Implement end-to-end app payload encryption.

This implements end-to-end encryption between the end-device and
end-application. The encrypted AppSKey or SessionKeyID is forwarded to
the end-application which should be able to decrypt or request the
AppSKey to decrypt the uplink payload. As well the end-application will
be able to enqueue encrypted application payloads.

Using this mechanism, ChirpStack will never have access to the uplink
and downlink application-payloads.

api/js/integration/integration_pb.js

@@ -25,6 +25,7 @@ goog.exportSymbol('proto.integration.DeviceInfo', null, global);
 goog.exportSymbol('proto.integration.DownlinkCommand', null, global);
 goog.exportSymbol('proto.integration.IntegrationEvent', null, global);
 goog.exportSymbol('proto.integration.JoinEvent', null, global);
+goog.exportSymbol('proto.integration.JoinServerContext', null, global);
 goog.exportSymbol('proto.integration.LocationEvent', null, global);
 goog.exportSymbol('proto.integration.LogCode', null, global);
 goog.exportSymbol('proto.integration.LogEvent', null, global);
@@ -75,6 +76,27 @@ if (goog.DEBUG && !COMPILED) {
    */
   proto.integration.UplinkRelayRxInfo.displayName = 'proto.integration.UplinkRelayRxInfo';
 }
+/**
+ * Generated by JsPbCodeGenerator.
+ * @param {Array=} opt_data Optional initial data array, typically from a
+ * server response, or constructed directly in Javascript. The array is used
+ * in place and becomes part of the constructed object. It is not cloned.
+ * If no data is provided, the constructed object will be empty, but still
+ * valid.
+ * @extends {jspb.Message}
+ * @constructor
+ */
+proto.integration.JoinServerContext = function(opt_data) {
+  jspb.Message.initialize(this, opt_data, 0, -1, null, null);
+};
+goog.inherits(proto.integration.JoinServerContext, jspb.Message);
+if (goog.DEBUG && !COMPILED) {
+  /**
+   * @public
+   * @override
+   */
+  proto.integration.JoinServerContext.displayName = 'proto.integration.JoinServerContext';
+}
 /**
  * Generated by JsPbCodeGenerator.
  * @param {Array=} opt_data Optional initial data array, typically from a
@@ -948,6 +970,187 @@ proto.integration.UplinkRelayRxInfo.prototype.setWorChannel = function(value) {
 
 
 
+
+
+if (jspb.Message.GENERATE_TO_OBJECT) {
+/**
+ * Creates an object representation of this proto.
+ * Field names that are reserved in JavaScript and will be renamed to pb_name.
+ * Optional fields that are not set will be set to undefined.
+ * To access a reserved field use, foo.pb_<name>, eg, foo.pb_default.
+ * For the list of reserved names please see:
+ *     net/proto2/compiler/js/internal/generator.cc#kKeyword.
+ * @param {boolean=} opt_includeInstance Deprecated. whether to include the
+ *     JSPB instance for transitional soy proto support:
+ *     http://goto/soy-param-migration
+ * @return {!Object}
+ */
+proto.integration.JoinServerContext.prototype.toObject = function(opt_includeInstance) {
+  return proto.integration.JoinServerContext.toObject(opt_includeInstance, this);
+};
+
+
+/**
+ * Static version of the {@see toObject} method.
+ * @param {boolean|undefined} includeInstance Deprecated. Whether to include
+ *     the JSPB instance for transitional soy proto support:
+ *     http://goto/soy-param-migration
+ * @param {!proto.integration.JoinServerContext} msg The msg instance to transform.
+ * @return {!Object}
+ * @suppress {unusedLocalVariables} f is only used for nested messages
+ */
+proto.integration.JoinServerContext.toObject = function(includeInstance, msg) {
+  var f, obj = {
+    sessionKeyId: jspb.Message.getFieldWithDefault(msg, 1, ""),
+    appSKey: (f = msg.getAppSKey()) && common_common_pb.KeyEnvelope.toObject(includeInstance, f)
+  };
+
+  if (includeInstance) {
+    obj.$jspbMessageInstance = msg;
+  }
+  return obj;
+};
+}
+
+
+/**
+ * Deserializes binary data (in protobuf wire format).
+ * @param {jspb.ByteSource} bytes The bytes to deserialize.
+ * @return {!proto.integration.JoinServerContext}
+ */
+proto.integration.JoinServerContext.deserializeBinary = function(bytes) {
+  var reader = new jspb.BinaryReader(bytes);
+  var msg = new proto.integration.JoinServerContext;
+  return proto.integration.JoinServerContext.deserializeBinaryFromReader(msg, reader);
+};
+
+
+/**
+ * Deserializes binary data (in protobuf wire format) from the
+ * given reader into the given message object.
+ * @param {!proto.integration.JoinServerContext} msg The message object to deserialize into.
+ * @param {!jspb.BinaryReader} reader The BinaryReader to use.
+ * @return {!proto.integration.JoinServerContext}
+ */
+proto.integration.JoinServerContext.deserializeBinaryFromReader = function(msg, reader) {
+  while (reader.nextField()) {
+    if (reader.isEndGroup()) {
+      break;
+    }
+    var field = reader.getFieldNumber();
+    switch (field) {
+    case 1:
+      var value = /** @type {string} */ (reader.readString());
+      msg.setSessionKeyId(value);
+      break;
+    case 2:
+      var value = new common_common_pb.KeyEnvelope;
+      reader.readMessage(value,common_common_pb.KeyEnvelope.deserializeBinaryFromReader);
+      msg.setAppSKey(value);
+      break;
+    default:
+      reader.skipField();
+      break;
+    }
+  }
+  return msg;
+};
+
+
+/**
+ * Serializes the message to binary data (in protobuf wire format).
+ * @return {!Uint8Array}
+ */
+proto.integration.JoinServerContext.prototype.serializeBinary = function() {
+  var writer = new jspb.BinaryWriter();
+  proto.integration.JoinServerContext.serializeBinaryToWriter(this, writer);
+  return writer.getResultBuffer();
+};
+
+
+/**
+ * Serializes the given message to binary data (in protobuf wire
+ * format), writing to the given BinaryWriter.
+ * @param {!proto.integration.JoinServerContext} message
+ * @param {!jspb.BinaryWriter} writer
+ * @suppress {unusedLocalVariables} f is only used for nested messages
+ */
+proto.integration.JoinServerContext.serializeBinaryToWriter = function(message, writer) {
+  var f = undefined;
+  f = message.getSessionKeyId();
+  if (f.length > 0) {
+    writer.writeString(
+      1,
+      f
+    );
+  }
+  f = message.getAppSKey();
+  if (f != null) {
+    writer.writeMessage(
+      2,
+      f,
+      common_common_pb.KeyEnvelope.serializeBinaryToWriter
+    );
+  }
+};
+
+
+/**
+ * optional string session_key_id = 1;
+ * @return {string}
+ */
+proto.integration.JoinServerContext.prototype.getSessionKeyId = function() {
+  return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 1, ""));
+};
+
+
+/**
+ * @param {string} value
+ * @return {!proto.integration.JoinServerContext} returns this
+ */
+proto.integration.JoinServerContext.prototype.setSessionKeyId = function(value) {
+  return jspb.Message.setProto3StringField(this, 1, value);
+};
+
+
+/**
+ * optional common.KeyEnvelope app_s_key = 2;
+ * @return {?proto.common.KeyEnvelope}
+ */
+proto.integration.JoinServerContext.prototype.getAppSKey = function() {
+  return /** @type{?proto.common.KeyEnvelope} */ (
+    jspb.Message.getWrapperField(this, common_common_pb.KeyEnvelope, 2));
+};
+
+
+/**
+ * @param {?proto.common.KeyEnvelope|undefined} value
+ * @return {!proto.integration.JoinServerContext} returns this
+*/
+proto.integration.JoinServerContext.prototype.setAppSKey = function(value) {
+  return jspb.Message.setWrapperField(this, 2, value);
+};
+
+
+/**
+ * Clears the message field making it undefined.
+ * @return {!proto.integration.JoinServerContext} returns this
+ */
+proto.integration.JoinServerContext.prototype.clearAppSKey = function() {
+  return this.setAppSKey(undefined);
+};
+
+
+/**
+ * Returns whether this field is set.
+ * @return {boolean}
+ */
+proto.integration.JoinServerContext.prototype.hasAppSKey = function() {
+  return jspb.Message.getField(this, 2) != null;
+};
+
+
+
 /**
  * List of repeated fields within this message type.
  * @private {!Array<number>}
@@ -1000,7 +1203,8 @@ proto.integration.UplinkEvent.toObject = function(includeInstance, msg) {
     rxInfoList: jspb.Message.toObjectList(msg.getRxInfoList(),
     gw_gw_pb.UplinkRxInfo.toObject, includeInstance),
     txInfo: (f = msg.getTxInfo()) && gw_gw_pb.UplinkTxInfo.toObject(includeInstance, f),
-    relayRxInfo: (f = msg.getRelayRxInfo()) && proto.integration.UplinkRelayRxInfo.toObject(includeInstance, f)
+    relayRxInfo: (f = msg.getRelayRxInfo()) && proto.integration.UplinkRelayRxInfo.toObject(includeInstance, f),
+    joinServerContext: (f = msg.getJoinServerContext()) && proto.integration.JoinServerContext.toObject(includeInstance, f)
   };
 
   if (includeInstance) {
@@ -1099,6 +1303,11 @@ proto.integration.UplinkEvent.deserializeBinaryFromReader = function(msg, reader
       reader.readMessage(value,proto.integration.UplinkRelayRxInfo.deserializeBinaryFromReader);
       msg.setRelayRxInfo(value);
       break;
+    case 15:
+      var value = new proto.integration.JoinServerContext;
+      reader.readMessage(value,proto.integration.JoinServerContext.deserializeBinaryFromReader);
+      msg.setJoinServerContext(value);
+      break;
     default:
       reader.skipField();
       break;
@@ -1232,6 +1441,14 @@ proto.integration.UplinkEvent.serializeBinaryToWriter = function(message, writer
       proto.integration.UplinkRelayRxInfo.serializeBinaryToWriter
     );
   }
+  f = message.getJoinServerContext();
+  if (f != null) {
+    writer.writeMessage(
+      15,
+      f,
+      proto.integration.JoinServerContext.serializeBinaryToWriter
+    );
+  }
 };
 
 
@@ -1626,6 +1843,43 @@ proto.integration.UplinkEvent.prototype.hasRelayRxInfo = function() {
 };
 
 
+/**
+ * optional JoinServerContext join_server_context = 15;
+ * @return {?proto.integration.JoinServerContext}
+ */
+proto.integration.UplinkEvent.prototype.getJoinServerContext = function() {
+  return /** @type{?proto.integration.JoinServerContext} */ (
+    jspb.Message.getWrapperField(this, proto.integration.JoinServerContext, 15));
+};
+
+
+/**
+ * @param {?proto.integration.JoinServerContext|undefined} value
+ * @return {!proto.integration.UplinkEvent} returns this
+*/
+proto.integration.UplinkEvent.prototype.setJoinServerContext = function(value) {
+  return jspb.Message.setWrapperField(this, 15, value);
+};
+
+
+/**
+ * Clears the message field making it undefined.
+ * @return {!proto.integration.UplinkEvent} returns this
+ */
+proto.integration.UplinkEvent.prototype.clearJoinServerContext = function() {
+  return this.setJoinServerContext(undefined);
+};
+
+
+/**
+ * Returns whether this field is set.
+ * @return {boolean}
+ */
+proto.integration.UplinkEvent.prototype.hasJoinServerContext = function() {
+  return jspb.Message.getField(this, 15) != null;
+};
+
+
 
 
 
@@ -1662,7 +1916,8 @@ proto.integration.JoinEvent.toObject = function(includeInstance, msg) {
     time: (f = msg.getTime()) && google_protobuf_timestamp_pb.Timestamp.toObject(includeInstance, f),
     deviceInfo: (f = msg.getDeviceInfo()) && proto.integration.DeviceInfo.toObject(includeInstance, f),
     devAddr: jspb.Message.getFieldWithDefault(msg, 4, ""),
-    relayRxInfo: (f = msg.getRelayRxInfo()) && proto.integration.UplinkRelayRxInfo.toObject(includeInstance, f)
+    relayRxInfo: (f = msg.getRelayRxInfo()) && proto.integration.UplinkRelayRxInfo.toObject(includeInstance, f),
+    joinServerContext: (f = msg.getJoinServerContext()) && proto.integration.JoinServerContext.toObject(includeInstance, f)
   };
 
   if (includeInstance) {
@@ -1722,6 +1977,11 @@ proto.integration.JoinEvent.deserializeBinaryFromReader = function(msg, reader)
       reader.readMessage(value,proto.integration.UplinkRelayRxInfo.deserializeBinaryFromReader);
       msg.setRelayRxInfo(value);
       break;
+    case 6:
+      var value = new proto.integration.JoinServerContext;
+      reader.readMessage(value,proto.integration.JoinServerContext.deserializeBinaryFromReader);
+      msg.setJoinServerContext(value);
+      break;
     default:
       reader.skipField();
       break;
@@ -1789,6 +2049,14 @@ proto.integration.JoinEvent.serializeBinaryToWriter = function(message, writer)
       proto.integration.UplinkRelayRxInfo.serializeBinaryToWriter
     );
   }
+  f = message.getJoinServerContext();
+  if (f != null) {
+    writer.writeMessage(
+      6,
+      f,
+      proto.integration.JoinServerContext.serializeBinaryToWriter
+    );
+  }
 };
 
 
@@ -1939,6 +2207,43 @@ proto.integration.JoinEvent.prototype.hasRelayRxInfo = function() {
 };
 
 
+/**
+ * optional JoinServerContext join_server_context = 6;
+ * @return {?proto.integration.JoinServerContext}
+ */
+proto.integration.JoinEvent.prototype.getJoinServerContext = function() {
+  return /** @type{?proto.integration.JoinServerContext} */ (
+    jspb.Message.getWrapperField(this, proto.integration.JoinServerContext, 6));
+};
+
+
+/**
+ * @param {?proto.integration.JoinServerContext|undefined} value
+ * @return {!proto.integration.JoinEvent} returns this
+*/
+proto.integration.JoinEvent.prototype.setJoinServerContext = function(value) {
+  return jspb.Message.setWrapperField(this, 6, value);
+};
+
+
+/**
+ * Clears the message field making it undefined.
+ * @return {!proto.integration.JoinEvent} returns this
+ */
+proto.integration.JoinEvent.prototype.clearJoinServerContext = function() {
+  return this.setJoinServerContext(undefined);
+};
+
+
+/**
+ * Returns whether this field is set.
+ * @return {boolean}
+ */
+proto.integration.JoinEvent.prototype.hasJoinServerContext = function() {
+  return jspb.Message.getField(this, 6) != null;
+};
+
+
 
 
 
@@ -4284,7 +4589,8 @@ proto.integration.LogCode = {
   UPLINK_MIC: 6,
   UPLINK_F_CNT_RETRANSMISSION: 7,
   DOWNLINK_GATEWAY: 8,
-  RELAY_NEW_END_DEVICE: 9
+  RELAY_NEW_END_DEVICE: 9,
+  F_CNT_DOWN: 10
 };
 
 goog.object.extend(exports, proto.integration);