drkey

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Generic = Protocol(pb.Protocol_PROTOCOL_GENERIC_UNSPECIFIED)
	SCMP    = Protocol(pb.Protocol_PROTOCOL_SCMP)

	GRACE_PERIOD = 5 * time.Second
)

DRKey protocol types.

Variables

View Source 
var ErrKeyNotFound = serrors.New("key not found")
View Source 
var (
	ZeroBlock [aes.BlockSize]byte
)

Functions

func SerializeHostHostInput 

func SerializeHostHostInput(input []byte, host addr.Host) (int, error)

SerializeHostHostInput serializes the input for deriving a HostHost key, as explained in https://docs.scion.org/en/latest/cryptography/drkey.html#level-derivation. This derivation is common for Generic and Specific derivations.

Types

type ASHostKey 

type ASHostKey struct {
	ProtoId Protocol
	Epoch   Epoch
	SrcIA   addr.IA
	DstIA   addr.IA
	DstHost string
	Key     Key
}

ASHostKey represents a ASHost key.

type ASHostMeta 

type ASHostMeta struct {
	ProtoId  Protocol
	Validity time.Time
	SrcIA    addr.IA
	DstIA    addr.IA
	DstHost  string
}

ASHostMeta represents the associated information for the ASHost key.

type Epoch 

type Epoch = cppki.Validity

Epoch represents a validity period.

func NewEpoch 

func NewEpoch(begin, end uint32) Epoch

NewEpoch constructs an Epoch from its uint32 encoded begin and end parts.

type HostASKey 

type HostASKey struct {
	ProtoId Protocol
	Epoch   Epoch
	SrcIA   addr.IA
	DstIA   addr.IA
	SrcHost string
	Key     Key
}

HostASKey represents a Host-AS key.

type HostASMeta 

type HostASMeta struct {
	ProtoId  Protocol
	Validity time.Time
	SrcIA    addr.IA
	DstIA    addr.IA
	SrcHost  string
}

HostASMeta represents the associated information for the HostAS key.

type HostHostKey 

type HostHostKey struct {
	ProtoId Protocol
	Epoch   Epoch
	SrcIA   addr.IA
	DstIA   addr.IA
	SrcHost string
	DstHost string
	Key     Key
}

HostHostKey represents a Host-Host DRKey.

type HostHostMeta 

type HostHostMeta struct {
	ProtoId  Protocol
	Validity time.Time
	SrcIA    addr.IA
	DstIA    addr.IA
	SrcHost  string
	DstHost  string
}

HostHostMeta represents the associated information for the HostHostMeta key.

type Key 

type Key [16]byte

Key represents a raw binary key

func DeriveKey 

func DeriveKey(input []byte, upperLevelKey Key) (Key, error)

DeriveKey derives the following key given an input and a higher-level key, as stated in https://docs.scion.org/en/latest/cryptography/drkey.html#prf-derivation-specification The input buffer is overwritten.

func (Key) String 

func (k Key) String() string

type KeyType 

type KeyType uint8

keyType represents the different types of keys (host->AS, AS->host, host->host). 

const (
	AsAs KeyType = iota
	AsHost
	HostAS
	HostHost
)

Key types.

type Level1DB 

type Level1DB interface {
	GetLevel1Key(ctx context.Context, meta Level1Meta) (Level1Key, error)
	InsertLevel1Key(ctx context.Context, key Level1Key) error
	DeleteExpiredLevel1Keys(ctx context.Context, cutoff time.Time) (int, error)

	io.Closer
}

Level1DB is the drkey database interface for level 1.

type Level1Key 

type Level1Key struct {
	Epoch        Epoch
	ProtoId      Protocol
	SrcIA, DstIA addr.IA
	Key          Key
}

Level1Key represents a level 1 DRKey.

type Level1Meta 

type Level1Meta struct {
	Validity     time.Time
	ProtoId      Protocol
	SrcIA, DstIA addr.IA
}

/ Level1Meta contains metadata to obtain a Level1 key.

type Level2DB 

type Level2DB interface {
	GetASHostKey(ctx context.Context, meta ASHostMeta) (ASHostKey, error)
	GetHostASKey(ctx context.Context, meta HostASMeta) (HostASKey, error)
	GetHostHostKey(ctx context.Context, meta HostHostMeta) (HostHostKey, error)
	InsertASHostKey(ctx context.Context, key ASHostKey) error
	InsertHostASKey(ctx context.Context, key HostASKey) error
	InsertHostHostKey(ctx context.Context, key HostHostKey) error
	DeleteExpiredASHostKeys(ctx context.Context, cutoff time.Time) (int, error)
	DeleteExpiredHostASKeys(ctx context.Context, cutoff time.Time) (int, error)
	DeleteExpiredHostHostKeys(ctx context.Context, cutoff time.Time) (int, error)

	io.Closer
}

Level2DB is the drkey database interface for end-host keys.

type Protocol 

type Protocol uint16

Protocol is the 2-byte size protocol identifier

func ProtocolStringToId 

func ProtocolStringToId(protocol string) (Protocol, bool)

func (Protocol) IsPredefined 

func (p Protocol) IsPredefined() bool

IsPredefined checks whether this is a well-known, built-in protocol identifier, i.e. Generic, SCMP or DNS. Returns false for all other protocol identifiers ("niche protocols").

func (Protocol) String 

func (p Protocol) String() string

type SecretValue 

type SecretValue struct {
	Epoch   Epoch
	ProtoId Protocol
	Key     Key
}

SecretValue represents a DRKey secret value.

func DeriveSV 

func DeriveSV(protoID Protocol, epoch Epoch, asSecret []byte) (SecretValue, error)

DeriveSV constructs a valid SV. asSecret is typically the AS master secret.

type SecretValueDB 

type SecretValueDB interface {
	GetValue(ctx context.Context, meta SecretValueMeta, asSecret []byte) (SecretValue, error)
	InsertValue(ctx context.Context, proto Protocol, epoch Epoch) error
	DeleteExpiredValues(ctx context.Context, cutoff time.Time) (int, error)

	io.Closer
}

SecretValueDB is the database for Secret Values.

type SecretValueMeta 

type SecretValueMeta struct {
	Validity time.Time
	ProtoId  Protocol
}

SecretValueMeta represents the information about a DRKey secret value.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.