package trillian

Get desktop application:
View/edit binary Protocol Buffers messages

Defines the way empty / node / leaf hashes are constructed incorporating preimage protection, which can be application specific.

Used in: Tree

• UNKNOWN_HASH_STRATEGY = 0

  Hash strategy cannot be determined. Included to enable detection of mismatched proto versions being used. Represents an invalid value.

• RFC6962_SHA256 = 1

  Certificate Transparency strategy: leaf hash prefix = 0x00, node prefix = 0x01, empty hash is digest([]byte{}), as defined in the specification.

• TEST_MAP_HASHER = 2

  Sparse Merkle Tree strategy: leaf hash prefix = 0x00, node prefix = 0x01, empty branch is recursively computed from empty leaf nodes. NOT secure in a multi tree environment. For testing only.

• OBJECT_RFC6962_SHA256 = 3

  Append-only log strategy where leaf nodes are defined as the ObjectHash. All other properties are equal to RFC6962_SHA256.

• CONIKS_SHA512_256 = 4

  The CONIKS sparse tree hasher with SHA512_256 as the hash algorithm.

• CONIKS_SHA256 = 5

  The CONIKS sparse tree hasher with SHA256 as the hash algorithm.

LogRootFormat specifies the fields that are covered by the SignedLogRoot signature, as well as their ordering and formats.

• LOG_ROOT_FORMAT_UNKNOWN = 0

• LOG_ROOT_FORMAT_V1 = 1

MapRootFormat specifies the fields that are covered by the SignedMapRoot signature, as well as their ordering and formats.

• MAP_ROOT_FORMAT_UNKNOWN = 0

• MAP_ROOT_FORMAT_V1 = 1

Proof holds a consistency or inclusion proof for a Merkle tree, as returned by the API.

Used in: aftl.InclusionProof

• int64 leaf_index = 1

  leaf_index indicates the requested leaf index when this message is used for a leaf inclusion proof. This field is set to zero when this message is used for a consistency proof.

• repeated bytes hashes = 3

• int64 timestamp_nanos = 1

• int64 log_id = 2

• optional sigpb.DigitallySigned signature = 3

SignedLogRoot represents a commitment by a Log to a particular tree.

Used in: aftl.InclusionProof

• bytes key_hint = 7

  key_hint is a hint to identify the public key for signature verification. key_hint is not authenticated and may be incorrect or missing, in which case all known public keys may be used to verify the signature. When directly communicating with a Trillian gRPC server, the key_hint will typically contain the LogID encoded as a big-endian 64-bit integer; however, in other contexts the key_hint is likely to have different contents (e.g. it could be a GUID, a URL + TreeID, or it could be derived from the public key itself).

• bytes log_root = 8

  log_root holds the TLS-serialization of the following structure (described in RFC5246 notation): Clients should validate log_root_signature with VerifySignedLogRoot before deserializing log_root. enum { v1(1), (65535)} Version; struct { uint64 tree_size; opaque root_hash<0..128>; uint64 timestamp_nanos; uint64 revision; opaque metadata<0..65535>; } LogRootV1; struct { Version version; select(version) { case v1: LogRootV1; } } LogRoot; A serialized v1 log root will therefore be laid out as: +---+---+---+---+---+---+---+---+---+---+---+---+---+---+-....--+ | ver=1 | tree_size |len| root_hashlen | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+-....--+ +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | timestamp_nanos | revision | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ +---+---+---+---+---+-....---+ | len | metadata | +---+---+---+---+---+-....---+ (with all integers encoded big-endian).

• bytes log_root_signature = 9

  log_root_signature is the raw signature over log_root.

SignedMapRoot represents a commitment by a Map to a particular tree.

• bytes map_root = 9

  map_root holds the TLS-serialization of the following structure (described in RFC5246 notation): Clients should validate signature with VerifySignedMapRoot before deserializing map_root. enum { v1(1), (65535)} Version; struct { opaque root_hash<0..128>; uint64 timestamp_nanos; uint64 revision; opaque metadata<0..65535>; } MapRootV1; struct { Version version; select(version) { case v1: MapRootV1; } } MapRoot;

• bytes signature = 4

  Signature is the raw signature over MapRoot.

Represents a tree, which may be either a verifiable log or map. Readonly attributes are assigned at tree creation, after which they may not be modified. Note: Many APIs within the rest of the code require these objects to be provided. For safety they should be obtained via Admin API calls and not created dynamically.

• int64 tree_id = 1

  ID of the tree. Readonly.

• TreeState tree_state = 2

  State of the tree. Trees are ACTIVE after creation. At any point the tree may transition between ACTIVE, DRAINING and FROZEN states.

• TreeType tree_type = 3

  Type of the tree. Readonly after Tree creation. Exception: Can be switched from PREORDERED_LOG to LOG if the Tree is and remains in the FROZEN state.

• HashStrategy hash_strategy = 4

  Hash strategy to be used by the tree. Readonly.

• sigpb.DigitallySigned.HashAlgorithm hash_algorithm = 5

  Hash algorithm to be used by the tree. Readonly.

• sigpb.DigitallySigned.SignatureAlgorithm signature_algorithm = 6

  Signature algorithm to be used by the tree. Readonly.

• string display_name = 8

  Display name of the tree. Optional.

• string description = 9

  Description of the tree, Optional.

• optional google.protobuf.Any private_key = 12

  Identifies the private key used for signing tree heads and entry timestamps. This can be any type of message to accommodate different key management systems, e.g. PEM files, HSMs, etc. Private keys are write-only: they're never returned by RPCs. The private_key message can be changed after a tree is created, but the underlying key must remain the same - this is to enable migrating a key from one provider to another.

• optional google.protobuf.Any storage_settings = 13

  Storage-specific settings. Varies according to the storage implementation backing Trillian.

• optional keyspb.PublicKey public_key = 14

  The public key used for verifying tree heads and entry timestamps. Readonly.

• optional google.protobuf.Duration max_root_duration = 15

  Interval after which a new signed root is produced even if there have been no submission. If zero, this behavior is disabled.

• optional google.protobuf.Timestamp create_time = 16

  Time of tree creation. Readonly.

• optional google.protobuf.Timestamp update_time = 17

  Time of last tree update. Readonly (automatically assigned on updates).

• bool deleted = 19

  If true, the tree has been deleted. Deleted trees may be undeleted during a certain time window, after which they're permanently deleted (and unrecoverable). Readonly.

• optional google.protobuf.Timestamp delete_time = 20

  Time of tree deletion, if any. Readonly.

State of the tree.

Used in: Tree

• UNKNOWN_TREE_STATE = 0

  Tree state cannot be determined. Included to enable detection of mismatched proto versions being used. Represents an invalid value.

• ACTIVE = 1

  Active trees are able to respond to both read and write requests.

• FROZEN = 2

  Frozen trees are only able to respond to read requests, writing to a frozen tree is forbidden. Trees should not be frozen when there are entries in the queue that have not yet been integrated. See the DRAINING state for this case.

• DEPRECATED_SOFT_DELETED = 3

  Deprecated: now tracked in Tree.deleted.

• DEPRECATED_HARD_DELETED = 4

  Deprecated: now tracked in Tree.deleted.

• DRAINING = 5

  A tree that is draining will continue to integrate queued entries. No new entries should be accepted.

Type of the tree.

Used in: Tree

• UNKNOWN_TREE_TYPE = 0

  Tree type cannot be determined. Included to enable detection of mismatched proto versions being used. Represents an invalid value.

• LOG = 1

  Tree represents a verifiable log.

• MAP = 2

  Tree represents a verifiable map.

• PREORDERED_LOG = 3

  Tree represents a verifiable pre-ordered log, i.e., a log whose entries are placed according to sequence numbers assigned outside of Trillian.