trust

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 10, 2024 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrAlreadyExists indicates a file is ignored because the contents have
	// already been loaded previously.
	ErrAlreadyExists = serrors.New("already exists")
	// ErrOutsideValidity indicates a file is ignored because the current time
	// is outside of the certificates validity period.
	ErrOutsideValidity = serrors.New("outside validity")
)
View Source 
var ErrRecursionNotAllowed = serrors.New("recursion not allowed")

ErrRecursionNotAllowed indicates that recursion is not allowed.

Functions

func LastExpiring added in v0.11.0 

func LastExpiring[T interface{ Validity() cppki.Validity }](
	signers []T, validity cppki.Validity,
) (T, error)

LastExpiring returns the Signer with the latest expiration time that covers the given validity. If no signer is found an error is returned.

Types

type ASLocalRecurser 

type ASLocalRecurser struct {
	IA addr.IA
}

ASLocalRecurser allows AS local addresses to start recursive requests.

func (ASLocalRecurser) AllowRecursion 

func (r ASLocalRecurser) AllowRecursion(peer net.Addr) error

AllowRecursion returns an error if address is not part of the local AS (or if the check cannot be made).

type Attribute 

type Attribute int

Attribute indicates the capability of a primary AS. 

const (
	// Any indicates a primary AS with any attribute.
	Any Attribute = 0
	// Authoritative indicates an authoritative AS.
	Authoritative Attribute = 1 << iota
	// Core indicates a core AS.
	Core
	// RootCA indicates a root CA AS.
	RootCA
)

func (Attribute) IsSubset 

func (a Attribute) IsSubset(super Attribute) bool

IsSubset indicates if these attributes are a subset of the provided attributes.

func (Attribute) String 

func (a Attribute) String() string

type AuthRouter 

type AuthRouter struct {
	ISD    addr.ISD
	Router snet.Router
	DB     DB
}

AuthRouter routes requests for missing crypto material to the authoritative ASes of the appropriate ISD.

TODO(roosd): Add implementation of snet.Router that routes to authoritative AS.

func (AuthRouter) ChooseServer 

func (r AuthRouter) ChooseServer(ctx context.Context, subjectISD addr.ISD) (net.Addr, error)

ChooseServer builds a CS address for crypto with the subject in a given ISD.

  • a local authoritative CS if subject is ISD-local.
  • a local authoritative CS if subject is in remote ISD, but no active TRC is available.
  • a remote authoritative CS otherwise.

type CachingInspector 

type CachingInspector struct {
	Inspector Inspector

	// Cache keeps track of recently used certificates. If nil no cache is used.
	// This API is experimental.
	Cache              *cache.Cache
	CacheHits          libmetrics.Counter
	MaxCacheExpiration time.Duration
}

CachingInspector caches the results for a certain amount of time.

func (CachingInspector) ByAttributes 

func (i CachingInspector) ByAttributes(ctx context.Context, isd addr.ISD,
	attrs Attribute) ([]addr.IA, error)

ByAttributes returns a list of primary ASes in the specified ISD that hold all the requested attributes. If no attribute is specified, all primary ASes are returned.

func (CachingInspector) HasAttributes 

func (i CachingInspector) HasAttributes(ctx context.Context, ia addr.IA,
	attrs Attribute) (bool, error)

HasAttributes indicates whether an AS holds all the specified attributes. The first return value is always false for non-primary ASes.

type ChainQuery 

type ChainQuery struct {
	// IA is the ISD-AS identifier that must be part of the AS certificate's
	// subject.
	IA addr.IA
	// SubjectKeyID identifies the subject key that the AS certificate must
	// authenticate.
	SubjectKeyID []byte
	// Validity is the validity period of the chain. A certificate c fulfills
	// the validity requirement if c.not_before <= Validity.not_before and
	// c.not_after >= Validity.not_after.
	Validity cppki.Validity
}

ChainQuery identifies a set of chains that need to be looked up.

func (ChainQuery) MarshalJSON 

func (q ChainQuery) MarshalJSON() ([]byte, error)

MarshalJSON marshals the chain query for well formated log output.

type DB 

type DB interface {
	// Chains looks up all chains that match the query.
	Chains(context.Context, ChainQuery) ([][]*x509.Certificate, error)
	// InsertChain inserts the given chain.
	InsertChain(context.Context, []*x509.Certificate) (bool, error)

	// SignedTRC looks up the TRC identified by the id.
	SignedTRC(ctx context.Context, id cppki.TRCID) (cppki.SignedTRC, error)
	// InsertTRC inserts the given TRC. Returns true if the TRC was not yet in
	// the DB.
	InsertTRC(ctx context.Context, trc cppki.SignedTRC) (bool, error)
}

DB is the database interface for trust material.

type DBInspector 

type DBInspector struct {
	DB DB
}

DBInspector gives insight about primary ASes of a given ISD based on the TRC that is stored in the DB.

func (DBInspector) ByAttributes 

func (i DBInspector) ByAttributes(ctx context.Context, isd addr.ISD,
	attrs Attribute) ([]addr.IA, error)

ByAttributes returns a list of primary ASes in the specified ISD that hold all the requested attributes. If no attribute is specified, all primary ASes are returned.

func (DBInspector) HasAttributes 

func (i DBInspector) HasAttributes(
	ctx context.Context,
	ia addr.IA,
	attrs Attribute,
) (bool, error)

HasAttributes indicates whether an AS holds all the specified attributes. The first return value is always false for non-primary ASes.

type Engine 

type Engine struct {
	// Inspector determines the attributes of an AS inside its ISD.
	Inspector
	// Provider provides verified crypto material.
	Provider
	DB DB
}

Engine keeps the SCION control-plane going.

The engines is in charge of verifying control-plane messages based on the control-plane PKI. To that end, the engine keeps track of crypto material, such as CP certificates and TRCs, and resolves them where appropriate.

The engine is composed of multiple parts, each with its own set of responsibilities.

type Fetcher 

type Fetcher interface {
	// Chains fetches certificate chains that match the query from the remote.
	Chains(ctx context.Context, req ChainQuery, server net.Addr) ([][]*x509.Certificate, error)
	// TRC fetches a specific TRC from the remote.
	TRC(ctx context.Context, id cppki.TRCID, server net.Addr) (cppki.SignedTRC, error)
}

Fetcher fetches trust material from a remote.

type FetchingProvider 

type FetchingProvider struct {
	DB       DB
	Recurser Recurser
	Fetcher  Fetcher
	Router   Router
}

FetchingProvider provides crypto material. The fetching provider is capable of fetching missing crypto material over the network.

func (FetchingProvider) GetChains 

func (p FetchingProvider) GetChains(ctx context.Context, query ChainQuery,
	opts ...Option) ([][]*x509.Certificate, error)

GetChains returns certificate chains that match the chain query. If no chain is locally available, they are resolved over the network.

By default, this only returns chains that are verifiable against the currently active TRCs, even if the the query date is set to a value in the past. To allow chains that are no longer verifiable using the active TRC, but that were verifiable in the past, set the AllowInactive option.

Currently, there is no use case for fetching inactive certificate chains from a remote and verifying them against a no-longer active TRC. For simplicity, this feature is not implemented. Thus, certificate chains that are fetched over the network that are not verifiable against the active TRCs are ignored, even if the AllowInactive option is set.

func (FetchingProvider) GetSignedTRC 

func (p FetchingProvider) GetSignedTRC(ctx context.Context, id cppki.TRCID,
	opts ...Option) (cppki.SignedTRC, error)

GetSignedTRC returns the signed TRC. Currently, this method only uses the DB and doesn't recurse over the network. TODO(lukedirtwalker): add recursing functionality.

func (FetchingProvider) NotifyTRC 

func (p FetchingProvider) NotifyTRC(ctx context.Context, id cppki.TRCID, opts ...Option) error

NotifyTRC notifies the provider of the existence of a TRC. This method only fails in case of a DB, network or verification error.

type Inspector 

type Inspector interface {
	// ByAttributes returns a list of primary ASes in the specified ISD that
	// hold all the requested attributes. If no attribute is specified, all
	// primary ASes are returned.
	ByAttributes(ctx context.Context, isd addr.ISD, attrs Attribute) ([]addr.IA, error)
	// HasAttributes indicates whether an AS holds all the specified attributes.
	// The first return value is always false for non-primary ASes.
	HasAttributes(ctx context.Context, ia addr.IA, attrs Attribute) (bool, error)
}

Inspector gives insights into the primary ASes of a given ISD.

A primary AS is an AS that holds one of the following attributes:

  • authoritative
  • core
  • root CA

type KeyRing 

type KeyRing interface {
	PrivateKeys(ctx context.Context) ([]crypto.Signer, error)
}

KeyRing provides private keys.

type LoadResult 

type LoadResult struct {
	Loaded  []string
	Ignored map[string]error
}

LoadResult indicates which files were loaded, which files were ignored.

func LoadChains 

func LoadChains(ctx context.Context, dir string, db DB) (LoadResult, error)

LoadChains loads all *.pem files located in a directory in the database after validating first that each one is a valid CP certificate chains. All *.pem files that are not valid chains are ignored.

func LoadTRCs 

func LoadTRCs(ctx context.Context, dir string, db DB) (LoadResult, error)

LoadTRCs loads all *.trc located in a directory in the database. This function exits on the first encountered error. TRCs with a not before time in the future are ignored.

This function is not recommended for repeated use as it will read all TRC files in a directory on every invocation. Consider using a TRCLoader if you want to monitor a directory for new TRCs.

type LocalOnlyRecurser 

type LocalOnlyRecurser struct{}

LocalOnlyRecurser returns an error if the address is not nil.

func (LocalOnlyRecurser) AllowRecursion 

func (r LocalOnlyRecurser) AllowRecursion(peer net.Addr) error

AllowRecursion returns an error if the address is not nil.

type LocalRouter 

type LocalRouter struct {
	IA addr.IA
}

LocalRouter routes requests to the local CS.

func (LocalRouter) ChooseServer 

func (r LocalRouter) ChooseServer(_ context.Context, _ addr.ISD) (net.Addr, error)

ChooseServer always routes to the local CS.

type NeverRecurser added in v0.12.0 

type NeverRecurser struct{}

func (NeverRecurser) AllowRecursion added in v0.12.0 

func (r NeverRecurser) AllowRecursion(peer net.Addr) error

type Option 

type Option func(o *options)

Option is a function that sets an option.

func AllowInactive 

func AllowInactive() Option

AllowInactive allows chains that are verifiable with TRCs that are no longer active.

func Client 

func Client(client net.Addr) Option

Client sets the client that spawned the query. This lets the provider decide whether recursive resolution is allowed.

func Server 

func Server(server net.Addr) Option

Server sets the server that should be queried in case of a crypto material resolution.

type Provider 

type Provider interface {
	// NotifyTRC notifies a provider of the existence of a TRC. When a signature
	// metadata is received that contains base and serial number, this method
	// should be invoked.
	NotifyTRC(context.Context, cppki.TRCID, ...Option) error
	// GetChains returns certificate chains that match the chain query. If no
	// chain is locally available, the provider can resolve them over the
	// network. By default, the provider only returns certificate chains that
	// are verifiable with the currently active TRCs. To configure the behavior,
	// options can be provided.
	GetChains(context.Context, ChainQuery, ...Option) ([][]*x509.Certificate, error)
	// GetSignedTRC returns the TRC with the given ID. If the TRC is not
	// available, the provider can resolve it over the network.
	GetSignedTRC(context.Context, cppki.TRCID, ...Option) (cppki.SignedTRC, error)
}

Provider provides crypto material. A crypto provider can spawn network requests if necessary and permitted.

type Recurser 

type Recurser interface {
	// AllowRecursion indicates whether the recursion is allowed for the
	// provided Peer. Recursions started by the local trust store have a nil
	// address and should generally be allowed. The nil value indicates
	// recursion is allowed. Non-nil return values indicate that recursion is
	// not allowed and specify the reason.
	AllowRecursion(peer net.Addr) error
}

Recurser decides whether a recursive request is permitted for a given peer. For infra services use either ASLocalRecurser or LocalOnlyRecurser.

type Router 

type Router interface {
	// ChooseServer determines the remote server for trust material with the
	// subject in the provided ISD.
	ChooseServer(ctx context.Context, subjectISD addr.ISD) (net.Addr, error)
}

Router builds the CS address for crypto material with the subject in a given ISD.

type Signer 

type Signer struct {
	PrivateKey    crypto.Signer
	Algorithm     signed.SignatureAlgorithm
	IA            addr.IA
	Subject       pkix.Name
	Chain         []*x509.Certificate
	SubjectKeyID  []byte
	Expiration    time.Time
	TRCID         cppki.TRCID
	ChainValidity cppki.Validity
	InGrace       bool
}

Signer is used to sign control plane messages with the AS private key.

func (Signer) Equal 

func (s Signer) Equal(o Signer) bool

func (Signer) Sign 

func (s Signer) Sign(
	ctx context.Context,
	msg []byte,
	associatedData ...[]byte,
) (*cryptopb.SignedMessage, error)

Sign signs the message with the associated data and returns a SignedMessage protobuf payload. The associated data is not included in the header or body of the signed message.

func (Signer) SignCMS 

func (s Signer) SignCMS(ctx context.Context, msg []byte) ([]byte, error)

SignCMS signs the message and returns a CMS/PKCS7 encoded payload.

func (Signer) Validity added in v0.11.0 

func (s Signer) Validity() cppki.Validity

type SignerGen 

type SignerGen struct {
	IA      addr.IA
	KeyRing KeyRing
	DB      DB // FIXME(roosd): Eventually this should use a crypto provider

	// ExtKeyUsage filters the available certificates for specific key usage types.
	// If ExtKeyUsage is not ExtKeyUsageAny, Generate will return a Signer with
	// a certificate supporting this usage type (if one exists).
	ExtKeyUsage x509.ExtKeyUsage
}

SignerGen generates signers from the keys available in key dir.

func (SignerGen) Generate 

func (s SignerGen) Generate(ctx context.Context) ([]Signer, error)

Generate fetches private keys from the key ring and searches active certificate chains that authenticate the corresponding public key. The returned signer uses the private key which is backed by the certificate chain with the highest expiration time.

type TLSCryptoVerifier added in v0.9.0 

type TLSCryptoVerifier struct {
	DB      DB
	Timeout time.Duration
}

TLSCryptoVerifier implements callbacks which will be called during TLS handshake.

func NewTLSCryptoVerifier added in v0.9.0 

func NewTLSCryptoVerifier(db DB) *TLSCryptoVerifier

NewTLSCryptoVerifier returns a new instance with the defaultTimeout.

func (*TLSCryptoVerifier) VerifyClientCertificate added in v0.9.0 

func (v *TLSCryptoVerifier) VerifyClientCertificate(
	rawCerts [][]byte,
	_ [][]*x509.Certificate,
) error

VerifyClientCertificate verifies the certificate presented by the client using the CP-PKI.

func (*TLSCryptoVerifier) VerifyConnection added in v0.9.0 

func (v *TLSCryptoVerifier) VerifyConnection(cs tls.ConnectionState) error

VerifyConnection callback is intended to be used by the client to verify that the certificate presented by the server matches the server name the client is trying to connect to.

func (*TLSCryptoVerifier) VerifyParsedClientCertificate added in v0.9.0 

func (v *TLSCryptoVerifier) VerifyParsedClientCertificate(
	chain []*x509.Certificate,
) (addr.IA, error)

VerifyParsedClientCertificate verifies the certificate presented by the client using the CP-PKI. If the certificate is valid, returns the subject IA.

func (*TLSCryptoVerifier) VerifyServerCertificate added in v0.9.0 

func (v *TLSCryptoVerifier) VerifyServerCertificate(
	rawCerts [][]byte,
	_ [][]*x509.Certificate,
) error

VerifyServerCertificate verifies the certificate presented by the server using the CP-PKI.

type TRCLoader added in v0.12.0 

type TRCLoader struct {
	Dir string
	DB  DB
	// contains filtered or unexported fields
}

TRCLoader loads TRCs from a directory and stores them in the database. It tracks files that it has already loaded and does not load them again.

func (*TRCLoader) Load added in v0.12.0 

func (l *TRCLoader) Load(ctx context.Context) (LoadResult, error)

Load loads all TRCs from the directory into database. Files that have been loaded by a previous Load invocation are silently ignored.

type Verifier 

type Verifier struct {
	// BoundIA when non-zero makes sure that only a signature originated from that IA
	// can be valid.
	BoundIA addr.IA
	// BoundServer binds a remote server to ask for missing crypto material.
	BoundServer net.Addr
	// BoundValidity binds the verifier to only use certificates that are valid
	// at the specified time.
	BoundValidity cppki.Validity
	// Engine provides verified certificate chains.
	Engine Provider

	// Cache keeps track of recently used certificates. If nil no cache is used.
	// This API is experimental.
	Cache              *cache.Cache
	CacheHits          libmetrics.Counter
	MaxCacheExpiration time.Duration
}

Verifier is used to verify control plane messages using the AS cert stored in the database.

func (Verifier) Verify 

func (v Verifier) Verify(ctx context.Context, signedMsg *cryptopb.SignedMessage,
	associatedData ...[]byte) (*signed.Message, error)

Verify verifies the signature of the msg.

Source Files

View all Source files

Directories

Path Synopsis
internal
metrics
Package mock_trust is a generated GoMock package.
 Package mock_trust is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.