Documentation
¶
Index ¶
- Constants
- func AppendOp(out []byte, op Op) []byte
- func DeriveSign(seed [32]byte) (sign.PublicKey, sign.PrivateKey)
- func MarshalIDMap(out []byte, leaves map[inet256.ID][]byte) []byte
- func MarshalKEMPrivateKey(out []byte, tag string, privKey kem.PrivateKey) []byte
- func MarshalKEMPublicKey(out []byte, tag string, kem kem.PublicKey) []byte
- func PKI() inet256.PKI
- func ParseKEMPrivateKey(data []byte) (kem.PrivateKey, error)
- func ParseKEMPublicKey(data []byte) (kem.PublicKey, error)
- func PostRule(ctx context.Context, s stores.RW, r *Rule) (blobcache.CID, error)
- func UnmarshalIDMap(data []byte, dst map[inet256.ID][]byte) error
- type AddMember
- type AddRule
- type AddVolume
- type ChangeSet
- func (op ChangeSet) Code() Code
- func (op ChangeSet) Marshal(out []byte) []byte
- func (op ChangeSet) OpData(out []byte) []byte
- func (op *ChangeSet) Sign(pk inet256.PrivateKey)
- func (cs *ChangeSet) Unmarshal(data []byte) error
- func (cs ChangeSet) Validate(ctx context.Context, prev State, diff Diff, approvers IDSet) error
- type Code
- type CreateGroup
- type CreateIDUnit
- type DeleteBranchEntry
- type Diff
- type DropRule
- type DropVolume
- type Group
- type GroupID
- type IDSet
- type IdentityUnit
- type Member
- type ObjectType
- type Op
- type OpHeader
- type PutBranchEntry
- type RemoveMember
- type Rule
- type RuleID
- type Secret
- type State
- type Verb
- type VolumeAlias
- type VolumeEntry
Constants ¶
View Source
const ( SIGN_ED25519 = inet256.SignAlgo_Ed25519 SIGN_MLDSA87 = "mldsa87" )
View Source
const (
KEM_MLKEM1024 = "mlkem1024"
)
Variables ¶
This section is empty.
Functions ¶
func AppendOp ¶
AppendOp appends the op to the output. It calls marshal on the op, and prefixes it with the op header.
func DeriveSign ¶
func DeriveSign(seed [32]byte) (sign.PublicKey, sign.PrivateKey)
func MarshalKEMPrivateKey ¶
func MarshalKEMPrivateKey(out []byte, tag string, privKey kem.PrivateKey) []byte
func MarshalKEMPublicKey ¶
MarshalKEMPublicKey marshals a KEM public key with a scheme tag.
func ParseKEMPrivateKey ¶
func ParseKEMPrivateKey(data []byte) (kem.PrivateKey, error)
func ParseKEMPublicKey ¶
ParseKEMPublicKey unmarshals a KEM public key with a scheme tag.
Types ¶
type ChangeSet ¶
ChangeSet is a set of operations signed together.
func (ChangeSet) OpData ¶
OpData is the portion of the change set that contains the operations. This is what is signed. The other portion is the sig map.
func (*ChangeSet) Sign ¶
func (op *ChangeSet) Sign(pk inet256.PrivateKey)
Sign signs the change set with the private key and adds the signature to the sigs map.
type CreateGroup ¶
type CreateGroup struct {
Group Group
}
CreateGroup creates a group. It has to be
func (CreateGroup) Code ¶
func (op CreateGroup) Code() Code
func (CreateGroup) Marshal ¶
func (op CreateGroup) Marshal(out []byte) []byte
func (*CreateGroup) Unmarshal ¶
func (op *CreateGroup) Unmarshal(data []byte) error
type CreateIDUnit ¶
type CreateIDUnit struct {
Unit IdentityUnit
}
CreateIDUnit creates a new leaf, or fails if the leaf already exists.
func (CreateIDUnit) Code ¶
func (op CreateIDUnit) Code() Code
func (CreateIDUnit) Marshal ¶
func (op CreateIDUnit) Marshal(out []byte) []byte
func (*CreateIDUnit) Unmarshal ¶
func (op *CreateIDUnit) Unmarshal(data []byte) error
type DeleteBranchEntry ¶
type DeleteBranchEntry struct {
Name string
}
DeleteEntry deletes a Branch entry.
func (DeleteBranchEntry) Code ¶
func (op DeleteBranchEntry) Code() Code
func (DeleteBranchEntry) Marshal ¶
func (op DeleteBranchEntry) Marshal(out []byte) []byte
func (*DeleteBranchEntry) Unmarshal ¶
func (op *DeleteBranchEntry) Unmarshal(data []byte) error
type Diff ¶
type Diff interface {
ForEachRule(ctx context.Context, fn func(rule Rule) error) error
ForEachVolumeEntry(ctx context.Context, fn func(entry VolumeEntry) error) error
ForEachBranchEntry(ctx context.Context, fn func(entry VolumeAlias) error) error
}
Diff is things that have changed between two system states.
type DropVolume ¶
func (DropVolume) Code ¶
func (op DropVolume) Code() Code
func (DropVolume) Marshal ¶
func (op DropVolume) Marshal(out []byte) []byte
func (*DropVolume) Unmarshal ¶
func (op *DropVolume) Unmarshal(data []byte) error
type Group ¶
type Group struct {
// ID uniquely identifies the group.
// It is stored in the key,
ID GroupID
// Nonce is random additional data used to compute the GroupID
Nonce [16]byte
// KEM is used to send messages to the group.
// The private key is stored encrypted in each Membership entry.
KEM kem.PublicKey
// Owners are the identities that can add and remove members from the group.
// Owners must also be members of the group.
Owners IDSet
}
func ParseGroup ¶
type GroupID ¶
Name uniquely identifies the group, it is the primary key of the Groups table.
func ComputeGroupID ¶
ComputeGroupID computes the ID of a group from a nonce and initial owners. This value must be unique across all groups in the namespace. The GroupID does not change over the lifetime of the group, even though the owners might.
func ParseGroupID ¶
type IdentityUnit ¶
type IdentityUnit struct {
// ID is part of the key.
ID inet256.ID
// PublicKey is the public signing key.
SigPublicKey inet256.PublicKey
// KEMPublicKey is the public KEM key.
// This will have been authenticated by the leaf's.
KEMPublicKey kem.PublicKey
}
IdentityUnit contains information about a specific signing key. It is an entry in the Units table.
func NewIDUnit ¶
func NewIDUnit(pubKey inet256.PublicKey, kemPub kem.PublicKey) IdentityUnit
NewIDUnit creates a new IdentityUnit with a new KEM key pair.
func ParseIDUnit ¶
func ParseIDUnit(key, value []byte) (*IdentityUnit, error)
func (*IdentityUnit) GenerateKEM ¶
func (il *IdentityUnit) GenerateKEM(sigPriv inet256.PrivateKey) kem.PrivateKey
func (IdentityUnit) Key ¶
func (il IdentityUnit) Key(out []byte) []byte
Key returns the key portion of the GotKV entry in the Leaves table.
func (*IdentityUnit) Value ¶
func (il *IdentityUnit) Value(out []byte) []byte
Value returns the value portion of the GotKV entry in the Leaves table.
type Member ¶
type Member struct {
// Unit is a single identity unit.
Unit *inet256.ID
// Group is a reference to another group by that group's ID.
Group *GroupID
}
Member is a member of a group.
func MemberGroup ¶
func MemberUnit ¶
type ObjectType ¶
type ObjectType string
const ( ObjectType_GROUP ObjectType = "group" ObjectType_BRANCH ObjectType = "branch" ObjectType_RULE ObjectType = "rule" )
type Op ¶
type Op interface {
// Marshal marshales the op body. The header is not included.
Marshal(out []byte) []byte
// Unmarshal unmarshals the op body, which does not include the header.
Unmarshal(data []byte) error
// Code returns the op code.
Code() Code
Validate(ctx context.Context, prev State, diff Diff, approvers IDSet) error
// contains filtered or unexported methods
}
Op is a single operation on the ledger. Ops are batched into Deltas, which represent an atomic state transition of the ledger.
type PutBranchEntry ¶
PutBranchEntry creates or overwrites a Branch entry.
func (PutBranchEntry) Code ¶
func (op PutBranchEntry) Code() Code
func (PutBranchEntry) Marshal ¶
func (op PutBranchEntry) Marshal(out []byte) []byte
func (*PutBranchEntry) Unmarshal ¶
func (op *PutBranchEntry) Unmarshal(data []byte) error
type RemoveMember ¶
func (RemoveMember) Code ¶
func (op RemoveMember) Code() Code
func (RemoveMember) Marshal ¶
func (op RemoveMember) Marshal(out []byte) []byte
func (*RemoveMember) Unmarshal ¶
func (op *RemoveMember) Unmarshal(data []byte) error
type Rule ¶
type Rule struct {
// Subject is the name of the group that this rule applies to.
Subject GroupID
// Action is the action granted by this rule.
Verb Verb
// ObjectType is the type of the object that this rule applies to.
ObjectType ObjectType
// Names is a regular expression that matches the names of the objects that this rule applies to.
Names *regexp.Regexp
}
type Verb ¶
type Verb string
const ( // Verb_LOOK allows a subject to read an object. Verb_LOOK Verb = "LOOK" // Verb_TOUCH allows a subject to write to an object. Verb_TOUCH Verb = "TOUCH" // Verb_CREATE allows a subject to create an object with a certain set of names. Verb_CREATE Verb = "CREATE" // Verb_DROP allows a subject to delete an object with a certain set of names. Verb_DROP Verb = "DROP" // Verb_ADMIN allows a subject to create rules that reference a set of objects. Verb_ADMIN Verb = "ADMIN" )
type VolumeAlias ¶
VolumeAlias associates a name with a volume.
func ParseVolumeAlias ¶
func ParseVolumeAlias(key, value []byte) (VolumeAlias, error)
func (VolumeAlias) Key ¶
func (e VolumeAlias) Key(buf []byte) []byte
func (VolumeAlias) Value ¶
func (e VolumeAlias) Value(buf []byte) []byte
type VolumeEntry ¶
type VolumeEntry struct {
Target blobcache.OID
Rights blobcache.ActionSet
// TODO: encrypt different LinkTokens for readers and writers.
TokenSecret blobcache.LTSecret
// The hash of the secret shared amongst readers of the volume.
// The double hash of the secret shared amongst writers of the volume.
// There should never be more than two of these, or less than one.
HashOfSecrets [][32]byte
// Aux is extra data associated with the volume.
// This will be filled with marks.Info JSON.
Aux []byte
}
func ParseVolumeEntry ¶
func ParseVolumeEntry(key, value []byte) (*VolumeEntry, error)
func (VolumeEntry) Key ¶
func (e VolumeEntry) Key(buf []byte) []byte
func (VolumeEntry) LinkToken ¶
func (e VolumeEntry) LinkToken() blobcache.LinkToken
func (VolumeEntry) Value ¶
func (e VolumeEntry) Value(buf []byte) []byte
Source Files
Click to show internal directories.
Click to hide internal directories.