v.io/syncbase/x/ref/services/syncbase/signing: Add signing mechanism to allow for syncbase updates to be signed.
This chaange adds mechanisms to allow syncbase to sign the upadtes
made by its clients so that when these updates are received by other
syncgroup members, the signatures can be checked.
The primary interface is in
v.io/syncbase/x/ref/services/syncbase/signing
It is significantly more complicated than one might wish. See the
comment at the top of signing/signing.go for the rationale.
Suggestions on how to relieve the various issues in simpler ways
would be welcome.
Suggested reviewing order:
Read the comment at the top of signing/signing.go for an overview.
Then bottom up:
signing/krl
- a placeholder key revocation list. I added this just so if we
ever get such a thing, we know where the calls will go.
signing/hashcache
- a simple cache for data that can be reused across signatures
signing
- The primary interface that signs and checks data. The test
contains various benchmarks, and shows how the interface is
expected to be used by the various participating syncbase
servers.
- the validationcache.go module uses signing/hashcache to cache particular
types of data. Performs all the marshalling and hashing that would
otherwise be repeated per signature. It's in the same package as
signing.go because the two share types.
Change-Id: I4a830b4811ffa63cb9391261a2c35fd77da60ba6
10 files changed
