Skip to content
This repository has been archived by the owner on Feb 3, 2023. It is now read-only.

Commit

Permalink
sim2h: sign only Join message
Browse files Browse the repository at this point in the history
  • Loading branch information
zippy committed Jul 27, 2020
1 parent 6d8a267 commit e75bca1
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 13 deletions.
33 changes: 22 additions & 11 deletions crates/net/src/sim2h_worker.rs
Original file line number Diff line number Diff line change
Expand Up @@ -289,18 +289,29 @@ impl Sim2hWorker {
message, buffered_message.hash
);
let payload: String = message.clone().into();
let maybe_signature = self
.conductor_api
.execute(payload.clone(), CryptoMethod::Sign);
let signature = match maybe_signature {
Err(e) => {
error!(
"Couldn't sign wire message in sim2h worker: payload={}, error={:?}",
payload, e
);
return false;

// we only sign the JoinSpace message because afterwards the integrity of the
// connection will be guaranteed by the tls and encryption of the wss layer
let signature = match message {
WireMessage::ClientToLib3h(ht::EncodedSpanWrap {
data: ClientToLib3h::JoinSpace(_),
..
}) => {
let maybe_signature = self
.conductor_api
.execute(payload.clone(), CryptoMethod::Sign);
match maybe_signature {
Err(e) => {
error!(
"Couldn't sign wire message in sim2h worker: payload={}, error={:?}",
payload, e
);
return false;
}
Ok(sig) => sig,
}
}
Ok(sig) => sig,
_ => "".to_string(), // null signature
};
let payload: Opaque = payload.into();
let signed_wire_message = SignedWireMessage::new(
Expand Down
13 changes: 11 additions & 2 deletions crates/sim2h/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1352,14 +1352,23 @@ impl Sim2h {
let _m = sim2h_handle.metric_timer("sim2h-handle_payload");
match (|| -> Sim2hResult<(AgentId, WireMessage, WireMessage)> {
let signed_message = SignedWireMessage::try_from(payload.clone())?;
let result = signed_message.verify().unwrap();
let wire_message = WireMessage::try_from(signed_message.payload.clone())?;

// conductor only signs the JoinSpace message because afterwards the integrity of the
// connection will be guaranteed by the tls and encryption of the wss layer
let result = match wire_message {
WireMessage::ClientToLib3h(ht::EncodedSpanWrap {
data: ClientToLib3h::JoinSpace(_),
..
}) => signed_message.verify().unwrap(),
_ => true,
};
if !result {
return Err(VERIFY_FAILED_ERR_STR.into());
}
let agent_id: AgentId = signed_message.provenance.source().into();
let receipt = gen_receipt(&signed_message.payload);

let wire_message = WireMessage::try_from(signed_message.payload)?;
Ok((agent_id, wire_message, receipt))
})() {
Ok((source, wire_message, receipt)) => {
Expand Down

0 comments on commit e75bca1

Please sign in to comment.