1.3.0-draft13

Version 1.3.0-draft13

• Interop testing still needed. This implementation has undergone initial testing, but is not yet ready for production use.
• Roughenough tries to strictly implement the Roughtime protocol as described in the draft-13 RFC. Unlike prior version of Roughenough, now there are no (intentional) deviations from the RFC. Roughenough strives to be a full compliant implementation. Deviations from that ideal are probably bugs.
• The Roughenough server operates both the "classic" Google protocol and the RFC compliant protocol at the same time on the same serving port. The 8-byte magic frame value added by the RFC is used to distinguish classic vs. rfc requests.
• The version value for IETF RFC draft13 (the VER tag) is 0x0800000c
• The new -p/--protocol flag of roughenough-client controls the protocol version to use in requests (0 = classic protocol, 13 = RFC draft13 protocol). The default is 0 the "classic" protocol, until the RFC is finalized.
• Summarized changes over prior RFC drafts:
  • Hash over the entire request packet in Merkle tree
  • Check depth of PATH is <32
  • Remove trailing "--" from delegation signature context string
  • Sorted values in VER tag
  • Version number changed to 0x8000000c
  • VER tag moved inside SREP
  • Added VERS tag

Version 1.2.1-draft5

• Fixes runtime crash (see #33) when client socket wasn't ready to be written.
• Introduces statistics to track failed send attempts

Version 1.2.0-draft-5

Thank you contributors!

• Add support for IPv6 in roughtime-client. Contributed by @unrelentingtech #28.

• Document how to set the time on FreeBSD. By @unrelentingtech in #29

• Support base64 encoded public keys in roughtime-client. Contributed by @lachesis in #31.

• Added -d/--dump to roughenough-client that will pretty-print text representations of the messages it sends and receives.

• Roughenough (mostly) implements the Roughtime protocol as specified in the draft-5 RFC.

  Important differences from the draft RFC

  1. Roughenough uses SHA-512/256 to compute the Merkle tree. Draft-5 of the RFC uses a bespoke 32-byte SHA-512 prefix without rationale or justification. Given that standardized 32-byte SHA-512/256 exists and is already implemented widely, I'm sticking with it while I advocate for the RFC to move away from the custom prefix and adopt SHA-512/256.
  2. The server and client send/expect RFC protocol version 1 (VER tag is 0x00000001) instead of the draft's suggested 0x80000000 + version.

• The Roughenough server operates both the "classic" protocol and the RFC compliant protocol at the same time on a single serving port (the 8-byte magic frame value added by the RFC is used to distinguish classic vs. rfc requests).

  The new -p/--protocol flag of roughenough-client controls the protocol version to use in requests (0 = classic protocol, 1 = RFC protocol). The default is 0 the "classic" protocol, until the RFC is finalized:

  # send RFC protocol Roughtime requests
  $ roughenough-client -p 1 roughtime.int08h.com 2002
  

Update of major dependencies

Overdue housekeeping to update to latest dependencies:

• 8f088f1 Overdue Ring update 0.13 -> 0.16
• 43b1de3 GCK KMS updated to the latest dependencies
• 7ff2e53 AWS KMS also updated to latest dependencies

Output local or UTC time

Version 1.1.8

New feature:

• 407f12d client: output local time by default, add -z/--zulu for UTC

Housekeeping:

• 02212e2 Switch to std::time and drop use of 'time' crate
• d42db50 Upgrade several dependencies to latest versions
• e13d6fd Remove deprecated std::error::Error::description calls
• 32f11aa Update Dockerfile to Rust 1.42

Improved client output

Version 1.1.7

• Improved options for client output thanks to @zicklag (f1f834e).

  By default the client now outputs just the time reported by the queried server. The -v or --verbose flag will print additional information such as the response's midpoint and radius. -j or --json outputs responses in JSON format instead.

  Non-response text output is written to standard error to enable verbose output while redirecting the response(s) to a file or pipe like so:

  $ roughenough-client -v roughtime.int08h.com 2002 > time.txt
  Requesting time from: "roughtime.int08h.com":2002
  Received time from server: midpoint="Oct 08 2019 18:40:38", radius=1000000, verified=No (merkle_index=0)
  
  $ cat time.txt
  Oct 08 2019 18:40:38
  

Clippy fixes; dependencies updated; Dockerfile to Rust 1.38

Version 1.1.6

• Fix several Clippy items (266f1ad)
• Update to latest Rusoto (6ff01af)
• Update to latest google-cloudkms (a0165c0)
• Update Dockerfile to Rust 1.38 (a14c2e8)

Fuzzing related changes; container build; better error message

Version 1.1.5

• Improved error messages (3841942)
• Update fuzzer server target to sync with roughenough-fuzz
• Add Dockerfile to create a server container

Implement Roughtime ecosystem response mangling

Version 1.1.4

• Implement Roughtime ecosystem response mangling (177372f, f851deb)
• Doc fix from @Muncan90 (20ba144)

Add decryption to KMS command-line tool

Version 1.1.3

• Add decrypt option to roughenough-kms