trc

package

v0.0.0-...-c8fc2fc Latest Latest Go to latest Published: Mar 2, 2018 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fr4nk-w/osourced-scion

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Addr
type CertLog
- func (c *CertLog) MarshalJSON() ([]byte, error)
- func (c *CertLog) UnmarshalJSON(b []byte) error
type CoreAS
type Key
- func NewKey(isd uint16, ver uint64) *Key
- func (k *Key) String() string
type Rains
type RootCA
type TRC
- func TRCFromRaw(raw common.RawBytes, lz4_ bool) (*TRC, error)
type TRCVerResult
- func (tvr *TRCVerResult) QuorumOk() bool

Constants ¶

View Source

const (
	MaxTRCByteLength uint32 = 1 << 20

	// Error strings
	EarlyUsage          = "Creation time in the future"
	EarlyAnnouncement   = "Early announcement"
	Expired             = "TRC expired"
	GracePeriodPassed   = "TRC grace period has passed"
	InactiveVersion     = "Inactive TRC version"
	InvalidCreationTime = "Invalid TRC creation time"
	InvalidISD          = "Invalid TRC ISD"
	InvalidQuorum       = "Not enough valid signatures"
	InvalidVersion      = "Invalid TRC version"
	ReservedVersion     = "Invalid version 0"
	SignatureMissing    = "Signature missing"
	UnableSigPack       = "TRC: Unable to create signature input"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Addr ¶

type Addr struct {
	// IA is the ISD-AS.
	IA *addr.ISD_AS
	// IP is the IP.
	IP net.IP
}

Addr is the (ISD-AS IP)-tuple used for entity addresses in the TRC file.

func (*Addr) MarshalJSON ¶

func (a *Addr) MarshalJSON() ([]byte, error)

func (*Addr) ParseString ¶

func (a *Addr) ParseString(addr_ string) error

ParseString parses a string of the format "ISD-AS IP" and sets the struct fields accordingly.

func (*Addr) String ¶

func (a *Addr) String() string

func (*Addr) UnmarshalJSON ¶

func (a *Addr) UnmarshalJSON(b []byte) error

func (*CertLog) MarshalJSON ¶

func (c *CertLog) MarshalJSON() ([]byte, error)

func (*CertLog) UnmarshalJSON ¶

func (c *CertLog) UnmarshalJSON(b []byte) error

type Key ¶

type Key struct {
	ISD uint16
	Ver uint64
}

func NewKey ¶

func NewKey(isd uint16, ver uint64) *Key

func (*Key) String ¶

func (k *Key) String() string

type TRC ¶

type TRC struct {
	// CertLogs is a map from end-entity certificate logs to their addresses and public-key
	// certificate.
	CertLogs map[string]*CertLog
	// CoreASes is a map from core ASes to their online and offline key.
	CoreASes map[addr.ISD_AS]*CoreAS
	// CreationTime is the unix timestamp in seconds at which the TRC was created.
	CreationTime uint64
	// Description is an human-readable description of the ISD.
	Description string
	// ExpirationTime is the unix timestamp in seconds at which the TRC expires.
	ExpirationTime uint64
	// GracePeriod is the period during which the TRC is valid after creation of a new TRC in
	// seconds.
	GracePeriod uint64
	// ISD is the integer identifier from 1 to 4095.
	ISD uint16
	// Quarantine describes if the TRC is an early announcement (true) or valid (false).
	Quarantine bool
	// QuorumCAs is the quorum of root CAs required to change e RootCAs, CertLogs,
	// ThresholdEEPKI, and QuorumCAs.
	QuorumCAs uint32
	// QuorumTRC is the quorum of core ASes required to sign a new TRC.
	QuorumTRC uint32
	// Rains is the Rains entry.
	RAINS *Rains
	// RootCAs is a map from root CA names to their RootCA entry.
	RootCAs map[string]*RootCA
	// Signatures is a map from entity names to their signatures.
	Signatures map[string]common.RawBytes `json:",omitempty"`
	// ThresholdEEPKI is the threshold number of trusted parties (CAs and one log) required to
	// assert a domain’s policy.
	ThresholdEEPKI uint32
	// Version is the version number of the TRC. The value 0 is reserved and shall not be used.
	Version uint64
}

func TRCFromRaw ¶

func TRCFromRaw(raw common.RawBytes, lz4_ bool) (*TRC, error)

func (*TRC) CheckActive ¶

func (t *TRC) CheckActive(maxTRC *TRC) error

CheckActive checks if TRC is active and can be used for certificate chain verification. MaxTRC is the newest active TRC of the same ISD which we know of.

func (*TRC) Compress ¶

func (t *TRC) Compress() (common.RawBytes, error)

Compress compresses the JSON generated from the TRC using lz4 block mode and prepends the original length (4 bytes, little endian, unsigned). This is necessary, since the python lz4 library expects this format.

func (*TRC) CoreASList ¶

func (t *TRC) CoreASList() []*addr.ISD_AS

CoreASList returns a list of core ASes' addresses.

func (*TRC) IsdVer ¶

func (t *TRC) IsdVer() (uint16, uint64)

func (*TRC) JSON ¶

func (t *TRC) JSON(indent bool) ([]byte, error)

func (*TRC) Key ¶

func (t *TRC) Key() *Key

func (*TRC) Sign ¶

func (t *TRC) Sign(name string, signKey common.RawBytes, signAlgo string) error

Sign adds signature to the TRC. The signature is computed over the TRC without the signature map.

func (*TRC) String ¶

func (t *TRC) String() string

func (*TRC) Verify ¶

func (t *TRC) Verify(trust *TRC) (*TRCVerResult, error)

Verify checks the validity of the TRC based on a trusted TRC. The trusted TRC can either be the direct predecessor TRC or a cross signing TRC.

type TRCVerResult ¶

type TRCVerResult struct {
	Quorum   uint32
	Verified []*addr.ISD_AS
	Failed   map[*addr.ISD_AS]error
}

TRCVerResult is the result of verifying core AS signatures.

func (*TRCVerResult) QuorumOk ¶

func (tvr *TRCVerResult) QuorumOk() bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

trc