From 92b71bed3762c3e1ebfc25e757f30a6342626fef Mon Sep 17 00:00:00 2001 From: roos Date: Mon, 30 Sep 2019 09:24:27 +0200 Subject: [PATCH 1/2] scrypto: Make LatestVer of type version fixes #2953 --- go/cert_srv/internal/reiss/handler.go | 7 ++-- go/cert_srv/internal/reiss/requester.go | 4 +-- go/cert_srv/internal/reiss/self.go | 4 +-- go/lib/ctrl/BUILD.bazel | 1 + go/lib/ctrl/cert_mgmt/BUILD.bazel | 1 + go/lib/ctrl/cert_mgmt/chain_req.go | 3 +- go/lib/ctrl/cert_mgmt/trc_req.go | 3 +- go/lib/ctrl/seg/BUILD.bazel | 1 + go/lib/ctrl/seg/as.go | 5 +-- go/lib/ctrl/signed_util.go | 20 +++++------ go/lib/infra/modules/trust/helpers.go | 3 +- go/lib/infra/modules/trust/resolvers.go | 5 +-- go/lib/infra/modules/trust/signhelper.go | 4 +-- go/lib/infra/modules/trust/signhelper_test.go | 10 +++--- go/lib/infra/modules/trust/trust.go | 22 ++++++------ go/lib/infra/modules/trust/trust_test.go | 19 +++++----- .../infra/modules/trust/trustdb/BUILD.bazel | 1 + go/lib/infra/modules/trust/trustdb/metrics.go | 9 ++--- .../trust/trustdb/mock_trustdb/BUILD.bazel | 1 + .../trust/trustdb/mock_trustdb/trustdb.go | 9 ++--- go/lib/infra/modules/trust/trustdb/trustdb.go | 12 ++++--- .../modules/trust/trustdb/trustdbsqlite/db.go | 36 +++++++++---------- .../trust/trustdb/trustdbtest/trustdbtest.go | 6 ++-- go/lib/scrypto/cert/cert.go | 8 ++--- go/lib/scrypto/cert/chain.go | 9 ++--- go/lib/scrypto/cert/v2/as_signed_test.go | 2 +- go/lib/scrypto/cert/v2/issuer_signed_test.go | 2 +- go/lib/scrypto/defs.go | 4 --- go/lib/scrypto/trc/trc.go | 14 ++++---- go/lib/scrypto/trc/v2/signed_test.go | 2 +- go/lib/scrypto/version.go | 10 ++++-- go/lib/scrypto/version_test.go | 4 +-- go/tools/scion-custpk-load/BUILD.bazel | 2 ++ go/tools/scion-custpk-load/customers.go | 12 +++---- go/tools/scion-custpk-load/customers_test.go | 5 +-- go/tools/scion-pki/internal/certs/BUILD.bazel | 1 + go/tools/scion-pki/internal/certs/gen.go | 5 +-- go/tools/scion-pki/internal/certs/verify.go | 3 +- go/tools/scion-pki/internal/trc/gen.go | 2 +- 39 files changed, 145 insertions(+), 126 deletions(-) diff --git a/go/cert_srv/internal/reiss/handler.go b/go/cert_srv/internal/reiss/handler.go index 19a0fba398..d39172f3c8 100644 --- a/go/cert_srv/internal/reiss/handler.go +++ b/go/cert_srv/internal/reiss/handler.go @@ -84,8 +84,7 @@ func (h *Handler) handle(r *infra.Request, addr *snet.Addr, req *cert_mgmt.Chain } // Respond with max chain for outdated requests. opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}} - maxChain, err := h.State.Store.GetChain(ctx, verChain.Leaf.Subject, - scrypto.Version(scrypto.LatestVer), opts) + maxChain, err := h.State.Store.GetChain(ctx, verChain.Leaf.Subject, scrypto.LatestVer, opts) if err != nil { return common.NewBasicError("Unable to fetch max chain", err) } @@ -172,7 +171,7 @@ func (h *Handler) validateReq(c *cert.Certificate, vKey common.RawBytes, // issueChain creates a certificate chain for the certificate and adds it to the // trust store. func (h *Handler) issueChain(ctx context.Context, c *cert.Certificate, - vKey common.RawBytes, verVersion uint64) (*cert.Chain, error) { + vKey common.RawBytes, verVersion scrypto.Version) (*cert.Chain, error) { issCert, err := h.getIssuerCert(ctx) if err != nil { @@ -251,7 +250,7 @@ func (h *Handler) getIssuerCert(ctx context.Context) (*cert.Certificate, error) // getVerifyingKey returns the verifying key from the requested AS and nil if it is in the mapping. // Otherwise, nil and an error. func (h *Handler) getVerifyingKey(ctx context.Context, - ia addr.IA) (common.RawBytes, uint64, error) { + ia addr.IA) (common.RawBytes, scrypto.Version, error) { k, err := h.State.TrustDB.GetCustKey(ctx, ia) if err != nil { diff --git a/go/cert_srv/internal/reiss/requester.go b/go/cert_srv/internal/reiss/requester.go index c3b268acf7..d0e9e799fb 100644 --- a/go/cert_srv/internal/reiss/requester.go +++ b/go/cert_srv/internal/reiss/requester.go @@ -67,7 +67,7 @@ func (r *Requester) Run(ctx context.Context) { func (r *Requester) run(ctx context.Context) (bool, error) { opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}} - chain, err := r.State.Store.GetChain(ctx, r.IA, scrypto.Version(scrypto.LatestVer), opts) + chain, err := r.State.Store.GetChain(ctx, r.IA, scrypto.LatestVer, opts) if err != nil { return true, common.NewBasicError("Unable to get local certificate chain", err) } @@ -151,7 +151,7 @@ func (r *Requester) validateRep(ctx context.Context, chain *cert.Chain) error { } // FIXME(roosd): validate SubjectEncKey opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}} - chain, err := r.State.Store.GetChain(ctx, r.IA, scrypto.Version(scrypto.LatestVer), opts) + chain, err := r.State.Store.GetChain(ctx, r.IA, scrypto.LatestVer, opts) if err != nil { return err } diff --git a/go/cert_srv/internal/reiss/self.go b/go/cert_srv/internal/reiss/self.go index 676b82d4c5..611bed513a 100644 --- a/go/cert_srv/internal/reiss/self.go +++ b/go/cert_srv/internal/reiss/self.go @@ -63,7 +63,7 @@ func (s *Self) run(ctx context.Context) error { return common.NewBasicError("Unable to get issuer certificate", err) } opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}} - chain, err := s.State.Store.GetChain(ctx, s.IA, scrypto.Version(scrypto.LatestVer), opts) + chain, err := s.State.Store.GetChain(ctx, s.IA, scrypto.LatestVer, opts) if err != nil { return common.NewBasicError("Unable to get certificate chain", err) } @@ -164,7 +164,7 @@ func (s *Self) createIssuerCert(ctx context.Context, crt *cert.Certificate) erro func (s *Self) getCoreASEntry(ctx context.Context) (*trc.CoreAS, error) { opts := infra.TRCOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}} - maxTrc, err := s.State.Store.GetTRC(ctx, s.IA.I, scrypto.Version(scrypto.LatestVer), opts) + maxTrc, err := s.State.Store.GetTRC(ctx, s.IA.I, scrypto.LatestVer, opts) if err != nil { return nil, common.NewBasicError("Unable to find local TRC", err) } diff --git a/go/lib/ctrl/BUILD.bazel b/go/lib/ctrl/BUILD.bazel index 79b0904535..c542260fa4 100644 --- a/go/lib/ctrl/BUILD.bazel +++ b/go/lib/ctrl/BUILD.bazel @@ -19,6 +19,7 @@ go_library( "//go/lib/ctrl/ifid:go_default_library", "//go/lib/ctrl/path_mgmt:go_default_library", "//go/lib/ctrl/seg:go_default_library", + "//go/lib/scrypto:go_default_library", "//go/proto:go_default_library", "//go/sig/mgmt:go_default_library", ], diff --git a/go/lib/ctrl/cert_mgmt/BUILD.bazel b/go/lib/ctrl/cert_mgmt/BUILD.bazel index b894364f80..e36648b361 100644 --- a/go/lib/ctrl/cert_mgmt/BUILD.bazel +++ b/go/lib/ctrl/cert_mgmt/BUILD.bazel @@ -16,6 +16,7 @@ go_library( deps = [ "//go/lib/addr:go_default_library", "//go/lib/common:go_default_library", + "//go/lib/scrypto:go_default_library", "//go/lib/scrypto/cert:go_default_library", "//go/lib/scrypto/trc:go_default_library", "//go/proto:go_default_library", diff --git a/go/lib/ctrl/cert_mgmt/chain_req.go b/go/lib/ctrl/cert_mgmt/chain_req.go index 8b87c98ad8..b7d7035dff 100644 --- a/go/lib/ctrl/cert_mgmt/chain_req.go +++ b/go/lib/ctrl/cert_mgmt/chain_req.go @@ -20,6 +20,7 @@ import ( "fmt" "github.com/scionproto/scion/go/lib/addr" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/proto" ) @@ -27,7 +28,7 @@ var _ proto.Cerealizable = (*ChainReq)(nil) type ChainReq struct { RawIA addr.IAInt `capnp:"isdas"` - Version uint64 + Version scrypto.Version CacheOnly bool } diff --git a/go/lib/ctrl/cert_mgmt/trc_req.go b/go/lib/ctrl/cert_mgmt/trc_req.go index 3b0510e71b..42039fe431 100644 --- a/go/lib/ctrl/cert_mgmt/trc_req.go +++ b/go/lib/ctrl/cert_mgmt/trc_req.go @@ -20,6 +20,7 @@ import ( "fmt" "github.com/scionproto/scion/go/lib/addr" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/proto" ) @@ -27,7 +28,7 @@ var _ proto.Cerealizable = (*TRCReq)(nil) type TRCReq struct { ISD addr.ISD `capnp:"isd"` - Version uint64 + Version scrypto.Version CacheOnly bool } diff --git a/go/lib/ctrl/seg/BUILD.bazel b/go/lib/ctrl/seg/BUILD.bazel index 675bb12b5e..d546136d1d 100644 --- a/go/lib/ctrl/seg/BUILD.bazel +++ b/go/lib/ctrl/seg/BUILD.bazel @@ -16,6 +16,7 @@ go_library( deps = [ "//go/lib/addr:go_default_library", "//go/lib/common:go_default_library", + "//go/lib/scrypto:go_default_library", "//go/lib/spath:go_default_library", "//go/lib/util:go_default_library", "//go/proto:go_default_library", diff --git a/go/lib/ctrl/seg/as.go b/go/lib/ctrl/seg/as.go index 8e6cf08738..ebcd5db863 100644 --- a/go/lib/ctrl/seg/as.go +++ b/go/lib/ctrl/seg/as.go @@ -21,6 +21,7 @@ import ( "github.com/scionproto/scion/go/lib/addr" "github.com/scionproto/scion/go/lib/common" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/proto" ) @@ -28,8 +29,8 @@ var _ proto.Cerealizable = (*ASEntry)(nil) type ASEntry struct { RawIA addr.IAInt `capnp:"isdas"` - TrcVer uint64 - CertVer uint64 + TrcVer scrypto.Version + CertVer scrypto.Version IfIDSize uint8 HopEntries []*HopEntry `capnp:"hops"` MTU uint16 `capnp:"mtu"` diff --git a/go/lib/ctrl/signed_util.go b/go/lib/ctrl/signed_util.go index f2bc3222c6..04d591fd91 100644 --- a/go/lib/ctrl/signed_util.go +++ b/go/lib/ctrl/signed_util.go @@ -18,10 +18,10 @@ import ( "context" "fmt" "regexp" - "strconv" "github.com/scionproto/scion/go/lib/addr" "github.com/scionproto/scion/go/lib/common" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/proto" ) @@ -42,33 +42,33 @@ const ( SrcDefaultFmt = `^` + SrcDefaultPrefix + `IA: (\S+) CHAIN: (\d+) TRC: (\d+)$` ) +var reSrcDefault = regexp.MustCompile(SrcDefaultFmt) + // SignSrcDef is the default format for signature source. It states the // signing entity, and the certificate chain authenticating the public key. // The TRC version is a hint for the TRC that can currently be used to // verify the chain. type SignSrcDef struct { IA addr.IA - ChainVer uint64 - TRCVer uint64 + ChainVer scrypto.Version + TRCVer scrypto.Version } func NewSignSrcDefFromRaw(b common.RawBytes) (SignSrcDef, error) { - re := regexp.MustCompile(SrcDefaultFmt) - s := re.FindStringSubmatch(string(b)) + s := reSrcDefault.FindSubmatch(b) if len(s) == 0 { return SignSrcDef{}, common.NewBasicError("Unable to match default src", nil, "string", string(b)) } - ia, err := addr.IAFromString(s[1]) + ia, err := addr.IAFromString(string(s[1])) if err != nil { return SignSrcDef{}, common.NewBasicError("Unable to parse default src IA", err) } - chainVer, err := strconv.ParseUint(s[2], 10, 64) - if err != nil { + var chainVer, trcVer scrypto.Version + if err := chainVer.UnmarshalJSON(s[2]); err != nil { return SignSrcDef{}, common.NewBasicError("Unable to parse default src ChainVer", err) } - trcVer, err := strconv.ParseUint(s[3], 10, 64) - if err != nil { + if err := trcVer.UnmarshalJSON(s[3]); err != nil { return SignSrcDef{}, common.NewBasicError("Unable to parse default src TRCVer", err) } return SignSrcDef{IA: ia, ChainVer: chainVer, TRCVer: trcVer}, nil diff --git a/go/lib/infra/modules/trust/helpers.go b/go/lib/infra/modules/trust/helpers.go index 5f5fe938ef..c098c69ef6 100644 --- a/go/lib/infra/modules/trust/helpers.go +++ b/go/lib/infra/modules/trust/helpers.go @@ -63,8 +63,7 @@ func CreateSignMeta(ctx context.Context, ia addr.IA, func VerifyChain(ctx context.Context, subject addr.IA, chain *cert.Chain, store infra.ExtendedTrustStore) error { - maxTrc, err := store.GetTRC(ctx, chain.Issuer.Issuer.I, scrypto.Version(scrypto.LatestVer), - infra.TRCOpts{}) + maxTrc, err := store.GetTRC(ctx, chain.Issuer.Issuer.I, scrypto.LatestVer, infra.TRCOpts{}) if err != nil { return common.NewBasicError("Unable to find TRC", nil, "isd", chain.Issuer.Issuer.I) } diff --git a/go/lib/infra/modules/trust/resolvers.go b/go/lib/infra/modules/trust/resolvers.go index c75fd3f12e..68c5e79206 100644 --- a/go/lib/infra/modules/trust/resolvers.go +++ b/go/lib/infra/modules/trust/resolvers.go @@ -21,6 +21,7 @@ import ( "github.com/scionproto/scion/go/lib/addr" "github.com/scionproto/scion/go/lib/infra/dedupe" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/lib/scrypto/cert" "github.com/scionproto/scion/go/lib/scrypto/trc" ) @@ -31,7 +32,7 @@ var _ dedupe.Request = (*trcRequest)(nil) // store to the background resolvers. type trcRequest struct { isd addr.ISD - version uint64 + version scrypto.Version cacheOnly bool id uint64 server net.Addr @@ -59,7 +60,7 @@ var _ dedupe.Request = (*chainRequest)(nil) // store to the background resolvers. type chainRequest struct { ia addr.IA - version uint64 + version scrypto.Version cacheOnly bool id uint64 server net.Addr diff --git a/go/lib/infra/modules/trust/signhelper.go b/go/lib/infra/modules/trust/signhelper.go index 2effd790cc..bd9fcb3db8 100644 --- a/go/lib/infra/modules/trust/signhelper.go +++ b/go/lib/infra/modules/trust/signhelper.go @@ -54,10 +54,10 @@ func NewBasicSigner(key common.RawBytes, meta infra.SignerMeta) (*BasicSigner, e if meta.Src.IA.IsWildcard() { return nil, common.NewBasicError("IA must not contain wildcard", nil, "ia", meta.Src.IA) } - if meta.Src.ChainVer == scrypto.LatestVer { + if meta.Src.ChainVer.IsLatest() { return nil, common.NewBasicError("ChainVer must be valid", nil, "ver", meta.Src.ChainVer) } - if meta.Src.TRCVer == scrypto.LatestVer { + if meta.Src.TRCVer.IsLatest() { return nil, common.NewBasicError("TRCVer must be valid", nil, "ver", meta.Src.TRCVer) } signer := &BasicSigner{ diff --git a/go/lib/infra/modules/trust/signhelper_test.go b/go/lib/infra/modules/trust/signhelper_test.go index c37d6fa821..eeb35ac4f9 100644 --- a/go/lib/infra/modules/trust/signhelper_test.go +++ b/go/lib/infra/modules/trust/signhelper_test.go @@ -65,13 +65,15 @@ func TestBasicVerifierVerify(t *testing.T) { SignAlgorithm: scrypto.Ed25519, SubjectSignKey: pub, Version: 1, + TRCVersion: 1, Signature: []byte("signature"), }, Issuer: &cert.Certificate{ - Subject: ia110, - Issuer: ia110, - Version: 1, - Signature: []byte("signature"), + Subject: ia110, + Issuer: ia110, + Version: 1, + TRCVersion: 1, + Signature: []byte("signature"), }, }) require.NoError(t, err) diff --git a/go/lib/infra/modules/trust/trust.go b/go/lib/infra/modules/trust/trust.go index 430a8be1e9..a8bc4f225d 100644 --- a/go/lib/infra/modules/trust/trust.go +++ b/go/lib/infra/modules/trust/trust.go @@ -142,7 +142,7 @@ func (store *Store) trcRequestFunc(ctx context.Context, request dedupe.Request) return dedupe.Response{Data: nil} } - if req.version != scrypto.LatestVer && trcObj.Version != req.version { + if !req.version.IsLatest() && trcObj.Version != req.version { return wrapErr(serrors.WrapStr("remote server responded with bad version", ErrInvalidResponse, "got", trcObj.Version, "expected", req.version)) } @@ -171,7 +171,7 @@ func (store *Store) chainRequestFunc(ctx context.Context, request dedupe.Request if chain == nil { return dedupe.Response{Data: nil} } - if req.version != scrypto.LatestVer && chain.Leaf.Version != req.version { + if !req.version.IsLatest() && chain.Leaf.Version != req.version { return wrapErr(serrors.WrapStr("Remote server responded with bad version", ErrInvalidResponse, "got", chain.Leaf.Version, "expected", req.version)) } @@ -207,7 +207,7 @@ func (store *Store) getTRC(ctx context.Context, isd addr.ISD, version scrypto.Ve CacheOnly: opts.LocalOnly, Result: metrics.ErrInternal, } - trcObj, err := store.trustdb.GetTRCVersion(ctx, isd, uint64(version)) + trcObj, err := store.trustdb.GetTRCVersion(ctx, isd, version) if err != nil { metrics.Store.Lookup(l.WithResult(metrics.ErrDB)).Inc() return nil, err @@ -245,7 +245,7 @@ func (store *Store) getTRC(ctx context.Context, isd addr.ISD, version scrypto.Ve } trcObj, err = store.getTRCFromNetwork(ctx, &trcRequest{ isd: isd, - version: uint64(version), + version: version, id: messenger.NextId(), server: opts.Server, postHook: store.insertTRCHook(), @@ -365,7 +365,7 @@ func (store *Store) getChain(ctx context.Context, ia addr.IA, version scrypto.Ve CacheOnly: opts.LocalOnly, Result: metrics.ErrInternal, } - chain, err := store.trustdb.GetChainVersion(ctx, ia, uint64(version)) + chain, err := store.trustdb.GetChainVersion(ctx, ia, version) if err != nil { metrics.Store.Lookup(l.WithResult(metrics.ErrDB)).Inc() return nil, err @@ -395,7 +395,7 @@ func (store *Store) getChain(ctx context.Context, ia addr.IA, version scrypto.Ve trcOpts := infra.TRCOpts{ TrustStoreOpts: opts.TrustStoreOpts, } - trcObj, err := store.getTRC(ctx, ia.I, scrypto.Version(scrypto.LatestVer), trcOpts, client) + trcObj, err := store.getTRC(ctx, ia.I, scrypto.LatestVer, trcOpts, client) if err != nil { metrics.Store.Lookup(l.WithResult(metrics.ErrTRC)).Inc() return nil, err @@ -415,7 +415,7 @@ func (store *Store) getChain(ctx context.Context, ia addr.IA, version scrypto.Ve } chain, err = store.getChainFromNetwork(ctx, &chainRequest{ ia: ia, - version: uint64(version), + version: version, id: messenger.NextId(), server: opts.Server, postHook: store.newChainValidator(trcObj), @@ -573,7 +573,7 @@ func (store *Store) LoadAuthoritativeTRC(dir string) error { defer cancelF() ctx = metrics.CtxWith(ctx, metrics.Load) opts := infra.TRCOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}} - dbTRC, err := store.getTRC(ctx, store.ia.I, scrypto.Version(scrypto.LatestVer), opts, nil) + dbTRC, err := store.getTRC(ctx, store.ia.I, scrypto.LatestVer, opts, nil) switch { case err != nil && !xerrors.Is(err, ErrNotFoundLocally): // Unexpected error in trust store @@ -629,7 +629,7 @@ func (store *Store) LoadAuthoritativeChain(dir string) error { defer cancelF() ctx = metrics.CtxWith(ctx, metrics.Load) opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}} - chain, err := store.getChain(ctx, store.ia, scrypto.Version(scrypto.LatestVer), opts, nil) + chain, err := store.getChain(ctx, store.ia, scrypto.LatestVer, opts, nil) switch { case err != nil && !xerrors.Is(err, ErrMissingAuthoritative): // Unexpected error in trust store @@ -813,7 +813,7 @@ func (store *Store) ByAttributes(ctx context.Context, isd addr.ISD, ctx = metrics.CtxWith(ctx, metrics.ASInspector) trcOpts := infra.TRCOpts{TrustStoreOpts: opts.TrustStoreOpts} - trc, err := store.GetTRC(ctx, isd, scrypto.Version(scrypto.LatestVer), trcOpts) + trc, err := store.GetTRC(ctx, isd, scrypto.LatestVer, trcOpts) if err != nil { return nil, common.NewBasicError("unable to resolve TRC", err) } @@ -829,7 +829,7 @@ func (store *Store) HasAttributes(ctx context.Context, ia addr.IA, ctx = metrics.CtxWith(ctx, metrics.ASInspector) trcOpts := infra.TRCOpts{TrustStoreOpts: opts.TrustStoreOpts} - trc, err := store.GetTRC(ctx, ia.I, scrypto.Version(scrypto.LatestVer), trcOpts) + trc, err := store.GetTRC(ctx, ia.I, scrypto.LatestVer, trcOpts) if err != nil { return false, common.NewBasicError("unable to resolve TRC", err) } diff --git a/go/lib/infra/modules/trust/trust_test.go b/go/lib/infra/modules/trust/trust_test.go index 98c8ded82b..61c722b9c1 100644 --- a/go/lib/infra/modules/trust/trust_test.go +++ b/go/lib/infra/modules/trust/trust_test.go @@ -220,7 +220,6 @@ func TestStoreGetTRC(t *testing.T) { ctx, cancelF := context.WithTimeout(context.Background(), testCtxTimeout) defer cancelF() - trcObj, err := store.GetTRC(ctx, test.ISD, test.Version, infra.TRCOpts{}) test.ErrAssertion(t, err) assert.Equal(t, test.ExpData, trcObj) @@ -345,7 +344,7 @@ func TestTRCReqHandler(t *testing.T) { tests := map[string]struct { Name string ISD addr.ISD - Version uint64 + Version scrypto.Version ExpData *trc.TRC ErrAssertion require.ErrorAssertionFunc RecursionEnabled bool // Tell the server to recurse on unknown objects @@ -484,7 +483,7 @@ func TestChainReqHandler(t *testing.T) { tests := map[string]struct { IA addr.IA - Version uint64 + Version scrypto.Version ExpData *cert.Chain ErrAssertion require.ErrorAssertionFunc RecursionEnabled bool // Tell the server to recurse on unknown objects @@ -614,22 +613,22 @@ func loadCrypto(t *testing.T, isds []addr.ISD, trcMap := make(map[addr.ISD]*trc.TRC) for _, isd := range isds { trcMap[isd], err = trc.TRCFromFile(getTRCFileName(isd, 1), false) - xtest.FailOnErr(t, err) + require.NoError(t, err) } chainMap := make(map[addr.IA]*cert.Chain) for _, ia := range ias { chainMap[ia], err = cert.ChainFromFile(getChainFileName(ia, 1), false) - xtest.FailOnErr(t, err) + require.NoError(t, err) } return trcMap, chainMap } -func getTRCFileName(isd addr.ISD, version uint64) string { +func getTRCFileName(isd addr.ISD, version scrypto.Version) string { return fmt.Sprintf("%s/ISD%d/trcs/ISD%d-V%d.trc", tmpDir, isd, isd, version) } -func getChainFileName(ia addr.IA, version uint64) string { +func getChainFileName(ia addr.IA, version scrypto.Version) string { return fmt.Sprintf("%s/ISD%d/AS%s/certs/ISD%d-AS%s-V%d.crt", tmpDir, ia.I, ia.A.FileFmt(), ia.I, ia.A.FileFmt(), version) } @@ -639,7 +638,7 @@ func initStore(t *testing.T, ctrl *gomock.Controller, t.Helper() db, err := trustdbsqlite.New(":memory:") - xtest.FailOnErr(t, err) + require.NoError(t, err) topo := topology.NewTopo() topotestutil.AddServer(topo, proto.ServiceType_cs, "foo", topology.TestTopoAddr(nil, nil, nil, nil)) @@ -658,12 +657,12 @@ func insertTRC(t *testing.T, store *Store, trcObj *trc.TRC) { t.Helper() _, err := store.trustdb.InsertTRC(context.Background(), trcObj) - xtest.FailOnErr(t, err) + require.NoError(t, err) } func insertChain(t *testing.T, store *Store, chain *cert.Chain) { t.Helper() _, err := store.trustdb.InsertChain(context.Background(), chain) - xtest.FailOnErr(t, err) + require.NoError(t, err) } diff --git a/go/lib/infra/modules/trust/trustdb/BUILD.bazel b/go/lib/infra/modules/trust/trustdb/BUILD.bazel index c99115b207..9458f5770b 100644 --- a/go/lib/infra/modules/trust/trustdb/BUILD.bazel +++ b/go/lib/infra/modules/trust/trustdb/BUILD.bazel @@ -13,6 +13,7 @@ go_library( "//go/lib/common:go_default_library", "//go/lib/infra/modules/db:go_default_library", "//go/lib/infra/modules/trust/internal/metrics:go_default_library", + "//go/lib/scrypto:go_default_library", "//go/lib/scrypto/cert:go_default_library", "//go/lib/scrypto/trc:go_default_library", "@com_github_opentracing_opentracing_go//:go_default_library", diff --git a/go/lib/infra/modules/trust/trustdb/metrics.go b/go/lib/infra/modules/trust/trustdb/metrics.go index d3bb8f2c36..6027941b57 100644 --- a/go/lib/infra/modules/trust/trustdb/metrics.go +++ b/go/lib/infra/modules/trust/trustdb/metrics.go @@ -24,6 +24,7 @@ import ( "github.com/scionproto/scion/go/lib/addr" "github.com/scionproto/scion/go/lib/infra/modules/db" "github.com/scionproto/scion/go/lib/infra/modules/trust/internal/metrics" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/lib/scrypto/cert" "github.com/scionproto/scion/go/lib/scrypto/trc" ) @@ -168,7 +169,7 @@ func (db *metricsExecutor) InsertTRC(ctx context.Context, trcobj *trc.TRC) (int6 } func (db *metricsExecutor) InsertCustKey(ctx context.Context, key *CustKey, - oldVersion uint64) error { + oldVersion scrypto.Version) error { var err error db.metrics.Observe(ctx, metrics.InsertCustKey, func(ctx context.Context) error { @@ -179,7 +180,7 @@ func (db *metricsExecutor) InsertCustKey(ctx context.Context, key *CustKey, } func (db *metricsExecutor) GetIssCertVersion(ctx context.Context, ia addr.IA, - version uint64) (*cert.Certificate, error) { + version scrypto.Version) (*cert.Certificate, error) { var res *cert.Certificate var err error @@ -213,7 +214,7 @@ func (db *metricsExecutor) GetAllIssCerts(ctx context.Context) (<-chan CertOrErr } func (db *metricsExecutor) GetChainVersion(ctx context.Context, ia addr.IA, - version uint64) (*cert.Chain, error) { + version scrypto.Version) (*cert.Chain, error) { var res *cert.Chain var err error @@ -247,7 +248,7 @@ func (db *metricsExecutor) GetAllChains(ctx context.Context) (<-chan ChainOrErr, } func (db *metricsExecutor) GetTRCVersion(ctx context.Context, isd addr.ISD, - version uint64) (*trc.TRC, error) { + version scrypto.Version) (*trc.TRC, error) { var res *trc.TRC var err error diff --git a/go/lib/infra/modules/trust/trustdb/mock_trustdb/BUILD.bazel b/go/lib/infra/modules/trust/trustdb/mock_trustdb/BUILD.bazel index b41d238945..cb63f462c9 100644 --- a/go/lib/infra/modules/trust/trustdb/mock_trustdb/BUILD.bazel +++ b/go/lib/infra/modules/trust/trustdb/mock_trustdb/BUILD.bazel @@ -8,6 +8,7 @@ go_library( deps = [ "//go/lib/addr:go_default_library", "//go/lib/infra/modules/trust/trustdb:go_default_library", + "//go/lib/scrypto:go_default_library", "//go/lib/scrypto/cert:go_default_library", "//go/lib/scrypto/trc:go_default_library", "@com_github_golang_mock//gomock:go_default_library", diff --git a/go/lib/infra/modules/trust/trustdb/mock_trustdb/trustdb.go b/go/lib/infra/modules/trust/trustdb/mock_trustdb/trustdb.go index a621073695..539324daba 100644 --- a/go/lib/infra/modules/trust/trustdb/mock_trustdb/trustdb.go +++ b/go/lib/infra/modules/trust/trustdb/mock_trustdb/trustdb.go @@ -10,6 +10,7 @@ import ( gomock "github.com/golang/mock/gomock" addr "github.com/scionproto/scion/go/lib/addr" trustdb "github.com/scionproto/scion/go/lib/infra/modules/trust/trustdb" + scrypto "github.com/scionproto/scion/go/lib/scrypto" cert "github.com/scionproto/scion/go/lib/scrypto/cert" trc "github.com/scionproto/scion/go/lib/scrypto/trc" reflect "reflect" @@ -143,7 +144,7 @@ func (mr *MockTrustDBMockRecorder) GetChainMaxVersion(arg0, arg1 interface{}) *g } // GetChainVersion mocks base method -func (m *MockTrustDB) GetChainVersion(arg0 context.Context, arg1 addr.IA, arg2 uint64) (*cert.Chain, error) { +func (m *MockTrustDB) GetChainVersion(arg0 context.Context, arg1 addr.IA, arg2 scrypto.Version) (*cert.Chain, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetChainVersion", arg0, arg1, arg2) ret0, _ := ret[0].(*cert.Chain) @@ -188,7 +189,7 @@ func (mr *MockTrustDBMockRecorder) GetIssCertMaxVersion(arg0, arg1 interface{}) } // GetIssCertVersion mocks base method -func (m *MockTrustDB) GetIssCertVersion(arg0 context.Context, arg1 addr.IA, arg2 uint64) (*cert.Certificate, error) { +func (m *MockTrustDB) GetIssCertVersion(arg0 context.Context, arg1 addr.IA, arg2 scrypto.Version) (*cert.Certificate, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetIssCertVersion", arg0, arg1, arg2) ret0, _ := ret[0].(*cert.Certificate) @@ -218,7 +219,7 @@ func (mr *MockTrustDBMockRecorder) GetTRCMaxVersion(arg0, arg1 interface{}) *gom } // GetTRCVersion mocks base method -func (m *MockTrustDB) GetTRCVersion(arg0 context.Context, arg1 addr.ISD, arg2 uint64) (*trc.TRC, error) { +func (m *MockTrustDB) GetTRCVersion(arg0 context.Context, arg1 addr.ISD, arg2 scrypto.Version) (*trc.TRC, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetTRCVersion", arg0, arg1, arg2) ret0, _ := ret[0].(*trc.TRC) @@ -248,7 +249,7 @@ func (mr *MockTrustDBMockRecorder) InsertChain(arg0, arg1 interface{}) *gomock.C } // InsertCustKey mocks base method -func (m *MockTrustDB) InsertCustKey(arg0 context.Context, arg1 *trustdb.CustKey, arg2 uint64) error { +func (m *MockTrustDB) InsertCustKey(arg0 context.Context, arg1 *trustdb.CustKey, arg2 scrypto.Version) error { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "InsertCustKey", arg0, arg1, arg2) ret0, _ := ret[0].(error) diff --git a/go/lib/infra/modules/trust/trustdb/trustdb.go b/go/lib/infra/modules/trust/trustdb/trustdb.go index bd27432353..51579a57a6 100644 --- a/go/lib/infra/modules/trust/trustdb/trustdb.go +++ b/go/lib/infra/modules/trust/trustdb/trustdb.go @@ -24,6 +24,7 @@ import ( "github.com/scionproto/scion/go/lib/addr" "github.com/scionproto/scion/go/lib/common" "github.com/scionproto/scion/go/lib/infra/modules/db" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/lib/scrypto/cert" "github.com/scionproto/scion/go/lib/scrypto/trc" ) @@ -61,7 +62,7 @@ type TrcOrErr struct { type CustKey struct { IA addr.IA Key common.RawBytes - Version uint64 + Version scrypto.Version } // CustKeyOrErr contains a customer key or an error. @@ -76,7 +77,8 @@ type CustKeyOrErr struct { type Read interface { // GetIssCertVersion returns the specified version of the issuer certificate for // ia. If version is scrypto.LatestVer, this is equivalent to GetIssCertMaxVersion. - GetIssCertVersion(ctx context.Context, ia addr.IA, version uint64) (*cert.Certificate, error) + GetIssCertVersion(ctx context.Context, ia addr.IA, + version scrypto.Version) (*cert.Certificate, error) // GetIssCertMaxVersion returns the max version of the issuer certificate for ia. GetIssCertMaxVersion(ctx context.Context, ia addr.IA) (*cert.Certificate, error) // GetAllIssCerts returns a channel that will provide all issuer certs in the trust db. If the @@ -89,7 +91,7 @@ type Read interface { GetAllIssCerts(ctx context.Context) (<-chan CertOrErr, error) // GetChainVersion returns the specified version of the certificate chain for // ia. If version is scrypto.LatestVer, this is equivalent to GetChainMaxVersion. - GetChainVersion(ctx context.Context, ia addr.IA, version uint64) (*cert.Chain, error) + GetChainVersion(ctx context.Context, ia addr.IA, version scrypto.Version) (*cert.Chain, error) // GetChainMaxVersion returns the max version of the chain for ia. GetChainMaxVersion(ctx context.Context, ia addr.IA) (*cert.Chain, error) // GetAllChains returns a channel that will provide all chains in the trust db. If the trust db @@ -101,7 +103,7 @@ type Read interface { GetAllChains(ctx context.Context) (<-chan ChainOrErr, error) // GetTRCVersion returns the specified version of the TRC for // isd. If version is scrypto.LatestVer, this is equivalent to GetTRCMaxVersion. - GetTRCVersion(ctx context.Context, isd addr.ISD, version uint64) (*trc.TRC, error) + GetTRCVersion(ctx context.Context, isd addr.ISD, version scrypto.Version) (*trc.TRC, error) // GetTRCMaxVersion returns the max version of the TRC for ia. GetTRCMaxVersion(ctx context.Context, isd addr.ISD) (*trc.TRC, error) // GetAllTRCs returns a channel that will provide all TRCs in the trust db. If the trust db @@ -138,7 +140,7 @@ type Write interface { // this operation should return an error. // If there is no previous version 0 should be passed for the oldVersion argument. // If oldVersion == version an error is returned. - InsertCustKey(ctx context.Context, key *CustKey, oldVersion uint64) error + InsertCustKey(ctx context.Context, key *CustKey, oldVersion scrypto.Version) error } // ReadWrite contains all read and write operations of the trust DB. diff --git a/go/lib/infra/modules/trust/trustdb/trustdbsqlite/db.go b/go/lib/infra/modules/trust/trustdb/trustdbsqlite/db.go index be6ca701af..0b0add686d 100644 --- a/go/lib/infra/modules/trust/trustdb/trustdbsqlite/db.go +++ b/go/lib/infra/modules/trust/trustdb/trustdbsqlite/db.go @@ -245,9 +245,9 @@ type executor struct { // GetIssCertVersion returns the specified version of the issuer certificate for // ia. If version is scrypto.LatestVer, this is equivalent to GetIssCertMaxVersion. func (db *executor) GetIssCertVersion(ctx context.Context, ia addr.IA, - version uint64) (*cert.Certificate, error) { + version scrypto.Version) (*cert.Certificate, error) { - if version == scrypto.LatestVer { + if version.IsLatest() { return db.GetIssCertMaxVersion(ctx, ia) } db.RLock() @@ -283,7 +283,7 @@ func (db *executor) GetAllIssCerts(ctx context.Context) (<-chan trustdb.CertOrEr defer rows.Close() var raw common.RawBytes ia := addr.IA{} - var v uint64 + var v scrypto.Version for rows.Next() { err = rows.Scan(&raw, &ia.I, &ia.A, &v) crt, err := parseCert(raw, ia, v, err) @@ -307,9 +307,9 @@ func (db *executor) InsertIssCert(ctx context.Context, crt *cert.Certificate) (i // GetLeafCertVersion returns the specified version of the leaf certificate for // ia. If version is scrypto.LatestVer, this is equivalent to GetLeafCertMaxVersion. func (db *executor) GetLeafCertVersion(ctx context.Context, ia addr.IA, - version uint64) (*cert.Certificate, error) { + version scrypto.Version) (*cert.Certificate, error) { - if version == scrypto.LatestVer { + if version.IsLatest() { return db.GetLeafCertMaxVersion(ctx, ia) } db.RLock() @@ -340,9 +340,9 @@ func (db *executor) InsertLeafCert(ctx context.Context, crt *cert.Certificate) ( // GetChainVersion returns the specified version of the certificate chain for // ia. If version is scrypto.LatestVer, this is equivalent to GetChainMaxVersion. func (db *executor) GetChainVersion(ctx context.Context, ia addr.IA, - version uint64) (*cert.Chain, error) { + version scrypto.Version) (*cert.Chain, error) { - if version == scrypto.LatestVer { + if version.IsLatest() { return db.GetChainMaxVersion(ctx, ia) } db.RLock() @@ -442,12 +442,12 @@ func (db *executor) InsertChain(ctx context.Context, chain *cert.Chain) (int64, return 0, err } ia, ver := chain.IAVer() - rowId, err := getIssCertRowIDCtx(ctx, db.db, chain.Issuer.Subject, chain.Issuer.Version) + rowID, err := getIssCertRowIDCtx(ctx, db.db, chain.Issuer.Subject, chain.Issuer.Version) if err != nil { return 0, err } // NOTE(roosd): Adding multiple rows to Chains table has to be done in a transaction. - res, err := db.db.ExecContext(ctx, insertChainStr, ia.I, ia.A, ver, 1, rowId) + res, err := db.db.ExecContext(ctx, insertChainStr, ia.I, ia.A, ver, 1, rowID) if err != nil { return 0, err } @@ -457,9 +457,9 @@ func (db *executor) InsertChain(ctx context.Context, chain *cert.Chain) (int64, // GetTRCVersion returns the specified version of the TRC for // isd. If version is scrypto.LatestVer, this is equivalent to GetTRCMaxVersion. func (db *executor) GetTRCVersion(ctx context.Context, - isd addr.ISD, version uint64) (*trc.TRC, error) { + isd addr.ISD, version scrypto.Version) (*trc.TRC, error) { - if version == scrypto.LatestVer { + if version.IsLatest() { return db.GetTRCMaxVersion(ctx, isd) } db.RLock() @@ -550,7 +550,7 @@ func (db *executor) GetCustKey(ctx context.Context, ia addr.IA) (*trustdb.CustKe db.RLock() defer db.RUnlock() var key common.RawBytes - var version uint64 + var version scrypto.Version err := db.db.QueryRowContext(ctx, getCustKeyStr, ia.I, ia.A).Scan(&key, &version) if err == sql.ErrNoRows { return nil, nil @@ -589,7 +589,7 @@ func (db *executor) GetAllCustKeys(ctx context.Context) (<-chan trustdb.CustKeyO // InsertCustKey implements trustdb.InsertCustKey. func (db *executor) InsertCustKey(ctx context.Context, - key *trustdb.CustKey, oldVersion uint64) error { + key *trustdb.CustKey, oldVersion scrypto.Version) error { if key == nil { return common.NewBasicError("Inserting nil key not allowed", nil) @@ -673,7 +673,8 @@ func insertIssCert(ctx context.Context, db db.Sqler, crt *cert.Certificate) (int return res.RowsAffected() } -func parseCert(raw common.RawBytes, ia addr.IA, v uint64, err error) (*cert.Certificate, error) { +func parseCert(raw common.RawBytes, ia addr.IA, version scrypto.Version, + err error) (*cert.Certificate, error) { if err == sql.ErrNoRows { return nil, nil } @@ -682,11 +683,10 @@ func parseCert(raw common.RawBytes, ia addr.IA, v uint64, err error) (*cert.Cert } crt, err := cert.CertificateFromRaw(raw) if err != nil { - if v == scrypto.LatestVer { + if version.IsLatest() { return nil, common.NewBasicError("Cert parse error", err, "ia", ia, "version", "max") - } else { - return nil, common.NewBasicError("Cert parse error", err, "ia", ia, "version", v) } + return nil, common.NewBasicError("Cert parse error", err, "ia", ia, "version", version) } return crt, nil } @@ -731,7 +731,7 @@ func parseChain(rows *sql.Rows, err error) (*cert.Chain, error) { } func getIssCertRowIDCtx(ctx context.Context, db db.Sqler, - ia addr.IA, ver uint64) (int64, error) { + ia addr.IA, ver scrypto.Version) (int64, error) { var rowId int64 err := db.QueryRowContext(ctx, getIssCertRowIDStr, ia.I, ia.A, ver).Scan(&rowId) diff --git a/go/lib/infra/modules/trust/trustdb/trustdbtest/trustdbtest.go b/go/lib/infra/modules/trust/trustdb/trustdbtest/trustdbtest.go index 9ae2f9fef9..227561dd38 100644 --- a/go/lib/infra/modules/trust/trustdb/trustdbtest/trustdbtest.go +++ b/go/lib/infra/modules/trust/trustdb/trustdbtest/trustdbtest.go @@ -393,7 +393,7 @@ func testCustKey(t *testing.T, db trustdb.ReadWrite) { SoMsg("Empty result expected", key, ShouldBeNil) }) Convey("Insertion should work without error", func() { - var ver uint64 = 1 + ver := scrypto.Version(1) key := &trustdb.CustKey{IA: ia1_110, Version: ver, Key: key_110_1} err := db.InsertCustKey(ctx, key, 0) SoMsg("No error expected", err, ShouldBeNil) @@ -403,7 +403,7 @@ func testCustKey(t *testing.T, db trustdb.ReadWrite) { SoMsg("Inserted key expected", actKey, ShouldResemble, key) }) Convey("Inserting a newer version should work", func() { - var newVer uint64 = 2 + newVer := scrypto.Version(2) key2 := &trustdb.CustKey{IA: ia1_110, Version: newVer, Key: key_110_2} err := db.InsertCustKey(ctx, key2, ver) SoMsg("No error expected", err, ShouldBeNil) @@ -423,7 +423,7 @@ func testCustKey(t *testing.T, db trustdb.ReadWrite) { SoMsg("Error expected", err, ShouldNotBeNil) }) Convey("Updating with outdated old version should fail", func() { - var newVer uint64 = 2 + newVer := scrypto.Version(2) key2 := &trustdb.CustKey{IA: ia1_110, Version: newVer, Key: key_110_2} err := db.InsertCustKey(ctx, key2, ver) SoMsg("No error expected", err, ShouldBeNil) diff --git a/go/lib/scrypto/cert/cert.go b/go/lib/scrypto/cert/cert.go index fdff8c9b38..ffac063d55 100644 --- a/go/lib/scrypto/cert/cert.go +++ b/go/lib/scrypto/cert/cert.go @@ -79,10 +79,10 @@ type Certificate struct { // SubjectSignKey the public key used for signature verification. SubjectSignKey common.RawBytes // TRCVersion is the version of the issuing trc. - TRCVersion uint64 + TRCVersion scrypto.Version // Version is the certificate version. // The value scrypto.LatestVer is reserved and shall not be used. - Version uint64 + Version scrypto.Version } func CertificateFromRaw(raw common.RawBytes) (*Certificate, error) { @@ -90,7 +90,7 @@ func CertificateFromRaw(raw common.RawBytes) (*Certificate, error) { if err := json.Unmarshal(raw, cert); err != nil { return nil, common.NewBasicError("Unable to parse Certificate", err) } - if cert.Version == scrypto.LatestVer { + if cert.Version.IsLatest() { return nil, common.NewBasicError(ReservedVersion, nil) } return cert, nil @@ -153,7 +153,7 @@ func (c *Certificate) Sign(signKey common.RawBytes, signAlgo string) error { // sigPack creates a sorted json object of all fields, except for the signature field. func (c *Certificate) sigPack() (common.RawBytes, error) { - if c.Version == scrypto.LatestVer { + if c.Version.IsLatest() { return nil, common.NewBasicError(ReservedVersion, nil) } m := make(map[string]interface{}) diff --git a/go/lib/scrypto/cert/chain.go b/go/lib/scrypto/cert/chain.go index fa28562957..a61d031151 100644 --- a/go/lib/scrypto/cert/chain.go +++ b/go/lib/scrypto/cert/chain.go @@ -30,6 +30,7 @@ import ( "github.com/scionproto/scion/go/lib/addr" "github.com/scionproto/scion/go/lib/common" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/lib/scrypto/trc" "github.com/scionproto/scion/go/lib/serrors" "github.com/scionproto/scion/go/lib/util" @@ -55,10 +56,10 @@ const ( type Key struct { IA addr.IA - Ver uint64 + Ver scrypto.Version } -func NewKey(ia addr.IA, ver uint64) *Key { +func NewKey(ia addr.IA, ver scrypto.Version) *Key { return &Key{IA: ia, Ver: ver} } @@ -124,7 +125,7 @@ func ChainFromDir(dir string, ia addr.IA, f func(err error)) (*Chain, error) { if err != nil { return nil, err } - var bestVersion uint64 + var bestVersion scrypto.Version var bestChain *Chain for _, file := range files { chain, err := ChainFromFile(file, false) @@ -253,7 +254,7 @@ func (c *Chain) Equal(o *Chain) bool { return c.Leaf.Equal(o.Leaf) && c.Issuer.Equal(o.Issuer) } -func (c *Chain) IAVer() (addr.IA, uint64) { +func (c *Chain) IAVer() (addr.IA, scrypto.Version) { return c.Leaf.Subject, c.Leaf.Version } diff --git a/go/lib/scrypto/cert/v2/as_signed_test.go b/go/lib/scrypto/cert/v2/as_signed_test.go index f5435f614d..144bf2b550 100644 --- a/go/lib/scrypto/cert/v2/as_signed_test.go +++ b/go/lib/scrypto/cert/v2/as_signed_test.go @@ -36,7 +36,7 @@ func TestEncodeAS(t *testing.T) { }, "Invalid Version": { Modify: func(base *cert.AS) { - base.Version = scrypto.Version(scrypto.LatestVer) + base.Version = scrypto.LatestVer }, Assertion: assert.Error, }, diff --git a/go/lib/scrypto/cert/v2/issuer_signed_test.go b/go/lib/scrypto/cert/v2/issuer_signed_test.go index c5839b9eda..b9ec8cb11d 100644 --- a/go/lib/scrypto/cert/v2/issuer_signed_test.go +++ b/go/lib/scrypto/cert/v2/issuer_signed_test.go @@ -36,7 +36,7 @@ func TestEncodeIssuer(t *testing.T) { }, "Invalid Version": { Modify: func(base *cert.Issuer) { - base.Version = scrypto.Version(scrypto.LatestVer) + base.Version = scrypto.LatestVer }, Assertion: assert.Error, }, diff --git a/go/lib/scrypto/defs.go b/go/lib/scrypto/defs.go index a84c0d9a5f..6f3b9b1810 100644 --- a/go/lib/scrypto/defs.go +++ b/go/lib/scrypto/defs.go @@ -21,10 +21,6 @@ import ( "github.com/scionproto/scion/go/lib/common" ) -// LatestVer is the wildcard version indicating the highest available version -// when requesting certificate chains and TRCs. -const LatestVer uint64 = 0 - // Base64 is the base64 encoding used when packing and unpacking encoded data. // In accordance with rfc7515 (see https://tools.ietf.org/html/rfc7515#section-2), // this is the URL safe encoding with padding omitted. diff --git a/go/lib/scrypto/trc/trc.go b/go/lib/scrypto/trc/trc.go index 47786174b2..4a0e762de6 100644 --- a/go/lib/scrypto/trc/trc.go +++ b/go/lib/scrypto/trc/trc.go @@ -71,10 +71,10 @@ const ( type Key struct { ISD addr.ISD - Ver uint64 + Ver scrypto.Version } -func NewKey(isd addr.ISD, ver uint64) *Key { +func NewKey(isd addr.ISD, ver scrypto.Version) *Key { return &Key{ISD: isd, Ver: ver} } @@ -145,7 +145,7 @@ type TRC struct { ThresholdEEPKI uint32 // Version is the version number of the TRC. // The value scrypto.LatestVer is reserved and shall not be used. - Version uint64 + Version scrypto.Version } func TRCFromRaw(raw common.RawBytes, lz4_ bool) (*TRC, error) { @@ -174,7 +174,7 @@ func TRCFromRaw(raw common.RawBytes, lz4_ bool) (*TRC, error) { if err := json.Unmarshal(raw, t); err != nil { return nil, err } - if t.Version == scrypto.LatestVer { + if t.Version.IsLatest() { return nil, common.NewBasicError(ReservedVersion, nil) } return t, nil @@ -200,7 +200,7 @@ func TRCFromDir(dir string, isd addr.ISD, f func(err error)) (*TRC, error) { if err != nil { return nil, err } - var bestVersion uint64 + var bestVersion scrypto.Version var bestTRC *TRC for _, file := range files { trcObj, err := TRCFromFile(file, false) @@ -220,7 +220,7 @@ func TRCFromDir(dir string, isd addr.ISD, f func(err error)) (*TRC, error) { return bestTRC, nil } -func (t *TRC) IsdVer() (addr.ISD, uint64) { +func (t *TRC) IsdVer() (addr.ISD, scrypto.Version) { return t.ISD, t.Version } @@ -339,7 +339,7 @@ func (t *TRC) verifyXSig(trust *TRC) error { // sigPack creates a sorted json object of all fields, except for the signature map. func (t *TRC) sigPack() (common.RawBytes, error) { - if t.Version == scrypto.LatestVer { + if t.Version.IsLatest() { return nil, common.NewBasicError(ReservedVersion, nil) } m := make(map[string]interface{}) diff --git a/go/lib/scrypto/trc/v2/signed_test.go b/go/lib/scrypto/trc/v2/signed_test.go index ea708a08dd..b5a4817c63 100644 --- a/go/lib/scrypto/trc/v2/signed_test.go +++ b/go/lib/scrypto/trc/v2/signed_test.go @@ -38,7 +38,7 @@ func TestEncode(t *testing.T) { }, "Invalid Version": { Modify: func(base *trc.TRC) { - base.Version = scrypto.Version(scrypto.LatestVer) + base.Version = scrypto.LatestVer }, Assertion: assert.Error, }, diff --git a/go/lib/scrypto/version.go b/go/lib/scrypto/version.go index 30fac9029c..0ccb6e6220 100644 --- a/go/lib/scrypto/version.go +++ b/go/lib/scrypto/version.go @@ -20,6 +20,10 @@ import ( "strconv" ) +// LatestVer is the wildcard version indicating the highest available version +// when requesting certificate chains and TRCs. +const LatestVer Version = 0 + // ErrInvalidVersion indicates an invalid trust file version. var ErrInvalidVersion = errors.New("version must not be zero") @@ -32,7 +36,7 @@ type Version uint64 // IsLatest checks if the value is LatestVer func (v Version) IsLatest() bool { - return uint64(v) == LatestVer + return v == LatestVer } // UnmarshalJSON checks that the value is not LatestVer. @@ -41,7 +45,7 @@ func (v *Version) UnmarshalJSON(b []byte) error { if err != nil { return err } - if parsed == LatestVer { + if Version(parsed) == LatestVer { return ErrInvalidVersion } *v = Version(parsed) @@ -50,7 +54,7 @@ func (v *Version) UnmarshalJSON(b []byte) error { // MarshalJSON checks that the value is not LatestVer. func (v Version) MarshalJSON() ([]byte, error) { - if uint64(v) == LatestVer { + if v == LatestVer { return nil, ErrInvalidVersion } return json.Marshal(uint64(v)) diff --git a/go/lib/scrypto/version_test.go b/go/lib/scrypto/version_test.go index 075f274a37..7a9a44b916 100644 --- a/go/lib/scrypto/version_test.go +++ b/go/lib/scrypto/version_test.go @@ -36,7 +36,7 @@ func TestVersionUnmarshalJSON(t *testing.T) { Assertion: assert.NoError, }, "Reserved": { - Input: []byte(strconv.FormatUint(scrypto.LatestVer, 10)), + Input: []byte(strconv.FormatUint(uint64(scrypto.LatestVer), 10)), Assertion: assert.Error, }, "String": { @@ -73,7 +73,7 @@ func TestVersionMarshalJSON(t *testing.T) { Assertion: assert.NoError, }, "Reserved": { - Input: mockObj{Version: scrypto.Version(scrypto.LatestVer)}, + Input: mockObj{Version: scrypto.LatestVer}, Assertion: assert.Error, }, } diff --git a/go/tools/scion-custpk-load/BUILD.bazel b/go/tools/scion-custpk-load/BUILD.bazel index 52cdee0692..b9d202021d 100644 --- a/go/tools/scion-custpk-load/BUILD.bazel +++ b/go/tools/scion-custpk-load/BUILD.bazel @@ -16,6 +16,7 @@ go_library( "//go/lib/env:go_default_library", "//go/lib/infra/modules/trust/trustdb:go_default_library", "//go/lib/keyconf:go_default_library", + "//go/lib/scrypto:go_default_library", "//go/lib/truststorage:go_default_library", "@com_github_burntsushi_toml//:go_default_library", ], @@ -36,6 +37,7 @@ go_test( "//go/lib/common:go_default_library", "//go/lib/infra/modules/trust/trustdb:go_default_library", "//go/lib/infra/modules/trust/trustdb/mock_trustdb:go_default_library", + "//go/lib/scrypto:go_default_library", "//go/lib/xtest:go_default_library", "@com_github_golang_mock//gomock:go_default_library", "@com_github_smartystreets_goconvey//convey:go_default_library", diff --git a/go/tools/scion-custpk-load/customers.go b/go/tools/scion-custpk-load/customers.go index 2d1129a32c..57c4044de7 100644 --- a/go/tools/scion-custpk-load/customers.go +++ b/go/tools/scion-custpk-load/customers.go @@ -19,13 +19,13 @@ import ( "fmt" "path/filepath" "regexp" - "strconv" "time" "github.com/scionproto/scion/go/lib/addr" "github.com/scionproto/scion/go/lib/common" "github.com/scionproto/scion/go/lib/infra/modules/trust/trustdb" "github.com/scionproto/scion/go/lib/keyconf" + "github.com/scionproto/scion/go/lib/scrypto" ) // reCustVerKey is used to parse the IA and version of a customer verifying key file. @@ -33,7 +33,7 @@ var reCustVerKey = regexp.MustCompile(`^(ISD\S+-AS\S+)-V(\d+)\.key$`) type CustKeyMeta struct { IA addr.IA - Version uint64 + Version scrypto.Version } // LoadCustomers populates the DB from assigned non-core ASes to their verifying key. @@ -44,7 +44,7 @@ func LoadCustomers(path string, trustDB trustdb.TrustDB) ([]string, []*CustKeyMe return nil, nil, err } activeKeys := make(map[addr.IA]string) - activeVers := make(map[addr.IA]uint64) + activeVers := make(map[addr.IA]scrypto.Version) for _, file := range files { _, name := filepath.Split(file) s := reCustVerKey.FindStringSubmatch(name) @@ -52,8 +52,8 @@ func LoadCustomers(path string, trustDB trustdb.TrustDB) ([]string, []*CustKeyMe if err != nil { return nil, nil, common.NewBasicError("Unable to parse IA", err, "file", file) } - ver, err := strconv.ParseUint(s[2], 10, 64) - if err != nil { + var ver scrypto.Version + if err := ver.UnmarshalJSON([]byte(s[2])); err != nil { return nil, nil, common.NewBasicError("Unable to parse Version", err, "file", file) } if ver >= activeVers[ia] { @@ -76,7 +76,7 @@ func LoadCustomers(path string, trustDB trustdb.TrustDB) ([]string, []*CustKeyMe return procFiles, addedKeys, common.NewBasicError("Failed to check DB cust key", err, "ia", ia) } - var currentV uint64 + var currentV scrypto.Version if cKey != nil { if cKey.Version >= activeVers[ia] { // db already contains a newer key. diff --git a/go/tools/scion-custpk-load/customers_test.go b/go/tools/scion-custpk-load/customers_test.go index a7f757d0f0..aa02dde890 100644 --- a/go/tools/scion-custpk-load/customers_test.go +++ b/go/tools/scion-custpk-load/customers_test.go @@ -23,6 +23,7 @@ import ( "github.com/scionproto/scion/go/lib/common" "github.com/scionproto/scion/go/lib/infra/modules/trust/trustdb" "github.com/scionproto/scion/go/lib/infra/modules/trust/trustdb/mock_trustdb" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/lib/xtest" ) @@ -36,13 +37,13 @@ func TestLoadCustomers(t *testing.T) { Convey("Given an empty DB: Load succeeds", func() { trustDB.EXPECT().GetCustKey(gomock.Any(), gomock.Eq(ia)).Return(nil, nil) expectedKey := &trustdb.CustKey{IA: ia, Key: key, Version: 1} - trustDB.EXPECT().InsertCustKey(gomock.Any(), gomock.Eq(expectedKey), uint64(0)) + trustDB.EXPECT().InsertCustKey(gomock.Any(), gomock.Eq(expectedKey), scrypto.LatestVer) files, loadedCusts, err := LoadCustomers("testdata/customers", trustDB) SoMsg("No err expected", err, ShouldBeNil) SoMsg("Exactly the file in test data expected", files, ShouldResemble, []string{"testdata/customers/ISD1-ASff00_0_110-V1.key"}) SoMsg("Correct cust meta expected", loadedCusts, ShouldResemble, - []*CustKeyMeta{{IA: xtest.MustParseIA("1-ff00:0:110"), Version: uint64(1)}}) + []*CustKeyMeta{{IA: xtest.MustParseIA("1-ff00:0:110"), Version: 1}}) }) Convey("Given a key with a newer version is stored: No changes done", func() { trustDB.EXPECT().GetCustKey(gomock.Any(), gomock.Eq(ia)).Return( diff --git a/go/tools/scion-pki/internal/certs/BUILD.bazel b/go/tools/scion-pki/internal/certs/BUILD.bazel index 22f7a596d8..ba0c68f49d 100644 --- a/go/tools/scion-pki/internal/certs/BUILD.bazel +++ b/go/tools/scion-pki/internal/certs/BUILD.bazel @@ -14,6 +14,7 @@ go_library( "//go/lib/addr:go_default_library", "//go/lib/common:go_default_library", "//go/lib/keyconf:go_default_library", + "//go/lib/scrypto:go_default_library", "//go/lib/scrypto/cert:go_default_library", "//go/lib/scrypto/trc:go_default_library", "//go/lib/util:go_default_library", diff --git a/go/tools/scion-pki/internal/certs/gen.go b/go/tools/scion-pki/internal/certs/gen.go index 4ec1bfa4e0..773044b49f 100644 --- a/go/tools/scion-pki/internal/certs/gen.go +++ b/go/tools/scion-pki/internal/certs/gen.go @@ -27,6 +27,7 @@ import ( "github.com/scionproto/scion/go/lib/addr" "github.com/scionproto/scion/go/lib/common" "github.com/scionproto/scion/go/lib/keyconf" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/lib/scrypto/cert" "github.com/scionproto/scion/go/lib/scrypto/trc" "github.com/scionproto/scion/go/lib/util" @@ -246,8 +247,8 @@ func genCertCommon(bc *conf.BaseCert, s addr.IA, signKeyFname string) (*cert.Cer Subject: s, IssuingTime: issuingTime, ExpirationTime: expirationTime, - Version: bc.Version, - TRCVersion: bc.TRCVersion, + Version: scrypto.Version(bc.Version), + TRCVersion: scrypto.Version(bc.TRCVersion), }, nil } diff --git a/go/tools/scion-pki/internal/certs/verify.go b/go/tools/scion-pki/internal/certs/verify.go index ca0d339056..6819e14673 100644 --- a/go/tools/scion-pki/internal/certs/verify.go +++ b/go/tools/scion-pki/internal/certs/verify.go @@ -21,6 +21,7 @@ import ( "path/filepath" "github.com/scionproto/scion/go/lib/addr" + "github.com/scionproto/scion/go/lib/scrypto" "github.com/scionproto/scion/go/lib/scrypto/cert" "github.com/scionproto/scion/go/lib/scrypto/trc" "github.com/scionproto/scion/go/tools/scion-pki/internal/pkicmn" @@ -59,7 +60,7 @@ func verifyChain(chain *cert.Chain, subject addr.IA) error { return chain.Verify(subject, t) } -func loadTRC(subject addr.IA, version uint64) (*trc.TRC, error) { +func loadTRC(subject addr.IA, version scrypto.Version) (*trc.TRC, error) { fname := fmt.Sprintf(pkicmn.TrcNameFmt, subject.I, version) trcPath := filepath.Join(pkicmn.GetIsdPath(pkicmn.OutDir, subject.I), pkicmn.TRCsDir, fname) trcRaw, err := ioutil.ReadFile(trcPath) diff --git a/go/tools/scion-pki/internal/trc/gen.go b/go/tools/scion-pki/internal/trc/gen.go index e3414b337d..02e02e52de 100644 --- a/go/tools/scion-pki/internal/trc/gen.go +++ b/go/tools/scion-pki/internal/trc/gen.go @@ -89,7 +89,7 @@ func newTrc(isd addr.ISD, iconf *conf.Isd, path string) (*trc.TRC, error) { GracePeriod: uint32(iconf.Trc.GracePeriod.Seconds()), ISD: isd, QuorumTRC: iconf.Trc.QuorumTRC, - Version: iconf.Trc.Version, + Version: scrypto.Version(iconf.Trc.Version), CoreASes: make(map[addr.IA]*trc.CoreAS), Signatures: make(map[string]common.RawBytes), RAINS: &trc.Rains{}, From da3708b7497d8a78dd451b0626caa4de720b0cc0 Mon Sep 17 00:00:00 2001 From: roos Date: Tue, 1 Oct 2019 13:16:02 +0200 Subject: [PATCH 2/2] feedback + revert --- go/lib/ctrl/signed_util.go | 10 +++++----- go/lib/infra/modules/trust/trust_test.go | 11 ++++++----- .../infra/modules/trust/trustdb/trustdbsqlite/db.go | 5 +++-- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/go/lib/ctrl/signed_util.go b/go/lib/ctrl/signed_util.go index 04d591fd91..92fc03919a 100644 --- a/go/lib/ctrl/signed_util.go +++ b/go/lib/ctrl/signed_util.go @@ -55,20 +55,20 @@ type SignSrcDef struct { } func NewSignSrcDefFromRaw(b common.RawBytes) (SignSrcDef, error) { - s := reSrcDefault.FindSubmatch(b) - if len(s) == 0 { + match := reSrcDefault.FindSubmatch(b) + if len(match) == 0 { return SignSrcDef{}, common.NewBasicError("Unable to match default src", nil, "string", string(b)) } - ia, err := addr.IAFromString(string(s[1])) + ia, err := addr.IAFromString(string(match[1])) if err != nil { return SignSrcDef{}, common.NewBasicError("Unable to parse default src IA", err) } var chainVer, trcVer scrypto.Version - if err := chainVer.UnmarshalJSON(s[2]); err != nil { + if err := chainVer.UnmarshalJSON(match[2]); err != nil { return SignSrcDef{}, common.NewBasicError("Unable to parse default src ChainVer", err) } - if err := trcVer.UnmarshalJSON(s[3]); err != nil { + if err := trcVer.UnmarshalJSON(match[3]); err != nil { return SignSrcDef{}, common.NewBasicError("Unable to parse default src TRCVer", err) } return SignSrcDef{IA: ia, ChainVer: chainVer, TRCVer: trcVer}, nil diff --git a/go/lib/infra/modules/trust/trust_test.go b/go/lib/infra/modules/trust/trust_test.go index 61c722b9c1..a0290912fb 100644 --- a/go/lib/infra/modules/trust/trust_test.go +++ b/go/lib/infra/modules/trust/trust_test.go @@ -220,6 +220,7 @@ func TestStoreGetTRC(t *testing.T) { ctx, cancelF := context.WithTimeout(context.Background(), testCtxTimeout) defer cancelF() + trcObj, err := store.GetTRC(ctx, test.ISD, test.Version, infra.TRCOpts{}) test.ErrAssertion(t, err) assert.Equal(t, test.ExpData, trcObj) @@ -613,13 +614,13 @@ func loadCrypto(t *testing.T, isds []addr.ISD, trcMap := make(map[addr.ISD]*trc.TRC) for _, isd := range isds { trcMap[isd], err = trc.TRCFromFile(getTRCFileName(isd, 1), false) - require.NoError(t, err) + xtest.FailOnErr(t, err) } chainMap := make(map[addr.IA]*cert.Chain) for _, ia := range ias { chainMap[ia], err = cert.ChainFromFile(getChainFileName(ia, 1), false) - require.NoError(t, err) + xtest.FailOnErr(t, err) } return trcMap, chainMap } @@ -638,7 +639,7 @@ func initStore(t *testing.T, ctrl *gomock.Controller, t.Helper() db, err := trustdbsqlite.New(":memory:") - require.NoError(t, err) + xtest.FailOnErr(t, err) topo := topology.NewTopo() topotestutil.AddServer(topo, proto.ServiceType_cs, "foo", topology.TestTopoAddr(nil, nil, nil, nil)) @@ -657,12 +658,12 @@ func insertTRC(t *testing.T, store *Store, trcObj *trc.TRC) { t.Helper() _, err := store.trustdb.InsertTRC(context.Background(), trcObj) - require.NoError(t, err) + xtest.FailOnErr(t, err) } func insertChain(t *testing.T, store *Store, chain *cert.Chain) { t.Helper() _, err := store.trustdb.InsertChain(context.Background(), chain) - require.NoError(t, err) + xtest.FailOnErr(t, err) } diff --git a/go/lib/infra/modules/trust/trustdb/trustdbsqlite/db.go b/go/lib/infra/modules/trust/trustdb/trustdbsqlite/db.go index 0b0add686d..37d3f0f79f 100644 --- a/go/lib/infra/modules/trust/trustdb/trustdbsqlite/db.go +++ b/go/lib/infra/modules/trust/trustdb/trustdbsqlite/db.go @@ -442,12 +442,12 @@ func (db *executor) InsertChain(ctx context.Context, chain *cert.Chain) (int64, return 0, err } ia, ver := chain.IAVer() - rowID, err := getIssCertRowIDCtx(ctx, db.db, chain.Issuer.Subject, chain.Issuer.Version) + rowId, err := getIssCertRowIDCtx(ctx, db.db, chain.Issuer.Subject, chain.Issuer.Version) if err != nil { return 0, err } // NOTE(roosd): Adding multiple rows to Chains table has to be done in a transaction. - res, err := db.db.ExecContext(ctx, insertChainStr, ia.I, ia.A, ver, 1, rowID) + res, err := db.db.ExecContext(ctx, insertChainStr, ia.I, ia.A, ver, 1, rowId) if err != nil { return 0, err } @@ -675,6 +675,7 @@ func insertIssCert(ctx context.Context, db db.Sqler, crt *cert.Certificate) (int func parseCert(raw common.RawBytes, ia addr.IA, version scrypto.Version, err error) (*cert.Certificate, error) { + if err == sql.ErrNoRows { return nil, nil }