TrustStore: Ensure referenced TRC is available

When verifying a signature, the verifier now makes sure to have the referenced TRC available locally. This is one mechanism how TRC updates are disseminated.
scionproto · Jan 21, 2020 · 066152f · 066152f
1 parent 6f99584
commit 066152f
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/go/lib/infra/modules/trust/verifier.go b/go/lib/infra/modules/trust/verifier.go
@@ -105,12 +105,18 @@ func (v *verifier) Verify(ctx context.Context, msg []byte, sign *proto.SignS) er
 			"expected", v.BoundSrc, "actual", src)
 	}
 
-	id := ChainID{IA: src.IA, Version: src.ChainVer}
-	opts := infra.ChainOpts{
+	// Ensure that the TRC announced in source is available locally. Thus, not
+	// missing TRC updates.
+	tOpts := infra.TRCOpts{
 		TrustStoreOpts: infra.TrustStoreOpts{Server: v.Server},
+		AllowInactive:  true,
+	}
+	if _, err := v.Store.GetTRC(ctx, TRCID{ISD: src.IA.I, Version: src.TRCVer}, tOpts); err != nil {
+		return err
 	}
 
-	key, err := v.Store.GetASKey(ctx, id, opts)
+	opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{Server: v.Server}}
+	key, err := v.Store.GetASKey(ctx, ChainID{IA: src.IA, Version: src.ChainVer}, opts)
 	if err != nil {
 		return err
 	}

diff --git a/go/lib/infra/modules/trust/verifier_test.go b/go/lib/infra/modules/trust/verifier_test.go
@@ -102,6 +102,7 @@ func TestVerify(t *testing.T) {
 		ctrl := gomock.NewController(t)
 		defer ctrl.Finish()
 		p := mock_trust.NewMockCryptoProvider(ctrl)
+		p.EXPECT().GetTRC(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil)
 		p.EXPECT().GetASKey(gomock.Any(), gomock.Any(),
 			gomock.Any()).Return(scrypto.KeyMeta{Key: public, Algorithm: scrypto.Ed25519}, nil)