-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Implement the auditor-server application layer #193
Open
masomel
wants to merge
13
commits into
master
Choose a base branch
from
auditor-server-cli
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 12 commits
Commits
Show all changes
13 commits
Select commit
Hold shift + click to select a range
2591ba1
Start auditor CLI
masomel bb3bd12
Add auditor config and encoding
masomel 5e39cbb
Add base auditor cli files
masomel dd36f26
Fix broken imports
masomel 273e1c5
Add init command to auditor
masomel 7466552
Rebase auditor-cli code onto refactored cli package
masomel 19e3215
Merge branch 'master' into auditor-server-cli
masomel 1d3c6d6
Remove old binutils package
masomel 341d151
Merge branch 'auditor-server-cli' of github.com:coniks-sys/coniks-go …
masomel 9079b27
Go fmt fix
masomel 99ccbe2
Merge branch 'master' into auditor-server-cli
masomel 4a25960
Fix encoding test bugs
masomel 77b608d
Merge branch 'master' into auditor-server-cli
masomel File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
package auditor | ||
|
||
import ( | ||
"github.com/coniks-sys/coniks-go/application" | ||
"github.com/coniks-sys/coniks-go/crypto/sign" | ||
"github.com/coniks-sys/coniks-go/protocol" | ||
) | ||
|
||
// directoryConfig contains the auditor's configuration needed to send a | ||
// request to a CONIKS server: the path to the server's signing public-key | ||
// file and the actual public-key parsed from that file; the path to | ||
// the server's initial STR file and the actual STR parsed from that file; | ||
// the server's address for receiving STR history requests. | ||
type directoryConfig struct { | ||
SignPubkeyPath string `toml:"sign_pubkey_path"` | ||
SigningPubKey sign.PublicKey | ||
|
||
InitSTRPath string `toml:"init_str_path"` | ||
InitSTR *protocol.DirSTR | ||
|
||
Address string `toml:"address"` | ||
} | ||
|
||
// Config maintains the auditor's configurations for all CONIKS | ||
// directories it tracks. | ||
type Config struct { | ||
TrackedDirs []*directoryConfig | ||
// TODO: Add server-side auditor config | ||
} | ||
|
||
var _ application.AppConfig = (*Config)(nil) | ||
|
||
func newDirectoryConfig(signPubkeyPath, initSTRPath, serverAddr string) *directoryConfig { | ||
var dconf = directoryConfig{ | ||
SignPubkeyPath: signPubkeyPath, | ||
InitSTRPath: initSTRPath, | ||
Address: serverAddr, | ||
} | ||
|
||
return &dconf | ||
} | ||
|
||
// NewConfig initializes a new auditor configuration with the given | ||
// server signing public key path, registration address, and | ||
// server address. | ||
func NewConfig() *Config { | ||
var conf = Config{ | ||
TrackedDirs: make([]*directoryConfig, 0), | ||
} | ||
return &conf | ||
} | ||
|
||
// AddDirectoryConfig adds the given CONIKS server settings to the | ||
// auditor's configuration. | ||
func (conf *Config) AddDirectoryConfig(signPubkeyPath, initSTRPath, serverAddr string) { | ||
dconf := newDirectoryConfig(signPubkeyPath, initSTRPath, serverAddr) | ||
conf.TrackedDirs = append(conf.TrackedDirs, dconf) | ||
} | ||
|
||
// Load initializes an auditor's configuration from the given file. | ||
// For each directory in the configuration, it reads the signing public-key file | ||
// and initial STR file, and parses the actual key and initial STR. | ||
func (conf *Config) Load(file string) error { | ||
tmp, err := application.LoadConfig(file) | ||
if err != nil { | ||
return err | ||
} | ||
conf = tmp.(*Config) | ||
|
||
for _, dconf := range conf.TrackedDirs { | ||
// load signing key | ||
signPubKey, err := application.LoadSigningPubKey(dconf.SignPubkeyPath, file) | ||
if err != nil { | ||
return err | ||
} | ||
dconf.SigningPubKey = signPubKey | ||
|
||
// load initial STR | ||
initSTR, err := application.LoadInitSTR(dconf.InitSTRPath, file) | ||
if err != nil { | ||
return err | ||
} | ||
dconf.InitSTR = initSTR | ||
} | ||
|
||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
/* | ||
Package auditor implements the CONIKS auditor service | ||
protocol. | ||
|
||
Note: The auditor can current only be used in | ||
interactive test mode with a server, and does not | ||
accept auditing requests from CONIKS clients. | ||
*/ | ||
package auditor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
# CONIKS Auditor implementation in Golang | ||
__Do not use your real public key or private key with this test auditor.__ | ||
|
||
## Usage | ||
|
||
**Note:** This auditor CLI currently only implements the CONIKS key | ||
directory-to-auditor protocol (i.e. the auditor only retrieves and verifies | ||
STRs from the server, it does _not_ accept auditing requests from clients). | ||
To test the implementation, the auditor can be run with an interactive REPL. | ||
|
||
##### Install the test auditor | ||
``` | ||
⇒ go install github.com/coniks-sys/coniks-go/coniksauditor/cli | ||
⇒ coniksauditor -h | ||
________ _______ __ _ ___ ___ _ _______ | ||
| || || | | || || | | || | | ||
| || _ || |_| || || |_| || _____| | ||
| || | | || || || _|| |_____ | ||
| _|| |_| || _ || || |_ |_____ | | ||
| |_ | || | | || || _ | _____| | | ||
|_______||_______||_| |__||___||___| |_||_______| | ||
|
||
Usage: | ||
coniksauditor [command] | ||
|
||
Available Commands: | ||
init Creates a config file for the auditor. | ||
test Run the interactive test auditor. | ||
|
||
Use "coniksauditor [command] --help" for more information about a command. | ||
``` | ||
|
||
### Configure the auditor | ||
|
||
- Make sure you have at least one running CONIKS directory for your | ||
auditor to track. For information on setting up a CONIKS directory, | ||
see our [CONIKS server setup guide](https://github.com/coniks-sys/coniks-go/blob/master/coniksserver/README.md). | ||
|
||
- Generate the configuration file: | ||
``` | ||
⇒ mkdir coniks-auditor; cd coniks-auditor | ||
⇒ coniksauditor init | ||
``` | ||
- Ensure the auditor has the directory's *test* public signing key. | ||
- Edit the configuration file as needed: | ||
- Replace the `sign_pubkey_path` with the location of the directory's public signing key. | ||
- Replace the `init_str_path` with the location of the directory's initial signed tree root. | ||
- Replace the `address` with the directory's public CONIKS address (for lookups, monitoring etc). | ||
_Note: The auditor is capable of verifying multiple key directories, but | ||
we currently only configure the test auditor with a single directory for simplcity._ | ||
|
||
### Run the test auditor | ||
|
||
``` | ||
⇒ coniksauditor test # this will open a REPL | ||
``` | ||
|
||
##### Update the auditor with the latest STR history from the given directory | ||
``` | ||
> update [dir] | ||
# The auditor should display something like this if the request is successful | ||
[+] Valid! The auditor is up-to-date on the STR history of [dir] | ||
``` | ||
|
||
This command updates the auditor's STR log for the directory upon a | ||
successful audit. | ||
|
||
##### Retrieve and verify a specific STR history range | ||
``` | ||
> getrange [dir] [start] [end] | ||
# The auditor should display something like this if the request is successful | ||
[+] Success! The requested STR history range for [dir] is valid | ||
``` | ||
|
||
This command only performs an audit on the requested STR history range. | ||
It does not update the auditor's STR log for the directory. | ||
|
||
##### Other commands | ||
|
||
Use `help` for more information. | ||
|
||
Use `exit` to close the REPL and exit the client. | ||
|
||
## Disclaimer | ||
Please keep in mind that this CONIKS auditor is under active development. | ||
The repository may contain experimental features that aren't fully tested. | ||
We recommend using a [tagged release](https://github.com/coniks-sys/coniks-go/releases). |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is covered in https://github.com/coniks-sys/coniks-go/blob/master/protocol/message.go#L272
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but the problem is that this function was still returning an
ErrMalformedMessage
even if the error is inerrors
. In other words, becauseValidate()
in message.go returnsmsg.Error
, which giveserr == nil
afterValidate()
returns, thereturn &protocol.Response{Error: protocol.ErrMalformedMessage }
statement was always being called, even when themsg.Error
was inerrors
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. I gave it a try in https://github.com/coniks-sys/coniks-go/compare/unmarshalling. If it's ok, feel free to merge to this branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those changes looks good to me. Thank you! I also like that you re-wrote the test cases. I'll merge this branch when I get a chance.