Documentation ¶
Overview ¶
Package node implements common node identity routines.
This package is meant for interoperability with the rust compute worker.
Index ¶
- Constants
- Variables
- func RAKHash(rak signature.PublicKey) hash.Hash
- type Address
- type BeaconInfo
- type Capabilities
- type CapabilityTEE
- type ConsensusAddress
- type ConsensusInfo
- type MultiSignedNode
- type Node
- func (n *Node) AddOrUpdateRuntime(id common.Namespace) *Runtime
- func (n *Node) AddRoles(r RolesMask)
- func (n *Node) GetRuntime(id common.Namespace) *Runtime
- func (n *Node) HasRoles(r RolesMask) bool
- func (n *Node) IsExpired(epoch uint64) bool
- func (n *Node) OnlyHasRoles(r RolesMask) bool
- func (n *Node) String() string
- func (n *Node) ValidateBasic(strictVersion bool) error
- type P2PInfo
- type RolesMask
- type Runtime
- type TEEHardware
- type TLSAddress
- type TLSInfo
Constants ¶
const ( // LatestNodeDescriptorVersion is the latest node descriptor version that should be used for all // new descriptors. Using earlier versions may be rejected. LatestNodeDescriptorVersion = 1 )
Variables ¶
var ( // ErrInvalidAddress is the error returned when a transport address is // invalid. ErrInvalidAddress = errors.New("node: invalid transport address") // ErrConsensusAddressNoID is the error returned when a consensus address // doesn't have the ID@ part. ErrConsensusAddressNoID = errors.New("node: consensus address doesn't have ID@ part") // ErrTLSAddressNoPubKey is the error returned when a TLS address doesn't have the PubKey@ part. ErrTLSAddressNoPubKey = errors.New("node: TLS address missing PubKey@ part") )
var ( // ErrInvalidTEEHardware is the error returned when a TEE hardware // implementation is invalid. ErrInvalidTEEHardware = errors.New("node: invalid TEE implementation") // ErrRAKHashMismatch is the error returned when the TEE attestation // does not contain the node's RAK hash. ErrRAKHashMismatch = errors.New("node: RAK hash mismatch") // ErrBadEnclaveIdentity is the error returned when the TEE enclave // identity doesn't match the required values. ErrBadEnclaveIdentity = errors.New("node: bad TEE enclave identity") )
Functions ¶
Types ¶
type Address ¶
Address represents a TCP address for the purpose of node descriptors.
func (*Address) IsRoutable ¶
IsRoutable returns true iff the address is likely to be globally routable.
func (*Address) MarshalText ¶
MarshalText implements the encoding.TextMarshaler interface.
func (*Address) UnmarshalText ¶
UnmarshalText implements the encoding.TextUnmarshaler interface.
type BeaconInfo ¶ added in v0.2012.5
type BeaconInfo struct { // Point is the elliptic curve point used for the PVSS algorithm. Point pvss.Point `json:"point"` }
BeaconInfo contains information for this node's participation in the random beacon protocol.
type Capabilities ¶
type Capabilities struct { // TEE is the capability of a node executing batches in a TEE. TEE *CapabilityTEE `json:"tee,omitempty"` }
Capabilities represents a node's capabilities.
type CapabilityTEE ¶
type CapabilityTEE struct { // TEE hardware type. Hardware TEEHardware `json:"hardware"` // Runtime attestation key. RAK signature.PublicKey `json:"rak"` // Attestation. Attestation []byte `json:"attestation"` }
CapabilityTEE represents the node's TEE capability.
type ConsensusAddress ¶
type ConsensusAddress struct { // ID is public key identifying the node. ID signature.PublicKey `json:"id"` // Address is the address at which the node can be reached. Address Address `json:"address"` }
ConsensusAddress represents a Tendermint consensus address that includes an ID and a TCP address. NOTE: The consensus address ID could be different from the consensus ID to allow using a sentry node's ID and address instead of the validator's.
func (*ConsensusAddress) MarshalText ¶
func (ca *ConsensusAddress) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface.
func (*ConsensusAddress) String ¶
func (ca *ConsensusAddress) String() string
String returns a string representation of a consensus address.
func (*ConsensusAddress) UnmarshalText ¶
func (ca *ConsensusAddress) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface.
type ConsensusInfo ¶
type ConsensusInfo struct { // ID is the unique identifier of the node as a consensus member. ID signature.PublicKey `json:"id"` // Addresses is the list of addresses at which the node can be reached. Addresses []ConsensusAddress `json:"addresses"` }
ConsensusInfo contains information for connecting to this node as a consensus member.
type MultiSignedNode ¶
type MultiSignedNode struct {
signature.MultiSigned
}
MultiSignedNode is a multi-signed blob containing a CBOR-serialized Node.
func MultiSignNode ¶
func MultiSignNode(signers []signature.Signer, context signature.Context, node *Node) (*MultiSignedNode, error)
MultiSignNode serializes the Node and multi-signs the result.
func (*MultiSignedNode) Open ¶
func (s *MultiSignedNode) Open(context signature.Context, node *Node) error
Open first verifies the blob signatures and then unmarshals the blob.
func (MultiSignedNode) PrettyPrint ¶
PrettyPrint writes a pretty-printed representation of the type to the given writer.
func (MultiSignedNode) PrettyType ¶
func (s MultiSignedNode) PrettyType() (interface{}, error)
PrettyType returns a representation of the type that can be used for pretty printing.
type Node ¶
type Node struct { cbor.Versioned // ID is the public key identifying the node. ID signature.PublicKey `json:"id"` // EntityID is the public key identifying the Entity controlling // the node. EntityID signature.PublicKey `json:"entity_id"` // Expiration is the epoch in which this node's commitment expires. Expiration uint64 `json:"expiration"` // TLS contains information for connecting to this node via TLS. TLS TLSInfo `json:"tls"` // P2P contains information for connecting to this node via P2P. P2P P2PInfo `json:"p2p"` // Consensus contains information for connecting to this node as a // consensus member. Consensus ConsensusInfo `json:"consensus"` // Beacon contains information for this node's participation // in the random beacon protocol. // // TODO: This is optional for now, make mandatory once enough // nodes provide this field. Beacon *BeaconInfo `json:"beacon,omitempty"` // Runtimes are the node's runtimes. Runtimes []*Runtime `json:"runtimes"` // Roles is a bitmask representing the node roles. Roles RolesMask `json:"roles"` }
Node represents public connectivity information about an Oasis node.
func (*Node) AddOrUpdateRuntime ¶
AddOrUpdateRuntime searches for an existing supported runtime descriptor in Runtimes and returns it. In case a runtime descriptor for the given runtime doesn't exist yet, a new one is created appended to the list of supported runtimes and returned.
func (*Node) GetRuntime ¶
GetRuntime searches for an existing supported runtime descriptor in Runtimes and returns it.
func (*Node) IsExpired ¶
IsExpired returns true if the node expiration epoch is strictly smaller than the passed (current) epoch.
func (*Node) OnlyHasRoles ¶
OnlyHasRoles checks if the node only has the specified roles and no others.
func (*Node) ValidateBasic ¶
ValidateBasic performs basic descriptor validity checks.
type P2PInfo ¶
type P2PInfo struct { // ID is the unique identifier of the node on the P2P transport. ID signature.PublicKey `json:"id"` // Addresses is the list of addresses at which the node can be reached. Addresses []Address `json:"addresses"` }
P2PInfo contains information for connecting to this node via P2P transport.
type RolesMask ¶
type RolesMask uint32
RolesMask is Oasis node roles bitmask.
const ( // RoleComputeWorker is the compute worker role. RoleComputeWorker RolesMask = 1 << 0 // RoleStorageWorker is the storage worker role. RoleStorageWorker RolesMask = 1 << 1 // RoleKeyManager is the the key manager role. RoleKeyManager RolesMask = 1 << 2 // RoleValidator is the validator role. RoleValidator RolesMask = 1 << 3 // RoleConsensusRPC is the public consensus RPC services worker role. RoleConsensusRPC RolesMask = 1 << 4 // RoleStorageRPC is the public storage RPC services worker role. RoleStorageRPC RolesMask = 1 << 5 // RoleReserved are all the bits of the Oasis node roles bitmask // that are reserved and must not be used. RoleReserved RolesMask = ((1 << 32) - 1) & ^((RoleStorageRPC << 1) - 1) )
func Roles ¶ added in v0.2012.3
func Roles() (roles []RolesMask)
Roles returns a list of available valid roles.
func (RolesMask) IsSingleRole ¶
IsSingleRole returns true if RolesMask encodes a single valid role.
type Runtime ¶
type Runtime struct { // ID is the public key identifying the runtime. ID common.Namespace `json:"id"` // Version is the version of the runtime. Version version.Version `json:"version"` // Capabilities are the node's capabilities for a given runtime. Capabilities Capabilities `json:"capabilities"` // ExtraInfo is the extra per node + per runtime opaque data associated // with the current instance. ExtraInfo []byte `json:"extra_info"` }
Runtime represents the runtimes supported by a given Oasis node.
type TEEHardware ¶
type TEEHardware uint8
TEEHardware is a TEE hardware implementation.
const ( // TEEHardwareInvalid is a non-TEE implementation. TEEHardwareInvalid TEEHardware = 0 // TEEHardwareIntelSGX is an Intel SGX TEE implementation. TEEHardwareIntelSGX TEEHardware = 1 // TEEHardwareReserved is the first reserved hardware implementation // identifier. All equal or greater identifiers are reserved. TEEHardwareReserved TEEHardware = TEEHardwareIntelSGX + 1 )
TEE Hardware implementations.
func (*TEEHardware) FromString ¶
func (h *TEEHardware) FromString(str string) error
FromString deserializes a string into a TEEHardware.
func (TEEHardware) String ¶
func (h TEEHardware) String() string
String returns the string representation of a TEEHardware.
type TLSAddress ¶
type TLSAddress struct { // PubKey is the public key used for establishing TLS connections. PubKey signature.PublicKey `json:"pub_key"` // Address is the address at which the node can be reached. Address Address `json:"address"` }
TLSAddress represents an Oasis committee address that includes a TLS public key and a TCP address.
NOTE: The address TLS public key can be different from the actual node TLS public key to allow using a sentry node's addresses.
func (*TLSAddress) Equal ¶
func (ta *TLSAddress) Equal(other *TLSAddress) bool
Equal compares vs another TLSAddress for equality.
func (*TLSAddress) MarshalText ¶
func (ta *TLSAddress) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface.
func (*TLSAddress) String ¶
func (ta *TLSAddress) String() string
String returns a string representation of a TLS address.
func (*TLSAddress) UnmarshalText ¶
func (ta *TLSAddress) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface.
type TLSInfo ¶
type TLSInfo struct { // PubKey is the public key used for establishing TLS connections. PubKey signature.PublicKey `json:"pub_key"` // NextPubKey is the public key that will be used for establishing TLS connections after // certificate rotation (if enabled). NextPubKey signature.PublicKey `json:"next_pub_key,omitempty"` // Addresses is the list of addresses at which the node can be reached. Addresses []TLSAddress `json:"addresses"` }
TLSInfo contains information for connecting to this node via TLS.