Back to / nonce

package nonce

v0.0.0 (24e782e)
Latest Go to latest
Published: 5 hours ago | License: MPL-2.0 | Module:


Package nonce implements a service for generating and redeeming nonces. To generate a nonce, it encrypts a monotonically increasing counter (latest) using an authenticated cipher. To redeem a nonce, it checks that the nonce decrypts to a valid integer between the earliest and latest counter values, and that it's not on the cross-off list. To avoid a constantly growing cross-off list, the nonce service periodically retires the oldest counter values by finding the lowest counter value in the cross-off list, deleting it, and setting "earliest" to its value. To make this efficient, the cross-off list is represented two ways: Once as a map, for quick lookup of a given value, and once as a heap, to quickly find the lowest value. The MaxUsed value determines how long a generated nonce can be used before it is forgotten. To calculate that period, divide the MaxUsed value by average redemption rate (valid POSTs per second).


Package Files

func RemoteRedeem

func RemoteRedeem(ctx context.Context, noncePrefixMap map[string]noncepb.NonceServiceClient, nonce string) (bool, error)

RemoteRedeem checks the nonce prefix and routes the Redeem RPC to the associated remote nonce service

type NonceService

type NonceService struct {
	// contains filtered or unexported fields

NonceService generates, cancels, and tracks Nonces.

func NewNonceService

func NewNonceService(stats prometheus.Registerer, maxUsed int, prefix string) (*NonceService, error)

NewNonceService constructs a NonceService with defaults

func (*NonceService) Nonce

func (ns *NonceService) Nonce() (string, error)

Nonce provides a new Nonce.

func (*NonceService) Valid

func (ns *NonceService) Valid(nonce string) bool

Valid determines whether the provided Nonce string is valid, returning true if so.

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier