Documentation ¶
Overview ¶
Package monitor implements the monitor service. A monitor repeatedly polls a key-transparency server's Mutations API and signs Map Roots if it could reconstruct clients can query.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInconsistentProofs occurs when the server returned different hashes // for the same inclusion proof node in the tree. ErrInconsistentProofs = errors.New("inconsistent inclusion proofs") // ErrInvalidLogConsistencyProof occurs when the log consistency proof does // not verify. ErrInvalidLogConsistencyProof = errors.New("invalid log consistency proof") // ErrInvalidLogInclusion occurs if the inclusion proof for the signed map // root into the log does not verify. ErrInvalidLogInclusion = errors.New("invalid log inclusion proof") // ErrInvalidLogSignature occurs if the log roots signature does not verify. ErrInvalidLogSignature = errors.New("invalid signature on log root") // ErrInvalidMapSignature occurs if the map roots signature does not verify. ErrInvalidMapSignature = errors.New("invalid signature on map root") // ErrInvalidMutation occurs when verification failed because of an invalid // mutation. ErrInvalidMutation = errors.New("invalid mutation") // ErrNotMatchingMapRoot occurs when the reconstructed root differs from the // one we received from the server. ErrNotMatchingMapRoot = errors.New("recreated root does not match") )
Functions ¶
Types ¶
type ErrList ¶
type ErrList []error
ErrList is a list of errors.
func (*ErrList) AppendStatus ¶
AppendStatus adds a status errord, or the error about adding the status if the latter is not nil.
type Monitor ¶
type Monitor struct {
// contains filtered or unexported fields
}
Monitor holds the internal state for a monitor accessing the mutations API and for verifying its responses.
func New ¶
func New(mclient pb.KeyTransparencyClient, logVerifier client.LogVerifier, mapID int64, mapHasher hashers.MapHasher, mapPubKey crypto.PublicKey, signer *tcrypto.Signer, store monitorstorage.Interface) (*Monitor, error)
New creates a new instance of the monitor.
func NewFromConfig ¶
func NewFromConfig(mclient pb.KeyTransparencyClient, config *pb.Domain, signer *tcrypto.Signer, store monitorstorage.Interface) (*Monitor, error)
NewFromConfig produces a new monitor from a Domain object.
func (*Monitor) ProcessLoop ¶
func (m *Monitor) ProcessLoop(ctx context.Context, domainID string, startEpoch int64, period time.Duration) error
ProcessLoop continuously fetches mutations and processes them.
func (*Monitor) VerifyEpoch ¶
VerifyEpoch verifies that epoch is correctly signed and included in the append only log.
func (*Monitor) VerifyEpochMutations ¶
func (m *Monitor) VerifyEpochMutations(epochA, epochB *pb.Epoch, mutations []*pb.MutationProof) []error
VerifyEpochMutations validates that epochA + mutations = epochB.
Notes ¶
Bugs ¶
Proto serializations are not idempotent. - Upgrade the hasher to use ObjectHash. - Use deep compare between the tree and the computed value.