[−][src]Crate roughenough
An implementation of the Roughtime secure time synchronization protocol.
Roughtime aims to achieve rough time synchronisation in a secure way that doesn't depend on any particular time server, and in such a way that, if a time server does misbehave, clients end up with cryptographic proof of it.
Protocol
Roughtime messages are represented by RtMessage
which
implements the mapping of Roughtime u32
tags
to byte-strings.
Keys and Signing
Roughtime uses an Ed25519 key pair as the server's long-term identity and a second key pair (signed by the long-term key) as a delegated on-line (ephemeral) key.
LongTermKey
and OnlineKey
implement these elements of the protocol. The sign
module provides
signing and verification operations.
Client
A Roughtime client can be found in src/bin/client.rs
. To run the client:
$ cargo run --release --bin client roughtime.int08h.com 2002
Consult the client's --help
output for all runtime options.
Server
The core Roughtime server implementation is in src/server.rs
and the server's CLI can
be found in src/bin/roughenough-server.rs
.
The server has multiple ways it can be configured,
see ServerConfig
for the configuration trait and
Modules
config | Ways to configure the Roughenough server. |
grease | Adds deliberate errors to client responses as part of the Roughtime Ecosystem. |
key | Representations and management of Roughtime's online and long-term Ed25519 keys |
kms | Protect the server's long-term key with envelope encryption and a key management system. |
merkle | Merkle Tree implementation using SHA-512 and the Roughtime leaf and node tweak values. |
server | Implements the Roughenough server functionality. |
sign | A multi-step (init-update-finish) interface for Ed25519 signing and verification |
stats | Facilities for tracking client requests to the server |
Structs
RtMessage | A Roughtime protocol message; a map of u32 tags to arbitrary byte-strings. |
Enums
Error | Error types generated by this implementation |
Tag | An unsigned 32-bit value (key) that maps to a byte-string (value). |
Constants
CERTIFICATE_CONTEXT | Prefixed to the server's certificate before generating or verifying certificate's signature |
HASH_LENGTH | Size (in bytes) of a SHA-512 hash |
MIN_REQUEST_LENGTH | Minimum size (in bytes) of a client request |
NONCE_LENGTH | Size (in bytes) of the client's nonce |
PUBKEY_LENGTH | Size (in bytes) of an Ed25519 public key |
RADIUS_LENGTH | Size (in bytes) of server's time uncertainty value |
SEED_LENGTH | Size (in bytes) of seeds used to derive private keys |
SIGNATURE_LENGTH | Size (in bytes) of an Ed25519 signature |
SIGNED_RESPONSE_CONTEXT | Prefixed to the server's response before generating or verifying the server's signature |
TIMESTAMP_LENGTH | Size (in bytes) of server's timestamp value |
TREE_LEAF_TWEAK | Value prepended to leaves prior to hashing |
TREE_NODE_TWEAK | Value prepended to nodes prior to hashing |
VERSION | Version of Roughenough |
Functions
roughenough_version | Roughenough version string enriched with any compile-time optional features |