Implement monitoring verification #134
Conversation
vqhuy
force-pushed
the
dfs-verify
branch
2 times, most recently
from
2d3bfee
to
63f3df3
Compare
vqhuy
force-pushed
the
fix-reg
branch
8 times, most recently
from
6cd5fe7
to
5420200
Compare
vqhuy
force-pushed
the
dfs-verify
branch
2 times, most recently
from
ebe41b8
to
4331068
Compare
vqhuy
force-pushed
the
dfs-verify
branch
3 times, most recently
from
5b4062f
to
e11c468
Compare
protocol/message.go
Outdated
| @@ -226,7 +226,9 @@ func (msg *Response) validate() error { | |||
| } | |||
| return nil | |||
| case *DirectoryProofs: | |||
| // TODO: also do above assertions here | |||
| if len(df.AP) < 1 || len(df.AP) != len(df.STR) { | |||
There was a problem hiding this comment.
Suggestion: maybe change len(df.AP) < 1 to len(df.AP) == 0?
protocol/consistencychecks.go
Outdated
| switch { | ||
| case !ok && str0.Epoch == 0 && ap0.ProofType() == m.ProofOfAbsence: /* prior history verification */ | ||
| case ok && str0.Epoch == regEp && ap0.ProofType() == m.ProofOfAbsence: /* registration epoch */ | ||
| case ok && str0.Epoch >= regEp+1 && ap0.ProofType() == m.ProofOfInclusion: /* after registration */ |
There was a problem hiding this comment.
Maybe define wasUnameAbsent := ap0.ProofType() == m.ProofOfAbsence before the switch and use this var in this 3 cases (with a ! for last case)? Makes it easier to read (at least I think so; might be wrong)
There was a problem hiding this comment.
Yes, it also saves us from some condition checks. ;)
protocol/consistencychecks.go
Outdated
|
|
||
| for i := 1; i < len(dfs.STR); i++ { | ||
| str := dfs.STR[i] | ||
| ap := dfs.AP[i] |
There was a problem hiding this comment.
Do we verify that len(dfs.STR) == len(dfs.AP) before this for-loop/always before calling verifyMonitoring?
There was a problem hiding this comment.
Sure. I changed a bit in HandleResponse to explicitly validate each response type instead of calling msg.validate().
protocol/consistencychecks.go
Outdated
| return err | ||
| } | ||
| default: | ||
| panic("[coniks] Passt.") |
There was a problem hiding this comment.
Passt? Sounds very german ;-) I'm not sure I get what this is intending to say.
vqhuy
force-pushed
the
dfs-verify
branch
3 times, most recently
from
fe3fdc2
to
dcd2e3a
Compare
vqhuy
changed the title
vqhuy
changed the title
protocol/auditor.go
Outdated
| @@ -0,0 +1,55 @@ | |||
| // This module implements a generic CONIKS auditor, i.e. the | |||
| // functionality that clients and auditors need to verify | |||
| // a server's STR history. | |||
There was a problem hiding this comment.
I thought we were going to introduce the generic auditor in #170. I would keep this PR about monitoring only.
There was a problem hiding this comment.
Yes, I intended to have #170 merged first, and this will be rebase on top of that.
There was a problem hiding this comment.
There was a problem hiding this comment.
OK, seeing our timeline for Milestone 0.2.0, I agree with you.
protocol/consistencychecks.go
Outdated
| @@ -118,9 +118,33 @@ func (cc *ConsistencyChecks) updateSTR(requestType int, msg *Response) error { | |||
| } | |||
| // Otherwise, expect that we've entered a new epoch | |||
| if err := cc.verifySTRConsistency(cc.SavedSTR, str); err != nil { | |||
| // FIXME: we are returning the error immediately | |||
| // without saving the inconsistent STR | |||
| // see: https://github.com/coniks-sys/coniks-go/pull/74#commitcomment-19804686 | |||
There was a problem hiding this comment.
After seeing that commit comment from #74, I'm wondering if we even need this STR verification here because the only STR check we really care about in this case is the verifySTR check.
There was a problem hiding this comment.
You mean because the registration and key lookup don't fetch the new STR as we discussed in #173 ?
There was a problem hiding this comment.
Right. At least for now, we can implement this assuming that the latest STR will have been fetched as part of monitoring.
protocol/consistencychecks.go
Outdated
| return err | ||
| } | ||
| default: | ||
| panic("[coniks] Unexpected monitoring epoch") |
There was a problem hiding this comment.
Do we want to panic here? This case seems more like the result of a malformed server response.
There was a problem hiding this comment.
It's also possibly that the client sent an invalid epoch, but I agree that we should return an error here.
protocol/consistencychecks_test.go
Outdated
| // monitor binding was inserted | ||
| d.Update() | ||
|
|
||
| // do a lookup before the clock tells us to do monitoring |
There was a problem hiding this comment.
It's not entirely clear to me what this test is doing. It's checking whether the binding can be looked up after it's been inserted? I think there should also be a test that checks if the binding returned to a lookup == the binding returned for monitoring
There was a problem hiding this comment.
the binding returned to a lookup == the binding returned for monitoring
This check is implicit in lookupAndVerify and monitorAndVerify with alice, key parameters. But this should be removed because of #173.
vqhuy
force-pushed
the
dfs-verify
branch
3 times, most recently
from
3e4dcc5
to
7236859
Compare
protocol/consistencychecks.go
Outdated
|
|
||
| case msg.Error == ReqSuccess && proofType == m.ProofOfAbsence: | ||
| if err := cc.verifyReturnedPromise(df, key); err != nil { | ||
| return err | ||
| } | ||
| cc.savePromise(uname, df.TB) | ||
| cc.TBs[uname] = df.TB |
There was a problem hiding this comment.
Why isn't RegEpoch[uname] set here, too?
There was a problem hiding this comment.
Nevermind, I understand now. I was a bit confused by the FIXME comment, since it seemed to me that we were caching the issued epoch via the RegEpoch map. But I think it's best to address #116 in a separate PR.
protocol/consistencychecks.go
Outdated
| // verifyFulfilledPromise verifies issued TBs were inserted | ||
| // in the directory as promised. | ||
| func (cc *ConsistencyChecks) verifyFulfilledPromise(uname string, str *DirSTR, | ||
| ap *m.AuthenticationPath) error { | ||
| if regEp, ok := cc.RegEpoch[uname]; ok && str.Epoch == regEp+1 { |
* Resolve a TODO in verifyFulfilledPromise() * Part of #144
Merge #155, #170, address #173 first.
Need to consider comments in #144 when reviewing.
TODO:
ConsistencyChecksconstructors.