Skip to content

Commit

Permalink
Pin key server initial STR, load in client (#204)
Browse files Browse the repository at this point in the history
  • Loading branch information
masomel authored Jul 22, 2018
1 parent dd0db5f commit 11acf48
Show file tree
Hide file tree
Showing 8 changed files with 98 additions and 7 deletions.
2 changes: 1 addition & 1 deletion .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ language: go
go:
- "1.9"
- "1.10"
- tip
# Temporarily stop testing for Go tip due to unknown go fmt error - tip

# TODO: Run `dep ensure` in Travis
# see: https://github.com/coniks-sys/coniks-go/pull/201
Expand Down
15 changes: 13 additions & 2 deletions application/client/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package client
import (
"github.com/coniks-sys/coniks-go/application"
"github.com/coniks-sys/coniks-go/crypto/sign"
"github.com/coniks-sys/coniks-go/protocol"
)

// Config contains the client's configuration needed to send a request to a
Expand All @@ -17,8 +18,10 @@ type Config struct {
*application.CommonConfig

SignPubkeyPath string `toml:"sign_pubkey_path"`
SigningPubKey sign.PublicKey

SigningPubKey sign.PublicKey
InitSTRPath string `toml:"init_str_path"`
InitSTR *protocol.DirSTR

RegAddress string `toml:"registration_address,omitempty"`
Address string `toml:"address"`
Expand All @@ -30,11 +33,12 @@ var _ application.AppConfig = (*Config)(nil)
// given file path, with the given config encoding,
// server signing public key path, registration address, and
// server address.
func NewConfig(file, encoding string, signPubkeyPath, regAddr,
func NewConfig(file, encoding, signPubkeyPath, initSTRPath, regAddr,
serverAddr string) *Config {
var conf = Config{
CommonConfig: application.NewCommonConfig(file, encoding, nil),
SignPubkeyPath: signPubkeyPath,
InitSTRPath: initSTRPath,
RegAddress: regAddr,
Address: serverAddr,
}
Expand All @@ -58,6 +62,13 @@ func (conf *Config) Load(file, encoding string) error {
}
conf.SigningPubKey = signPubKey

// load initial STR
initSTR, err := application.LoadInitSTR(conf.InitSTRPath, file)
if err != nil {
return err
}
conf.InitSTR = initSTR

return nil
}

Expand Down
65 changes: 65 additions & 0 deletions application/config.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
package application

import (
"bytes"
"encoding/json"
"fmt"
"io/ioutil"

"github.com/BurntSushi/toml"
"github.com/coniks-sys/coniks-go/crypto/sign"
"github.com/coniks-sys/coniks-go/protocol"
"github.com/coniks-sys/coniks-go/utils"
)

Expand Down Expand Up @@ -61,3 +65,64 @@ func LoadSigningPubKey(path, file string) (sign.PublicKey, error) {
}
return signPubKey, nil
}

// LoadInitSTR loads an initial STR at the given path
// specified in the given config file.
// If there is any parsing error or the STR is malformed,
// LoadInitSTR() returns an error with a nil STR.
func LoadInitSTR(path, file string) (*protocol.DirSTR, error) {
initSTRPath := utils.ResolvePath(path, file)
initSTRBytes, err := ioutil.ReadFile(initSTRPath)
if err != nil {
return nil, fmt.Errorf("Cannot read init STR: %v", err)
}
initSTR := new(protocol.DirSTR)
if err := json.Unmarshal(initSTRBytes, &initSTR); err != nil {
return nil, fmt.Errorf("Cannot parse initial STR: %v", err)
}
if initSTR.Epoch != 0 {
return nil, fmt.Errorf("Initial STR epoch must be 0 (got %d)", initSTR.Epoch)
}
return initSTR, nil
}

// SaveSTR serializes the given STR to the given file.
func SaveSTR(file string, str *protocol.DirSTR) error {
strBytes, err := json.Marshal(str)
if err != nil {
return err
}

if err := utils.WriteFile(file, strBytes, 0600); err != nil {
return err
}

return nil
}

// LoadConfig loads an application configuration from the given toml-encoded
// file. If there is any decoding error, an LoadConfig() returns an error
// with a nil config.
func LoadConfig(file string) (AppConfig, error) {
var conf AppConfig
if _, err := toml.DecodeFile(file, &conf); err != nil {
return nil, fmt.Errorf("Failed to load config: %v", err)
}
return conf, nil
}

// SaveConfig stores the given configuration conf in the given
// file using toml encoding.
// If there is any encoding or IO error, SaveConfig() returns an error.
func SaveConfig(file string, conf AppConfig) error {
var confBuf bytes.Buffer

e := toml.NewEncoder(&confBuf)
if err := e.Encode(conf); err != nil {
return err
}
if err := utils.WriteFile(file, confBuf.Bytes(), 0644); err != nil {
return err
}
return nil
}
5 changes: 4 additions & 1 deletion application/server/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ type Config struct {
LoadedHistoryLength uint64 `toml:"loaded_history_length"`
// Policies contains the server's CONIKS policies configuration.
Policies *Policies `toml:"policies"`
// Path to store the initial STR
InitSTRPath string `toml:"init_str_path"`
// Addresses contains the server's connections configuration.
Addresses []*Address `toml:"addresses"`
// The server's epoch interval for updating the directory
Expand All @@ -34,12 +36,13 @@ var _ application.AppConfig = (*Config)(nil)
// loaded history length and server application policies.
func NewConfig(file, encoding string, addrs []*Address,
logConfig *application.LoggerConfig,
loadedHistLen uint64, policies *Policies) *Config {
loadedHistLen uint64, policies *Policies, initSTRPath string) *Config {
var conf = Config{
CommonConfig: application.NewCommonConfig(file, encoding, logConfig),
LoadedHistoryLength: loadedHistLen,
Addresses: addrs,
Policies: policies,
InitSTRPath: initSTRPath,
}

return &conf
Expand Down
8 changes: 8 additions & 0 deletions application/server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"github.com/coniks-sys/coniks-go/application"
"github.com/coniks-sys/coniks-go/protocol"
"github.com/coniks-sys/coniks-go/protocol/directory"
"github.com/coniks-sys/coniks-go/utils"
)

// An Address describes a server's connection.
Expand Down Expand Up @@ -64,6 +65,13 @@ func NewConiksServer(conf *Config) *ConiksServer {
epochTimer: application.NewEpochTimer(conf.EpochDeadline),
}

// save the initial STR to be used for initializing auditors
// FIXME: this saving should happen in protocol/ (i.e., when the
// server starts and updates), because eventually we'll need
// persistent storage.
initSTRPath := utils.ResolvePath(conf.InitSTRPath, conf.Path)
application.SaveSTR(initSTRPath, server.dir.LatestSTR())

return server
}

Expand Down
2 changes: 1 addition & 1 deletion cli/coniksclient/internal/cmd/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ func init() {
func mkConfigOrExit(cmd *cobra.Command, args []string) {
dir := cmd.Flag("dir").Value.String()
file := path.Join(dir, "config.toml")

conf := client.NewConfig(file, "toml", "../coniksserver/sign.pub",
"../../keyserver/coniksserver/init.str",
"tcp://127.0.0.1:3000", "tcp://127.0.0.1:3000")

if err := conf.Save(); err != nil {
Expand Down
5 changes: 4 additions & 1 deletion cli/coniksclient/internal/cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,10 @@ func init() {
func run(cmd *cobra.Command, args []string) {
isDebugging, _ := strconv.ParseBool(cmd.Flag("debug").Value.String())
conf := loadConfigOrExit(cmd)
cc := client.New(nil, true, conf.SigningPubKey)

// FIXME: right now we're passing the initSTR, but we should really
// be passing the latest pinned STR here
cc := client.New(conf.InitSTR, true, conf.SigningPubKey)

state, err := terminal.MakeRaw(int(os.Stdin.Fd()))
if err != nil {
Expand Down
3 changes: 2 additions & 1 deletion cli/coniksserver/internal/cmd/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,8 @@ func mkConfig(dir string) {
SignKeyPath: "sign.priv",
}

conf := server.NewConfig(file, "toml", addrs, logger, 1000000, policies)
conf := server.NewConfig(file, "toml", addrs, logger, 1000000, policies,
"init.str")

if err := conf.Save(); err != nil {
log.Println(err)
Expand Down

0 comments on commit 11acf48

Please sign in to comment.