syntax = "proto3"; package envoy.extensions.private_key_providers.cryptomb.v3alpha; import "envoy/config/core/v3/base.proto"; import "google/protobuf/duration.proto"; import "udpa/annotations/sensitive.proto"; import "udpa/annotations/status.proto"; import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.private_key_providers.cryptomb.v3alpha"; option java_outer_classname = "CryptombProto"; option java_multiple_files = true; option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/private_key_providers/cryptomb/v3alpha"; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: CryptoMb private key provider] // [#extension: envoy.tls.key_providers.cryptomb] // A CryptoMbPrivateKeyMethodConfig message specifies how the CryptoMb private // key provider is configured. The private key provider provides ``SIMD`` // processing for RSA sign and decrypt operations (ECDSA signing uses regular // BoringSSL functions). The provider works by gathering the operations into a // worker-thread specific queue, and processing the queue using ``ipp-crypto`` // library when the queue is full or when a timer expires. // [#extension-category: envoy.tls.key_providers] message CryptoMbPrivateKeyMethodConfig { // Private key to use in the private key provider. If set to inline_bytes or // inline_string, the value needs to be the private key in PEM format. config.core.v3.DataSource private_key = 1 [(udpa.annotations.sensitive) = true]; // How long to wait until the per-thread processing queue should be // processed. If the processing queue gets full (eight sign or decrypt // requests are received) it is processed immediately. However, if the // queue is not filled before the delay has expired, the requests // already in the queue are processed, even if the queue is not full. // In effect, this value controls the balance between latency and // throughput. The duration needs to be set to a value greater than or equal to 1 millisecond. google.protobuf.Duration poll_delay = 2 [(validate.rules).duration = { required: true gte {nanos: 1000000} }]; }