proto

package
v0.0.0-...-f17c261 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 8, 2015 License: Apache-2.0 Imports: 21 Imported by: 0

README

End-to-End keyserver protocol

The protocol consists of exchanging protobuf3 messages over grpc. The message descriptors are split into three files:

  • client.proto -- all messages that are required for operation of a lightweight (stateful or stateless) client. Keyserver entries and server signature structures.
  • config.proto -- the client configuration.
  • verifier.proto -- everything that a verifier needs to use but a client does not. Pushing signatures, downloading update logs, etc.
  • replication.proto -- service-provider internal protocol, included here as a part of the reference implementation. Handles high-availability replication and synchronization of updates to the keyserver state.
  • local.proto -- service-provider internal protocol, included here as a part of the reference implementation. The local structures are user for persisting local state at each replica of the service provider.

Documentation

Overview

Package proto is a generated protocol buffer package.

It is generated from these files: 

client.proto
config.proto
duration.proto
keyserverconfig.proto
keyserverlocal.proto
replication.proto
timestamp.proto
tlsconfig.proto
verifierconfig.proto
verifierlocal.proto
verifier.proto

It has these top-level messages: 

LookupRequest
UpdateRequest
LookupProof
TreeProof
Entry
SignedEntryUpdate
Profile
SignedEpochHead
TimestampedEpochHead
EpochHead
AuthorizationPolicy
PublicKey
QuorumExpr
Config
RealmConfig
Duration
ReplicaConfig
KeyserverConfig
EmailProofByDKIM
EmailProofByClientCert
Replica
ReplicaState
KeyserverStep
EpochDelimiter
Timestamp
TLSConfig
CertificateAndKeyID
VerifierConfig
VerifierState
VerifierStreamRequest
VerifierStep
Nothing

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidLengthClient = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowClient   = fmt.Errorf("proto: integer overflow")
)
View Source 
var (
	ErrInvalidLengthConfig = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowConfig   = fmt.Errorf("proto: integer overflow")
)
View Source 
var (
	ErrInvalidLengthDuration = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowDuration   = fmt.Errorf("proto: integer overflow")
)
View Source 
var (
	ErrInvalidLengthKeyserverconfig = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowKeyserverconfig   = fmt.Errorf("proto: integer overflow")
)
View Source 
var (
	ErrInvalidLengthKeyserverlocal = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowKeyserverlocal   = fmt.Errorf("proto: integer overflow")
)
View Source 
var (
	ErrInvalidLengthReplication = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowReplication   = fmt.Errorf("proto: integer overflow")
)
View Source 
var (
	ErrInvalidLengthTimestamp = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowTimestamp   = fmt.Errorf("proto: integer overflow")
)
View Source 
var (
	ErrInvalidLengthTlsconfig = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowTlsconfig   = fmt.Errorf("proto: integer overflow")
)
View Source 
var (
	ErrInvalidLengthVerifier = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowVerifier   = fmt.Errorf("proto: integer overflow")
)
View Source 
var (
	ErrInvalidLengthVerifierconfig = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowVerifierconfig   = fmt.Errorf("proto: integer overflow")
)
View Source 
var (
	ErrInvalidLengthVerifierlocal = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowVerifierlocal   = fmt.Errorf("proto: integer overflow")
)
View Source 
var CipherSuite_name = map[int32]string{
	0:     "CipherSuite_UNSPECIFIED",
	5:     "TLS_RSA_WITH_RC4_128_SHA",
	10:    "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
	47:    "TLS_RSA_WITH_AES_128_CBC_SHA",
	53:    "TLS_RSA_WITH_AES_256_CBC_SHA",
	49159: "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
	49161: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
	49162: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
	49169: "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
	49170: "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
	49171: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
	49172: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
	49199: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	49195: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
	22016: "TLS_FALLBACK_SCSV",
}
View Source 
var CipherSuite_value = map[string]int32{
	"CipherSuite_UNSPECIFIED":                 0,
	"TLS_RSA_WITH_RC4_128_SHA":                5,
	"TLS_RSA_WITH_3DES_EDE_CBC_SHA":           10,
	"TLS_RSA_WITH_AES_128_CBC_SHA":            47,
	"TLS_RSA_WITH_AES_256_CBC_SHA":            53,
	"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA":        49159,
	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA":    49161,
	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA":    49162,
	"TLS_ECDHE_RSA_WITH_RC4_128_SHA":          49169,
	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA":     49170,
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA":      49171,
	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA":      49172,
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256":   49199,
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 49195,
	"TLS_FALLBACK_SCSV":                       22016,
}
View Source 
var ClientAuthType_name = map[int32]string{
	0: "NO_CLIENT_CERT",
	1: "REQUEST_CLIENT_CERT",
	2: "REQUIRE_ANY_CLIENT_CERT",
	3: "VERIFY_CLIENT_CERT_IF_GIVEN",
	4: "REQUIRE_AND_VERIFY_CLIENT_CERT",
}
View Source 
var ClientAuthType_value = map[string]int32{
	"NO_CLIENT_CERT":                 0,
	"REQUEST_CLIENT_CERT":            1,
	"REQUIRE_ANY_CLIENT_CERT":        2,
	"VERIFY_CLIENT_CERT_IF_GIVEN":    3,
	"REQUIRE_AND_VERIFY_CLIENT_CERT": 4,
}
View Source 
var CurveID_name = map[int32]string{
	0:  "CurveID_UNSPECIFIED",
	23: "P256",
	24: "P384",
	25: "P521",
}
View Source 
var CurveID_value = map[string]int32{
	"CurveID_UNSPECIFIED": 0,
	"P256":                23,
	"P384":                24,
	"P521":                25,
}
View Source 
var TLSVersion_name = map[int32]string{
	0:   "TLSVersion_UNSPECIFIED",
	768: "VERSION_SSL30",
	769: "VERSION_TLS10",
	770: "VERSION_TLS11",
	771: "VERSION_TLS12",
}
View Source 
var TLSVersion_value = map[string]int32{
	"TLSVersion_UNSPECIFIED": 0,
	"VERSION_SSL30":          768,
	"VERSION_TLS10":          769,
	"VERSION_TLS11":          770,
	"VERSION_TLS12":          771,
}

Functions

func KeyID 

func KeyID(sv *PublicKey) uint64

KeyID computes the ID of public key.

func MustMarshal 

func MustMarshal(m interface {
	Marshal() ([]byte, error)
}) []byte

MustMarshal takes a marshalable and returns the []byte representation. This function must be used exclusively when a marshaling error is fatal AND indicative of a programming bug.

func RegisterE2EKSPublicServer 

func RegisterE2EKSPublicServer(s *grpc.Server, srv E2EKSPublicServer)

func RegisterE2EKSVerificationServer 

func RegisterE2EKSVerificationServer(s *grpc.Server, srv E2EKSVerificationServer)

Types

type AuthorizationPolicy 

type AuthorizationPolicy struct {
	PublicKeys map[uint64]*PublicKey `` /* 151-byte string literal not displayed */
	// Types that are valid to be assigned to PolicyType:
	//	*AuthorizationPolicy_Quorum
	PolicyType isAuthorizationPolicy_PolicyType `protobuf_oneof:"policy_type"`
}

AuthorizationPolicy is used to check whether some signatures make up sufficient authorization to back an action. This is used to implement the following: 1. Account Recovery through service provider: if an user's entry has the update key set to threshold(1,user,serviceprovider), the service provider can perform account recovery. Note that a third party will not necessarily know who the subkeys are held by. Thus, the client implementation MUST require a signed certificate confirming possession of the secret key and promising to do no evil from every trustee whose key is used for recovery in this manner. 2. Service providers with servers in geographically diverse locations can use a threshold to limit the damage the compromise or loss of one replica can do. Example threshold(2,freedonia,gilead,mordor). 3. Adaptive key rollover during cryptocalypse.

func NewPopulatedAuthorizationPolicy 

func NewPopulatedAuthorizationPolicy(r randyClient, easy bool) *AuthorizationPolicy

func (*AuthorizationPolicy) Equal 

func (this *AuthorizationPolicy) Equal(that interface{}) bool

func (*AuthorizationPolicy) GetPolicyType 

func (m *AuthorizationPolicy) GetPolicyType() isAuthorizationPolicy_PolicyType

func (*AuthorizationPolicy) GetPublicKeys 

func (m *AuthorizationPolicy) GetPublicKeys() map[uint64]*PublicKey

func (*AuthorizationPolicy) GetQuorum 

func (m *AuthorizationPolicy) GetQuorum() *QuorumExpr

func (*AuthorizationPolicy) GoString 

func (this *AuthorizationPolicy) GoString() string

func (*AuthorizationPolicy) Marshal 

func (m *AuthorizationPolicy) Marshal() (data []byte, err error)

func (*AuthorizationPolicy) MarshalTo 

func (m *AuthorizationPolicy) MarshalTo(data []byte) (int, error)

func (*AuthorizationPolicy) ProtoMessage 

func (*AuthorizationPolicy) ProtoMessage()

func (*AuthorizationPolicy) Reset 

func (m *AuthorizationPolicy) Reset()

func (*AuthorizationPolicy) Size 

func (m *AuthorizationPolicy) Size() (n int)

func (*AuthorizationPolicy) String 

func (this *AuthorizationPolicy) String() string

func (*AuthorizationPolicy) Unmarshal 

func (m *AuthorizationPolicy) Unmarshal(data []byte) error

func (*AuthorizationPolicy) VerboseEqual 

func (this *AuthorizationPolicy) VerboseEqual(that interface{}) error

func (*AuthorizationPolicy) XXX_OneofFuncs 

func (*AuthorizationPolicy) XXX_OneofFuncs() (func(msg proto1.Message, b *proto1.Buffer) error, func(msg proto1.Message, tag, wire int, b *proto1.Buffer) (bool, error), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type AuthorizationPolicy_Quorum 

type AuthorizationPolicy_Quorum struct {
	Quorum *QuorumExpr `protobuf:"bytes,2,opt,name=quorum,oneof"`
}

func NewPopulatedAuthorizationPolicy_Quorum 

func NewPopulatedAuthorizationPolicy_Quorum(r randyClient, easy bool) *AuthorizationPolicy_Quorum

func (*AuthorizationPolicy_Quorum) Equal 

func (this *AuthorizationPolicy_Quorum) Equal(that interface{}) bool

func (*AuthorizationPolicy_Quorum) GoString 

func (this *AuthorizationPolicy_Quorum) GoString() string

func (*AuthorizationPolicy_Quorum) MarshalTo 

func (m *AuthorizationPolicy_Quorum) MarshalTo(data []byte) (int, error)

func (*AuthorizationPolicy_Quorum) Size 

func (m *AuthorizationPolicy_Quorum) Size() (n int)

func (*AuthorizationPolicy_Quorum) String 

func (this *AuthorizationPolicy_Quorum) String() string

func (*AuthorizationPolicy_Quorum) VerboseEqual 

func (this *AuthorizationPolicy_Quorum) VerboseEqual(that interface{}) error

type CertificateAndKeyID 

type CertificateAndKeyID struct {
	// Certificate contains the public certificates in DER format, leaf first.
	Certificate [][]byte `protobuf:"bytes,1,rep,name=certificate" json:"certificate,omitempty"`
	KeyID       string   `protobuf:"bytes,2,opt,name=key_id,proto3" json:"key_id,omitempty"`
	OCSPStaple  []byte   `protobuf:"bytes,3,opt,name=OCSP_staple,proto3" json:"OCSP_staple,omitempty"`
}

func NewPopulatedCertificateAndKeyID 

func NewPopulatedCertificateAndKeyID(r randyTlsconfig, easy bool) *CertificateAndKeyID

func (*CertificateAndKeyID) Equal 

func (this *CertificateAndKeyID) Equal(that interface{}) bool

func (*CertificateAndKeyID) GoString 

func (this *CertificateAndKeyID) GoString() string

func (*CertificateAndKeyID) Marshal 

func (m *CertificateAndKeyID) Marshal() (data []byte, err error)

func (*CertificateAndKeyID) MarshalTo 

func (m *CertificateAndKeyID) MarshalTo(data []byte) (int, error)

func (*CertificateAndKeyID) ProtoMessage 

func (*CertificateAndKeyID) ProtoMessage()

func (*CertificateAndKeyID) Reset 

func (m *CertificateAndKeyID) Reset()

func (*CertificateAndKeyID) Size 

func (m *CertificateAndKeyID) Size() (n int)

func (*CertificateAndKeyID) String 

func (this *CertificateAndKeyID) String() string

func (*CertificateAndKeyID) Unmarshal 

func (m *CertificateAndKeyID) Unmarshal(data []byte) error

func (*CertificateAndKeyID) VerboseEqual 

func (this *CertificateAndKeyID) VerboseEqual(that interface{}) error

type CipherSuite 

type CipherSuite int32
const (
	CipherSuite_UNSPECIFIED                 CipherSuite = 0
	TLS_RSA_WITH_RC4_128_SHA                CipherSuite = 5
	TLS_RSA_WITH_3DES_EDE_CBC_SHA           CipherSuite = 10
	TLS_RSA_WITH_AES_128_CBC_SHA            CipherSuite = 47
	TLS_RSA_WITH_AES_256_CBC_SHA            CipherSuite = 53
	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        CipherSuite = 49159
	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    CipherSuite = 49161
	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    CipherSuite = 49162
	TLS_ECDHE_RSA_WITH_RC4_128_SHA          CipherSuite = 49169
	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     CipherSuite = 49170
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      CipherSuite = 49171
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      CipherSuite = 49172
	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   CipherSuite = 49199
	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 CipherSuite = 49195
	TLS_FALLBACK_SCSV                       CipherSuite = 22016
)

func (CipherSuite) String 

func (x CipherSuite) String() string

type ClientAuthType 

type ClientAuthType int32
const (
	NO_CLIENT_CERT                 ClientAuthType = 0
	REQUEST_CLIENT_CERT            ClientAuthType = 1
	REQUIRE_ANY_CLIENT_CERT        ClientAuthType = 2
	VERIFY_CLIENT_CERT_IF_GIVEN    ClientAuthType = 3
	REQUIRE_AND_VERIFY_CLIENT_CERT ClientAuthType = 4
)

func (ClientAuthType) String 

func (x ClientAuthType) String() string

type Config 

type Config struct {
	Realms []*RealmConfig `protobuf:"bytes,1,rep,name=realms" json:"realms,omitempty"`
}

func NewPopulatedConfig 

func NewPopulatedConfig(r randyConfig, easy bool) *Config

func (*Config) Equal 

func (this *Config) Equal(that interface{}) bool

func (*Config) GetRealms 

func (m *Config) GetRealms() []*RealmConfig

func (*Config) GoString 

func (this *Config) GoString() string

func (*Config) Marshal 

func (m *Config) Marshal() (data []byte, err error)

func (*Config) MarshalTo 

func (m *Config) MarshalTo(data []byte) (int, error)

func (*Config) ProtoMessage 

func (*Config) ProtoMessage()

func (*Config) Reset 

func (m *Config) Reset()

func (*Config) Size 

func (m *Config) Size() (n int)

func (*Config) String 

func (this *Config) String() string

func (*Config) Unmarshal 

func (m *Config) Unmarshal(data []byte) error

func (*Config) VerboseEqual 

func (this *Config) VerboseEqual(that interface{}) error

type CurveID 

type CurveID int32
const (
	CurveID_UNSPECIFIED CurveID = 0
	P256                CurveID = 23
	P384                CurveID = 24
	P521                CurveID = 25
)

func (CurveID) String 

func (x CurveID) String() string

type Duration 

type Duration struct {
	// Signed seconds of the span of time. Must be from -315,576,000,000
	// to +315,576,000,000 inclusive.
	Seconds int64 `protobuf:"varint,1,opt,name=seconds,proto3" json:"seconds,omitempty"`
	// Signed fractions of a second at nanosecond resolution of the span
	// of time. Durations less than one second are represented with a 0
	// `seconds` field and a positive or negative `nanos` field. For durations
	// of one second or more, a non-zero value for the `nanos` field must be
	// of the same sign as the `seconds` field. Must be from -999,999,999
	// to +999,999,999 inclusive.
	Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
}

A Duration represents a signed, fixed-length span of time represented as a count of seconds and fractions of seconds at nanosecond resolution. It is independent of any calendar and concepts like "day" or "month". It is related to Timestamp in that the difference between two Timestamp values is a Duration and it can be added or subtracted from a Timestamp. Range is approximately +-10,000 years.

Example 1: Compute Duration from two Timestamps in pseudo code. 

Timestamp start = ...;
Timestamp end = ...;
Duration duration = ...;

duration.seconds = end.seconds - start.seconds;
duration.nanos = end.nanos - start.nanos;

if (duration.seconds < 0 && duration.nanos > 0) {
  duration.seconds += 1;
  duration.nanos -= 1000000000;
} else if (durations.seconds > 0 && duration.nanos < 0) {
  duration.seconds -= 1;
  duration.nanos += 1000000000;
}

Example 2: Compute Timestamp from Timestamp + Duration in pseudo code. 

Timestamp start = ...;
Duration duration = ...;
Timestamp end = ...;

end.seconds = start.seconds + duration.seconds;
end.nanos = start.nanos + duration.nanos;

if (end.nanos < 0) {
  end.seconds -= 1;
  end.nanos += 1000000000;
} else if (end.nanos >= 1000000000) {
  end.seconds += 1;
  end.nanos -= 1000000000;
}

func DurationStamp 

func DurationStamp(d time.Duration) Duration

func NewPopulatedDuration 

func NewPopulatedDuration(r randyDuration, easy bool) *Duration

func (*Duration) Duration 

func (dt *Duration) Duration() time.Duration

func (*Duration) Equal 

func (this *Duration) Equal(that interface{}) bool

func (*Duration) GoString 

func (this *Duration) GoString() string

func (*Duration) Marshal 

func (m *Duration) Marshal() (data []byte, err error)

func (*Duration) MarshalTo 

func (m *Duration) MarshalTo(data []byte) (int, error)

func (*Duration) ProtoMessage 

func (*Duration) ProtoMessage()

func (*Duration) Reset 

func (m *Duration) Reset()

func (*Duration) Size 

func (m *Duration) Size() (n int)

func (*Duration) String 

func (this *Duration) String() string

func (*Duration) Unmarshal 

func (m *Duration) Unmarshal(data []byte) error

func (*Duration) VerboseEqual 

func (this *Duration) VerboseEqual(that interface{}) error

type E2EKSPublicClient 

type E2EKSPublicClient interface {
	Lookup(ctx context.Context, in *LookupRequest, opts ...grpc.CallOption) (*LookupProof, error)
	Update(ctx context.Context, in *UpdateRequest, opts ...grpc.CallOption) (*LookupProof, error)
}

func NewE2EKSPublicClient 

func NewE2EKSPublicClient(cc *grpc.ClientConn) E2EKSPublicClient

type E2EKSPublicServer 

type E2EKSPublicServer interface {
	Lookup(context.Context, *LookupRequest) (*LookupProof, error)
	Update(context.Context, *UpdateRequest) (*LookupProof, error)
}

type E2EKSVerificationClient 

type E2EKSVerificationClient interface {
	// VerifierStream accesses the public inputs to a keyserver state machine.
	// The returned stream is given a limited view of the log which the keyserver
	// being verified uses to replicate its state internally.  However, private
	// user data, such as usernames and profile details, is not included (the
	// relevant fields are set to nil).  note: the keyserver implementation also
	// uses the same log to persist verifier ratifications, but as they do not
	// affect any username:profile mappings, they are excluded as well.
	VerifierStream(ctx context.Context, in *VerifierStreamRequest, opts ...grpc.CallOption) (E2EKSVerification_VerifierStreamClient, error)
	// PushRatification is called each time a verifier who has been
	// successfully replaying the log returned by VerifierStream interprets a
	// keyserver_ratified step and agrees that the keyserver state summarized
	// by it is the unique result of applying all the previous update steps.
	// The SignedRatification will be stored by the server and used to
	// argue the correctness of future lookups in front of clients.
	PushRatification(ctx context.Context, in *SignedEpochHead, opts ...grpc.CallOption) (*Nothing, error)
}

func NewE2EKSVerificationClient 

func NewE2EKSVerificationClient(cc *grpc.ClientConn) E2EKSVerificationClient

type E2EKSVerificationServer 

type E2EKSVerificationServer interface {
	// VerifierStream accesses the public inputs to a keyserver state machine.
	// The returned stream is given a limited view of the log which the keyserver
	// being verified uses to replicate its state internally.  However, private
	// user data, such as usernames and profile details, is not included (the
	// relevant fields are set to nil).  note: the keyserver implementation also
	// uses the same log to persist verifier ratifications, but as they do not
	// affect any username:profile mappings, they are excluded as well.
	VerifierStream(*VerifierStreamRequest, E2EKSVerification_VerifierStreamServer) error
	// PushRatification is called each time a verifier who has been
	// successfully replaying the log returned by VerifierStream interprets a
	// keyserver_ratified step and agrees that the keyserver state summarized
	// by it is the unique result of applying all the previous update steps.
	// The SignedRatification will be stored by the server and used to
	// argue the correctness of future lookups in front of clients.
	PushRatification(context.Context, *SignedEpochHead) (*Nothing, error)
}

type E2EKSVerification_VerifierStreamClient 

type E2EKSVerification_VerifierStreamClient interface {
	Recv() (*VerifierStep, error)
	grpc.ClientStream
}

type E2EKSVerification_VerifierStreamServer 

type E2EKSVerification_VerifierStreamServer interface {
	Send(*VerifierStep) error
	grpc.ServerStream
}

type EmailProofByClientCert 

type EmailProofByClientCert struct {
	// AllowedDomains specifies the domains for which this keyserver accepts
	// email address registrations.
	AllowedDomains []string `protobuf:"bytes,1,rep,name=allowed_domains" json:"allowed_domains,omitempty"`
	// CaCert contains the trusted certificate authority certificate in DER format.
	CaCert []byte `protobuf:"bytes,2,opt,name=ca_cert,proto3" json:"ca_cert,omitempty"`
}

EmailProofByClientCert accepts a certificate signed by an authority trusted with handling registration as sufficient confirmation of ownership of an email address. The emailAddress value in the certificate's DistinguishedName field is allowed to be regeistered by the holder of the key specified in the certificate.

func NewPopulatedEmailProofByClientCert 

func NewPopulatedEmailProofByClientCert(r randyKeyserverconfig, easy bool) *EmailProofByClientCert

func (*EmailProofByClientCert) Equal 

func (this *EmailProofByClientCert) Equal(that interface{}) bool

func (*EmailProofByClientCert) GoString 

func (this *EmailProofByClientCert) GoString() string

func (*EmailProofByClientCert) Marshal 

func (m *EmailProofByClientCert) Marshal() (data []byte, err error)

func (*EmailProofByClientCert) MarshalTo 

func (m *EmailProofByClientCert) MarshalTo(data []byte) (int, error)

func (*EmailProofByClientCert) ProtoMessage 

func (*EmailProofByClientCert) ProtoMessage()

func (*EmailProofByClientCert) Reset 

func (m *EmailProofByClientCert) Reset()

func (*EmailProofByClientCert) Size 

func (m *EmailProofByClientCert) Size() (n int)

func (*EmailProofByClientCert) String 

func (this *EmailProofByClientCert) String() string

func (*EmailProofByClientCert) Unmarshal 

func (m *EmailProofByClientCert) Unmarshal(data []byte) error

func (*EmailProofByClientCert) VerboseEqual 

func (this *EmailProofByClientCert) VerboseEqual(that interface{}) error

type EmailProofByDKIM 

type EmailProofByDKIM struct {
	// AllowedDomains specifies the domains for which this keyserver accepts
	// email address registrations.
	AllowedDomains []string `protobuf:"bytes,1,rep,name=allowed_domains" json:"allowed_domains,omitempty"`
	// ToAddr specifies the additional allowed to address in email proofs. By
	// default, only proofs sent to the user being registered all accepted.
	// This option can be used to allow proofs emailed directly to the
	// keyserver to be accepted (but the keyserver does NOT implement a SMTP
	// interface right now).
	ToAddr string `protobuf:"bytes,2,opt,name=to_addr,proto3" json:"to_addr,omitempty"`
	// SubjectPrefix is used for DKIM-based email address registration.  The
	// proof challenge is sent in the subject line, with an optional string
	// preceding it. For example, if EmailProofSubjectPrefix = "account
	// verification: ", then the proof email needs to have a subject line
	// "account verification: abcd" for verify challenge abcd.
	SubjectPrefix string `protobuf:"bytes,3,opt,name=subject_prefix,proto3" json:"subject_prefix,omitempty"`
}

func NewPopulatedEmailProofByDKIM 

func NewPopulatedEmailProofByDKIM(r randyKeyserverconfig, easy bool) *EmailProofByDKIM

func (*EmailProofByDKIM) Equal 

func (this *EmailProofByDKIM) Equal(that interface{}) bool

func (*EmailProofByDKIM) GoString 

func (this *EmailProofByDKIM) GoString() string

func (*EmailProofByDKIM) Marshal 

func (m *EmailProofByDKIM) Marshal() (data []byte, err error)

func (*EmailProofByDKIM) MarshalTo 

func (m *EmailProofByDKIM) MarshalTo(data []byte) (int, error)

func (*EmailProofByDKIM) ProtoMessage 

func (*EmailProofByDKIM) ProtoMessage()

func (*EmailProofByDKIM) Reset 

func (m *EmailProofByDKIM) Reset()

func (*EmailProofByDKIM) Size 

func (m *EmailProofByDKIM) Size() (n int)

func (*EmailProofByDKIM) String 

func (this *EmailProofByDKIM) String() string

func (*EmailProofByDKIM) Unmarshal 

func (m *EmailProofByDKIM) Unmarshal(data []byte) error

func (*EmailProofByDKIM) VerboseEqual 

func (this *EmailProofByDKIM) VerboseEqual(that interface{}) error

type EncodedAuthorizationPolicy 

type EncodedAuthorizationPolicy struct {
	AuthorizationPolicy
	Encoding []byte
}

func NewPopulatedEncodedAuthorizationPolicy 

func NewPopulatedEncodedAuthorizationPolicy(r randyClient, easy bool) *EncodedAuthorizationPolicy

func (*EncodedAuthorizationPolicy) Equal 

func (this *EncodedAuthorizationPolicy) Equal(that interface{}) bool

func (*EncodedAuthorizationPolicy) GoString 

func (this *EncodedAuthorizationPolicy) GoString() string

func (*EncodedAuthorizationPolicy) Marshal 

func (m *EncodedAuthorizationPolicy) Marshal() ([]byte, error)

func (*EncodedAuthorizationPolicy) MarshalJSON 

func (m *EncodedAuthorizationPolicy) MarshalJSON() ([]byte, error)

func (*EncodedAuthorizationPolicy) MarshalTo 

func (m *EncodedAuthorizationPolicy) MarshalTo(data []byte) (int, error)

func (*EncodedAuthorizationPolicy) Reset 

func (m *EncodedAuthorizationPolicy) Reset()

func (*EncodedAuthorizationPolicy) Size 

func (m *EncodedAuthorizationPolicy) Size() int

func (*EncodedAuthorizationPolicy) String 

func (this *EncodedAuthorizationPolicy) String() string

func (*EncodedAuthorizationPolicy) Unmarshal 

func (m *EncodedAuthorizationPolicy) Unmarshal(data []byte) error

func (*EncodedAuthorizationPolicy) UnmarshalJSON 

func (m *EncodedAuthorizationPolicy) UnmarshalJSON(s []byte) error

func (*EncodedAuthorizationPolicy) UpdateEncoding 

func (m *EncodedAuthorizationPolicy) UpdateEncoding()

func (*EncodedAuthorizationPolicy) VerboseEqual 

func (this *EncodedAuthorizationPolicy) VerboseEqual(that interface{}) error

type EncodedEntry 

type EncodedEntry struct {
	Entry
	Encoding []byte
}

func NewPopulatedEncodedEntry 

func NewPopulatedEncodedEntry(r randyClient, easy bool) *EncodedEntry

func (*EncodedEntry) Equal 

func (this *EncodedEntry) Equal(that interface{}) bool

func (*EncodedEntry) GoString 

func (this *EncodedEntry) GoString() string

func (*EncodedEntry) Marshal 

func (m *EncodedEntry) Marshal() ([]byte, error)

func (*EncodedEntry) MarshalJSON 

func (m *EncodedEntry) MarshalJSON() ([]byte, error)

func (*EncodedEntry) MarshalTo 

func (m *EncodedEntry) MarshalTo(data []byte) (int, error)

func (*EncodedEntry) Reset 

func (m *EncodedEntry) Reset()

func (*EncodedEntry) Size 

func (m *EncodedEntry) Size() int

func (*EncodedEntry) String 

func (this *EncodedEntry) String() string

func (*EncodedEntry) Unmarshal 

func (m *EncodedEntry) Unmarshal(data []byte) error

func (*EncodedEntry) UnmarshalJSON 

func (m *EncodedEntry) UnmarshalJSON(s []byte) error

func (*EncodedEntry) UpdateEncoding 

func (m *EncodedEntry) UpdateEncoding()

func (*EncodedEntry) VerboseEqual 

func (this *EncodedEntry) VerboseEqual(that interface{}) error

type EncodedEpochHead 

type EncodedEpochHead struct {
	EpochHead
	Encoding []byte
}

func NewPopulatedEncodedEpochHead 

func NewPopulatedEncodedEpochHead(r randyClient, easy bool) *EncodedEpochHead

func (*EncodedEpochHead) Equal 

func (this *EncodedEpochHead) Equal(that interface{}) bool

func (*EncodedEpochHead) GoString 

func (this *EncodedEpochHead) GoString() string

func (*EncodedEpochHead) Marshal 

func (m *EncodedEpochHead) Marshal() ([]byte, error)

func (*EncodedEpochHead) MarshalJSON 

func (m *EncodedEpochHead) MarshalJSON() ([]byte, error)

func (*EncodedEpochHead) MarshalTo 

func (m *EncodedEpochHead) MarshalTo(data []byte) (int, error)

func (*EncodedEpochHead) Reset 

func (m *EncodedEpochHead) Reset()

func (*EncodedEpochHead) Size 

func (m *EncodedEpochHead) Size() int

func (*EncodedEpochHead) String 

func (this *EncodedEpochHead) String() string

func (*EncodedEpochHead) Unmarshal 

func (m *EncodedEpochHead) Unmarshal(data []byte) error

func (*EncodedEpochHead) UnmarshalJSON 

func (m *EncodedEpochHead) UnmarshalJSON(s []byte) error

func (*EncodedEpochHead) UpdateEncoding 

func (m *EncodedEpochHead) UpdateEncoding()

func (*EncodedEpochHead) VerboseEqual 

func (this *EncodedEpochHead) VerboseEqual(that interface{}) error

type EncodedProfile 

type EncodedProfile struct {
	Profile
	Encoding []byte
}

func NewPopulatedEncodedProfile 

func NewPopulatedEncodedProfile(r randyClient, easy bool) *EncodedProfile

func (*EncodedProfile) Equal 

func (this *EncodedProfile) Equal(that interface{}) bool

func (*EncodedProfile) GoString 

func (this *EncodedProfile) GoString() string

func (*EncodedProfile) Marshal 

func (m *EncodedProfile) Marshal() ([]byte, error)

func (*EncodedProfile) MarshalJSON 

func (m *EncodedProfile) MarshalJSON() ([]byte, error)

func (*EncodedProfile) MarshalTo 

func (m *EncodedProfile) MarshalTo(data []byte) (int, error)

func (*EncodedProfile) Reset 

func (m *EncodedProfile) Reset()

func (*EncodedProfile) Size 

func (m *EncodedProfile) Size() int

func (*EncodedProfile) String 

func (this *EncodedProfile) String() string

func (*EncodedProfile) Unmarshal 

func (m *EncodedProfile) Unmarshal(data []byte) error

func (*EncodedProfile) UnmarshalJSON 

func (m *EncodedProfile) UnmarshalJSON(s []byte) error

func (*EncodedProfile) UpdateEncoding 

func (m *EncodedProfile) UpdateEncoding()

func (*EncodedProfile) VerboseEqual 

func (this *EncodedProfile) VerboseEqual(that interface{}) error

type EncodedSignedEntryUpdate 

type EncodedSignedEntryUpdate struct {
	SignedEntryUpdate
	Encoding []byte
}

func NewPopulatedEncodedSignedEntryUpdate 

func NewPopulatedEncodedSignedEntryUpdate(r randyClient, easy bool) *EncodedSignedEntryUpdate

func (*EncodedSignedEntryUpdate) Equal 

func (this *EncodedSignedEntryUpdate) Equal(that interface{}) bool

func (*EncodedSignedEntryUpdate) GoString 

func (this *EncodedSignedEntryUpdate) GoString() string

func (*EncodedSignedEntryUpdate) Marshal 

func (m *EncodedSignedEntryUpdate) Marshal() ([]byte, error)

func (*EncodedSignedEntryUpdate) MarshalJSON 

func (m *EncodedSignedEntryUpdate) MarshalJSON() ([]byte, error)

func (*EncodedSignedEntryUpdate) MarshalTo 

func (m *EncodedSignedEntryUpdate) MarshalTo(data []byte) (int, error)

func (*EncodedSignedEntryUpdate) Reset 

func (m *EncodedSignedEntryUpdate) Reset()

func (*EncodedSignedEntryUpdate) Size 

func (m *EncodedSignedEntryUpdate) Size() int

func (*EncodedSignedEntryUpdate) String 

func (this *EncodedSignedEntryUpdate) String() string

func (*EncodedSignedEntryUpdate) Unmarshal 

func (m *EncodedSignedEntryUpdate) Unmarshal(data []byte) error

func (*EncodedSignedEntryUpdate) UnmarshalJSON 

func (m *EncodedSignedEntryUpdate) UnmarshalJSON(s []byte) error

func (*EncodedSignedEntryUpdate) UpdateEncoding 

func (m *EncodedSignedEntryUpdate) UpdateEncoding()

func (*EncodedSignedEntryUpdate) VerboseEqual 

func (this *EncodedSignedEntryUpdate) VerboseEqual(that interface{}) error

type EncodedTimestampedEpochHead 

type EncodedTimestampedEpochHead struct {
	TimestampedEpochHead
	Encoding []byte
}

func NewPopulatedEncodedTimestampedEpochHead 

func NewPopulatedEncodedTimestampedEpochHead(r randyClient, easy bool) *EncodedTimestampedEpochHead

func (*EncodedTimestampedEpochHead) Equal 

func (this *EncodedTimestampedEpochHead) Equal(that interface{}) bool

func (*EncodedTimestampedEpochHead) GoString 

func (this *EncodedTimestampedEpochHead) GoString() string

func (*EncodedTimestampedEpochHead) Marshal 

func (m *EncodedTimestampedEpochHead) Marshal() ([]byte, error)

func (*EncodedTimestampedEpochHead) MarshalJSON 

func (m *EncodedTimestampedEpochHead) MarshalJSON() ([]byte, error)

func (*EncodedTimestampedEpochHead) MarshalTo 

func (m *EncodedTimestampedEpochHead) MarshalTo(data []byte) (int, error)

func (*EncodedTimestampedEpochHead) Reset 

func (m *EncodedTimestampedEpochHead) Reset()

func (*EncodedTimestampedEpochHead) Size 

func (m *EncodedTimestampedEpochHead) Size() int

func (*EncodedTimestampedEpochHead) String 

func (this *EncodedTimestampedEpochHead) String() string

func (*EncodedTimestampedEpochHead) Unmarshal 

func (m *EncodedTimestampedEpochHead) Unmarshal(data []byte) error

func (*EncodedTimestampedEpochHead) UnmarshalJSON 

func (m *EncodedTimestampedEpochHead) UnmarshalJSON(s []byte) error

func (*EncodedTimestampedEpochHead) UpdateEncoding 

func (m *EncodedTimestampedEpochHead) UpdateEncoding()

func (*EncodedTimestampedEpochHead) VerboseEqual 

func (this *EncodedTimestampedEpochHead) VerboseEqual(that interface{}) error

type Entry 

type Entry struct {
	// Index specifies the location of the entry in the authenticated
	// mapping data structure. It is computed as a verifiable random
	// function of the name: the keyserver can prove that index=vrf(name)
	// to anybody, but nobody else can compute vrf(name1). This is to
	// maintain the privacy of usernames.
	Index []byte `protobuf:"bytes,1,opt,name=index,proto3" json:"index,omitempty"`
	// Version starts at 0 at registration and must not decrease. The keyserver
	// and verifiers MUST reject SignedEntryUpdates which violate these rules.
	// The purpose of this is to prevent an attacker from replaying a
	// SignedEntryUpdate that publishes a key that the attacker has gained
	// control of. On the other hand, increases by more than one are allowed: a
	// user should be allowed to generate a long-lived offline revocation
	// certificate that is valid even after they make some other change to
	// their profile. Nevertheless, unless explicitly required otherwise,
	// clients should increase the version number by exactly one on each
	// update.
	Version uint64 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty"`
	// UpdatePolicy will be used to verify SignedEntryUpdates to this
	// entry. It is NOT used for encryption, and SHOULD be ignored by
	// applications that do not intend to manage the user's profile. It has
	// also been called "the public key of the profile signing key" or "the
	// public identity key". A keyserver MUST NOT discriminate users based on
	// ther structure of their update_key other than (1) as specified in
	// SignedEntryUpdate and (2) common-sense limits on the total size of an
	// entry to limit storage cost.
	UpdatePolicy *AuthorizationPolicy `protobuf:"bytes,3,opt,name=update_policy" json:"update_policy,omitempty"`
	// ProfileCommitment uniquely specifies the profile without revealing its
	// contents. The commitment is computed as commitment =
	// sha3shake256(profile); the contents contain a nonce.
	ProfileCommitment []byte `protobuf:"bytes,4,opt,name=profile_commitment,proto3" json:"profile_commitment,omitempty"`
}

Entry is the value type in the authenticated mapping data structure. The contents of all entries should be considered public (they are served to verifiers).

func NewPopulatedEntry 

func NewPopulatedEntry(r randyClient, easy bool) *Entry

func (*Entry) Equal 

func (this *Entry) Equal(that interface{}) bool

func (*Entry) GetUpdatePolicy 

func (m *Entry) GetUpdatePolicy() *AuthorizationPolicy

func (*Entry) GoString 

func (this *Entry) GoString() string

func (*Entry) Marshal 

func (m *Entry) Marshal() (data []byte, err error)

func (*Entry) MarshalTo 

func (m *Entry) MarshalTo(data []byte) (int, error)

func (*Entry) ProtoMessage 

func (*Entry) ProtoMessage()

func (*Entry) Reset 

func (m *Entry) Reset()

func (*Entry) Size 

func (m *Entry) Size() (n int)

func (*Entry) String 

func (this *Entry) String() string

func (*Entry) Unmarshal 

func (m *Entry) Unmarshal(data []byte) error

func (*Entry) VerboseEqual 

func (this *Entry) VerboseEqual(that interface{}) error

type EpochDelimiter 

type EpochDelimiter struct {
	EpochNumber uint64    `protobuf:"varint,1,opt,name=epoch_number,proto3" json:"epoch_number,omitempty"`
	Timestamp   Timestamp `protobuf:"bytes,2,opt,name=timestamp" json:"timestamp"`
}

func NewPopulatedEpochDelimiter 

func NewPopulatedEpochDelimiter(r randyReplication, easy bool) *EpochDelimiter

func (*EpochDelimiter) Equal 

func (this *EpochDelimiter) Equal(that interface{}) bool

func (*EpochDelimiter) GetTimestamp 

func (m *EpochDelimiter) GetTimestamp() Timestamp

func (*EpochDelimiter) GoString 

func (this *EpochDelimiter) GoString() string

func (*EpochDelimiter) Marshal 

func (m *EpochDelimiter) Marshal() (data []byte, err error)

func (*EpochDelimiter) MarshalTo 

func (m *EpochDelimiter) MarshalTo(data []byte) (int, error)

func (*EpochDelimiter) ProtoMessage 

func (*EpochDelimiter) ProtoMessage()

func (*EpochDelimiter) Reset 

func (m *EpochDelimiter) Reset()

func (*EpochDelimiter) Size 

func (m *EpochDelimiter) Size() (n int)

func (*EpochDelimiter) String 

func (this *EpochDelimiter) String() string

func (*EpochDelimiter) Unmarshal 

func (m *EpochDelimiter) Unmarshal(data []byte) error

func (*EpochDelimiter) VerboseEqual 

func (this *EpochDelimiter) VerboseEqual(that interface{}) error

type EpochHead 

type EpochHead struct {
	// Realm is the fully-qualified domain name of the keyserver whose
	// state is being ratified.
	Realm string `protobuf:"bytes,1,opt,name=realm,proto3" json:"realm,omitempty"`
	// Epoch is a sequence number tracking distinct ratified states.
	Epoch uint64 `protobuf:"varint,2,opt,name=epoch,proto3" json:"epoch,omitempty"`
	// RootHash specifies the authenticated data structure.
	RootHash []byte `protobuf:"bytes,3,opt,name=root_hash,proto3" json:"root_hash,omitempty"`
	// IssueTime is the time when this epoch was released. All epochs for the
	// same keyserver MUST have non-decreasing IssueTimes.
	IssueTime Timestamp `protobuf:"bytes,4,opt,name=issue_time" json:"issue_time"`
	// PreviousSummaryHash chaining is used to allow signatures from
	// different epochs in the same quorum: a signature vouches for all
	// epochs chained to that in addition to the one listed.
	// Each PreviousSummaryHash depends on PreviousSummary, therefore
	// (by induction on the hash-pointer structure) a
	// PreviousSummeryHash for some epoch specifies the states of all
	// previous epochs. This hash uses SHA3-SHAKE256 with 64 bytes of output.
	PreviousSummaryHash []byte `protobuf:"bytes,5,opt,name=previous_summary_hash,proto3" json:"previous_summary_hash,omitempty"`
	// NextEpochPolicy allows for automated server key rollover: the new key(s)
	// are signed by the current one as a part of the epoch. This field is nil
	// if no key change is requested. If the server key is distributed with the
	// client software and benefits from reliable automated updates, clients
	// MAY ignore this field.
	NextEpochPolicy AuthorizationPolicy `protobuf:"bytes,6,opt,name=next_epoch_policy" json:"next_epoch_policy"`
}

func NewPopulatedEpochHead 

func NewPopulatedEpochHead(r randyClient, easy bool) *EpochHead

func (*EpochHead) Equal 

func (this *EpochHead) Equal(that interface{}) bool

func (*EpochHead) GetIssueTime 

func (m *EpochHead) GetIssueTime() Timestamp

func (*EpochHead) GetNextEpochPolicy 

func (m *EpochHead) GetNextEpochPolicy() AuthorizationPolicy

func (*EpochHead) GoString 

func (this *EpochHead) GoString() string

func (*EpochHead) Marshal 

func (m *EpochHead) Marshal() (data []byte, err error)

func (*EpochHead) MarshalTo 

func (m *EpochHead) MarshalTo(data []byte) (int, error)

func (*EpochHead) ProtoMessage 

func (*EpochHead) ProtoMessage()

func (*EpochHead) Reset 

func (m *EpochHead) Reset()

func (*EpochHead) Size 

func (m *EpochHead) Size() (n int)

func (*EpochHead) String 

func (this *EpochHead) String() string

func (*EpochHead) Unmarshal 

func (m *EpochHead) Unmarshal(data []byte) error

func (*EpochHead) VerboseEqual 

func (this *EpochHead) VerboseEqual(that interface{}) error

type KeyserverConfig 

type KeyserverConfig struct {
	// ServerID is deprecated and should not be used. TODO: remove.  Signatures
	// should be tagged with ReplicaIDs, and the realm can be used to refer to
	// the keyserver as a whole.
	ServerID uint64 `protobuf:"varint,1,opt,name=server_id,proto3" json:"server_id,omitempty"`
	// Realm specifies the general set of users whose keys this keyserver
	// manages. If the user identifiers are email addresses, the realm should
	// match the domain name in the email address.
	Realm string `protobuf:"bytes,2,opt,name=realm,proto3" json:"realm,omitempty"`
	// SigningKeyID specifies the key for the verifiable random function by
	// reference. The mechanism of loading keys depends on the deployment
	// scenario; by default, the key identifier is a path to a file containing
	// the key.
	VRFKeyID string `protobuf:"bytes,3,opt,name=vrf_key_id,proto3" json:"vrf_key_id,omitempty"`
	// MinEpochInterval specifies the time for which the keyserver stops
	// proposing new epochs once an epoch has been committed. The zero value
	// means no delay. After MinEpochInterval since the last epoch, the
	// keyserver will propose a new epoch as soon as an update has been
	// committed.
	MinEpochInterval Duration `protobuf:"bytes,4,opt,name=min_epoch_interval" json:"min_epoch_interval"`
	// MaxEpochInterval specifies the time after which the keyserver will
	// propose a new epoch even if there have been no updates since the last
	// epoch. Vouching for the lack of updates is important to ensure the users
	// that none of the served keys have been revoked. This value is a trigger,
	// NOT a deadline; there is no guarantee that consecutive epochs will be at
	// most MaxEpochInterval apart. The actual time between by epochs is
	// MaxEpochInterval plus however long it takes to commit and sign a new
	// epoch.
	MaxEpochInterval Duration `protobuf:"bytes,5,opt,name=max_epoch_interval" json:"max_epoch_interval"`
	// ProposalRetryInterval specifies the time after an unsuccessful proposal
	// after which the proposal will be retried. A lower value will generate
	// more redundant network traffic while a higher value will improve
	// responsiveness in presence of network or node failures (bounded below by
	// the raft failover time).
	ProposalRetryInterval Duration `protobuf:"bytes,6,opt,name=proposal_retry_interval" json:"proposal_retry_interval"`
	// InitialReplicas contains the cluster configuration at the beginning of
	// time. It MUST NOT be modified ever after, and it MUST be the same for
	// all replicas. Use AddReplica and RemoveReplica to change the current
	// cluster configuration.
	InitialReplicas []*Replica `protobuf:"bytes,7,rep,name=initial_replicas" json:"initial_replicas,omitempty"`
	// EmailProofToAddr (DEPRECATED) specifies the additional allowed to
	// address in email proofs. By default, only proofs sent to the user being
	// registered all accepted. This option can be used to allow proofs emailed
	// directly to the keyserver to be accepted (but the keyserver does NOT
	// implement a SMTP interface right now).
	EmailProofToAddr string `protobuf:"bytes,8,opt,name=email_proof_to_addr,proto3" json:"email_proof_to_addr,omitempty"`
	// EmailProofSubjectPrefix (DEPRECATED) is used for DKIM-based email
	// address registration.  The proof challenge is sent in the subject line,
	// with an optional string preceding it. For example, if
	// EmailProofSubjectPrefix = "account verification: ", then the proof email
	// needs to have a subject line "account verification: abcd" for verify
	// challenge abcd.
	EmailProofSubjectPrefix string `protobuf:"bytes,9,opt,name=email_proof_subject_prefix,proto3" json:"email_proof_subject_prefix,omitempty"`
	// EmailProofAllowedDomains (DEPRECATED) specifies the domains for which
	// this keyserver accepts email address registrations.
	EmailProofAllowedDomains []string `protobuf:"bytes,10,rep,name=email_proof_allowed_domains" json:"email_proof_allowed_domains,omitempty"`
	// Types that are valid to be assigned to RegistrationPolicy:
	//	*KeyserverConfig_InsecureSkipEmailProof
	//	*KeyserverConfig_EmailProofByDkim
	//	*KeyserverConfig_EmailProofByClientCert
	RegistrationPolicy isKeyserverConfig_RegistrationPolicy `protobuf_oneof:"registration_policy"`
}

KeyserverConfig describes the keyserver-wide configuration. All replicas MUST use the same KeyserverConfig.

func NewPopulatedKeyserverConfig 

func NewPopulatedKeyserverConfig(r randyKeyserverconfig, easy bool) *KeyserverConfig

func (*KeyserverConfig) Equal 

func (this *KeyserverConfig) Equal(that interface{}) bool

func (*KeyserverConfig) GetEmailProofByClientCert 

func (m *KeyserverConfig) GetEmailProofByClientCert() *EmailProofByClientCert

func (*KeyserverConfig) GetEmailProofByDkim 

func (m *KeyserverConfig) GetEmailProofByDkim() *EmailProofByDKIM

func (*KeyserverConfig) GetInitialReplicas 

func (m *KeyserverConfig) GetInitialReplicas() []*Replica

func (*KeyserverConfig) GetInsecureSkipEmailProof 

func (m *KeyserverConfig) GetInsecureSkipEmailProof() bool

func (*KeyserverConfig) GetMaxEpochInterval 

func (m *KeyserverConfig) GetMaxEpochInterval() Duration

func (*KeyserverConfig) GetMinEpochInterval 

func (m *KeyserverConfig) GetMinEpochInterval() Duration

func (*KeyserverConfig) GetProposalRetryInterval 

func (m *KeyserverConfig) GetProposalRetryInterval() Duration

func (*KeyserverConfig) GetRegistrationPolicy 

func (m *KeyserverConfig) GetRegistrationPolicy() isKeyserverConfig_RegistrationPolicy

func (*KeyserverConfig) GoString 

func (this *KeyserverConfig) GoString() string

func (*KeyserverConfig) Marshal 

func (m *KeyserverConfig) Marshal() (data []byte, err error)

func (*KeyserverConfig) MarshalTo 

func (m *KeyserverConfig) MarshalTo(data []byte) (int, error)

func (*KeyserverConfig) ProtoMessage 

func (*KeyserverConfig) ProtoMessage()

func (*KeyserverConfig) Reset 

func (m *KeyserverConfig) Reset()

func (*KeyserverConfig) Size 

func (m *KeyserverConfig) Size() (n int)

func (*KeyserverConfig) String 

func (this *KeyserverConfig) String() string

func (*KeyserverConfig) Unmarshal 

func (m *KeyserverConfig) Unmarshal(data []byte) error

func (*KeyserverConfig) VerboseEqual 

func (this *KeyserverConfig) VerboseEqual(that interface{}) error

func (*KeyserverConfig) XXX_OneofFuncs 

func (*KeyserverConfig) XXX_OneofFuncs() (func(msg proto1.Message, b *proto1.Buffer) error, func(msg proto1.Message, tag, wire int, b *proto1.Buffer) (bool, error), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type KeyserverConfig_EmailProofByClientCert 

type KeyserverConfig_EmailProofByClientCert struct {
	EmailProofByClientCert *EmailProofByClientCert `protobuf:"bytes,13,opt,name=email_proof_by_client_cert,oneof"`
}

func NewPopulatedKeyserverConfig_EmailProofByClientCert 

func NewPopulatedKeyserverConfig_EmailProofByClientCert(r randyKeyserverconfig, easy bool) *KeyserverConfig_EmailProofByClientCert

func (*KeyserverConfig_EmailProofByClientCert) Equal 

func (this *KeyserverConfig_EmailProofByClientCert) Equal(that interface{}) bool

func (*KeyserverConfig_EmailProofByClientCert) GoString 

func (this *KeyserverConfig_EmailProofByClientCert) GoString() string

func (*KeyserverConfig_EmailProofByClientCert) MarshalTo 

func (m *KeyserverConfig_EmailProofByClientCert) MarshalTo(data []byte) (int, error)

func (*KeyserverConfig_EmailProofByClientCert) Size 

func (m *KeyserverConfig_EmailProofByClientCert) Size() (n int)

func (*KeyserverConfig_EmailProofByClientCert) String 

func (this *KeyserverConfig_EmailProofByClientCert) String() string

func (*KeyserverConfig_EmailProofByClientCert) VerboseEqual 

func (this *KeyserverConfig_EmailProofByClientCert) VerboseEqual(that interface{}) error

type KeyserverConfig_EmailProofByDkim 

type KeyserverConfig_EmailProofByDkim struct {
	EmailProofByDkim *EmailProofByDKIM `protobuf:"bytes,12,opt,name=email_proof_by_dkim,oneof"`
}

func NewPopulatedKeyserverConfig_EmailProofByDkim 

func NewPopulatedKeyserverConfig_EmailProofByDkim(r randyKeyserverconfig, easy bool) *KeyserverConfig_EmailProofByDkim

func (*KeyserverConfig_EmailProofByDkim) Equal 

func (this *KeyserverConfig_EmailProofByDkim) Equal(that interface{}) bool

func (*KeyserverConfig_EmailProofByDkim) GoString 

func (this *KeyserverConfig_EmailProofByDkim) GoString() string

func (*KeyserverConfig_EmailProofByDkim) MarshalTo 

func (m *KeyserverConfig_EmailProofByDkim) MarshalTo(data []byte) (int, error)

func (*KeyserverConfig_EmailProofByDkim) Size 

func (m *KeyserverConfig_EmailProofByDkim) Size() (n int)

func (*KeyserverConfig_EmailProofByDkim) String 

func (this *KeyserverConfig_EmailProofByDkim) String() string

func (*KeyserverConfig_EmailProofByDkim) VerboseEqual 

func (this *KeyserverConfig_EmailProofByDkim) VerboseEqual(that interface{}) error

type KeyserverConfig_InsecureSkipEmailProof 

type KeyserverConfig_InsecureSkipEmailProof struct {
	InsecureSkipEmailProof bool `protobuf:"varint,11,opt,name=insecure_skip_email_proof,proto3,oneof"`
}

func NewPopulatedKeyserverConfig_InsecureSkipEmailProof 

func NewPopulatedKeyserverConfig_InsecureSkipEmailProof(r randyKeyserverconfig, easy bool) *KeyserverConfig_InsecureSkipEmailProof

func (*KeyserverConfig_InsecureSkipEmailProof) Equal 

func (this *KeyserverConfig_InsecureSkipEmailProof) Equal(that interface{}) bool

func (*KeyserverConfig_InsecureSkipEmailProof) GoString 

func (this *KeyserverConfig_InsecureSkipEmailProof) GoString() string

func (*KeyserverConfig_InsecureSkipEmailProof) MarshalTo 

func (m *KeyserverConfig_InsecureSkipEmailProof) MarshalTo(data []byte) (int, error)

func (*KeyserverConfig_InsecureSkipEmailProof) Size 

func (m *KeyserverConfig_InsecureSkipEmailProof) Size() (n int)

func (*KeyserverConfig_InsecureSkipEmailProof) String 

func (this *KeyserverConfig_InsecureSkipEmailProof) String() string

func (*KeyserverConfig_InsecureSkipEmailProof) VerboseEqual 

func (this *KeyserverConfig_InsecureSkipEmailProof) VerboseEqual(that interface{}) error

type KeyserverStep 

type KeyserverStep struct {
	UID uint64 `protobuf:"fixed64,1,opt,name=UID,proto3" json:"UID,omitempty"`
	// TODO: should all fields in a oneof have their own types for extensibility?
	//
	// Types that are valid to be assigned to Type:
	//	*KeyserverStep_Update
	//	*KeyserverStep_EpochDelimiter
	//	*KeyserverStep_ReplicaSigned
	//	*KeyserverStep_VerifierSigned
	Type isKeyserverStep_Type `protobuf_oneof:"type"`
}

KeyserverStep denotes the input to a single step of the keyserver state machine. Serializable high-availability replication is achieved by replicating an in-order log of all steps and having each replica reproduce the state from them.

func NewPopulatedKeyserverStep 

func NewPopulatedKeyserverStep(r randyReplication, easy bool) *KeyserverStep

func (*KeyserverStep) Equal 

func (this *KeyserverStep) Equal(that interface{}) bool

func (*KeyserverStep) GetEpochDelimiter 

func (m *KeyserverStep) GetEpochDelimiter() *EpochDelimiter

func (*KeyserverStep) GetReplicaSigned 

func (m *KeyserverStep) GetReplicaSigned() *SignedEpochHead

func (*KeyserverStep) GetType 

func (m *KeyserverStep) GetType() isKeyserverStep_Type

func (*KeyserverStep) GetUpdate 

func (m *KeyserverStep) GetUpdate() *UpdateRequest

func (*KeyserverStep) GetVerifierSigned 

func (m *KeyserverStep) GetVerifierSigned() *SignedEpochHead

func (*KeyserverStep) GoString 

func (this *KeyserverStep) GoString() string

func (*KeyserverStep) Marshal 

func (m *KeyserverStep) Marshal() (data []byte, err error)

func (*KeyserverStep) MarshalTo 

func (m *KeyserverStep) MarshalTo(data []byte) (int, error)

func (*KeyserverStep) ProtoMessage 

func (*KeyserverStep) ProtoMessage()

func (*KeyserverStep) Reset 

func (m *KeyserverStep) Reset()

func (*KeyserverStep) Size 

func (m *KeyserverStep) Size() (n int)

func (*KeyserverStep) String 

func (this *KeyserverStep) String() string

func (*KeyserverStep) Unmarshal 

func (m *KeyserverStep) Unmarshal(data []byte) error

func (*KeyserverStep) VerboseEqual 

func (this *KeyserverStep) VerboseEqual(that interface{}) error

func (*KeyserverStep) XXX_OneofFuncs 

func (*KeyserverStep) XXX_OneofFuncs() (func(msg proto1.Message, b *proto1.Buffer) error, func(msg proto1.Message, tag, wire int, b *proto1.Buffer) (bool, error), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type KeyserverStep_EpochDelimiter 

type KeyserverStep_EpochDelimiter struct {
	EpochDelimiter *EpochDelimiter `protobuf:"bytes,3,opt,name=epoch_delimiter,oneof"`
}

func NewPopulatedKeyserverStep_EpochDelimiter 

func NewPopulatedKeyserverStep_EpochDelimiter(r randyReplication, easy bool) *KeyserverStep_EpochDelimiter

func (*KeyserverStep_EpochDelimiter) Equal 

func (this *KeyserverStep_EpochDelimiter) Equal(that interface{}) bool

func (*KeyserverStep_EpochDelimiter) GoString 

func (this *KeyserverStep_EpochDelimiter) GoString() string

func (*KeyserverStep_EpochDelimiter) MarshalTo 

func (m *KeyserverStep_EpochDelimiter) MarshalTo(data []byte) (int, error)

func (*KeyserverStep_EpochDelimiter) Size 

func (m *KeyserverStep_EpochDelimiter) Size() (n int)

func (*KeyserverStep_EpochDelimiter) String 

func (this *KeyserverStep_EpochDelimiter) String() string

func (*KeyserverStep_EpochDelimiter) VerboseEqual 

func (this *KeyserverStep_EpochDelimiter) VerboseEqual(that interface{}) error

type KeyserverStep_ReplicaSigned 

type KeyserverStep_ReplicaSigned struct {
	ReplicaSigned *SignedEpochHead `protobuf:"bytes,4,opt,name=replica_signed,oneof"`
}

func NewPopulatedKeyserverStep_ReplicaSigned 

func NewPopulatedKeyserverStep_ReplicaSigned(r randyReplication, easy bool) *KeyserverStep_ReplicaSigned

func (*KeyserverStep_ReplicaSigned) Equal 

func (this *KeyserverStep_ReplicaSigned) Equal(that interface{}) bool

func (*KeyserverStep_ReplicaSigned) GoString 

func (this *KeyserverStep_ReplicaSigned) GoString() string

func (*KeyserverStep_ReplicaSigned) MarshalTo 

func (m *KeyserverStep_ReplicaSigned) MarshalTo(data []byte) (int, error)

func (*KeyserverStep_ReplicaSigned) Size 

func (m *KeyserverStep_ReplicaSigned) Size() (n int)

func (*KeyserverStep_ReplicaSigned) String 

func (this *KeyserverStep_ReplicaSigned) String() string

func (*KeyserverStep_ReplicaSigned) VerboseEqual 

func (this *KeyserverStep_ReplicaSigned) VerboseEqual(that interface{}) error

type KeyserverStep_Update 

type KeyserverStep_Update struct {
	Update *UpdateRequest `protobuf:"bytes,2,opt,name=update,oneof"`
}

func NewPopulatedKeyserverStep_Update 

func NewPopulatedKeyserverStep_Update(r randyReplication, easy bool) *KeyserverStep_Update

func (*KeyserverStep_Update) Equal 

func (this *KeyserverStep_Update) Equal(that interface{}) bool

func (*KeyserverStep_Update) GoString 

func (this *KeyserverStep_Update) GoString() string

func (*KeyserverStep_Update) MarshalTo 

func (m *KeyserverStep_Update) MarshalTo(data []byte) (int, error)

func (*KeyserverStep_Update) Size 

func (m *KeyserverStep_Update) Size() (n int)

func (*KeyserverStep_Update) String 

func (this *KeyserverStep_Update) String() string

func (*KeyserverStep_Update) VerboseEqual 

func (this *KeyserverStep_Update) VerboseEqual(that interface{}) error

type KeyserverStep_VerifierSigned 

type KeyserverStep_VerifierSigned struct {
	VerifierSigned *SignedEpochHead `protobuf:"bytes,5,opt,name=verifier_signed,oneof"`
}

func NewPopulatedKeyserverStep_VerifierSigned 

func NewPopulatedKeyserverStep_VerifierSigned(r randyReplication, easy bool) *KeyserverStep_VerifierSigned

func (*KeyserverStep_VerifierSigned) Equal 

func (this *KeyserverStep_VerifierSigned) Equal(that interface{}) bool

func (*KeyserverStep_VerifierSigned) GoString 

func (this *KeyserverStep_VerifierSigned) GoString() string

func (*KeyserverStep_VerifierSigned) MarshalTo 

func (m *KeyserverStep_VerifierSigned) MarshalTo(data []byte) (int, error)

func (*KeyserverStep_VerifierSigned) Size 

func (m *KeyserverStep_VerifierSigned) Size() (n int)

func (*KeyserverStep_VerifierSigned) String 

func (this *KeyserverStep_VerifierSigned) String() string

func (*KeyserverStep_VerifierSigned) VerboseEqual 

func (this *KeyserverStep_VerifierSigned) VerboseEqual(that interface{}) error

type LookupProof 

type LookupProof struct {
	UserId string `protobuf:"bytes,1,opt,name=user_id,proto3" json:"user_id,omitempty"`
	Index  []byte `protobuf:"bytes,2,opt,name=index,proto3" json:"index,omitempty"`
	// index_proof proves that index is a result of applying a globally fixed
	// bijection VRF to user_id: idx = VRF(user_ID). If this proof checks out,
	// we can safely continue by looking up the keyserver entry corresponding
	// to index to get the public key of user_id.
	IndexProof []byte `protobuf:"bytes,3,opt,name=index_proof,proto3" json:"index_proof,omitempty"`
	// ratifications contains signed directory state summaries for the epoch under
	// which the lookup was performed.
	// A single valid ratification r by a honest and correct verifier implies
	// that the r.ratification.summary.root_hash summarizes the authenticated
	// data structure containing the unique and correct mapping from indices to
	// entries as of epoch r.ratification.epoch at human time
	// r.ratification.timestamp.
	// Each ratification must contain the same epoch head. A client MUST ignore a
	// proof if the ratifications do not satisfy its quorum requirement and MUST
	// require the keyserver itself to be in the quorum.
	Ratifications []*SignedEpochHead `protobuf:"bytes,4,rep,name=ratifications" json:"ratifications,omitempty"`
	// tree_proof contains an authenticated data structure lookup trace,
	// arguing that index maps to entry in the data structure with hash
	// ratifications[0].ratification.summary.root_hash.
	TreeProof *TreeProof `protobuf:"bytes,5,opt,name=tree_proof" json:"tree_proof,omitempty"`
	// Entry specifies profile by hash(profile) = entry.profile_hash
	Entry   *EncodedEntry   `protobuf:"bytes,6,opt,name=entry,customtype=EncodedEntry" json:"entry,omitempty"`
	Profile *EncodedProfile `protobuf:"bytes,7,opt,name=profile,customtype=EncodedProfile" json:"profile,omitempty"`
}

LookupProof encapsulates end-to-end cryptographc evidence that assuming *at least one* of the ratifiers has been correctly following the rules of the keyserver protocol then profile contains the latest public keys and metadata uploaded by user_id before the time specified in ratifications[0]. If any step of the proof does not check out, the contents of profile MUST NOT be used for any other purpose than debugging.

func NewPopulatedLookupProof 

func NewPopulatedLookupProof(r randyClient, easy bool) *LookupProof

func (*LookupProof) Equal 

func (this *LookupProof) Equal(that interface{}) bool

func (*LookupProof) GetRatifications 

func (m *LookupProof) GetRatifications() []*SignedEpochHead

func (*LookupProof) GetTreeProof 

func (m *LookupProof) GetTreeProof() *TreeProof

func (*LookupProof) GoString 

func (this *LookupProof) GoString() string

func (*LookupProof) Marshal 

func (m *LookupProof) Marshal() (data []byte, err error)

func (*LookupProof) MarshalTo 

func (m *LookupProof) MarshalTo(data []byte) (int, error)

func (*LookupProof) ProtoMessage 

func (*LookupProof) ProtoMessage()

func (*LookupProof) Reset 

func (m *LookupProof) Reset()

func (*LookupProof) Size 

func (m *LookupProof) Size() (n int)

func (*LookupProof) String 

func (this *LookupProof) String() string

func (*LookupProof) Unmarshal 

func (m *LookupProof) Unmarshal(data []byte) error

func (*LookupProof) VerboseEqual 

func (this *LookupProof) VerboseEqual(that interface{}) error

type LookupRequest 

type LookupRequest struct {
	// Epoch as of which to perform the lookup ("latest" if not specified)
	Epoch uint64 `protobuf:"varint,1,opt,name=epoch,proto3" json:"epoch,omitempty"`
	// UserId will be mapped to an index by the server using VRF
	UserId string `protobuf:"bytes,2,opt,name=user_id,proto3" json:"user_id,omitempty"`
	// quorum_requirement specifies which verifiers must have ratified the
	// result for it to be accepted. A server would fall back to an older
	// directory state if the ratifications of the latest one do not satisfy
	// the quorum requirement.
	QuorumRequirement *QuorumExpr `protobuf:"bytes,4,opt,name=quorum_requirement" json:"quorum_requirement,omitempty"`
}

func NewPopulatedLookupRequest 

func NewPopulatedLookupRequest(r randyClient, easy bool) *LookupRequest

func (*LookupRequest) Equal 

func (this *LookupRequest) Equal(that interface{}) bool

func (*LookupRequest) GetQuorumRequirement 

func (m *LookupRequest) GetQuorumRequirement() *QuorumExpr

func (*LookupRequest) GoString 

func (this *LookupRequest) GoString() string

func (*LookupRequest) Marshal 

func (m *LookupRequest) Marshal() (data []byte, err error)

func (*LookupRequest) MarshalTo 

func (m *LookupRequest) MarshalTo(data []byte) (int, error)

func (*LookupRequest) ProtoMessage 

func (*LookupRequest) ProtoMessage()

func (*LookupRequest) Reset 

func (m *LookupRequest) Reset()

func (*LookupRequest) Size 

func (m *LookupRequest) Size() (n int)

func (*LookupRequest) String 

func (this *LookupRequest) String() string

func (*LookupRequest) Unmarshal 

func (m *LookupRequest) Unmarshal(data []byte) error

func (*LookupRequest) VerboseEqual 

func (this *LookupRequest) VerboseEqual(that interface{}) error

type Nothing 

type Nothing struct {
}

func NewPopulatedNothing 

func NewPopulatedNothing(r randyVerifier, easy bool) *Nothing

func (*Nothing) Equal 

func (this *Nothing) Equal(that interface{}) bool

func (*Nothing) Marshal 

func (m *Nothing) Marshal() (data []byte, err error)

func (*Nothing) MarshalTo 

func (m *Nothing) MarshalTo(data []byte) (int, error)

func (*Nothing) ProtoMessage 

func (*Nothing) ProtoMessage()

func (*Nothing) Reset 

func (m *Nothing) Reset()

func (*Nothing) Size 

func (m *Nothing) Size() (n int)

func (*Nothing) String 

func (this *Nothing) String() string

func (*Nothing) Unmarshal 

func (m *Nothing) Unmarshal(data []byte) error

func (*Nothing) VerboseEqual 

func (this *Nothing) VerboseEqual(that interface{}) error

type Profile 

type Profile struct {
	// Nonce containst at least 16 bytes (and counts towards the total profile
	// size limit). Having a nonce in each profile ensures that an attacker
	// can't guess-and-check somebody's profile contents using Entry.profile_hash.
	// It is the client's responsibility to generate a random nonce to protect the
	// privacy of its profile, thus the presence of this field is not checked by
	// the server.
	Nonce []byte `protobuf:"bytes,1,opt,name=nonce,proto3" json:"nonce,omitempty"`
	// Application-specific public keys. The map is keyed by application ID.
	Keys map[string][]byte `` /* 142-byte string literal not displayed */
}

A user's profile, containing public keys and other information. A new field will be added here for each application, with the TCP/UDP port number as field number whenever possible to avoid collisions.

func NewPopulatedProfile 

func NewPopulatedProfile(r randyClient, easy bool) *Profile

func (*Profile) Equal 

func (this *Profile) Equal(that interface{}) bool

func (*Profile) GetKeys 

func (m *Profile) GetKeys() map[string][]byte

func (*Profile) GoString 

func (this *Profile) GoString() string

func (*Profile) Marshal 

func (m *Profile) Marshal() (data []byte, err error)

func (*Profile) MarshalTo 

func (m *Profile) MarshalTo(data []byte) (int, error)

func (*Profile) ProtoMessage 

func (*Profile) ProtoMessage()

func (*Profile) Reset 

func (m *Profile) Reset()

func (*Profile) Size 

func (m *Profile) Size() (n int)

func (*Profile) String 

func (this *Profile) String() string

func (*Profile) Unmarshal 

func (m *Profile) Unmarshal(data []byte) error

func (*Profile) VerboseEqual 

func (this *Profile) VerboseEqual(that interface{}) error

type PublicKey 

type PublicKey struct {
	// Types that are valid to be assigned to PubkeyType:
	//	*PublicKey_Ed25519
	PubkeyType isPublicKey_PubkeyType `protobuf_oneof:"pubkey_type"`
}

PublicKey wraps a public key of a cryptographically secure signature scheme and verification metadata. Each verifier can have its own signature format and needs to implement serialization and deserialization of its own signatures. The ID of a public key is defined as the 64-bit SHAKE256 hash of the protobuf-encoded public key (and interpreted as little-endian when a numeric representation is required).

func NewPopulatedPublicKey 

func NewPopulatedPublicKey(r randyClient, easy bool) *PublicKey

func (*PublicKey) Equal 

func (this *PublicKey) Equal(that interface{}) bool

func (*PublicKey) GetEd25519 

func (m *PublicKey) GetEd25519() []byte

func (*PublicKey) GetPubkeyType 

func (m *PublicKey) GetPubkeyType() isPublicKey_PubkeyType

func (*PublicKey) GoString 

func (this *PublicKey) GoString() string

func (*PublicKey) Marshal 

func (m *PublicKey) Marshal() (data []byte, err error)

func (*PublicKey) MarshalTo 

func (m *PublicKey) MarshalTo(data []byte) (int, error)

func (*PublicKey) ProtoMessage 

func (*PublicKey) ProtoMessage()

func (*PublicKey) Reset 

func (m *PublicKey) Reset()

func (*PublicKey) Size 

func (m *PublicKey) Size() (n int)

func (*PublicKey) String 

func (this *PublicKey) String() string

func (*PublicKey) Unmarshal 

func (m *PublicKey) Unmarshal(data []byte) error

func (*PublicKey) VerboseEqual 

func (this *PublicKey) VerboseEqual(that interface{}) error

func (*PublicKey) XXX_OneofFuncs 

func (*PublicKey) XXX_OneofFuncs() (func(msg proto1.Message, b *proto1.Buffer) error, func(msg proto1.Message, tag, wire int, b *proto1.Buffer) (bool, error), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type PublicKey_Ed25519 

type PublicKey_Ed25519 struct {
	Ed25519 []byte `protobuf:"bytes,1,opt,name=ed25519,proto3,oneof"`
}

func NewPopulatedPublicKey_Ed25519 

func NewPopulatedPublicKey_Ed25519(r randyClient, easy bool) *PublicKey_Ed25519

func (*PublicKey_Ed25519) Equal 

func (this *PublicKey_Ed25519) Equal(that interface{}) bool

func (*PublicKey_Ed25519) GoString 

func (this *PublicKey_Ed25519) GoString() string

func (*PublicKey_Ed25519) MarshalTo 

func (m *PublicKey_Ed25519) MarshalTo(data []byte) (int, error)

func (*PublicKey_Ed25519) Size 

func (m *PublicKey_Ed25519) Size() (n int)

func (*PublicKey_Ed25519) String 

func (this *PublicKey_Ed25519) String() string

func (*PublicKey_Ed25519) VerboseEqual 

func (this *PublicKey_Ed25519) VerboseEqual(that interface{}) error

type QuorumExpr 

type QuorumExpr struct {
	Threshold  uint32   `protobuf:"varint,1,opt,name=threshold,proto3" json:"threshold,omitempty"`
	Candidates []uint64 `protobuf:"fixed64,2,rep,name=candidates" json:"candidates,omitempty"`
	// QuorumExpr allows expressing contitions of the form "two out of these
	// and three out of those".
	// If an implementation chooses to ban recursive thresholding, it can do so
	// ignoring this field. However, doing so is NOT SUPPORTED.
	Subexpressions []*QuorumExpr `protobuf:"bytes,3,rep,name=subexpressions" json:"subexpressions,omitempty"`
}

QuorumExpr represents a function with type set<uint64> -> bool. An expression evaluates to true given args iff the sum of the following two numbers is at least threshold: - number of entries in verifiers that are in args - number of subexpressions that evaluate to true note: expr.eval(a) \wedge expr.eval(b) -> expr.eval(a \cup b)

func NewPopulatedQuorumExpr 

func NewPopulatedQuorumExpr(r randyClient, easy bool) *QuorumExpr

func (*QuorumExpr) Equal 

func (this *QuorumExpr) Equal(that interface{}) bool

func (*QuorumExpr) GetSubexpressions 

func (m *QuorumExpr) GetSubexpressions() []*QuorumExpr

func (*QuorumExpr) GoString 

func (this *QuorumExpr) GoString() string

func (*QuorumExpr) Marshal 

func (m *QuorumExpr) Marshal() (data []byte, err error)

func (*QuorumExpr) MarshalTo 

func (m *QuorumExpr) MarshalTo(data []byte) (int, error)

func (*QuorumExpr) ProtoMessage 

func (*QuorumExpr) ProtoMessage()

func (*QuorumExpr) Reset 

func (m *QuorumExpr) Reset()

func (*QuorumExpr) Size 

func (m *QuorumExpr) Size() (n int)

func (*QuorumExpr) String 

func (this *QuorumExpr) String() string

func (*QuorumExpr) Unmarshal 

func (m *QuorumExpr) Unmarshal(data []byte) error

func (*QuorumExpr) VerboseEqual 

func (this *QuorumExpr) VerboseEqual(that interface{}) error

type RealmConfig 

type RealmConfig struct {
	// Domains specifies a list of domains that belong to this realm.
	// Configuring one domain to belong to multiple realms is considered an
	// error.
	// TODO: support TLS-style wildcards.
	Domains []string `protobuf:"bytes,1,rep,name=domains" json:"domains,omitempty"`
	// Addr is the TCP (host:port) address of the keyserver GRPC interface.
	Addr string `protobuf:"bytes,2,opt,name=addr,proto3" json:"addr,omitempty"`
	// URL is the location of the secondary, HTTP-based interface to the
	// keyserver. It is not necessarily on the same host as addr.
	URL string `protobuf:"bytes,3,opt,name=URL,proto3" json:"URL,omitempty"`
	// VRFPublic is the public key of the verifiable random function used for
	// user id privacy. Here it is used to check that the anti-spam obfuscation
	// layer is properly used as a one-to-one mapping between real and
	// obfuscated usernames.
	VRFPublic []byte `protobuf:"bytes,4,opt,name=VRFPublic,proto3" json:"VRFPublic,omitempty"`
	// VerificationPolicy specifies the conditions on how a lookup must be
	// verified for it to be accepted. Each verifier in VerificationPolicy MUST
	// have a NoOlderThan entry.
	VerificationPolicy *AuthorizationPolicy `protobuf:"bytes,5,opt,name=verification_policy" json:"verification_policy,omitempty"`
	// EpochTimeToLive specifies the duration for which an epoch is valid after
	// it has been issued. A client that has access to a clock MUST NOT accept
	// epoch heads with IssueTime more than EpochTimeToLive in the past.
	EpochTimeToLive Duration `protobuf:"bytes,6,opt,name=epoch_time_to_live" json:"epoch_time_to_live"`
	// TreeNonce is the global nonce that is hashed into the Merkle tree nodes.
	TreeNonce []byte     `protobuf:"bytes,7,opt,name=tree_nonce,proto3" json:"tree_nonce,omitempty"`
	ClientTLS *TLSConfig `protobuf:"bytes,8,opt,name=client_tls" json:"client_tls,omitempty"`
}

func NewPopulatedRealmConfig 

func NewPopulatedRealmConfig(r randyConfig, easy bool) *RealmConfig

func (*RealmConfig) Equal 

func (this *RealmConfig) Equal(that interface{}) bool

func (*RealmConfig) GetClientTLS 

func (m *RealmConfig) GetClientTLS() *TLSConfig

func (*RealmConfig) GetEpochTimeToLive 

func (m *RealmConfig) GetEpochTimeToLive() Duration

func (*RealmConfig) GetVerificationPolicy 

func (m *RealmConfig) GetVerificationPolicy() *AuthorizationPolicy

func (*RealmConfig) GoString 

func (this *RealmConfig) GoString() string

func (*RealmConfig) Marshal 

func (m *RealmConfig) Marshal() (data []byte, err error)

func (*RealmConfig) MarshalTo 

func (m *RealmConfig) MarshalTo(data []byte) (int, error)

func (*RealmConfig) ProtoMessage 

func (*RealmConfig) ProtoMessage()

func (*RealmConfig) Reset 

func (m *RealmConfig) Reset()

func (*RealmConfig) Size 

func (m *RealmConfig) Size() (n int)

func (*RealmConfig) String 

func (this *RealmConfig) String() string

func (*RealmConfig) Unmarshal 

func (m *RealmConfig) Unmarshal(data []byte) error

func (*RealmConfig) VerboseEqual 

func (this *RealmConfig) VerboseEqual(that interface{}) error

type Replica 

type Replica struct {
	// Id is used to distinguish between nodes during consistent replication.
	// All node ID-s MUST be unique, MUST NOT be reused (e.g., using IP-s or
	// hostnames is probably a bad idea) and SHOULD be set to the ID of the
	// first public key by convention.
	ID uint64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
	// PublicKeys lists the public keys of a node, to be joined using a
	// 1-out-of-n policy. The order of this list is NOT preserved.
	PublicKeys []*PublicKey `protobuf:"bytes,2,rep,name=public_keys" json:"public_keys,omitempty"`
	// RaftAddr is the Raft network address of the node, such that
	// net.Dial("tcp", Addr) reaches the node. Supported formats include
	// host.domain:port and ip:port.
	RaftAddr string `protobuf:"bytes,3,opt,name=raft_addr,proto3" json:"raft_addr,omitempty"`
}

func NewPopulatedReplica 

func NewPopulatedReplica(r randyKeyserverconfig, easy bool) *Replica

func (*Replica) Equal 

func (this *Replica) Equal(that interface{}) bool

func (*Replica) GetPublicKeys 

func (m *Replica) GetPublicKeys() []*PublicKey

func (*Replica) GoString 

func (this *Replica) GoString() string

func (*Replica) Marshal 

func (m *Replica) Marshal() (data []byte, err error)

func (*Replica) MarshalTo 

func (m *Replica) MarshalTo(data []byte) (int, error)

func (*Replica) ProtoMessage 

func (*Replica) ProtoMessage()

func (*Replica) Reset 

func (m *Replica) Reset()

func (*Replica) Size 

func (m *Replica) Size() (n int)

func (*Replica) String 

func (this *Replica) String() string

func (*Replica) Unmarshal 

func (m *Replica) Unmarshal(data []byte) error

func (*Replica) VerboseEqual 

func (this *Replica) VerboseEqual(that interface{}) error

type ReplicaConfig 

type ReplicaConfig struct {
	KeyserverConfig `protobuf:"bytes,1,opt,name=keyserver_config,embedded=keyserver_config" json:"keyserver_config"`
	// ReplicaID is a globally unique identifier. See Replica.ID.
	ReplicaID uint64 `protobuf:"varint,2,opt,name=replica_id,proto3" json:"replica_id,omitempty"`
	// SigningKeyID specifies the signing key by reference. The mechanism of
	// loading keys depends on the deployment scenario; by default, the key
	// identifier is a path to a file containing the key.
	SigningKeyID string    `protobuf:"bytes,3,opt,name=signing_key_id,proto3" json:"signing_key_id,omitempty"`
	PublicAddr   string    `protobuf:"bytes,4,opt,name=public_addr,proto3" json:"public_addr,omitempty"`
	PublicTLS    TLSConfig `protobuf:"bytes,5,opt,name=public_tls" json:"public_tls"`
	VerifierAddr string    `protobuf:"bytes,6,opt,name=verifier_addr,proto3" json:"verifier_addr,omitempty"`
	VerifierTLS  TLSConfig `protobuf:"bytes,7,opt,name=verifier_tls" json:"verifier_tls"`
	HKPAddr      string    `protobuf:"bytes,8,opt,name=hkp_addr,proto3" json:"hkp_addr,omitempty"`
	HKPTLS       TLSConfig `protobuf:"bytes,9,opt,name=hkp_tls" json:"hkp_tls"`
	RaftAddr     string    `protobuf:"bytes,10,opt,name=raft_addr,proto3" json:"raft_addr,omitempty"`
	RaftTLS      TLSConfig `protobuf:"bytes,11,opt,name=raft_tls" json:"raft_tls"`
	// LevelDBPath specifies the directory in which the databse is stored.
	// Nothing else should use this directory.
	LevelDBPath string `protobuf:"bytes,14,opt,name=leveldb_path,proto3" json:"leveldb_path,omitempty"`
	// RaftHeartbeat specifies the interval between successive heartbeat
	// messages sent by the replicated state machine controller. Lowering the
	// heartbeat interval generates more network traffic; increasing the
	// interval increases the time it takes to detect a failed replica and
	// perform an automated failover.
	RaftHeartbeat Duration `protobuf:"bytes,15,opt,name=raft_heartbeat" json:"raft_heartbeat"`
	// LaggingVerifierScan specifies the maximum number of epochs by which a
	// verifier can be lagging us for us to still serve its signature to
	// clients. Finding the verifier signatures is currently implemented using a
	// linear scan backwards from the current epoch, so setting a very high
	// value can open up cause significant amounts of database reads on the
	// server. A fancy index-based scan would be possible, but there is no
	// clear need for it -- the epochs far in the past will probably have
	// expired anyway. The zero value means no limit, but it should be used for
	// testing only. The recommended value is 1000.
	LaggingVerifierScan uint64 `protobuf:"varint,16,opt,name=lagging_verifier_scan,proto3" json:"lagging_verifier_scan,omitempty"`
	// ClientTimeout specifies the maximum amount of time the server is willing
	// to allow from the start of a client request to until it is handled. The
	// zero value means no limit.
	ClientTimeout Duration `protobuf:"bytes,17,opt,name=client_timeout" json:"client_timeout"`
}

ReplicaConfig contains the local configuration of a single replica of a keyserver. It is valid to have just one replica, but a larger odd number is desirable for availability.

func NewPopulatedReplicaConfig 

func NewPopulatedReplicaConfig(r randyKeyserverconfig, easy bool) *ReplicaConfig

func (*ReplicaConfig) Equal 

func (this *ReplicaConfig) Equal(that interface{}) bool

func (*ReplicaConfig) GetClientTimeout 

func (m *ReplicaConfig) GetClientTimeout() Duration

func (*ReplicaConfig) GetHKPTLS 

func (m *ReplicaConfig) GetHKPTLS() TLSConfig

func (*ReplicaConfig) GetPublicTLS 

func (m *ReplicaConfig) GetPublicTLS() TLSConfig

func (*ReplicaConfig) GetRaftHeartbeat 

func (m *ReplicaConfig) GetRaftHeartbeat() Duration

func (*ReplicaConfig) GetRaftTLS 

func (m *ReplicaConfig) GetRaftTLS() TLSConfig

func (*ReplicaConfig) GetVerifierTLS 

func (m *ReplicaConfig) GetVerifierTLS() TLSConfig

func (*ReplicaConfig) GoString 

func (this *ReplicaConfig) GoString() string

func (*ReplicaConfig) Marshal 

func (m *ReplicaConfig) Marshal() (data []byte, err error)

func (*ReplicaConfig) MarshalTo 

func (m *ReplicaConfig) MarshalTo(data []byte) (int, error)

func (*ReplicaConfig) ProtoMessage 

func (*ReplicaConfig) ProtoMessage()

func (*ReplicaConfig) Reset 

func (m *ReplicaConfig) Reset()

func (*ReplicaConfig) Size 

func (m *ReplicaConfig) Size() (n int)

func (*ReplicaConfig) String 

func (this *ReplicaConfig) String() string

func (*ReplicaConfig) Unmarshal 

func (m *ReplicaConfig) Unmarshal(data []byte) error

func (*ReplicaConfig) VerboseEqual 

func (this *ReplicaConfig) VerboseEqual(that interface{}) error

type ReplicaState 

type ReplicaState struct {
	// cached values derived purely from the state of the log
	NextIndexLog                    uint64         `protobuf:"varint,1,opt,name=next_index_log,proto3" json:"next_index_log,omitempty"`
	NextIndexVerifier               uint64         `protobuf:"varint,2,opt,name=next_index_verifier,proto3" json:"next_index_verifier,omitempty"`
	PreviousSummaryHash             []byte         `protobuf:"bytes,3,opt,name=previous_summary_hash,proto3" json:"previous_summary_hash,omitempty"`
	LastEpochDelimiter              EpochDelimiter `protobuf:"bytes,4,opt,name=last_epoch_delimiter" json:"last_epoch_delimiter"`
	ThisReplicaNeedsToSignLastEpoch bool           `` /* 128-byte string literal not displayed */
	PendingUpdates                  bool           `protobuf:"varint,6,opt,name=pending_updates,proto3" json:"pending_updates,omitempty"`
	// local variables
	LatestTreeSnapshot         uint64 `protobuf:"varint,7,opt,name=latest_tree_snapshot,proto3" json:"latest_tree_snapshot,omitempty"`
	LastEpochNeedsRatification bool   `protobuf:"varint,8,opt,name=last_epoch_needs_ratification,proto3" json:"last_epoch_needs_ratification,omitempty"`
}

ReplicaState contains the persistent internal state of a single replica. Additional on-disk state is descried in server/table.go.

func NewPopulatedReplicaState 

func NewPopulatedReplicaState(r randyKeyserverlocal, easy bool) *ReplicaState

func (*ReplicaState) Equal 

func (this *ReplicaState) Equal(that interface{}) bool

func (*ReplicaState) GetLastEpochDelimiter 

func (m *ReplicaState) GetLastEpochDelimiter() EpochDelimiter

func (*ReplicaState) GoString 

func (this *ReplicaState) GoString() string

func (*ReplicaState) Marshal 

func (m *ReplicaState) Marshal() (data []byte, err error)

func (*ReplicaState) MarshalTo 

func (m *ReplicaState) MarshalTo(data []byte) (int, error)

func (*ReplicaState) ProtoMessage 

func (*ReplicaState) ProtoMessage()

func (*ReplicaState) Reset 

func (m *ReplicaState) Reset()

func (*ReplicaState) Size 

func (m *ReplicaState) Size() (n int)

func (*ReplicaState) String 

func (this *ReplicaState) String() string

func (*ReplicaState) Unmarshal 

func (m *ReplicaState) Unmarshal(data []byte) error

func (*ReplicaState) VerboseEqual 

func (this *ReplicaState) VerboseEqual(that interface{}) error

type SignedEntryUpdate 

type SignedEntryUpdate struct {
	NewEntry EncodedEntry `protobuf:"bytes,1,opt,name=new_entry,customtype=EncodedEntry" json:"new_entry"`
	// NewSig, if successfully verified using update.new_entry.update_key,
	// confirms that the new entry is willing to be bound to this index.
	// Both the keyserver and verifiers MUST check these signatures against the
	// old profile's authorization policy AND the new profile's authorization
	// policy. All signatures are tagged with ID of the public key that
	// generated them.
	Signatures map[uint64][]byte `` /* 156-byte string literal not displayed */
}

SignedEntryUpdate is the minimal self-contained structure to justify changing the value of an entry. In the state machine model of a namespace, SignedEntryUpdate is the main input type.

func NewPopulatedSignedEntryUpdate 

func NewPopulatedSignedEntryUpdate(r randyClient, easy bool) *SignedEntryUpdate

func (*SignedEntryUpdate) Equal 

func (this *SignedEntryUpdate) Equal(that interface{}) bool

func (*SignedEntryUpdate) GetSignatures 

func (m *SignedEntryUpdate) GetSignatures() map[uint64][]byte

func (*SignedEntryUpdate) GoString 

func (this *SignedEntryUpdate) GoString() string

func (*SignedEntryUpdate) Marshal 

func (m *SignedEntryUpdate) Marshal() (data []byte, err error)

func (*SignedEntryUpdate) MarshalTo 

func (m *SignedEntryUpdate) MarshalTo(data []byte) (int, error)

func (*SignedEntryUpdate) ProtoMessage 

func (*SignedEntryUpdate) ProtoMessage()

func (*SignedEntryUpdate) Reset 

func (m *SignedEntryUpdate) Reset()

func (*SignedEntryUpdate) Size 

func (m *SignedEntryUpdate) Size() (n int)

func (*SignedEntryUpdate) String 

func (this *SignedEntryUpdate) String() string

func (*SignedEntryUpdate) Unmarshal 

func (m *SignedEntryUpdate) Unmarshal(data []byte) error

func (*SignedEntryUpdate) VerboseEqual 

func (this *SignedEntryUpdate) VerboseEqual(that interface{}) error

type SignedEpochHead 

type SignedEpochHead struct {
	Head EncodedTimestampedEpochHead `protobuf:"bytes,1,opt,name=head,customtype=EncodedTimestampedEpochHead" json:"head"`
	// Signatures is used for authentication of ratification and MUST be
	// verified before interpreting any contents of ratification.
	// All signatures are tagged with ID of the public key that generated them.
	Signatures map[uint64][]byte `` /* 156-byte string literal not displayed */
}

SignedEpochHead messages are used by auditors and the service provider to vouch that the SummaryHash represents the correct unique global state at the end of epoch. In particular, it means that the signer has enforced the profile update policy specified in the doc-comments of SignedEntryUpdate and Profile for the specified epoch AND all prior epochs. A Ratification MUST NOT be signed in any other circumstances.

func NewPopulatedSignedEpochHead 

func NewPopulatedSignedEpochHead(r randyClient, easy bool) *SignedEpochHead

func (*SignedEpochHead) Equal 

func (this *SignedEpochHead) Equal(that interface{}) bool

func (*SignedEpochHead) GetSignatures 

func (m *SignedEpochHead) GetSignatures() map[uint64][]byte

func (*SignedEpochHead) GoString 

func (this *SignedEpochHead) GoString() string

func (*SignedEpochHead) Marshal 

func (m *SignedEpochHead) Marshal() (data []byte, err error)

func (*SignedEpochHead) MarshalTo 

func (m *SignedEpochHead) MarshalTo(data []byte) (int, error)

func (*SignedEpochHead) ProtoMessage 

func (*SignedEpochHead) ProtoMessage()

func (*SignedEpochHead) Reset 

func (m *SignedEpochHead) Reset()

func (*SignedEpochHead) Size 

func (m *SignedEpochHead) Size() (n int)

func (*SignedEpochHead) String 

func (this *SignedEpochHead) String() string

func (*SignedEpochHead) Unmarshal 

func (m *SignedEpochHead) Unmarshal(data []byte) error

func (*SignedEpochHead) VerboseEqual 

func (this *SignedEpochHead) VerboseEqual(that interface{}) error

type TLSConfig 

type TLSConfig struct {
	// Certificates contains one or more certificate chains
	// to present to the other side of the connection.
	// Server configurations must include at least one certificate.
	Certificates []*CertificateAndKeyID `protobuf:"bytes,1,rep,name=certificates" json:"certificates,omitempty"`
	// RootCAs defines the set of root certificate authorities
	// that clients use when verifying server certificates.
	// If RootCAs is nil, TLS uses the host's root CA set.
	// The certificates are expected in DER format.
	RootCAs [][]byte `protobuf:"bytes,3,rep,name=root_cas" json:"root_cas,omitempty"`
	// NextProtos is a list of supported, application level protocols.
	NextProtos []string `protobuf:"bytes,4,rep,name=next_protos" json:"next_protos,omitempty"`
	// ServerName is used to verify the hostname on the returned
	// certificates. It is also included in the client's handshake to support
	// virtual hosting.
	ServerName string `protobuf:"bytes,5,opt,name=server_name,proto3" json:"server_name,omitempty"`
	// ClientAuth determines the server's policy for
	// TLS Client Authentication. The default is NoClientCert.
	ClientAuth ClientAuthType `protobuf:"varint,6,opt,name=client_auth,proto3,enum=proto.ClientAuthType" json:"client_auth,omitempty"`
	// ClientCAs defines the set of root certificate authorities that servers
	// use if required to verify a client certificate by the policy in
	// ClientAuth. The certificates are expected in DER format.
	ClientCAs [][]byte `protobuf:"bytes,7,rep,name=client_cas" json:"client_cas,omitempty"`
	// CipherSuites is a list of supported cipher suites. If CipherSuites
	// is nil, TLS uses a list of suites supported by the implementation.
	CipherSuites []CipherSuite `protobuf:"varint,8,rep,name=cipher_suites,enum=proto.CipherSuite" json:"cipher_suites,omitempty"`
	// PreferServerCipherSuites controls whether the server selects the
	// client's most preferred ciphersuite, or the server's most preferred
	// ciphersuite. If true then the server's preference, as expressed in
	// the order of elements in CipherSuites, is used.
	PreferServerCipherSuites bool `protobuf:"varint,9,opt,name=prefer_server_cipher_suites,proto3" json:"prefer_server_cipher_suites,omitempty"`
	// SessionTicketsEnabled may be set to true to enable session ticket
	// (resumption) support. Enabling session tickets limits forward secrecy to
	// until after the lifetime of the session ticket key (which, by default,
	// lives as long as the server process).
	SessionTicketsEnabled bool `protobuf:"varint,10,opt,name=session_tickets_enabled,proto3" json:"session_tickets_enabled,omitempty"`
	// SessionTicketKey (32 bytes) is used by TLS servers to provide session
	// resumption. See RFC 5077. If zero, it will be filled with random data
	// before the first server handshake.
	//
	// If multiple servers are terminating connections for the same host
	// they should all have the same SessionTicketKey. If the
	// SessionTicketKey leaks, previously recorded and future TLS
	// connections using that key are compromised.
	SessionTicketKeyID string `protobuf:"bytes,11,opt,name=session_ticket_key_id,proto3" json:"session_ticket_key_id,omitempty"`
	// MinVersion contains the minimum SSL/TLS version that is acceptable.
	// If zero, then SSLv3 is taken as the minimum.
	MinVersion TLSVersion `protobuf:"varint,12,opt,name=min_version,proto3,enum=proto.TLSVersion" json:"min_version,omitempty"`
	// MaxVersion contains the maximum SSL/TLS version that is acceptable.
	// If zero, then the maximum version supported by this package is used,
	// which is currently TLS 1.2.
	MaxVersion TLSVersion `protobuf:"varint,13,opt,name=max_version,proto3,enum=proto.TLSVersion" json:"max_version,omitempty"`
	// CurvePreferences contains the elliptic curves that will be used in
	// an ECDHE handshake, in preference order. If empty, the default will
	// be used.
	CurvePreferences []CurveID `protobuf:"varint,14,rep,name=curve_preferences,enum=proto.CurveID" json:"curve_preferences,omitempty"`
}

TLSConfig structure is used to configure a TLS client or server.

func NewPopulatedTLSConfig 

func NewPopulatedTLSConfig(r randyTlsconfig, easy bool) *TLSConfig

func (*TLSConfig) Config 

func (m *TLSConfig) Config(getKey func(string) (crypto.PrivateKey, error)) (cfg *tls.Config, err error)

func (*TLSConfig) Equal 

func (this *TLSConfig) Equal(that interface{}) bool

func (*TLSConfig) GetCertificates 

func (m *TLSConfig) GetCertificates() []*CertificateAndKeyID

func (*TLSConfig) GoString 

func (this *TLSConfig) GoString() string

func (*TLSConfig) Marshal 

func (m *TLSConfig) Marshal() (data []byte, err error)

func (*TLSConfig) MarshalTo 

func (m *TLSConfig) MarshalTo(data []byte) (int, error)

func (*TLSConfig) ProtoMessage 

func (*TLSConfig) ProtoMessage()

func (*TLSConfig) Reset 

func (m *TLSConfig) Reset()

func (*TLSConfig) Size 

func (m *TLSConfig) Size() (n int)

func (*TLSConfig) String 

func (this *TLSConfig) String() string

func (*TLSConfig) Unmarshal 

func (m *TLSConfig) Unmarshal(data []byte) error

func (*TLSConfig) VerboseEqual 

func (this *TLSConfig) VerboseEqual(that interface{}) error

type TLSVersion 

type TLSVersion int32
const (
	TLSVersion_UNSPECIFIED TLSVersion = 0
	VERSION_SSL30          TLSVersion = 768
	VERSION_TLS10          TLSVersion = 769
	VERSION_TLS11          TLSVersion = 770
	VERSION_TLS12          TLSVersion = 771
)

func (TLSVersion) String 

func (x TLSVersion) String() string

type Timestamp 

type Timestamp struct {
	// Represents seconds of UTC time since Unix epoch
	// 1970-01-01T00:00:00Z. Must be from from 0001-01-01T00:00:00Z to
	// 9999-12-31T23:59:59Z inclusive.
	Seconds int64 `protobuf:"varint,1,opt,name=seconds,proto3" json:"seconds,omitempty"`
	// Non-negative fractions of a second at nanosecond resolution. Negative
	// second values with fractions must still have non-negative nanos values
	// that count forward in time. Must be from 0 to 999,999,999
	// inclusive.
	Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
}

A Timestamp represents a point in time independent of any time zone or calendar, represented as seconds and fractions of seconds at nanosecond resolution in UTC Epoch time. It is encoded using the Proleptic Gregorian Calendar which extends the Gregorian calendar backwards to year one. It is encoded assuming all minutes are 60 seconds long, i.e. leap seconds are "smeared" so that no leap second table is needed for interpretation. Range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from RFC 3339 date strings. See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt).

Example 1: Compute Timestamp from POSIX `time()`. 

Timestamp timestamp;
timestamp.set_seconds(time(NULL));
timestamp.set_nanos(0);

Example 2: Compute Timestamp from POSIX `gettimeofday()`. 

struct timeval tv;
gettimeofday(&tv, NULL);

Timestamp timestamp;
timestamp.set_seconds(tv.tv_sec);
timestamp.set_nanos(tv.tv_usec * 1000);

Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. 

FILETIME ft;
GetSystemTimeAsFileTime(&ft);
UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;

// A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
// is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
Timestamp timestamp;
timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));

Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. 

long millis = System.currentTimeMillis();

Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
    .setNanos((int) ((millis % 1000) * 1000000)).build();

Example 5: Compute Timestamp from Python `datetime.datetime`. 

now = datetime.datetime.utcnow()
seconds = int(time.mktime(now.timetuple()))
nanos = now.microsecond * 1000
timestamp = Timestamp(seconds=seconds, nanos=nanos)

func NewPopulatedTimestamp 

func NewPopulatedTimestamp(r randyTimestamp, easy bool) *Timestamp

func Time 

func Time(t time.Time) Timestamp

func (*Timestamp) Equal 

func (this *Timestamp) Equal(that interface{}) bool

func (*Timestamp) GoString 

func (this *Timestamp) GoString() string

func (*Timestamp) Marshal 

func (m *Timestamp) Marshal() (data []byte, err error)

func (*Timestamp) MarshalTo 

func (m *Timestamp) MarshalTo(data []byte) (int, error)

func (*Timestamp) ProtoMessage 

func (*Timestamp) ProtoMessage()

func (*Timestamp) Reset 

func (m *Timestamp) Reset()

func (*Timestamp) Size 

func (m *Timestamp) Size() (n int)

func (*Timestamp) String 

func (this *Timestamp) String() string

func (*Timestamp) Time 

func (tst *Timestamp) Time() time.Time

func (*Timestamp) Unmarshal 

func (m *Timestamp) Unmarshal(data []byte) error

func (*Timestamp) VerboseEqual 

func (this *Timestamp) VerboseEqual(that interface{}) error

type TimestampedEpochHead 

type TimestampedEpochHead struct {
	// EpochHead specifies the entire state and history of the
	// realm.
	Head EncodedEpochHead `protobuf:"bytes,1,opt,name=head,customtype=EncodedEpochHead" json:"head"`
	// Timestamp specifies when the requirements for SignedEpochHead
	// were checked. Clients will accept a SignedEpochHead timestamped at most a
	// fixed amount of time into the past, and MUST fail secure if the timestamp
	// is not fresh because the directory state may have changed. The signature
	// expiration tolerance plus the maximum clock skew between a pair of clients
	// is the maximum propogation time of a change from one to another after which
	// even a malicious keyserver will not be able to convince a client to a
	// accept the previous state (assuming that all quorums the client considers
	// sufficient contain a correct and honest server).
	Timestamp Timestamp `protobuf:"bytes,2,opt,name=timestamp" json:"timestamp"`
}

func NewPopulatedTimestampedEpochHead 

func NewPopulatedTimestampedEpochHead(r randyClient, easy bool) *TimestampedEpochHead

func (*TimestampedEpochHead) Equal 

func (this *TimestampedEpochHead) Equal(that interface{}) bool

func (*TimestampedEpochHead) GetTimestamp 

func (m *TimestampedEpochHead) GetTimestamp() Timestamp

func (*TimestampedEpochHead) GoString 

func (this *TimestampedEpochHead) GoString() string

func (*TimestampedEpochHead) Marshal 

func (m *TimestampedEpochHead) Marshal() (data []byte, err error)

func (*TimestampedEpochHead) MarshalTo 

func (m *TimestampedEpochHead) MarshalTo(data []byte) (int, error)

func (*TimestampedEpochHead) ProtoMessage 

func (*TimestampedEpochHead) ProtoMessage()

func (*TimestampedEpochHead) Reset 

func (m *TimestampedEpochHead) Reset()

func (*TimestampedEpochHead) Size 

func (m *TimestampedEpochHead) Size() (n int)

func (*TimestampedEpochHead) String 

func (this *TimestampedEpochHead) String() string

func (*TimestampedEpochHead) Unmarshal 

func (m *TimestampedEpochHead) Unmarshal(data []byte) error

func (*TimestampedEpochHead) VerboseEqual 

func (this *TimestampedEpochHead) VerboseEqual(that interface{}) error

type TreeProof 

type TreeProof struct {
	// Neighbors is a list of all the adjacent nodes along the path from the
	// bottommost node to the root. To save space, hashes for empty subtrees are
	// nil, and the number of hashes is equal to the length of the longest common
	// prefix with another entry in the tree (since a leaf node is moved up to
	// that point -- subtrees with a single entry are coalesced into a single
	// node).
	Neighbors [][]byte `protobuf:"bytes,1,rep,name=neighbors" json:"neighbors,omitempty"`
	// This is the index for the binding that does exist; it will share a prefix
	// with the requested index, but in case the leaf contains the wrong
	// contents, it will be different. It will be nil if the requested VRF falls
	// under an empty branch.
	ExistingIndex []byte `protobuf:"bytes,2,opt,name=existing_index,proto3" json:"existing_index,omitempty"`
	// This is the hash of the entry for the binding that does exist. If the leaf
	// contains the wrong contents, the client can use this to verify that the
	// incorrect leaf takes up the entire branch.
	ExistingEntryHash []byte `protobuf:"bytes,3,opt,name=existing_entry_hash,proto3" json:"existing_entry_hash,omitempty"`
}

A Proof provides an authentication path through the Merkle Tree that proves that an item is or is not present in the tree.

func NewPopulatedTreeProof 

func NewPopulatedTreeProof(r randyClient, easy bool) *TreeProof

func (*TreeProof) Equal 

func (this *TreeProof) Equal(that interface{}) bool

func (*TreeProof) GoString 

func (this *TreeProof) GoString() string

func (*TreeProof) Marshal 

func (m *TreeProof) Marshal() (data []byte, err error)

func (*TreeProof) MarshalTo 

func (m *TreeProof) MarshalTo(data []byte) (int, error)

func (*TreeProof) ProtoMessage 

func (*TreeProof) ProtoMessage()

func (*TreeProof) Reset 

func (m *TreeProof) Reset()

func (*TreeProof) Size 

func (m *TreeProof) Size() (n int)

func (*TreeProof) String 

func (this *TreeProof) String() string

func (*TreeProof) Unmarshal 

func (m *TreeProof) Unmarshal(data []byte) error

func (*TreeProof) VerboseEqual 

func (this *TreeProof) VerboseEqual(that interface{}) error

type UpdateRequest 

type UpdateRequest struct {
	// Update is passed on to verifiers.
	Update *SignedEntryUpdate `protobuf:"bytes,1,opt,name=update" json:"update,omitempty"`
	// Profile is included in the update request from the client to the
	// keyserver, but not passed on to the verifiers. The keyserver SHOULD
	// store it locally and include it in LookupProofs returned for lookups.
	// The verifiers MUST NOT try to read this field.
	// A keyserver MUST NOT discriminate users based on ther structure of their
	// profile other than enforcing a common-sense size limit. In particular, a
	// profile with fields that the keyserver does not understand or whose
	// values it considers invalid MUST be accepted.
	Profile          EncodedProfile `protobuf:"bytes,2,opt,name=profile,customtype=EncodedProfile" json:"profile"`
	LookupParameters *LookupRequest `protobuf:"bytes,3,opt,name=lookup_parameters" json:"lookup_parameters,omitempty"`
	DKIMProof        []byte         `protobuf:"bytes,1000,opt,name=dkim_proof,proto3" json:"dkim_proof,omitempty"`
}

UpdateRequest specifies an update and the quorum required for considering the update successful. The server should respond with a lookup of the updated name with the specified parameters.

func NewPopulatedUpdateRequest 

func NewPopulatedUpdateRequest(r randyClient, easy bool) *UpdateRequest

func (*UpdateRequest) Equal 

func (this *UpdateRequest) Equal(that interface{}) bool

func (*UpdateRequest) GetLookupParameters 

func (m *UpdateRequest) GetLookupParameters() *LookupRequest

func (*UpdateRequest) GetUpdate 

func (m *UpdateRequest) GetUpdate() *SignedEntryUpdate

func (*UpdateRequest) GoString 

func (this *UpdateRequest) GoString() string

func (*UpdateRequest) Marshal 

func (m *UpdateRequest) Marshal() (data []byte, err error)

func (*UpdateRequest) MarshalTo 

func (m *UpdateRequest) MarshalTo(data []byte) (int, error)

func (*UpdateRequest) ProtoMessage 

func (*UpdateRequest) ProtoMessage()

func (*UpdateRequest) Reset 

func (m *UpdateRequest) Reset()

func (*UpdateRequest) Size 

func (m *UpdateRequest) Size() (n int)

func (*UpdateRequest) String 

func (this *UpdateRequest) String() string

func (*UpdateRequest) Unmarshal 

func (m *UpdateRequest) Unmarshal(data []byte) error

func (*UpdateRequest) VerboseEqual 

func (this *UpdateRequest) VerboseEqual(that interface{}) error

type VerifierConfig 

type VerifierConfig struct {
	ID                   uint64              `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
	SigningKeyID         string              `protobuf:"bytes,2,opt,name=signing_key_id,proto3" json:"signing_key_id,omitempty"`
	Realm                string              `protobuf:"bytes,3,opt,name=realm,proto3" json:"realm,omitempty"`
	TLS                  *TLSConfig          `protobuf:"bytes,4,opt,name=tls" json:"tls,omitempty"`
	KeyserverAddr        string              `protobuf:"bytes,5,opt,name=keyserver_addr,proto3" json:"keyserver_addr,omitempty"`
	InitialKeyserverAuth AuthorizationPolicy `protobuf:"bytes,6,opt,name=initial_keyserver_auth" json:"initial_keyserver_auth"`
	TreeNonce            []byte              `protobuf:"bytes,7,opt,name=tree_nonce,proto3" json:"tree_nonce,omitempty"`
}

func NewPopulatedVerifierConfig 

func NewPopulatedVerifierConfig(r randyVerifierconfig, easy bool) *VerifierConfig

func (*VerifierConfig) Equal 

func (this *VerifierConfig) Equal(that interface{}) bool

func (*VerifierConfig) GetInitialKeyserverAuth 

func (m *VerifierConfig) GetInitialKeyserverAuth() AuthorizationPolicy

func (*VerifierConfig) GetTLS 

func (m *VerifierConfig) GetTLS() *TLSConfig

func (*VerifierConfig) GoString 

func (this *VerifierConfig) GoString() string

func (*VerifierConfig) Marshal 

func (m *VerifierConfig) Marshal() (data []byte, err error)

func (*VerifierConfig) MarshalTo 

func (m *VerifierConfig) MarshalTo(data []byte) (int, error)

func (*VerifierConfig) ProtoMessage 

func (*VerifierConfig) ProtoMessage()

func (*VerifierConfig) Reset 

func (m *VerifierConfig) Reset()

func (*VerifierConfig) Size 

func (m *VerifierConfig) Size() (n int)

func (*VerifierConfig) String 

func (this *VerifierConfig) String() string

func (*VerifierConfig) Unmarshal 

func (m *VerifierConfig) Unmarshal(data []byte) error

func (*VerifierConfig) VerboseEqual 

func (this *VerifierConfig) VerboseEqual(that interface{}) error

type VerifierState 

type VerifierState struct {
	NextIndex           uint64               `protobuf:"varint,1,opt,name=next_index,proto3" json:"next_index,omitempty"`
	NextEpoch           uint64               `protobuf:"varint,2,opt,name=next_epoch,proto3" json:"next_epoch,omitempty"`
	PreviousSummaryHash []byte               `protobuf:"bytes,3,opt,name=previous_summary_hash,proto3" json:"previous_summary_hash,omitempty"`
	LatestTreeSnapshot  uint64               `protobuf:"varint,4,opt,name=latest_tree_snapshot,proto3" json:"latest_tree_snapshot,omitempty"`
	KeyserverAuth       *AuthorizationPolicy `protobuf:"bytes,5,opt,name=keyserver_auth" json:"keyserver_auth,omitempty"`
}

Verifier contains the persistent internal state of a verifier. Additional on-disk state is described in verifier/table.go.

func NewPopulatedVerifierState 

func NewPopulatedVerifierState(r randyVerifierlocal, easy bool) *VerifierState

func (*VerifierState) Equal 

func (this *VerifierState) Equal(that interface{}) bool

func (*VerifierState) GetKeyserverAuth 

func (m *VerifierState) GetKeyserverAuth() *AuthorizationPolicy

func (*VerifierState) GoString 

func (this *VerifierState) GoString() string

func (*VerifierState) Marshal 

func (m *VerifierState) Marshal() (data []byte, err error)

func (*VerifierState) MarshalTo 

func (m *VerifierState) MarshalTo(data []byte) (int, error)

func (*VerifierState) ProtoMessage 

func (*VerifierState) ProtoMessage()

func (*VerifierState) Reset 

func (m *VerifierState) Reset()

func (*VerifierState) Size 

func (m *VerifierState) Size() (n int)

func (*VerifierState) String 

func (this *VerifierState) String() string

func (*VerifierState) Unmarshal 

func (m *VerifierState) Unmarshal(data []byte) error

func (*VerifierState) VerboseEqual 

func (this *VerifierState) VerboseEqual(that interface{}) error

type VerifierStep 

type VerifierStep struct {
	// Types that are valid to be assigned to Type:
	//	*VerifierStep_Update
	//	*VerifierStep_Epoch
	Type isVerifierStep_Type `protobuf_oneof:"type"`
}

VerifierStep denotes the input to a single state transition of the verified part of the keyserver state machine.

func NewPopulatedVerifierStep 

func NewPopulatedVerifierStep(r randyVerifier, easy bool) *VerifierStep

func (*VerifierStep) Equal 

func (this *VerifierStep) Equal(that interface{}) bool

func (*VerifierStep) GetEpoch 

func (m *VerifierStep) GetEpoch() *SignedEpochHead

func (*VerifierStep) GetType 

func (m *VerifierStep) GetType() isVerifierStep_Type

func (*VerifierStep) GetUpdate 

func (m *VerifierStep) GetUpdate() *SignedEntryUpdate

func (*VerifierStep) GoString 

func (this *VerifierStep) GoString() string

func (*VerifierStep) Marshal 

func (m *VerifierStep) Marshal() (data []byte, err error)

func (*VerifierStep) MarshalTo 

func (m *VerifierStep) MarshalTo(data []byte) (int, error)

func (*VerifierStep) ProtoMessage 

func (*VerifierStep) ProtoMessage()

func (*VerifierStep) Reset 

func (m *VerifierStep) Reset()

func (*VerifierStep) Size 

func (m *VerifierStep) Size() (n int)

func (*VerifierStep) String 

func (this *VerifierStep) String() string

func (*VerifierStep) Unmarshal 

func (m *VerifierStep) Unmarshal(data []byte) error

func (*VerifierStep) VerboseEqual 

func (this *VerifierStep) VerboseEqual(that interface{}) error

func (*VerifierStep) XXX_OneofFuncs 

func (*VerifierStep) XXX_OneofFuncs() (func(msg proto1.Message, b *proto1.Buffer) error, func(msg proto1.Message, tag, wire int, b *proto1.Buffer) (bool, error), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type VerifierStep_Epoch 

type VerifierStep_Epoch struct {
	Epoch *SignedEpochHead `protobuf:"bytes,2,opt,name=Epoch,oneof"`
}

func NewPopulatedVerifierStep_Epoch 

func NewPopulatedVerifierStep_Epoch(r randyVerifier, easy bool) *VerifierStep_Epoch

func (*VerifierStep_Epoch) Equal 

func (this *VerifierStep_Epoch) Equal(that interface{}) bool

func (*VerifierStep_Epoch) GoString 

func (this *VerifierStep_Epoch) GoString() string

func (*VerifierStep_Epoch) MarshalTo 

func (m *VerifierStep_Epoch) MarshalTo(data []byte) (int, error)

func (*VerifierStep_Epoch) Size 

func (m *VerifierStep_Epoch) Size() (n int)

func (*VerifierStep_Epoch) String 

func (this *VerifierStep_Epoch) String() string

func (*VerifierStep_Epoch) VerboseEqual 

func (this *VerifierStep_Epoch) VerboseEqual(that interface{}) error

type VerifierStep_Update 

type VerifierStep_Update struct {
	Update *SignedEntryUpdate `protobuf:"bytes,1,opt,name=Update,oneof"`
}

func NewPopulatedVerifierStep_Update 

func NewPopulatedVerifierStep_Update(r randyVerifier, easy bool) *VerifierStep_Update

func (*VerifierStep_Update) Equal 

func (this *VerifierStep_Update) Equal(that interface{}) bool

func (*VerifierStep_Update) GoString 

func (this *VerifierStep_Update) GoString() string

func (*VerifierStep_Update) MarshalTo 

func (m *VerifierStep_Update) MarshalTo(data []byte) (int, error)

func (*VerifierStep_Update) Size 

func (m *VerifierStep_Update) Size() (n int)

func (*VerifierStep_Update) String 

func (this *VerifierStep_Update) String() string

func (*VerifierStep_Update) VerboseEqual 

func (this *VerifierStep_Update) VerboseEqual(that interface{}) error

type VerifierStreamRequest 

type VerifierStreamRequest struct {
	// Start identifies the first epoch for which verifier steps should be
	// returned.
	Start uint64 `protobuf:"varint,1,opt,name=start,proto3" json:"start,omitempty"`
	// PageSize specifies number of entries to be returned, MaxUint64 for
	// unlimited.
	PageSize uint64 `protobuf:"varint,2,opt,name=page_size,proto3" json:"page_size,omitempty"`
}

UpdateRequest streams a specified number of committed updates or ratifications. See replication.GetCommitted and replication.WaitCommitted.

func NewPopulatedVerifierStreamRequest 

func NewPopulatedVerifierStreamRequest(r randyVerifier, easy bool) *VerifierStreamRequest

func (*VerifierStreamRequest) Equal 

func (this *VerifierStreamRequest) Equal(that interface{}) bool

func (*VerifierStreamRequest) GoString 

func (this *VerifierStreamRequest) GoString() string

func (*VerifierStreamRequest) Marshal 

func (m *VerifierStreamRequest) Marshal() (data []byte, err error)

func (*VerifierStreamRequest) MarshalTo 

func (m *VerifierStreamRequest) MarshalTo(data []byte) (int, error)

func (*VerifierStreamRequest) ProtoMessage 

func (*VerifierStreamRequest) ProtoMessage()

func (*VerifierStreamRequest) Reset 

func (m *VerifierStreamRequest) Reset()

func (*VerifierStreamRequest) Size 

func (m *VerifierStreamRequest) Size() (n int)

func (*VerifierStreamRequest) String 

func (this *VerifierStreamRequest) String() string

func (*VerifierStreamRequest) Unmarshal 

func (m *VerifierStreamRequest) Unmarshal(data []byte) error

func (*VerifierStreamRequest) VerboseEqual 

func (this *VerifierStreamRequest) VerboseEqual(that interface{}) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.