-
Notifications
You must be signed in to change notification settings - Fork 159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rework of the revocation authentication #1513
Conversation
Reviewed 25 of 47 files at r1. proto/rev_info.capnp, line 11 at r1 (raw file):
I think proto/rev_info.capnp, line 14 at r1 (raw file):
I'm not thrilled about having this in the proto/rev_info.capnp, line 15 at r1 (raw file):
It's useful to have an python/lib/rev_cache.py, line 86 at r1 (raw file):
s/validated values/active revocations/ python/lib/rev_cache.py, line 90 at r1 (raw file):
I think this can be simplified:
python/lib/rev_cache.py, line 107 at r1 (raw file):
python/lib/rev_cache.py, line 135 at r1 (raw file):
This should be renamed. Maybe python/lib/types.py, line 57 at r1 (raw file):
It would be better to merge this with the existing python/lib/packet/pcb.py, line 48 at r1 (raw file):
Why this change? python/lib/packet/proto_sign.py, line 55 at r1 (raw file):
To make this more flexible, i suggest:
python/lib/packet/path_mgmt/rev_info.py, line 55 at r1 (raw file):
When using assertions, you should also provide the actual value for the exception:
Otherwise you'll just get an assertion error without any idea what the bad value was. python/lib/packet/path_mgmt/rev_info.py, line 66 at r1 (raw file):
Mention the min ttl as well. python/lib/packet/path_mgmt/rev_info.py, line 74 at r1 (raw file):
python/lib/packet/path_mgmt/rev_info.py, line 81 at r1 (raw file):
linkType is effectively a uint16, so this should be python/lib/packet/path_mgmt/rev_info.py, line 83 at r1 (raw file):
Both of these are uint32, so python/lib/packet/path_mgmt/rev_info.py, line 96 at r1 (raw file):
python/lib/packet/path_mgmt/rev_info.py, line 97 at r1 (raw file):
Link type should be formatted using python/lib/packet/path_mgmt/seg_recs.py, line 64 at r1 (raw file):
There should be a wrapper type for this. You'd end up with python/scion_elem/scion_elem.py, line 1180 at r1 (raw file):
This no longer verifies - where is that done? topology/Tiny.topo, line 15 at r1 (raw file):
Why this change? Comments from Reviewable |
Reviewed 2 of 47 files at r1. python/path_server/base.py, line 114 at r1 (raw file):
Add a comment saying that this is used to serialise removal of revoked segments. python/path_server/base.py, line 305 at r1 (raw file):
Suggestion: add a method on
This function then simplifies to:
python/path_server/base.py, line 328 at r1 (raw file):
This doesn't need to be inside the lock. python/sciond/sciond.py, line 199 at r1 (raw file):
This doesn't look right.
That can then be called by python/sciond/sciond.py, line 419 at r1 (raw file):
I think that we should probably re-examine the
I think it's ok to do these checks in order (meaning that a forged and expired rev info will be rejected early just on timestamp, and the forgery won't be noted), but we should be able to distinguish between them. So, my suggestions:
python/sciond/sciond.py, line 436 at r1 (raw file):
This depends on whether the timestamp is too old, or too new. If it's expired, then this should be returning python/sciond/sciond.py, line 440 at r1 (raw file):
python/sciond/sciond.py, line 451 at r1 (raw file):
python/sciond/sciond.py, line 461 at r1 (raw file):
We no longer depend on having removed segments to know if a rev info is legit or not, which also means the below comment is obsolete too.
Comments from Reviewable |
Reviewed 3 of 47 files at r1. python/beacon_server/base.py, line 528 at r1 (raw file):
The zk entries should be SignedRevInfos. python/beacon_server/base.py, line 556 at r1 (raw file):
This should use python/beacon_server/base.py, line 616 at r1 (raw file):
This should stop processing. python/beacon_server/base.py, line 643 at r1 (raw file):
Rev infos should always be wrapped inside a SignedRevInfo, otherwise they can't be verified. python/beacon_server/base.py, line 715 at r1 (raw file):
Use python/beacon_server/base.py, line 746 at r1 (raw file):
python/beacon_server/base.py, line 751 at r1 (raw file):
python/path_server/base.py, line 113 at r1 (raw file):
This can't just store RevInfo objects. The PS has to include the SignedRevInfo objects in path replies. I.e. Comments from Reviewable |
Reviewed 3 of 47 files at r1. go/lib/ctrl/path_mgmt/rev_info.go, line 34 at r1 (raw file):
This should be before go/lib/ctrl/path_mgmt/rev_info.go, line 82 at r1 (raw file):
Line length. go/lib/ctrl/path_mgmt/rev_info.go, line 82 at r1 (raw file):
This shouldn't be an assertion. It's run on revinfos that are received from other services. Receiving a malformed revinfo shouldn't cause this process to crash. I would instead change the return type to be go/lib/ctrl/path_mgmt/rev_info.go, line 85 at r1 (raw file):
go/lib/ctrl/path_mgmt/rev_info.go, line 96 at r1 (raw file):
go/lib/ctrl/path_mgmt/rev_info.go, line 97 at r1 (raw file):
Add a Comments from Reviewable |
Reviewed 6 of 47 files at r1. go/lib/ctrl/path_mgmt/ifstate_infos.go, line 47 at r1 (raw file):
Suggestion:
to indicate that it's the signed form. go/lib/ctrl/path_mgmt/path_mgmt.go, line 34 at r1 (raw file):
Ditto re: go/lib/pathmgr/pathmgr.go, line 246 at r1 (raw file):
This doesn't need to be parsed until after sciond replies. Comments from Reviewable |
Reviewed 7 of 47 files at r1. go/border/ifstate/ifstate.go, line 71 at r1 (raw file):
go/border/rpkt/path.go, line 105 at r1 (raw file):
This gets a bit expensive. It would be better to cache both the signed and plain revinfos. go/border/rpkt/process.go, line 336 at r1 (raw file):
Hmm. We should really stop calling it python/test/lib/rev_cache_test.py, line 68 at r1 (raw file):
Nooo, you can't do that. Default arguments are evaluated once in python, the first time the function is called (i believe). To work around this, the convention is to do Comments from Reviewable |
Review status: 21 of 56 files reviewed at latest revision, 50 unresolved discussions, some commit checks failed. go/border/ifstate/ifstate.go, line 71 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/border/rpkt/path.go, line 105 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/border/rpkt/process.go, line 336 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Renamed it to RawRev, was sometimes referred to it as that. go/lib/ctrl/path_mgmt/ifstate_infos.go, line 47 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/ctrl/path_mgmt/path_mgmt.go, line 34 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/ctrl/path_mgmt/rev_info.go, line 34 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/ctrl/path_mgmt/rev_info.go, line 82 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/ctrl/path_mgmt/rev_info.go, line 82 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/ctrl/path_mgmt/rev_info.go, line 85 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Shouldn't it be go/lib/ctrl/path_mgmt/rev_info.go, line 96 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/ctrl/path_mgmt/rev_info.go, line 97 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/pathmgr/pathmgr.go, line 246 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. proto/rev_info.capnp, line 11 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. proto/rev_info.capnp, line 14 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. proto/rev_info.capnp, line 15 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 528 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 556 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 616 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 643 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 715 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 746 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 751 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/rev_cache.py, line 86 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/rev_cache.py, line 90 at r1 (raw file):
Like that you need to copy all the values instead of just the keys. But if memory if not the issue this works. python/lib/rev_cache.py, line 107 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
I think this should not be part of the RevCache's responsibilities. Validation should be done by whom ever receives or creates the RevInfo before inserting it into the cache. python/lib/rev_cache.py, line 135 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/types.py, line 57 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/pcb.py, line 48 at r1 (raw file):
Imho it improves readability. python/lib/packet/proto_sign.py, line 55 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. This is just something I noticed. The timestamp was never set... python/lib/packet/path_mgmt/rev_info.py, line 55 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 66 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 74 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 81 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 83 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 96 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 97 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/seg_recs.py, line 64 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/path_server/base.py, line 113 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/path_server/base.py, line 114 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/path_server/base.py, line 305 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/path_server/base.py, line 328 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/scion_elem/scion_elem.py, line 1180 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
The revocation is always verified beforehand. Renamed this fct to reflect that. python/sciond/sciond.py, line 199 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
I don't think this works because in python/sciond/sciond.py, line 419 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/sciond/sciond.py, line 436 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Yes, but a too new timestamp should already be catched by python/sciond/sciond.py, line 440 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/sciond/sciond.py, line 451 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/sciond/sciond.py, line 461 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/test/lib/rev_cache_test.py, line 68 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. topology/Tiny.topo, line 15 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
The mentioned AS's do not exist. I think that was a bug when renaming. Comments from Reviewable |
Reviewed 16 of 47 files at r1, 33 of 35 files at r2, 3 of 5 files at r3. go/border/ifstate/ifstate.go, line 72 at r2 (raw file):
Why does this contain a go/border/rpkt/path.go, line 105 at r1 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
Hmm, but go/lib/ctrl/path_mgmt/rev_info.go, line 31 at r2 (raw file):
This needs a better docstring. go/lib/ctrl/path_mgmt/rev_info.go, line 33 at r2 (raw file):
Would be good to make it obvious that this implements the go/lib/ctrl/path_mgmt/rev_info.go, line 55 at r2 (raw file):
In Go, we put docstring comments above the declaration. This way it will be properly picked up be proto/rev_info.capnp, line 12 at r2 (raw file):
This should be 64bit. We want this to work after 2038. python/beacon_server/base.py, line 746 at r1 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
So this means that we move away from having clearly defined epochs during which an interface is globally revoked (since you are always calling python/beacon_server/base.py, line 113 at r2 (raw file):
This will remove revocations that are valid for longer than 10s, however, it's probably not a big problem. We might need to revisit this in the future when the BS gets rewritten. python/beacon_server/base.py, line 692 at r3 (raw file):
You should use python/lib/defines.py, line 135 at r2 (raw file):
Minimum python/lib/rev_cache.py, line 107 at r1 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
I agree with @worxli. This could become very costly and if we have the invariant that only verified revocations get added to the python/lib/types.py, line 171 at r2 (raw file):
python/lib/packet/pcb.py, line 310 at r2 (raw file):
don't you need python/lib/packet/proto_sign.py, line 59 at r2 (raw file):
Wait, shouldn't the timestamp be part of the signature? python/lib/packet/path_mgmt/rev_info.py, line 56 at r3 (raw file):
This should just take the verifying key as an input. python/scion_elem/scion_elem.py, line 1256 at r3 (raw file):
Where does this return a boolean? Comments from Reviewable |
Review status: 45 of 58 files reviewed at latest revision, 62 unresolved discussions. go/border/ifstate/ifstate.go, line 72 at r2 (raw file): Previously, shitz wrote…
Done. go/border/rpkt/path.go, line 105 at r1 (raw file): Previously, shitz wrote…
Done. Yeah true and it's just used here. go/lib/ctrl/path_mgmt/rev_info.go, line 31 at r2 (raw file): Previously, shitz wrote…
Done. go/lib/ctrl/path_mgmt/rev_info.go, line 33 at r2 (raw file): Previously, shitz wrote…
Done. go/lib/ctrl/path_mgmt/rev_info.go, line 55 at r2 (raw file): Previously, shitz wrote…
Done. proto/rev_info.capnp, line 12 at r2 (raw file): Previously, shitz wrote…
Done. python/beacon_server/base.py, line 746 at r1 (raw file): Previously, shitz wrote…
From my side I think what you said is correct. But the interface should be revoked the same amount of time for everyone (minus time sync differences)? python/beacon_server/base.py, line 113 at r2 (raw file): Previously, shitz wrote…
Agreed, but as mentioned I didn't want to change even more without needing it in the future. python/beacon_server/base.py, line 692 at r3 (raw file): Previously, shitz wrote…
Done. python/lib/defines.py, line 135 at r2 (raw file): Previously, shitz wrote…
Done. python/lib/types.py, line 171 at r2 (raw file): Previously, shitz wrote…
Done. python/lib/packet/pcb.py, line 310 at r2 (raw file): Previously, shitz wrote…
Done. python/lib/packet/proto_sign.py, line 59 at r2 (raw file): Previously, shitz wrote…
Probably a good idea, @kormat any reason this wasn't done? python/lib/packet/path_mgmt/rev_info.py, line 56 at r3 (raw file): Previously, shitz wrote…
Done. python/scion_elem/scion_elem.py, line 1256 at r3 (raw file): Previously, shitz wrote…
Done. Comments from Reviewable |
e14e91a
to
3d1c3a7
Compare
Reviewed 10 of 35 files at r2, 5 of 12 files at r4. go/lib/sciond/sciond.go, line 112 at r1 (raw file):
go/lib/sciond/sciond.go, line 114 at r1 (raw file):
Also in go/lib/topology/testdata/basic.json, line 33 at r4 (raw file):
This change is not required from what i can see (and i prefer fixed values to be in caps to make it more obvious that it's not just free-form text). proto/rev_info.capnp, line 12 at r2 (raw file):
We use uint32 for this elsewhere, proto/sciond.capnp, line 82 at r1 (raw file):
I think we should probably rename the capnp fields to python/lib/rev_cache.py, line 107 at r1 (raw file):
Costly? Validate checks that the values are within acceptable ranges, that's all.
validation != verification. The current verification doesn't actually look at the contents of the RevInfo at all (which is actually a problem, because there's no check that the signer AS and the revinfo AS match). I'd be satisfied if we change
python/lib/packet/proto_sign.py, line 59 at r2 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
Eh, cough, i think the TS was a later addition to the design, and i forgot? That's the best "reason" i have :) python/lib/packet/proto_sign.py, line 80 at r4 (raw file):
Comments from Reviewable |
Review status: 31 of 60 files reviewed at latest revision, 56 unresolved discussions. go/lib/sciond/sciond.go, line 112 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/sciond/sciond.go, line 114 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. proto/rev_info.capnp, line 12 at r2 (raw file): Previously, kormat (Stephen Shirley) wrote…
Though, I checked other timestamps in capnp and they also seem to be seconds and UInt64. proto/sciond.capnp, line 82 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/rev_cache.py, line 107 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
As discussed the order is: python/lib/packet/proto_sign.py, line 80 at r4 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/topology/testdata/basic.json, line 33 at r4 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. Comments from Reviewable |
f06aa98
to
0cbad19
Compare
0cbad19
to
75abecf
Compare
30ee513
to
01fecee
Compare
Reviewed 1 of 5 files at r3, 1 of 5 files at r5, 15 of 44 files at r6. python/integration/base_cli_srv.py, line 135 at r6 (raw file):
This should be at the DEBUG level. python/integration/base_cli_srv.py, line 136 at r6 (raw file):
This formats badly. python/lib/packet/path_mgmt/rev_info.py, line 46 at r6 (raw file):
python/lib/packet/path_mgmt/rev_info.py, line 67 at r6 (raw file):
Whenever i see this, i always wonder where this is getting called from that the identity of
python/lib/packet/path_mgmt/rev_info.py, line 76 at r6 (raw file):
Suggestion:
python/lib/packet/path_mgmt/rev_info.py, line 118 at r6 (raw file):
This isn't a great check. It will only fire if both ISD and AS are zero.
python/lib/packet/path_mgmt/rev_info.py, line 125 at r6 (raw file):
This should probably be Comments from Reviewable |
Reviewed 4 of 44 files at r6. python/lib/packet/proto_sign.py, line 59 at r2 (raw file): Previously, kormat (Stephen Shirley) wrote…
Tracked by #1524 python/lib/packet/proto_sign.py, line 76 at r6 (raw file):
As timestamp is field python/lib/sciond_api/revocation.py, line 48 at r6 (raw file):
With the updated Comments from Reviewable |
Reviewed 1 of 44 files at r6. python/scion_elem/scion_elem.py, line 1267 at r6 (raw file):
As discussed offline, this will work for now as we don't actually have updating certs yet, but i've filed #1545 to track doing this properly. Add a Comments from Reviewable |
Reviewed 1 of 44 files at r6. python/sciond/sciond.py, line 199 at r1 (raw file):
The simple answer there is to refactor
That way most callers can just catch the base rev info exception and stop processing it, and sciond can look at the exception type to determine what result to return to the client. Unrelatedly, when are revoked segments removed based on revocations received in Comments from Reviewable |
Reviewed 2 of 44 files at r6. python/lib/packet/pcb.py, line 313 at r6 (raw file):
I've just realised - as a path segment doesn't know if it's a core segment or not, you need to pass in another parameter to this method. It could be as simple as python/path_server/base.py, line 188 at r6 (raw file):
python/path_server/base.py, line 237 at r6 (raw file):
python/path_server/base.py, line 256 at r6 (raw file):
This is done in python/path_server/base.py, line 290 at r6 (raw file):
This should also include Comments from Reviewable |
Reviewed 4 of 44 files at r6. python/lib/packet/path_mgmt/rev_info.py, line 59 at r6 (raw file):
There needs to be a check that the signing AS is the same as the revoking AS. Comments from Reviewable |
Reviewed 2 of 44 files at r6. python/beacon_server/base.py, line 715 at r1 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
In this case it would be better to do the line-break after python/beacon_server/base.py, line 746 at r1 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
Oh, excellent point @shitz. We should be caching revocations when we create them, and using those when responding to ifstate requests. Having two places issue revocations is not desirable from an understandability point of view. We could do this by replacing python/beacon_server/base.py, line 536 at r6 (raw file):
Ah. This doesn't actually need to be a copy, as the ownership is being transferred. python/beacon_server/base.py, line 588 at r6 (raw file):
Same applies here - this is done by check_revocation in _handle_revocation. python/beacon_server/base.py, line 698 at r6 (raw file):
As discussed offline, let's do over-lapping revocations. If the existing revocation has <=2s left, issue a new revocation. This prevents a whole class of awkward race-conditions. python/lib/rev_cache.py, line 107 at r1 (raw file):
Using the per-failure-type exceptions would solve that issue. In any case, i'm a lot happier now that My point about AS mismatch appears to have been missed, so i opened a separate comment thread about it on SignedRevInfo.verify. Comments from Reviewable |
Reviewed 1 of 12 files at r4, 4 of 44 files at r6. go/lib/ctrl/path_mgmt/rev_info.go, line 85 at r1 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
Oops, yep :) I've just realised though that go/lib/ctrl/path_mgmt/rev_info.go, line 35 at r6 (raw file):
This can be simpler: go/lib/ctrl/path_mgmt/rev_info.go, line 41 at r6 (raw file):
"Revocation is not in valid window"?
go/lib/pathmgr/pathmgr.go, line 234 at r6 (raw file):
go/lib/pathmgr/pathmgr.go, line 235 at r6 (raw file):
go/lib/pathmgr/pathmgr.go, line 256 at r6 (raw file):
go/lib/sciond/sciond.go, line 309 at r6 (raw file):
go/lib/sciond/types.go, line 237 at r6 (raw file):
SRevInfo Comments from Reviewable |
Review status: 51 of 62 files reviewed at latest revision, 47 unresolved discussions. go/lib/ctrl/path_mgmt/rev_info.go, line 41 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Actually, based on my comment below, the string can be changed to say revocation expired. Comments from Reviewable |
Reviewed 1 of 35 files at r2, 1 of 12 files at r4, 9 of 44 files at r6. go/border/ifstate/ifstate.go, line 72 at r6 (raw file):
go/border/rpkt/path.go, line 106 at r6 (raw file):
The two changes on this line don't look right. The interface is revoked, go/border/rpkt/payload_scmp.go, line 26 at r6 (raw file):
go/border/rpkt/process.go, line 351 at r6 (raw file):
go/border/rpkt/rpkt.go, line 48 at r6 (raw file):
go/lib/ctrl/path_mgmt/ifstate_infos.go, line 53 at r6 (raw file):
go/lib/scmp/info.go, line 173 at r6 (raw file):
Comments from Reviewable |
Review status: 61 of 62 files reviewed at latest revision, 51 unresolved discussions. python/lib/rev_cache.py, line 64 at r6 (raw file):
This is a trap - overlapping revocations will cause the new one to be discarded. Proposal:
(assuming SignedRevInfo implements eq appropriately). Comments from Reviewable |
Reviewed 1 of 44 files at r6. python/lib/rev_cache.py, line 94 at r6 (raw file):
This should be outside the lock. Comments from Reviewable |
Review status: all files reviewed at latest revision, 53 unresolved discussions. go/border/ifstate/ifstate.go, line 72 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/border/rpkt/path.go, line 106 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
What aside from the missing pointer does not look right? go/border/rpkt/payload_scmp.go, line 26 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/border/rpkt/process.go, line 351 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/border/rpkt/rpkt.go, line 48 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/ctrl/path_mgmt/ifstate_infos.go, line 53 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/ctrl/path_mgmt/rev_info.go, line 35 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/ctrl/path_mgmt/rev_info.go, line 41 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/pathmgr/pathmgr.go, line 234 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/pathmgr/pathmgr.go, line 235 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/pathmgr/pathmgr.go, line 256 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/sciond/sciond.go, line 309 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/sciond/types.go, line 237 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/scmp/info.go, line 173 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/integration/base_cli_srv.py, line 135 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/integration/base_cli_srv.py, line 136 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 46 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 67 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. Comments from Reviewable |
Review status: 36 of 63 files reviewed at latest revision, 53 unresolved discussions. python/beacon_server/base.py, line 715 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 746 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 536 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 588 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 698 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/rev_cache.py, line 64 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/rev_cache.py, line 94 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/pcb.py, line 313 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/proto_sign.py, line 76 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
I don't get that? But it needs to be used for the signature? python/lib/packet/path_mgmt/rev_info.py, line 59 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 76 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 118 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 125 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/sciond_api/revocation.py, line 48 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/path_server/base.py, line 188 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/path_server/base.py, line 237 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/path_server/base.py, line 256 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
As discussed, validation before checking presence in python/path_server/base.py, line 290 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/scion_elem/scion_elem.py, line 1267 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/sciond/sciond.py, line 199 at r1 (raw file): Previously, kormat (Stephen Shirley) wrote…
Seems like they are not. Added a helper fct which does the removal. Comments from Reviewable |
eba80fc
to
66988dc
Compare
Reviewed 27 of 27 files at r7. go/border/rpkt/path.go, line 106 at r6 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
A previous version had: "RevInfo for revoked interface" go/lib/pathmgr/pathmgr.go, line 238 at r7 (raw file):
s/sRevInfo/raw/ go/lib/pathmgr/pathmgr.go, line 258 at r7 (raw file):
If this fails, then python/beacon_server/base.py, line 145 at r7 (raw file):
Wait, why a defaultdict? It's just a simple dict, no? python/beacon_server/base.py, line 708 at r7 (raw file):
It would be cleaner to use the TTL in the revinfo itself.
python/lib/packet/pcb.py, line 313 at r7 (raw file):
This is getting hard to follow :) It would be cleaner to just handle it with normal if/else statements rather than trinary. python/lib/packet/proto_sign.py, line 32 at r7 (raw file):
This should be at the end of the file, as it's less fundamental than python/lib/packet/proto_sign.py, line 171 at r7 (raw file):
This shouldn't hard-code the signer src type. python/lib/packet/path_mgmt/rev_info.py, line 39 at r7 (raw file):
This name is too generic given how we do python imports. It ends up as a bare "CertFetchError" in other python code, which gives no hints as where it comes from. python/lib/packet/path_mgmt/rev_info.py, line 44 at r7 (raw file):
The docstring doesn't really match the error name. Same for python/path_server/base.py, line 216 at r7 (raw file):
I'm preeeetty sure this method shouldn't exist. Waiting on @shitz to Explain. python/scion_elem/scion_elem.py, line 1268 at r7 (raw file):
"Failed to fetch cert for SRevInfo" python/sciond/sciond.py, line 440 at r7 (raw file):
The wording here is a bit confusing, it probably also doesn't warrant a
python/sciond/sciond.py, line 454 at r7 (raw file):
This should probably also be Comments from Reviewable |
Review status: 55 of 63 files reviewed at latest revision, 29 unresolved discussions, some commit checks failed. go/border/rpkt/path.go, line 106 at r6 (raw file): Previously, kormat (Stephen Shirley) wrote…
Which is still there, but I think the order was wrong. go/lib/pathmgr/pathmgr.go, line 238 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. go/lib/pathmgr/pathmgr.go, line 258 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 145 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 708 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/pcb.py, line 313 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/proto_sign.py, line 32 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/proto_sign.py, line 171 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 39 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/lib/packet/path_mgmt/rev_info.py, line 44 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Yeah, they were exchanged. python/scion_elem/scion_elem.py, line 1268 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/sciond/sciond.py, line 440 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/sciond/sciond.py, line 454 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. Comments from Reviewable |
- Border Router - SCIOND - Path Server - Beacon Server The hashtree based revocation has been replaced by signed messages.
a1bf6a8
to
5dac9b5
Compare
Review status: 55 of 63 files reviewed at latest revision, 29 unresolved discussions. python/path_server/base.py, line 216 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
According to #1216 it should probably :) Comments from Reviewable |
Review status: 55 of 63 files reviewed at latest revision, 29 unresolved discussions. python/path_server/base.py, line 216 at r7 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
It seems that revocations that are issued from the BS to the PS are sent as part of an Comments from Reviewable |
Reviewed 8 of 8 files at r8. go/border/rpkt/path.go, line 114 at r8 (raw file):
That's an odd phrasing. I'm not sure that a comment is needed in any case, as proto/rev_info.capnp, line 12 at r2 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
@worxli : i had a quick look, and that's fair, we're pretty inconsistent on this. We should really fix that. I'll file an issue, we can leave this as UInt64 for now. (Filed #1548) python/beacon_server/base.py, line 145 at r7 (raw file): Previously, worxli (Lukas Bischofberger) wrote…
python/path_server/base.py, line 216 at r7 (raw file): Previously, shitz wrote…
Filed #1549 Comments from Reviewable |
Review status: 61 of 63 files reviewed at latest revision, 18 unresolved discussions. go/border/rpkt/path.go, line 114 at r8 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. python/beacon_server/base.py, line 145 at r7 (raw file): Previously, kormat (Stephen Shirley) wrote…
Done. Comments from Reviewable |
Reviewed 2 of 2 files at r9. Comments from Reviewable |
Please make sure you update the relevant design doc. Review status: all files reviewed at latest revision, 16 unresolved discussions. Comments from Reviewable |
Review status: all files reviewed at latest revision, all discussions resolved, all commit checks successful. Comments from Reviewable |
This PR includes changes in:
The hashtree based revocation has been replaced by signed messages.
This change is
Benchmarks
Hashtree
Valid proof:
ConnectedHashTree.verify(proof, root)
- 24.05us/opInvalid proof:
ConnectedHashTree.verify(proof, root)
- 27.50us/opSignature
Valid signature:
srev_info.verify(vk)
- 104.28us/opValid signature:
try: srev_info.verify(vk) except: pass
- 126.79us/opInvalid signature:
try: srev_info.verify(vk) except: pass
- 131.24us/op