trillian

package module
Version: v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 21, 2021 License: Apache-2.0 Imports: 13 Imported by: 255

README

Trillian: General Transparency

Go Report Card codecov GoDoc Slack Status

Overview

Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper, which in turn is an extension and generalisation of the ideas which underpin Certificate Transparency.

Trillian implements a Merkle tree whose contents are served from a data storage layer, to allow scalability to extremely large trees. On top of this Merkle tree, Trillian provides the following:

  • An append-only Log mode, analogous to the original Certificate Transparency logs. In this mode, the Merkle tree is effectively filled up from the left, giving a dense Merkle tree.

Note that Trillian requires particular applications to provide their own personalities on top of the core transparent data store functionality.

Certificate Transparency (CT) is the most well-known and widely deployed transparency application, and an implementation of CT as a Trillian personality is available in the certificate-transparency-go repo.

Other examples of Trillian personalities are available in the trillian-examples repo.

Support

Using the Code

WARNING: The Trillian codebase is still under development, but the Log mode is now being used in production by several organizations. We will try to avoid any further incompatible code and schema changes but cannot guarantee that they will never be necessary.

The current state of feature implementation is recorded in the Feature implementation matrix.

To build and test Trillian you need:

  • Go 1.14 or later (go 1.17 matches cloudbuild, and is preferred for developers that will be submitting PRs to this project).

To run many of the tests (and production deployment) you need:

Note that this repository uses Go modules to manage dependencies; Go will fetch and install them automatically upon build/test.

To fetch the code, dependencies, and build Trillian, run the following:

export GO111MODULE=auto

git clone https://github.com/google/trillian.git
cd trillian

go build ./...

To build and run tests, use:

go test ./...

The repository also includes multi-process integration tests, described in the Integration Tests section below.

MySQL Setup

To run Trillian's integration tests you need to have an instance of MySQL running and configured to:

  • listen on the standard MySQL port 3306 (so mysql --host=127.0.0.1 --port=3306 connects OK)
  • not require a password for the root user

You can then set up the expected tables in a test database like so:

./scripts/resetdb.sh
Warning: about to destroy and reset database 'test'
Are you sure? y
> Resetting DB...
> Reset Complete
Integration Tests

Trillian includes an integration test suite to confirm basic end-to-end functionality, which can be run with:

./integration/integration_test.sh

This runs a multi-process test:

  • A test that starts a Trillian server in Log mode, together with a signer, logs many leaves, and checks they are integrated correctly.
Deployment

You can find instructions on how to deploy Trillian in deployment and examples/deployment directories.

Working on the Code

Developers who want to make changes to the Trillian codebase need some additional dependencies and tools, described in the following sections. The Cloud Build configuration and the scripts it depends on are also a useful reference for the required tools and scripts, as it may be more up-to-date than this document.

Rebuilding Generated Code

Some of the Trillian Go code is autogenerated from other files:

  • gRPC message structures are originally provided as protocol buffer message definitions.
  • Some unit tests use mock implementations of interfaces; these are created from the real implementations by GoMock.
  • Some enums have string-conversion methods (satisfying the fmt.Stringer interface) created using the stringer tool (go get golang.org/x/tools/cmd/stringer).

Re-generating mock or protobuffer files is only needed if you're changing the original files; if you do, you'll need to install the prerequisites:

  • a series of tools, using go install to ensure that the versions are compatible and tested:

    cd $(go list -f '{{ .Dir }}' github.com/google/trillian); \
    go install github.com/golang/mock/mockgen; \
    go install google.golang.org/protobuf/proto; \
    go install google.golang.org/protobuf/protoc-gen-go; \
    go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc; \
    go install golang.org/x/tools/cmd/stringer
    
  • protocol buffer definitions for standard Google APIs:

    git clone https://github.com/googleapis/googleapis.git $GOPATH/src/github.com/googleapis/googleapis
    

and run the following:

go generate -x ./...  # hunts for //go:generate comments and runs them
Updating Dependencies

The Trillian codebase uses go.mod to declare fixed versions of its dependencies. With Go modules, updating a dependency simply involves running go get:

export GO111MODULE=on
go get package/path       # Fetch the latest published version
go get package/path@X.Y.Z # Fetch a specific published version
go get package/path@HEAD  # Fetch the latest commit 

To update ALL dependencies to the latest version run go get -u. Be warned however, that this may undo any selected versions that resolve issues in other non-module repos.

While running go build and go test, go will add any ambiguous transitive dependencies to go.mod To clean these up run:

go mod tidy
Running Codebase Checks

The scripts/presubmit.sh script runs various tools and tests over the codebase.

Install golangci-lint.
go install github.com/golangci/golangci-lint/cmd/golangci-lint
Run code generation, build, test and linters
./scripts/presubmit.sh
Or just run the linters alone
golangci-lint run

Design

Design Overview

Trillian is primarily implemented as a gRPC service; this service receives get/set requests over gRPC and retrieves the corresponding Merkle tree data from a separate storage layer (currently using MySQL), ensuring that the cryptographic properties of the tree are preserved along the way.

The Trillian service is multi-tenanted – a single Trillian installation can support multiple Merkle trees in parallel, distinguished by their TreeId – and each tree operates in one of two modes:

  • Log mode: an append-only collection of items; this has two sub-modes:
    • normal Log mode, where the Trillian service assigns sequence numbers to new tree entries as they arrive
    • 'preordered' Log mode, where the unique sequence number for entries in the Merkle tree is externally specified

In either case, Trillian's key transparency property is that cryptographic proofs of inclusion/consistency are available for data items added to the service.

Personalities

To build a complete transparent application, the Trillian core service needs to be paired with additional code, known as a personality, that provides functionality that is specific to the particular application.

In particular, the personality is responsible for:

  • Admission Criteria – ensuring that submissions comply with the overall purpose of the application.
  • Canonicalization – ensuring that equivalent versions of the same data get the same canonical identifier, so they can be de-duplicated by the Trillian core service.
  • External Interface – providing an API for external users, including any practical constraints (ACLs, load-balancing, DoS protection, etc.)

This is described in more detail in a separate document. General design considerations for transparent Log applications are also discussed separately.

Log Mode

When running in Log mode, Trillian provides a gRPC API whose operations are similar to those available for Certificate Transparency logs (cf. RFC 6962). These include:

  • GetLatestSignedLogRoot returns information about the current root of the Merkle tree for the log, including the tree size, hash value, timestamp and signature.
  • GetLeavesByRange returns leaf information for particular leaves, specified by their index in the log.
  • QueueLeaf requests inclusion of the specified item into the log.
    • For a pre-ordered log, AddSequencedLeaves requests the inclusion of specified items into the log at specified places in the tree.
  • GetInclusionProof, GetInclusionProofByHash and GetConsistencyProof return inclusion and consistency proof data.

In Log mode (whether normal or pre-ordered), Trillian includes an additional Signer component; this component periodically processes pending items and adds them to the Merkle tree, creating a new signed tree head as a result.

Log components

(Note that each of the components in this diagram can be distributed, for scalability and resilience.)

Use Cases

Certificate Transparency Log

The most obvious application for Trillian in Log mode is to provide a Certificate Transparency (RFC 6962) Log. To do this, the CT Log personality needs to include all of the certificate-specific processing – in particular, checking that an item that has been suggested for inclusion is indeed a valid certificate that chains to an accepted root.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	LogRootFormat_name = map[int32]string{
		0: "LOG_ROOT_FORMAT_UNKNOWN",
		1: "LOG_ROOT_FORMAT_V1",
	}
	LogRootFormat_value = map[string]int32{
		"LOG_ROOT_FORMAT_UNKNOWN": 0,
		"LOG_ROOT_FORMAT_V1":      1,
	}
)

Enum value maps for LogRootFormat.

View Source
var (
	HashStrategy_name = map[int32]string{
		0: "UNKNOWN_HASH_STRATEGY",
		1: "RFC6962_SHA256",
		2: "TEST_MAP_HASHER",
		3: "OBJECT_RFC6962_SHA256",
		4: "CONIKS_SHA512_256",
		5: "CONIKS_SHA256",
	}
	HashStrategy_value = map[string]int32{
		"UNKNOWN_HASH_STRATEGY": 0,
		"RFC6962_SHA256":        1,
		"TEST_MAP_HASHER":       2,
		"OBJECT_RFC6962_SHA256": 3,
		"CONIKS_SHA512_256":     4,
		"CONIKS_SHA256":         5,
	}
)

Enum value maps for HashStrategy.

View Source
var (
	TreeState_name = map[int32]string{
		0: "UNKNOWN_TREE_STATE",
		1: "ACTIVE",
		2: "FROZEN",
		3: "DEPRECATED_SOFT_DELETED",
		4: "DEPRECATED_HARD_DELETED",
		5: "DRAINING",
	}
	TreeState_value = map[string]int32{
		"UNKNOWN_TREE_STATE":      0,
		"ACTIVE":                  1,
		"FROZEN":                  2,
		"DEPRECATED_SOFT_DELETED": 3,
		"DEPRECATED_HARD_DELETED": 4,
		"DRAINING":                5,
	}
)

Enum value maps for TreeState.

View Source
var (
	TreeType_name = map[int32]string{
		0: "UNKNOWN_TREE_TYPE",
		1: "LOG",
		3: "PREORDERED_LOG",
	}
	TreeType_value = map[string]int32{
		"UNKNOWN_TREE_TYPE": 0,
		"LOG":               1,
		"PREORDERED_LOG":    3,
	}
)

Enum value maps for TreeType.

View Source
var File_trillian_admin_api_proto protoreflect.FileDescriptor
View Source
var File_trillian_log_api_proto protoreflect.FileDescriptor
View Source
var File_trillian_proto protoreflect.FileDescriptor
View Source
var TrillianAdmin_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "trillian.TrillianAdmin",
	HandlerType: (*TrillianAdminServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "ListTrees",
			Handler:    _TrillianAdmin_ListTrees_Handler,
		},
		{
			MethodName: "GetTree",
			Handler:    _TrillianAdmin_GetTree_Handler,
		},
		{
			MethodName: "CreateTree",
			Handler:    _TrillianAdmin_CreateTree_Handler,
		},
		{
			MethodName: "UpdateTree",
			Handler:    _TrillianAdmin_UpdateTree_Handler,
		},
		{
			MethodName: "DeleteTree",
			Handler:    _TrillianAdmin_DeleteTree_Handler,
		},
		{
			MethodName: "UndeleteTree",
			Handler:    _TrillianAdmin_UndeleteTree_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "trillian_admin_api.proto",
}

TrillianAdmin_ServiceDesc is the grpc.ServiceDesc for TrillianAdmin service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source
var TrillianLog_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "trillian.TrillianLog",
	HandlerType: (*TrillianLogServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "QueueLeaf",
			Handler:    _TrillianLog_QueueLeaf_Handler,
		},
		{
			MethodName: "GetInclusionProof",
			Handler:    _TrillianLog_GetInclusionProof_Handler,
		},
		{
			MethodName: "GetInclusionProofByHash",
			Handler:    _TrillianLog_GetInclusionProofByHash_Handler,
		},
		{
			MethodName: "GetConsistencyProof",
			Handler:    _TrillianLog_GetConsistencyProof_Handler,
		},
		{
			MethodName: "GetLatestSignedLogRoot",
			Handler:    _TrillianLog_GetLatestSignedLogRoot_Handler,
		},
		{
			MethodName: "GetEntryAndProof",
			Handler:    _TrillianLog_GetEntryAndProof_Handler,
		},
		{
			MethodName: "InitLog",
			Handler:    _TrillianLog_InitLog_Handler,
		},
		{
			MethodName: "AddSequencedLeaves",
			Handler:    _TrillianLog_AddSequencedLeaves_Handler,
		},
		{
			MethodName: "GetLeavesByRange",
			Handler:    _TrillianLog_GetLeavesByRange_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "trillian_log_api.proto",
}

TrillianLog_ServiceDesc is the grpc.ServiceDesc for TrillianLog service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterTrillianAdminServer

func RegisterTrillianAdminServer(s grpc.ServiceRegistrar, srv TrillianAdminServer)

func RegisterTrillianLogServer

func RegisterTrillianLogServer(s grpc.ServiceRegistrar, srv TrillianLogServer)

Types

type AddSequencedLeavesRequest added in v1.0.7

type AddSequencedLeavesRequest struct {
	LogId    int64      `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
	Leaves   []*LogLeaf `protobuf:"bytes,2,rep,name=leaves,proto3" json:"leaves,omitempty"`
	ChargeTo *ChargeTo  `protobuf:"bytes,4,opt,name=charge_to,json=chargeTo,proto3" json:"charge_to,omitempty"`
	// contains filtered or unexported fields
}

func (*AddSequencedLeavesRequest) Descriptor deprecated added in v1.0.7

This method has been deprecated.
func (*AddSequencedLeavesRequest) Descriptor() ([]byte, []int)

Deprecated: Use AddSequencedLeavesRequest.ProtoReflect.Descriptor instead.

func (*AddSequencedLeavesRequest) GetChargeTo added in v1.2.0

func (x *AddSequencedLeavesRequest) GetChargeTo() *ChargeTo

func (*AddSequencedLeavesRequest) GetLeaves added in v1.0.7

func (x *AddSequencedLeavesRequest) GetLeaves() []*LogLeaf

func (*AddSequencedLeavesRequest) GetLogId added in v1.0.7

func (x *AddSequencedLeavesRequest) GetLogId() int64

func (*AddSequencedLeavesRequest) ProtoMessage added in v1.0.7

func (*AddSequencedLeavesRequest) ProtoMessage()

func (*AddSequencedLeavesRequest) ProtoReflect added in v1.3.9

func (*AddSequencedLeavesRequest) Reset added in v1.0.7

func (x *AddSequencedLeavesRequest) Reset()

func (*AddSequencedLeavesRequest) String added in v1.0.7

func (x *AddSequencedLeavesRequest) String() string

type AddSequencedLeavesResponse added in v1.0.7

type AddSequencedLeavesResponse struct {

	// Same number and order as in the corresponding request.
	Results []*QueuedLogLeaf `protobuf:"bytes,2,rep,name=results,proto3" json:"results,omitempty"`
	// contains filtered or unexported fields
}

func (*AddSequencedLeavesResponse) Descriptor deprecated added in v1.0.7

This method has been deprecated.
func (*AddSequencedLeavesResponse) Descriptor() ([]byte, []int)

Deprecated: Use AddSequencedLeavesResponse.ProtoReflect.Descriptor instead.

func (*AddSequencedLeavesResponse) GetResults added in v1.0.7

func (x *AddSequencedLeavesResponse) GetResults() []*QueuedLogLeaf

func (*AddSequencedLeavesResponse) ProtoMessage added in v1.0.7

func (*AddSequencedLeavesResponse) ProtoMessage()

func (*AddSequencedLeavesResponse) ProtoReflect added in v1.3.9

func (*AddSequencedLeavesResponse) Reset added in v1.0.7

func (x *AddSequencedLeavesResponse) Reset()

func (*AddSequencedLeavesResponse) String added in v1.0.7

func (x *AddSequencedLeavesResponse) String() string

type ChargeTo added in v1.2.0

type ChargeTo struct {

	// user is a list of personality-defined strings.
	// Trillian will treat them as /User/%{user}/... keys when checking and
	// charging quota.
	// If one or more of the specified users has insufficient quota, the
	// request will be denied.
	//
	// As an example, a Certificate Transparency frontend might set the following
	// user strings when sending a QueueLeaf request to the Trillian log:
	//   - The requesting IP address.
	//     This would limit the number of requests per IP.
	//   - The "intermediate-<hash>" for each of the intermediate certificates in
	//     the submitted chain.
	//     This would have the effect of limiting the rate of submissions under
	//     a given intermediate/root.
	User []string `protobuf:"bytes,1,rep,name=user,proto3" json:"user,omitempty"`
	// contains filtered or unexported fields
}

ChargeTo describes the user(s) associated with the request whose quota should be checked and charged.

func (*ChargeTo) Descriptor deprecated added in v1.2.0

This method has been deprecated.
func (*ChargeTo) Descriptor() ([]byte, []int)

Deprecated: Use ChargeTo.ProtoReflect.Descriptor instead.

func (*ChargeTo) GetUser added in v1.2.0

func (x *ChargeTo) GetUser() []string

func (*ChargeTo) ProtoMessage added in v1.2.0

func (*ChargeTo) ProtoMessage()

func (*ChargeTo) ProtoReflect added in v1.3.9

func (x *ChargeTo) ProtoReflect() protoreflect.Message

func (*ChargeTo) Reset added in v1.2.0

func (x *ChargeTo) Reset()

func (*ChargeTo) String added in v1.2.0

func (x *ChargeTo) String() string

type CreateTreeRequest

type CreateTreeRequest struct {

	// Tree to be created. See Tree and CreateTree for more details.
	Tree *Tree `protobuf:"bytes,1,opt,name=tree,proto3" json:"tree,omitempty"`
	// contains filtered or unexported fields
}

CreateTree request.

func (*CreateTreeRequest) Descriptor deprecated

This method has been deprecated.
func (*CreateTreeRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateTreeRequest.ProtoReflect.Descriptor instead.

func (*CreateTreeRequest) GetTree

func (x *CreateTreeRequest) GetTree() *Tree

func (*CreateTreeRequest) ProtoMessage

func (*CreateTreeRequest) ProtoMessage()

func (*CreateTreeRequest) ProtoReflect added in v1.3.9

func (x *CreateTreeRequest) ProtoReflect() protoreflect.Message

func (*CreateTreeRequest) Reset

func (x *CreateTreeRequest) Reset()

func (*CreateTreeRequest) String

func (x *CreateTreeRequest) String() string

type DeleteTreeRequest

type DeleteTreeRequest struct {

	// ID of the tree to delete.
	TreeId int64 `protobuf:"varint,1,opt,name=tree_id,json=treeId,proto3" json:"tree_id,omitempty"`
	// contains filtered or unexported fields
}

DeleteTree request.

func (*DeleteTreeRequest) Descriptor deprecated

This method has been deprecated.
func (*DeleteTreeRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteTreeRequest.ProtoReflect.Descriptor instead.

func (*DeleteTreeRequest) GetTreeId

func (x *DeleteTreeRequest) GetTreeId() int64

func (*DeleteTreeRequest) ProtoMessage

func (*DeleteTreeRequest) ProtoMessage()

func (*DeleteTreeRequest) ProtoReflect added in v1.3.9

func (x *DeleteTreeRequest) ProtoReflect() protoreflect.Message

func (*DeleteTreeRequest) Reset

func (x *DeleteTreeRequest) Reset()

func (*DeleteTreeRequest) String

func (x *DeleteTreeRequest) String() string

type GetConsistencyProofRequest

type GetConsistencyProofRequest struct {
	LogId          int64     `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
	FirstTreeSize  int64     `protobuf:"varint,2,opt,name=first_tree_size,json=firstTreeSize,proto3" json:"first_tree_size,omitempty"`
	SecondTreeSize int64     `protobuf:"varint,3,opt,name=second_tree_size,json=secondTreeSize,proto3" json:"second_tree_size,omitempty"`
	ChargeTo       *ChargeTo `protobuf:"bytes,4,opt,name=charge_to,json=chargeTo,proto3" json:"charge_to,omitempty"`
	// contains filtered or unexported fields
}

func (*GetConsistencyProofRequest) Descriptor deprecated

This method has been deprecated.
func (*GetConsistencyProofRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetConsistencyProofRequest.ProtoReflect.Descriptor instead.

func (*GetConsistencyProofRequest) GetChargeTo added in v1.2.0

func (x *GetConsistencyProofRequest) GetChargeTo() *ChargeTo

func (*GetConsistencyProofRequest) GetFirstTreeSize

func (x *GetConsistencyProofRequest) GetFirstTreeSize() int64

func (*GetConsistencyProofRequest) GetLogId

func (x *GetConsistencyProofRequest) GetLogId() int64

func (*GetConsistencyProofRequest) GetSecondTreeSize

func (x *GetConsistencyProofRequest) GetSecondTreeSize() int64

func (*GetConsistencyProofRequest) ProtoMessage

func (*GetConsistencyProofRequest) ProtoMessage()

func (*GetConsistencyProofRequest) ProtoReflect added in v1.3.9

func (*GetConsistencyProofRequest) Reset

func (x *GetConsistencyProofRequest) Reset()

func (*GetConsistencyProofRequest) String

func (x *GetConsistencyProofRequest) String() string

type GetConsistencyProofResponse

type GetConsistencyProofResponse struct {

	// The proof field may be empty if the requested tree_size was larger
	// than that available at the server (e.g. because there is skew between
	// server instances, and an earlier client request was processed by a
	// more up-to-date instance).  In this case, the signed_log_root
	// field will indicate the tree size that the server is aware of, and
	// the proof field will be empty.
	Proof         *Proof         `protobuf:"bytes,2,opt,name=proof,proto3" json:"proof,omitempty"`
	SignedLogRoot *SignedLogRoot `protobuf:"bytes,3,opt,name=signed_log_root,json=signedLogRoot,proto3" json:"signed_log_root,omitempty"`
	// contains filtered or unexported fields
}

func (*GetConsistencyProofResponse) Descriptor deprecated

This method has been deprecated.
func (*GetConsistencyProofResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetConsistencyProofResponse.ProtoReflect.Descriptor instead.

func (*GetConsistencyProofResponse) GetProof

func (x *GetConsistencyProofResponse) GetProof() *Proof

func (*GetConsistencyProofResponse) GetSignedLogRoot added in v1.1.0

func (x *GetConsistencyProofResponse) GetSignedLogRoot() *SignedLogRoot

func (*GetConsistencyProofResponse) ProtoMessage

func (*GetConsistencyProofResponse) ProtoMessage()

func (*GetConsistencyProofResponse) ProtoReflect added in v1.3.9

func (*GetConsistencyProofResponse) Reset

func (x *GetConsistencyProofResponse) Reset()

func (*GetConsistencyProofResponse) String

func (x *GetConsistencyProofResponse) String() string

type GetEntryAndProofRequest

type GetEntryAndProofRequest struct {
	LogId     int64     `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
	LeafIndex int64     `protobuf:"varint,2,opt,name=leaf_index,json=leafIndex,proto3" json:"leaf_index,omitempty"`
	TreeSize  int64     `protobuf:"varint,3,opt,name=tree_size,json=treeSize,proto3" json:"tree_size,omitempty"`
	ChargeTo  *ChargeTo `protobuf:"bytes,4,opt,name=charge_to,json=chargeTo,proto3" json:"charge_to,omitempty"`
	// contains filtered or unexported fields
}

func (*GetEntryAndProofRequest) Descriptor deprecated

This method has been deprecated.
func (*GetEntryAndProofRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetEntryAndProofRequest.ProtoReflect.Descriptor instead.

func (*GetEntryAndProofRequest) GetChargeTo added in v1.2.0

func (x *GetEntryAndProofRequest) GetChargeTo() *ChargeTo

func (*GetEntryAndProofRequest) GetLeafIndex

func (x *GetEntryAndProofRequest) GetLeafIndex() int64

func (*GetEntryAndProofRequest) GetLogId

func (x *GetEntryAndProofRequest) GetLogId() int64

func (*GetEntryAndProofRequest) GetTreeSize

func (x *GetEntryAndProofRequest) GetTreeSize() int64

func (*GetEntryAndProofRequest) ProtoMessage

func (*GetEntryAndProofRequest) ProtoMessage()

func (*GetEntryAndProofRequest) ProtoReflect added in v1.3.9

func (x *GetEntryAndProofRequest) ProtoReflect() protoreflect.Message

func (*GetEntryAndProofRequest) Reset

func (x *GetEntryAndProofRequest) Reset()

func (*GetEntryAndProofRequest) String

func (x *GetEntryAndProofRequest) String() string

type GetEntryAndProofResponse

type GetEntryAndProofResponse struct {
	Proof         *Proof         `protobuf:"bytes,2,opt,name=proof,proto3" json:"proof,omitempty"`
	Leaf          *LogLeaf       `protobuf:"bytes,3,opt,name=leaf,proto3" json:"leaf,omitempty"`
	SignedLogRoot *SignedLogRoot `protobuf:"bytes,4,opt,name=signed_log_root,json=signedLogRoot,proto3" json:"signed_log_root,omitempty"`
	// contains filtered or unexported fields
}

func (*GetEntryAndProofResponse) Descriptor deprecated

This method has been deprecated.
func (*GetEntryAndProofResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetEntryAndProofResponse.ProtoReflect.Descriptor instead.

func (*GetEntryAndProofResponse) GetLeaf

func (x *GetEntryAndProofResponse) GetLeaf() *LogLeaf

func (*GetEntryAndProofResponse) GetProof

func (x *GetEntryAndProofResponse) GetProof() *Proof

func (*GetEntryAndProofResponse) GetSignedLogRoot added in v1.1.0

func (x *GetEntryAndProofResponse) GetSignedLogRoot() *SignedLogRoot

func (*GetEntryAndProofResponse) ProtoMessage

func (*GetEntryAndProofResponse) ProtoMessage()

func (*GetEntryAndProofResponse) ProtoReflect added in v1.3.9

func (x *GetEntryAndProofResponse) ProtoReflect() protoreflect.Message

func (*GetEntryAndProofResponse) Reset

func (x *GetEntryAndProofResponse) Reset()

func (*GetEntryAndProofResponse) String

func (x *GetEntryAndProofResponse) String() string

type GetInclusionProofByHashRequest

type GetInclusionProofByHashRequest struct {
	LogId int64 `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
	// The leaf hash field provides the Merkle tree hash of the leaf entry
	// to be retrieved.
	LeafHash        []byte    `protobuf:"bytes,2,opt,name=leaf_hash,json=leafHash,proto3" json:"leaf_hash,omitempty"`
	TreeSize        int64     `protobuf:"varint,3,opt,name=tree_size,json=treeSize,proto3" json:"tree_size,omitempty"`
	OrderBySequence bool      `protobuf:"varint,4,opt,name=order_by_sequence,json=orderBySequence,proto3" json:"order_by_sequence,omitempty"`
	ChargeTo        *ChargeTo `protobuf:"bytes,5,opt,name=charge_to,json=chargeTo,proto3" json:"charge_to,omitempty"`
	// contains filtered or unexported fields
}

func (*GetInclusionProofByHashRequest) Descriptor deprecated

This method has been deprecated.
func (*GetInclusionProofByHashRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetInclusionProofByHashRequest.ProtoReflect.Descriptor instead.

func (*GetInclusionProofByHashRequest) GetChargeTo added in v1.2.0

func (x *GetInclusionProofByHashRequest) GetChargeTo() *ChargeTo

func (*GetInclusionProofByHashRequest) GetLeafHash

func (x *GetInclusionProofByHashRequest) GetLeafHash() []byte

func (*GetInclusionProofByHashRequest) GetLogId

func (x *GetInclusionProofByHashRequest) GetLogId() int64

func (*GetInclusionProofByHashRequest) GetOrderBySequence

func (x *GetInclusionProofByHashRequest) GetOrderBySequence() bool

func (*GetInclusionProofByHashRequest) GetTreeSize

func (x *GetInclusionProofByHashRequest) GetTreeSize() int64

func (*GetInclusionProofByHashRequest) ProtoMessage

func (*GetInclusionProofByHashRequest) ProtoMessage()

func (*GetInclusionProofByHashRequest) ProtoReflect added in v1.3.9

func (*GetInclusionProofByHashRequest) Reset

func (x *GetInclusionProofByHashRequest) Reset()

func (*GetInclusionProofByHashRequest) String

type GetInclusionProofByHashResponse

type GetInclusionProofByHashResponse struct {

	// Logs can potentially contain leaves with duplicate hashes so it's possible
	// for this to return multiple proofs.  If the leaf index for a particular
	// instance of the requested Merkle leaf hash is beyond the requested tree
	// size, the corresponding proof entry will be missing.
	Proof         []*Proof       `protobuf:"bytes,2,rep,name=proof,proto3" json:"proof,omitempty"`
	SignedLogRoot *SignedLogRoot `protobuf:"bytes,3,opt,name=signed_log_root,json=signedLogRoot,proto3" json:"signed_log_root,omitempty"`
	// contains filtered or unexported fields
}

func (*GetInclusionProofByHashResponse) Descriptor deprecated

This method has been deprecated.
func (*GetInclusionProofByHashResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetInclusionProofByHashResponse.ProtoReflect.Descriptor instead.

func (*GetInclusionProofByHashResponse) GetProof

func (x *GetInclusionProofByHashResponse) GetProof() []*Proof

func (*GetInclusionProofByHashResponse) GetSignedLogRoot added in v1.1.0

func (x *GetInclusionProofByHashResponse) GetSignedLogRoot() *SignedLogRoot

func (*GetInclusionProofByHashResponse) ProtoMessage

func (*GetInclusionProofByHashResponse) ProtoMessage()

func (*GetInclusionProofByHashResponse) ProtoReflect added in v1.3.9

func (*GetInclusionProofByHashResponse) Reset

func (*GetInclusionProofByHashResponse) String

type GetInclusionProofRequest

type GetInclusionProofRequest struct {
	LogId     int64     `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
	LeafIndex int64     `protobuf:"varint,2,opt,name=leaf_index,json=leafIndex,proto3" json:"leaf_index,omitempty"`
	TreeSize  int64     `protobuf:"varint,3,opt,name=tree_size,json=treeSize,proto3" json:"tree_size,omitempty"`
	ChargeTo  *ChargeTo `protobuf:"bytes,4,opt,name=charge_to,json=chargeTo,proto3" json:"charge_to,omitempty"`
	// contains filtered or unexported fields
}

func (*GetInclusionProofRequest) Descriptor deprecated

This method has been deprecated.
func (*GetInclusionProofRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetInclusionProofRequest.ProtoReflect.Descriptor instead.

func (*GetInclusionProofRequest) GetChargeTo added in v1.2.0

func (x *GetInclusionProofRequest) GetChargeTo() *ChargeTo

func (*GetInclusionProofRequest) GetLeafIndex

func (x *GetInclusionProofRequest) GetLeafIndex() int64

func (*GetInclusionProofRequest) GetLogId

func (x *GetInclusionProofRequest) GetLogId() int64

func (*GetInclusionProofRequest) GetTreeSize

func (x *GetInclusionProofRequest) GetTreeSize() int64

func (*GetInclusionProofRequest) ProtoMessage

func (*GetInclusionProofRequest) ProtoMessage()

func (*GetInclusionProofRequest) ProtoReflect added in v1.3.9

func (x *GetInclusionProofRequest) ProtoReflect() protoreflect.Message

func (*GetInclusionProofRequest) Reset

func (x *GetInclusionProofRequest) Reset()

func (*GetInclusionProofRequest) String

func (x *GetInclusionProofRequest) String() string

type GetInclusionProofResponse

type GetInclusionProofResponse struct {

	// The proof field may be empty if the requested tree_size was larger
	// than that available at the server (e.g. because there is skew between
	// server instances, and an earlier client request was processed by a
	// more up-to-date instance).  In this case, the signed_log_root
	// field will indicate the tree size that the server is aware of, and
	// the proof field will be empty.
	Proof         *Proof         `protobuf:"bytes,2,opt,name=proof,proto3" json:"proof,omitempty"`
	SignedLogRoot *SignedLogRoot `protobuf:"bytes,3,opt,name=signed_log_root,json=signedLogRoot,proto3" json:"signed_log_root,omitempty"`
	// contains filtered or unexported fields
}

func (*GetInclusionProofResponse) Descriptor deprecated

This method has been deprecated.
func (*GetInclusionProofResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetInclusionProofResponse.ProtoReflect.Descriptor instead.

func (*GetInclusionProofResponse) GetProof

func (x *GetInclusionProofResponse) GetProof() *Proof

func (*GetInclusionProofResponse) GetSignedLogRoot added in v1.1.0

func (x *GetInclusionProofResponse) GetSignedLogRoot() *SignedLogRoot

func (*GetInclusionProofResponse) ProtoMessage

func (*GetInclusionProofResponse) ProtoMessage()

func (*GetInclusionProofResponse) ProtoReflect added in v1.3.9

func (*GetInclusionProofResponse) Reset

func (x *GetInclusionProofResponse) Reset()

func (*GetInclusionProofResponse) String

func (x *GetInclusionProofResponse) String() string

type GetLatestSignedLogRootRequest

type GetLatestSignedLogRootRequest struct {
	LogId    int64     `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
	ChargeTo *ChargeTo `protobuf:"bytes,2,opt,name=charge_to,json=chargeTo,proto3" json:"charge_to,omitempty"`
	// If first_tree_size is non-zero, the response will include a consistency
	// proof between first_tree_size and the new tree size (if not smaller).
	FirstTreeSize int64 `protobuf:"varint,3,opt,name=first_tree_size,json=firstTreeSize,proto3" json:"first_tree_size,omitempty"`
	// contains filtered or unexported fields
}

func (*GetLatestSignedLogRootRequest) Descriptor deprecated

This method has been deprecated.
func (*GetLatestSignedLogRootRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetLatestSignedLogRootRequest.ProtoReflect.Descriptor instead.

func (*GetLatestSignedLogRootRequest) GetChargeTo added in v1.2.0

func (x *GetLatestSignedLogRootRequest) GetChargeTo() *ChargeTo

func (*GetLatestSignedLogRootRequest) GetFirstTreeSize added in v1.3.0

func (x *GetLatestSignedLogRootRequest) GetFirstTreeSize() int64

func (*GetLatestSignedLogRootRequest) GetLogId

func (x *GetLatestSignedLogRootRequest) GetLogId() int64

func (*GetLatestSignedLogRootRequest) ProtoMessage

func (*GetLatestSignedLogRootRequest) ProtoMessage()

func (*GetLatestSignedLogRootRequest) ProtoReflect added in v1.3.9

func (*GetLatestSignedLogRootRequest) Reset

func (x *GetLatestSignedLogRootRequest) Reset()

func (*GetLatestSignedLogRootRequest) String

type GetLatestSignedLogRootResponse

type GetLatestSignedLogRootResponse struct {
	SignedLogRoot *SignedLogRoot `protobuf:"bytes,2,opt,name=signed_log_root,json=signedLogRoot,proto3" json:"signed_log_root,omitempty"`
	// proof is filled in with a consistency proof if first_tree_size in
	// GetLatestSignedLogRootRequest is non-zero (and within the tree size
	// available at the server).
	Proof *Proof `protobuf:"bytes,3,opt,name=proof,proto3" json:"proof,omitempty"`
	// contains filtered or unexported fields
}

func (*GetLatestSignedLogRootResponse) Descriptor deprecated

This method has been deprecated.
func (*GetLatestSignedLogRootResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetLatestSignedLogRootResponse.ProtoReflect.Descriptor instead.

func (*GetLatestSignedLogRootResponse) GetProof added in v1.3.0

func (x *GetLatestSignedLogRootResponse) GetProof() *Proof

func (*GetLatestSignedLogRootResponse) GetSignedLogRoot

func (x *GetLatestSignedLogRootResponse) GetSignedLogRoot() *SignedLogRoot

func (*GetLatestSignedLogRootResponse) ProtoMessage

func (*GetLatestSignedLogRootResponse) ProtoMessage()

func (*GetLatestSignedLogRootResponse) ProtoReflect added in v1.3.9

func (*GetLatestSignedLogRootResponse) Reset

func (x *GetLatestSignedLogRootResponse) Reset()

func (*GetLatestSignedLogRootResponse) String

type GetLeavesByRangeRequest added in v1.0.6

type GetLeavesByRangeRequest struct {
	LogId      int64     `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
	StartIndex int64     `protobuf:"varint,2,opt,name=start_index,json=startIndex,proto3" json:"start_index,omitempty"`
	Count      int64     `protobuf:"varint,3,opt,name=count,proto3" json:"count,omitempty"`
	ChargeTo   *ChargeTo `protobuf:"bytes,4,opt,name=charge_to,json=chargeTo,proto3" json:"charge_to,omitempty"`
	// contains filtered or unexported fields
}

func (*GetLeavesByRangeRequest) Descriptor deprecated added in v1.0.6

This method has been deprecated.
func (*GetLeavesByRangeRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetLeavesByRangeRequest.ProtoReflect.Descriptor instead.

func (*GetLeavesByRangeRequest) GetChargeTo added in v1.2.0

func (x *GetLeavesByRangeRequest) GetChargeTo() *ChargeTo

func (*GetLeavesByRangeRequest) GetCount added in v1.0.6

func (x *GetLeavesByRangeRequest) GetCount() int64

func (*GetLeavesByRangeRequest) GetLogId added in v1.0.6

func (x *GetLeavesByRangeRequest) GetLogId() int64

func (*GetLeavesByRangeRequest) GetStartIndex added in v1.0.6

func (x *GetLeavesByRangeRequest) GetStartIndex() int64

func (*GetLeavesByRangeRequest) ProtoMessage added in v1.0.6

func (*GetLeavesByRangeRequest) ProtoMessage()

func (*GetLeavesByRangeRequest) ProtoReflect added in v1.3.9

func (x *GetLeavesByRangeRequest) ProtoReflect() protoreflect.Message

func (*GetLeavesByRangeRequest) Reset added in v1.0.6

func (x *GetLeavesByRangeRequest) Reset()

func (*GetLeavesByRangeRequest) String added in v1.0.6

func (x *GetLeavesByRangeRequest) String() string

type GetLeavesByRangeResponse added in v1.0.6

type GetLeavesByRangeResponse struct {

	// Returned log leaves starting from the `start_index` of the request, in
	// order. There may be fewer than `request.count` leaves returned, if the
	// requested range extended beyond the size of the tree or if the server opted
	// to return fewer leaves than requested.
	Leaves        []*LogLeaf     `protobuf:"bytes,1,rep,name=leaves,proto3" json:"leaves,omitempty"`
	SignedLogRoot *SignedLogRoot `protobuf:"bytes,2,opt,name=signed_log_root,json=signedLogRoot,proto3" json:"signed_log_root,omitempty"`
	// contains filtered or unexported fields
}

func (*GetLeavesByRangeResponse) Descriptor deprecated added in v1.0.6

This method has been deprecated.
func (*GetLeavesByRangeResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetLeavesByRangeResponse.ProtoReflect.Descriptor instead.

func (*GetLeavesByRangeResponse) GetLeaves added in v1.0.6

func (x *GetLeavesByRangeResponse) GetLeaves() []*LogLeaf

func (*GetLeavesByRangeResponse) GetSignedLogRoot added in v1.1.0

func (x *GetLeavesByRangeResponse) GetSignedLogRoot() *SignedLogRoot

func (*GetLeavesByRangeResponse) ProtoMessage added in v1.0.6

func (*GetLeavesByRangeResponse) ProtoMessage()

func (*GetLeavesByRangeResponse) ProtoReflect added in v1.3.9

func (x *GetLeavesByRangeResponse) ProtoReflect() protoreflect.Message

func (*GetLeavesByRangeResponse) Reset added in v1.0.6

func (x *GetLeavesByRangeResponse) Reset()

func (*GetLeavesByRangeResponse) String added in v1.0.6

func (x *GetLeavesByRangeResponse) String() string

type GetTreeRequest

type GetTreeRequest struct {

	// ID of the tree to retrieve.
	TreeId int64 `protobuf:"varint,1,opt,name=tree_id,json=treeId,proto3" json:"tree_id,omitempty"`
	// contains filtered or unexported fields
}

GetTree request.

func (*GetTreeRequest) Descriptor deprecated

This method has been deprecated.
func (*GetTreeRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetTreeRequest.ProtoReflect.Descriptor instead.

func (*GetTreeRequest) GetTreeId

func (x *GetTreeRequest) GetTreeId() int64

func (*GetTreeRequest) ProtoMessage

func (*GetTreeRequest) ProtoMessage()

func (*GetTreeRequest) ProtoReflect added in v1.3.9

func (x *GetTreeRequest) ProtoReflect() protoreflect.Message

func (*GetTreeRequest) Reset

func (x *GetTreeRequest) Reset()

func (*GetTreeRequest) String

func (x *GetTreeRequest) String() string

type HashStrategy

type HashStrategy int32

Defines the way empty / node / leaf hashes are constructed incorporating preimage protection, which can be application specific.

const (
	// Hash strategy cannot be determined. Included to enable detection of
	// mismatched proto versions being used. Represents an invalid value.
	HashStrategy_UNKNOWN_HASH_STRATEGY HashStrategy = 0
	// Certificate Transparency strategy: leaf hash prefix = 0x00, node prefix =
	// 0x01, empty hash is digest([]byte{}), as defined in the specification.
	HashStrategy_RFC6962_SHA256 HashStrategy = 1
	// Sparse Merkle Tree strategy:  leaf hash prefix = 0x00, node prefix = 0x01,
	// empty branch is recursively computed from empty leaf nodes.
	// NOT secure in a multi tree environment. For testing only.
	HashStrategy_TEST_MAP_HASHER HashStrategy = 2
	// Append-only log strategy where leaf nodes are defined as the ObjectHash.
	// All other properties are equal to RFC6962_SHA256.
	HashStrategy_OBJECT_RFC6962_SHA256 HashStrategy = 3
	// The CONIKS sparse tree hasher with SHA512_256 as the hash algorithm.
	HashStrategy_CONIKS_SHA512_256 HashStrategy = 4
	// The CONIKS sparse tree hasher with SHA256 as the hash algorithm.
	HashStrategy_CONIKS_SHA256 HashStrategy = 5
)

func (HashStrategy) Descriptor added in v1.3.9

func (HashStrategy) Enum added in v1.3.9

func (x HashStrategy) Enum() *HashStrategy

func (HashStrategy) EnumDescriptor deprecated

This method has been deprecated.
func (HashStrategy) EnumDescriptor() ([]byte, []int)

Deprecated: Use HashStrategy.Descriptor instead.

func (HashStrategy) Number added in v1.3.9

func (HashStrategy) String

func (x HashStrategy) String() string

func (HashStrategy) Type added in v1.3.9

type InitLogRequest added in v1.0.7

type InitLogRequest struct {
	LogId    int64     `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
	ChargeTo *ChargeTo `protobuf:"bytes,2,opt,name=charge_to,json=chargeTo,proto3" json:"charge_to,omitempty"`
	// contains filtered or unexported fields
}

func (*InitLogRequest) Descriptor deprecated added in v1.0.7

This method has been deprecated.
func (*InitLogRequest) Descriptor() ([]byte, []int)

Deprecated: Use InitLogRequest.ProtoReflect.Descriptor instead.

func (*InitLogRequest) GetChargeTo added in v1.2.0

func (x *InitLogRequest) GetChargeTo() *ChargeTo

func (*InitLogRequest) GetLogId added in v1.0.7

func (x *InitLogRequest) GetLogId() int64

func (*InitLogRequest) ProtoMessage added in v1.0.7

func (*InitLogRequest) ProtoMessage()

func (*InitLogRequest) ProtoReflect added in v1.3.9

func (x *InitLogRequest) ProtoReflect() protoreflect.Message

func (*InitLogRequest) Reset added in v1.0.7

func (x *InitLogRequest) Reset()

func (*InitLogRequest) String added in v1.0.7

func (x *InitLogRequest) String() string

type InitLogResponse added in v1.0.7

type InitLogResponse struct {
	Created *SignedLogRoot `protobuf:"bytes,1,opt,name=created,proto3" json:"created,omitempty"`
	// contains filtered or unexported fields
}

func (*InitLogResponse) Descriptor deprecated added in v1.0.7

This method has been deprecated.
func (*InitLogResponse) Descriptor() ([]byte, []int)

Deprecated: Use InitLogResponse.ProtoReflect.Descriptor instead.

func (*InitLogResponse) GetCreated added in v1.0.7

func (x *InitLogResponse) GetCreated() *SignedLogRoot

func (*InitLogResponse) ProtoMessage added in v1.0.7

func (*InitLogResponse) ProtoMessage()

func (*InitLogResponse) ProtoReflect added in v1.3.9

func (x *InitLogResponse) ProtoReflect() protoreflect.Message

func (*InitLogResponse) Reset added in v1.0.7

func (x *InitLogResponse) Reset()

func (*InitLogResponse) String added in v1.0.7

func (x *InitLogResponse) String() string

type ListTreesRequest

type ListTreesRequest struct {

	// If true, deleted trees are included in the response.
	ShowDeleted bool `protobuf:"varint,1,opt,name=show_deleted,json=showDeleted,proto3" json:"show_deleted,omitempty"`
	// contains filtered or unexported fields
}

ListTrees request. No filters or pagination options are provided.

func (*ListTreesRequest) Descriptor deprecated

This method has been deprecated.
func (*ListTreesRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListTreesRequest.ProtoReflect.Descriptor instead.

func (*ListTreesRequest) GetShowDeleted added in v1.0.2

func (x *ListTreesRequest) GetShowDeleted() bool

func (*ListTreesRequest) ProtoMessage

func (*ListTreesRequest) ProtoMessage()

func (*ListTreesRequest) ProtoReflect added in v1.3.9

func (x *ListTreesRequest) ProtoReflect() protoreflect.Message

func (*ListTreesRequest) Reset

func (x *ListTreesRequest) Reset()

func (*ListTreesRequest) String

func (x *ListTreesRequest) String() string

type ListTreesResponse

type ListTreesResponse struct {

	// Trees matching the list request filters.
	Tree []*Tree `protobuf:"bytes,1,rep,name=tree,proto3" json:"tree,omitempty"`
	// contains filtered or unexported fields
}

ListTrees response. No pagination is provided, all trees the requester has access to are returned.

func (*ListTreesResponse) Descriptor deprecated

This method has been deprecated.
func (*ListTreesResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListTreesResponse.ProtoReflect.Descriptor instead.

func (*ListTreesResponse) GetTree

func (x *ListTreesResponse) GetTree() []*Tree

func (*ListTreesResponse) ProtoMessage

func (*ListTreesResponse) ProtoMessage()

func (*ListTreesResponse) ProtoReflect added in v1.3.9

func (x *ListTreesResponse) ProtoReflect() protoreflect.Message

func (*ListTreesResponse) Reset

func (x *ListTreesResponse) Reset()

func (*ListTreesResponse) String

func (x *ListTreesResponse) String() string

type LogLeaf

type LogLeaf struct {

	// merkle_leaf_hash holds the Merkle leaf hash over leaf_value.  This is
	// calculated by the Trillian server when leaves are added to the tree, using
	// the defined hashing algorithm and strategy for the tree; as such, the client
	// does not need to set it on leaf submissions.
	MerkleLeafHash []byte `protobuf:"bytes,1,opt,name=merkle_leaf_hash,json=merkleLeafHash,proto3" json:"merkle_leaf_hash,omitempty"`
	// leaf_value holds the data that forms the value of the Merkle tree leaf.
	// The client should set this field on all leaf submissions, and is
	// responsible for ensuring its validity (the Trillian server treats it as an
	// opaque blob).
	LeafValue []byte `protobuf:"bytes,2,opt,name=leaf_value,json=leafValue,proto3" json:"leaf_value,omitempty"`
	// extra_data holds additional data associated with the Merkle tree leaf.
	// The client may set this data on leaf submissions, and the Trillian server
	// will return it on subsequent read operations. However, the contents of
	// this field are not covered by and do not affect the Merkle tree hash
	// calculations.
	ExtraData []byte `protobuf:"bytes,3,opt,name=extra_data,json=extraData,proto3" json:"extra_data,omitempty"`
	// leaf_index indicates the index of this leaf in the Merkle tree.
	// This field is returned on all read operations, but should only be
	// set for leaf submissions in PREORDERED_LOG mode (for a normal log
	// the leaf index is assigned by Trillian when the submitted leaf is
	// integrated into the Merkle tree).
	LeafIndex int64 `protobuf:"varint,4,opt,name=leaf_index,json=leafIndex,proto3" json:"leaf_index,omitempty"`
	// leaf_identity_hash provides a hash value that indicates the client's
	// concept of which leaf entries should be considered identical.
	//
	// This mechanism allows the client personality to indicate that two leaves
	// should be considered "duplicates" even though their `leaf_value`s differ.
	//
	// If this is not set on leaf submissions, the Trillian server will take its
	// value to be the same as merkle_leaf_hash (and thus only leaves with
	// identical leaf_value contents will be considered identical).
	//
	// For example, in Certificate Transparency each certificate submission is
	// associated with a submission timestamp, but subsequent submissions of the
	// same certificate should be considered identical.  This is achieved
	// by setting the leaf identity hash to a hash over (just) the certificate,
	// whereas the Merkle leaf hash encompasses both the certificate and its
	// submission time -- allowing duplicate certificates to be detected.
	//
	//
	// Continuing the CT example, for a CT mirror personality (which must allow
	// dupes since the source log could contain them), the part of the
	// personality which fetches and submits the entries might set
	// `leaf_identity_hash` to `H(leaf_index||cert)`.
	//
	// TODO(pavelkalinnikov): Consider instead using `H(cert)` and allowing
	// identity hash dupes in `PREORDERED_LOG` mode, for it can later be
	// upgraded to `LOG` which will need to correctly detect duplicates with
	// older entries when new ones get queued.
	LeafIdentityHash []byte `protobuf:"bytes,5,opt,name=leaf_identity_hash,json=leafIdentityHash,proto3" json:"leaf_identity_hash,omitempty"`
	// queue_timestamp holds the time at which this leaf was queued for
	// inclusion in the Log, or zero if the entry was submitted without
	// queuing. Clients should not set this field on submissions.
	QueueTimestamp *timestamp.Timestamp `protobuf:"bytes,6,opt,name=queue_timestamp,json=queueTimestamp,proto3" json:"queue_timestamp,omitempty"`
	// integrate_timestamp holds the time at which this leaf was integrated into
	// the tree.  Clients should not set this field on submissions.
	IntegrateTimestamp *timestamp.Timestamp `protobuf:"bytes,7,opt,name=integrate_timestamp,json=integrateTimestamp,proto3" json:"integrate_timestamp,omitempty"`
	// contains filtered or unexported fields
}

LogLeaf describes a leaf in the Log's Merkle tree, corresponding to a single log entry. Each leaf has a unique leaf index in the scope of this tree. Clients submitting new leaf entries should only set the following fields:

- leaf_value
- extra_data (optionally)
- leaf_identity_hash (optionally)
- leaf_index (iff the log is a PREORDERED_LOG)

func (*LogLeaf) Descriptor deprecated

This method has been deprecated.
func (*LogLeaf) Descriptor() ([]byte, []int)

Deprecated: Use LogLeaf.ProtoReflect.Descriptor instead.

func (*LogLeaf) GetExtraData

func (x *LogLeaf) GetExtraData() []byte

func (*LogLeaf) GetIntegrateTimestamp added in v1.0.5

func (x *LogLeaf) GetIntegrateTimestamp() *timestamp.Timestamp

func (*LogLeaf) GetLeafIdentityHash

func (x *LogLeaf) GetLeafIdentityHash() []byte

func (*LogLeaf) GetLeafIndex

func (x *LogLeaf) GetLeafIndex() int64

func (*LogLeaf) GetLeafValue

func (x *LogLeaf) GetLeafValue() []byte

func (*LogLeaf) GetMerkleLeafHash

func (x *LogLeaf) GetMerkleLeafHash() []byte

func (*LogLeaf) GetQueueTimestamp added in v1.0.5

func (x *LogLeaf) GetQueueTimestamp() *timestamp.Timestamp

func (*LogLeaf) ProtoMessage

func (*LogLeaf) ProtoMessage()

func (*LogLeaf) ProtoReflect added in v1.3.9

func (x *LogLeaf) ProtoReflect() protoreflect.Message

func (*LogLeaf) Reset

func (x *LogLeaf) Reset()

func (*LogLeaf) String

func (x *LogLeaf) String() string

type LogRootFormat added in v1.1.0

type LogRootFormat int32

LogRootFormat specifies the fields that are covered by the SignedLogRoot signature, as well as their ordering and formats.

const (
	LogRootFormat_LOG_ROOT_FORMAT_UNKNOWN LogRootFormat = 0
	LogRootFormat_LOG_ROOT_FORMAT_V1      LogRootFormat = 1
)

func (LogRootFormat) Descriptor added in v1.3.9

func (LogRootFormat) Enum added in v1.3.9

func (x LogRootFormat) Enum() *LogRootFormat

func (LogRootFormat) EnumDescriptor deprecated added in v1.1.0

This method has been deprecated.
func (LogRootFormat) EnumDescriptor() ([]byte, []int)

Deprecated: Use LogRootFormat.Descriptor instead.

func (LogRootFormat) Number added in v1.3.9

func (LogRootFormat) String added in v1.1.0

func (x LogRootFormat) String() string

func (LogRootFormat) Type added in v1.3.9

type Proof

type Proof struct {

	// leaf_index indicates the requested leaf index when this message is used for
	// a leaf inclusion proof.  This field is set to zero when this message is
	// used for a consistency proof.
	LeafIndex int64    `protobuf:"varint,1,opt,name=leaf_index,json=leafIndex,proto3" json:"leaf_index,omitempty"`
	Hashes    [][]byte `protobuf:"bytes,3,rep,name=hashes,proto3" json:"hashes,omitempty"`
	// contains filtered or unexported fields
}

Proof holds a consistency or inclusion proof for a Merkle tree, as returned by the API.

func (*Proof) Descriptor deprecated

This method has been deprecated.
func (*Proof) Descriptor() ([]byte, []int)

Deprecated: Use Proof.ProtoReflect.Descriptor instead.

func (*Proof) GetHashes

func (x *Proof) GetHashes() [][]byte

func (*Proof) GetLeafIndex

func (x *Proof) GetLeafIndex() int64

func (*Proof) ProtoMessage

func (*Proof) ProtoMessage()

func (*Proof) ProtoReflect added in v1.3.9

func (x *Proof) ProtoReflect() protoreflect.Message

func (*Proof) Reset

func (x *Proof) Reset()

func (*Proof) String

func (x *Proof) String() string

type QueueLeafRequest

type QueueLeafRequest struct {
	LogId    int64     `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
	Leaf     *LogLeaf  `protobuf:"bytes,2,opt,name=leaf,proto3" json:"leaf,omitempty"`
	ChargeTo *ChargeTo `protobuf:"bytes,3,opt,name=charge_to,json=chargeTo,proto3" json:"charge_to,omitempty"`
	// contains filtered or unexported fields
}

func (*QueueLeafRequest) Descriptor deprecated

This method has been deprecated.
func (*QueueLeafRequest) Descriptor() ([]byte, []int)

Deprecated: Use QueueLeafRequest.ProtoReflect.Descriptor instead.

func (*QueueLeafRequest) GetChargeTo added in v1.2.0

func (x *QueueLeafRequest) GetChargeTo() *ChargeTo

func (*QueueLeafRequest) GetLeaf

func (x *QueueLeafRequest) GetLeaf() *LogLeaf

func (*QueueLeafRequest) GetLogId

func (x *QueueLeafRequest) GetLogId() int64

func (*QueueLeafRequest) ProtoMessage

func (*QueueLeafRequest) ProtoMessage()

func (*QueueLeafRequest) ProtoReflect added in v1.3.9

func (x *QueueLeafRequest) ProtoReflect() protoreflect.Message

func (*QueueLeafRequest) Reset

func (x *QueueLeafRequest) Reset()

func (*QueueLeafRequest) String

func (x *QueueLeafRequest) String() string

type QueueLeafResponse

type QueueLeafResponse struct {

	// queued_leaf describes the leaf which is or will be incorporated into the
	// Log.  If the submitted leaf was already present in the Log (as indicated by
	// its leaf identity hash), then the returned leaf will be the pre-existing
	// leaf entry rather than the submitted leaf.
	QueuedLeaf *QueuedLogLeaf `protobuf:"bytes,2,opt,name=queued_leaf,json=queuedLeaf,proto3" json:"queued_leaf,omitempty"`
	// contains filtered or unexported fields
}

func (*QueueLeafResponse) Descriptor deprecated

This method has been deprecated.
func (*QueueLeafResponse) Descriptor() ([]byte, []int)

Deprecated: Use QueueLeafResponse.ProtoReflect.Descriptor instead.

func (*QueueLeafResponse) GetQueuedLeaf

func (x *QueueLeafResponse) GetQueuedLeaf() *QueuedLogLeaf

func (*QueueLeafResponse) ProtoMessage

func (*QueueLeafResponse) ProtoMessage()

func (*QueueLeafResponse) ProtoReflect added in v1.3.9

func (x *QueueLeafResponse) ProtoReflect() protoreflect.Message

func (*QueueLeafResponse) Reset

func (x *QueueLeafResponse) Reset()

func (*QueueLeafResponse) String

func (x *QueueLeafResponse) String() string

type QueuedLogLeaf

type QueuedLogLeaf struct {

	// The leaf as it was stored by Trillian. Empty unless `status.code` is:
	//  - `google.rpc.OK`: the `leaf` data is the same as in the request.
	//  - `google.rpc.ALREADY_EXISTS` or 'google.rpc.FAILED_PRECONDITION`: the
	//    `leaf` is the conflicting one already in the log.
	Leaf *LogLeaf `protobuf:"bytes,1,opt,name=leaf,proto3" json:"leaf,omitempty"`
	// The status of adding the leaf.
	//  - `google.rpc.OK`: successfully added.
	//  - `google.rpc.ALREADY_EXISTS`: the leaf is a duplicate of an already
	//    existing one. Either `leaf_identity_hash` is the same in the `LOG`
	//    mode, or `leaf_index` in the `PREORDERED_LOG`.
	//  - `google.rpc.FAILED_PRECONDITION`: A conflicting entry is already
	//    present in the log, e.g., same `leaf_index` but different `leaf_data`.
	Status *status.Status `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"`
	// contains filtered or unexported fields
}

QueuedLogLeaf provides the result of submitting an entry to the log. TODO(pavelkalinnikov): Consider renaming it to AddLogLeafResult or the like.

func (*QueuedLogLeaf) Descriptor deprecated

This method has been deprecated.
func (*QueuedLogLeaf) Descriptor() ([]byte, []int)

Deprecated: Use QueuedLogLeaf.ProtoReflect.Descriptor instead.

func (*QueuedLogLeaf) GetLeaf

func (x *QueuedLogLeaf) GetLeaf() *LogLeaf

func (*QueuedLogLeaf) GetStatus

func (x *QueuedLogLeaf) GetStatus() *status.Status

func (*QueuedLogLeaf) ProtoMessage

func (*QueuedLogLeaf) ProtoMessage()

func (*QueuedLogLeaf) ProtoReflect added in v1.3.9

func (x *QueuedLogLeaf) ProtoReflect() protoreflect.Message

func (*QueuedLogLeaf) Reset

func (x *QueuedLogLeaf) Reset()

func (*QueuedLogLeaf) String

func (x *QueuedLogLeaf) String() string

type SignedLogRoot

type SignedLogRoot struct {

	// log_root holds the TLS-serialization of the following structure (described
	// in RFC5246 notation):
	//
	// enum { v1(1), (65535)} Version;
	// struct {
	//   uint64 tree_size;
	//   opaque root_hash<0..128>;
	//   uint64 timestamp_nanos;
	//   uint64 revision;
	//   opaque metadata<0..65535>;
	// } LogRootV1;
	// struct {
	//   Version version;
	//   select(version) {
	//     case v1: LogRootV1;
	//   }
	// } LogRoot;
	//
	// A serialized v1 log root will therefore be laid out as:
	//
	// +---+---+---+---+---+---+---+---+---+---+---+---+---+---+-....--+
	// | ver=1 |          tree_size            |len|    root_hash      |
	// +---+---+---+---+---+---+---+---+---+---+---+---+---+---+-....--+
	//
	// +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
	// |        timestamp_nanos        |      revision                 |
	// +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
	//
	// +---+---+---+---+---+-....---+
	// |  len  |    metadata        |
	// +---+---+---+---+---+-....---+
	//
	// (with all integers encoded big-endian).
	LogRoot []byte `protobuf:"bytes,8,opt,name=log_root,json=logRoot,proto3" json:"log_root,omitempty"`
	// contains filtered or unexported fields
}

SignedLogRoot represents a commitment by a Log to a particular tree.

func (*SignedLogRoot) Descriptor deprecated

This method has been deprecated.
func (*SignedLogRoot) Descriptor() ([]byte, []int)

Deprecated: Use SignedLogRoot.ProtoReflect.Descriptor instead.

func (*SignedLogRoot) GetLogRoot added in v1.1.0

func (x *SignedLogRoot) GetLogRoot() []byte

func (*SignedLogRoot) ProtoMessage

func (*SignedLogRoot) ProtoMessage()

func (*SignedLogRoot) ProtoReflect added in v1.3.9

func (x *SignedLogRoot) ProtoReflect() protoreflect.Message

func (*SignedLogRoot) Reset

func (x *SignedLogRoot) Reset()

func (*SignedLogRoot) String

func (x *SignedLogRoot) String() string

type Tree

type Tree struct {

	// ID of the tree.
	// Readonly.
	TreeId int64 `protobuf:"varint,1,opt,name=tree_id,json=treeId,proto3" json:"tree_id,omitempty"`
	// State of the tree.
	// Trees are ACTIVE after creation. At any point the tree may transition
	// between ACTIVE, DRAINING and FROZEN states.
	TreeState TreeState `protobuf:"varint,2,opt,name=tree_state,json=treeState,proto3,enum=trillian.TreeState" json:"tree_state,omitempty"`
	// Type of the tree.
	// Readonly after Tree creation. Exception: Can be switched from
	// PREORDERED_LOG to LOG if the Tree is and remains in the FROZEN state.
	TreeType TreeType `protobuf:"varint,3,opt,name=tree_type,json=treeType,proto3,enum=trillian.TreeType" json:"tree_type,omitempty"`
	// Display name of the tree.
	// Optional.
	DisplayName string `protobuf:"bytes,8,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
	// Description of the tree,
	// Optional.
	Description string `protobuf:"bytes,9,opt,name=description,proto3" json:"description,omitempty"`
	// Storage-specific settings.
	// Varies according to the storage implementation backing Trillian.
	StorageSettings *any.Any `protobuf:"bytes,13,opt,name=storage_settings,json=storageSettings,proto3" json:"storage_settings,omitempty"`
	// Interval after which a new signed root is produced even if there have been
	// no submission.  If zero, this behavior is disabled.
	MaxRootDuration *duration.Duration `protobuf:"bytes,15,opt,name=max_root_duration,json=maxRootDuration,proto3" json:"max_root_duration,omitempty"`
	// Time of tree creation.
	// Readonly.
	CreateTime *timestamp.Timestamp `protobuf:"bytes,16,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Time of last tree update.
	// Readonly (automatically assigned on updates).
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,17,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// If true, the tree has been deleted.
	// Deleted trees may be undeleted during a certain time window, after which
	// they're permanently deleted (and unrecoverable).
	// Readonly.
	Deleted bool `protobuf:"varint,19,opt,name=deleted,proto3" json:"deleted,omitempty"`
	// Time of tree deletion, if any.
	// Readonly.
	DeleteTime *timestamp.Timestamp `protobuf:"bytes,20,opt,name=delete_time,json=deleteTime,proto3" json:"delete_time,omitempty"`
	// contains filtered or unexported fields
}

Represents a tree. Readonly attributes are assigned at tree creation, after which they may not be modified.

Note: Many APIs within the rest of the code require these objects to be provided. For safety they should be obtained via Admin API calls and not created dynamically.

func (*Tree) Descriptor deprecated

This method has been deprecated.
func (*Tree) Descriptor() ([]byte, []int)

Deprecated: Use Tree.ProtoReflect.Descriptor instead.

func (*Tree) GetCreateTime

func (x *Tree) GetCreateTime() *timestamp.Timestamp

func (*Tree) GetDeleteTime

func (x *Tree) GetDeleteTime() *timestamp.Timestamp

func (*Tree) GetDeleted

func (x *Tree) GetDeleted() bool

func (*Tree) GetDescription

func (x *Tree) GetDescription() string

func (*Tree) GetDisplayName

func (x *Tree) GetDisplayName() string

func (*Tree) GetMaxRootDuration

func (x *Tree) GetMaxRootDuration() *duration.Duration

func (*Tree) GetStorageSettings

func (x *Tree) GetStorageSettings() *any.Any

func (*Tree) GetTreeId

func (x *Tree) GetTreeId() int64

func (*Tree) GetTreeState

func (x *Tree) GetTreeState() TreeState

func (*Tree) GetTreeType

func (x *Tree) GetTreeType() TreeType

func (*Tree) GetUpdateTime

func (x *Tree) GetUpdateTime() *timestamp.Timestamp

func (*Tree) ProtoMessage

func (*Tree) ProtoMessage()

func (*Tree) ProtoReflect added in v1.3.9

func (x *Tree) ProtoReflect() protoreflect.Message

func (*Tree) Reset

func (x *Tree) Reset()

func (*Tree) String

func (x *Tree) String() string

type TreeState

type TreeState int32

State of the tree.

const (
	// Tree state cannot be determined. Included to enable detection of
	// mismatched proto versions being used. Represents an invalid value.
	TreeState_UNKNOWN_TREE_STATE TreeState = 0
	// Active trees are able to respond to both read and write requests.
	TreeState_ACTIVE TreeState = 1
	// Frozen trees are only able to respond to read requests, writing to a frozen
	// tree is forbidden. Trees should not be frozen when there are entries
	// in the queue that have not yet been integrated. See the DRAINING
	// state for this case.
	TreeState_FROZEN TreeState = 2
	// Deprecated: now tracked in Tree.deleted.
	//
	// Deprecated: Do not use.
	TreeState_DEPRECATED_SOFT_DELETED TreeState = 3
	// Deprecated: now tracked in Tree.deleted.
	//
	// Deprecated: Do not use.
	TreeState_DEPRECATED_HARD_DELETED TreeState = 4
	// A tree that is draining will continue to integrate queued entries.
	// No new entries should be accepted.
	TreeState_DRAINING TreeState = 5
)

func (TreeState) Descriptor added in v1.3.9

func (TreeState) Descriptor() protoreflect.EnumDescriptor

func (TreeState) Enum added in v1.3.9

func (x TreeState) Enum() *TreeState

func (TreeState) EnumDescriptor deprecated

This method has been deprecated.
func (TreeState) EnumDescriptor() ([]byte, []int)

Deprecated: Use TreeState.Descriptor instead.

func (TreeState) Number added in v1.3.9

func (x TreeState) Number() protoreflect.EnumNumber

func (TreeState) String

func (x TreeState) String() string

func (TreeState) Type added in v1.3.9

type TreeType

type TreeType int32

Type of the tree.

const (
	// Tree type cannot be determined. Included to enable detection of mismatched
	// proto versions being used. Represents an invalid value.
	TreeType_UNKNOWN_TREE_TYPE TreeType = 0
	// Tree represents a verifiable log.
	TreeType_LOG TreeType = 1
	// Tree represents a verifiable pre-ordered log, i.e., a log whose entries are
	// placed according to sequence numbers assigned outside of Trillian.
	TreeType_PREORDERED_LOG TreeType = 3
)

func (TreeType) Descriptor added in v1.3.9

func (TreeType) Descriptor() protoreflect.EnumDescriptor

func (TreeType) Enum added in v1.3.9

func (x TreeType) Enum() *TreeType

func (TreeType) EnumDescriptor deprecated

This method has been deprecated.
func (TreeType) EnumDescriptor() ([]byte, []int)

Deprecated: Use TreeType.Descriptor instead.

func (TreeType) Number added in v1.3.9

func (x TreeType) Number() protoreflect.EnumNumber

func (TreeType) String

func (x TreeType) String() string

func (TreeType) Type added in v1.3.9

type TrillianAdminClient

type TrillianAdminClient interface {
	// Lists all trees the requester has access to.
	ListTrees(ctx context.Context, in *ListTreesRequest, opts ...grpc.CallOption) (*ListTreesResponse, error)
	// Retrieves a tree by ID.
	GetTree(ctx context.Context, in *GetTreeRequest, opts ...grpc.CallOption) (*Tree, error)
	// Creates a new tree.
	// System-generated fields are not required and will be ignored if present,
	// e.g.: tree_id, create_time and update_time.
	// Returns the created tree, with all system-generated fields assigned.
	CreateTree(ctx context.Context, in *CreateTreeRequest, opts ...grpc.CallOption) (*Tree, error)
	// Updates a tree.
	// See Tree for details. Readonly fields cannot be updated.
	UpdateTree(ctx context.Context, in *UpdateTreeRequest, opts ...grpc.CallOption) (*Tree, error)
	// Soft-deletes a tree.
	// A soft-deleted tree may be undeleted for a certain period, after which
	// it'll be permanently deleted.
	DeleteTree(ctx context.Context, in *DeleteTreeRequest, opts ...grpc.CallOption) (*Tree, error)
	// Undeletes a soft-deleted a tree.
	// A soft-deleted tree may be undeleted for a certain period, after which
	// it'll be permanently deleted.
	UndeleteTree(ctx context.Context, in *UndeleteTreeRequest, opts ...grpc.CallOption) (*Tree, error)
}

TrillianAdminClient is the client API for TrillianAdmin service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

type TrillianAdminServer

type TrillianAdminServer interface {
	// Lists all trees the requester has access to.
	ListTrees(context.Context, *ListTreesRequest) (*ListTreesResponse, error)
	// Retrieves a tree by ID.
	GetTree(context.Context, *GetTreeRequest) (*Tree, error)
	// Creates a new tree.
	// System-generated fields are not required and will be ignored if present,
	// e.g.: tree_id, create_time and update_time.
	// Returns the created tree, with all system-generated fields assigned.
	CreateTree(context.Context, *CreateTreeRequest) (*Tree, error)
	// Updates a tree.
	// See Tree for details. Readonly fields cannot be updated.
	UpdateTree(context.Context, *UpdateTreeRequest) (*Tree, error)
	// Soft-deletes a tree.
	// A soft-deleted tree may be undeleted for a certain period, after which
	// it'll be permanently deleted.
	DeleteTree(context.Context, *DeleteTreeRequest) (*Tree, error)
	// Undeletes a soft-deleted a tree.
	// A soft-deleted tree may be undeleted for a certain period, after which
	// it'll be permanently deleted.
	UndeleteTree(context.Context, *UndeleteTreeRequest) (*Tree, error)
}

TrillianAdminServer is the server API for TrillianAdmin service. All implementations should embed UnimplementedTrillianAdminServer for forward compatibility

type TrillianLogClient

type TrillianLogClient interface {
	// QueueLeaf adds a single leaf to the queue of pending leaves for a normal
	// log.
	QueueLeaf(ctx context.Context, in *QueueLeafRequest, opts ...grpc.CallOption) (*QueueLeafResponse, error)
	// GetInclusionProof returns an inclusion proof for a leaf with a given index
	// in a particular tree.
	//
	// If the requested tree_size is larger than the server is aware of, the
	// response will include the latest known log root and an empty proof.
	GetInclusionProof(ctx context.Context, in *GetInclusionProofRequest, opts ...grpc.CallOption) (*GetInclusionProofResponse, error)
	// GetInclusionProofByHash returns an inclusion proof for any leaves that have
	// the given Merkle hash in a particular tree.
	//
	// If any of the leaves that match the given Merkle has have a leaf index that
	// is beyond the requested tree size, the corresponding proof entry will be empty.
	GetInclusionProofByHash(ctx context.Context, in *GetInclusionProofByHashRequest, opts ...grpc.CallOption) (*GetInclusionProofByHashResponse, error)
	// GetConsistencyProof returns a consistency proof between different sizes of
	// a particular tree.
	//
	// If the requested tree size is larger than the server is aware of,
	// the response will include the latest known log root and an empty proof.
	GetConsistencyProof(ctx context.Context, in *GetConsistencyProofRequest, opts ...grpc.CallOption) (*GetConsistencyProofResponse, error)
	// GetLatestSignedLogRoot returns the latest signed log root for a given tree,
	// and optionally also includes a consistency proof from an earlier tree size
	// to the new size of the tree.
	//
	// If the earlier tree size is larger than the server is aware of,
	// an InvalidArgument error is returned.
	GetLatestSignedLogRoot(ctx context.Context, in *GetLatestSignedLogRootRequest, opts ...grpc.CallOption) (*GetLatestSignedLogRootResponse, error)
	// GetEntryAndProof returns a log leaf and the corresponding inclusion proof
	// to a specified tree size, for a given leaf index in a particular tree.
	//
	// If the requested tree size is unavailable but the leaf is
	// in scope for the current tree, the returned proof will be for the
	// current tree size rather than the requested tree size.
	GetEntryAndProof(ctx context.Context, in *GetEntryAndProofRequest, opts ...grpc.CallOption) (*GetEntryAndProofResponse, error)
	// InitLog initializes a particular tree, creating the initial signed log
	// root (which will be of size 0).
	InitLog(ctx context.Context, in *InitLogRequest, opts ...grpc.CallOption) (*InitLogResponse, error)
	// AddSequencedLeaves adds a batch of leaves with assigned sequence numbers
	// to a pre-ordered log.  The indices of the provided leaves must be contiguous.
	AddSequencedLeaves(ctx context.Context, in *AddSequencedLeavesRequest, opts ...grpc.CallOption) (*AddSequencedLeavesResponse, error)
	// GetLeavesByRange returns a batch of leaves whose leaf indices are in a
	// sequential range.
	GetLeavesByRange(ctx context.Context, in *GetLeavesByRangeRequest, opts ...grpc.CallOption) (*GetLeavesByRangeResponse, error)
}

TrillianLogClient is the client API for TrillianLog service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

type TrillianLogServer

type TrillianLogServer interface {
	// QueueLeaf adds a single leaf to the queue of pending leaves for a normal
	// log.
	QueueLeaf(context.Context, *QueueLeafRequest) (*QueueLeafResponse, error)
	// GetInclusionProof returns an inclusion proof for a leaf with a given index
	// in a particular tree.
	//
	// If the requested tree_size is larger than the server is aware of, the
	// response will include the latest known log root and an empty proof.
	GetInclusionProof(context.Context, *GetInclusionProofRequest) (*GetInclusionProofResponse, error)
	// GetInclusionProofByHash returns an inclusion proof for any leaves that have
	// the given Merkle hash in a particular tree.
	//
	// If any of the leaves that match the given Merkle has have a leaf index that
	// is beyond the requested tree size, the corresponding proof entry will be empty.
	GetInclusionProofByHash(context.Context, *GetInclusionProofByHashRequest) (*GetInclusionProofByHashResponse, error)
	// GetConsistencyProof returns a consistency proof between different sizes of
	// a particular tree.
	//
	// If the requested tree size is larger than the server is aware of,
	// the response will include the latest known log root and an empty proof.
	GetConsistencyProof(context.Context, *GetConsistencyProofRequest) (*GetConsistencyProofResponse, error)
	// GetLatestSignedLogRoot returns the latest signed log root for a given tree,
	// and optionally also includes a consistency proof from an earlier tree size
	// to the new size of the tree.
	//
	// If the earlier tree size is larger than the server is aware of,
	// an InvalidArgument error is returned.
	GetLatestSignedLogRoot(context.Context, *GetLatestSignedLogRootRequest) (*GetLatestSignedLogRootResponse, error)
	// GetEntryAndProof returns a log leaf and the corresponding inclusion proof
	// to a specified tree size, for a given leaf index in a particular tree.
	//
	// If the requested tree size is unavailable but the leaf is
	// in scope for the current tree, the returned proof will be for the
	// current tree size rather than the requested tree size.
	GetEntryAndProof(context.Context, *GetEntryAndProofRequest) (*GetEntryAndProofResponse, error)
	// InitLog initializes a particular tree, creating the initial signed log
	// root (which will be of size 0).
	InitLog(context.Context, *InitLogRequest) (*InitLogResponse, error)
	// AddSequencedLeaves adds a batch of leaves with assigned sequence numbers
	// to a pre-ordered log.  The indices of the provided leaves must be contiguous.
	AddSequencedLeaves(context.Context, *AddSequencedLeavesRequest) (*AddSequencedLeavesResponse, error)
	// GetLeavesByRange returns a batch of leaves whose leaf indices are in a
	// sequential range.
	GetLeavesByRange(context.Context, *GetLeavesByRangeRequest) (*GetLeavesByRangeResponse, error)
}

TrillianLogServer is the server API for TrillianLog service. All implementations should embed UnimplementedTrillianLogServer for forward compatibility

type UndeleteTreeRequest added in v1.0.2

type UndeleteTreeRequest struct {

	// ID of the tree to undelete.
	TreeId int64 `protobuf:"varint,1,opt,name=tree_id,json=treeId,proto3" json:"tree_id,omitempty"`
	// contains filtered or unexported fields
}

UndeleteTree request.

func (*UndeleteTreeRequest) Descriptor deprecated added in v1.0.2

This method has been deprecated.
func (*UndeleteTreeRequest) Descriptor() ([]byte, []int)

Deprecated: Use UndeleteTreeRequest.ProtoReflect.Descriptor instead.

func (*UndeleteTreeRequest) GetTreeId added in v1.0.2

func (x *UndeleteTreeRequest) GetTreeId() int64

func (*UndeleteTreeRequest) ProtoMessage added in v1.0.2

func (*UndeleteTreeRequest) ProtoMessage()

func (*UndeleteTreeRequest) ProtoReflect added in v1.3.9

func (x *UndeleteTreeRequest) ProtoReflect() protoreflect.Message

func (*UndeleteTreeRequest) Reset added in v1.0.2

func (x *UndeleteTreeRequest) Reset()

func (*UndeleteTreeRequest) String added in v1.0.2

func (x *UndeleteTreeRequest) String() string

type UnimplementedTrillianAdminServer added in v1.3.0

type UnimplementedTrillianAdminServer struct {
}

UnimplementedTrillianAdminServer should be embedded to have forward compatible implementations.

func (UnimplementedTrillianAdminServer) CreateTree added in v1.3.0

func (UnimplementedTrillianAdminServer) DeleteTree added in v1.3.0

func (UnimplementedTrillianAdminServer) GetTree added in v1.3.0

func (UnimplementedTrillianAdminServer) ListTrees added in v1.3.0

func (UnimplementedTrillianAdminServer) UndeleteTree added in v1.3.0

func (UnimplementedTrillianAdminServer) UpdateTree added in v1.3.0

type UnimplementedTrillianLogServer added in v1.3.0

type UnimplementedTrillianLogServer struct {
}

UnimplementedTrillianLogServer should be embedded to have forward compatible implementations.

func (UnimplementedTrillianLogServer) AddSequencedLeaves added in v1.3.0

func (UnimplementedTrillianLogServer) GetConsistencyProof added in v1.3.0

func (UnimplementedTrillianLogServer) GetEntryAndProof added in v1.3.0

func (UnimplementedTrillianLogServer) GetInclusionProof added in v1.3.0

func (UnimplementedTrillianLogServer) GetInclusionProofByHash added in v1.3.0

func (UnimplementedTrillianLogServer) GetLatestSignedLogRoot added in v1.3.0

func (UnimplementedTrillianLogServer) GetLeavesByRange added in v1.3.0

func (UnimplementedTrillianLogServer) InitLog added in v1.3.0

func (UnimplementedTrillianLogServer) QueueLeaf added in v1.3.0

type UnsafeTrillianAdminServer added in v1.4.0

type UnsafeTrillianAdminServer interface {
	// contains filtered or unexported methods
}

UnsafeTrillianAdminServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to TrillianAdminServer will result in compilation errors.

type UnsafeTrillianLogServer added in v1.4.0

type UnsafeTrillianLogServer interface {
	// contains filtered or unexported methods
}

UnsafeTrillianLogServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to TrillianLogServer will result in compilation errors.

type UpdateTreeRequest

type UpdateTreeRequest struct {

	// Tree to be updated.
	Tree *Tree `protobuf:"bytes,1,opt,name=tree,proto3" json:"tree,omitempty"`
	// Fields modified by the update request.
	// For example: "tree_state", "display_name", "description".
	UpdateMask *field_mask.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// contains filtered or unexported fields
}

UpdateTree request.

func (*UpdateTreeRequest) Descriptor deprecated

This method has been deprecated.
func (*UpdateTreeRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateTreeRequest.ProtoReflect.Descriptor instead.

func (*UpdateTreeRequest) GetTree

func (x *UpdateTreeRequest) GetTree() *Tree

func (*UpdateTreeRequest) GetUpdateMask

func (x *UpdateTreeRequest) GetUpdateMask() *field_mask.FieldMask

func (*UpdateTreeRequest) ProtoMessage

func (*UpdateTreeRequest) ProtoMessage()

func (*UpdateTreeRequest) ProtoReflect added in v1.3.9

func (x *UpdateTreeRequest) ProtoReflect() protoreflect.Message

func (*UpdateTreeRequest) Reset

func (x *UpdateTreeRequest) Reset()

func (*UpdateTreeRequest) String

func (x *UpdateTreeRequest) String() string

Directories

Path Synopsis
Package client verifies responses from the Trillian log.
Package client verifies responses from the Trillian log.
backoff
Package backoff allows retrying an operation with backoff.
Package backoff allows retrying an operation with backoff.
timeout
Package timeout enforces a maximum timeout on all outgoing rpcs.
Package timeout enforces a maximum timeout on all outgoing rpcs.
cmd
createtree
Package main contains the implementation and entry point for the createtree command.
Package main contains the implementation and entry point for the createtree command.
deletetree
Package main contains the implementation and entry point for the deletetree command.
Package main contains the implementation and entry point for the deletetree command.
trillian_log_server
The trillian_log_server binary runs the Trillian log server, and also provides an admin server.
The trillian_log_server binary runs the Trillian log server, and also provides an admin server.
trillian_log_signer
The trillian_log_signer binary runs the log signing code.
The trillian_log_signer binary runs the log signing code.
updatetree
Package main contains the implementation and entry point for the updatetree command.
Package main contains the implementation and entry point for the updatetree command.
crypto
keys
Package keys provides access to public and private keys for signing and verification of signatures.
Package keys provides access to public and private keys for signing and verification of signatures.
keys/testonly
Package testonly contains code and data that should only be used by tests.
Package testonly contains code and data that should only be used by tests.
docs
merkletree/treetex
A binary to produce LaTeX documents representing Merkle trees.
A binary to produce LaTeX documents representing Merkle trees.
storage/commit_log
The commit_log binary runs a simulation of the design for a commit-log based signer, with a simulated Kafka-like interface and a simulated master election package (which can be triggered to incorrectly report multiple masters), and with the core algorithm in the signer code.
The commit_log binary runs a simulation of the design for a commit-log based signer, with a simulated Kafka-like interface and a simulated master election package (which can be triggered to incorrectly report multiple masters), and with the core algorithm in the signer code.
storage/commit_log/signer
Package signer is a sample implementation of a commit-log based signer.
Package signer is a sample implementation of a commit-log based signer.
storage/commit_log/simelection
Package simelection simulates a master election.
Package simelection simulates a master election.
storage/commit_log/simkafka
Package simkafka is a toy simulation of a Kafka commit log.
Package simkafka is a toy simulation of a Kafka commit log.
experimental
batchmap
Package batchmap is a library to be used within Beam pipelines to construct verifiable data structures.
Package batchmap is a library to be used within Beam pipelines to construct verifiable data structures.
batchmap/cmd/build
mapdemo is a simple example that shows how a verifiable map can be constructed in Beam.
mapdemo is a simple example that shows how a verifiable map can be constructed in Beam.
batchmap/cmd/verify
verify is a simple example that shows how a verifiable map can be used to demonstrate inclusion.
verify is a simple example that shows how a verifiable map can be used to demonstrate inclusion.
Package extension provides an extension mechanism for Trillian code to access fork-specific functionality.
Package extension provides an extension mechanism for Trillian code to access fork-specific functionality.
Package integration contains some integration tests which are intended to serve as a way of checking that various top-level binaries work as intended, as well as providing a simple example of how to run and use the various servers.
Package integration contains some integration tests which are intended to serve as a way of checking that various top-level binaries work as intended, as well as providing a simple example of how to run and use the various servers.
admin
Package admin contains integration tests for the Admin server.
Package admin contains integration tests for the Admin server.
quota
Package quota contains quota-related integration tests.
Package quota contains quota-related integration tests.
Package log holds the code that is specific to Trillian logs core operation, particularly the code for sequencing.
Package log holds the code that is specific to Trillian logs core operation, particularly the code for sequencing.
Package merkle provides Merkle tree manipulation functions.
Package merkle provides Merkle tree manipulation functions.
compact
Package compact provides compact Merkle tree data structures.
Package compact provides compact Merkle tree data structures.
coniks
Package coniks provides CONIKS hashing for maps.
Package coniks provides CONIKS hashing for maps.
rfc6962
Package rfc6962 provides hashing functionality according to RFC6962.
Package rfc6962 provides hashing functionality according to RFC6962.
smt
Package smt contains the implementation of the sparse Merkle tree logic.
Package smt contains the implementation of the sparse Merkle tree logic.
smt/node
Package node implements a sparse Merkle tree node.
Package node implements a sparse Merkle tree node.
testonly
Package testonly contains code and data for testing Merkle trees.
Package testonly contains code and data for testing Merkle trees.
Package monitoring provides monitoring functionality.
Package monitoring provides monitoring functionality.
prometheus
Package prometheus provides a Prometheus-based implementation of the MetricFactory abstraction.
Package prometheus provides a Prometheus-based implementation of the MetricFactory abstraction.
Package quota defines Trillian's Quota Management service.
Package quota defines Trillian's Quota Management service.
cacheqm
Package cacheqm contains a caching quota.Manager implementation.
Package cacheqm contains a caching quota.Manager implementation.
etcd/etcdqm
Package etcdqm contains an etcd-based quota.Manager implementation.
Package etcdqm contains an etcd-based quota.Manager implementation.
etcd/quotaapi
Package quotaapi provides a Quota admin server implementation.
Package quotaapi provides a Quota admin server implementation.
etcd/quotapb
Package quotapb contains definitions for quota API protos and RPC service.
Package quotapb contains definitions for quota API protos and RPC service.
etcd/storage
Package storage contains storage classes for etcd-based quotas.
Package storage contains storage classes for etcd-based quotas.
mysqlqm
Package mysqlqm defines a MySQL-based quota.Manager implementation.
Package mysqlqm defines a MySQL-based quota.Manager implementation.
redis/redisqm
Package redisqm defines a Redis-based quota.Manager implementation.
Package redisqm defines a Redis-based quota.Manager implementation.
admin
Package admin contains the TrillianAdminServer implementation.
Package admin contains the TrillianAdminServer implementation.
errors
Package errors contains utilities to translate TrillianErrors to gRPC errors.
Package errors contains utilities to translate TrillianErrors to gRPC errors.
interceptor
Package interceptor defines gRPC interceptors for Trillian.
Package interceptor defines gRPC interceptors for Trillian.
Package storage provides general interfaces to Trillian storage layers.
Package storage provides general interfaces to Trillian storage layers.
cache
Package cache provides subtree caching functionality.
Package cache provides subtree caching functionality.
memory
Package memory provides a simple in-process implementation of the tree- and log-storage interfaces.
Package memory provides a simple in-process implementation of the tree- and log-storage interfaces.
mysql
Package mysql provides a MySQL-based storage layer implementation.
Package mysql provides a MySQL-based storage layer implementation.
storagepb
Package storagepb contains protobuf definitions used by various storage implementations.
Package storagepb contains protobuf definitions used by various storage implementations.
testdb
Package testdb creates new databases for tests.
Package testdb creates new databases for tests.
tools/dump_tree
The dump_tree program uses the in memory storage implementation to create a sequenced log tree of a particular size using known leaf data and then dumps out the resulting SubTree protos for examination and debugging.
The dump_tree program uses the in memory storage implementation to create a sequenced log tree of a particular size using known leaf data and then dumps out the resulting SubTree protos for examination and debugging.
tools/hasher
The hasher program provides a simple CLI for producing Merkle tree hashes.
The hasher program provides a simple CLI for producing Merkle tree hashes.
tree
Package tree defines types that help navigating a tree in storage.
Package tree defines types that help navigating a tree in storage.
Package testonly contains code and data that should only be used by tests.
Package testonly contains code and data that should only be used by tests.
flagsaver
Package flagsaver provides a simple way to save and restore flag values.
Package flagsaver provides a simple way to save and restore flag values.
integration
Package integration provides test-only code for performing integrated tests of Trillian functionality.
Package integration provides test-only code for performing integrated tests of Trillian functionality.
matchers
Package matchers contains additional gomock matchers.
Package matchers contains additional gomock matchers.
mdm
Package mdm provides test-only code for checking the merge delay of a Trillian log.
Package mdm provides test-only code for checking the merge delay of a Trillian log.
mdm/mdmtest
The mdmtest binary runs merge delay tests against a Trillian Log.
The mdmtest binary runs merge delay tests against a Trillian Log.
tmock
Package tmock is a generated GoMock package.
Package tmock is a generated GoMock package.
Package trees contains utility method for retrieving trees and acquiring objects (hashers, signers) associated with them.
Package trees contains utility method for retrieving trees and acquiring objects (hashers, signers) associated with them.
Package types defines serialization and parsing functions for SignedLogRoot fields.
Package types defines serialization and parsing functions for SignedLogRoot fields.
Package util holds utility functions.
Package util holds utility functions.
clock
Package clock contains time utilities, and types that allow mocking system time in tests.
Package clock contains time utilities, and types that allow mocking system time in tests.
election2
Package election2 provides master election tools, and interfaces for plugging in a custom underlying mechanism.
Package election2 provides master election tools, and interfaces for plugging in a custom underlying mechanism.
election2/etcd
Package etcd provides an implementation of master election based on etcd.
Package etcd provides an implementation of master election based on etcd.
election2/testonly
Package testonly contains an Election implementation for testing.
Package testonly contains an Election implementation for testing.
internal
merkle/inmemory
Package inmemory provides an in-memory MerkleTree implementation.
Package inmemory provides an in-memory MerkleTree implementation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL