directory

package

v0.0.0-...-11acf48 Latest Latest Go to latest Published: Jul 22, 2018 License: BSD-3-Clause Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/coniks-sys/coniks-go

Links

Open Source Insights

Documentation ¶

Index ¶

type ConiksDirectory
- func New(epDeadline protocol.Timestamp, vrfKey vrf.PrivateKey, signKey sign.PrivateKey, ...) *ConiksDirectory
- func NewTestDirectory(t *testing.T) *ConiksDirectory

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ConiksDirectory ¶

type ConiksDirectory struct {
	// contains filtered or unexported fields
}

A ConiksDirectory maintains the underlying persistent authenticated dictionary (PAD) and its policies (i.e. epoch deadline, VRF public key, etc.).

The current implementation of ConiksDirectory also keeps track of temporary bindings (TBs). This feature may be split into a separate protocol extension in a future release.

func New ¶

func New(epDeadline protocol.Timestamp, vrfKey vrf.PrivateKey,
	signKey sign.PrivateKey, dirSize uint64, useTBs bool) *ConiksDirectory

New constructs a new ConiksDirectory given the key server's PAD policies (i.e. epDeadline, vrfKey).

signKey is the private key the key server uses to generate signed tree roots (STRs) and TBs. dirSize indicates the number of PAD snapshots the server keeps in memory. useTBs indicates whether the key server returns TBs upon a successful registration.

func NewTestDirectory ¶

func NewTestDirectory(t *testing.T) *ConiksDirectory

NewTestDirectory creates a ConiksDirectory used for testing server-side CONIKS operations.

func (*ConiksDirectory) EpochDeadline ¶

func (d *ConiksDirectory) EpochDeadline() protocol.Timestamp

EpochDeadline returns this ConiksDirectory's latest epoch deadline as a timestamp.

func (*ConiksDirectory) GetSTRHistory ¶

func (d *ConiksDirectory) GetSTRHistory(req *protocol.STRHistoryRequest) *protocol.Response

GetSTRHistory gets the directory snapshots for the epoch range indicated in the STRHistoryRequest req received from a CONIKS auditor. The response (which also includes the error code) is supposed to be sent back to the auditor.

A request with a start epoch greater than the latest epoch of this directory, or a start epoch greater than the end epoch is considered malformed, and causes GetSTRHistory() to return a message.NewErrorResponse(ErrMalformedMessage). GetSTRHistory() returns a message.NewSTRHistoryRange(strs). strs is a list of STRs for the epoch range [startEpoch, endEpoch], where startEpoch and endEpoch are the epoch range endpoints indicated in the client's request. If req.endEpoch is greater than d.LatestSTR().Epoch, the end of the range will be set to d.LatestSTR().Epoch.

func (*ConiksDirectory) KeyLookup ¶

func (d *ConiksDirectory) KeyLookup(req *protocol.KeyLookupRequest) *protocol.Response

KeyLookup gets the public key for the username indicated in the KeyLookupRequest req received from a CONIKS client from the latest snapshot of this ConiksDirectory, and returns a protocol.Response. The response (which also includes the error code) is supposed to be sent back to the client.

A request without a username is considered malformed, and causes KeyLookup() to return a message.NewErrorResponse(ErrMalformedMessage). If the username doesn't have an entry in the latest directory snapshot and also isn't pending registration (i.e. has a corresponding TB), KeyLookup() returns a message.NewKeyLookupProof(ap=proof of absence, str, nil, ReqNameNotFound). Otherwise, KeyLookup() returns a message.NewKeyLookupProof(ap=proof of absence, str, tb, ReqSuccess) if there is a corresponding TB for the username, but there isn't an entry in the directory yet, and a a message.NewKeyLookupProof(ap=proof of inclusion, str, nil, ReqSuccess) if there is. In any case, str is the signed tree root for the latest epoch. If KeyLookup() encounters an internal error at any point, it returns a message.NewErrorResponse(ErrDirectory).

func (*ConiksDirectory) KeyLookupInEpoch ¶

func (d *ConiksDirectory) KeyLookupInEpoch(req *protocol.KeyLookupInEpochRequest) *protocol.Response

KeyLookupInEpoch gets the public key for the username for a prior epoch in the directory history indicated in the KeyLookupInEpochRequest req received from a CONIKS client, and returns a protocol.Response. The response (which also includes the error code) is supposed to be sent back to the client.

A request without a username or with an epoch greater than the latest epoch of this directory is considered malformed, and causes KeyLookupInEpoch() to return a message.NewErrorResponse(ErrMalformedMessage). If the username doesn't have an entry in the directory snapshot for the indicated epoch, KeyLookupInEpoch() returns a message.NewKeyLookupInEpochProof(ap=proof of absence, str, ReqNameNotFound). Otherwise, KeyLookupInEpoch() returns a message.NewKeyLookupInEpochProof(ap=proof of inclusion, str, ReqSuccess). In either case, str is a list of STRs for the epoch range [ep, d.LatestSTR().Epoch], where ep is the past epoch for which the client has requested the user's key. KeyLookupInEpoch() proofs do not include temporary bindings since the TB corresponding to a registered binding is discarded at the time the binding is included in a directory snapshot. If KeyLookupInEpoch() encounters an internal error at any point, it returns a message.NewErrorResponse(ErrDirectory).

func (*ConiksDirectory) LatestSTR ¶

func (d *ConiksDirectory) LatestSTR() *protocol.DirSTR

LatestSTR returns this ConiksDirectory's latest STR.

func (*ConiksDirectory) Monitor ¶

func (d *ConiksDirectory) Monitor(req *protocol.MonitoringRequest) *protocol.Response

Monitor gets the directory proofs for the username for the range of epochs indicated in the MonitoringRequest req received from a CONIKS client, and returns a protocol.Response. The response (which also includes the error code) is supposed to be sent back to the client.

A request without a username, with a start epoch greater than the latest epoch of this directory, or a start epoch greater than the end epoch is considered malformed, and causes Monitor() to return a message.NewErrorResponse(ErrMalformedMessage). Monitor() returns a message.NewMonitoringProof(ap, str). ap is a list of proofs of inclusion, and str is a list of STRs for the epoch range [startEpoch, endEpoch], where startEpoch and endEpoch are the epoch range endpoints indicated in the client's request. If req.endEpoch is greater than d.LatestSTR().Epoch, the end of the range will be set to d.LatestSTR().Epoch. If Monitor() encounters an internal error at any point, it returns a message.NewErrorResponse(ErrDirectory).

func (*ConiksDirectory) NewTB ¶

func (d *ConiksDirectory) NewTB(name string, key []byte) *protocol.TemporaryBinding

NewTB creates a new temporary binding for the given name-to-key mapping. NewTB() computes the private index for the name, and digitally signs the (index, key, latest STR signature) tuple.

func (*ConiksDirectory) Register ¶

func (d *ConiksDirectory) Register(req *protocol.RegistrationRequest) *protocol.Response

Register inserts the username-to-key mapping contained in a RegistrationRequest req received from a CONIKS client into this ConiksDirectory, and returns a protocol.Response. The response (which also includes the error code) is supposed to be sent back to the client.

A request without a username or without a public key is considered malformed, and causes Register() to return a message.NewErrorResponse(ErrMalformedMessage). Register() inserts the new mapping in req into a pending version of the directory so it can be included in the snapshot taken at the end of the latest epoch, and returns a message.NewRegistrationProof(ap=proof of absence, str, tb, ReqSuccess) if this operation succeeds. Otherwise, if the username already exists, Register() returns a message.NewRegistrationProof(ap=proof of inclusion, str, nil, ReqNameExisted). ap will be a proof of absence with a non-nil TB, if the username is still pending inclusion in the next directory snapshot. In any case, str is the signed tree root for the latest epoch. If Register() encounters an internal error at any point, it returns a message.NewErrorResponse(ErrDirectory).

func (*ConiksDirectory) SetPolicies ¶

func (d *ConiksDirectory) SetPolicies(epDeadline protocol.Timestamp)

SetPolicies sets this ConiksDirectory's epoch deadline, which will be used in the next epoch.

func (*ConiksDirectory) Update ¶

func (d *ConiksDirectory) Update()

Update creates a new PAD snapshot updating this ConiksDirectory. Update() is called at the end of a CONIKS epoch. This implementation also deletes all issued TBs for the ending epoch as their corresponding mappings will have been inserted into the PAD.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL