Documentation
¶
Overview ¶
Package nonce implements a service for generating and redeeming nonces. To generate a nonce, it encrypts a monotonically increasing counter (latest) using an authenticated cipher. To redeem a nonce, it checks that the nonce decrypts to a valid integer between the earliest and latest counter values, and that it's not on the cross-off list. To avoid a constantly growing cross-off list, the nonce service periodically retires the oldest counter values by finding the lowest counter value in the cross-off list, deleting it, and setting "earliest" to its value. To make this efficient, the cross-off list is represented two ways: Once as a map, for quick lookup of a given value, and once as a heap, to quickly find the lowest value. The MaxUsed value determines how long a generated nonce can be used before it is forgotten. To calculate that period, divide the MaxUsed value by average redemption rate (valid POSTs per second).
Index ¶
Constants ¶
const ( // PrefixLen is the character length of a nonce prefix. PrefixLen = 8 // DeprecatedPrefixLen is the character length of a nonce prefix. // // Deprecated: Use PrefixLen instead. // TODO(#6610): Remove once we've moved to derivable prefixes by default. DeprecatedPrefixLen = 4 // NonceLen is the character length of a nonce, excluding the prefix. NonceLen = 32 )
Variables ¶
This section is empty.
Functions ¶
func DerivePrefix ¶
DerivePrefix derives a nonce prefix from the provided listening address and key. The prefix is derived by take the first 8 characters of the base64url encoded HMAC-SHA256 hash of the listening address using the provided key.
func RemoteRedeem ¶
func RemoteRedeem(ctx context.Context, noncePrefixMap map[string]Redeemer, nonce string) (bool, error)
RemoteRedeem checks the nonce prefix and routes the Redeem RPC to the associated remote nonce service.
TODO(#6610): Remove this function once we've moved to derivable prefixes by default.
Types ¶
type Getter ¶
type Getter interface {
Nonce(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*noncepb.NonceMessage, error)
}
Getter is an interface for an RPC client that can get a nonce.
func NewGetter ¶
func NewGetter(cc grpc.ClientConnInterface) Getter
NewGetter returns a new noncepb.NonceServiceClient which can only be used to get nonces.
type HMACKeyCtxKey ¶
type HMACKeyCtxKey struct{}
HMACKeyCtxKey is exported for use as a key in a context.Context.
type NonceService ¶
type NonceService struct {
// contains filtered or unexported fields
}
NonceService generates, cancels, and tracks Nonces.
func NewNonceService ¶
func NewNonceService(stats prometheus.Registerer, maxUsed int, prefix string) (*NonceService, error)
NewNonceService constructs a NonceService with defaults
func (*NonceService) Nonce ¶
func (ns *NonceService) Nonce() (string, error)
Nonce provides a new Nonce.
func (*NonceService) Valid ¶
func (ns *NonceService) Valid(nonce string) bool
Valid determines whether the provided Nonce string is valid, returning true if so.
type PrefixCtxKey ¶
type PrefixCtxKey struct{}
PrefixCtxKey is exported for use as a key in a context.Context.
type Redeemer ¶
type Redeemer interface {
Redeem(ctx context.Context, in *noncepb.NonceMessage, opts ...grpc.CallOption) (*noncepb.ValidMessage, error)
}
Redeemer is an interface for an RPC client that can redeem a nonce.
func NewRedeemer ¶
func NewRedeemer(cc grpc.ClientConnInterface) Redeemer
NewRedeemer returns a new noncepb.NonceServiceClient which can only be used to redeem nonces.
type Server ¶
type Server struct {
noncepb.UnimplementedNonceServiceServer
// contains filtered or unexported fields
}
Server implements the gRPC nonce service.
func NewServer ¶
func NewServer(inner *NonceService) *Server
NewServer returns a new Server, wrapping a NonceService.
func (*Server) Redeem ¶
func (ns *Server) Redeem(ctx context.Context, msg *noncepb.NonceMessage) (*noncepb.ValidMessage, error)
Redeem accepts a nonce from a gRPC client and redeems it using the inner nonce service.
Source Files
Directories