package minimal

import "github.com/google/certificate-transparency-go/gossip/minimal"

Package minimal provides a minimal gossip implementation for CT which uses X.509 certificate extensions to hold gossiped STH values for logs. This allows STH values to be exchanged between participating logs without any changes to the log software (although participating logs will need to add additional trusted roots for the gossip sources).

Index

Types

type FetchOptions 

type FetchOptions struct {
	// Number of entries to request in one batch from the Log.
	BatchSize int
	// Number of concurrent fetcher workers to run.
	ParallelFetch int
	// Manage hub retrieval state persistence.
	State         ScanStateManager
	FlushInterval time.Duration
	// Mechanism for reporting compliance incidents.  If unset, a
	// LoggingReporter will be used.
	Reporter incident.Reporter
}

FetchOptions governs the overall hub retrieval behaviour.

type FileStateManager 

type FileStateManager struct {
	ScanState
	// contains filtered or unexported fields
}

FileStateManager is an implementation of the ScanStateManager interface that stores the scan state in a writable flat file.

func NewFileStateManager 

func NewFileStateManager(filename string) (*FileStateManager, error)

NewFileStateManager creates a FileStateManager from the contents of the given filename, which can be be empty but should be over-writable.

func (*FileStateManager) Flush 

func (f *FileStateManager) Flush(ctx context.Context) error

Flush stores the current contents to disk.

type Goshawk 

type Goshawk struct {
	// contains filtered or unexported fields
}

Goshawk is an agent that retrieves STHs from a Gossip Hub, either in the form of synthetic certificates or more directly as signed blobs. Each STH is then checked for consistency against the source log.

func NewBoundaryGoshawk 

func NewBoundaryGoshawk(_ context.Context, cfg *configpb.GoshawkConfig, hcLog, hcHub *http.Client, fetchOpts FetchOptions) (*Goshawk, error)

NewBoundaryGoshawk creates a Goshawk from the given configuration protobuf and a pair of http.Client instances for source logs and destination hubs, to allow (for example) gossip checking across (some kinds of) network boundaries.

func NewBoundaryGoshawkFromFile 

func NewBoundaryGoshawkFromFile(ctx context.Context, filename string, hcLog, hcHub *http.Client, fetchOpts FetchOptions) (*Goshawk, error)

NewBoundaryGoshawkFromFile creates a Goshawk that uses different http.Client instances for source logs and destination hubs, for example to allow gossip checking across (some kinds of) network boundaries.

func NewGoshawk 

func NewGoshawk(ctx context.Context, cfg *configpb.GoshawkConfig, hc *http.Client, fetchOpts FetchOptions) (*Goshawk, error)

NewGoshawk creates a Goshawk from the given configuration protobuf and optional http client.

func NewGoshawkFromFile 

func NewGoshawkFromFile(ctx context.Context, filename string, hc *http.Client, fetchOpts FetchOptions) (*Goshawk, error)

NewGoshawkFromFile creates a Goshawk from the given filename, which should contain text-protobuf encoded configuration data, together with an optional http Client.

func (*Goshawk) Fly 

func (hawk *Goshawk) Fly(ctx context.Context)

Fly starts a collection of goroutines to perform log scanning and STH consistency checking. It should be terminated by cancelling the passed-in context.

type Gossiper 

type Gossiper struct {
	// contains filtered or unexported fields
}

Gossiper is an agent that retrieves STH values from a set of source logs and distributes it to a destination log in the form of an X.509 certificate with the STH value embedded in it.

func NewBoundaryGossiper 

func NewBoundaryGossiper(ctx context.Context, cfg *configpb.GossipConfig, hcLog, hcHub *http.Client, mf monitoring.MetricFactory) (*Gossiper, error)

NewBoundaryGossiper creates a gossiper from the given configuration protobuf and a pair of http.Client instances for source logs and destination hubs, to allow (for example) gossiping across (some kinds of) network boundaries.

func NewBoundaryGossiperFromFile 

func NewBoundaryGossiperFromFile(ctx context.Context, filename string, hcLog, hcHub *http.Client, mf monitoring.MetricFactory) (*Gossiper, error)

NewBoundaryGossiperFromFile creates a gossiper that uses different http.Client instances for source logs and destination hubs, for example to allow gossiping across (some kinds of) network boundaries.

func NewGossiper 

func NewGossiper(ctx context.Context, cfg *configpb.GossipConfig, hc *http.Client, mf monitoring.MetricFactory) (*Gossiper, error)

NewGossiper creates a gossiper from the given configuration protobuf and optional http client.

func NewGossiperFromFile 

func NewGossiperFromFile(ctx context.Context, filename string, hc *http.Client, mf monitoring.MetricFactory) (*Gossiper, error)

NewGossiperFromFile creates a gossiper from the given filename, which should contain text-protobuf encoded configuration data, together with an optional http Client.

func (*Gossiper) CertForSTH 

func (g *Gossiper) CertForSTH(name, url string, sth *ct.SignedTreeHead) (*ct.ASN1Cert, error)

CertForSTH creates an X.509 certificate with the given STH embedded in it.

func (*Gossiper) CheckCanSubmit 

func (g *Gossiper) CheckCanSubmit(ctx context.Context) error

CheckCanSubmit checks whether the gossiper can submit STHs to all destination hubs.

func (*Gossiper) Run 

func (g *Gossiper) Run(ctx context.Context)

Run starts a gossiper set of goroutines. It should be terminated by cancelling the passed-in context.

func (*Gossiper) Submitter 

func (g *Gossiper) Submitter(ctx context.Context, s <-chan sthInfo)

Submitter periodically services the provided channel and submits the certificates received on it to the destination logs.

type ScanState 

type ScanState struct {
	Mu   sync.Mutex
	Next map[string]int64
}

ScanState holds a (mutex-protected) map of hub URL to next index to scan from.

func (*ScanState) GetHubIndex 

func (s *ScanState) GetHubIndex(hubURL string) int64

GetHubIndex returns the index at which scanning should commence for the given hub URL.

func (*ScanState) UpdateHubIndex 

func (s *ScanState) UpdateHubIndex(hubURL string, nextIndex int64)

UpdateHubIndex indicates that future scanning of the given hub should start from at least nextIndex.

type ScanStateManager 

type ScanStateManager interface {
	// GetHubIndex returns the index at which scanning should commence for the given hub URL.
	GetHubIndex(hubURL string) int64
	// UpdateHubIndex indicates that future scanning of the given hub should start from at least nextIndex.
	UpdateHubIndex(hubURL string, nextIndex int64)
	// Flush ensures state is stored.
	Flush(ctx context.Context) error
}

ScanStateManager controls hub scanning state, with the intention of allowing scanning to resume where it was left off across restarts etc.

Source Files

goshawk.go gossip.go instance.go serialization.go

Directories

PathSynopsis
gossip/minimal/configpbPackage configpb holds a config protobuf for minimal gossip binaries.
gossip/minimal/goshawkThe goshawk binary scans a destination log for gossiped STH values and checks consistency against the source logs.
gossip/minimal/gosminThe gosmin binary runs a minimal gossip implementation.
gossip/minimal/mysqlPackage mysql provides a MySQL based implementation of persistent state management for the goshawk tool.
gossip/minimal/x509extPackage x509ext holds extensions types and values for minimal gossip.
Version
v1.1.0
Published
Nov 14, 2019
Platform
windows/amd64
Imports
42 packages
Last checked
41 minutes ago

Tools for package owners.