directory

package
v0.0.0-...-11acf48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 22, 2018 License: BSD-3-Clause Imports: 7 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ConiksDirectory 

type ConiksDirectory struct {
	// contains filtered or unexported fields
}

A ConiksDirectory maintains the underlying persistent authenticated dictionary (PAD) and its policies (i.e. epoch deadline, VRF public key, etc.).

The current implementation of ConiksDirectory also keeps track of temporary bindings (TBs). This feature may be split into a separate protocol extension in a future release.

func New 

func New(epDeadline protocol.Timestamp, vrfKey vrf.PrivateKey,
	signKey sign.PrivateKey, dirSize uint64, useTBs bool) *ConiksDirectory

New constructs a new ConiksDirectory given the key server's PAD policies (i.e. epDeadline, vrfKey).

signKey is the private key the key server uses to generate signed tree roots (STRs) and TBs. dirSize indicates the number of PAD snapshots the server keeps in memory. useTBs indicates whether the key server returns TBs upon a successful registration.

func NewTestDirectory 

func NewTestDirectory(t *testing.T) *ConiksDirectory

NewTestDirectory creates a ConiksDirectory used for testing server-side CONIKS operations.

func (*ConiksDirectory) EpochDeadline 

func (d *ConiksDirectory) EpochDeadline() protocol.Timestamp

EpochDeadline returns this ConiksDirectory's latest epoch deadline as a timestamp.

func (*ConiksDirectory) GetSTRHistory 

func (d *ConiksDirectory) GetSTRHistory(req *protocol.STRHistoryRequest) *protocol.Response

GetSTRHistory gets the directory snapshots for the epoch range indicated in the STRHistoryRequest req received from a CONIKS auditor. The response (which also includes the error code) is supposed to be sent back to the auditor.

A request with a start epoch greater than the latest epoch of this directory, or a start epoch greater than the end epoch is considered malformed, and causes GetSTRHistory() to return a message.NewErrorResponse(ErrMalformedMessage). GetSTRHistory() returns a message.NewSTRHistoryRange(strs). strs is a list of STRs for the epoch range [startEpoch, endEpoch], where startEpoch and endEpoch are the epoch range endpoints indicated in the client's request. If req.endEpoch is greater than d.LatestSTR().Epoch, the end of the range will be set to d.LatestSTR().Epoch.

func (*ConiksDirectory) KeyLookup 

func (d *ConiksDirectory) KeyLookup(req *protocol.KeyLookupRequest) *protocol.Response

KeyLookup gets the public key for the username indicated in the KeyLookupRequest req received from a CONIKS client from the latest snapshot of this ConiksDirectory, and returns a protocol.Response. The response (which also includes the error code) is supposed to be sent back to the client.

A request without a username is considered malformed, and causes KeyLookup() to return a message.NewErrorResponse(ErrMalformedMessage). If the username doesn't have an entry in the latest directory snapshot and also isn't pending registration (i.e. has a corresponding TB), KeyLookup() returns a message.NewKeyLookupProof(ap=proof of absence, str, nil, ReqNameNotFound). Otherwise, KeyLookup() returns a message.NewKeyLookupProof(ap=proof of absence, str, tb, ReqSuccess) if there is a corresponding TB for the username, but there isn't an entry in the directory yet, and a a message.NewKeyLookupProof(ap=proof of inclusion, str, nil, ReqSuccess) if there is. In any case, str is the signed tree root for the latest epoch. If KeyLookup() encounters an internal error at any point, it returns a message.NewErrorResponse(ErrDirectory).

func (*ConiksDirectory) KeyLookupInEpoch 

func (d *ConiksDirectory) KeyLookupInEpoch(req *protocol.KeyLookupInEpochRequest) *protocol.Response

KeyLookupInEpoch gets the public key for the username for a prior epoch in the directory history indicated in the KeyLookupInEpochRequest req received from a CONIKS client, and returns a protocol.Response. The response (which also includes the error code) is supposed to be sent back to the client.

A request without a username or with an epoch greater than the latest epoch of this directory is considered malformed, and causes KeyLookupInEpoch() to return a message.NewErrorResponse(ErrMalformedMessage). If the username doesn't have an entry in the directory snapshot for the indicated epoch, KeyLookupInEpoch() returns a message.NewKeyLookupInEpochProof(ap=proof of absence, str, ReqNameNotFound). Otherwise, KeyLookupInEpoch() returns a message.NewKeyLookupInEpochProof(ap=proof of inclusion, str, ReqSuccess). In either case, str is a list of STRs for the epoch range [ep, d.LatestSTR().Epoch], where ep is the past epoch for which the client has requested the user's key. KeyLookupInEpoch() proofs do not include temporary bindings since the TB corresponding to a registered binding is discarded at the time the binding is included in a directory snapshot. If KeyLookupInEpoch() encounters an internal error at any point, it returns a message.NewErrorResponse(ErrDirectory).

func (*ConiksDirectory) LatestSTR 

func (d *ConiksDirectory) LatestSTR() *protocol.DirSTR

LatestSTR returns this ConiksDirectory's latest STR.

func (*ConiksDirectory) Monitor 

func (d *ConiksDirectory) Monitor(req *protocol.MonitoringRequest) *protocol.Response

Monitor gets the directory proofs for the username for the range of epochs indicated in the MonitoringRequest req received from a CONIKS client, and returns a protocol.Response. The response (which also includes the error code) is supposed to be sent back to the client.

A request without a username, with a start epoch greater than the latest epoch of this directory, or a start epoch greater than the end epoch is considered malformed, and causes Monitor() to return a message.NewErrorResponse(ErrMalformedMessage). Monitor() returns a message.NewMonitoringProof(ap, str). ap is a list of proofs of inclusion, and str is a list of STRs for the epoch range [startEpoch, endEpoch], where startEpoch and endEpoch are the epoch range endpoints indicated in the client's request. If req.endEpoch is greater than d.LatestSTR().Epoch, the end of the range will be set to d.LatestSTR().Epoch. If Monitor() encounters an internal error at any point, it returns a message.NewErrorResponse(ErrDirectory).

func (*ConiksDirectory) NewTB 

func (d *ConiksDirectory) NewTB(name string, key []byte) *protocol.TemporaryBinding

NewTB creates a new temporary binding for the given name-to-key mapping. NewTB() computes the private index for the name, and digitally signs the (index, key, latest STR signature) tuple.

func (*ConiksDirectory) Register 

func (d *ConiksDirectory) Register(req *protocol.RegistrationRequest) *protocol.Response

Register inserts the username-to-key mapping contained in a RegistrationRequest req received from a CONIKS client into this ConiksDirectory, and returns a protocol.Response. The response (which also includes the error code) is supposed to be sent back to the client.

A request without a username or without a public key is considered malformed, and causes Register() to return a message.NewErrorResponse(ErrMalformedMessage). Register() inserts the new mapping in req into a pending version of the directory so it can be included in the snapshot taken at the end of the latest epoch, and returns a message.NewRegistrationProof(ap=proof of absence, str, tb, ReqSuccess) if this operation succeeds. Otherwise, if the username already exists, Register() returns a message.NewRegistrationProof(ap=proof of inclusion, str, nil, ReqNameExisted). ap will be a proof of absence with a non-nil TB, if the username is still pending inclusion in the next directory snapshot. In any case, str is the signed tree root for the latest epoch. If Register() encounters an internal error at any point, it returns a message.NewErrorResponse(ErrDirectory).

func (*ConiksDirectory) SetPolicies 

func (d *ConiksDirectory) SetPolicies(epDeadline protocol.Timestamp)

SetPolicies sets this ConiksDirectory's epoch deadline, which will be used in the next epoch.

func (*ConiksDirectory) Update 

func (d *ConiksDirectory) Update()

Update creates a new PAD snapshot updating this ConiksDirectory. Update() is called at the end of a CONIKS epoch. This implementation also deletes all issued TBs for the ending epoch as their corresponding mappings will have been inserted into the PAD.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.