fix: quic message handler okay with not handled message types #3236
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
scrye
approved these changes
Oct 10, 2019
There was a problem hiding this comment.
Reviewed 1 of 1 files at r1.
Reviewable status:complete! all files reviewed, all discussions resolved
juagargi
force-pushed
the
handler_patch
branch
from
1fbf1c7 to
df8b93c
Compare
scrye
approved these changes
Oct 10, 2019
There was a problem hiding this comment.
Reviewable status:
juagargi
added a commit
to juagargi/scion
that referenced
this pull request
Oct 10, 2019
juagargi
added a commit
to netsec-ethz/scion
that referenced
this pull request
Oct 14, 2019
* Mapping of FirstOrder Messages of Capnp to go/lib * Second level drkey message representation * InputType for PRF added * Add DRKeyLvl2 representation * Second order rep. and key derivation suite * Add enc/dec of DRKeyLvl1 * add keystore * remove AS2HostPair * fix keystore tests * update req & rep according to spec * Finalize msg representation * Extend infra module to handle DRKey requests and replies * Moved keystore * DRKey Handler skeleton for CSGO * Finalized DRKey messaging in infra * Introduce epoch type * Add nonce for encryption as payload * Change date for first level derivation to epoch number * Implement DRKeyLvl1 Request & Reply Handler for cert_srv * minor fixes * Fixed after rebase * Fix build. Minimize changes to setup. Fix configuration use on drkey handler. Remove main package usage in drkey.tasks. * Add UT covering level1 drkey exchange * Return the reply object and UT it * Refactor a bit the level 1 reply handler * Reintroduce the drkey keystore * Refactor the keystore * Configuration refactor * Rebased on master. Coming from 2fed00a pre-scionlab to current master. Many changes regarding Messenger and ResponseWriter. Pending code marked with TODO drkeytest . Not passing yet UTs nor they build. * Update the mocks * sciond DRkey level 2 API function skeleton * Continue with the sciond DRKey API. Relay on the messenger methods to obtain the level 2 keys, just synchronously wait for the reply and send it back. * Fix some issues with sciond capnp structures, refactor * Send something from the handler to test sciond. Finish writing the reply back from the response writer to sciond. Fix mapping name of field in lvl2 reply to capnp. * Handle request for level 2. Skeleton for srcAS being this AS. UTs. * WIP Level 2 exchange. Added beginning of a UT covering the case of relaying the query to another CS. WIP relay the query to another CS (level 2 only for now). * WIP Level 2 exchange. Some refactors. drkey.keystore now has an interface. * Mock drkeystore in handler UT * Storing level 2 key in DB. Missing UT. * Complete the data-flow sciond-CS * Fix getting the cert. chain from remote AS. The L2 request handler now derives the key from L1 from another CS, instead of requesting the L2 key itself. Changed signature of DRKeyStore.GetDRKeyLvl1. * Cleanup handler UT * Add a DRKey Store clean task * Simplify DRKeyStore, start drkey.Requester * Add new fcn to drkey store * Add yet another fcn to keystore * Update pending list in requester * Requester setup & UT * Requester processes pending L1 keys * Requester UT * SecretValue function added * DRKey L1 pending never has itself * Cleanup * Obtain SV with the correct timestamp. Also cache the SVs until expiration time. * Refactoring, mainly naming Symbols under go/lib/ctrl/drkey_mgmt . * Refactor, rename. Some symbols in go/lib/drkey . * New drkey types * Refactoring. Creating packages like in the beacon service: - "drkeystorage" with an interface of what a Store is . - "drkey", with implementations of the SV, DRkey level 1 and 2, and also a concrete Store; it also defines the interface for the DB. - "drkeydbsqlite" implementing the DB defined in drkey. Some UTs brought back to life. Still pending the derivation interface, the protocol mapping and cleaning everywhere. * Correct package name to drkeystorage * Introduction of Protocol. There is no configuration counterpart yet. * Minor refactoring * Rollback changes to python * Use Lvl1, Lvl2 and not L1 or Level1 * replace TODO drkeytest w/ TODO(juagargi) * DRKey own configuration. Allow DRKey not to be configured, and run an empty DRKey store. Rename Store methods. * Fix drkeydbsqlite UT * Reintroduce the drkey Store mock. Also build UTs again; some of them fail now. The level 2 handler does not read a level 2 key from the store, but always derives it from the level 1 now. * Simplified configuration. Added config option to map protocols to drkey derivations. * Fixes to the drkey configuration samples * Update signer and verifier in the CS * Split handler file * Remove unused function * Rename some methods from the handlers * Refactor, better func names, added comments * Better names in drkey_mgmt * drkeystorage Store interface change * The level 1 reply contains a timestamp. Also use its CertVerDst field to retrieve the correct certificate when decrypting the reply. Add a config. value holding the age tolerance of the reply. * rename handler files * Also bazel build file, because renaming * Comments and some refactoring * make the set with the correct size already * Display time values in drkey_ctrl with the compact format. Also call util.SecsToTime instead of calling time.Unix with the value casted to int64. * missing bazel build file * Refactor. String methods for keys back. The definition of DRKey is modified to just embed RawBytes. * Remove GetMasterKey from Store * Refactor the drkey types. The secret value and keys are composed of the meta info and a DRKey. A DRKey is just a RawBytes. Leave DRKey.String but remove all other String methods. * Refactor: rename * Split the SV from the Store interface * Rename import package * SecretValueFactory: don't set duration or master key * No default derivation. Removed the default derivation. When a request with a protocol is not mapped to a specific derivation, it fails. * Refactor: split protocol into 2 files * Move Store implementation to cert_srv * New level 1 store * Handlers in ServiceStore * Modified protocol interfaces. Added interface DelegationDerivation, with a method to derive from DS. Modified the delegated implementation. Added default implementations for scmp and piskes. Added default initialization of the registry, with scmp and piskes in it. * Move DeriveLvl1 to the protocol pkg * Clean up store, Lvl1DB interface * refactor: split DB in two structs * Base Backend * Changes in level 2 derivation. Use mac.Sum(nil) to obtain the key value. For level 2 standard derivation, write 1 byte with the length of protocol. Don't write the length otherwise. * Follow the docs deriving SV and lvl2 keys * Fix delegated derivation to follow the docs * Adapt cert drkey UTs * further UT cleaning in cert_srv/internal/config * comment out requester UT as requester is commented out * EpochToSV to the drkey store prior to renaming * rename EpochToSV to SecretValueStore * Fix more go/lib/drkey UTs * fix drkeydbsqlite/db_test UT * removed convey * simplify protocol registry * Simplify registry again * remove until properly defined * Slightly modify DRKeyGetLvl2Key in sciond. Also remove drkeystorage.Store as mock class. * Check DRKey config values also in the CS config UT * WIP: replace custom ia(string) function with xtest.MustParseIA * Removed configuration for protocols. Protocols are not configurable anymore. There is a list of preconfigured protocols. For now it contains only SCMP (direct standard level 2 derivation) and PISKES (delegated derivation through delegation secret). Refactor. Adapt UTs. * WIP prepare for DRKey client store * split implementation of store in several files * WIP: client store * WIP: DRKey store for sciond * DRKey store for sciond * Remove SetMessenger from the client store * cleanup * CS config sample in one file * Add delegation configuration list * Configure which end hosts get DSs * Fix bug in delegated derivation. And add UT. * drkey store cleaner runs also in sciond * Level 1 key prefetcher * fix: quic message handler okay with not handled message types (scionproto#3236) * Clearer messages * Allow sciond to work without DRKey
juagargi
added a commit
to netsec-ethz/scion
that referenced
this pull request
Oct 17, 2019
* DRKey implementation (#51) * Mapping of FirstOrder Messages of Capnp to go/lib * Second level drkey message representation * InputType for PRF added * Add DRKeyLvl2 representation * Second order rep. and key derivation suite * Add enc/dec of DRKeyLvl1 * add keystore * remove AS2HostPair * fix keystore tests * update req & rep according to spec * Finalize msg representation * Extend infra module to handle DRKey requests and replies * Moved keystore * DRKey Handler skeleton for CSGO * Finalized DRKey messaging in infra * Introduce epoch type * Add nonce for encryption as payload * Change date for first level derivation to epoch number * Implement DRKeyLvl1 Request & Reply Handler for cert_srv * minor fixes * Fixed after rebase * Fix build. Minimize changes to setup. Fix configuration use on drkey handler. Remove main package usage in drkey.tasks. * Add UT covering level1 drkey exchange * Return the reply object and UT it * Refactor a bit the level 1 reply handler * Reintroduce the drkey keystore * Refactor the keystore * Configuration refactor * Rebased on master. Coming from 2fed00a pre-scionlab to current master. Many changes regarding Messenger and ResponseWriter. Pending code marked with TODO drkeytest . Not passing yet UTs nor they build. * Update the mocks * sciond DRkey level 2 API function skeleton * Continue with the sciond DRKey API. Relay on the messenger methods to obtain the level 2 keys, just synchronously wait for the reply and send it back. * Fix some issues with sciond capnp structures, refactor * Send something from the handler to test sciond. Finish writing the reply back from the response writer to sciond. Fix mapping name of field in lvl2 reply to capnp. * Handle request for level 2. Skeleton for srcAS being this AS. UTs. * WIP Level 2 exchange. Added beginning of a UT covering the case of relaying the query to another CS. WIP relay the query to another CS (level 2 only for now). * WIP Level 2 exchange. Some refactors. drkey.keystore now has an interface. * Mock drkeystore in handler UT * Storing level 2 key in DB. Missing UT. * Complete the data-flow sciond-CS * Fix getting the cert. chain from remote AS. The L2 request handler now derives the key from L1 from another CS, instead of requesting the L2 key itself. Changed signature of DRKeyStore.GetDRKeyLvl1. * Cleanup handler UT * Add a DRKey Store clean task * Simplify DRKeyStore, start drkey.Requester * Add new fcn to drkey store * Add yet another fcn to keystore * Update pending list in requester * Requester setup & UT * Requester processes pending L1 keys * Requester UT * SecretValue function added * DRKey L1 pending never has itself * Cleanup * Obtain SV with the correct timestamp. Also cache the SVs until expiration time. * Refactoring, mainly naming Symbols under go/lib/ctrl/drkey_mgmt . * Refactor, rename. Some symbols in go/lib/drkey . * New drkey types * Refactoring. Creating packages like in the beacon service: - "drkeystorage" with an interface of what a Store is . - "drkey", with implementations of the SV, DRkey level 1 and 2, and also a concrete Store; it also defines the interface for the DB. - "drkeydbsqlite" implementing the DB defined in drkey. Some UTs brought back to life. Still pending the derivation interface, the protocol mapping and cleaning everywhere. * Correct package name to drkeystorage * Introduction of Protocol. There is no configuration counterpart yet. * Minor refactoring * Rollback changes to python * Use Lvl1, Lvl2 and not L1 or Level1 * replace TODO drkeytest w/ TODO(juagargi) * DRKey own configuration. Allow DRKey not to be configured, and run an empty DRKey store. Rename Store methods. * Fix drkeydbsqlite UT * Reintroduce the drkey Store mock. Also build UTs again; some of them fail now. The level 2 handler does not read a level 2 key from the store, but always derives it from the level 1 now. * Simplified configuration. Added config option to map protocols to drkey derivations. * Fixes to the drkey configuration samples * Update signer and verifier in the CS * Split handler file * Remove unused function * Rename some methods from the handlers * Refactor, better func names, added comments * Better names in drkey_mgmt * drkeystorage Store interface change * The level 1 reply contains a timestamp. Also use its CertVerDst field to retrieve the correct certificate when decrypting the reply. Add a config. value holding the age tolerance of the reply. * rename handler files * Also bazel build file, because renaming * Comments and some refactoring * make the set with the correct size already * Display time values in drkey_ctrl with the compact format. Also call util.SecsToTime instead of calling time.Unix with the value casted to int64. * missing bazel build file * Refactor. String methods for keys back. The definition of DRKey is modified to just embed RawBytes. * Remove GetMasterKey from Store * Refactor the drkey types. The secret value and keys are composed of the meta info and a DRKey. A DRKey is just a RawBytes. Leave DRKey.String but remove all other String methods. * Refactor: rename * Split the SV from the Store interface * Rename import package * SecretValueFactory: don't set duration or master key * No default derivation. Removed the default derivation. When a request with a protocol is not mapped to a specific derivation, it fails. * Refactor: split protocol into 2 files * Move Store implementation to cert_srv * New level 1 store * Handlers in ServiceStore * Modified protocol interfaces. Added interface DelegationDerivation, with a method to derive from DS. Modified the delegated implementation. Added default implementations for scmp and piskes. Added default initialization of the registry, with scmp and piskes in it. * Move DeriveLvl1 to the protocol pkg * Clean up store, Lvl1DB interface * refactor: split DB in two structs * Base Backend * Changes in level 2 derivation. Use mac.Sum(nil) to obtain the key value. For level 2 standard derivation, write 1 byte with the length of protocol. Don't write the length otherwise. * Follow the docs deriving SV and lvl2 keys * Fix delegated derivation to follow the docs * Adapt cert drkey UTs * further UT cleaning in cert_srv/internal/config * comment out requester UT as requester is commented out * EpochToSV to the drkey store prior to renaming * rename EpochToSV to SecretValueStore * Fix more go/lib/drkey UTs * fix drkeydbsqlite/db_test UT * removed convey * simplify protocol registry * Simplify registry again * remove until properly defined * Slightly modify DRKeyGetLvl2Key in sciond. Also remove drkeystorage.Store as mock class. * Check DRKey config values also in the CS config UT * WIP: replace custom ia(string) function with xtest.MustParseIA * Removed configuration for protocols. Protocols are not configurable anymore. There is a list of preconfigured protocols. For now it contains only SCMP (direct standard level 2 derivation) and PISKES (delegated derivation through delegation secret). Refactor. Adapt UTs. * WIP prepare for DRKey client store * split implementation of store in several files * WIP: client store * WIP: DRKey store for sciond * DRKey store for sciond * Remove SetMessenger from the client store * cleanup * CS config sample in one file * Add delegation configuration list * Configure which end hosts get DSs * Fix bug in delegated derivation. And add UT. * drkey store cleaner runs also in sciond * Level 1 key prefetcher * fix: quic message handler okay with not handled message types (scionproto#3236) * Clearer messages * Allow sciond to work without DRKey * Fixes after rebasing DRKey
matzf
pushed a commit
to matzf/scion
that referenced
this pull request
Jan 8, 2020
* DRKey implementation (scionproto#51) * Mapping of FirstOrder Messages of Capnp to go/lib * Second level drkey message representation * InputType for PRF added * Add DRKeyLvl2 representation * Second order rep. and key derivation suite * Add enc/dec of DRKeyLvl1 * add keystore * remove AS2HostPair * fix keystore tests * update req & rep according to spec * Finalize msg representation * Extend infra module to handle DRKey requests and replies * Moved keystore * DRKey Handler skeleton for CSGO * Finalized DRKey messaging in infra * Introduce epoch type * Add nonce for encryption as payload * Change date for first level derivation to epoch number * Implement DRKeyLvl1 Request & Reply Handler for cert_srv * minor fixes * Fixed after rebase * Fix build. Minimize changes to setup. Fix configuration use on drkey handler. Remove main package usage in drkey.tasks. * Add UT covering level1 drkey exchange * Return the reply object and UT it * Refactor a bit the level 1 reply handler * Reintroduce the drkey keystore * Refactor the keystore * Configuration refactor * Rebased on master. Coming from 2fed00a pre-scionlab to current master. Many changes regarding Messenger and ResponseWriter. Pending code marked with TODO drkeytest . Not passing yet UTs nor they build. * Update the mocks * sciond DRkey level 2 API function skeleton * Continue with the sciond DRKey API. Relay on the messenger methods to obtain the level 2 keys, just synchronously wait for the reply and send it back. * Fix some issues with sciond capnp structures, refactor * Send something from the handler to test sciond. Finish writing the reply back from the response writer to sciond. Fix mapping name of field in lvl2 reply to capnp. * Handle request for level 2. Skeleton for srcAS being this AS. UTs. * WIP Level 2 exchange. Added beginning of a UT covering the case of relaying the query to another CS. WIP relay the query to another CS (level 2 only for now). * WIP Level 2 exchange. Some refactors. drkey.keystore now has an interface. * Mock drkeystore in handler UT * Storing level 2 key in DB. Missing UT. * Complete the data-flow sciond-CS * Fix getting the cert. chain from remote AS. The L2 request handler now derives the key from L1 from another CS, instead of requesting the L2 key itself. Changed signature of DRKeyStore.GetDRKeyLvl1. * Cleanup handler UT * Add a DRKey Store clean task * Simplify DRKeyStore, start drkey.Requester * Add new fcn to drkey store * Add yet another fcn to keystore * Update pending list in requester * Requester setup & UT * Requester processes pending L1 keys * Requester UT * SecretValue function added * DRKey L1 pending never has itself * Cleanup * Obtain SV with the correct timestamp. Also cache the SVs until expiration time. * Refactoring, mainly naming Symbols under go/lib/ctrl/drkey_mgmt . * Refactor, rename. Some symbols in go/lib/drkey . * New drkey types * Refactoring. Creating packages like in the beacon service: - "drkeystorage" with an interface of what a Store is . - "drkey", with implementations of the SV, DRkey level 1 and 2, and also a concrete Store; it also defines the interface for the DB. - "drkeydbsqlite" implementing the DB defined in drkey. Some UTs brought back to life. Still pending the derivation interface, the protocol mapping and cleaning everywhere. * Correct package name to drkeystorage * Introduction of Protocol. There is no configuration counterpart yet. * Minor refactoring * Rollback changes to python * Use Lvl1, Lvl2 and not L1 or Level1 * replace TODO drkeytest w/ TODO(juagargi) * DRKey own configuration. Allow DRKey not to be configured, and run an empty DRKey store. Rename Store methods. * Fix drkeydbsqlite UT * Reintroduce the drkey Store mock. Also build UTs again; some of them fail now. The level 2 handler does not read a level 2 key from the store, but always derives it from the level 1 now. * Simplified configuration. Added config option to map protocols to drkey derivations. * Fixes to the drkey configuration samples * Update signer and verifier in the CS * Split handler file * Remove unused function * Rename some methods from the handlers * Refactor, better func names, added comments * Better names in drkey_mgmt * drkeystorage Store interface change * The level 1 reply contains a timestamp. Also use its CertVerDst field to retrieve the correct certificate when decrypting the reply. Add a config. value holding the age tolerance of the reply. * rename handler files * Also bazel build file, because renaming * Comments and some refactoring * make the set with the correct size already * Display time values in drkey_ctrl with the compact format. Also call util.SecsToTime instead of calling time.Unix with the value casted to int64. * missing bazel build file * Refactor. String methods for keys back. The definition of DRKey is modified to just embed RawBytes. * Remove GetMasterKey from Store * Refactor the drkey types. The secret value and keys are composed of the meta info and a DRKey. A DRKey is just a RawBytes. Leave DRKey.String but remove all other String methods. * Refactor: rename * Split the SV from the Store interface * Rename import package * SecretValueFactory: don't set duration or master key * No default derivation. Removed the default derivation. When a request with a protocol is not mapped to a specific derivation, it fails. * Refactor: split protocol into 2 files * Move Store implementation to cert_srv * New level 1 store * Handlers in ServiceStore * Modified protocol interfaces. Added interface DelegationDerivation, with a method to derive from DS. Modified the delegated implementation. Added default implementations for scmp and piskes. Added default initialization of the registry, with scmp and piskes in it. * Move DeriveLvl1 to the protocol pkg * Clean up store, Lvl1DB interface * refactor: split DB in two structs * Base Backend * Changes in level 2 derivation. Use mac.Sum(nil) to obtain the key value. For level 2 standard derivation, write 1 byte with the length of protocol. Don't write the length otherwise. * Follow the docs deriving SV and lvl2 keys * Fix delegated derivation to follow the docs * Adapt cert drkey UTs * further UT cleaning in cert_srv/internal/config * comment out requester UT as requester is commented out * EpochToSV to the drkey store prior to renaming * rename EpochToSV to SecretValueStore * Fix more go/lib/drkey UTs * fix drkeydbsqlite/db_test UT * removed convey * simplify protocol registry * Simplify registry again * remove until properly defined * Slightly modify DRKeyGetLvl2Key in sciond. Also remove drkeystorage.Store as mock class. * Check DRKey config values also in the CS config UT * WIP: replace custom ia(string) function with xtest.MustParseIA * Removed configuration for protocols. Protocols are not configurable anymore. There is a list of preconfigured protocols. For now it contains only SCMP (direct standard level 2 derivation) and PISKES (delegated derivation through delegation secret). Refactor. Adapt UTs. * WIP prepare for DRKey client store * split implementation of store in several files * WIP: client store * WIP: DRKey store for sciond * DRKey store for sciond * Remove SetMessenger from the client store * cleanup * CS config sample in one file * Add delegation configuration list * Configure which end hosts get DSs * Fix bug in delegated derivation. And add UT. * drkey store cleaner runs also in sciond * Level 1 key prefetcher * fix: quic message handler okay with not handled message types (scionproto#3236) * Clearer messages * Allow sciond to work without DRKey * Fixes after rebasing DRKey
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check if there is a handler before calling it.
This change is