trust

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2020 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source 
const AckNotFound string = "not found"

AckNotFound is sent as the error description if the crypto material is not found.

Variables

View Source 
var (
	// ErrNotFound indicates that the queried value was not found in the database.
	ErrNotFound = serrors.New("not found")
	// ErrContentMismatch indicates that the crypto material exists with differing content.
	ErrContentMismatch = serrors.New("content does not match")
)
View Source 
var (
	// ErrBaseNotSupported indicates base TRC insertion is not supported.
	ErrBaseNotSupported = serrors.New("inserting base TRC not supported")
	// ErrValidation indicates a validation error.
	ErrValidation = serrors.New("validation error")
	// ErrVerification indicates a verification error.
	ErrVerification = serrors.New("verification error")
)
View Source 
var (
	// ErrResolveSuperseded indicates that the latest locally available TRC
	// supersedes the TRC to resolve.
	ErrResolveSuperseded = serrors.New("latest locally available is newer")
	// ErrInvalidResponse indicates an invalid response to an RPC call.
	ErrInvalidResponse = serrors.New("invalid RPC response")
)
View Source 
var ErrInactive = serrors.New("inactive")

ErrInactive indicates that the requested material is inactive.

View Source 
var ErrRecursionNotAllowed = serrors.New("recursion not allowed")

ErrRecursionNotAllowed indicates that recursion is not allowed.

Functions

func NewVerifier added in v0.5.0 

func NewVerifier(provider CryptoProvider) infra.Verifier

NewVerifier returns a struct that verifies payloads signed with control-plane PKI certificates through infra.Verifier interface.

Types

type ASLocalRecurser added in v0.5.0 

type ASLocalRecurser struct {
	IA addr.IA
}

ASLocalRecurser allows AS local addresses to start recursive requests.

func (ASLocalRecurser) AllowRecursion added in v0.5.0 

func (r ASLocalRecurser) AllowRecursion(peer net.Addr) error

AllowRecursion returns an error if address is not part of the local AS (or if the check cannot be made).

type AuthRouter added in v0.5.0 

type AuthRouter struct {
	ISD    addr.ISD
	Router snet.Router
	DB     TRCRead
}

AuthRouter routes requests for missing crypto material to the authoritative ASes of the appropriate ISD.

TODO(roosd): Add implementation of snet.Router that routes to authoritative AS.

func (AuthRouter) ChooseServer added in v0.5.0 

func (r AuthRouter) ChooseServer(ctx context.Context, subjectISD addr.ISD) (net.Addr, error)

ChooseServer builds a CS address for crypto with the subject in a given ISD.

  • a local authoritative CS if subject is ISD-local.
  • a local authoritative CS if subject is in remote ISD, but no active TRC is available.
  • a remote authoritative CS otherwise.

type BaseInserter added in v0.5.0 

type BaseInserter struct {
	DB ReadWrite
	// Unsafe allows inserts of base TRCs. This is used as a workaround until
	// TAAC support is implemented.
	Unsafe bool
}

BaseInserter implements the common functionality of the inserters.

type ChainID added in v0.5.0 

type ChainID struct {
	IA      addr.IA
	Version scrypto.Version
}

ChainID identifies a chain.

type ChainRead added in v0.5.0 

type ChainRead interface {
	// GetRawChain returns the raw signed certificate chain bytes. If it is not
	// found, ErrNotFound is returned.
	GetRawChain(ctx context.Context, id ChainID) ([]byte, error)
	// ChainExists returns whether the certificate chain is found in the
	// database and the content matches. ErrContentMismatch is returned if any
	// of the two certificates exist in the database with differing contents.
	ChainExists(ctx context.Context, d decoded.Chain) (bool, error)
}

ChainRead defines the certificate chain read operations.

type ChainReq added in v0.5.0 

type ChainReq struct {
	IA      addr.IA
	Version scrypto.Version
}

ChainReq holds the values of a certificate chain request.

type ChainWrite added in v0.5.0 

type ChainWrite interface {
	// InsertChain inserts the certificate chain. The call returns true in the
	// first return value, if the certificate chain was inserted, or false if it
	// already existed and the contents matches. The second return value
	// indicates whether the issuer certificate was inserted, or it already
	// existed. ErrContentMismatch is returned if any of the two certificates
	// exist in the database with differing contents.
	InsertChain(ctx context.Context, d decoded.Chain) (bool, bool, error)
}

ChainWrite defines the certificate chain write operations.

type Config added in v0.1.1 

type Config struct {
	// MustHaveLocalChain states that chain requests for the trust store's own
	// IA must always return a valid chain. This is set to true on infra
	// services BS, CS, PS and false on others.
	MustHaveLocalChain bool
	// ServiceType is the type of the service that uses the store.
	ServiceType proto.ServiceType
	// Router is used to determine paths to other ASes.
	Router snet.Router
	// TopoProvider provides the local topology.
	TopoProvider topology.Provider
}

type CryptoProvider added in v0.5.0 

type CryptoProvider interface {
	// AnnounceTRC announces the existence of a TRC, it must be called before
	// verifying a signature based on a certificate chain to ensure the TRC in
	// the signature source is available to the CryptoProvider.
	AnnounceTRC(context.Context, TRCID, infra.TRCOpts) error
	// GetTRC asks the trust store to return a valid and active TRC for isd,
	// unless inactive TRCs are specifically allowed. The optionally configured
	// server is queried over the network if the TRC is not available locally.
	// Otherwise, the default server is queried. How the default server is
	// determined differs between implementations.
	GetTRC(context.Context, TRCID, infra.TRCOpts) (*trc.TRC, error)
	// GetRawTRC behaves the same as GetTRC, except returning the raw signed TRC.
	GetRawTRC(context.Context, TRCID, infra.TRCOpts) ([]byte, error)
	// GetRawChain asks the trust store to return a valid and active certificate
	// chain, unless inactive chains are specifically allowed. The optionally
	// configured server is queried over the network if the certificate chain is
	// not available locally. Otherwise, the default server is queried. How the
	// default server is determined differs between implementations.
	GetRawChain(context.Context, ChainID, infra.ChainOpts) ([]byte, error)
	// GetASKey returns from trust store the public key required to verify
	// signature originated from an AS.
	GetASKey(context.Context, ChainID, infra.ChainOpts) (scrypto.KeyMeta, error)
}

CryptoProvider provides crypto material. A crypto provider can spawn network requests if necessary and permitted.

type DB added in v0.5.0 

type DB interface {
	ReadWrite
	// BeginTransaction starts a transaction.
	BeginTransaction(ctx context.Context, opts *sql.TxOptions) (Transaction, error)
	db.LimitSetter
	io.Closer
}

DB defines the interface a trust DB must implement.

type DBRead added in v0.5.0 

type DBRead interface {
	TRCRead
	ChainRead
}

DBRead defines the read operations.

type DBWrite added in v0.5.0 

type DBWrite interface {
	TRCWrite
	ChainWrite
}

DBWrite defines the write operations.

type DefaultInserter added in v0.5.0 

type DefaultInserter struct {
	BaseInserter
}

DefaultInserter is used to verify and insert trust material into the database.

func (DefaultInserter) InsertChain added in v0.5.0 

func (ins DefaultInserter) InsertChain(ctx context.Context, chain decoded.Chain,
	trcProvider TRCProviderFunc) error

InsertChain verifies the signed certificate chain and inserts it into the database. The issuing TRC is queried through the provider function, when necessary.

func (DefaultInserter) InsertTRC added in v0.5.0 

func (ins DefaultInserter) InsertTRC(ctx context.Context, decTRC decoded.TRC,
	trcProvider TRCProviderFunc) error

InsertTRC verifies the signed TRC and inserts it into the database. The previous TRC is queried through the provider function, when necessary.

type DefaultInspector added in v0.5.0 

type DefaultInspector struct {
	Provider CryptoProvider
}

DefaultInspector is used to inspect primary ASes.

func (DefaultInspector) ByAttributes added in v0.5.0 

func (i DefaultInspector) ByAttributes(ctx context.Context, isd addr.ISD,
	opts infra.ASInspectorOpts) ([]addr.IA, error)

ByAttributes returns a list of primary ASes in the specified ISD that hold all the requested attributes.

func (DefaultInspector) HasAttributes added in v0.5.0 

func (i DefaultInspector) HasAttributes(ctx context.Context, ia addr.IA,
	opts infra.ASInspectorOpts) (bool, error)

HasAttributes indicates whether an AS holds all the specified attributes. The first return value is always false for non-primary ASes.

type DefaultRPC added in v0.5.0 

type DefaultRPC struct {
	Msgr Messenger
}

DefaultRPC implements the RPC interface using the given messenger.

func (DefaultRPC) GetCertChain added in v0.5.0 

func (r DefaultRPC) GetCertChain(ctx context.Context, req ChainReq, a net.Addr) ([]byte, error)

func (DefaultRPC) GetTRC added in v0.5.0 

func (r DefaultRPC) GetTRC(ctx context.Context, req TRCReq, a net.Addr) ([]byte, error)

func (DefaultRPC) SendCertChain added in v0.5.0 

func (r DefaultRPC) SendCertChain(ctx context.Context, chain []byte, a net.Addr) error

func (DefaultRPC) SendTRC added in v0.5.0 

func (r DefaultRPC) SendTRC(ctx context.Context, trc []byte, a net.Addr) error

type DefaultResolver added in v0.5.0 

type DefaultResolver struct {
	DB       DBRead
	Inserter Inserter
	RPC      RPC
	IA       addr.IA
}

DefaultResolver resolves trust material.

func (DefaultResolver) Chain added in v0.5.0 

func (r DefaultResolver) Chain(parentCtx context.Context, req ChainReq,
	server net.Addr) (decoded.Chain, error)

Chain resolves the raw signed certificate chain. If the issuing TRC is missing, it is also requested.

func (DefaultResolver) TRC added in v0.5.0 

func (r DefaultResolver) TRC(parentCtx context.Context, req TRCReq,
	server net.Addr) (decoded.TRC, error)

TRC resolves the decoded signed TRC. Missing links in the TRC verification chain are also requested.

type ForwardingInserter added in v0.5.0 

type ForwardingInserter struct {
	BaseInserter
	Router LocalRouter
	RPC    RPC
}

ForwardingInserter is an inserter that always forwards the trust material to the certificate server before inserting it into the database. Forwarding must be successful, otherwise the material is not inserted into the database.

func (ForwardingInserter) InsertChain added in v0.5.0 

func (ins ForwardingInserter) InsertChain(ctx context.Context, chain decoded.Chain,
	trcProvider TRCProviderFunc) error

InsertChain verifies the signed certificate chain and inserts it into the database. The issuing TRC is queried through the provider function, when necessary. Before insertion, the certificate chain is forwarded to the certificate server. If the certificate server does not successfully handle the certificate chain, the insertion fails.

func (ForwardingInserter) InsertTRC added in v0.5.0 

func (ins ForwardingInserter) InsertTRC(ctx context.Context, decTRC decoded.TRC,
	trcProvider TRCProviderFunc) error

InsertTRC verifies the signed TRC and inserts it into the database. The previous TRC is queried through the provider function, when necessary. Before insertion, the TRC is forwarded to the certificate server. If the certificate server does not successfully handle the TRC, the insertion fails.

type Inserter added in v0.5.0 

type Inserter interface {
	// InsertTRC verifies the signed TRC and inserts it into the database.
	// The previous TRC is queried through the provider function, when necessary.
	InsertTRC(ctx context.Context, decTRC decoded.TRC, trcProvider TRCProviderFunc) error
	// InsertChain verifies the signed certificate chain and inserts it into the
	// database. The issuing TRC is queried through the provider function, when
	// necessary.
	InsertChain(ctx context.Context, decChain decoded.Chain, trcProvider TRCProviderFunc) error
}

Inserter inserts and verifies trust material into the database.

type Inspector added in v0.5.0 

type Inspector interface {
	// ByAttributes returns a list of primary ASes in the specified ISD that hold
	// all the requested attributes.
	ByAttributes(ctx context.Context, isd addr.ISD, opts infra.ASInspectorOpts) ([]addr.IA, error)
	// HasAttributes indicates whether an AS holds all the specified attributes.
	// The first return value is always false for non-primary ASes.
	HasAttributes(ctx context.Context, ia addr.IA, opts infra.ASInspectorOpts) (bool, error)
}

Inspector gives insights into the primary ASes of a given ISD.

type KeyInfo added in v0.5.0 

type KeyInfo struct {
	TRC     TRCInfo
	Version scrypto.KeyVersion
}

KeyInfo contains metadata about a primary key.

type KeyRing added in v0.5.0 

type KeyRing interface {
	// PrivateKey returns the private key for the given usage and version. If it
	// is not in the key ring, an error is returned.
	PrivateKey(usage keyconf.Usage, version scrypto.KeyVersion) (keyconf.Key, error)
}

KeyRing provides different private keys.

type LocalOnlyRecurser added in v0.5.0 

type LocalOnlyRecurser struct{}

LocalOnlyRecurser returns an error if the address is not nil.

func (LocalOnlyRecurser) AllowRecursion added in v0.5.0 

func (r LocalOnlyRecurser) AllowRecursion(peer net.Addr) error

AllowRecursion returns an error if the address is not nil.

type LocalRouter added in v0.5.0 

type LocalRouter struct {
	IA addr.IA
}

LocalRouter routes requests to the local CS.

func (LocalRouter) ChooseServer added in v0.5.0 

func (r LocalRouter) ChooseServer(_ context.Context, _ addr.ISD) (net.Addr, error)

ChooseServer always routes to the local CS.

type Messenger added in v0.5.0 

type Messenger interface {
	GetTRC(ctx context.Context, msg *cert_mgmt.TRCReq, a net.Addr,
		id uint64) (*cert_mgmt.TRC, error)
	GetCertChain(ctx context.Context, msg *cert_mgmt.ChainReq, a net.Addr,
		id uint64) (*cert_mgmt.Chain, error)
	SendTRC(ctx context.Context, msg *cert_mgmt.TRC, a net.Addr, id uint64) error
	SendCertChain(ctx context.Context, msg *cert_mgmt.Chain, a net.Addr, id uint64) error
}

Messenger is the part of the infra messenger the trust rpc layer uses.

type Provider added in v0.5.0 

type Provider struct {
	DB       DBRead
	Recurser Recurser
	Resolver Resolver
	Router   Router
}

Provider provides crypto material. A crypto provider can spawn network requests if necessary and permitted.

func (Provider) AnnounceTRC added in v0.5.0 

func (p Provider) AnnounceTRC(ctx context.Context, id TRCID, opts infra.TRCOpts) error

AnnounceTRC announces the existence of a TRC, it must be called before verifying a signature based on a certificate chain to ensure the TRC in the signature source is available to the CryptoProvider.

func (Provider) GetASKey added in v0.5.0 

func (p Provider) GetASKey(ctx context.Context, id ChainID,
	opts infra.ChainOpts) (scrypto.KeyMeta, error)

GetASKey returns from trust store the public key required to verify signature originated from an AS.

func (Provider) GetRawChain added in v0.5.0 

func (p Provider) GetRawChain(ctx context.Context, id ChainID,
	opts infra.ChainOpts) ([]byte, error)

GetRawChain asks the trust store to return a valid and active certificate chain, unless inactive chains are specifically allowed. The optionally configured server is queried over the network if the certificate chain is not available locally. Otherwise, the default server is queried. How the default server is determined differs between implementations.

func (Provider) GetRawTRC added in v0.5.0 

func (p Provider) GetRawTRC(ctx context.Context, id TRCID, opts infra.TRCOpts) ([]byte, error)

GetRawTRC behaves the same as GetTRC, except returning the raw signed TRC.

func (Provider) GetTRC added in v0.5.0 

func (p Provider) GetTRC(ctx context.Context, id TRCID, opts infra.TRCOpts) (*trc.TRC, error)

GetTRC asks the trust store to return a valid and active TRC for isd, unless inactive TRCs are specifically allowed. The optionally configured server is queried over the network if the TRC is not available locally. Otherwise, the default server is queried. How the default server is determined differs between implementations.

type RPC added in v0.5.0 

type RPC interface {
	GetTRC(context.Context, TRCReq, net.Addr) ([]byte, error)
	GetCertChain(context.Context, ChainReq, net.Addr) ([]byte, error)
	SendTRC(context.Context, []byte, net.Addr) error
	SendCertChain(context.Context, []byte, net.Addr) error
}

RPC abstracts the RPC calls over the messenger.

type ReadWrite added in v0.5.0 

type ReadWrite interface {
	DBRead
	DBWrite
}

ReadWrite defines the read and write operations.

type Recurser added in v0.5.0 

type Recurser interface {
	// AllowRecursion indicates whether the recursion is allowed for the
	// provided Peer. Recursions started by the local trust store have a nil
	// address and should generally be allowed. The nil value indicates
	// recursion is allowed. Non-nil return values indicate that recursion is
	// not allowed and specify the reason.
	AllowRecursion(peer net.Addr) error
}

Recurser decides whether a recursive request is permitted for a given peer. For infra services use either ASLocalRecurser or LocalOnlyRecurser.

type Resolver added in v0.5.0 

type Resolver interface {
	// TRC resolves the decoded signed TRC. Missing links in the TRC
	// verification chain are also requested.
	TRC(ctx context.Context, req TRCReq, server net.Addr) (decoded.TRC, error)
	// Chain resolves the raw signed certificate chain. If the issuing TRC is
	// missing, it is also requested.
	Chain(ctx context.Context, req ChainReq, server net.Addr) (decoded.Chain, error)
}

Resolver resolves verified trust material.

type Router added in v0.5.0 

type Router interface {
	// ChooseServer determines the remote server for trust material with the
	// subject in the provided ISD.
	ChooseServer(ctx context.Context, subjectISD addr.ISD) (net.Addr, error)
}

Router builds the CS address for crypto material with the subject in a given ISD.

type Signer added in v0.5.0 

type Signer struct {
	// contains filtered or unexported fields
}

Signer is used to sign control plane data authenticated by certificate chains.

func NewSigner added in v0.5.0 

func NewSigner(cfg SignerConf) (*Signer, error)

NewSigner constructs a new signer.

func (*Signer) Meta added in v0.5.0 

func (s *Signer) Meta() infra.SignerMeta

Meta returns the meta data the signer uses when signing.

func (*Signer) Sign added in v0.5.0 

func (s *Signer) Sign(msg []byte) (*proto.SignS, error)

Sign signs the message.

type SignerConf added in v0.5.0 

type SignerConf struct {
	ChainVer scrypto.Version
	TRCVer   scrypto.Version
	Validity scrypto.Validity
	Key      keyconf.Key
}

SignerConf holds the configuration of a signer.

func (SignerConf) Validate added in v0.5.0 

func (cfg SignerConf) Validate() error

Validate validates that the signer config is valid.

type SignerGen added in v0.5.0 

type SignerGen struct {
	IA       addr.IA
	KeyRing  KeyRing
	Provider CryptoProvider
}

SignerGen generates signers based on the certificate chains and keys that are available.

func (*SignerGen) Signer added in v0.5.0 

func (g *SignerGen) Signer(ctx context.Context) (*Signer, error)

Signer returns the active signer.

type Store 

type Store struct {
	Inspector
	CryptoProvider
	Inserter Inserter
	DB       DB
}

Store keeps track of the control-plane PKI crypto material.

func (Store) LoadChains added in v0.5.0 

func (s Store) LoadChains(ctx context.Context, dir string) error

LoadChains loads the certificate chains from the file system. This call ensures that the hashes match for the chains that are already in the database. Before insertion, certificate chains are verified.

func (Store) LoadCryptoMaterial added in v0.5.0 

func (s Store) LoadCryptoMaterial(ctx context.Context, dir string) error

LoadCryptoMaterial loads the crypto material from the file system and populates the trust database.

func (Store) LoadTRCs added in v0.5.0 

func (s Store) LoadTRCs(ctx context.Context, dir string) error

LoadTRCs loads the TRCs from the file system. This call ensures that the hashes match for TRCs that are already in the database. Before insertion, TRCs are verified.

func (Store) NewChainPushHandler added in v0.1.1 

func (s Store) NewChainPushHandler(ia addr.IA) infra.Handler

NewChainPushHandler returns an infra.Handler for Certificate Chain pushes coming from a peer, backed by the trust store. Certificate chains are pushed by other ASes during core registration, or the local BSes and PSes. Pushes are allowed from all local ISD sources.

func (Store) NewChainReqHandler 

func (s Store) NewChainReqHandler(ia addr.IA) infra.Handler

NewChainReqHandler returns an infra.Handler for Certificate Chain requests coming from a peer, backed by the trust store. The configured recurser defines whether the trust store is allowed to issue new TRC and certificate chain requests over the network. This method should only be used when servicing requests coming from remote nodes.

func (Store) NewTRCPushHandler added in v0.1.1 

func (s Store) NewTRCPushHandler(ia addr.IA) infra.Handler

NewTRCPushHandler returns an infra.Handler for TRC pushes coming from a peer, backed by the trust store. TRCs are pushed by local BSes and PSes. Pushes are allowed from all local AS sources.

func (Store) NewTRCReqHandler 

func (s Store) NewTRCReqHandler(ia addr.IA) infra.Handler

NewTRCReqHandler returns an infra.Handler for TRC requests coming from a peer, backed by the trust store. The configured recurser defines whether the trust store is allowed to issue new TRC requests over the network. This method should only be used when servicing requests coming from remote nodes.

type TRCID added in v0.5.0 

type TRCID struct {
	ISD     addr.ISD
	Version scrypto.Version
}

TRCID identifies a TRC.

type TRCInfo added in v0.5.0 

type TRCInfo struct {
	Validity    scrypto.Validity
	GracePeriod time.Duration
	Version     scrypto.Version
}

TRCInfo contains metadata about a TRC.

func (TRCInfo) Base added in v0.5.0 

func (i TRCInfo) Base() bool

Base indicates if the TRC is a base TRC.

type TRCProviderFunc added in v0.5.0 

type TRCProviderFunc func(context.Context, TRCID) (*trc.TRC, error)

TRCProviderFunc provides TRCs. It is used to configure the TRC retrieval method of the inserter.

type TRCRead added in v0.5.0 

type TRCRead interface {
	// TRCExists returns whether the TRC is found in the database and the
	// content matches. ErrContentMismatch is returned if the TRC is in the
	// database with differing contents.
	TRCExists(ctx context.Context, d decoded.TRC) (bool, error)
	// GetTRC returns the TRC. If it is not found, ErrNotFound is returned.
	GetTRC(ctx context.Context, id TRCID) (*trc.TRC, error)
	// GetRawTRC returns the raw signed TRC bytes. If it is not found,
	// ErrNotFound is returned.
	GetRawTRC(ctx context.Context, id TRCID) ([]byte, error)
	// GetTRCInfo returns the infos for the requested TRC. If it is not found,
	// ErrNotFound is returned.
	GetTRCInfo(ctx context.Context, id TRCID) (TRCInfo, error)
	// GetIssuingGrantKeyInfo returns the infos of the requested AS. If it is
	// not found, ErrNotFound is returned.
	GetIssuingGrantKeyInfo(ctx context.Context, ia addr.IA,
		version scrypto.Version) (KeyInfo, error)
}

TRCRead defines the TRC read operations.

type TRCReq added in v0.5.0 

type TRCReq struct {
	ISD     addr.ISD
	Version scrypto.Version
}

TRCReq holds the values of a TRC request.

type TRCWrite added in v0.5.0 

type TRCWrite interface {
	// InsertTRC inserts the TRCs. The call returns true if the TRC was
	// inserter, or false if it already existed and the content matches.
	// ErrContentMismatch is returned if the TRC is in the database with
	// differing contents.
	InsertTRC(ctx context.Context, d decoded.TRC) (bool, error)
}

TRCWrite defines the TRC write operations.

type Transaction added in v0.5.0 

type Transaction interface {
	ReadWrite
	// Commit commits the transaction.
	Commit() error
	// Rollback rollbacks the transaction.
	Rollback() error
}

Transaction represents a trust DB transaction. To end the transaction either Rollback or Commit should be called. Calling Commit or Rollback multiple times will result in an error.

Source Files

View all Source files

Directories

Path Synopsis
internal
decoded
metrics
Package mock_trust is a generated GoMock package.
 Package mock_trust is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.