-
Notifications
You must be signed in to change notification settings - Fork 163
/
Copy pathkeychanges.go
102 lines (91 loc) · 3.07 KB
/
keychanges.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
// Copyright 2019 Anapaya Systems
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package trc
import (
"bytes"
"github.com/scionproto/scion/go/lib/addr"
"github.com/scionproto/scion/go/lib/common"
)
const (
// InvalidKeyMeta indicates an invalid key metadata.
InvalidKeyMeta = "invalid key meta"
// InvalidKeyVersion indicates an invalid key version.
InvalidKeyVersion = "invalid key version"
)
// ASToKeyMeta maps an AS to its key metadata for a single key type.
type ASToKeyMeta map[addr.AS]KeyMeta
// KeyChanges contains all new keys in a TRC update.
type KeyChanges struct {
Modified map[KeyType]ASToKeyMeta
Fresh map[KeyType]ASToKeyMeta
}
func newKeyChanges() *KeyChanges {
c := &KeyChanges{
Modified: map[KeyType]ASToKeyMeta{
OnlineKey: make(ASToKeyMeta),
OfflineKey: make(ASToKeyMeta),
IssuingKey: make(ASToKeyMeta),
},
Fresh: map[KeyType]ASToKeyMeta{
OnlineKey: make(ASToKeyMeta),
OfflineKey: make(ASToKeyMeta),
IssuingKey: make(ASToKeyMeta),
},
}
return c
}
// Sensitive indicates whether the key changes are sensitive (i.e. any offline
// key changes).
func (c *KeyChanges) Sensitive() bool {
return len(c.Fresh[OfflineKey]) != 0 || len(c.Modified[OfflineKey]) != 0
}
func (c *KeyChanges) insertAllFresh(as addr.AS, next PrimaryAS) {
for keyType, meta := range next.Keys {
c.Fresh[keyType][as] = meta
}
}
func (c *KeyChanges) insertModifications(as addr.AS, prev, next PrimaryAS) error {
for keyType, meta := range next.Keys {
prevMeta, ok := prev.Keys[keyType]
if !ok {
c.Fresh[keyType][as] = meta
continue
}
modified, err := ValidateKeyUpdate(prevMeta, meta)
if err != nil {
return common.NewBasicError(InvalidKeyMeta, err, "AS", as, "keyType", keyType)
}
if modified {
c.Modified[keyType][as] = meta
}
}
return nil
}
// ValidateKeyUpdate validates that the prev and next key meta are consistent.
// If the algorithm and key are not modified by the update, the version must not
// change. If they are modified, the version must be increased by one. The
// return value indicates, whether the update is a modification.
func ValidateKeyUpdate(prev, next KeyMeta) (bool, error) {
modified := next.Algorithm != prev.Algorithm || !bytes.Equal(next.Key, prev.Key)
// If the meta data has changed, expect a key version change.
expectedVersion := prev.KeyVersion
if modified {
expectedVersion = prev.KeyVersion + 1
}
if next.KeyVersion != expectedVersion {
return modified, common.NewBasicError(InvalidKeyVersion, nil, "modified", modified,
"expected", expectedVersion, "actual", next.KeyVersion)
}
return modified, nil
}