mtc

package module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2024 License: BSD-3-Clause Imports: 20 Imported by: 2

README

Merkle Tree Certificates for TLS

🚨 Merkle Tree Certificates (MTC) is a moving target.

Implementation of Merkle Tree Certificates for TLS

At the moment only the Certification Authority (CA) side is implemented, and we differ from -01 and master branch, by including some unmerged PRs.

Demo

For a proper introduction and motivation, check out the draft specification and David's TLS working group presentation at IETF116.

Merkle Tree Certificates is an optimisation to the WebPKI (including Certificate Transparency) motivated by the large sizes of typical post-quantum signatures and public keys, to reduce the number of keys and signatures required for the common case where

  1. Certificate issuance does not have to be immediate. For instance, because a certificate can be requested ahead of time for an existing domain by an ACME client like certbot.

  2. The relying party (eg. browser) has a trusted update mechanism. There are also several ways to use MTC without trusted update mechanism, with various trade-offs: see the Transparency Services section of the spec.

MTC does not aim to replace the full WebPKI, but is a first meaningful step for improvement.

Intermezzo: mtc commandline tool

To play around with MTC, you can install the mtc commandline tool:

$ go install github.com/bwesterb/mtc/cmd/mtc@v0.1.1
Assertions

In MTC CAs certify assertions, which bind a subject to a claim. An informal example of an assertion is:

For TLS, you can trust the P-256 public key a02342ff2…23ef when visiting example.com or 198.51.100.60.

The first part (TLS and the public key) is the subject, and the latter (domain and IP) are the claim. Roughly, an assertion is like a certificate without the signature.

To create an assertion, you can use the mtc new-assertion command. First, let's quickly create a P-256 public key to play with.

$ openssl ecparam -name prime256v1 -genkey -out p256.priv
$ openssl ec -in p256.priv -pubout -out p256.pub

Now we create an assertion that this P-256 public key should be valid for example.com and 198.51.100.60, and write it to the my-assertion.

$ mtc new-assertion --tls-pem p256.pub --dns example.com --ip4 198.51.100.60 -o my-assertion
checksum: 14bc907eafd02d5be8b8cc319d87ad5afe9266a6910a18cbdcbfcee1b7af696a

Let's check it using mtc inspect:

$ mtc inspect assertion my-assertion
subject_type     TLS
signature_scheme p256
public_key_hash  a02a1758e4c9d6511dc02f59301b9f29e41762d3d769c87a22333497984a41ef
dns              [example.com]
ip4              [198.51.100.60]
Batches, merkle trees and signed validity windows

An MTC CA doesn't give you a certificate for an assertion immediately. Instead, assertions are queued and issued in batches with a fixed rhythm, for instance a batch is issused once every hour. All assertions in a single batch are valid for the same period of time, the validity window, which is, for instance, two weeks. The CA publishes these batches publicly over HTTP.

For each batch, the CA computes a Merkle tree. This condenses all the assertions in that batch into a single root hash. For every batch, the CA signs that root together with all the roots of the currently valid batches. This signature, together with those signed roots is called the signed validity window for that batch, which is published alongside the assertions.

Creating a CA

Let's create an MTC CA.

$ mtc ca new --batch-duration 5m --lifetime 1h my-mtc-ca ca.example.com/path

This creates a new MTC CA called my-mtc-ca, and puts the data in the current working directory. A batch is issued every 5 minutes, and each batch is valid for one hour.

Let's have a look at the files created:

$ find .
.
./signing.key
./www
./www/mtc
./www/mtc/v1
./www/mtc/v1/ca-params
./www/mtc/v1/batches
./queue
./tmp

The signing.key file contains the private key of the keypair used by the CA.

The www folder contains the files that have to be served at https://ca.example.com/path. At the moment, the only file of interest is ca-params, which contains the information about the CA:

$ mtc inspect ca-params www/mtc/v1/ca-params
issuer_id              my-mtc-ca
start_time             1705677477 2024-01-19 16:17:57 +0100 CET
batch_duration         300        5m0s
life_time              3600       1h0m0s
storage_window_size    24         2h0m0s
validity_window_size   12
http_server            ca.example.com/path
public_key fingerprint dilithium5:85b5a617ef109e0a8d68a094c8b969f622ac4096c513fa0acd169c231ce2fad5

The batches folder is empty, because there are no batches issued yet.

The queue file contains the assertions that will be issued.

Issuing our first batch

Let's issue our first assertion. We can read the assertion from disk we've created earlier with mtc new-assertion:

$ mtc ca queue -i my-assertion 
$ mtc ca show-queue
checksum         14bc907eafd02d5be8b8cc319d87ad5afe9266a6910a18cbdcbfcee1b7af696a
subject_type     TLS
signature_scheme p256
public_key_hash  a02a1758e4c9d6511dc02f59301b9f29e41762d3d769c87a22333497984a41ef
dns              [example.com]
ip4              [198.51.100.60]

Total number of assertions in queue: 1

(We can pass the checksum from new-assertion with --checksum to make sure the assertion wasn't corrupted.)

We can also queue an assertion ad hoc:

$ mtc ca queue --tls-pem p256.pub -d other.example.com -d second.example.com
$ mtc ca show-queue | tail -n 8

checksum         fbdea936ae7795a3fa01d44230daba351d7480eceadd086ba32938ebc88a5458
subject_type     TLS
signature_scheme p256
public_key_hash  a02a1758e4c9d6511dc02f59301b9f29e41762d3d769c87a22333497984a41ef
dns              [other.example.com second.example.com]

Total number of assertions in queue: 2

Let's issue our first batch.

$ mtc ca issue   
2024/01/19 16:27:31 INFO Starting issuance time=2024-01-19T16:27:31.841+01:00
2024/01/19 16:27:31 INFO Current state expectedStored=0 expectedActive=0 existingBatches=⌀
2024/01/19 16:27:31 INFO To issue batches=0

And let's check:

$ find .
.
./signing.key
./www
./www/mtc
./www/mtc/v1
./www/mtc/v1/ca-params
./www/mtc/v1/batches
./www/mtc/v1/batches/0
./www/mtc/v1/batches/0/tree
./www/mtc/v1/batches/0/abridged-assertions
./www/mtc/v1/batches/0/signed-validity-window
./www/mtc/v1/batches/0/index
./www/mtc/v1/batches/latest
./queue
./tmp

We see a 0 batch has been created. latest is a symlink to 0.

The abridged-assertions is essentially the list of assertions: the difference between a regular and abridged assertion, is that with an abridged assertion, the public key has been replaced by the hash of the public key.

$ mtc inspect abridged-assertions www/mtc/v1/batches/0/abridged-assertions
key              28b2216e7905ab48d5444f5b7ebf3d2386bc0444c9721fff77b0b313e734dab4
subject_type     TLS
signature_scheme p256
public_key_hash  a02a1758e4c9d6511dc02f59301b9f29e41762d3d769c87a22333497984a41ef
dns              [example.com]
ip4              [198.51.100.60]

key              80944a1728bc7b4cd7e583c6b24a5f413ba50b7ef5ba9d214e26c1a1974f0a19
subject_type     TLS
signature_scheme p256
public_key_hash  a02a1758e4c9d6511dc02f59301b9f29e41762d3d769c87a22333497984a41ef
dns              [other.example.com second.example.com]

Total number of abridged assertions: 2

The signed-validity-window is the signed validity window: the roots of the currently valid batches:

$ mtc inspect -ca-params www/mtc/v1/ca-params signed-validity-window www/mtc/v1/batches/0/signed-validity-window 
signature       ✅
batch_number    0
tree_heads[-11] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-10] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-9]  f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-8]  f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-7]  f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-6]  f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-5]  f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-4]  f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-3]  f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-2]  f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-1]  f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[0]   c005dcdb53c4e41befcf3a294b815d8b8aa0a260e9f10bfd4e4cb52eb3724aa3

We need to pass the ca-params file to be able to parse the file, and check the signature therein. (As this is the first batch, the previous batches contain a placeholder value.)

The tree file contains the Merkle tree.

$ mtc inspect tree www/mtc/v1/batches/0/tree       
number of leaves 2
number of nodes  3
root             c005dcdb53c4e41befcf3a294b815d8b8aa0a260e9f10bfd4e4cb52eb3724aa3

Finally, the index file allows a quick lookup in abridged-assertions by key (hash of the assertion):

$ mtc inspect index www/mtc/v1/batches/0/index
                                                             key   seqno  offset
28b2216e7905ab48d5444f5b7ebf3d2386bc0444c9721fff77b0b313e734dab4       0       0
80944a1728bc7b4cd7e583c6b24a5f413ba50b7ef5ba9d214e26c1a1974f0a19       1      69

total number of entries: 2
Issuing more batches

As we just issued a new batch, we need to wait a while before the next batch is ready to issue.

Let's queue some more assertions, wait a bit, and issue a new batch.

$ mtc ca queue --tls-pem p256.pub -d 1.example.com
$ mtc ca queue --tls-pem p256.pub -d 2.example.com
$ mtc ca queue --tls-pem p256.pub -d 3.example.com
$ mtc ca issue
2024/01/19 16:33:57 INFO Starting issuance time=2024-01-19T16:33:57.860+01:00
2024/01/19 16:33:57 INFO Current state expectedStored=0,…,2 expectedActive=0,…,2 existingBatches=0
2024/01/19 16:33:57 INFO To issue batches=1,2
$ find .
.
./signing.key
./www
./www/mtc
./www/mtc/v1
./www/mtc/v1/ca-params
./www/mtc/v1/batches
./www/mtc/v1/batches/0
./www/mtc/v1/batches/0/tree
./www/mtc/v1/batches/0/abridged-assertions
./www/mtc/v1/batches/0/signed-validity-window
./www/mtc/v1/batches/0/index
./www/mtc/v1/batches/latest
./www/mtc/v1/batches/1
./www/mtc/v1/batches/1/tree
./www/mtc/v1/batches/1/abridged-assertions
./www/mtc/v1/batches/1/signed-validity-window
./www/mtc/v1/batches/1/index
./www/mtc/v1/batches/2
./www/mtc/v1/batches/2/tree
./www/mtc/v1/batches/2/abridged-assertions
./www/mtc/v1/batches/2/signed-validity-window
./www/mtc/v1/batches/2/index
./queue
./tmp

As we waited a bit longer, the current batch is 2, which will contain the queued assertions. The batch 1 in between will be empty.

Now latest points to 2, and its signed validity window is more interesting.

$ mtc inspect -ca-params www/mtc/v1/ca-params signed-validity-window www/mtc/v1/batches/2/signed-validity-window
signature      ✅
batch_number   2
tree_heads[-9] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-8] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-7] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-6] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-5] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-4] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-3] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-2] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[-1] f2f65b0486c8cad3876475c9c509afdf3f51dc073b1d2d2d261ff9883d63f98e
tree_heads[0]  c005dcdb53c4e41befcf3a294b815d8b8aa0a260e9f10bfd4e4cb52eb3724aa3
tree_heads[1]  98a421741cf06a19b56d7b52436f686885bd798611426f638ffcdb6b5a65c42c
tree_heads[2]  ab3cb1262fc084be0447c2b3d175d63f6ec2782dcc1443888b12f685976093d5
Creating a certificate

In MTC, a certificate is an assertion, together with the batch number, issuer_id of the CA, and an authentication path in the Merkle tree. Let's create one for our initial assertion.

$ mtc ca cert -i my-assertion -o my-cert
$ mtc inspect cert my-cert
subject_type     TLS
signature_scheme p256
public_key_hash  a02a1758e4c9d6511dc02f59301b9f29e41762d3d769c87a22333497984a41ef
dns              [example.com]
ip4              [198.51.100.60]

proof_type merkle_tree_sha256
issuer_id  my-mtc-ca
batch      0
index      0
authentication path
 00b17df8d909fd3e77005486a16ca00fdc9af38f92a23351359fd420d9f2ef78

If we provide the ca-params to mtc inspect, it can recompute the root from the authentication path:

$ mtc inspect -ca-params www/mtc/v1/ca-params cert my-cert
[…]
batch           0
index           0
recomputed root c005dcdb53c4e41befcf3a294b815d8b8aa0a260e9f10bfd4e4cb52eb3724aa3
authentication path
 00b17df8d909fd3e77005486a16ca00fdc9af38f92a23351359fd420d9f2ef78

This is indeed the root of the 0th batch, and so this certificate is valid.

Documentation

Index

Constants

View Source 
const (
	HashLen = 32
)

Variables

View Source 
var (
	// ErrTruncated is a parsing error returned when the input seems to have
	// been truncated.
	ErrTruncated = errors.New("Input truncated")

	// ErrExtraBytes is a parsing error returned when there are extraneous
	// bytes at the end of, or within, the data.
	ErrExtraBytes = errors.New("Unexpected extra (internal) bytes")
)

Functions

func GenerateSigningKeypair 

func GenerateSigningKeypair(scheme SignatureScheme) (Signer, Verifier, error)

func TreeNodeCount 

func TreeNodeCount(nLeaves uint64) uint

Returns the number of nodes in the Merkle tree for a batch, which has nLeaves assertions.

func UnmarshalAbridgedAssertions 

func UnmarshalAbridgedAssertions(r io.Reader,
	f func(int, *AbridgedAssertion) error) error

Unmarshals AbridgedAssertions from r and calls f for each, with the offset in the stream as first argument, and the abridged assertion as second argument.

Returns early one rror.

func VerifierFingerprint 

func VerifierFingerprint(v Verifier) string

Returns [scheme]:sha256

Types

type AbridgedAssertion 

type AbridgedAssertion struct {
	Subject AbridgedSubject
	Claims  Claims
}

func (*AbridgedAssertion) Hash 

func (a *AbridgedAssertion) Hash(out []byte, batch *Batch, index uint64) error

Computes the leaf hash of the AbridgedAssertion in the Merkle tree computed for the batch.

func (*AbridgedAssertion) Key 

func (a *AbridgedAssertion) Key(out []byte) error

Computes the key of the AbridgedAssertion used in the index.

func (*AbridgedAssertion) MarshalBinary 

func (a *AbridgedAssertion) MarshalBinary() ([]byte, error)

func (*AbridgedAssertion) UnmarshalBinary 

func (a *AbridgedAssertion) UnmarshalBinary(data []byte) error

type AbridgedSubject 

type AbridgedSubject interface {
	SubjectBase
}

type AbridgedTLSSubject 

type AbridgedTLSSubject struct {
	SignatureScheme SignatureScheme
	PublicKeyHash   [HashLen]byte
}

func (*AbridgedTLSSubject) Info 

func (s *AbridgedTLSSubject) Info() []byte

func (*AbridgedTLSSubject) Type 

func (s *AbridgedTLSSubject) Type() SubjectType

type Assertion 

type Assertion struct {
	Subject Subject
	Claims  Claims
}

func (*Assertion) Abridge 

func (a *Assertion) Abridge() (ret AbridgedAssertion)

func (*Assertion) MarshalBinary 

func (a *Assertion) MarshalBinary() ([]byte, error)

func (*Assertion) UnmarshalBinary 

func (a *Assertion) UnmarshalBinary(data []byte) error

type Batch 

type Batch struct {
	CA     *CAParams
	Number uint32
}

func (*Batch) Anchor 

func (batch *Batch) Anchor() *MerkleTreeTrustAnchor

func (*Batch) ComputeRootFromAuthenticationPath 

func (batch *Batch) ComputeRootFromAuthenticationPath(index uint64,
	path []byte, aa *AbridgedAssertion) ([]byte, error)

Compute batch root from authentication path.

To verify a certificate/proof, use VerifyAuthenticationPath instead.

func (*Batch) ComputeTree 

func (batch *Batch) ComputeTree(r io.Reader) (*Tree, error)

Compute Merkle tree from a stream of AbridgedAssertion from in.

func (*Batch) SignValidityWindow 

func (batch *Batch) SignValidityWindow(signer Signer, prevHeads []byte,
	root []byte) (SignedValidityWindow, error)

func (*Batch) VerifyAuthenticationPath 

func (batch *Batch) VerifyAuthenticationPath(index uint64, path, root []byte,
	aa *AbridgedAssertion) error

Check validity of authentication path.

Return nil on valid authentication path.

type BatchRange 

type BatchRange struct {
	Begin uint32
	End   uint32
}

Range of batch numbers Begin, …, End-1.

func (BatchRange) AreAllPast 

func (r BatchRange) AreAllPast(batch uint32) bool

Returns whether each batch in the range is after the given batch

func (BatchRange) Contains 

func (r BatchRange) Contains(batch uint32) bool

Returns whether r contains the batch with the given number.

func (BatchRange) Len 

func (r BatchRange) Len() int

func (BatchRange) String 

func (r BatchRange) String() string

type BikeshedCertificate 

type BikeshedCertificate struct {
	Assertion Assertion
	Proof     Proof
}

func (*BikeshedCertificate) MarshalBinary 

func (c *BikeshedCertificate) MarshalBinary() ([]byte, error)

func (*BikeshedCertificate) UnmarshalBinary 

func (c *BikeshedCertificate) UnmarshalBinary(data []byte) error

type CAParams 

type CAParams struct {
	IssuerId           string
	PublicKey          Verifier
	StartTime          uint64
	BatchDuration      uint64
	Lifetime           uint64
	ValidityWindowSize uint64
	StorageWindowSize  uint64
	HttpServer         string
}

Public parameters of a Merkle Tree CA

func (*CAParams) ActiveBatches 

func (p *CAParams) ActiveBatches(dt time.Time) BatchRange

Batches that are non-expired, and either issued or ready, at the given time.

func (*CAParams) MarshalBinary 

func (p *CAParams) MarshalBinary() ([]byte, error)

func (*CAParams) NextBatchAt added in v0.1.1 

func (p *CAParams) NextBatchAt(dt time.Time) time.Time

Returns the the time when the next batch starts.

func (*CAParams) PreEpochRoots 

func (p *CAParams) PreEpochRoots() []byte

Returns the roots of the validity window prior the epoch.

func (*CAParams) StoredBatches 

func (p *CAParams) StoredBatches(dt time.Time) BatchRange

Batches that are expected to be available at this CA, at the given time. The last few might not yet have been published.

func (*CAParams) UnmarshalBinary 

func (p *CAParams) UnmarshalBinary(data []byte) error

func (*CAParams) Validate 

func (p *CAParams) Validate() error

type ClaimType 

type ClaimType uint16
const (
	DnsClaimType ClaimType = iota
	DnsWildcardClaimType
	Ipv4ClaimType
	Ipv6ClaimType
)

type Claims 

type Claims struct {
	DNS         []string
	DNSWildcard []string
	IPv4        []net.IP
	IPv6        []net.IP
	Unknown     []UnknownClaim
}

List of claims.

func (*Claims) MarshalBinary 

func (c *Claims) MarshalBinary() ([]byte, error)

func (Claims) String 

func (c Claims) String() string

func (*Claims) UnmarshalBinary 

func (c *Claims) UnmarshalBinary(data []byte) error

type MerkleTreeProof 

type MerkleTreeProof struct {
	// contains filtered or unexported fields
}

func NewMerkleTreeProof 

func NewMerkleTreeProof(batch *Batch, index uint64, path []byte) *MerkleTreeProof

func (*MerkleTreeProof) Index 

func (p *MerkleTreeProof) Index() uint64

func (*MerkleTreeProof) Info 

func (p *MerkleTreeProof) Info() []byte

func (*MerkleTreeProof) Path 

func (p *MerkleTreeProof) Path() []byte

func (*MerkleTreeProof) TrustAnchor 

func (p *MerkleTreeProof) TrustAnchor() TrustAnchor

type MerkleTreeTrustAnchor 

type MerkleTreeTrustAnchor struct {
	// contains filtered or unexported fields
}

func (*MerkleTreeTrustAnchor) BatchNumber 

func (t *MerkleTreeTrustAnchor) BatchNumber() uint32

func (*MerkleTreeTrustAnchor) Info 

func (t *MerkleTreeTrustAnchor) Info() []byte

func (*MerkleTreeTrustAnchor) IssuerId 

func (t *MerkleTreeTrustAnchor) IssuerId() string

func (*MerkleTreeTrustAnchor) ProofType 

func (t *MerkleTreeTrustAnchor) ProofType() ProofType

type Proof 

type Proof interface {
	TrustAnchor() TrustAnchor
	Info() []byte
}

type ProofType 

type ProofType uint16
const (
	MerkleTreeProofType ProofType = iota
)

func (ProofType) String 

func (p ProofType) String() string

type SignatureScheme 

type SignatureScheme uint16

Copy of tls.SignatureScheme to prevent cycling dependencies 

const (
	TLSPSSWithSHA256          SignatureScheme = 0x0804
	TLSPSSWithSHA384          SignatureScheme = 0x0805
	TLSPSSWithSHA512          SignatureScheme = 0x0806
	TLSECDSAWithP256AndSHA256 SignatureScheme = 0x0403
	TLSECDSAWithP384AndSHA384 SignatureScheme = 0x0503
	TLSECDSAWithP521AndSHA512 SignatureScheme = 0x0603
	TLSEd25519                SignatureScheme = 0x0807

	// Just for testing we use round 3 Dilithium5 with a codepoint in the
	// private use region. For production SPHINCS⁺-128s would be a better
	// choice.
	TLSDilitihium5r3 SignatureScheme = 0xfe3c
)

func SignatureSchemeFromString 

func SignatureSchemeFromString(s string) SignatureScheme

func SignatureSchemesFor 

func SignatureSchemesFor(pk crypto.PublicKey) []SignatureScheme

Returns valid signature schemes for given public key

func (SignatureScheme) String 

func (s SignatureScheme) String() string

type SignedValidityWindow 

type SignedValidityWindow struct {
	ValidityWindow
	Signature []byte
}

func (*SignedValidityWindow) MarshalBinary 

func (w *SignedValidityWindow) MarshalBinary() ([]byte, error)

func (*SignedValidityWindow) UnmarshalBinary 

func (w *SignedValidityWindow) UnmarshalBinary(data []byte, p *CAParams) error

func (*SignedValidityWindow) UnmarshalBinaryWithoutVerification 

func (w *SignedValidityWindow) UnmarshalBinaryWithoutVerification(
	data []byte, p *CAParams) error

Like UnmarshalBinary() but doesn't check the signature.

type Signer 

type Signer interface {
	Sign(message []byte) []byte
	Scheme() SignatureScheme
	Bytes() []byte
}

Signing private key with specific hash and options.

func UnmarshalSigner 

func UnmarshalSigner(scheme SignatureScheme, data []byte) (
	Signer, error)

type Subject 

type Subject interface {
	SubjectBase
	Abridge() AbridgedSubject
}

type SubjectBase 

type SubjectBase interface {
	Type() SubjectType
	Info() []byte
}

type SubjectType 

type SubjectType uint16
const (
	TLSSubjectType SubjectType = iota
)

func (SubjectType) String 

func (s SubjectType) String() string

type TLSSubject 

type TLSSubject struct {
	// contains filtered or unexported fields
}

func NewTLSSubject 

func NewTLSSubject(scheme SignatureScheme, pk crypto.PublicKey) (*TLSSubject, error)

func (*TLSSubject) Abridge 

func (s *TLSSubject) Abridge() AbridgedSubject

func (*TLSSubject) Info 

func (s *TLSSubject) Info() []byte

func (*TLSSubject) Type 

func (s *TLSSubject) Type() SubjectType

func (*TLSSubject) Verifier 

func (s *TLSSubject) Verifier() (Verifier, error)

type Tree 

type Tree struct {
	// contains filtered or unexported fields
}

Merkle tree built upon the assertions of a batch.

func (*Tree) AuthenticationPath 

func (t *Tree) AuthenticationPath(index uint64) ([]byte, error)

Return authentication path proving that the leaf at the given index is included in the Merkle tree.

func (*Tree) LeafCount 

func (t *Tree) LeafCount() uint64

func (*Tree) NodeCount 

func (t *Tree) NodeCount() uint

func (*Tree) Root 

func (t *Tree) Root() []byte

Return root of the tree

func (*Tree) UnmarshalBinary 

func (t *Tree) UnmarshalBinary(buf []byte) error

func (*Tree) WriteTo 

func (t *Tree) WriteTo(w io.Writer) error

Write the tree to w

type TrustAnchor 

type TrustAnchor interface {
	ProofType() ProofType
	Info() []byte
}

type UnknownClaim 

type UnknownClaim struct {
	Type ClaimType
	Info []byte
}

Represents a claim we do not how to interpret.

type UnknownProof 

type UnknownProof struct {
	// contains filtered or unexported fields
}

func (*UnknownProof) Info 

func (p *UnknownProof) Info() []byte

func (*UnknownProof) TrustAnchor 

func (p *UnknownProof) TrustAnchor() TrustAnchor

type UnknownSubject 

type UnknownSubject struct {
	// contains filtered or unexported fields
}

Used for either an unknown (abridged) subject

func (*UnknownSubject) Abridge 

func (s *UnknownSubject) Abridge() AbridgedSubject

func (*UnknownSubject) Info 

func (s *UnknownSubject) Info() []byte

func (*UnknownSubject) Type 

func (s *UnknownSubject) Type() SubjectType

type UnknownTrustAnchor 

type UnknownTrustAnchor struct {
	// contains filtered or unexported fields
}

func (*UnknownTrustAnchor) Info 

func (t *UnknownTrustAnchor) Info() []byte

func (*UnknownTrustAnchor) ProofType 

func (t *UnknownTrustAnchor) ProofType() ProofType

type ValidityWindow 

type ValidityWindow struct {
	BatchNumber uint32
	TreeHeads   []byte
}

func (*ValidityWindow) LabeledValdityWindow 

func (w *ValidityWindow) LabeledValdityWindow(ca *CAParams) ([]byte, error)

Returns the corresponding marshalled LabeledValdityWindow, which is signed by the CA.

func (*ValidityWindow) MarshalBinary 

func (w *ValidityWindow) MarshalBinary() ([]byte, error)

type Verifier 

type Verifier interface {
	Verify(message, signature []byte) error
	Scheme() SignatureScheme
	Bytes() []byte
}

Signing public key with specific hash and options.

func NewVerifier 

func NewVerifier(scheme SignatureScheme, pk crypto.PublicKey) (
	Verifier, error)

func UnmarshalVerifier 

func UnmarshalVerifier(scheme SignatureScheme, data []byte) (
	Verifier, error)

Source Files

View all Source files

Directories

Path Synopsis
cmd
mtc

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.