pass

control/config/drkey.go

@@ -22,10 +22,11 @@ import (
 	"github.com/scionproto/scion/pkg/drkey"
 	"github.com/scionproto/scion/pkg/private/serrors"
 	"github.com/scionproto/scion/private/config"
-	"github.com/scionproto/scion/private/drkey/drkeyutil"
 	"github.com/scionproto/scion/private/storage"
 )
 
+const DefaultPrefetchEntries = 10000
+
 var _ (config.Config) = (*DRKeyConfig)(nil)
 
 // DRKeyConfig is the configuration for the connection to the trust database.
@@ -39,7 +40,7 @@ type DRKeyConfig struct {
 // InitDefaults initializes values of unset keys and determines if the configuration enables DRKey.
 func (cfg *DRKeyConfig) InitDefaults() {
 	if cfg.PrefetchEntries == 0 {
-		cfg.PrefetchEntries = drkeyutil.DefaultPrefetchEntries
+		cfg.PrefetchEntries = DefaultPrefetchEntries
 	}
 	config.InitAll(
 		cfg.Level1DB.WithDefault(""),

control/config/drkey_test.go

@@ -25,14 +25,13 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/scionproto/scion/pkg/drkey"
-	"github.com/scionproto/scion/private/drkey/drkeyutil"
 	"github.com/scionproto/scion/private/storage"
 )
 
 func TestInitDefaults(t *testing.T) {
 	var cfg DRKeyConfig
 	cfg.InitDefaults()
-	assert.EqualValues(t, drkeyutil.DefaultPrefetchEntries, cfg.PrefetchEntries)
+	assert.EqualValues(t, DefaultPrefetchEntries, cfg.PrefetchEntries)
 	assert.NotNil(t, cfg.Delegation)
 }
 

pkg/drkey/drkey.go

@@ -44,8 +44,8 @@ type Epoch struct {
 func NewEpoch(begin, end uint32) Epoch {
 	return Epoch{
 		cppki.Validity{
-			NotBefore: util.SecsToTime(begin).UTC(),
-			NotAfter:  util.SecsToTime(end).UTC(),
+			NotBefore: util.SecsToTime(begin),
+			NotAfter:  util.SecsToTime(end),
 		},
 	}
 }

pkg/slayers/pkt_auth.go

@@ -204,7 +204,7 @@ func (o PacketAuthOption) Algorithm() PacketAuthAlg {
 
 // Timestamp returns the value set in the homonym field in the extension.
 func (o PacketAuthOption) TimestampSN() uint64 {
-	return bigEndian(o.OptData[6:12])
+	return bigEndianUint48(o.OptData[6:12])
 }
 
 // Authenticator returns slice of the underlying auth buffer.
@@ -214,7 +214,7 @@ func (o PacketAuthOption) Authenticator() []byte {
 	return o.OptData[12:]
 }
 
-func bigEndian(b []byte) uint64 {
+func bigEndianUint48(b []byte) uint64 {
 	return uint64(b[0])<<40 + uint64(b[1])<<32 +
 		uint64(binary.BigEndian.Uint32(b[2:6]))
 }

pkg/spao/timestamp_test.go

@@ -26,19 +26,20 @@ import (
 )
 
 func TestTimestamp(t *testing.T) {
+	now := time.Now()
 	testCases := map[string]struct {
 		currentTime time.Time
 		epoch       drkey.Epoch
 		assertErr   assert.ErrorAssertionFunc
 	}{
 		"valid": {
-			currentTime: time.Now().UTC(),
-			epoch:       getEpoch(time.Now()),
+			currentTime: now,
+			epoch:       getEpoch(now),
 			assertErr:   assert.NoError,
 		},
 		"invalid": {
-			currentTime: time.Now().UTC(),
-			epoch:       getEpoch(time.Now().UTC().Add(-4 * 24 * time.Hour)),
+			currentTime: now,
+			epoch:       getEpoch(now.Add(-4 * 24 * time.Hour)),
 			assertErr:   assert.Error,
 		},
 	}
@@ -52,7 +53,11 @@ func TestTimestamp(t *testing.T) {
 				return
 			}
 			recoveredTime := spao.AbsoluteTimestamp(tc.epoch, rt)
-			assert.EqualValues(t, tc.currentTime, recoveredTime)
+			// XXX(JordiSubira): It seems that until testify v2
+			// using assert.Equal(·) with time.Time vales will
+			// due to monotonic clock being drop between conversions
+			// https://github.com/stretchr/testify/issues/502#issuecomment-660946051
+			assert.True(t, tc.currentTime.Equal(recoveredTime))
 		})
 	}
 }

private/drkey/drkeyutil/drkey.go

@@ -23,18 +23,14 @@ import (
 
 const (
 	// DefaultEpochDuration is the default duration for the drkey SecretValue and derived keys
-	DefaultEpochDuration   = 24 * time.Hour
-	DefaultPrefetchEntries = 10000
-	EnvVarEpochDuration    = "SCION_TESTING_DRKEY_EPOCH_DURATION"
-	// DefaultAcceptanceWindowLength is the time width for accepting incoming packets. The
-	// acceptance widown is then compute as:
+	DefaultEpochDuration = 24 * time.Hour
+	EnvVarEpochDuration  = "SCION_TESTING_DRKEY_EPOCH_DURATION"
+	// DefaultAcceptanceWindow is the time width for accepting incoming packets. The
+	// acceptance window is then computed as:
 	// aw := [T-a, T+a)
-	// where aw:= acceptance window, T := time instant and a := acceptanceWindowOffset
-	//
-	// Picking the value equal or shorter than half of the drkey Grace Period ensures
-	// that we accept packets for active keys only.
-	DefaultAcceptanceWindowLength = 5 * time.Minute
-	EnvVarAccpetanceWindow        = "SCION_TESTING_ACCEPTANCE_WINDOW"
+	// where aw:= acceptance window, T := time instant and a := aw/2
+	DefaultAcceptanceWindow = 5 * time.Minute
+	EnvVarAcceptanceWindow  = "SCION_TESTING_ACCEPTANCE_WINDOW"
 )
 
 func LoadEpochDuration() time.Duration {
@@ -50,13 +46,13 @@ func LoadEpochDuration() time.Duration {
 }
 
 func LoadAcceptanceWindow() time.Duration {
-	s := os.Getenv(EnvVarAccpetanceWindow)
+	s := os.Getenv(EnvVarAcceptanceWindow)
 	if s == "" {
-		return DefaultAcceptanceWindowLength
+		return DefaultAcceptanceWindow
 	}
 	duration, err := util.ParseDuration(s)
 	if err != nil {
-		return DefaultAcceptanceWindowLength
+		return DefaultAcceptanceWindow
 	}
 	return duration
 }

private/drkey/drkeyutil/provider.go

@@ -67,7 +67,6 @@ func (p *FakeProvider) GetKeyWithinAcceptanceWindow(
 	absTimeCurrent := spao.AbsoluteTimestamp(keys[1].Epoch, timestamp)
 	absTimeNext := spao.AbsoluteTimestamp(keys[2].Epoch, timestamp)
 	switch {
-	// case absTimeCurrent.After(awBegin) && absTimeCurrent.Before(awEnd):
 	case validity.Contains(absTimeCurrent):
 		return keys[1], nil
 	case validity.Contains(absTimePrevious):