tka: implement State and applying AUMs

Signed-off-by: Tom DNetto <tom@tailscale.com>
pull/5025/head
Tom DNetto 2 years ago committed by Tom
parent 1cfd96cdc2
commit 3709074e55

@ -7,6 +7,7 @@ package tka
import ( import (
"bytes" "bytes"
"crypto/ed25519" "crypto/ed25519"
"encoding/binary"
"errors" "errors"
"fmt" "fmt"
@ -104,8 +105,7 @@ type AUM struct {
// State describes the full state of the key authority. // State describes the full state of the key authority.
// This field is used for Checkpoint AUMs. // This field is used for Checkpoint AUMs.
// TODO(tom): Use type *State once a future PR brings in that type. State *State `cbor:"5,keyasint,omitempty"`
State interface{} `cbor:"5,keyasint,omitempty"`
// DisablementSecret is used to transmit a secret for disabling // DisablementSecret is used to transmit a secret for disabling
// the TKA. // the TKA.
@ -122,6 +122,13 @@ type AUM struct {
Signatures []Signature `cbor:"23,keyasint,omitempty"` Signatures []Signature `cbor:"23,keyasint,omitempty"`
} }
// Upper bound on checkpoint elements, chosen arbitrarily. Intended to
// cap out insanely large AUMs.
const (
maxDisablementSecrets = 32
maxKeys = 512
)
// StaticValidate returns a nil error if the AUM is well-formed. // StaticValidate returns a nil error if the AUM is well-formed.
func (a *AUM) StaticValidate() error { func (a *AUM) StaticValidate() error {
if a.Key != nil { if a.Key != nil {
@ -138,7 +145,36 @@ func (a *AUM) StaticValidate() error {
} }
} }
// TODO(tom): Validate State once a future PR brings in that type. if a.State != nil {
if len(a.State.LastAUMHash) != 0 {
return errors.New("checkpoint state cannot specify a parent AUM")
}
if len(a.State.DisablementSecrets) == 0 {
return errors.New("at least one disablement secret required")
}
if numDS := len(a.State.DisablementSecrets); numDS > maxDisablementSecrets {
return fmt.Errorf("too many disablement secrets (%d, max %d)", numDS, maxDisablementSecrets)
}
for i, ds := range a.State.DisablementSecrets {
if len(ds) != disablementLength {
return fmt.Errorf("disablement[%d]: invalid length (got %d, want %d)", i, len(ds), disablementLength)
}
}
// TODO(tom): Check for duplicate disablement secrets.
if len(a.State.Keys) == 0 {
return errors.New("at least one key is required")
}
if numKeys := len(a.State.Keys); numKeys > maxKeys {
return fmt.Errorf("too many keys (%d, max %d)", numKeys, maxKeys)
}
for i, k := range a.State.Keys {
if err := k.StaticValidate(); err != nil {
return fmt.Errorf("key[%d]: %v", i, err)
}
}
// TODO(tom): Check for duplicate keys.
}
switch a.MessageKind { switch a.MessageKind {
case AUMAddKey: case AUMAddKey:
@ -253,4 +289,50 @@ func (a *AUM) sign25519(priv ed25519.PrivateKey) {
}) })
} }
// TODO(tom): Implement Weight() once a future PR brings in the State type. // Weight computes the 'signature weight' of the AUM
// based on keys in the state machine. The caller must
// ensure that all signatures are valid.
//
// More formally: W = Sum(key.votes)
//
// AUMs with a higher weight than their siblings
// are preferred when resolving forks in the AUM chain.
func (a *AUM) Weight(state State) uint {
var weight uint
// Track the keys that have already been used, so two
// signatures with the same key do not result in 2x
// the weight.
//
// We use the first 8 bytes as the key for this map,
// because KeyIDs are either a blake2s hash or
// the 25519 public key, both of which approximate
// random distribution.
seenKeys := make(map[uint64]struct{}, 6)
for _, sig := range a.Signatures {
if len(sig.KeyID) < 8 {
// Invalid, don't count it
continue
}
keyID := binary.LittleEndian.Uint64(sig.KeyID)
key, err := state.GetKey(sig.KeyID)
if err != nil {
if err == ErrNoSuchKey {
// Signatures with an unknown key do not contribute
// to the weight.
continue
}
panic(err)
}
if _, seen := seenKeys[keyID]; seen {
continue
}
weight += key.Votes
seenKeys[keyID] = struct{}{}
}
return weight
}

@ -10,10 +10,12 @@ import (
"github.com/fxamacker/cbor/v2" "github.com/fxamacker/cbor/v2"
"github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp"
"golang.org/x/crypto/blake2s"
) )
func TestSerialization(t *testing.T) { func TestSerialization(t *testing.T) {
uint2 := uint(2) uint2 := uint(2)
var fakeAUMHash AUMHash
tcs := []struct { tcs := []struct {
Name string Name string
@ -94,44 +96,45 @@ func TestSerialization(t *testing.T) {
0x04, // |- major type 0 (int), value 4 (byte 4) 0x04, // |- major type 0 (int), value 4 (byte 4)
}, },
}, },
// TODO(tom): Uncomment once a future PR brings in the State type. {
// { "Checkpoint",
// "Checkpoint", AUM{MessageKind: AUMCheckpoint, PrevAUMHash: []byte{1, 2}, State: &State{
// AUM{MessageKind: AUMCheckpoint, PrevAUMHash: []byte{1, 2}, State: &State{ LastAUMHash: &fakeAUMHash,
// LastAUMHash: []byte{3, 4}, Keys: []Key{
// Keys: []Key{ {Kind: Key25519, Public: []byte{5, 6}},
// {Kind: Key25519, Public: []byte{5, 6}}, },
// }, }},
// }}, append(
// []byte{ append([]byte{
// 0xa3, // major type 5 (map), 3 items 0xa3, // major type 5 (map), 3 items
// 0x01, // |- major type 0 (int), value 1 (first key, MessageKind) 0x01, // |- major type 0 (int), value 1 (first key, MessageKind)
// 0x06, // |- major type 0 (int), value 6 (first value, AUMCheckpoint) 0x06, // |- major type 0 (int), value 6 (first value, AUMCheckpoint)
// 0x02, // |- major type 0 (int), value 2 (second key, PrevAUMHash) 0x02, // |- major type 0 (int), value 2 (second key, PrevAUMHash)
// 0x42, // |- major type 2 (byte string), 2 items (second value) 0x42, // |- major type 2 (byte string), 2 items (second value)
// 0x01, // |- major type 0 (int), value 1 (byte 1) 0x01, // |- major type 0 (int), value 1 (byte 1)
// 0x02, // |- major type 0 (int), value 2 (byte 2) 0x02, // |- major type 0 (int), value 2 (byte 2)
// 0x05, // |- major type 0 (int), value 5 (third key, State) 0x05, // |- major type 0 (int), value 5 (third key, State)
// 0xa3, // |- major type 5 (map), 3 items (third value, State type) 0xa3, // |- major type 5 (map), 3 items (third value, State type)
// 0x01, // |- major type 0 (int), value 1 (first key, LastAUMHash) 0x01, // |- major type 0 (int), value 1 (first key, LastAUMHash)
// 0x42, // |- major type 2 (byte string), 2 items (first value) 0x58, 0x20, // |- major type 2 (byte string), 32 items (first value)
// 0x03, // |- major type 0 (int), value 3 (byte 3) },
// 0x04, // |- major type 0 (int), value 4 (byte 4) bytes.Repeat([]byte{0}, 32)...),
// 0x02, // |- major type 0 (int), value 2 (second key, DisablementSecrets) []byte{
// 0xf6, // |- major type 7 (val), value null (second value, nil) 0x02, // |- major type 0 (int), value 2 (second key, DisablementSecrets)
// 0x03, // |- major type 0 (int), value 3 (third key, Keys) 0xf6, // |- major type 7 (val), value null (second value, nil)
// 0x81, // |- major type 4 (array), value 1 (one item in array) 0x03, // |- major type 0 (int), value 3 (third key, Keys)
// 0xa3, // |- major type 5 (map), 3 items (Key type) 0x81, // |- major type 4 (array), value 1 (one item in array)
// 0x01, // |- major type 0 (int), value 1 (first key, Kind) 0xa3, // |- major type 5 (map), 3 items (Key type)
// 0x01, // |- major type 0 (int), value 1 (first value, Key25519) 0x01, // |- major type 0 (int), value 1 (first key, Kind)
// 0x02, // |- major type 0 (int), value 2 (second key, Votes) 0x01, // |- major type 0 (int), value 1 (first value, Key25519)
// 0x00, // |- major type 0 (int), value 0 (second value, 0) 0x02, // |- major type 0 (int), value 2 (second key, Votes)
// 0x03, // |- major type 0 (int), value 3 (third key, Public) 0x00, // |- major type 0 (int), value 0 (second value, 0)
// 0x42, // |- major type 2 (byte string), 2 items (third value) 0x03, // |- major type 0 (int), value 3 (third key, Public)
// 0x05, // |- major type 0 (int), value 5 (byte 5) 0x42, // |- major type 2 (byte string), 2 items (third value)
// 0x06, // |- major type 0 (int), value 6 (byte 6) 0x05, // |- major type 0 (int), value 5 (byte 5)
// }, 0x06, // |- major type 0 (int), value 6 (byte 6)
// }, }...),
},
{ {
"Signature", "Signature",
AUM{MessageKind: AUMAddKey, Signatures: []Signature{{KeyID: []byte{1}}}}, AUM{MessageKind: AUMAddKey, Signatures: []Signature{{KeyID: []byte{1}}}},
@ -171,6 +174,77 @@ func TestSerialization(t *testing.T) {
} }
} }
func TestAUMWeight(t *testing.T) {
var fakeKeyID [blake2s.Size]byte
testingRand(t, 1).Read(fakeKeyID[:])
pub, _ := testingKey25519(t, 1)
key := Key{Kind: Key25519, Public: pub, Votes: 2}
pub, _ = testingKey25519(t, 2)
key2 := Key{Kind: Key25519, Public: pub, Votes: 2}
tcs := []struct {
Name string
AUM AUM
State State
Want uint
}{
{
"Empty",
AUM{},
State{},
0,
},
{
"Key unknown",
AUM{
Signatures: []Signature{{KeyID: fakeKeyID[:]}},
},
State{},
0,
},
{
"Unary key",
AUM{
Signatures: []Signature{{KeyID: key.ID()}},
},
State{
Keys: []Key{key},
},
2,
},
{
"Multiple keys",
AUM{
Signatures: []Signature{{KeyID: key.ID()}, {KeyID: key2.ID()}},
},
State{
Keys: []Key{key, key2},
},
4,
},
{
"Double use",
AUM{
Signatures: []Signature{{KeyID: key.ID()}, {KeyID: key.ID()}},
},
State{
Keys: []Key{key},
},
2,
},
}
for _, tc := range tcs {
t.Run(tc.Name, func(t *testing.T) {
got := tc.AUM.Weight(tc.State)
if got != tc.Want {
t.Errorf("Weight() = %d, want %d", got, tc.Want)
}
})
}
}
func TestAUMHashes(t *testing.T) { func TestAUMHashes(t *testing.T) {
// .Hash(): a hash over everything. // .Hash(): a hash over everything.
// .SigHash(): a hash over everything except the signatures. // .SigHash(): a hash over everything except the signatures.

@ -51,6 +51,29 @@ type Key struct {
Meta map[string]string `cbor:"12,keyasint,omitempty"` Meta map[string]string `cbor:"12,keyasint,omitempty"`
} }
// Clone makes an independent copy of Key.
//
// NOTE: There is a difference between a nil slice and an empty
// slice for encoding purposes, so an implementation of Clone()
// must take care to preserve this.
func (k Key) Clone() Key {
out := k
if k.Public != nil {
out.Public = make([]byte, len(k.Public))
copy(out.Public, k.Public)
}
if k.Meta != nil {
out.Meta = make(map[string]string, len(k.Meta))
for k, v := range k.Meta {
out.Meta[k] = v
}
}
return out
}
func (k Key) ID() KeyID { func (k Key) ID() KeyID {
switch k.Kind { switch k.Kind {
// Because 25519 public keys are so short, we just use the 32-byte // Because 25519 public keys are so short, we just use the 32-byte

@ -0,0 +1,204 @@
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package tka
import (
"bytes"
"errors"
"fmt"
"golang.org/x/crypto/argon2"
)
// ErrNoSuchKey is returned if the key referenced by a KeyID does not exist.
var ErrNoSuchKey = errors.New("key not found")
// State describes Tailnet Key Authority state at an instant in time.
//
// State is mutated by applying Authority Update Messages (AUMs), resulting
// in a new State.
type State struct {
// LastAUMHash is the blake2s digest of the last-applied AUM.
// Because AUMs are strictly ordered and form a hash chain, we
// check the previous AUM hash in an update we are applying
// is the same as the LastAUMHash.
LastAUMHash *AUMHash `cbor:"1,keyasint"`
// DisablementSecrets are KDF-derived values which can be used
// to turn off the TKA in the event of a consensus-breaking bug.
// An AUM of type DisableNL should contain a secret when results
// in one of these values when run through the disablement KDF.
//
// TODO(tom): This is an alpha feature, remove this mechanism once
// we have confidence in our implementation.
DisablementSecrets [][]byte `cbor:"2,keyasint"`
// Keys are the public keys currently trusted by the TKA.
Keys []Key `cbor:"3,keyasint"`
}
// GetKey returns the trusted key with the specified KeyID.
func (s State) GetKey(key KeyID) (Key, error) {
for _, k := range s.Keys {
if bytes.Equal(k.ID(), key) {
return k, nil
}
}
return Key{}, ErrNoSuchKey
}
// Clone makes an independent copy of State.
//
// NOTE: There is a difference between a nil slice and an empty
// slice for encoding purposes, so an implementation of Clone()
// must take care to preserve this.
func (s State) Clone() State {
out := State{}
if s.LastAUMHash != nil {
dupe := *s.LastAUMHash
out.LastAUMHash = &dupe
}
if s.DisablementSecrets != nil {
out.DisablementSecrets = make([][]byte, len(s.DisablementSecrets))
for i := range s.DisablementSecrets {
out.DisablementSecrets[i] = make([]byte, len(s.DisablementSecrets[i]))
copy(out.DisablementSecrets[i], s.DisablementSecrets[i])
}
}
if s.Keys != nil {
out.Keys = make([]Key, len(s.Keys))
for i := range s.Keys {
out.Keys[i] = s.Keys[i].Clone()
}
}
return out
}
// cloneForUpdate is like Clone, except LastAUMHash is set based
// on the hash of the given update.
func (s State) cloneForUpdate(update *AUM) State {
out := s.Clone()
aumHash := update.Hash()
out.LastAUMHash = &aumHash
return out
}
const disablementLength = 32
var disablementSalt = []byte("tailscale network-lock disablement salt")
func disablementKDF(secret []byte) []byte {
// time = 4 (3 recommended, booped to 4 to compensate for less memory)
// memory = 16 (32 recommended)
// threads = 4
// keyLen = 32 (256 bits)
return argon2.Key(secret, disablementSalt, 4, 16*1024, 4, disablementLength)
}
// checkDisablement returns true for a valid disablement secret.
func (s State) checkDisablement(secret []byte) bool {
derived := disablementKDF(secret)
for _, candidate := range s.DisablementSecrets {
if bytes.Equal(derived, candidate) {
return true
}
}
return false
}
// parentMatches returns true if an AUM can chain to (be applied)
// to the current state.
//
// Specifically, the rules are:
// - The last AUM hash must match (transitively, this implies that this
// update follows the last update message applied to the state machine)
// - Or, the state machine knows no parent (its brand new).
func (s State) parentMatches(update AUM) bool {
if s.LastAUMHash == nil {
return true
}
return bytes.Equal(s.LastAUMHash[:], update.PrevAUMHash)
}
// applyVerifiedAUM computes a new state based on the update provided.
//
// The provided update MUST be verified: That is, the AUM must be well-formed
// (as defined by StaticValidate()), and signatures over the AUM must have
// been verified.
func (s State) applyVerifiedAUM(update AUM) (State, error) {
// Validate that the update message has the right parent.
if !s.parentMatches(update) {
return State{}, errors.New("parent AUMHash mismatch")
}
switch update.MessageKind {
case AUMNoOp:
out := s.cloneForUpdate(&update)
return out, nil
case AUMCheckpoint:
return update.State.cloneForUpdate(&update), nil
case AUMAddKey:
if _, err := s.GetKey(update.Key.ID()); err == nil {
return State{}, errors.New("key already exists")
}
out := s.cloneForUpdate(&update)
out.Keys = append(out.Keys, *update.Key)
return out, nil
case AUMUpdateKey:
k, err := s.GetKey(update.KeyID)
if err != nil {
return State{}, err
}
if update.Votes != nil {
k.Votes = *update.Votes
}
if update.Meta != nil {
k.Meta = update.Meta
}
out := s.cloneForUpdate(&update)
for i := range out.Keys {
if bytes.Equal(out.Keys[i].ID(), update.KeyID) {
out.Keys[i] = k
}
}
return out, nil
case AUMRemoveKey:
idx := -1
for i := range s.Keys {
if bytes.Equal(update.KeyID, s.Keys[i].ID()) {
idx = i
break
}
}
if idx < 0 {
return State{}, ErrNoSuchKey
}
out := s.cloneForUpdate(&update)
out.Keys = append(out.Keys[:idx], out.Keys[idx+1:]...)
return out, nil
case AUMDisableNL:
// TODO(tom): We should handle this at a higher level than State.
if !s.checkDisablement(update.DisablementSecret) {
return State{}, errors.New("incorrect disablement secret")
}
// Valid disablement secret, lets reset
return State{}, nil
default:
// TODO(tom): Instead of erroring, update lastHash and
// continue (to preserve future compatibility).
return State{}, fmt.Errorf("unhandled message: %v", update.MessageKind)
}
}

@ -0,0 +1,252 @@
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package tka
import (
"bytes"
"encoding/hex"
"errors"
"testing"
"github.com/fxamacker/cbor/v2"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
)
func fromHex(in string) []byte {
out, err := hex.DecodeString(in)
if err != nil {
panic(err)
}
return out
}
func hashFromHex(in string) *AUMHash {
var out AUMHash
copy(out[:], fromHex(in))
return &out
}
func TestCloneState(t *testing.T) {
tcs := []struct {
Name string
State State
}{
{
"Empty",
State{},
},
{
"Key",
State{
Keys: []Key{{Kind: Key25519, Votes: 2, Public: []byte{5, 6, 7, 8}, Meta: map[string]string{"a": "b"}}},
},
},
{
"DisablementSecrets",
State{
DisablementSecrets: [][]byte{
{1, 2, 3, 4},
{5, 6, 7, 8},
},
},
},
}
for _, tc := range tcs {
t.Run(tc.Name, func(t *testing.T) {
if diff := cmp.Diff(tc.State, tc.State.Clone()); diff != "" {
t.Errorf("output state differs (-want, +got):\n%s", diff)
}
// Make sure the cloned State is the same even after
// an encode + decode into + from CBOR.
t.Run("cbor", func(t *testing.T) {
out := bytes.NewBuffer(nil)
encoder, err := cbor.CTAP2EncOptions().EncMode()
if err != nil {
t.Fatal(err)
}
if err := encoder.NewEncoder(out).Encode(tc.State.Clone()); err != nil {
t.Fatal(err)
}
var decodedState State
if err := cbor.Unmarshal(out.Bytes(), &decodedState); err != nil {
t.Fatalf("Unmarshal failed: %v", err)
}
if diff := cmp.Diff(tc.State, decodedState); diff != "" {
t.Errorf("decoded state differs (-want, +got):\n%s", diff)
}
})
})
}
}
func TestApplyUpdatesChain(t *testing.T) {
intOne := uint(1)
tcs := []struct {
Name string
Updates []AUM
Start State
End State
}{
{
"AddKey",
[]AUM{{MessageKind: AUMAddKey, Key: &Key{Kind: Key25519, Public: []byte{1, 2, 3, 4}}}},
State{},
State{
Keys: []Key{{Kind: Key25519, Public: []byte{1, 2, 3, 4}}},
LastAUMHash: hashFromHex("53898e4311d0b6087fcbb871563868a16c629d9267df851fcfa7b52b31d2bd03"),
},
},
{
"RemoveKey",
[]AUM{{MessageKind: AUMRemoveKey, KeyID: []byte{1, 2, 3, 4}, PrevAUMHash: fromHex("53898e4311d0b6087fcbb871563868a16c629d9267df851fcfa7b52b31d2bd03")}},
State{
Keys: []Key{{Kind: Key25519, Public: []byte{1, 2, 3, 4}}},
LastAUMHash: hashFromHex("53898e4311d0b6087fcbb871563868a16c629d9267df851fcfa7b52b31d2bd03"),
},
State{
LastAUMHash: hashFromHex("15d65756abfafbb592279503f40759898590c9c59056be1e2e9f02684c15ba4b"),
},
},
{
"UpdateKey",
[]AUM{{MessageKind: AUMUpdateKey, KeyID: []byte{1, 2, 3, 4}, Votes: &intOne, Meta: map[string]string{"a": "b"}, PrevAUMHash: fromHex("53898e4311d0b6087fcbb871563868a16c629d9267df851fcfa7b52b31d2bd03")}},
State{
Keys: []Key{{Kind: Key25519, Public: []byte{1, 2, 3, 4}}},
LastAUMHash: hashFromHex("53898e4311d0b6087fcbb871563868a16c629d9267df851fcfa7b52b31d2bd03"),
},
State{
LastAUMHash: hashFromHex("828fe04c16032cf3e0b021abca0b4d79924b0a18b2e627b308347aa87ce7c21c"),
Keys: []Key{{Kind: Key25519, Votes: 1, Meta: map[string]string{"a": "b"}, Public: []byte{1, 2, 3, 4}}},
},
},
{
"ChainedKeyUpdates",
[]AUM{
{MessageKind: AUMAddKey, Key: &Key{Kind: Key25519, Public: []byte{5, 6, 7, 8}}},
{MessageKind: AUMRemoveKey, KeyID: []byte{1, 2, 3, 4}, PrevAUMHash: fromHex("f09bda3bb7cf6756ea9adc25770aede4b3ca8142949d6ef5ca0add29af912fd4")},
},
State{
Keys: []Key{{Kind: Key25519, Public: []byte{1, 2, 3, 4}}},
},
State{
Keys: []Key{{Kind: Key25519, Public: []byte{5, 6, 7, 8}}},
LastAUMHash: hashFromHex("218165fe5f757304b9deaff4ac742890364f5f509e533c74e80e0ce35e44ee1d"),
},
},
{
"Disablement",
[]AUM{{MessageKind: AUMDisableNL, DisablementSecret: []byte{1, 2, 3, 4}, PrevAUMHash: fromHex("53898e4311d0b6087fcbb871563868a16c629d9267df851fcfa7b52b31d2bd03")}},
State{
DisablementSecrets: [][]byte{disablementKDF([]byte{1, 2, 3, 4})},
LastAUMHash: hashFromHex("53898e4311d0b6087fcbb871563868a16c629d9267df851fcfa7b52b31d2bd03"),
},
State{},
},
{
"Checkpoint",
[]AUM{
{MessageKind: AUMAddKey, Key: &Key{Kind: Key25519, Public: []byte{5, 6, 7, 8}}},
{MessageKind: AUMCheckpoint, State: &State{
Keys: []Key{{Kind: Key25519, Public: []byte{1, 2, 3, 4}}},
}, PrevAUMHash: fromHex("f09bda3bb7cf6756ea9adc25770aede4b3ca8142949d6ef5ca0add29af912fd4")},
},
State{DisablementSecrets: [][]byte{[]byte{1, 2, 3, 4}}},
State{
Keys: []Key{{Kind: Key25519, Public: []byte{1, 2, 3, 4}}},
LastAUMHash: hashFromHex("2e34f7e21883c35c8e34ec06e735f7ed8a14c3ceeb11ccb18fcbc11d51c8dabb"),
},
},
}
for _, tc := range tcs {
t.Run(tc.Name, func(t *testing.T) {
state := tc.Start
for i := range tc.Updates {
var err error
// t.Logf("update[%d] start-state = %+v", i, state)
state, err = state.applyVerifiedAUM(tc.Updates[i])
if err != nil {
t.Fatalf("Apply message[%d] failed: %v", i, err)
}
// t.Logf("update[%d] end-state = %+v", i, state)
updateHash := tc.Updates[i].Hash()
if tc.Updates[i].MessageKind != AUMDisableNL {
if got, want := *state.LastAUMHash, updateHash[:]; !bytes.Equal(got[:], want) {
t.Errorf("expected state.LastAUMHash = %x (update %d), got %x", want, i, got)
}
}
}
if diff := cmp.Diff(tc.End, state, cmpopts.EquateEmpty()); diff != "" {
t.Errorf("output state differs (+got, -want):\n%s", diff)
}
})
}
}
func TestApplyUpdateErrors(t *testing.T) {
tcs := []struct {
Name string
Updates []AUM
Start State
Error error
}{
{
"AddKey exists",
[]AUM{{MessageKind: AUMAddKey, Key: &Key{Kind: Key25519, Public: []byte{1, 2, 3, 4}}}},
State{Keys: []Key{{Kind: Key25519, Public: []byte{1, 2, 3, 4}}}},
errors.New("key already exists"),
},
{
"RemoveKey notfound",
[]AUM{{MessageKind: AUMRemoveKey, Key: &Key{Kind: Key25519, Public: []byte{1, 2, 3, 4}}}},
State{},
ErrNoSuchKey,
},
{
"UpdateKey notfound",
[]AUM{{MessageKind: AUMUpdateKey, KeyID: []byte{1}}},
State{},
ErrNoSuchKey,
},
{
"Bad lastAUMHash",
[]AUM{
{MessageKind: AUMAddKey, Key: &Key{Kind: Key25519, Public: []byte{5, 6, 7, 8}}},
{MessageKind: AUMRemoveKey, KeyID: []byte{1, 2, 3, 4}, PrevAUMHash: fromHex("1234")},
},
State{
Keys: []Key{{Kind: Key25519, Public: []byte{1, 2, 3, 4}}},
},
errors.New("parent AUMHash mismatch"),
},
}
for _, tc := range tcs {
t.Run(tc.Name, func(t *testing.T) {
state := tc.Start
for i := range tc.Updates {
var err error
// t.Logf("update[%d] start-state = %+v", i, state)
state, err = state.applyVerifiedAUM(tc.Updates[i])
if err != nil {
if err.Error() != tc.Error.Error() {
t.Errorf("state[%d].Err = %v, want %v", i, err, tc.Error)
} else {
return
}
}
// t.Logf("update[%d] end-state = %+v", i, state)
}
t.Errorf("did not error, expected %v", tc.Error)
})
}
}
Loading…
Cancel
Save