diff --git a/go/lib/ctrl/drkey/lvl1_req.go b/go/lib/ctrl/drkey/lvl1_req.go index 8a5f53e70f..fb627774c3 100644 --- a/go/lib/ctrl/drkey/lvl1_req.go +++ b/go/lib/ctrl/drkey/lvl1_req.go @@ -28,15 +28,13 @@ import ( // Lvl1Req represents a level 1 request between CS. type Lvl1Req struct { - DstIA addr.IA ValTime time.Time Timestamp time.Time } // NewLvl1Req returns a fresh Lvl1Req -func NewLvl1Req(dstIA addr.IA, valTime time.Time) Lvl1Req { +func NewLvl1Req(valTime time.Time) Lvl1Req { return Lvl1Req{ - DstIA: dstIA, ValTime: valTime, Timestamp: time.Now(), } @@ -53,14 +51,13 @@ func Lvl1reqToProtoRequest(req Lvl1Req) (*dkpb.DRKeyLvl1Request, error) { return nil, serrors.WrapStr("invalid timeStamp from request", err) } return &dkpb.DRKeyLvl1Request{ - DstIa: uint64(req.DstIA.IAInt()), ValTime: valTime, Timestamp: timestamp, }, nil } // GetLvl1KeyFromReply extracts the level 1 drkey from the reply. -func GetLvl1KeyFromReply(rep *dkpb.DRKeyLvl1Response) (drkey.Lvl1Key, error) { +func GetLvl1KeyFromReply(srcIA, dstIA addr.IA, rep *dkpb.DRKeyLvl1Response) (drkey.Lvl1Key, error) { epochBegin, err := ptypes.Timestamp(rep.EpochBegin) if err != nil { @@ -78,8 +75,8 @@ func GetLvl1KeyFromReply(rep *dkpb.DRKeyLvl1Response) (drkey.Lvl1Key, error) { } return drkey.Lvl1Key{ Lvl1Meta: drkey.Lvl1Meta{ - SrcIA: addr.IAInt(rep.SrcIa).IA(), - DstIA: addr.IAInt(rep.DstIa).IA(), + SrcIA: srcIA, + DstIA: dstIA, Epoch: epoch, }, Key: drkey.DRKey(rep.Drkey), @@ -102,8 +99,6 @@ func KeyToLvl1Resp(drkey drkey.Lvl1Key) (*dkpb.DRKeyLvl1Response, error) { } return &dkpb.DRKeyLvl1Response{ - DstIa: uint64(drkey.DstIA.IAInt()), - SrcIa: uint64(drkey.SrcIA.IAInt()), EpochBegin: epochBegin, EpochEnd: epochEnd, Drkey: []byte(drkey.Key), @@ -123,7 +118,6 @@ func RequestToLvl1Req(req *dkpb.DRKeyLvl1Request) (Lvl1Req, error) { } return Lvl1Req{ - DstIA: addr.IAInt(req.DstIa).IA(), ValTime: valTime, Timestamp: timestamp, }, nil diff --git a/go/lib/ctrl/drkey/protobuf_test.go b/go/lib/ctrl/drkey/protobuf_test.go index d21161c283..2764543483 100644 --- a/go/lib/ctrl/drkey/protobuf_test.go +++ b/go/lib/ctrl/drkey/protobuf_test.go @@ -38,16 +38,12 @@ func TestLvl1reqToProtoRequest(t *testing.T) { timestamp, err := ptypes.TimestampProto(now) require.NoError(t, err) - dstIA := xtest.MustParseIA("1-ff00:0:110") - pbReq := &dkpb.DRKeyLvl1Request{ - DstIa: uint64(dstIA.IAInt()), ValTime: valTime, Timestamp: timestamp, } lvl1Req := ctrl.Lvl1Req{ - DstIA: dstIA, ValTime: now, Timestamp: now, } @@ -65,17 +61,13 @@ func TestRequestToLvl1Req(t *testing.T) { timestamp, err := ptypes.TimestampProto(now) require.NoError(t, err) - dstIA := xtest.MustParseIA("1-ff00:0:110").IAInt() - req := &dkpb.DRKeyLvl1Request{ - DstIa: uint64(dstIA), ValTime: valTime, Timestamp: timestamp, } lvl1Req, err := ctrl.RequestToLvl1Req(req) require.NoError(t, err) - assert.Equal(t, xtest.MustParseIA("1-ff00:0:110"), lvl1Req.DstIA) assert.Equal(t, now, lvl1Req.ValTime) assert.Equal(t, now, lvl1Req.Timestamp) } @@ -99,8 +91,6 @@ func TestKeyToLvl1Resp(t *testing.T) { } targetResp := &dkpb.DRKeyLvl1Response{ - DstIa: uint64(dstIA.IAInt()), - SrcIa: uint64(srcIA.IAInt()), EpochBegin: epochBegin, EpochEnd: epochEnd, Drkey: []byte(k), @@ -123,8 +113,6 @@ func TestGetLvl1KeyFromReply(t *testing.T) { k := xtest.MustParseHexString("c584cad32613547c64823c756651b6f5") // just a level 1 key resp := &dkpb.DRKeyLvl1Response{ - DstIa: uint64(dstIA.IAInt()), - SrcIa: uint64(srcIA.IAInt()), EpochBegin: epochBegin, EpochEnd: epochEnd, Drkey: []byte(k), @@ -139,7 +127,7 @@ func TestGetLvl1KeyFromReply(t *testing.T) { Key: k, } - lvl1Key, err := ctrl.GetLvl1KeyFromReply(resp) + lvl1Key, err := ctrl.GetLvl1KeyFromReply(srcIA, dstIA, resp) require.NoError(t, err) assert.Equal(t, targetLvl1Key, lvl1Key) diff --git a/go/lib/drkey/exchange/grpc.go b/go/lib/drkey/exchange/grpc.go index 3604626988..8fc5a00cab 100644 --- a/go/lib/drkey/exchange/grpc.go +++ b/go/lib/drkey/exchange/grpc.go @@ -23,20 +23,16 @@ import ( "github.com/scionproto/scion/go/lib/serrors" ) -func ValitadePeerWithCert(peer *peer.Peer, ia addr.IA) error { +func ExtractIAFromPeer(peer *peer.Peer) (*addr.IA, error) { tlsInfo, ok := peer.AuthInfo.(credentials.TLSInfo) if !ok { - return serrors.New("auth info is not of type TLS info", + return nil, serrors.New("auth info is not of type TLS info", "peer", peer, "authType", peer.AuthInfo.AuthType()) } chain := tlsInfo.State.PeerCertificates certIA, err := cppki.ExtractIA(chain[0].Subject) if err != nil { - return serrors.WrapStr("extracting IA from peer cert", err) + return nil, serrors.WrapStr("extracting IA from peer cert", err) } - if !ia.Equal(*certIA) { - return serrors.New("peer IA from cert and requested IA do not match", - "peer IA", certIA, "req IA", ia) - } - return nil + return certIA, nil } diff --git a/go/pkg/cs/drkey/grpc/drkey_fetcher.go b/go/pkg/cs/drkey/grpc/drkey_fetcher.go index e541157c01..95f5ca92a5 100644 --- a/go/pkg/cs/drkey/grpc/drkey_fetcher.go +++ b/go/pkg/cs/drkey/grpc/drkey_fetcher.go @@ -31,7 +31,8 @@ import ( ) type Lvl1KeyGetter interface { - GetLvl1Key(ctx context.Context, srcIA addr.IA, req *dkpb.DRKeyLvl1Request) (*dkpb.DRKeyLvl1Response, error) + GetLvl1Key(ctx context.Context, srcIA addr.IA, + req *dkpb.DRKeyLvl1Request) (*dkpb.DRKeyLvl1Response, error) } type Lvl1KeyFetcher struct { @@ -41,7 +42,8 @@ type Lvl1KeyFetcher struct { var _ Lvl1KeyGetter = (*Lvl1KeyFetcher)(nil) -func (f Lvl1KeyFetcher) GetLvl1Key(ctx context.Context, srcIA addr.IA, req *dkpb.DRKeyLvl1Request) (*dkpb.DRKeyLvl1Response, error) { +func (f Lvl1KeyFetcher) GetLvl1Key(ctx context.Context, srcIA addr.IA, + req *dkpb.DRKeyLvl1Request) (*dkpb.DRKeyLvl1Response, error) { logger := log.FromCtx(ctx) logger.Info("Resolving server", "srcIA", srcIA.String()) @@ -79,7 +81,7 @@ var _ csdrkey.Fetcher = (*DRKeyFetcher)(nil) func (f DRKeyFetcher) GetLvl1FromOtherCS(ctx context.Context, srcIA, dstIA addr.IA, valTime time.Time) (drkey.Lvl1Key, error) { - lvl1req := ctrl.NewLvl1Req(dstIA, valTime) + lvl1req := ctrl.NewLvl1Req(valTime) req, err := ctrl.Lvl1reqToProtoRequest(lvl1req) if err != nil { return drkey.Lvl1Key{}, @@ -91,15 +93,10 @@ func (f DRKeyFetcher) GetLvl1FromOtherCS(ctx context.Context, return drkey.Lvl1Key{}, err } - lvl1Key, err := ctrl.GetLvl1KeyFromReply(rep) + lvl1Key, err := ctrl.GetLvl1KeyFromReply(srcIA, dstIA, rep) if err != nil { return drkey.Lvl1Key{}, serrors.WrapStr("obtaining level 1 key from reply", err) } - if !(lvl1Key.SrcIA.Equal(srcIA)) { - return drkey.Lvl1Key{}, serrors.New("Response srcIA does not match intended server IA", - "srcIA", lvl1Key.SrcIA.String(), "server IA", srcIA) - } - return lvl1Key, nil } diff --git a/go/pkg/cs/drkey/grpc/drkey_fetcher_test.go b/go/pkg/cs/drkey/grpc/drkey_fetcher_test.go index 771d6e5798..691dc14e6c 100644 --- a/go/pkg/cs/drkey/grpc/drkey_fetcher_test.go +++ b/go/pkg/cs/drkey/grpc/drkey_fetcher_test.go @@ -49,40 +49,22 @@ func TestGetLvl1FromOtherCS(t *testing.T) { "valid": { getter: func(ctrl *gomock.Controller) dk_grpc.Lvl1KeyGetter { rep := &dkpb.DRKeyLvl1Response{ - DstIa: uint64(dstIA.IAInt()), - SrcIa: uint64(srcIA.IAInt()), EpochBegin: epochBegin, EpochEnd: epochEnd, Drkey: key, } getter := mock_grpc.NewMockLvl1KeyGetter(ctrl) - getter.EXPECT().GetLvl1Key(gomock.Any(), gomock.Eq(srcIA), gomock.Any()).Return(rep, nil) + getter.EXPECT().GetLvl1Key(gomock.Any(), gomock.Eq(srcIA), + gomock.Any()).Return(rep, nil) return getter }, assertErr: assert.NoError, }, - "wrong_srcIA_rep": { - getter: func(ctrl *gomock.Controller) dk_grpc.Lvl1KeyGetter { - wrongSrcIA := xtest.MustParseIA("1-ff00:0:110") - rep := &dkpb.DRKeyLvl1Response{ - DstIa: uint64(dstIA.IAInt()), - SrcIa: uint64(wrongSrcIA.IAInt()), - EpochBegin: epochBegin, - EpochEnd: epochEnd, - Drkey: key, - } - getter := mock_grpc.NewMockLvl1KeyGetter(ctrl) - getter.EXPECT().GetLvl1Key(gomock.Any(), gomock.Eq(srcIA), gomock.Any()).Return(rep, nil) - return getter - }, - assertErr: assert.Error, - }, } for name, tc := range testCases { name, tc := name, tc t.Run(name, func(t *testing.T) { - t.Parallel() ctrl := gomock.NewController(t) defer ctrl.Finish() diff --git a/go/pkg/cs/drkey/grpc/drkey_service.go b/go/pkg/cs/drkey/grpc/drkey_service.go index 6b35260fef..1f8346909e 100644 --- a/go/pkg/cs/drkey/grpc/drkey_service.go +++ b/go/pkg/cs/drkey/grpc/drkey_service.go @@ -61,16 +61,16 @@ func (d *DRKeyServer) DRKeyLvl1(ctx context.Context, return nil, err } - // validating peer Subject.IA == req.dstIA - if err = exchange.ValitadePeerWithCert(peer, parsedReq.DstIA); err != nil { - logger.Error("[DRKey gRPC server] Error validating requested dstIA with certicate", + dstIA, err := exchange.ExtractIAFromPeer(peer) + if err != nil { + logger.Error("[DRKey gRPC server] Error retrieving auth info from certicate", "err", err) - return nil, serrors.WrapStr("validating requested dstIA", err) + return nil, serrors.WrapStr("retrieving info from certficate", err) } logger.Debug("[DRKey gRPC server] Received Lvl1 request", - "lvl1_req", parsedReq, "peer", peer.Addr.String()) - lvl1Key, err := d.Store.DeriveLvl1(parsedReq.DstIA, parsedReq.ValTime) + "lvl1_req", parsedReq, "peer", peer.Addr.String(), "IA from cert", (*dstIA).String()) + lvl1Key, err := d.Store.DeriveLvl1(*dstIA, parsedReq.ValTime) if err != nil { logger.Error("Error deriving level 1 key", "err", err) return nil, err diff --git a/go/pkg/cs/drkey/grpc/lvl1_exchange_test.go b/go/pkg/cs/drkey/grpc/lvl1_exchange_test.go index 4a2e909556..1b43b5df54 100644 --- a/go/pkg/cs/drkey/grpc/lvl1_exchange_test.go +++ b/go/pkg/cs/drkey/grpc/lvl1_exchange_test.go @@ -68,7 +68,6 @@ func TestLvl1KeyFetching(t *testing.T) { chain, err := cppki.ReadPEMCerts(crt111File) _ = chain require.NoError(t, err) - ia111 := xtest.MustParseIA("1-ff00:0:111") ctrl := gomock.NewController(t) defer ctrl.Finish() @@ -111,7 +110,7 @@ func TestLvl1KeyFetching(t *testing.T) { client := cppb.NewDRKeyLvl1ServiceClient(conn) - lvl1req := pb_ctrl.NewLvl1Req(ia111, time.Now()) + lvl1req := pb_ctrl.NewLvl1Req(time.Now()) req, err := pb_ctrl.Lvl1reqToProtoRequest(lvl1req) require.NoError(t, err) _, err = client.DRKeyLvl1(context.Background(), req) diff --git a/go/pkg/cs/drkey/service_store.go b/go/pkg/cs/drkey/service_store.go index 2c8ff91c32..d25df49787 100644 --- a/go/pkg/cs/drkey/service_store.go +++ b/go/pkg/cs/drkey/service_store.go @@ -53,6 +53,13 @@ func (s *ServiceStore) GetLvl1Key(ctx context.Context, meta drkey.Lvl1Meta, if meta.SrcIA == s.LocalIA { return s.DeriveLvl1(meta.DstIA, valTime) } + + if meta.DstIA != s.LocalIA { + return drkey.Lvl1Key{}, + serrors.New("Neither srcIA nor dstIA matches localIA", "srcIA", meta.SrcIA, + "dstIA", meta.DstIA, "localIA", s.LocalIA) + } + // look in the DB k, err := s.DB.GetLvl1Key(ctx, meta, util.TimeToSecs(valTime)) if err == nil { diff --git a/go/pkg/proto/drkey/mgmt.pb.go b/go/pkg/proto/drkey/mgmt.pb.go index eb6db61848..ac9eca6ee8 100644 --- a/go/pkg/proto/drkey/mgmt.pb.go +++ b/go/pkg/proto/drkey/mgmt.pb.go @@ -31,9 +31,8 @@ type DRKeyLvl1Request struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - DstIa uint64 `protobuf:"varint,1,opt,name=dst_ia,json=dstIa,proto3" json:"dst_ia,omitempty"` - ValTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=val_time,json=valTime,proto3" json:"val_time,omitempty"` - Timestamp *timestamp.Timestamp `protobuf:"bytes,3,opt,name=timestamp,proto3" json:"timestamp,omitempty"` + ValTime *timestamp.Timestamp `protobuf:"bytes,1,opt,name=val_time,json=valTime,proto3" json:"val_time,omitempty"` + Timestamp *timestamp.Timestamp `protobuf:"bytes,2,opt,name=timestamp,proto3" json:"timestamp,omitempty"` } func (x *DRKeyLvl1Request) Reset() { @@ -68,13 +67,6 @@ func (*DRKeyLvl1Request) Descriptor() ([]byte, []int) { return file_proto_drkey_mgmt_v1_mgmt_proto_rawDescGZIP(), []int{0} } -func (x *DRKeyLvl1Request) GetDstIa() uint64 { - if x != nil { - return x.DstIa - } - return 0 -} - func (x *DRKeyLvl1Request) GetValTime() *timestamp.Timestamp { if x != nil { return x.ValTime @@ -94,12 +86,10 @@ type DRKeyLvl1Response struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - DstIa uint64 `protobuf:"varint,1,opt,name=dst_ia,json=dstIa,proto3" json:"dst_ia,omitempty"` - SrcIa uint64 `protobuf:"varint,2,opt,name=src_ia,json=srcIa,proto3" json:"src_ia,omitempty"` - EpochBegin *timestamp.Timestamp `protobuf:"bytes,3,opt,name=epoch_begin,json=epochBegin,proto3" json:"epoch_begin,omitempty"` - EpochEnd *timestamp.Timestamp `protobuf:"bytes,4,opt,name=epoch_end,json=epochEnd,proto3" json:"epoch_end,omitempty"` - Drkey []byte `protobuf:"bytes,5,opt,name=drkey,proto3" json:"drkey,omitempty"` - Timestamp *timestamp.Timestamp `protobuf:"bytes,6,opt,name=timestamp,proto3" json:"timestamp,omitempty"` + EpochBegin *timestamp.Timestamp `protobuf:"bytes,1,opt,name=epoch_begin,json=epochBegin,proto3" json:"epoch_begin,omitempty"` + EpochEnd *timestamp.Timestamp `protobuf:"bytes,2,opt,name=epoch_end,json=epochEnd,proto3" json:"epoch_end,omitempty"` + Drkey []byte `protobuf:"bytes,3,opt,name=drkey,proto3" json:"drkey,omitempty"` + Timestamp *timestamp.Timestamp `protobuf:"bytes,4,opt,name=timestamp,proto3" json:"timestamp,omitempty"` } func (x *DRKeyLvl1Response) Reset() { @@ -134,20 +124,6 @@ func (*DRKeyLvl1Response) Descriptor() ([]byte, []int) { return file_proto_drkey_mgmt_v1_mgmt_proto_rawDescGZIP(), []int{1} } -func (x *DRKeyLvl1Response) GetDstIa() uint64 { - if x != nil { - return x.DstIa - } - return 0 -} - -func (x *DRKeyLvl1Response) GetSrcIa() uint64 { - if x != nil { - return x.SrcIa - } - return 0 -} - func (x *DRKeyLvl1Response) GetEpochBegin() *timestamp.Timestamp { if x != nil { return x.EpochBegin @@ -421,77 +397,73 @@ var file_proto_drkey_mgmt_v1_mgmt_proto_rawDesc = []byte{ 0x12, 0x13, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x64, 0x72, 0x6b, 0x65, 0x79, 0x2e, 0x6d, 0x67, 0x6d, 0x74, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9a, 0x01, 0x0a, 0x10, 0x44, 0x52, 0x4b, 0x65, 0x79, - 0x4c, 0x76, 0x6c, 0x31, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x15, 0x0a, 0x06, 0x64, - 0x73, 0x74, 0x5f, 0x69, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x64, 0x73, 0x74, - 0x49, 0x61, 0x12, 0x35, 0x0a, 0x08, 0x76, 0x61, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, - 0x52, 0x07, 0x76, 0x61, 0x6c, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, - 0x61, 0x6d, 0x70, 0x22, 0x87, 0x02, 0x0a, 0x11, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x4c, 0x76, 0x6c, - 0x31, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x15, 0x0a, 0x06, 0x64, 0x73, 0x74, - 0x5f, 0x69, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x64, 0x73, 0x74, 0x49, 0x61, - 0x12, 0x15, 0x0a, 0x06, 0x73, 0x72, 0x63, 0x5f, 0x69, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x05, 0x73, 0x72, 0x63, 0x49, 0x61, 0x12, 0x3b, 0x0a, 0x0b, 0x65, 0x70, 0x6f, 0x63, 0x68, - 0x5f, 0x62, 0x65, 0x67, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x42, - 0x65, 0x67, 0x69, 0x6e, 0x12, 0x37, 0x0a, 0x09, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x5f, 0x65, 0x6e, - 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x83, 0x01, 0x0a, 0x10, 0x44, 0x52, 0x4b, 0x65, 0x79, + 0x4c, 0x76, 0x6c, 0x31, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x35, 0x0a, 0x08, 0x76, + 0x61, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, 0x76, 0x61, 0x6c, 0x54, 0x69, + 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, + 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xd9, 0x01, 0x0a, + 0x11, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x4c, 0x76, 0x6c, 0x31, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x0b, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x5f, 0x62, 0x65, 0x67, 0x69, + 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, - 0x61, 0x6d, 0x70, 0x52, 0x08, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x45, 0x6e, 0x64, 0x12, 0x14, 0x0a, - 0x05, 0x64, 0x72, 0x6b, 0x65, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x64, 0x72, - 0x6b, 0x65, 0x79, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x42, 0x65, 0x67, 0x69, 0x6e, 0x12, + 0x37, 0x0a, 0x09, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x5f, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x08, + 0x65, 0x70, 0x6f, 0x63, 0x68, 0x45, 0x6e, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x64, 0x72, 0x6b, 0x65, + 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x64, 0x72, 0x6b, 0x65, 0x79, 0x12, 0x38, + 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, + 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x8f, 0x03, 0x0a, 0x10, 0x44, 0x52, 0x4b, + 0x65, 0x79, 0x4c, 0x76, 0x6c, 0x32, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, + 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x65, 0x71, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x72, 0x65, 0x71, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x35, 0x0a, 0x08, 0x76, 0x61, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, - 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x8f, 0x03, - 0x0a, 0x10, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x4c, 0x76, 0x6c, 0x32, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x19, - 0x0a, 0x08, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x07, 0x72, 0x65, 0x71, 0x54, 0x79, 0x70, 0x65, 0x12, 0x35, 0x0a, 0x08, 0x76, 0x61, 0x6c, - 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, - 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, 0x76, 0x61, 0x6c, 0x54, 0x69, 0x6d, 0x65, - 0x12, 0x15, 0x0a, 0x06, 0x73, 0x72, 0x63, 0x5f, 0x69, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x05, 0x73, 0x72, 0x63, 0x49, 0x61, 0x12, 0x15, 0x0a, 0x06, 0x64, 0x73, 0x74, 0x5f, 0x69, - 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x64, 0x73, 0x74, 0x49, 0x61, 0x12, 0x4a, - 0x0a, 0x08, 0x73, 0x72, 0x63, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x2f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x64, 0x72, 0x6b, 0x65, 0x79, 0x2e, 0x6d, - 0x67, 0x6d, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x4c, 0x76, 0x6c, 0x32, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x48, 0x6f, 0x73, - 0x74, 0x52, 0x07, 0x73, 0x72, 0x63, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x4a, 0x0a, 0x08, 0x64, 0x73, - 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x64, 0x72, 0x6b, 0x65, 0x79, 0x2e, 0x6d, 0x67, 0x6d, 0x74, 0x2e, - 0x76, 0x31, 0x2e, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x4c, 0x76, 0x6c, 0x32, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x2e, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x07, 0x64, - 0x73, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x69, 0x73, 0x63, 0x18, 0x08, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x6d, 0x69, 0x73, 0x63, 0x1a, 0x33, 0x0a, 0x09, 0x44, 0x52, - 0x4b, 0x65, 0x79, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, - 0x6f, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x22, - 0xed, 0x01, 0x0a, 0x11, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x4c, 0x76, 0x6c, 0x32, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, - 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, - 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, - 0x14, 0x0a, 0x05, 0x64, 0x72, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, - 0x64, 0x72, 0x6b, 0x65, 0x79, 0x12, 0x3b, 0x0a, 0x0b, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x5f, 0x62, - 0x65, 0x67, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x42, 0x65, 0x67, - 0x69, 0x6e, 0x12, 0x37, 0x0a, 0x09, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x5f, 0x65, 0x6e, 0x64, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x6d, 0x70, 0x52, 0x07, 0x76, 0x61, 0x6c, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x15, 0x0a, 0x06, 0x73, + 0x72, 0x63, 0x5f, 0x69, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x73, 0x72, 0x63, + 0x49, 0x61, 0x12, 0x15, 0x0a, 0x06, 0x64, 0x73, 0x74, 0x5f, 0x69, 0x61, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x04, 0x52, 0x05, 0x64, 0x73, 0x74, 0x49, 0x61, 0x12, 0x4a, 0x0a, 0x08, 0x73, 0x72, 0x63, + 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2e, 0x64, 0x72, 0x6b, 0x65, 0x79, 0x2e, 0x6d, 0x67, 0x6d, 0x74, 0x2e, 0x76, + 0x31, 0x2e, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x4c, 0x76, 0x6c, 0x32, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x2e, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x07, 0x73, 0x72, + 0x63, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x4a, 0x0a, 0x08, 0x64, 0x73, 0x74, 0x5f, 0x68, 0x6f, 0x73, + 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, + 0x64, 0x72, 0x6b, 0x65, 0x79, 0x2e, 0x6d, 0x67, 0x6d, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x52, + 0x4b, 0x65, 0x79, 0x4c, 0x76, 0x6c, 0x32, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x44, + 0x52, 0x4b, 0x65, 0x79, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x07, 0x64, 0x73, 0x74, 0x48, 0x6f, 0x73, + 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x69, 0x73, 0x63, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x04, 0x6d, 0x69, 0x73, 0x63, 0x1a, 0x33, 0x0a, 0x09, 0x44, 0x52, 0x4b, 0x65, 0x79, 0x48, 0x6f, + 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x22, 0xed, 0x01, 0x0a, 0x11, 0x44, + 0x52, 0x4b, 0x65, 0x79, 0x4c, 0x76, 0x6c, 0x32, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, + 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x14, 0x0a, 0x05, 0x64, 0x72, + 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x64, 0x72, 0x6b, 0x65, 0x79, + 0x12, 0x3b, 0x0a, 0x0b, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x5f, 0x62, 0x65, 0x67, 0x69, 0x6e, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x52, 0x08, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x45, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6d, - 0x69, 0x73, 0x63, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x6d, 0x69, 0x73, 0x63, 0x42, - 0x30, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x63, - 0x69, 0x6f, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x63, 0x69, 0x6f, 0x6e, 0x2f, 0x67, - 0x6f, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x64, 0x72, 0x6b, 0x65, - 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x52, 0x0a, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x42, 0x65, 0x67, 0x69, 0x6e, 0x12, 0x37, 0x0a, + 0x09, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x5f, 0x65, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x08, 0x65, 0x70, + 0x6f, 0x63, 0x68, 0x45, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x69, 0x73, 0x63, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x6d, 0x69, 0x73, 0x63, 0x42, 0x30, 0x5a, 0x2e, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x63, 0x69, 0x6f, 0x6e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x63, 0x69, 0x6f, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6b, 0x67, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x64, 0x72, 0x6b, 0x65, 0x79, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/drkey/mgmt/v1/mgmt.proto b/proto/drkey/mgmt/v1/mgmt.proto index ff5d877f32..1b86ec6ef2 100644 --- a/proto/drkey/mgmt/v1/mgmt.proto +++ b/proto/drkey/mgmt/v1/mgmt.proto @@ -20,29 +20,27 @@ package proto.drkey.mgmt.v1; import "google/protobuf/timestamp.proto"; +// DRKeyLvl1Request leaves out the 'dstIA' field which can be extracted from +// the transport itself (ideally from authenticated information). message DRKeyLvl1Request{ - // Dst ISD-AS of the requested DRKey - uint64 dst_ia = 1; // Point in time where requested DRKey is valid. Used to identify the epoch - google.protobuf.Timestamp val_time = 2; + google.protobuf.Timestamp val_time = 1; // Point in time when the request was created - google.protobuf.Timestamp timestamp = 3; + google.protobuf.Timestamp timestamp = 2; } +// DRKeyLvl1Response leaves out the 'dstIA' and 'srcIA' fields which can be +// extracted from the transport itself (ideally from authenticated information). message DRKeyLvl1Response{ - // Dst ISD-AS of the DRKey - uint64 dst_ia = 1; - // src ISD-AS of the DRKey - uint64 src_ia = 2; // Begin of validity period of DRKey - google.protobuf.Timestamp epoch_begin = 3; + google.protobuf.Timestamp epoch_begin = 1; // End of validity period of DRKey - google.protobuf.Timestamp epoch_end = 4; + google.protobuf.Timestamp epoch_end = 2; // Lvl1 DRKey - bytes drkey = 5; + bytes drkey = 3; // Creation time of this reply - google.protobuf.Timestamp timestamp = 6; + google.protobuf.Timestamp timestamp = 4; } message DRKeyLvl2Request{