate.field).cel = {
id: "key_algorithm_defined"
message: "The key_algorithm must be one of the defined values."
- expression: "this in [1, 2, 3, 4, 5]" // Allow ALGORITHM_RSA_2048, ALGORITHM_RSA_4096, ALGORITHM_EC_P256, ALGORITHM_EC_P384, ALGORITHM_EC_P521
+ expression: "this in [1, 2, 3, 4, 5, 6, 7, 8]" // Allow ALGORITHM_RSA_2048, ALGORITHM_RSA_4096, ALGORITHM_EC_P256, ALGORITHM_EC_P384, ALGORITHM_EC_P521, ALGORITHM_HPQT_XWING, ALGORITHM_HPQT_SECP256R1_MLKEM768, ALGORITHM_HPQT_SECP384R1_MLKEM1024
}]; // The algorithm to be used for the key
// Required
KeyMode key_mode = 4 [(buf.validate.field).cel = {
@@ -447,7 +447,7 @@ message ListKeysRequest {
Algorithm key_algorithm = 1 [(buf.validate.field).cel = {
id: "key_algorithm_defined"
message: "The key_algorithm must be one of the defined values."
- expression: "this in [0, 1, 2, 3, 4, 5]" // Allow unspecified and object.Algorithm values for currently supported RSA bit sizes and EC curve types
+ expression: "this in [0, 1, 2, 3, 4, 5, 6]" // Allow unspecified and object.Algorithm values for currently supported RSA bit sizes, EC curve types, and X-Wing
}]; // Filter keys by algorithm
oneof kas_filter {
@@ -550,7 +550,7 @@ message RotateKeyRequest {
Algorithm algorithm = 2 [(buf.validate.field).cel = {
id: "key_algorithm_defined"
message: "The key_algorithm must be one of the defined values."
- expression: "this in [1, 2, 3, 4, 5]" // Allow ALGORITHM_RSA_2048, ALGORITHM_RSA_4096, ALGORITHM_EC_P256, ALGORITHM_EC_P384, ALGORITHM_EC_P521
+ expression: "this in [1, 2, 3, 4, 5, 6, 7, 8]" // Allow ALGORITHM_RSA_2048, ALGORITHM_RSA_4096, ALGORITHM_EC_P256, ALGORITHM_EC_P384, ALGORITHM_EC_P521, ALGORITHM_HPQT_XWING, ALGORITHM_HPQT_SECP256R1_MLKEM768, ALGORITHM_HPQT_SECP384R1_MLKEM1024
}];
// Required
KeyMode key_mode = 3 [
diff --git a/service/policy/objects.proto b/service/policy/objects.proto
index a54bc2517a..8f6b5da374 100644
--- a/service/policy/objects.proto
+++ b/service/policy/objects.proto
@@ -388,6 +388,9 @@ enum KasPublicKeyAlgEnum {
KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 = 5;
KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 = 6;
KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 = 7;
+ KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING = 10;
+ KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 = 11;
+ KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 = 12;
}
// Deprecated
@@ -553,6 +556,9 @@ enum Algorithm {
ALGORITHM_EC_P256 = 3;
ALGORITHM_EC_P384 = 4;
ALGORITHM_EC_P521 = 5;
+ ALGORITHM_HPQT_XWING = 6;
+ ALGORITHM_HPQT_SECP256R1_MLKEM768 = 7;
+ ALGORITHM_HPQT_SECP384R1_MLKEM1024 = 8;
}
// The status of the key