scrypto: Make LatestVer of type version

go/cert_srv/internal/reiss/handler.go

@@ -84,8 +84,7 @@ func (h *Handler) handle(r *infra.Request, addr *snet.Addr, req *cert_mgmt.Chain
 	}
 	// Respond with max chain for outdated requests.
 	opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}}
-	maxChain, err := h.State.Store.GetChain(ctx, verChain.Leaf.Subject,
-		scrypto.Version(scrypto.LatestVer), opts)
+	maxChain, err := h.State.Store.GetChain(ctx, verChain.Leaf.Subject, scrypto.LatestVer, opts)
 	if err != nil {
 		return common.NewBasicError("Unable to fetch max chain", err)
 	}
@@ -172,7 +171,7 @@ func (h *Handler) validateReq(c *cert.Certificate, vKey common.RawBytes,
 // issueChain creates a certificate chain for the certificate and adds it to the
 // trust store.
 func (h *Handler) issueChain(ctx context.Context, c *cert.Certificate,
-	vKey common.RawBytes, verVersion uint64) (*cert.Chain, error) {
+	vKey common.RawBytes, verVersion scrypto.Version) (*cert.Chain, error) {
 
 	issCert, err := h.getIssuerCert(ctx)
 	if err != nil {
@@ -251,7 +250,7 @@ func (h *Handler) getIssuerCert(ctx context.Context) (*cert.Certificate, error)
 // getVerifyingKey returns the verifying key from the requested AS and nil if it is in the mapping.
 // Otherwise, nil and an error.
 func (h *Handler) getVerifyingKey(ctx context.Context,
-	ia addr.IA) (common.RawBytes, uint64, error) {
+	ia addr.IA) (common.RawBytes, scrypto.Version, error) {
 
 	k, err := h.State.TrustDB.GetCustKey(ctx, ia)
 	if err != nil {

go/cert_srv/internal/reiss/requester.go

@@ -67,7 +67,7 @@ func (r *Requester) Run(ctx context.Context) {
 
 func (r *Requester) run(ctx context.Context) (bool, error) {
 	opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}}
-	chain, err := r.State.Store.GetChain(ctx, r.IA, scrypto.Version(scrypto.LatestVer), opts)
+	chain, err := r.State.Store.GetChain(ctx, r.IA, scrypto.LatestVer, opts)
 	if err != nil {
 		return true, common.NewBasicError("Unable to get local certificate chain", err)
 	}
@@ -151,7 +151,7 @@ func (r *Requester) validateRep(ctx context.Context, chain *cert.Chain) error {
 	}
 	// FIXME(roosd): validate SubjectEncKey
 	opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}}
-	chain, err := r.State.Store.GetChain(ctx, r.IA, scrypto.Version(scrypto.LatestVer), opts)
+	chain, err := r.State.Store.GetChain(ctx, r.IA, scrypto.LatestVer, opts)
 	if err != nil {
 		return err
 	}

go/cert_srv/internal/reiss/self.go

@@ -63,7 +63,7 @@ func (s *Self) run(ctx context.Context) error {
 		return common.NewBasicError("Unable to get issuer certificate", err)
 	}
 	opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}}
-	chain, err := s.State.Store.GetChain(ctx, s.IA, scrypto.Version(scrypto.LatestVer), opts)
+	chain, err := s.State.Store.GetChain(ctx, s.IA, scrypto.LatestVer, opts)
 	if err != nil {
 		return common.NewBasicError("Unable to get certificate chain", err)
 	}
@@ -164,7 +164,7 @@ func (s *Self) createIssuerCert(ctx context.Context, crt *cert.Certificate) erro
 
 func (s *Self) getCoreASEntry(ctx context.Context) (*trc.CoreAS, error) {
 	opts := infra.TRCOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}}
-	maxTrc, err := s.State.Store.GetTRC(ctx, s.IA.I, scrypto.Version(scrypto.LatestVer), opts)
+	maxTrc, err := s.State.Store.GetTRC(ctx, s.IA.I, scrypto.LatestVer, opts)
 	if err != nil {
 		return nil, common.NewBasicError("Unable to find local TRC", err)
 	}

go/lib/ctrl/BUILD.bazel

@@ -19,6 +19,7 @@ go_library(
         "//go/lib/ctrl/ifid:go_default_library",
         "//go/lib/ctrl/path_mgmt:go_default_library",
         "//go/lib/ctrl/seg:go_default_library",
+        "//go/lib/scrypto:go_default_library",
         "//go/proto:go_default_library",
         "//go/sig/mgmt:go_default_library",
     ],

go/lib/ctrl/cert_mgmt/BUILD.bazel

@@ -16,6 +16,7 @@ go_library(
     deps = [
         "//go/lib/addr:go_default_library",
         "//go/lib/common:go_default_library",
+        "//go/lib/scrypto:go_default_library",
         "//go/lib/scrypto/cert:go_default_library",
         "//go/lib/scrypto/trc:go_default_library",
         "//go/proto:go_default_library",

go/lib/ctrl/cert_mgmt/chain_req.go

@@ -20,14 +20,15 @@ import (
 	"fmt"
 
 	"github.com/scionproto/scion/go/lib/addr"
+	"github.com/scionproto/scion/go/lib/scrypto"
 	"github.com/scionproto/scion/go/proto"
 )
 
 var _ proto.Cerealizable = (*ChainReq)(nil)
 
 type ChainReq struct {
 	RawIA     addr.IAInt `capnp:"isdas"`
-	Version   uint64
+	Version   scrypto.Version
 	CacheOnly bool
 }
 

go/lib/ctrl/cert_mgmt/trc_req.go

@@ -20,14 +20,15 @@ import (
 	"fmt"
 
 	"github.com/scionproto/scion/go/lib/addr"
+	"github.com/scionproto/scion/go/lib/scrypto"
 	"github.com/scionproto/scion/go/proto"
 )
 
 var _ proto.Cerealizable = (*TRCReq)(nil)
 
 type TRCReq struct {
 	ISD       addr.ISD `capnp:"isd"`
-	Version   uint64
+	Version   scrypto.Version
 	CacheOnly bool
 }
 

go/lib/ctrl/seg/BUILD.bazel

@@ -16,6 +16,7 @@ go_library(
     deps = [
         "//go/lib/addr:go_default_library",
         "//go/lib/common:go_default_library",
+        "//go/lib/scrypto:go_default_library",
         "//go/lib/spath:go_default_library",
         "//go/lib/util:go_default_library",
         "//go/proto:go_default_library",

go/lib/ctrl/seg/as.go

@@ -21,15 +21,16 @@ import (
 
 	"github.com/scionproto/scion/go/lib/addr"
 	"github.com/scionproto/scion/go/lib/common"
+	"github.com/scionproto/scion/go/lib/scrypto"
 	"github.com/scionproto/scion/go/proto"
 )
 
 var _ proto.Cerealizable = (*ASEntry)(nil)
 
 type ASEntry struct {
 	RawIA      addr.IAInt `capnp:"isdas"`
-	TrcVer     uint64
-	CertVer    uint64
+	TrcVer     scrypto.Version
+	CertVer    scrypto.Version
 	IfIDSize   uint8
 	HopEntries []*HopEntry `capnp:"hops"`
 	MTU        uint16      `capnp:"mtu"`

go/lib/ctrl/signed_util.go

@@ -18,10 +18,10 @@ import (
 	"context"
 	"fmt"
 	"regexp"
-	"strconv"
 
 	"github.com/scionproto/scion/go/lib/addr"
 	"github.com/scionproto/scion/go/lib/common"
+	"github.com/scionproto/scion/go/lib/scrypto"
 	"github.com/scionproto/scion/go/proto"
 )
 
@@ -42,33 +42,33 @@ const (
 	SrcDefaultFmt = `^` + SrcDefaultPrefix + `IA: (\S+) CHAIN: (\d+) TRC: (\d+)$`
 )
 
+var reSrcDefault = regexp.MustCompile(SrcDefaultFmt)
+
 // SignSrcDef is the default format for signature source. It states the
 // signing entity, and the certificate chain authenticating the public key.
 // The TRC version is a hint for the TRC that can currently be used to
 // verify the chain.
 type SignSrcDef struct {
 	IA       addr.IA
-	ChainVer uint64
-	TRCVer   uint64
+	ChainVer scrypto.Version
+	TRCVer   scrypto.Version
 }
 
 func NewSignSrcDefFromRaw(b common.RawBytes) (SignSrcDef, error) {
-	re := regexp.MustCompile(SrcDefaultFmt)
-	s := re.FindStringSubmatch(string(b))
-	if len(s) == 0 {
+	match := reSrcDefault.FindSubmatch(b)
+	if len(match) == 0 {
 		return SignSrcDef{}, common.NewBasicError("Unable to match default src", nil,
 			"string", string(b))
 	}
-	ia, err := addr.IAFromString(s[1])
+	ia, err := addr.IAFromString(string(match[1]))
 	if err != nil {
 		return SignSrcDef{}, common.NewBasicError("Unable to parse default src IA", err)
 	}
-	chainVer, err := strconv.ParseUint(s[2], 10, 64)
-	if err != nil {
+	var chainVer, trcVer scrypto.Version
+	if err := chainVer.UnmarshalJSON(match[2]); err != nil {
 		return SignSrcDef{}, common.NewBasicError("Unable to parse default src ChainVer", err)
 	}
-	trcVer, err := strconv.ParseUint(s[3], 10, 64)
-	if err != nil {
+	if err := trcVer.UnmarshalJSON(match[3]); err != nil {
 		return SignSrcDef{}, common.NewBasicError("Unable to parse default src TRCVer", err)
 	}
 	return SignSrcDef{IA: ia, ChainVer: chainVer, TRCVer: trcVer}, nil

go/lib/infra/modules/trust/helpers.go

@@ -63,8 +63,7 @@ func CreateSignMeta(ctx context.Context, ia addr.IA,
 func VerifyChain(ctx context.Context, subject addr.IA, chain *cert.Chain,
 	store infra.ExtendedTrustStore) error {
 
-	maxTrc, err := store.GetTRC(ctx, chain.Issuer.Issuer.I, scrypto.Version(scrypto.LatestVer),
-		infra.TRCOpts{})
+	maxTrc, err := store.GetTRC(ctx, chain.Issuer.Issuer.I, scrypto.LatestVer, infra.TRCOpts{})
 	if err != nil {
 		return common.NewBasicError("Unable to find TRC", nil, "isd", chain.Issuer.Issuer.I)
 	}

go/lib/infra/modules/trust/resolvers.go

@@ -21,6 +21,7 @@ import (
 
 	"github.com/scionproto/scion/go/lib/addr"
 	"github.com/scionproto/scion/go/lib/infra/dedupe"
+	"github.com/scionproto/scion/go/lib/scrypto"
 	"github.com/scionproto/scion/go/lib/scrypto/cert"
 	"github.com/scionproto/scion/go/lib/scrypto/trc"
 )
@@ -31,7 +32,7 @@ var _ dedupe.Request = (*trcRequest)(nil)
 // store to the background resolvers.
 type trcRequest struct {
 	isd       addr.ISD
-	version   uint64
+	version   scrypto.Version
 	cacheOnly bool
 	id        uint64
 	server    net.Addr
@@ -59,7 +60,7 @@ var _ dedupe.Request = (*chainRequest)(nil)
 // store to the background resolvers.
 type chainRequest struct {
 	ia        addr.IA
-	version   uint64
+	version   scrypto.Version
 	cacheOnly bool
 	id        uint64
 	server    net.Addr

go/lib/infra/modules/trust/signhelper.go

@@ -54,10 +54,10 @@ func NewBasicSigner(key common.RawBytes, meta infra.SignerMeta) (*BasicSigner, e
 	if meta.Src.IA.IsWildcard() {
 		return nil, common.NewBasicError("IA must not contain wildcard", nil, "ia", meta.Src.IA)
 	}
-	if meta.Src.ChainVer == scrypto.LatestVer {
+	if meta.Src.ChainVer.IsLatest() {
 		return nil, common.NewBasicError("ChainVer must be valid", nil, "ver", meta.Src.ChainVer)
 	}
-	if meta.Src.TRCVer == scrypto.LatestVer {
+	if meta.Src.TRCVer.IsLatest() {
 		return nil, common.NewBasicError("TRCVer must be valid", nil, "ver", meta.Src.TRCVer)
 	}
 	signer := &BasicSigner{

go/lib/infra/modules/trust/signhelper_test.go

@@ -65,13 +65,15 @@ func TestBasicVerifierVerify(t *testing.T) {
 					SignAlgorithm:  scrypto.Ed25519,
 					SubjectSignKey: pub,
 					Version:        1,
+					TRCVersion:     1,
 					Signature:      []byte("signature"),
 				},
 				Issuer: &cert.Certificate{
-					Subject:   ia110,
-					Issuer:    ia110,
-					Version:   1,
-					Signature: []byte("signature"),
+					Subject:    ia110,
+					Issuer:     ia110,
+					Version:    1,
+					TRCVersion: 1,
+					Signature:  []byte("signature"),
 				},
 			})
 			require.NoError(t, err)

go/lib/infra/modules/trust/trust.go

@@ -142,7 +142,7 @@ func (store *Store) trcRequestFunc(ctx context.Context, request dedupe.Request)
 		return dedupe.Response{Data: nil}
 	}
 
-	if req.version != scrypto.LatestVer && trcObj.Version != req.version {
+	if !req.version.IsLatest() && trcObj.Version != req.version {
 		return wrapErr(serrors.WrapStr("remote server responded with bad version",
 			ErrInvalidResponse, "got", trcObj.Version, "expected", req.version))
 	}
@@ -171,7 +171,7 @@ func (store *Store) chainRequestFunc(ctx context.Context, request dedupe.Request
 	if chain == nil {
 		return dedupe.Response{Data: nil}
 	}
-	if req.version != scrypto.LatestVer && chain.Leaf.Version != req.version {
+	if !req.version.IsLatest() && chain.Leaf.Version != req.version {
 		return wrapErr(serrors.WrapStr("Remote server responded with bad version",
 			ErrInvalidResponse, "got", chain.Leaf.Version, "expected", req.version))
 	}
@@ -207,7 +207,7 @@ func (store *Store) getTRC(ctx context.Context, isd addr.ISD, version scrypto.Ve
 		CacheOnly: opts.LocalOnly,
 		Result:    metrics.ErrInternal,
 	}
-	trcObj, err := store.trustdb.GetTRCVersion(ctx, isd, uint64(version))
+	trcObj, err := store.trustdb.GetTRCVersion(ctx, isd, version)
 	if err != nil {
 		metrics.Store.Lookup(l.WithResult(metrics.ErrDB)).Inc()
 		return nil, err
@@ -245,7 +245,7 @@ func (store *Store) getTRC(ctx context.Context, isd addr.ISD, version scrypto.Ve
 	}
 	trcObj, err = store.getTRCFromNetwork(ctx, &trcRequest{
 		isd:      isd,
-		version:  uint64(version),
+		version:  version,
 		id:       messenger.NextId(),
 		server:   opts.Server,
 		postHook: store.insertTRCHook(),
@@ -365,7 +365,7 @@ func (store *Store) getChain(ctx context.Context, ia addr.IA, version scrypto.Ve
 		CacheOnly: opts.LocalOnly,
 		Result:    metrics.ErrInternal,
 	}
-	chain, err := store.trustdb.GetChainVersion(ctx, ia, uint64(version))
+	chain, err := store.trustdb.GetChainVersion(ctx, ia, version)
 	if err != nil {
 		metrics.Store.Lookup(l.WithResult(metrics.ErrDB)).Inc()
 		return nil, err
@@ -395,7 +395,7 @@ func (store *Store) getChain(ctx context.Context, ia addr.IA, version scrypto.Ve
 	trcOpts := infra.TRCOpts{
 		TrustStoreOpts: opts.TrustStoreOpts,
 	}
-	trcObj, err := store.getTRC(ctx, ia.I, scrypto.Version(scrypto.LatestVer), trcOpts, client)
+	trcObj, err := store.getTRC(ctx, ia.I, scrypto.LatestVer, trcOpts, client)
 	if err != nil {
 		metrics.Store.Lookup(l.WithResult(metrics.ErrTRC)).Inc()
 		return nil, err
@@ -415,7 +415,7 @@ func (store *Store) getChain(ctx context.Context, ia addr.IA, version scrypto.Ve
 	}
 	chain, err = store.getChainFromNetwork(ctx, &chainRequest{
 		ia:       ia,
-		version:  uint64(version),
+		version:  version,
 		id:       messenger.NextId(),
 		server:   opts.Server,
 		postHook: store.newChainValidator(trcObj),
@@ -573,7 +573,7 @@ func (store *Store) LoadAuthoritativeTRC(dir string) error {
 	defer cancelF()
 	ctx = metrics.CtxWith(ctx, metrics.Load)
 	opts := infra.TRCOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}}
-	dbTRC, err := store.getTRC(ctx, store.ia.I, scrypto.Version(scrypto.LatestVer), opts, nil)
+	dbTRC, err := store.getTRC(ctx, store.ia.I, scrypto.LatestVer, opts, nil)
 	switch {
 	case err != nil && !xerrors.Is(err, ErrNotFoundLocally):
 		// Unexpected error in trust store
@@ -629,7 +629,7 @@ func (store *Store) LoadAuthoritativeChain(dir string) error {
 	defer cancelF()
 	ctx = metrics.CtxWith(ctx, metrics.Load)
 	opts := infra.ChainOpts{TrustStoreOpts: infra.TrustStoreOpts{LocalOnly: true}}
-	chain, err := store.getChain(ctx, store.ia, scrypto.Version(scrypto.LatestVer), opts, nil)
+	chain, err := store.getChain(ctx, store.ia, scrypto.LatestVer, opts, nil)
 	switch {
 	case err != nil && !xerrors.Is(err, ErrMissingAuthoritative):
 		// Unexpected error in trust store
@@ -813,7 +813,7 @@ func (store *Store) ByAttributes(ctx context.Context, isd addr.ISD,
 
 	ctx = metrics.CtxWith(ctx, metrics.ASInspector)
 	trcOpts := infra.TRCOpts{TrustStoreOpts: opts.TrustStoreOpts}
-	trc, err := store.GetTRC(ctx, isd, scrypto.Version(scrypto.LatestVer), trcOpts)
+	trc, err := store.GetTRC(ctx, isd, scrypto.LatestVer, trcOpts)
 	if err != nil {
 		return nil, common.NewBasicError("unable to resolve TRC", err)
 	}
@@ -829,7 +829,7 @@ func (store *Store) HasAttributes(ctx context.Context, ia addr.IA,
 
 	ctx = metrics.CtxWith(ctx, metrics.ASInspector)
 	trcOpts := infra.TRCOpts{TrustStoreOpts: opts.TrustStoreOpts}
-	trc, err := store.GetTRC(ctx, ia.I, scrypto.Version(scrypto.LatestVer), trcOpts)
+	trc, err := store.GetTRC(ctx, ia.I, scrypto.LatestVer, trcOpts)
 	if err != nil {
 		return false, common.NewBasicError("unable to resolve TRC", err)
 	}

go/lib/infra/modules/trust/trust_test.go

@@ -345,7 +345,7 @@ func TestTRCReqHandler(t *testing.T) {
 	tests := map[string]struct {
 		Name             string
 		ISD              addr.ISD
-		Version          uint64
+		Version          scrypto.Version
 		ExpData          *trc.TRC
 		ErrAssertion     require.ErrorAssertionFunc
 		RecursionEnabled bool // Tell the server to recurse on unknown objects
@@ -484,7 +484,7 @@ func TestChainReqHandler(t *testing.T) {
 
 	tests := map[string]struct {
 		IA               addr.IA
-		Version          uint64
+		Version          scrypto.Version
 		ExpData          *cert.Chain
 		ErrAssertion     require.ErrorAssertionFunc
 		RecursionEnabled bool // Tell the server to recurse on unknown objects
@@ -625,11 +625,11 @@ func loadCrypto(t *testing.T, isds []addr.ISD,
 	return trcMap, chainMap
 }
 
-func getTRCFileName(isd addr.ISD, version uint64) string {
+func getTRCFileName(isd addr.ISD, version scrypto.Version) string {
 	return fmt.Sprintf("%s/ISD%d/trcs/ISD%d-V%d.trc", tmpDir, isd, isd, version)
 }
 
-func getChainFileName(ia addr.IA, version uint64) string {
+func getChainFileName(ia addr.IA, version scrypto.Version) string {
 	return fmt.Sprintf("%s/ISD%d/AS%s/certs/ISD%d-AS%s-V%d.crt",
 		tmpDir, ia.I, ia.A.FileFmt(), ia.I, ia.A.FileFmt(), version)
 }