An implementation of the Roughtime secure time synchronization protocol.
Roughtime aims to achieve rough time synchronisation in a secure way that doesn't depend on any particular time server, and in such a way that, if a time server does misbehave, clients end up with cryptographic proof of it.
Roughtime uses an Ed25519 key pair as the server's long-term identity and a second key pair (signed by the long-term key) as a delegated on-line (ephemeral) key.
A Roughtime client can be found in
src/bin/client.rs. To run the client:
$ cargo run --release --bin client roughtime.int08h.com 2002
Consult the client's
--help output for all runtime options.
The core Roughtime server implementation is in
src/server.rs and the server's CLI can
be found in
The server has multiple ways it can be configured,
ServerConfig for the configuration trait and
Ways to configure the Roughenough server.
Adds deliberate errors to client responses as part of the Roughtime Ecosystem.
Representations and management of Roughtime's online and long-term Ed25519 keys
Protect the server's long-term key with envelope encryption and a key management system.
Merkle Tree implementation using SHA-512 and the Roughtime leaf and node tweak values.
Implements the Roughenough server functionality.
A multi-step (init-update-finish) interface for Ed25519 signing and verification
Facilities for tracking client requests to the server
A Roughtime protocol message; a map of u32 tags to arbitrary byte-strings.
Error types generated by this implementation
An unsigned 32-bit value (key) that maps to a byte-string (value).
Prefixed to the server's certificate before generating or verifying certificate's signature
Size (in bytes) of a SHA-512 hash
Minimum size (in bytes) of a client request
Size (in bytes) of the client's nonce
Size (in bytes) of an Ed25519 public key
Size (in bytes) of server's time uncertainty value
Size (in bytes) of seeds used to derive private keys
Size (in bytes) of an Ed25519 signature
Prefixed to the server's response before generating or verifying the server's signature
Size (in bytes) of server's timestamp value
Value prepended to leaves prior to hashing
Value prepended to nodes prior to hashing
Version of Roughenough
Roughenough version string enriched with any compile-time optional features