node

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 1, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package node implements common node identity routines.

Index

Constants

View Source
const (
	// RoleComputeWorker is the compute worker role.
	RoleComputeWorker RolesMask = 1 << 0
	// RoleObserver is the observer role.
	RoleObserver RolesMask = 1 << 1
	// RoleKeyManager is the the key manager role.
	RoleKeyManager RolesMask = 1 << 2
	// RoleValidator is the validator role.
	RoleValidator RolesMask = 1 << 3

	// RoleStorageRPC is the public storage RPC services worker role.
	RoleStorageRPC RolesMask = 1 << 5

	// RoleReserved are all the bits of the Oasis node roles bitmask
	// that are reserved and must not be used.
	RoleReserved RolesMask = ((1<<32)-1) & ^((RoleStorageRPC<<1)-1) | roleReserved3

	RoleComputeWorkerName = "compute"
	RoleObserverName      = "observer"
	RoleKeyManagerName    = "key-manager"
	RoleValidatorName     = "validator"
	RoleStorageRPCName    = "storage-rpc"
)
View Source
const (
	// LatestNodeDescriptorVersion is the latest node descriptor version that should be used for all
	// new descriptors. Using earlier versions may be rejected.
	LatestNodeDescriptorVersion = 3
)
View Source
const (
	// LatestSGXAttestationVersion is the latest SGX attestation structure version that should be
	// used for all new descriptors.
	LatestSGXAttestationVersion = 1
)
View Source
const (
	// LatestSGXConstraintsVersion is the latest SGX constraints structure version that should be
	// used for all new descriptors.
	LatestSGXConstraintsVersion = 1
)

Variables

View Source
var (
	// ErrInvalidAddress is the error returned when a transport address is
	// invalid.
	ErrInvalidAddress = errors.New("node: invalid transport address")
	// ErrConsensusAddressNoID is the error returned when a consensus address
	// doesn't have the ID@ part.
	ErrConsensusAddressNoID = errors.New("node: consensus address doesn't have ID@ part")
	// ErrTLSAddressNoPubKey is the error returned when a TLS address doesn't have the PubKey@ part.
	ErrTLSAddressNoPubKey = errors.New("node: TLS address missing PubKey@ part")
)

Functions

This section is empty.

Types

type Address

type Address struct {
	IP   net.IP `json:"IP"`
	Port int64  `json:"Port"`
	Zone string `json:"Zone"`
}

Address represents a TCP address for the purpose of node descriptors.

func (*Address) MarshalText

func (a *Address) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface.

func (Address) String

func (a Address) String() string

String returns the string representation of an address.

func (*Address) UnmarshalText

func (a *Address) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface.

type Capabilities

type Capabilities struct {
	// TEE is the capability of a node executing batches in a TEE.
	TEE *CapabilityTEE `json:"tee,omitempty"`
}

Capabilities represents a node's capabilities.

type CapabilityTEE

type CapabilityTEE struct {
	// TEE hardware type.
	Hardware TEEHardware `json:"hardware"`

	// Runtime attestation key.
	RAK signature.PublicKey `json:"rak"`

	// Runtime encryption key.
	REK *x25519.PublicKey `json:"rek,omitempty"`

	// Attestation.
	Attestation []byte `json:"attestation"`
}

CapabilityTEE represents the node's TEE capability.

type ConsensusAddress

type ConsensusAddress struct {
	// ID is public key identifying the node.
	ID signature.PublicKey `json:"id"`
	// Address is the address at which the node can be reached.
	Address Address `json:"address"`
}

ConsensusAddress represents a CometBFT consensus address that includes an ID and a TCP address. NOTE: The consensus address ID could be different from the consensus ID to allow using a sentry node's ID and address instead of the validator's.

func (*ConsensusAddress) MarshalText

func (ca *ConsensusAddress) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface.

func (*ConsensusAddress) String

func (ca *ConsensusAddress) String() string

String returns a string representation of a consensus address.

func (*ConsensusAddress) UnmarshalText

func (ca *ConsensusAddress) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface.

type ConsensusInfo

type ConsensusInfo struct {
	// ID is the unique identifier of the node as a consensus member.
	ID signature.PublicKey `json:"id"`

	// Addresses is the list of addresses at which the node can be reached.
	Addresses []ConsensusAddress `json:"addresses"`
}

ConsensusInfo contains information for connecting to this node as a consensus member.

type EndorsedCapabilityTEE

type EndorsedCapabilityTEE struct {
	// CapabilityTEE is the TEE capability structure to be endorsed.
	CapabilityTEE CapabilityTEE `json:"capability_tee"`

	// NodeEndorsement is the node endorsement signature.
	NodeEndorsement signature.Signature `json:"node_endorsement"`
}

EndorsedCapabilityTEE is the endorsed CapabilityTEE structure.

Endorsement is needed for off-chain runtime components where their RAK is not published in the consensus layer and verification is part of the runtime itself. Via endorsement one can enforce policies like "only components executed by the current compute committee are authorized".

type MultiSignedNode

type MultiSignedNode struct {
	signature.MultiSigned
}

MultiSignedNode is a multi-signed blob containing a CBOR-serialized Node.

type Node

type Node struct {
	cbor.Versioned

	// ID is the public key identifying the node.
	ID signature.PublicKey `json:"id"`

	// EntityID is the public key identifying the Entity controlling
	// the node.
	EntityID signature.PublicKey `json:"entity_id"`

	// Expiration is the epoch in which this node's commitment expires.
	Expiration uint64 `json:"expiration"`

	// TLS contains information for connecting to this node via TLS.
	TLS TLSInfo `json:"tls"`

	// P2P contains information for connecting to this node via P2P.
	P2P P2PInfo `json:"p2p"`

	// Consensus contains information for connecting to this node as a
	// consensus member.
	Consensus ConsensusInfo `json:"consensus"`

	// VRF contains information for this node's participation in VRF
	// based elections.
	VRF VRFInfo `json:"vrf"`

	// Runtimes are the node's runtimes.
	Runtimes []*Runtime `json:"runtimes"`

	// Roles is a bitmask representing the node roles.
	Roles RolesMask `json:"roles"`

	// SoftwareVersion is the node's oasis-node software version.
	SoftwareVersion SoftwareVersion `json:"software_version,omitempty"`
}

Node represents public connectivity information about an Oasis node.

func (*Node) String

func (n *Node) String() string

String returns a string representation of itself.

func (*Node) UnmarshalCBOR

func (n *Node) UnmarshalCBOR(data []byte) error

UnmarshalCBOR is a custom deserializer that handles both V2 and V3 Node descriptors.

type P2PInfo

type P2PInfo struct {
	// ID is the unique identifier of the node on the P2P transport.
	ID signature.PublicKey `json:"id"`

	// Addresses is the list of addresses at which the node can be reached.
	Addresses []Address `json:"addresses"`
}

P2PInfo contains information for connecting to this node via P2P transport.

type RolesMask

type RolesMask uint32

RolesMask is Oasis node roles bitmask.

func (RolesMask) MarshalText

func (m RolesMask) MarshalText() ([]byte, error)

MarshalText encodes a RolesMask into text form.

func (RolesMask) String

func (m RolesMask) String() string

func (*RolesMask) UnmarshalText

func (m *RolesMask) UnmarshalText(text []byte) error

UnmarshalText decodes a text slice into a RolesMask.

type Runtime

type Runtime struct {
	// ID is the public key identifying the runtime.
	ID common.Namespace `json:"id"`

	// Version is the version of the runtime.
	Version version.Version `json:"version"`

	// Capabilities are the node's capabilities for a given runtime.
	Capabilities Capabilities `json:"capabilities"`

	// ExtraInfo is the extra per node + per runtime opaque data associated
	// with the current instance.
	ExtraInfo []byte `json:"extra_info"`
}

Runtime represents the runtimes supported by a given Oasis node.

type SGXAttestation

type SGXAttestation struct {
	cbor.Versioned

	// Quote is an Intel SGX quote.
	Quote quote.Quote `json:"quote"`

	// Height is the runtime's view of the consensus layer height at the time of attestation.
	Height uint64 `json:"height"`

	// Signature is the signature of the attestation by the enclave (RAK).
	Signature signature.RawSignature `json:"signature"`
}

SGXAttestation is an Intel SGX remote attestation.

func (*SGXAttestation) MarshalCBOR

func (sa *SGXAttestation) MarshalCBOR() ([]byte, error)

MarshalCBOR is a custom serializer that handles different structure versions.

func (*SGXAttestation) UnmarshalCBOR

func (sa *SGXAttestation) UnmarshalCBOR(data []byte) error

UnmarshalCBOR is a custom deserializer that handles different structure versions.

type SGXConstraints

type SGXConstraints struct {
	cbor.Versioned

	// Enclaves is the allowed MRENCLAVE/MRSIGNER pairs.
	Enclaves []sgx.EnclaveIdentity `json:"enclaves,omitempty"`

	// Policy is the quote policy.
	Policy *quote.Policy `json:"policy,omitempty"`

	// MaxAttestationAge is the maximum attestation age (in blocks).
	MaxAttestationAge uint64 `json:"max_attestation_age,omitempty"`
}

SGXConstraints are the Intel SGX TEE constraints.

func (*SGXConstraints) MarshalCBOR

func (sc *SGXConstraints) MarshalCBOR() ([]byte, error)

MarshalCBOR is a custom serializer that handles different structure versions.

func (*SGXConstraints) UnmarshalCBOR

func (sc *SGXConstraints) UnmarshalCBOR(data []byte) error

UnmarshalCBOR is a custom deserializer that handles different structure versions.

type SoftwareVersion

type SoftwareVersion string

SoftwareVersion is the node's oasis-node software version.

type TEEFeatures

type TEEFeatures struct {
	// SGX contains the supported TEE features for Intel SGX.
	SGX TEEFeaturesSGX `json:"sgx"`

	// FreshnessProofs is a feature flag specifying whether ProveFreshness transactions are
	// supported and processed, or ignored and handled as non-existing transactions.
	FreshnessProofs bool `json:"freshness_proofs"`
}

TEEFeatures are the supported TEE features as advertised by the consensus layer.

type TEEFeaturesSGX

type TEEFeaturesSGX struct {
	// PCS is a feature flag specifying whether support for Platform Certification Service-based
	// remote attestation is supported for Intel SGX-based TEEs.
	PCS bool `json:"pcs"`

	// SignedAttestations is a feature flag specifying whether attestations need to include an
	// additional signature binding it to a specific node.
	SignedAttestations bool `json:"signed_attestations,omitempty"`

	// DefaultPolicy is the default quote policy.
	DefaultPolicy *quote.Policy `json:"default_policy,omitempty"`

	// DefaultMaxAttestationAge is the default maximum attestation age (in blocks).
	DefaultMaxAttestationAge uint64 `json:"max_attestation_age,omitempty"`
}

TEEFeaturesSGX are the supported Intel SGX-specific TEE features.

type TEEHardware

type TEEHardware uint8

TEEHardware is a TEE hardware implementation.

const (
	// TEEHardwareInvalid is a non-TEE implementation.
	TEEHardwareInvalid TEEHardware = 0
	// TEEHardwareIntelSGX is an Intel SGX TEE implementation.
	TEEHardwareIntelSGX TEEHardware = 1

	// TEEHardwareReserved is the first reserved hardware implementation
	// identifier. All equal or greater identifiers are reserved.
	TEEHardwareReserved TEEHardware = TEEHardwareIntelSGX + 1
)

TEE Hardware implementations.

func (TEEHardware) String

func (h TEEHardware) String() string

String returns the string representation of a TEEHardware.

type TLSAddress

type TLSAddress struct {
	// PubKey is the public key used for establishing TLS connections.
	PubKey signature.PublicKey `json:"pub_key"`

	// Address is the address at which the node can be reached.
	Address Address `json:"address"`
}

TLSAddress represents an Oasis committee address that includes a TLS public key and a TCP address.

NOTE: The address TLS public key can be different from the actual node TLS public key to allow using a sentry node's addresses.

func (*TLSAddress) MarshalText

func (ta *TLSAddress) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface.

func (*TLSAddress) String

func (ta *TLSAddress) String() string

String returns a string representation of a TLS address.

func (*TLSAddress) UnmarshalText

func (ta *TLSAddress) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface.

type TLSInfo

type TLSInfo struct {
	// PubKey is the public key used for establishing TLS connections.
	PubKey signature.PublicKey `json:"pub_key"`
}

TLSInfo contains information for connecting to this node via TLS.

type VRFInfo

type VRFInfo struct {
	// ID is the unique identifier of the node used to generate VRF proofs.
	ID signature.PublicKey `json:"id"`
}

VRFInfo contains information for this node's participation in VRF based elections.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL