diff --git a/control/config/drkey.go b/control/config/drkey.go index 253610ff07..9a4478677e 100644 --- a/control/config/drkey.go +++ b/control/config/drkey.go @@ -22,10 +22,11 @@ import ( "github.com/scionproto/scion/pkg/drkey" "github.com/scionproto/scion/pkg/private/serrors" "github.com/scionproto/scion/private/config" - "github.com/scionproto/scion/private/drkey/drkeyutil" "github.com/scionproto/scion/private/storage" ) +const DefaultPrefetchEntries = 10000 + var _ (config.Config) = (*DRKeyConfig)(nil) // DRKeyConfig is the configuration for the connection to the trust database. @@ -39,7 +40,7 @@ type DRKeyConfig struct { // InitDefaults initializes values of unset keys and determines if the configuration enables DRKey. func (cfg *DRKeyConfig) InitDefaults() { if cfg.PrefetchEntries == 0 { - cfg.PrefetchEntries = drkeyutil.DefaultPrefetchEntries + cfg.PrefetchEntries = DefaultPrefetchEntries } config.InitAll( cfg.Level1DB.WithDefault(""), diff --git a/control/config/drkey_test.go b/control/config/drkey_test.go index c1abdeb22d..4c1a4ac620 100644 --- a/control/config/drkey_test.go +++ b/control/config/drkey_test.go @@ -25,14 +25,13 @@ import ( "github.com/stretchr/testify/require" "github.com/scionproto/scion/pkg/drkey" - "github.com/scionproto/scion/private/drkey/drkeyutil" "github.com/scionproto/scion/private/storage" ) func TestInitDefaults(t *testing.T) { var cfg DRKeyConfig cfg.InitDefaults() - assert.EqualValues(t, drkeyutil.DefaultPrefetchEntries, cfg.PrefetchEntries) + assert.EqualValues(t, DefaultPrefetchEntries, cfg.PrefetchEntries) assert.NotNil(t, cfg.Delegation) } diff --git a/pkg/drkey/drkey.go b/pkg/drkey/drkey.go index a54b4a7085..23811a88fe 100644 --- a/pkg/drkey/drkey.go +++ b/pkg/drkey/drkey.go @@ -44,8 +44,8 @@ type Epoch struct { func NewEpoch(begin, end uint32) Epoch { return Epoch{ cppki.Validity{ - NotBefore: util.SecsToTime(begin).UTC(), - NotAfter: util.SecsToTime(end).UTC(), + NotBefore: util.SecsToTime(begin), + NotAfter: util.SecsToTime(end), }, } } diff --git a/pkg/slayers/pkt_auth.go b/pkg/slayers/pkt_auth.go index 438695eaaf..b9da278d0e 100644 --- a/pkg/slayers/pkt_auth.go +++ b/pkg/slayers/pkt_auth.go @@ -204,7 +204,7 @@ func (o PacketAuthOption) Algorithm() PacketAuthAlg { // Timestamp returns the value set in the homonym field in the extension. func (o PacketAuthOption) TimestampSN() uint64 { - return bigEndian(o.OptData[6:12]) + return bigEndianUint48(o.OptData[6:12]) } // Authenticator returns slice of the underlying auth buffer. @@ -214,7 +214,7 @@ func (o PacketAuthOption) Authenticator() []byte { return o.OptData[12:] } -func bigEndian(b []byte) uint64 { +func bigEndianUint48(b []byte) uint64 { return uint64(b[0])<<40 + uint64(b[1])<<32 + uint64(binary.BigEndian.Uint32(b[2:6])) } diff --git a/pkg/spao/timestamp_test.go b/pkg/spao/timestamp_test.go index 8d8f61e3d2..1872afc55d 100644 --- a/pkg/spao/timestamp_test.go +++ b/pkg/spao/timestamp_test.go @@ -26,19 +26,20 @@ import ( ) func TestTimestamp(t *testing.T) { + now := time.Now() testCases := map[string]struct { currentTime time.Time epoch drkey.Epoch assertErr assert.ErrorAssertionFunc }{ "valid": { - currentTime: time.Now().UTC(), - epoch: getEpoch(time.Now()), + currentTime: now, + epoch: getEpoch(now), assertErr: assert.NoError, }, "invalid": { - currentTime: time.Now().UTC(), - epoch: getEpoch(time.Now().UTC().Add(-4 * 24 * time.Hour)), + currentTime: now, + epoch: getEpoch(now.Add(-4 * 24 * time.Hour)), assertErr: assert.Error, }, } @@ -52,7 +53,11 @@ func TestTimestamp(t *testing.T) { return } recoveredTime := spao.AbsoluteTimestamp(tc.epoch, rt) - assert.EqualValues(t, tc.currentTime, recoveredTime) + // XXX(JordiSubira): It seems that until testify v2 + // using assert.Equal(ยท) with time.Time vales will + // due to monotonic clock being drop between conversions + // https://github.com/stretchr/testify/issues/502#issuecomment-660946051 + assert.True(t, tc.currentTime.Equal(recoveredTime)) }) } } diff --git a/private/drkey/drkeyutil/drkey.go b/private/drkey/drkeyutil/drkey.go index 95710db97e..31d2525860 100644 --- a/private/drkey/drkeyutil/drkey.go +++ b/private/drkey/drkeyutil/drkey.go @@ -23,18 +23,14 @@ import ( const ( // DefaultEpochDuration is the default duration for the drkey SecretValue and derived keys - DefaultEpochDuration = 24 * time.Hour - DefaultPrefetchEntries = 10000 - EnvVarEpochDuration = "SCION_TESTING_DRKEY_EPOCH_DURATION" - // DefaultAcceptanceWindowLength is the time width for accepting incoming packets. The - // acceptance widown is then compute as: + DefaultEpochDuration = 24 * time.Hour + EnvVarEpochDuration = "SCION_TESTING_DRKEY_EPOCH_DURATION" + // DefaultAcceptanceWindow is the time width for accepting incoming packets. The + // acceptance window is then computed as: // aw := [T-a, T+a) - // where aw:= acceptance window, T := time instant and a := acceptanceWindowOffset - // - // Picking the value equal or shorter than half of the drkey Grace Period ensures - // that we accept packets for active keys only. - DefaultAcceptanceWindowLength = 5 * time.Minute - EnvVarAccpetanceWindow = "SCION_TESTING_ACCEPTANCE_WINDOW" + // where aw:= acceptance window, T := time instant and a := aw/2 + DefaultAcceptanceWindow = 5 * time.Minute + EnvVarAcceptanceWindow = "SCION_TESTING_ACCEPTANCE_WINDOW" ) func LoadEpochDuration() time.Duration { @@ -50,13 +46,13 @@ func LoadEpochDuration() time.Duration { } func LoadAcceptanceWindow() time.Duration { - s := os.Getenv(EnvVarAccpetanceWindow) + s := os.Getenv(EnvVarAcceptanceWindow) if s == "" { - return DefaultAcceptanceWindowLength + return DefaultAcceptanceWindow } duration, err := util.ParseDuration(s) if err != nil { - return DefaultAcceptanceWindowLength + return DefaultAcceptanceWindow } return duration } diff --git a/private/drkey/drkeyutil/provider.go b/private/drkey/drkeyutil/provider.go index 4c962d1a32..f3278b166f 100644 --- a/private/drkey/drkeyutil/provider.go +++ b/private/drkey/drkeyutil/provider.go @@ -67,7 +67,6 @@ func (p *FakeProvider) GetKeyWithinAcceptanceWindow( absTimeCurrent := spao.AbsoluteTimestamp(keys[1].Epoch, timestamp) absTimeNext := spao.AbsoluteTimestamp(keys[2].Epoch, timestamp) switch { - // case absTimeCurrent.After(awBegin) && absTimeCurrent.Before(awEnd): case validity.Contains(absTimeCurrent): return keys[1], nil case validity.Contains(absTimePrevious):