Documentation
¶
Overview ¶
Package node implements common node identity routines.
Index ¶
- Constants
- Variables
- type Address
- type Capabilities
- type CapabilityTEE
- type ConsensusAddress
- type ConsensusInfo
- type EndorsedCapabilityTEE
- type MultiSignedNode
- type Node
- type P2PInfo
- type RolesMask
- type Runtime
- type SGXAttestation
- type SGXConstraints
- type SoftwareVersion
- type TEEFeatures
- type TEEFeaturesSGX
- type TEEHardware
- type TLSAddress
- type TLSInfo
- type VRFInfo
Constants ¶
const ( // RoleComputeWorker is the compute worker role. RoleComputeWorker RolesMask = 1 << 0 // RoleObserver is the observer role. RoleObserver RolesMask = 1 << 1 // RoleKeyManager is the the key manager role. RoleKeyManager RolesMask = 1 << 2 // RoleValidator is the validator role. RoleValidator RolesMask = 1 << 3 // RoleStorageRPC is the public storage RPC services worker role. RoleStorageRPC RolesMask = 1 << 5 // RoleReserved are all the bits of the Oasis node roles bitmask // that are reserved and must not be used. RoleReserved RolesMask = ((1<<32)-1) & ^((RoleStorageRPC<<1)-1) | roleReserved3 RoleComputeWorkerName = "compute" RoleObserverName = "observer" RoleKeyManagerName = "key-manager" RoleValidatorName = "validator" RoleStorageRPCName = "storage-rpc" )
const ( // LatestNodeDescriptorVersion is the latest node descriptor version that should be used for all // new descriptors. Using earlier versions may be rejected. LatestNodeDescriptorVersion = 3 )
const ( // LatestSGXAttestationVersion is the latest SGX attestation structure version that should be // used for all new descriptors. LatestSGXAttestationVersion = 1 )
const ( // LatestSGXConstraintsVersion is the latest SGX constraints structure version that should be // used for all new descriptors. LatestSGXConstraintsVersion = 1 )
Variables ¶
var ( // ErrInvalidAddress is the error returned when a transport address is // invalid. ErrInvalidAddress = errors.New("node: invalid transport address") // ErrConsensusAddressNoID is the error returned when a consensus address // doesn't have the ID@ part. ErrConsensusAddressNoID = errors.New("node: consensus address doesn't have ID@ part") // ErrTLSAddressNoPubKey is the error returned when a TLS address doesn't have the PubKey@ part. ErrTLSAddressNoPubKey = errors.New("node: TLS address missing PubKey@ part") )
Functions ¶
This section is empty.
Types ¶
type Address ¶
Address represents a TCP address for the purpose of node descriptors.
func (*Address) MarshalText ¶
MarshalText implements the encoding.TextMarshaler interface.
func (*Address) UnmarshalText ¶
UnmarshalText implements the encoding.TextUnmarshaler interface.
type Capabilities ¶
type Capabilities struct {
// TEE is the capability of a node executing batches in a TEE.
TEE *CapabilityTEE `json:"tee,omitempty"`
}
Capabilities represents a node's capabilities.
type CapabilityTEE ¶
type CapabilityTEE struct {
// TEE hardware type.
Hardware TEEHardware `json:"hardware"`
// Runtime attestation key.
RAK signature.PublicKey `json:"rak"`
// Runtime encryption key.
REK *x25519.PublicKey `json:"rek,omitempty"`
// Attestation.
Attestation []byte `json:"attestation"`
}
CapabilityTEE represents the node's TEE capability.
type ConsensusAddress ¶
type ConsensusAddress struct {
// ID is public key identifying the node.
ID signature.PublicKey `json:"id"`
// Address is the address at which the node can be reached.
Address Address `json:"address"`
}
ConsensusAddress represents a CometBFT consensus address that includes an ID and a TCP address. NOTE: The consensus address ID could be different from the consensus ID to allow using a sentry node's ID and address instead of the validator's.
func (*ConsensusAddress) MarshalText ¶
func (ca *ConsensusAddress) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface.
func (*ConsensusAddress) String ¶
func (ca *ConsensusAddress) String() string
String returns a string representation of a consensus address.
func (*ConsensusAddress) UnmarshalText ¶
func (ca *ConsensusAddress) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface.
type ConsensusInfo ¶
type ConsensusInfo struct {
// ID is the unique identifier of the node as a consensus member.
ID signature.PublicKey `json:"id"`
// Addresses is the list of addresses at which the node can be reached.
Addresses []ConsensusAddress `json:"addresses"`
}
ConsensusInfo contains information for connecting to this node as a consensus member.
type EndorsedCapabilityTEE ¶
type EndorsedCapabilityTEE struct {
// CapabilityTEE is the TEE capability structure to be endorsed.
CapabilityTEE CapabilityTEE `json:"capability_tee"`
// NodeEndorsement is the node endorsement signature.
NodeEndorsement signature.Signature `json:"node_endorsement"`
}
EndorsedCapabilityTEE is the endorsed CapabilityTEE structure.
Endorsement is needed for off-chain runtime components where their RAK is not published in the consensus layer and verification is part of the runtime itself. Via endorsement one can enforce policies like "only components executed by the current compute committee are authorized".
type MultiSignedNode ¶
type MultiSignedNode struct {
signature.MultiSigned
}
MultiSignedNode is a multi-signed blob containing a CBOR-serialized Node.
type Node ¶
type Node struct {
cbor.Versioned
// ID is the public key identifying the node.
ID signature.PublicKey `json:"id"`
// EntityID is the public key identifying the Entity controlling
// the node.
EntityID signature.PublicKey `json:"entity_id"`
// Expiration is the epoch in which this node's commitment expires.
Expiration uint64 `json:"expiration"`
// TLS contains information for connecting to this node via TLS.
TLS TLSInfo `json:"tls"`
// P2P contains information for connecting to this node via P2P.
P2P P2PInfo `json:"p2p"`
// Consensus contains information for connecting to this node as a
// consensus member.
Consensus ConsensusInfo `json:"consensus"`
// VRF contains information for this node's participation in VRF
// based elections.
VRF VRFInfo `json:"vrf"`
// Runtimes are the node's runtimes.
Runtimes []*Runtime `json:"runtimes"`
// Roles is a bitmask representing the node roles.
Roles RolesMask `json:"roles"`
// SoftwareVersion is the node's oasis-node software version.
SoftwareVersion SoftwareVersion `json:"software_version,omitempty"`
}
Node represents public connectivity information about an Oasis node.
func (*Node) UnmarshalCBOR ¶
UnmarshalCBOR is a custom deserializer that handles both V2 and V3 Node descriptors.
type P2PInfo ¶
type P2PInfo struct {
// ID is the unique identifier of the node on the P2P transport.
ID signature.PublicKey `json:"id"`
// Addresses is the list of addresses at which the node can be reached.
Addresses []Address `json:"addresses"`
}
P2PInfo contains information for connecting to this node via P2P transport.
type RolesMask ¶
type RolesMask uint32
RolesMask is Oasis node roles bitmask.
func (RolesMask) MarshalText ¶
MarshalText encodes a RolesMask into text form.
func (*RolesMask) UnmarshalText ¶
UnmarshalText decodes a text slice into a RolesMask.
type Runtime ¶
type Runtime struct {
// ID is the public key identifying the runtime.
ID common.Namespace `json:"id"`
// Version is the version of the runtime.
Version version.Version `json:"version"`
// Capabilities are the node's capabilities for a given runtime.
Capabilities Capabilities `json:"capabilities"`
// ExtraInfo is the extra per node + per runtime opaque data associated
// with the current instance.
ExtraInfo []byte `json:"extra_info"`
}
Runtime represents the runtimes supported by a given Oasis node.
type SGXAttestation ¶
type SGXAttestation struct {
cbor.Versioned
// Quote is an Intel SGX quote.
Quote quote.Quote `json:"quote"`
// Height is the runtime's view of the consensus layer height at the time of attestation.
Height uint64 `json:"height"`
// Signature is the signature of the attestation by the enclave (RAK).
Signature signature.RawSignature `json:"signature"`
}
SGXAttestation is an Intel SGX remote attestation.
func (*SGXAttestation) MarshalCBOR ¶
func (sa *SGXAttestation) MarshalCBOR() ([]byte, error)
MarshalCBOR is a custom serializer that handles different structure versions.
func (*SGXAttestation) UnmarshalCBOR ¶
func (sa *SGXAttestation) UnmarshalCBOR(data []byte) error
UnmarshalCBOR is a custom deserializer that handles different structure versions.
type SGXConstraints ¶
type SGXConstraints struct {
cbor.Versioned
// Enclaves is the allowed MRENCLAVE/MRSIGNER pairs.
Enclaves []sgx.EnclaveIdentity `json:"enclaves,omitempty"`
// Policy is the quote policy.
Policy *quote.Policy `json:"policy,omitempty"`
// MaxAttestationAge is the maximum attestation age (in blocks).
MaxAttestationAge uint64 `json:"max_attestation_age,omitempty"`
}
SGXConstraints are the Intel SGX TEE constraints.
func (*SGXConstraints) MarshalCBOR ¶
func (sc *SGXConstraints) MarshalCBOR() ([]byte, error)
MarshalCBOR is a custom serializer that handles different structure versions.
func (*SGXConstraints) UnmarshalCBOR ¶
func (sc *SGXConstraints) UnmarshalCBOR(data []byte) error
UnmarshalCBOR is a custom deserializer that handles different structure versions.
type SoftwareVersion ¶
type SoftwareVersion string
SoftwareVersion is the node's oasis-node software version.
type TEEFeatures ¶
type TEEFeatures struct {
// SGX contains the supported TEE features for Intel SGX.
SGX TEEFeaturesSGX `json:"sgx"`
// FreshnessProofs is a feature flag specifying whether ProveFreshness transactions are
// supported and processed, or ignored and handled as non-existing transactions.
FreshnessProofs bool `json:"freshness_proofs"`
}
TEEFeatures are the supported TEE features as advertised by the consensus layer.
type TEEFeaturesSGX ¶
type TEEFeaturesSGX struct {
// PCS is a feature flag specifying whether support for Platform Certification Service-based
// remote attestation is supported for Intel SGX-based TEEs.
PCS bool `json:"pcs"`
// SignedAttestations is a feature flag specifying whether attestations need to include an
// additional signature binding it to a specific node.
SignedAttestations bool `json:"signed_attestations,omitempty"`
// DefaultPolicy is the default quote policy.
DefaultPolicy *quote.Policy `json:"default_policy,omitempty"`
// DefaultMaxAttestationAge is the default maximum attestation age (in blocks).
DefaultMaxAttestationAge uint64 `json:"max_attestation_age,omitempty"`
}
TEEFeaturesSGX are the supported Intel SGX-specific TEE features.
type TEEHardware ¶
type TEEHardware uint8
TEEHardware is a TEE hardware implementation.
const ( // TEEHardwareInvalid is a non-TEE implementation. TEEHardwareInvalid TEEHardware = 0 // TEEHardwareIntelSGX is an Intel SGX TEE implementation. TEEHardwareIntelSGX TEEHardware = 1 // TEEHardwareReserved is the first reserved hardware implementation // identifier. All equal or greater identifiers are reserved. TEEHardwareReserved TEEHardware = TEEHardwareIntelSGX + 1 )
TEE Hardware implementations.
func (TEEHardware) String ¶
func (h TEEHardware) String() string
String returns the string representation of a TEEHardware.
type TLSAddress ¶
type TLSAddress struct {
// PubKey is the public key used for establishing TLS connections.
PubKey signature.PublicKey `json:"pub_key"`
// Address is the address at which the node can be reached.
Address Address `json:"address"`
}
TLSAddress represents an Oasis committee address that includes a TLS public key and a TCP address.
NOTE: The address TLS public key can be different from the actual node TLS public key to allow using a sentry node's addresses.
func (*TLSAddress) MarshalText ¶
func (ta *TLSAddress) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface.
func (*TLSAddress) String ¶
func (ta *TLSAddress) String() string
String returns a string representation of a TLS address.
func (*TLSAddress) UnmarshalText ¶
func (ta *TLSAddress) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface.
Source Files