Crate roughenough
source · [−]Expand description
An implementation of the Roughtime secure time synchronization protocol.
Roughtime aims to achieve rough time synchronisation in a secure way that doesn’t depend on any particular time server, and in such a way that, if a time server does misbehave, clients end up with cryptographic proof of it.
Protocol
Roughtime messages are represented by RtMessage
which
implements the mapping of Roughtime u32
tags
to byte-strings.
Keys and Signing
Roughtime uses an Ed25519 key pair as the server’s long-term identity and a second key pair (signed by the long-term key) as a delegated on-line (ephemeral) key.
LongTermKey
and OnlineKey
implement these elements of the protocol. The sign
module provides
signing and verification operations.
Client
A Roughtime client can be found in src/bin/client.rs
. To run the client:
$ cargo run --release --bin client roughtime.int08h.com 2002
Consult the client’s --help
output for all runtime options.
Server
The core Roughtime server implementation is in src/server.rs
and the server’s CLI can
be found in src/bin/roughenough-server.rs
.
The server has multiple ways it can be configured,
see ServerConfig
for the configuration trait and
Modules
Ways to configure the Roughenough server.
Adds deliberate errors to client responses as part of the Roughtime Ecosystem.
Representations and management of Roughtime’s online and long-term Ed25519 keys
Protect the server’s long-term key with envelope encryption and a key management system.
Merkle Tree implementation that uses the Roughtime leaf and node tweak values.
Extract nonces from requests
Organizes requests and corresponding replies
Implements the Roughenough server functionality.
A multi-step (init-update-finish) interface for Ed25519 signing and verification
Facilities for tracking client requests to the server
Structs
A Roughtime protocol message; a map of u32 tags to arbitrary byte-strings.
Enums
Error types generated by this implementation
An unsigned 32-bit value (key) that maps to a byte-string (value).
Constants
Prefixed to the server’s certificate before generating or verifying certificate’s signature
Minimum size (in bytes) of a client request
Size (in bytes) of an Ed25519 public key
Size (in bytes) of server’s time uncertainty value
RFC first field magic value
Size (in bytes) of seeds used to derive private keys
Size (in bytes) of an Ed25519 signature
Prefixed to the server’s response before generating or verifying the server’s signature
Size (in bytes) of server’s timestamp value
Value prepended to leaves prior to hashing
Value prepended to nodes prior to hashing
Version of Roughenough
Functions
Roughenough version string enriched with any compile-time optional features