Version: v0.3.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2020 License: Apache-2.0 Imports: 29 Imported by: 2



Package keyserver implements a transparent key server for End to End.



View Source
const (
	MaxClockDrift = 5 * time.Minute
	MinNonceLen   = 16

Maximum period of time to allow between CreationTime and server time.


View Source
var (
	// ErrNoCommitted occurs when the committed field is missing.
	ErrNoCommitted = errors.New("missing commitment")
	// ErrCommittedKeyLen occurs when the committed key is too small.
	ErrCommittedKeyLen = errors.New("committed.key is too small")
	// ErrWrongIndex occurs when the index in key value does not match the
	// output of VRF.
	ErrWrongIndex = errors.New("index does not match VRF")
	// ErrInvalidStart occurs when the start revision of ListEntryHistoryRequest
	// is not valid (not in [1, currentRevision]).
	ErrInvalidStart = errors.New("invalid start revision")
	// ErrInvalidPageSize occurs when the page size is < 0.
	ErrInvalidPageSize = errors.New("invalid page size")
	// ErrInvalidEnd occurs when the end revision of the ListUserRevisionsRequest
	// is not in [start, currentRevision].
	ErrInvalidEnd = errors.New("invalid end revision")


func DecodeToken

func DecodeToken(token string, msg proto.Message) error

DecodeToken turns a URL-safe base64 encoded protobuf back into its proto.

func EncodeToken

func EncodeToken(msg proto.Message) (string, error)

EncodeToken converts a protobuf into a URL-safe base64 encoded string.


type BatchReader

type BatchReader interface {
	// ReadBatch returns the batch definitions for a given revision.
	ReadBatch(ctx context.Context, directoryID string, rev int64) (*spb.MapMetadata, error)

BatchReader reads batch definitions.

type MutationLogs

type MutationLogs interface {
	// SendBatch submits the whole group of mutations atomically to a given log.
	// Returns the watermark key that the mutation batch got written at. This
	// watermark can be used as a lower bound argument of a ReadLog call. To
	// acquire a watermark to use for the upper bound, use HighWatermark.
	SendBatch(ctx context.Context, directoryID string, logID int64, batch []*pb.EntryUpdate) (water.Mark, error)
	// ReadLog returns the messages in the (low, high] range stored in the
	// specified log. ReadLog always returns complete units of the original
	// batches sent via Send, and will return  more items than limit if
	// needed to do so.
	ReadLog(ctx context.Context, directoryID string, logID int64, low, high water.Mark,
		limit int32) ([]*mutator.LogMessage, error)
	// ListLogs returns a list of logs, optionally filtered by the writable bit.
	ListLogs(ctx context.Context, directoryID string, writable bool) ([]int64, error)

MutationLogs provides sets of roughly time ordered message logs.

type NewFromWrappedKeyFunc

type NewFromWrappedKeyFunc func(context.Context, proto.Message) (vrf.PrivateKey, error)

NewFromWrappedKeyFunc returns a vrf private key from a proto.

type Server

type Server struct {
	// contains filtered or unexported fields

Server holds internal state for the key server.

func New

func New(tlog tpb.TrillianLogClient,
	tmap tpb.TrillianMapClient,
	verifyMutation mutator.VerifyMutationFn,
	directories directory.Storage,
	logs MutationLogs,
	batches BatchReader,
	metricsFactory monitoring.MetricFactory,
	revisionPageSize int32,
) *Server

New creates a new instance of the key server. revisionPageSize sets the maximum number of map revision to return per list API.

func (*Server) BatchGetUser

func (s *Server) BatchGetUser(ctx context.Context, in *pb.BatchGetUserRequest) (*pb.BatchGetUserResponse, error)

BatchGetUser returns a batch of users at the same revision.

func (*Server) BatchGetUserIndex

BatchGetUserIndex returns indexes for users, computed with a verifiable random function.

func (*Server) BatchListUserRevisions

BatchListUserRevisions returns a list of revisions covering a period of time.

func (*Server) BatchQueueUserUpdate

func (s *Server) BatchQueueUserUpdate(ctx context.Context, in *pb.BatchQueueUserUpdateRequest) (*empty.Empty, error)

BatchQueueUserUpdate updates a user's profile. If the user does not exist, a new profile will be created.

func (*Server) GetDirectory

func (s *Server) GetDirectory(ctx context.Context, in *pb.GetDirectoryRequest) (*pb.Directory, error)

GetDirectory returns all info tied to the specified directory.

This API to get all necessary data needed to verify a particular key-server. Data contains for instance the tree-info, like for instance the log/map-id and the corresponding public-keys.

func (*Server) GetLatestRevision

func (s *Server) GetLatestRevision(ctx context.Context, in *pb.GetLatestRevisionRequest) (*pb.Revision, error)

GetLatestRevision returns the latest revision. The current revision tracks the SignedLogRoot.

func (*Server) GetRevision

func (s *Server) GetRevision(ctx context.Context, in *pb.GetRevisionRequest) (*pb.Revision, error)

GetRevision returns the requested revision.

func (*Server) GetRevisionStream

GetRevisionStream is a streaming API similar to ListMutations.

func (*Server) GetUser

func (s *Server) GetUser(ctx context.Context, in *pb.GetUserRequest) (*pb.GetUserResponse, error)

GetUser returns a user's profile and proof that there is only one object for this user and that it is the same one being provided to everyone else. GetUser also supports querying past values by setting the revision field.

func (*Server) ListEntryHistory

ListEntryHistory returns a list of EntryProofs covering a period of time.

func (*Server) ListMutations

func (s *Server) ListMutations(ctx context.Context, in *pb.ListMutationsRequest) (*pb.ListMutationsResponse, error)

ListMutations returns the mutations that created an revision.

func (*Server) ListMutationsStream

ListMutationsStream is a streaming list of mutations in a specific revision.

func (*Server) ListUserRevisions

func (s *Server) ListUserRevisions(ctx context.Context, in *pb.ListUserRevisionsRequest) (
	*pb.ListUserRevisionsResponse, error)

ListUserRevisions returns a list of revisions covering a period of time.

func (*Server) QueueEntryUpdate

func (s *Server) QueueEntryUpdate(ctx context.Context, in *pb.UpdateEntryRequest) (*empty.Empty, error)

QueueEntryUpdate updates a user's profile. If the user does not exist, a new profile will be created.

type SourceList

type SourceList []*spb.MapMetadata_SourceSlice

SourceList is a paginator for a list of source slices.

func (SourceList) First

func (s SourceList) First() *rtpb.ReadToken

First returns the first read parameters for this source.

func (SourceList) Next

func (s SourceList) Next(rt *rtpb.ReadToken, lastRow *mutator.LogMessage) *rtpb.ReadToken

Next returns the next read token. Returns an empty struct when the read is finished. lastRow is the (batchSize)th row from the last read, or nil if fewer than batchSize + 1 rows were returned.

func (SourceList) ParseToken

func (s SourceList) ParseToken(token string) (*rtpb.ReadToken, error)

ParseToken will return the first token if token is "", otherwise it will try to parse the read token.


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL