Implement auditor-server protocol #182
Conversation
masomel
changed the title
protocol/auditlog.go
Outdated
|
|
||
| // Since the str[0] is pinned in the audit log | ||
| // expect that STR[0].Epoch is at least 1 | ||
| if strs.STR[0].Epoch < 1 { |
There was a problem hiding this comment.
Wouldn't this be covered in AuditDirectory()? And I suppose an auditor should be able to request an STR range starting from epoch 0.
There was a problem hiding this comment.
You're right, this case is covered in the str.Epoch == verifiedSTR.Epoch case in AuditDirectory(). What I wanted to avoid is re-inserting str[0], but if the checks pass, it wouldn't matter anyway.
| @@ -105,7 +106,7 @@ func (a *AudState) checkSTRAgainstVerified(str *DirSTR) error { | |||
| return CheckBadSTR | |||
| } | |||
|
|
|||
| return nil | |||
There was a problem hiding this comment.
Do you mean only for this function because it's only a helper function, or in all the cases in which I replaced nil with CheckPassed? I feel like it would definitely make sense to return CheckPassed from AuditDirectory() at least.
protocol/auditlog.go
Outdated
| // Audit checks that a directory's STR history | ||
| // is linear and updates the auditor's state | ||
| // is linear and updates the audtor's state |
protocol/auditlog.go
Outdated
| // TODO: Implement as part of the auditor-server protocol | ||
| return CheckPassed | ||
| if err := msg.validate(); err != nil { | ||
| return err.(ErrorCode) |
protocol/auditlog.go
Outdated
| func (l ConiksAuditLog) Insert(addr string, signKey sign.PublicKey, | ||
| // InitHistory() is called by an auditor when it initializes its state | ||
| // from disk (either first-time startup, or after reboot). | ||
| func (l ConiksAuditLog) InitHistory(addr string, signKey sign.PublicKey, | ||
| snaps []*DirSTR) error { | ||
| // make sure we're getting an initial STR at the very least | ||
| if len(snaps) < 1 || snaps[0].Epoch != 0 { |
There was a problem hiding this comment.
I think we should compare snaps[0] with the pinned STR, no?
There was a problem hiding this comment.
snaps[0] is the pinned STR. As the documentation describes, this function is called when the auditor first starts up, so the very first time that auditor is launched, it will read the pinned STR from disk and pass it into InitHistory through the snaps parameter.
There was a problem hiding this comment.
Ahh sorry, I missed that part. Thanks!
There was a problem hiding this comment.
No problem! I can make this clearer in the documentation.
| @@ -133,7 +133,7 @@ func (cc *ConsistencyChecks) updateSTR(requestType int, msg *Response) error { | |||
| // The initial STR is pinned in the client | |||
| // so cc.verifiedSTR should never be nil | |||
| // FIXME: use STR slice from Response msg | |||
| if err := cc.AuditDirectory([]*DirSTR{str}); err != nil { | |||
| if err := cc.AuditDirectory([]*DirSTR{str}); err != CheckPassed { | |||
There was a problem hiding this comment.
I will remove this CheckPassed later (nil is more idiomatic Go), so I think we can leave it as it was.
There was a problem hiding this comment.
I think for CONIKS, though, CheckPassed is a clearer return value for the AuditDirectory check than nil.
It seems I misunderstood. If you're removing CheckPassed altogether, that seems fine to me.
protocol/directory.go
Outdated
| // the epoch range [startEpoch, endEpoch], where startEpoch | ||
| // and endEpoch are the epoch range endpoints indicated in the client's | ||
| // request. If req.endEpoch is greater than d.LatestSTR().Epoch or | ||
| // omitted in req, the end of the range will be set to d.LatestSTR().Epoch. |
There was a problem hiding this comment.
We haven't checked if req.endEpoch is omitted in "MonitoringRequest", so should we change the range request to something like [Epoch, Range] where Epoch is StartEpoch and Range is the maximum number of epochs to return?
protocol/message.go
Outdated
| @@ -135,7 +149,8 @@ type DirectoryProof struct { | |||
| // STR representing a range of the STR hash chain. If the range only | |||
| // covers the latest epoch, the list only contains a single STR. | |||
| // A CONIKS auditor returns this DirectoryResponse type upon an | |||
| // AudutingRequest. | |||
| // AudutingRequest from a client, and a CONIKS directory returns | |||
vqhuy
force-pushed
the
auditor-server
branch
from
ac3a89e
to
d13b1ea
Compare
vqhuy
force-pushed
the
auditor-server
branch
from
d13b1ea
to
76ae044
Compare
Part of #151
TODO: