roughtime
roughtime copied to clipboard
cloudflare
`Chain.Verify()` fails with mixture of Roughtime versions
To reproduce:
Start a couple of Roughtime servers:
$ go run ./cmd/testserver -addr 127.0.0.1:2002
main.go:64: Root public key: sm2tho24GOkdU26vpQInrruJKumCEDLCVHTArPBPqDY=
go run ./cmd/testserver -addr 127.0.0.1:2003
main.go:64: Root public key: bPDagpXQCofeGLeu8GwrX2CQ5Udy8rk1ziiFJGowZIw=
Then create a configuration file for which the client will try IETF-Roughitme for one server but not the other:
{
"servers": [
{
"name": "server1",
"version": "IETF-Roughtime",
"publicKeyType": "ed25519",
"publicKey": "sm2tho24GOkdU26vpQInrruJKumCEDLCVHTArPBPqDY=",
"addresses": [
{
"protocol": "udp",
"address": "127.0.0.1:2002"
}
]
},
{
"name": "server2",
"publicKeyType": "ed25519",
"publicKey": "bPDagpXQCofeGLeu8GwrX2CQ5Udy8rk1ziiFJGowZIw=",
"addresses": [
{
"protocol": "udp",
"address": "127.0.0.1:2003"
}
]
}
]
}
Finally, test this as follows:
package main
import (
"testing"
"github.com/cloudflare/roughtime/client"
)
func TestRoughtimeServer(t *testing.T) {
results, err := client.DoFromFile("devdata/config/client.config", client.DefaultQueryAttempts, client.DefaultQueryTimeout, nil)
if err != nil {
t.Fatal(err)
}
chain := client.NewChain(results)
if chain == nil {
t.Fatal("chain == nil, want chin != nil")
}
ok, err := chain.Verify(nil)
if err != nil {
t.Errorf("verification fails: %s", err)
} else if !ok {
t.Error("chain not valid, want valid")
}
}
You should see something like:
$ go test client_test.go
--- FAIL: TestRoughtimeServer (0.00s)
client_test.go:24: verification fails: missing VER tag
FAIL
FAIL command-line-arguments 0.407s
FAIL
It seems to me that it should be valid to chain together signed timestamps across versions, but this requires a bit of thought.
