coname

package module
v0.0.0-...-f17c261 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 8, 2015 License: Apache-2.0 Imports: 9 Imported by: 0

README

This repository contains a WORK-IN-PROGRESS implementation of an EXPERIMENTAL cooperative keyserver design based on ideas from dename (readme, code, talk) and CONIKS (paper, code). NO STABILITY is offered: things that are very likely going to change include the network protocol, the implementation, the internal interfaces, the import path, and the name. Sometime in the future this implementation might reach feature (and performance) parity with dename, along with a CONIKS-like username privacy layer and high-availability curated namespaces.

development

You need a Golang development environment, a protocol buffer schema parser (protoc) that understands protobuf3 , Go protobuf3 libraries, the gogoprotobuf code generation tool and grpc for Go. On Arch Linux this comes down to pacman -S go, aura -Ak protobuf3, go get github.com/yahoo/coname/... github.com/andres-erbsen/tlstestutil.

disclaimer

As this project includes code (from dename) that I wrote and released as open source when I was employed by Google, here is a little disclaimer that I was asked to attach to the code: This is not a Google project.

Documentation

Index

Constants

View Source 
const (
	HashBytes  = 32
	IndexBytes = 32
	IndexBits  = IndexBytes * 8
)
View Source 
const (
	InternalNodeIdentifier = 'I'
	LeafIdentifier         = 'L'
	EmptyBranchIdentifier  = 'E'
)

Variables

This section is empty.

Functions

func BitToIndex 

func BitToIndex(b bool) int

func CheckCommitment 

func CheckCommitment(commitment []byte, profile *proto.EncodedProfile) bool

func CheckQuorum 

func CheckQuorum(want *proto.QuorumExpr, have map[uint64]struct{}) bool

CheckQuorum evaluates whether the quorum requirement want can be satisfied by ratifications of the verifiers in have. want, have : &const // none of the inputs are modified

func GetRealmByDomain 

func GetRealmByDomain(cfg *proto.Config, domain string) (ret *proto.RealmConfig, err error)

func GetRealmByUser 

func GetRealmByUser(cfg *proto.Config, user string) (*proto.RealmConfig, error)

func HashEmptyBranch 

func HashEmptyBranch(treeNonce []byte, prefixBits []bool) []byte

This is the same as in the CONIKS paper. H(k_empty || nonce || prefix || depth)

func HashInternalNode 

func HashInternalNode(prefixBits []bool, childHashes *[2][HashBytes]byte) []byte

Differences from the CONIKS paper:

  • Add an identifier byte at the beginning to make it impossible for this to collide with leaves or empty branches.
  • Add the prefix of the index, to protect against limited hash collisions or bugs.

This gives H(k_internal || h_child0 || h_child1 || prefix || depth)

func HashLeaf 

func HashLeaf(treeNonce []byte, indexBytes []byte, depth int, value []byte) []byte

This is the same as in the CONIKS paper: H(k_leaf || nonce || index || depth || value)

func ListQuorum 

func ListQuorum(e *proto.QuorumExpr, out map[uint64]struct{}) map[uint64]struct{}

ListQuorum inserts all verifiers mentioned in e to out. If out is nil, a new map is allocated. ListQuorum is NOT intended to be used for implementing quorum verification, use CheckQuorum instead. e : &const out : *mut map mut // both the map and its contents can be modified arbitrarily

func RecomputeHash 

func RecomputeHash(treeNonce []byte, node MerkleNode) ([]byte, error)

func ToBits 

func ToBits(num int, bs []byte) []bool

In each byte, the bits are ordered MSB to LSB

func ToBytes 

func ToBytes(bits []bool) []byte

In each byte, the bits are ordered MSB to LSB

func TreeLookup 

func TreeLookup(root MerkleNode, indexBytes []byte) (value []byte, err error)

TreeLookup looks up the entry at a particular index in the snapshot.

func VerifyConsensus 

func VerifyConsensus(rcg *proto.RealmConfig, ratifications []*proto.SignedEpochHead, now time.Time) (root []byte, err error)

func VerifyLookup 

func VerifyLookup(cfg *proto.Config, user string, pf *proto.LookupProof, now time.Time) (keys map[string][]byte, err error)

func VerifyPolicy 

func VerifyPolicy(policy *proto.AuthorizationPolicy, action []byte, evidence map[uint64][]byte) bool

VerifyPolicy returns whether, by policy, action is justified by evidence. Evidence is in the form of digital signatures denoting agreement, and the policy contains public keys and a quorum rule. policy, action, evidence : &const // none of the inputs are modified NOTE: This does not work for verifier signatures on epoch heads because the signed contents will differ in their timestamps.

func VerifySignature 

func VerifySignature(pk *proto.PublicKey, message []byte, sig []byte) bool

VerifySignature returns true iff sig is a valid signature of message by verifier. pk, message, sig : &const // none of the inputs are modified

func VerifyUpdate 

func VerifyUpdate(current *proto.Entry, update *proto.SignedEntryUpdate) error

VerifyUpdate returns nil iff replacing entry current (nil if none) with next is justified given the evidence in update. Globally deterministic. current, update : &const // none of the inputs are modified

Types

type MerkleNode 

type MerkleNode interface {
	IsEmpty() bool

	IsLeaf() bool
	Depth() int

	// For intermediate nodes
	ChildHash(rightChild bool) []byte
	Child(rightChild bool) (MerkleNode, error)

	// For leaves
	Index() []byte
	Value() []byte
}

type ReconstructedNode 

type ReconstructedNode struct {
	// contains filtered or unexported fields
}

func ReconstructTree 

func ReconstructTree(trace *proto.TreeProof, lookupIndexBits []bool) (*ReconstructedNode, error)

func (*ReconstructedNode) Child 

func (n *ReconstructedNode) Child(rightChild bool) (MerkleNode, error)

func (*ReconstructedNode) ChildHash 

func (n *ReconstructedNode) ChildHash(rightChild bool) []byte

func (*ReconstructedNode) Depth 

func (n *ReconstructedNode) Depth() int

func (*ReconstructedNode) Index 

func (n *ReconstructedNode) Index() []byte

func (*ReconstructedNode) IsEmpty 

func (n *ReconstructedNode) IsEmpty() bool

func (*ReconstructedNode) IsLeaf 

func (n *ReconstructedNode) IsLeaf() bool

func (*ReconstructedNode) Value 

func (n *ReconstructedNode) Value() []byte

Source Files

View all Source files

Directories

Path Synopsis
Package ed25519 implements the Ed25519 signature algorithm.
 Package ed25519 implements the Ed25519 signature algorithm.
edwards25519
Package edwards25519 implements operations in GF(2**255-19) and on an Edwards curve that is isomorphic to curve25519.
 Package edwards25519 implements operations in GF(2**255-19) and on an Edwards curve that is isomorphic to curve25519.
extra25519
deploy
dkim
kv
Package kv contains a generic interface for key-value databases with support for batch writes.
 Package kv contains a generic interface for key-value databases with support for batch writes.
kv/leveldbkv
Package leveldbkv implements the kv interface using leveldb
 Package leveldbkv implements the kv interface using leveldb
kv/logkv
kv/tracekv
Package tracekv implements a tracing wrapper for kv.DB
 Package tracekv implements a tracing wrapper for kv.DB
main
merkletree
replication
replication/kvlog
replication/raftlog
replication/raftlog/nettestutil
replication/raftlog/proto
Package proto is a generated protocol buffer package.
 Package proto is a generated protocol buffer package.
Package proto is a generated protocol buffer package.
 Package proto is a generated protocol buffer package.
protoc-gen-coname
Package vrf implements a verifiable random function using the Edwards form of Curve25519, SHA3 and the Elligator map.
 Package vrf implements a verifiable random function using the Edwards form of Curve25519, SHA3 and the Elligator map.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.