Documentation ¶
Index ¶
- Constants
- type Addr
- type CertLog
- type CoreAS
- type CoreASMap
- type Key
- type Rains
- type RootCA
- type TRC
- func (t *TRC) Compress() (common.RawBytes, error)
- func (t *TRC) IsActive(maxTRC *TRC) error
- func (t *TRC) IsdVer() (addr.ISD, uint64)
- func (t *TRC) JSON(indent bool) ([]byte, error)
- func (t *TRC) JSONEquals(other *TRC) (bool, error)
- func (t *TRC) Key() *Key
- func (t *TRC) Sign(name string, signKey common.RawBytes, signAlgo string) error
- func (t *TRC) String() string
- func (t *TRC) UnmarshalJSON(b []byte) error
- func (t *TRC) Verify(trust *TRC) (*TRCVerResult, error)
- type TRCVerResult
Constants ¶
const ( InvalidNumFields = "Invalid number of fields" MissingField = "Missing json field" UnableValidateFields = "Unable to validate fields" )
const ( MaxTRCByteLength uint32 = 1 << 20 // Error strings EarlyUsage = "Creation time in the future" EarlyAnnouncement = "Early announcement" Expired = "TRC expired" GracePeriodPassed = "TRC grace period has passed" InactiveVersion = "Inactive TRC version" InvalidCreationTime = "Invalid TRC creation time" InvalidISD = "Invalid TRC ISD" InvalidQuorum = "Not enough valid signatures" InvalidVersion = "Invalid TRC version" ReservedVersion = "Invalid version 0" SignatureMissing = "Signature missing" UnableSigPack = "TRC: Unable to create signature input" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Addr ¶
Addr is the (ISD-AS IP)-tuple used for entity addresses in the TRC file.
func (*Addr) MarshalJSON ¶
func (*Addr) ParseString ¶
ParseString parses a string of the format "ISD-AS IP" and sets the struct fields accordingly.
func (*Addr) UnmarshalJSON ¶
type CertLog ¶
type CertLog struct { // Addr is the address of the cert log server. Addr *Addr // Certificate is the public key certificate. Certificate common.RawBytes }
CertLog is the cert log server entry.
func (*CertLog) MarshalJSON ¶
func (*CertLog) UnmarshalJSON ¶
type CoreAS ¶
type CoreAS struct { // OfflineKey is the offline verification key. OfflineKey common.RawBytes // OfflineKeyAlg is the offline key signing algorithm. OfflineKeyAlg string // OnlineKey is the online verification key. OnlineKey common.RawBytes // OnlineKeyAlg is the online key singing algorithm. OnlineKeyAlg string }
CoreAS is the core AS entry.
func (*CoreAS) UnmarshalJSON ¶
type Rains ¶
type Rains struct { // OnlineKey is the online verification key. OnlineKey common.RawBytes `json:",omitempty"` // OnlineKeyAlg is the online key signing algorithm. OnlineKeyAlg string `json:",omitempty"` // RootRAINSKey is the root rains key RootRAINSKey common.RawBytes `json:",omitempty"` // TRCSrv is a list of servers, which handle TRC signing requests. TRCSrv []*Addr `json:",omitempty"` }
Rains is the rains entry.
type RootCA ¶
type RootCA struct { // ARPKIKey is the arpki key. ARPKIKey common.RawBytes // ARPKISrv is a list of arpki server addresses. ARPKISrv []*Addr // Certificate is a public key certificate Certificate common.RawBytes // OnlineKey is the online verification key. OnlineKey common.RawBytes // OnlineKeyAlg is the online key signing algorithm. OnlineKeyAlg string // TRCSrv is a list of servers, which handle TRC signing requests. TRCSrv []*Addr }
RootCA is the root CA entry.
type TRC ¶
type TRC struct { // CertLogs is a map from end-entity certificate logs to their addresses and public-key // certificate. CertLogs map[string]*CertLog // CoreASes is a map from core ASes to their online and offline key. CoreASes CoreASMap // CreationTime is the unix timestamp in seconds at which the TRC was created. CreationTime uint32 // Description is an human-readable description of the ISD. Description string // ExpirationTime is the unix timestamp in seconds at which the TRC expires. ExpirationTime uint32 // GracePeriod is the period during which the TRC is valid after creation of a new TRC in // seconds. GracePeriod uint32 // ISD is the integer identifier from 1 to 4095. ISD addr.ISD // Quarantine describes if the TRC is an early announcement (true) or valid (false). Quarantine bool // QuorumCAs is the quorum of root CAs required to change e RootCAs, CertLogs, // ThresholdEEPKI, and QuorumCAs. QuorumCAs uint32 // QuorumTRC is the quorum of core ASes required to sign a new TRC. QuorumTRC uint32 // Rains is the Rains entry. RAINS *Rains // RootCAs is a map from root CA names to their RootCA entry. RootCAs map[string]*RootCA // Signatures is a map from entity names to their signatures. Signatures map[string]common.RawBytes // ThresholdEEPKI is the threshold number of trusted parties (CAs and one log) required to // assert a domain’s policy. ThresholdEEPKI uint32 // Version is the version number of the TRC. The value 0 is reserved and shall not be used. Version uint64 }
func TRCFromDir ¶
TRCFromDir reads all the {ISD}-V*.trc (e.g., ISD1-V17.trc) files contained directly in dir (no subdirectories), and out of those that match ISD isd returns the newest one. The TRCs must not be compressed. If an error occurs when parsing one of the files, f() is called with the error as argument. Execution continues with the remaining files.
If no TRC is found, the returned TRC is nil and the error is set to nil.
func (*TRC) Compress ¶
Compress compresses the JSON generated from the TRC using lz4 block mode and prepends the original length (4 bytes, little endian, unsigned). This is necessary, since the python lz4 library expects this format.
func (*TRC) IsActive ¶
IsActive checks if TRC is active and can be used for certificate chain verification. MaxTRC is the newest active TRC of the same ISD which we know of.
func (*TRC) JSONEquals ¶
JSONEquals checks if two TRCs are the same based on their JSON serializations.
func (*TRC) Sign ¶
Sign adds signature to the TRC. The signature is computed over the TRC without the signature map.