From aa8cef9baff8a637e4d22a43ce456fe80083bd39 Mon Sep 17 00:00:00 2001 From: Nils Hanke Date: Mon, 14 Dec 2020 18:16:31 +0100 Subject: [PATCH] AB#431 : Use new sealing features from ertcrypto (#80) * Use new sealing functions from ertgolib * Remove remaining references to sealKey * Add NoEnclaveSealer for -noenclave execution mode * remove unused parameter; use new tagged ertgolib Co-authored-by: Thomas Tendyck --- .github/workflows/unittests.yml | 4 + cmd/coordinator/enclavemain.go | 13 ++-- cmd/coordinator/main.go | 12 ++- cmd/coordinator/run.go | 6 +- coordinator/core/seal.go | 133 +++++++++++++++++++------------- go.mod | 2 +- go.sum | 19 ++++- test/integration_test.go | 2 +- 8 files changed, 119 insertions(+), 72 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index e4b21926..185f2402 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -30,6 +30,10 @@ jobs: - name: Integration test run: ertgo test -tags integration -b ../build -s working-directory: test + + - name: Integration test (-noenclave) + run: ertgo test -tags integration -b ../build -noenclave + working-directory: test - name: Build artifact uses: actions/upload-artifact@v2 diff --git a/cmd/coordinator/enclavemain.go b/cmd/coordinator/enclavemain.go index a37517dc..1a30739f 100644 --- a/cmd/coordinator/enclavemain.go +++ b/cmd/coordinator/enclavemain.go @@ -11,17 +11,18 @@ package main import ( "path/filepath" - "github.com/edgelesssys/ertgolib/ertenclave" + "github.com/edgelesssys/marblerun/coordinator/config" + "github.com/edgelesssys/marblerun/coordinator/core" "github.com/edgelesssys/marblerun/coordinator/quote/ertvalidator" + "github.com/edgelesssys/marblerun/util" ) func main() { validator := ertvalidator.NewERTValidator() issuer := ertvalidator.NewERTIssuer() - sealKey, _, err := ertenclave.GetProductSealKey() - if err != nil { - panic(err) - } sealDirPrefix := filepath.Join(filepath.FromSlash("/edg"), "hostfs") - run(validator, issuer, sealKey, sealDirPrefix) + sealDir := util.MustGetenv(config.SealDir) + sealDir = filepath.Join(sealDirPrefix, sealDir) + sealer := core.NewAESGCMSealer(sealDir) + run(validator, issuer, sealDir, sealer) } diff --git a/cmd/coordinator/main.go b/cmd/coordinator/main.go index 596742f2..1afc1419 100644 --- a/cmd/coordinator/main.go +++ b/cmd/coordinator/main.go @@ -8,11 +8,17 @@ package main -import "github.com/edgelesssys/marblerun/coordinator/quote" +import ( + "github.com/edgelesssys/marblerun/coordinator/config" + "github.com/edgelesssys/marblerun/coordinator/core" + "github.com/edgelesssys/marblerun/coordinator/quote" + "github.com/edgelesssys/marblerun/util" +) func main() { validator := quote.NewFailValidator() issuer := quote.NewFailIssuer() - sealKey := []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15} - run(validator, issuer, sealKey, "") + sealDir := util.MustGetenv(config.SealDir) + sealer := core.NewNoEnclaveSealer(sealDir) + run(validator, issuer, sealDir, sealer) } diff --git a/cmd/coordinator/run.go b/cmd/coordinator/run.go index f4c62d8e..274055ff 100644 --- a/cmd/coordinator/run.go +++ b/cmd/coordinator/run.go @@ -9,7 +9,6 @@ package main import ( "log" "os" - "path/filepath" "strings" "github.com/edgelesssys/marblerun/coordinator/config" @@ -20,7 +19,7 @@ import ( "go.uber.org/zap" ) -func run(validator quote.Validator, issuer quote.Issuer, sealKey []byte, sealDirPrefix string) { +func run(validator quote.Validator, issuer quote.Issuer, sealDir string, sealer core.Sealer) { // Setup logging with Zap Logger var zapLogger *zap.Logger var err error @@ -41,8 +40,6 @@ func run(validator quote.Validator, issuer quote.Issuer, sealKey []byte, sealDir zapLogger.Info("starting coordinator") // fetching env vars - sealDir := util.MustGetenv(config.SealDir) - sealDir = filepath.Join(sealDirPrefix, sealDir) dnsNamesString := util.MustGetenv(config.DNSNames) dnsNames := strings.Split(dnsNamesString, ",") clientServerAddr := util.MustGetenv(config.ClientAddr) @@ -54,7 +51,6 @@ func run(validator quote.Validator, issuer quote.Issuer, sealKey []byte, sealDir if err := os.MkdirAll(sealDir, 0700); err != nil { zapLogger.Fatal("Cannot create or access sealdir. Please check the permissions for the specified path.", zap.Error(err)) } - sealer := core.NewAESGCMSealer(sealDir, sealKey) core, err := core.NewCore(dnsNames, validator, issuer, sealer, zapLogger) if err != nil { panic(err) diff --git a/coordinator/core/seal.go b/coordinator/core/seal.go index f0a356a4..7a13aad6 100644 --- a/coordinator/core/seal.go +++ b/coordinator/core/seal.go @@ -7,14 +7,14 @@ package core import ( - "crypto/aes" - "crypto/cipher" "crypto/rand" "errors" "io/ioutil" "os" "path/filepath" "time" + + "github.com/edgelesssys/ertgolib/ertcrypto" ) // SealedDataFname contains the file name in which the state is sealed on disk in seal_dir @@ -37,13 +37,12 @@ type Sealer interface { // AESGCMSealer implements the Sealer interface using AES-GCM for confidentiallity and authentication type AESGCMSealer struct { sealDir string - sealKey []byte encryptionKey []byte } // NewAESGCMSealer creates and initializes a new AESGCMSealer object -func NewAESGCMSealer(sealDir string, sealKey []byte) *AESGCMSealer { - return &AESGCMSealer{sealDir: sealDir, sealKey: sealKey} +func NewAESGCMSealer(sealDir string) *AESGCMSealer { + return &AESGCMSealer{sealDir: sealDir} } // Unseal reads and decrypts stored information from the fs @@ -63,7 +62,7 @@ func (s *AESGCMSealer) Unseal() ([]byte, error) { } // Decrypt data with the unsealed encryption key and return it - return decrypt(sealedData, s.encryptionKey) + return ertcrypto.Decrypt(sealedData, s.encryptionKey) } // Seal encrypts and stores information to the fs @@ -79,7 +78,7 @@ func (s *AESGCMSealer) Seal(data []byte) ([]byte, error) { } // Encrypt data to seal with generated encryption key - encryptedData, err := encrypt(data, s.encryptionKey) + encryptedData, err := ertcrypto.Encrypt(data, s.encryptionKey) if err != nil { return nil, err } @@ -108,7 +107,7 @@ func (s *AESGCMSealer) unsealEncryptionKey() error { } // Decrypt stored encryption key with seal key - encryptionKey, err := decrypt(sealedKeyData, s.sealKey) + encryptionKey, err := ertcrypto.Unseal(sealedKeyData) if err != nil { return err } @@ -141,7 +140,7 @@ func (s *AESGCMSealer) SetEncryptionKey(encryptionKey []byte) error { } // Encrypt encryption key with seal key - encryptedKeyData, err := encrypt(encryptionKey, s.sealKey) + encryptedKeyData, err := ertcrypto.SealWithProductKey(encryptionKey) if err != nil { return err } @@ -156,75 +155,101 @@ func (s *AESGCMSealer) SetEncryptionKey(encryptionKey []byte) error { return nil } -func getCipher(key []byte) (cipher.AEAD, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - return cipher.NewGCM(block) +// MockSealer is a mockup sealer +type MockSealer struct { + data []byte + unsealError error +} + +// Unseal implements the Sealer interface +func (s *MockSealer) Unseal() ([]byte, error) { + return s.data, s.unsealError +} + +// Seal implements the Sealer interface +func (s *MockSealer) Seal(data []byte) ([]byte, error) { + s.data = data + return []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, nil +} + +// SetEncryptionKey implements the Sealer interface +func (s *MockSealer) SetEncryptionKey(key []byte) error { + return nil +} + +// GenerateNewEncryptionKey implements the Sealer interface +func (s *MockSealer) GenerateNewEncryptionKey() error { + return nil } -func encrypt(plaintext []byte, key []byte) ([]byte, error) { - // Create cipher object with the given key - aesgcm, err := getCipher(key) +// NoEnclaveSealer is a sealed for a -noenclave instance and does perform encryption with a fixed key +type NoEnclaveSealer struct { + sealDir string + encryptionKey []byte +} + +// NewNoEnclaveSealer creates and initializes a new NoEnclaveSealer object +func NewNoEnclaveSealer(sealDir string) *NoEnclaveSealer { + return &NoEnclaveSealer{sealDir: sealDir} +} + +// Seal writes the given data encrypted and the used key as plaintext to the disk +func (s *NoEnclaveSealer) Seal(data []byte) ([]byte, error) { + // Encrypt data + sealedData, err := ertcrypto.Encrypt(data, s.encryptionKey) if err != nil { return nil, err } - // Generate nonce - nonce := make([]byte, aesgcm.NonceSize()) - if _, err := rand.Read(nonce); err != nil { + // Write encrypted data to disk + if err := ioutil.WriteFile(s.getFname(SealedDataFname), sealedData, 0600); err != nil { return nil, err } - // Encrypt data - ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil) - - return append(nonce, ciphertext...), nil + // Write key in plaintext to disk + if err := ioutil.WriteFile(s.getFname(SealedKeyFname), s.encryptionKey, 0600); err != nil { + return nil, err + } + return s.encryptionKey, nil } -func decrypt(ciphertext []byte, key []byte) ([]byte, error) { - // Create cipher object with the given key - aesgcm, err := getCipher(key) - if err != nil { +// Unseal reads the plaintext state from disk +func (s *NoEnclaveSealer) Unseal() ([]byte, error) { + // Read sealed data from disk + sealedData, err := ioutil.ReadFile(s.getFname(SealedDataFname)) + if os.IsNotExist(err) { + return nil, nil + } else if err != nil { return nil, err } - // Split ciphertext into nonce & actual data - nonce, encryptedData := ciphertext[:aesgcm.NonceSize()], ciphertext[aesgcm.NonceSize():] - - // Decrypt data - plaintext, err := aesgcm.Open(nil, nonce, encryptedData, nil) + // Read key in plaintext from disk + keyData, err := ioutil.ReadFile(s.getFname(SealedKeyFname)) if err != nil { return nil, err } - return plaintext, nil -} - -// MockSealer is a mockup sealer -type MockSealer struct { - data []byte - unsealError error -} - -// Unseal implements the Sealer interface -func (s *MockSealer) Unseal() ([]byte, error) { - return s.data, s.unsealError -} + // Decrypt data with key from disk + data, err := ertcrypto.Decrypt(sealedData, keyData) + if err != nil { + return nil, ErrEncryptionKey + } -// Seal implements the Sealer interface -func (s *MockSealer) Seal(data []byte) ([]byte, error) { - s.data = data - return []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, nil + return data, nil } // SetEncryptionKey implements the Sealer interface -func (s *MockSealer) SetEncryptionKey(key []byte) error { - return nil +func (s *NoEnclaveSealer) SetEncryptionKey(key []byte) error { + s.encryptionKey = key + return ioutil.WriteFile(s.getFname(SealedKeyFname), s.encryptionKey, 0600) } // GenerateNewEncryptionKey implements the Sealer interface -func (s *MockSealer) GenerateNewEncryptionKey() error { +func (s *NoEnclaveSealer) GenerateNewEncryptionKey() error { + s.encryptionKey = []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} return nil } + +func (s *NoEnclaveSealer) getFname(basename string) string { + return filepath.Join(s.sealDir, basename) +} diff --git a/go.mod b/go.mod index e8747d3b..4441c66f 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/edgelesssys/marblerun go 1.14 require ( - github.com/edgelesssys/ertgolib v0.1.1 + github.com/edgelesssys/ertgolib v0.1.2 github.com/golang/protobuf v1.4.3 github.com/google/go-cmp v0.5.2 github.com/google/uuid v1.1.2 diff --git a/go.sum b/go.sum index d8816915..09143f25 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,7 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= @@ -50,8 +51,10 @@ github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:Htrtb github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/edgelesssys/ertgolib v0.1.1 h1:4sMim1FhgCX2d5xfpU6u1E4csBxsTH9djHyYFTHKWkU= -github.com/edgelesssys/ertgolib v0.1.1/go.mod h1:QV27eWmoYHCNMkPMnz2XcER13+XdhPyG5qLQu5iDL0I= +github.com/edgelesssys/ertgolib v0.1.2-0.20201214150630-a29d75e8c4c3 h1:wNqxExJ0VkIGqJIDgp9eFHZgfY5N4fhwEJVle0N8R/g= +github.com/edgelesssys/ertgolib v0.1.2-0.20201214150630-a29d75e8c4c3/go.mod h1:1E8jAgXZp9wyP3n43wCsLCiEGXxjBQ35+uzxUkypBNs= +github.com/edgelesssys/ertgolib v0.1.2 h1:/lGmx8ASCWMsxt3mt2XgU36506dB09z/pLiY17J7tZY= +github.com/edgelesssys/ertgolib v0.1.2/go.mod h1:1E8jAgXZp9wyP3n43wCsLCiEGXxjBQ35+uzxUkypBNs= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -77,6 +80,7 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -163,8 +167,10 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= @@ -219,6 +225,7 @@ github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= @@ -305,6 +312,7 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/ go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= +go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee h1:0mgffUl7nfd+FpvXMVz4IDEaUSmT1ysygQC7qYo7sG4= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= @@ -329,10 +337,12 @@ golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b h1:GgiSbuUyC0BlbUmHQBgFqu32eiRR/CEYdjOjOd4zE6Y= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -406,9 +416,11 @@ golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa h1:5E4dL8+NgFOgjwbTKz+OOEGGhP+ectTmF842l6KjupQ= golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= @@ -449,6 +461,7 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -462,12 +475,14 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/test/integration_test.go b/test/integration_test.go index 527c3afb..6e640f27 100644 --- a/test/integration_test.go +++ b/test/integration_test.go @@ -394,7 +394,7 @@ func TestRecoveryReset(t *testing.T) { pathToKeyFile := filepath.Join(cfg.sealDir, core.SealedKeyFname) sealedKeyData, err := ioutil.ReadFile(pathToKeyFile) require.NoError(err) - sealedKeyData[0] = sealedKeyData[0] ^ byte(0x42) + sealedKeyData[0] ^= byte(0x42) require.NoError(ioutil.WriteFile(pathToKeyFile, sealedKeyData, 0600)) // Restart server, we should be in recovery mode