trc

package
v0.0.0-...-c8fc2fc Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 2, 2018 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source
const (
	MaxTRCByteLength uint32 = 1 << 20

	// Error strings
	EarlyUsage          = "Creation time in the future"
	EarlyAnnouncement   = "Early announcement"
	Expired             = "TRC expired"
	GracePeriodPassed   = "TRC grace period has passed"
	InactiveVersion     = "Inactive TRC version"
	InvalidCreationTime = "Invalid TRC creation time"
	InvalidISD          = "Invalid TRC ISD"
	InvalidQuorum       = "Not enough valid signatures"
	InvalidVersion      = "Invalid TRC version"
	ReservedVersion     = "Invalid version 0"
	SignatureMissing    = "Signature missing"
	UnableSigPack       = "TRC: Unable to create signature input"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Addr

type Addr struct {
	// IA is the ISD-AS.
	IA *addr.ISD_AS
	// IP is the IP.
	IP net.IP
}

Addr is the (ISD-AS IP)-tuple used for entity addresses in the TRC file.

func (*Addr) MarshalJSON

func (a *Addr) MarshalJSON() ([]byte, error)

func (*Addr) ParseString

func (a *Addr) ParseString(addr_ string) error

ParseString parses a string of the format "ISD-AS IP" and sets the struct fields accordingly.

func (*Addr) String

func (a *Addr) String() string

func (*Addr) UnmarshalJSON

func (a *Addr) UnmarshalJSON(b []byte) error

type CertLog

type CertLog struct {

	// Addr is the address of the cert log server.
	Addr *Addr
	// Certificate is the public key certificate.
	Certificate common.RawBytes
}

CertLog is the cert log server entry.

func (*CertLog) MarshalJSON

func (c *CertLog) MarshalJSON() ([]byte, error)

func (*CertLog) UnmarshalJSON

func (c *CertLog) UnmarshalJSON(b []byte) error

type CoreAS

type CoreAS struct {

	// OfflineKey is the offline verification key.
	OfflineKey common.RawBytes
	// OfflineKeyAlg is the offline key signing algorithm.
	OfflineKeyAlg string
	// OnlineKey is the online verification key.
	OnlineKey common.RawBytes
	// OnlineKeyAlg is the online key singing algorithm.
	OnlineKeyAlg string
}

CoreAS is the core AS entry.

type Key

type Key struct {
	ISD uint16
	Ver uint64
}

func NewKey

func NewKey(isd uint16, ver uint64) *Key

func (*Key) String

func (k *Key) String() string

type Rains

type Rains struct {

	// OnlineKey is the online verification key.
	OnlineKey common.RawBytes `json:",omitempty"`
	// OnlineKeyAlg is the online key signing algorithm.
	OnlineKeyAlg string `json:",omitempty"`
	// RootRAINSKey is the root rains key
	RootRAINSKey common.RawBytes `json:",omitempty"`
	// TRCSrv is a list of servers, which handle TRC signing requests.
	TRCSrv []*Addr `json:",omitempty"`
}

Rains is the rains entry.

type RootCA

type RootCA struct {

	// ARPKIKey is the arpki key.
	ARPKIKey common.RawBytes
	// ARPKISrv is a list of arpki server addresses.
	ARPKISrv []*Addr
	// Certificate is a public key certificate
	Certificate common.RawBytes
	// OnlineKey is the online verification key.
	OnlineKey common.RawBytes
	// OnlineKeyAlg is the online key signing algorithm.
	OnlineKeyAlg string
	// TRCSrv is a list of servers, which handle TRC signing requests.
	TRCSrv []*Addr
}

RootCA is the root CA entry.

type TRC

type TRC struct {
	// CertLogs is a map from end-entity certificate logs to their addresses and public-key
	// certificate.
	CertLogs map[string]*CertLog
	// CoreASes is a map from core ASes to their online and offline key.
	CoreASes map[addr.ISD_AS]*CoreAS
	// CreationTime is the unix timestamp in seconds at which the TRC was created.
	CreationTime uint64
	// Description is an human-readable description of the ISD.
	Description string
	// ExpirationTime is the unix timestamp in seconds at which the TRC expires.
	ExpirationTime uint64
	// GracePeriod is the period during which the TRC is valid after creation of a new TRC in
	// seconds.
	GracePeriod uint64
	// ISD is the integer identifier from 1 to 4095.
	ISD uint16
	// Quarantine describes if the TRC is an early announcement (true) or valid (false).
	Quarantine bool
	// QuorumCAs is the quorum of root CAs required to change e RootCAs, CertLogs,
	// ThresholdEEPKI, and QuorumCAs.
	QuorumCAs uint32
	// QuorumTRC is the quorum of core ASes required to sign a new TRC.
	QuorumTRC uint32
	// Rains is the Rains entry.
	RAINS *Rains
	// RootCAs is a map from root CA names to their RootCA entry.
	RootCAs map[string]*RootCA
	// Signatures is a map from entity names to their signatures.
	Signatures map[string]common.RawBytes `json:",omitempty"`
	// ThresholdEEPKI is the threshold number of trusted parties (CAs and one log) required to
	// assert a domain’s policy.
	ThresholdEEPKI uint32
	// Version is the version number of the TRC. The value 0 is reserved and shall not be used.
	Version uint64
}

func TRCFromRaw

func TRCFromRaw(raw common.RawBytes, lz4_ bool) (*TRC, error)

func (*TRC) CheckActive

func (t *TRC) CheckActive(maxTRC *TRC) error

CheckActive checks if TRC is active and can be used for certificate chain verification. MaxTRC is the newest active TRC of the same ISD which we know of.

func (*TRC) Compress

func (t *TRC) Compress() (common.RawBytes, error)

Compress compresses the JSON generated from the TRC using lz4 block mode and prepends the original length (4 bytes, little endian, unsigned). This is necessary, since the python lz4 library expects this format.

func (*TRC) CoreASList

func (t *TRC) CoreASList() []*addr.ISD_AS

CoreASList returns a list of core ASes' addresses.

func (*TRC) IsdVer

func (t *TRC) IsdVer() (uint16, uint64)

func (*TRC) JSON

func (t *TRC) JSON(indent bool) ([]byte, error)

func (*TRC) Key

func (t *TRC) Key() *Key

func (*TRC) Sign

func (t *TRC) Sign(name string, signKey common.RawBytes, signAlgo string) error

Sign adds signature to the TRC. The signature is computed over the TRC without the signature map.

func (*TRC) String

func (t *TRC) String() string

func (*TRC) Verify

func (t *TRC) Verify(trust *TRC) (*TRCVerResult, error)

Verify checks the validity of the TRC based on a trusted TRC. The trusted TRC can either be the direct predecessor TRC or a cross signing TRC.

type TRCVerResult

type TRCVerResult struct {
	Quorum   uint32
	Verified []*addr.ISD_AS
	Failed   map[*addr.ISD_AS]error
}

TRCVerResult is the result of verifying core AS signatures.

func (*TRCVerResult) QuorumOk

func (tvr *TRCVerResult) QuorumOk() bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL