Documentation
¶
Overview ¶
Package node implements common node identity routines.
Index ¶
- Constants
- Variables
- type Address
- type Capabilities
- type CapabilityTEE
- type ConsensusAddress
- type ConsensusInfo
- type MultiSignedNode
- type Node
- type P2PInfo
- type RolesMask
- type Runtime
- type SGXAttestation
- type SGXConstraints
- type TEEFeatures
- type TEEFeaturesSGX
- type TEEHardware
- type TLSAddress
- type TLSInfo
- type VRFInfo
Constants ¶
const ( // RoleComputeWorker is the compute worker role. RoleComputeWorker RolesMask = 1 << 0 // RoleKeyManager is the the key manager role. RoleKeyManager RolesMask = 1 << 2 // RoleValidator is the validator role. RoleValidator RolesMask = 1 << 3 // RoleConsensusRPC is the public consensus RPC services worker role. RoleConsensusRPC RolesMask = 1 << 4 // RoleStorageRPC is the public storage RPC services worker role. RoleStorageRPC RolesMask = 1 << 5 // RoleReserved are all the bits of the Oasis node roles bitmask // that are reserved and must not be used. RoleReserved RolesMask = ((1<<32)-1) & ^((RoleStorageRPC<<1)-1) | roleReserved2 RoleComputeWorkerName = "compute" RoleKeyManagerName = "key-manager" RoleValidatorName = "validator" RoleConsensusRPCName = "consensus-rpc" RoleStorageRPCName = "storage-rpc" )
const ( // LatestNodeDescriptorVersion is the latest node descriptor version that should be used for all // new descriptors. Using earlier versions may be rejected. LatestNodeDescriptorVersion = 2 )
const ( // LatestSGXAttestationVersion is the latest SGX attestation structure version that should be // used for all new descriptors. LatestSGXAttestationVersion = 1 )
const ( // LatestSGXConstraintsVersion is the latest SGX constraints structure version that should be // used for all new descriptors. LatestSGXConstraintsVersion = 1 )
Variables ¶
var ( // ErrInvalidAddress is the error returned when a transport address is // invalid. ErrInvalidAddress = errors.New("node: invalid transport address") // ErrConsensusAddressNoID is the error returned when a consensus address // doesn't have the ID@ part. ErrConsensusAddressNoID = errors.New("node: consensus address doesn't have ID@ part") // ErrTLSAddressNoPubKey is the error returned when a TLS address doesn't have the PubKey@ part. ErrTLSAddressNoPubKey = errors.New("node: TLS address missing PubKey@ part") )
Functions ¶
This section is empty.
Types ¶
type Address ¶
Address represents a TCP address for the purpose of node descriptors.
func (*Address) MarshalText ¶
MarshalText implements the encoding.TextMarshaler interface.
func (*Address) UnmarshalText ¶
UnmarshalText implements the encoding.TextUnmarshaler interface.
type Capabilities ¶
type Capabilities struct {
// TEE is the capability of a node executing batches in a TEE.
TEE *CapabilityTEE `json:"tee,omitempty"`
}
Capabilities represents a node's capabilities.
type CapabilityTEE ¶
type CapabilityTEE struct {
// TEE hardware type.
Hardware TEEHardware `json:"hardware"`
// Runtime attestation key.
RAK signature.PublicKey `json:"rak"`
// Attestation.
Attestation []byte `json:"attestation"`
}
CapabilityTEE represents the node's TEE capability.
type ConsensusAddress ¶
type ConsensusAddress struct {
// ID is public key identifying the node.
ID signature.PublicKey `json:"id"`
// Address is the address at which the node can be reached.
Address Address `json:"address"`
}
ConsensusAddress represents a Tendermint consensus address that includes an ID and a TCP address. NOTE: The consensus address ID could be different from the consensus ID to allow using a sentry node's ID and address instead of the validator's.
func (*ConsensusAddress) MarshalText ¶
func (ca *ConsensusAddress) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface.
func (*ConsensusAddress) String ¶
func (ca *ConsensusAddress) String() string
String returns a string representation of a consensus address.
func (*ConsensusAddress) UnmarshalText ¶
func (ca *ConsensusAddress) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface.
type ConsensusInfo ¶
type ConsensusInfo struct {
// ID is the unique identifier of the node as a consensus member.
ID signature.PublicKey `json:"id"`
// Addresses is the list of addresses at which the node can be reached.
Addresses []ConsensusAddress `json:"addresses"`
}
ConsensusInfo contains information for connecting to this node as a consensus member.
type MultiSignedNode ¶
type MultiSignedNode struct {
signature.MultiSigned
}
MultiSignedNode is a multi-signed blob containing a CBOR-serialized Node.
type Node ¶
type Node struct {
cbor.Versioned
// ID is the public key identifying the node.
ID signature.PublicKey `json:"id"`
// EntityID is the public key identifying the Entity controlling
// the node.
EntityID signature.PublicKey `json:"entity_id"`
// Expiration is the epoch in which this node's commitment expires.
Expiration uint64 `json:"expiration"`
// TLS contains information for connecting to this node via TLS.
TLS TLSInfo `json:"tls"`
// P2P contains information for connecting to this node via P2P.
P2P P2PInfo `json:"p2p"`
// Consensus contains information for connecting to this node as a
// consensus member.
Consensus ConsensusInfo `json:"consensus"`
// VRF contains information for this node's participation in VRF
// based elections.
VRF *VRFInfo `json:"vrf,omitempty"`
// DeprecatedBeacon contains information for this node's
// participation in the old PVSS based random beacon protocol.
DeprecatedBeacon cbor.RawMessage `json:"beacon,omitempty"`
// Runtimes are the node's runtimes.
Runtimes []*Runtime `json:"runtimes"`
// Roles is a bitmask representing the node roles.
Roles RolesMask `json:"roles"`
// SoftwareVersion is the node's oasis-node software version.
SoftwareVersion string `json:"software_version,omitempty"`
}
Node represents public connectivity information about an Oasis node.
func (*Node) UnmarshalCBOR ¶
UnmarshalCBOR is a custom deserializer that handles both v1 and v2 Node structures.
type P2PInfo ¶
type P2PInfo struct {
// ID is the unique identifier of the node on the P2P transport.
ID signature.PublicKey `json:"id"`
// Addresses is the list of addresses at which the node can be reached.
Addresses []Address `json:"addresses"`
}
P2PInfo contains information for connecting to this node via P2P transport.
type RolesMask ¶
type RolesMask uint32
RolesMask is Oasis node roles bitmask.
func (RolesMask) MarshalText ¶
MarshalText encodes a RolesMask into text form.
func (*RolesMask) UnmarshalText ¶
UnmarshalText decodes a text slice into a RolesMask.
type Runtime ¶
type Runtime struct {
// ID is the public key identifying the runtime.
ID common.Namespace `json:"id"`
// Version is the version of the runtime.
Version version.Version `json:"version"`
// Capabilities are the node's capabilities for a given runtime.
Capabilities Capabilities `json:"capabilities"`
// ExtraInfo is the extra per node + per runtime opaque data associated
// with the current instance.
ExtraInfo []byte `json:"extra_info"`
}
Runtime represents the runtimes supported by a given Oasis node.
type SGXAttestation ¶
type SGXAttestation struct {
cbor.Versioned
// Quote is an Intel SGX quote.
Quote quote.Quote `json:"quote"`
// Height is the runtime's view of the consensus layer height at the time of attestation.
Height uint64 `json:"height"`
// Signature is the signature of the attestation by the enclave (RAK).
Signature signature.RawSignature `json:"signature"`
}
SGXAttestation is an Intel SGX remote attestation.
func (*SGXAttestation) MarshalCBOR ¶
func (sa *SGXAttestation) MarshalCBOR() ([]byte, error)
MarshalCBOR is a custom serializer that handles different structure versions.
func (*SGXAttestation) UnmarshalCBOR ¶
func (sa *SGXAttestation) UnmarshalCBOR(data []byte) error
UnmarshalCBOR is a custom deserializer that handles different structure versions.
type SGXConstraints ¶
type SGXConstraints struct {
cbor.Versioned
// Enclaves is the allowed MRENCLAVE/MRSIGNER pairs.
Enclaves []sgx.EnclaveIdentity `json:"enclaves,omitempty"`
// Policy is the quote policy.
Policy *quote.Policy `json:"policy,omitempty"`
// MaxAttestationAge is the maximum attestation age (in blocks).
MaxAttestationAge uint64 `json:"max_attestation_age,omitempty"`
}
SGXConstraints are the Intel SGX TEE constraints.
func (*SGXConstraints) MarshalCBOR ¶
func (sc *SGXConstraints) MarshalCBOR() ([]byte, error)
MarshalCBOR is a custom serializer that handles different structure versions.
func (*SGXConstraints) UnmarshalCBOR ¶
func (sc *SGXConstraints) UnmarshalCBOR(data []byte) error
UnmarshalCBOR is a custom deserializer that handles different structure versions.
type TEEFeatures ¶
type TEEFeatures struct {
// SGX contains the supported TEE features for Intel SGX.
SGX TEEFeaturesSGX `json:"sgx"`
// FreshnessProofs is a feature flag specifying whether ProveFreshness transactions are
// supported and processed, or ignored and handled as non-existing transactions.
FreshnessProofs bool `json:"freshness_proofs"`
}
TEEFeatures are the supported TEE features as advertised by the consensus layer.
type TEEFeaturesSGX ¶
type TEEFeaturesSGX struct {
// PCS is a feature flag specifying whether support for Platform Certification Service-based
// remote attestation is supported for Intel SGX-based TEEs.
PCS bool `json:"pcs"`
// SignedAttestations is a feature flag specifying whether attestations need to include an
// additional signature binding it to a specific node.
SignedAttestations bool `json:"signed_attestations,omitempty"`
// DefaultPolicy is the default quote policy.
DefaultPolicy *quote.Policy `json:"default_policy,omitempty"`
// DefaultMaxAttestationAge is the default maximum attestation age (in blocks).
DefaultMaxAttestationAge uint64 `json:"max_attestation_age,omitempty"`
}
TEEFeaturesSGX are the supported Intel SGX-specific TEE features.
type TEEHardware ¶
type TEEHardware uint8
TEEHardware is a TEE hardware implementation.
const ( // TEEHardwareInvalid is a non-TEE implementation. TEEHardwareInvalid TEEHardware = 0 // TEEHardwareIntelSGX is an Intel SGX TEE implementation. TEEHardwareIntelSGX TEEHardware = 1 // TEEHardwareReserved is the first reserved hardware implementation // identifier. All equal or greater identifiers are reserved. TEEHardwareReserved TEEHardware = TEEHardwareIntelSGX + 1 )
TEE Hardware implementations.
func (TEEHardware) String ¶
func (h TEEHardware) String() string
String returns the string representation of a TEEHardware.
type TLSAddress ¶
type TLSAddress struct {
// PubKey is the public key used for establishing TLS connections.
PubKey signature.PublicKey `json:"pub_key"`
// Address is the address at which the node can be reached.
Address Address `json:"address"`
}
TLSAddress represents an Oasis committee address that includes a TLS public key and a TCP address.
NOTE: The address TLS public key can be different from the actual node TLS public key to allow using a sentry node's addresses.
func (*TLSAddress) MarshalText ¶
func (ta *TLSAddress) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface.
func (*TLSAddress) String ¶
func (ta *TLSAddress) String() string
String returns a string representation of a TLS address.
func (*TLSAddress) UnmarshalText ¶
func (ta *TLSAddress) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface.
type TLSInfo ¶
type TLSInfo struct {
// PubKey is the public key used for establishing TLS connections.
PubKey signature.PublicKey `json:"pub_key"`
// NextPubKey is the public key that will be used for establishing TLS connections after
// certificate rotation (if enabled).
NextPubKey signature.PublicKey `json:"next_pub_key,omitempty"`
// Addresses is the list of addresses at which the node can be reached.
Addresses []TLSAddress `json:"addresses"`
}
TLSInfo contains information for connecting to this node via TLS.
Source Files