From 25350d020fa461813cbbe325e61ad63e2f16de2e Mon Sep 17 00:00:00 2001 From: Zoe Gong Date: Wed, 27 Nov 2024 00:58:10 +0000 Subject: [PATCH] Make BlobId::MAX equal to u128::MAX. The range end is exclusive, so the last range end should be u128::MAX. A blob ID of BlobId::MAX will be rejected by the range-based ledger, but it's still a valid blob ID. Change-Id: I6f17c0defa5523f55dc8a0dbaf72f0e905c02866 --- ledger_service/src/blobid.rs | 2 +- ledger_service/src/lib.rs | 72 +----------------------------------- 2 files changed, 3 insertions(+), 71 deletions(-) diff --git a/ledger_service/src/blobid.rs b/ledger_service/src/blobid.rs index 85700ad..f04e1c9 100644 --- a/ledger_service/src/blobid.rs +++ b/ledger_service/src/blobid.rs @@ -25,7 +25,7 @@ pub struct BlobId { impl BlobId { pub const MIN: BlobId = BlobId { id: u128::MIN }; - pub const MAX: BlobId = BlobId { id: u128::MAX - 1 }; + pub const MAX: BlobId = BlobId { id: u128::MAX }; pub fn from_bytes(s: &[u8]) -> Result { if s.len() > BLOB_ID_SIZE { diff --git a/ledger_service/src/lib.rs b/ledger_service/src/lib.rs index 66c7754..23d5921 100644 --- a/ledger_service/src/lib.rs +++ b/ledger_service/src/lib.rs @@ -427,12 +427,6 @@ impl LedgerService { format!("Invalid range end `blob_id` err:{:?}", err), ) })?; - if start < BlobId::MIN || end > BlobId::MAX { - return Err(micro_rpc::Status::new_with_message( - micro_rpc::StatusCode::InvalidArgument, - format!("blob_range must be strictly between [BlobId::MIN, BlobId::MAX)."), - )); - } BlobRange { start, end } } None => { @@ -455,10 +449,10 @@ impl LedgerService { format!("Invalid `blob_id`: {:?}", err), ) })?; - if blob_id < BlobId::MIN || blob_id > BlobId::MAX { + if blob_id == BlobId::MAX { return Err(micro_rpc::Status::new_with_message( micro_rpc::StatusCode::InvalidArgument, - format!("blob_range must be strictly between [BlobId::MIN, BlobId::MAX)."), + format!("blob_id must be strictly between [BlobId::MIN, BlobId::MAX)."), )); } BlobRange { start: blob_id.clone(), end: blob_id.add_one() } @@ -1404,68 +1398,6 @@ mod tests { ); } - #[test] - fn test_authorize_access_invalid_range() { - let (mut ledger, public_key) = create_ledger_service(); - let cose_key = extract_key_from_cwt(&public_key).unwrap(); - - // Define an access policy that grants access. - let recipient_tag = "tag"; - let access_policy = DataAccessPolicy { - transforms: vec![Transform { - application: Some(ApplicationMatcher { - tag: Some(recipient_tag.to_owned()), - ..Default::default() - }), - ..Default::default() - }], - ..Default::default() - } - .encode_to_vec(); - - // Construct multiple client messages - let plaintext = b"plaintext"; - let mut blob_metadata = Vec::with_capacity(4); - let recipient_nonce: &[u8] = b"nonce"; - for i in 0..4 { - let blob_header = BlobHeader { - blob_id: BlobId::from(i as u128).to_vec(), - key_id: cose_key.key_id.clone(), - access_policy_sha256: Sha256::digest(&access_policy).to_vec(), - ..Default::default() - } - .encode_to_vec(); - - let (_, encapsulated_key, encrypted_symmetric_key) = - cfc_crypto::encrypt_message(plaintext, &cose_key, &blob_header).unwrap(); - - blob_metadata.push(BlobMetadata { - blob_header: blob_header.clone(), - encapsulated_key, - encrypted_symmetric_key, - recipient_nonce: recipient_nonce.to_vec(), - }); - } - - // Request access. - let (_, recipient_public_key) = cfc_crypto::gen_keypair(b"key-id"); - assert_err!( - ledger.authorize_access(AuthorizeAccessRequest { - access_policy, - recipient_public_key: create_recipient_cwt(recipient_public_key), - recipient_tag: recipient_tag.to_owned(), - blob_metadata, - blob_range: Some(Range { - start: BlobId::from(0).to_vec(), - end: BlobId::MAX.add_one().to_vec(), - }), - ..Default::default() - }), - micro_rpc::StatusCode::InvalidArgument, - "blob_range must be strictly between [BlobId::MIN, BlobId::MAX)." - ); - } - #[test] fn test_authorize_access_duplicate_blob_ids() { let (mut ledger, public_key) = create_ledger_service();