trc

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 27, 2018 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source
const (
	InvalidNumFields     = "Invalid number of fields"
	MissingField         = "Missing json field"
	UnableValidateFields = "Unable to validate fields"
)
View Source
const (
	MaxTRCByteLength uint32 = 1 << 20

	// Error strings
	EarlyUsage          = "Creation time in the future"
	EarlyAnnouncement   = "Early announcement"
	Expired             = "TRC expired"
	GracePeriodPassed   = "TRC grace period has passed"
	InactiveVersion     = "Inactive TRC version"
	InvalidCreationTime = "Invalid TRC creation time"
	InvalidISD          = "Invalid TRC ISD"
	InvalidQuorum       = "Not enough valid signatures"
	InvalidVersion      = "Invalid TRC version"
	ReservedVersion     = "Invalid version 0"
	SignatureMissing    = "Signature missing"
	UnableSigPack       = "TRC: Unable to create signature input"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Addr

type Addr struct {
	// IA is the ISD-AS.
	IA addr.IA
	// IP is the IP.
	IP net.IP
}

Addr is the (ISD-AS IP)-tuple used for entity addresses in the TRC file.

func (*Addr) MarshalJSON

func (a *Addr) MarshalJSON() ([]byte, error)

func (*Addr) ParseString

func (a *Addr) ParseString(addr_ string) error

ParseString parses a string of the format "ISD-AS IP" and sets the struct fields accordingly.

func (*Addr) String

func (a *Addr) String() string

func (*Addr) UnmarshalJSON

func (a *Addr) UnmarshalJSON(b []byte) error

type CertLog

type CertLog struct {

	// Addr is the address of the cert log server.
	Addr *Addr
	// Certificate is the public key certificate.
	Certificate common.RawBytes
}

CertLog is the cert log server entry.

func (*CertLog) MarshalJSON

func (c *CertLog) MarshalJSON() ([]byte, error)

func (*CertLog) UnmarshalJSON

func (c *CertLog) UnmarshalJSON(b []byte) error

type CoreAS

type CoreAS struct {

	// OfflineKey is the offline verification key.
	OfflineKey common.RawBytes
	// OfflineKeyAlg is the offline key signing algorithm.
	OfflineKeyAlg string
	// OnlineKey is the online verification key.
	OnlineKey common.RawBytes
	// OnlineKeyAlg is the online key singing algorithm.
	OnlineKeyAlg string
}

CoreAS is the core AS entry.

func (*CoreAS) UnmarshalJSON

func (t *CoreAS) UnmarshalJSON(b []byte) error

type CoreASMap

type CoreASMap map[addr.IA]*CoreAS

func (CoreASMap) ASList

func (c CoreASMap) ASList() []addr.IA

ASList returns a list of core ASes' IDs.

func (CoreASMap) Contains

func (c CoreASMap) Contains(a addr.IA) bool

Contains returns whether a is in c.

type Key

type Key struct {
	ISD addr.ISD
	Ver uint64
}

func NewKey

func NewKey(isd addr.ISD, ver uint64) *Key

func (*Key) String

func (k *Key) String() string

type Rains

type Rains struct {

	// OnlineKey is the online verification key.
	OnlineKey common.RawBytes `json:",omitempty"`
	// OnlineKeyAlg is the online key signing algorithm.
	OnlineKeyAlg string `json:",omitempty"`
	// RootRAINSKey is the root rains key
	RootRAINSKey common.RawBytes `json:",omitempty"`
	// TRCSrv is a list of servers, which handle TRC signing requests.
	TRCSrv []*Addr `json:",omitempty"`
}

Rains is the rains entry.

type RootCA

type RootCA struct {

	// ARPKIKey is the arpki key.
	ARPKIKey common.RawBytes
	// ARPKISrv is a list of arpki server addresses.
	ARPKISrv []*Addr
	// Certificate is a public key certificate
	Certificate common.RawBytes
	// OnlineKey is the online verification key.
	OnlineKey common.RawBytes
	// OnlineKeyAlg is the online key signing algorithm.
	OnlineKeyAlg string
	// TRCSrv is a list of servers, which handle TRC signing requests.
	TRCSrv []*Addr
}

RootCA is the root CA entry.

type TRC

type TRC struct {
	// CertLogs is a map from end-entity certificate logs to their addresses and public-key
	// certificate.
	CertLogs map[string]*CertLog
	// CoreASes is a map from core ASes to their online and offline key.
	CoreASes CoreASMap
	// CreationTime is the unix timestamp in seconds at which the TRC was created.
	CreationTime uint32
	// Description is an human-readable description of the ISD.
	Description string
	// ExpirationTime is the unix timestamp in seconds at which the TRC expires.
	ExpirationTime uint32
	// GracePeriod is the period during which the TRC is valid after creation of a new TRC in
	// seconds.
	GracePeriod uint32
	// ISD is the integer identifier from 1 to 4095.
	ISD addr.ISD
	// Quarantine describes if the TRC is an early announcement (true) or valid (false).
	Quarantine bool
	// QuorumCAs is the quorum of root CAs required to change e RootCAs, CertLogs,
	// ThresholdEEPKI, and QuorumCAs.
	QuorumCAs uint32
	// QuorumTRC is the quorum of core ASes required to sign a new TRC.
	QuorumTRC uint32
	// Rains is the Rains entry.
	RAINS *Rains
	// RootCAs is a map from root CA names to their RootCA entry.
	RootCAs map[string]*RootCA
	// Signatures is a map from entity names to their signatures.
	Signatures map[string]common.RawBytes
	// ThresholdEEPKI is the threshold number of trusted parties (CAs and one log) required to
	// assert a domain’s policy.
	ThresholdEEPKI uint32
	// Version is the version number of the TRC. The value 0 is reserved and shall not be used.
	Version uint64
}

func TRCFromDir

func TRCFromDir(dir string, isd addr.ISD, f func(err error)) (*TRC, error)

TRCFromDir reads all the {ISD}-V*.trc (e.g., ISD1-V17.trc) files contained directly in dir (no subdirectories), and out of those that match ISD isd returns the newest one. The TRCs must not be compressed. If an error occurs when parsing one of the files, f() is called with the error as argument. Execution continues with the remaining files.

If no TRC is found, the returned TRC is nil and the error is set to nil.

func TRCFromFile

func TRCFromFile(path string, lz4_ bool) (*TRC, error)

func TRCFromRaw

func TRCFromRaw(raw common.RawBytes, lz4_ bool) (*TRC, error)

func (*TRC) Compress

func (t *TRC) Compress() (common.RawBytes, error)

Compress compresses the JSON generated from the TRC using lz4 block mode and prepends the original length (4 bytes, little endian, unsigned). This is necessary, since the python lz4 library expects this format.

func (*TRC) IsActive

func (t *TRC) IsActive(maxTRC *TRC) error

IsActive checks if TRC is active and can be used for certificate chain verification. MaxTRC is the newest active TRC of the same ISD which we know of.

func (*TRC) IsdVer

func (t *TRC) IsdVer() (addr.ISD, uint64)

func (*TRC) JSON

func (t *TRC) JSON(indent bool) ([]byte, error)

func (*TRC) JSONEquals

func (t *TRC) JSONEquals(other *TRC) (bool, error)

JSONEquals checks if two TRCs are the same based on their JSON serializations.

func (*TRC) Key

func (t *TRC) Key() *Key

func (*TRC) Sign

func (t *TRC) Sign(name string, signKey common.RawBytes, signAlgo string) error

Sign adds signature to the TRC. The signature is computed over the TRC without the signature map.

func (*TRC) String

func (t *TRC) String() string

func (*TRC) UnmarshalJSON

func (t *TRC) UnmarshalJSON(b []byte) error

func (*TRC) Verify

func (t *TRC) Verify(trust *TRC) (*TRCVerResult, error)

Verify checks the validity of the TRC based on a trusted TRC. The trusted TRC can either be the direct predecessor TRC or a cross signing TRC.

type TRCVerResult

type TRCVerResult struct {
	Quorum   uint32
	Verified []addr.IA
	Failed   map[addr.IA]error
}

TRCVerResult is the result of verifying core AS signatures.

func (*TRCVerResult) QuorumOk

func (tvr *TRCVerResult) QuorumOk() bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL