...

Package nonce

import "github.com/letsencrypt/boulder/nonce"
Overview
Index
Subdirectories

Overview ▾

Package nonce implements a service for generating and redeeming nonces. To generate a nonce, it encrypts a monotonically increasing counter (latest) using an authenticated cipher. To redeem a nonce, it checks that the nonce decrypts to a valid integer between the earliest and latest counter values, and that it's not on the cross-off list. To avoid a constantly growing cross-off list, the nonce service periodically retires the oldest counter values by finding the lowest counter value in the cross-off list, deleting it, and setting "earliest" to its value. To make this efficient, the cross-off list is represented two ways: Once as a map, for quick lookup of a given value, and once as a heap, to quickly find the lowest value. The MaxUsed value determines how long a generated nonce can be used before it is forgotten. To calculate that period, divide the MaxUsed value by average redemption rate (valid POSTs per second).

Constants

const (
    // PrefixLen is the character length of a nonce prefix.
    PrefixLen = 8

    // DeprecatedPrefixLen is the character length of a nonce prefix.
    //
    // DEPRECATED: Use PrefixLen instead.
    // TODO(#6610): Remove once we've moved to derivable prefixes by default.
    DeprecatedPrefixLen = 4

    // NonceLen is the character length of a nonce, excluding the prefix.
    NonceLen = 32
)

func DerivePrefix 

func DerivePrefix(grpcAddr, key string) string

DerivePrefix derives a nonce prefix from the provided listening address and key. The prefix is derived by take the first 8 characters of the base64url encoded HMAC-SHA256 hash of the listening address using the provided key.

func RemoteRedeem 

func RemoteRedeem(ctx context.Context, noncePrefixMap map[string]Redeemer, nonce string) (bool, error)

RemoteRedeem checks the nonce prefix and routes the Redeem RPC to the associated remote nonce service.

TODO(#6610): Remove this function once we've moved to derivable prefixes by default.

type Getter

Getter is an interface for an RPC client that can get a nonce. 

type Getter interface {
    Nonce(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*noncepb.NonceMessage, error)
}

func NewGetter 

func NewGetter(cc grpc.ClientConnInterface) Getter

NewGetter returns a new noncepb.NonceServiceClient which can only be used to get nonces.

type HMACKeyCtxKey

HMACKeyCtxKey is exported for use as a key in a context.Context. 

type HMACKeyCtxKey struct{}

type NonceService

NonceService generates, cancels, and tracks Nonces. 

type NonceService struct {
    // contains filtered or unexported fields
}

func NewNonceService 

func NewNonceService(stats prometheus.Registerer, maxUsed int, prefix string) (*NonceService, error)

NewNonceService constructs a NonceService with defaults

func (*NonceService) Nonce 

func (ns *NonceService) Nonce() (string, error)

Nonce provides a new Nonce.

func (*NonceService) Valid 

func (ns *NonceService) Valid(nonce string) bool

Valid determines whether the provided Nonce string is valid, returning true if so.

type PrefixCtxKey

PrefixCtxKey is exported for use as a key in a context.Context. 

type PrefixCtxKey struct{}

type Redeemer

Redeemer is an interface for an RPC client that can redeem a nonce. 

type Redeemer interface {
    Redeem(ctx context.Context, in *noncepb.NonceMessage, opts ...grpc.CallOption) (*noncepb.ValidMessage, error)
}

func NewRedeemer 

func NewRedeemer(cc grpc.ClientConnInterface) Redeemer

NewRedeemer returns a new noncepb.NonceServiceClient which can only be used to redeem nonces.

type Server

Server implements the gRPC nonce service. 

type Server struct {
    noncepb.UnimplementedNonceServiceServer
    // contains filtered or unexported fields
}

func NewServer 

func NewServer(inner *NonceService) *Server

NewServer returns a new Server, wrapping a NonceService.

func (*Server) Nonce 

func (ns *Server) Nonce(_ context.Context, _ *emptypb.Empty) (*noncepb.NonceMessage, error)

Nonce generates a nonce and sends it to a gRPC client.

func (*Server) Redeem 

func (ns *Server) Redeem(ctx context.Context, msg *noncepb.NonceMessage) (*noncepb.ValidMessage, error)

Redeem accepts a nonce from a gRPC client and redeems it using the inner nonce service.

Subdirectories

Name Synopsis
..
proto