Skip to content

Commit 3609ea6

Browse files
fredofredo
committed
check order of keys unconditionally
1 parent 6943d92 commit 3609ea6

File tree

1 file changed

+9
-7
lines changed
  • rolling-shutter/keyper/epochkghandler

1 file changed

+9
-7
lines changed

rolling-shutter/keyper/epochkghandler/key.go

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,16 +3,18 @@ package epochkghandler
33
import (
44
"bytes"
55
"context"
6+
67
"github.com/jackc/pgx/v4"
78
"github.com/jackc/pgx/v4/pgxpool"
89
pubsub "github.com/libp2p/go-libp2p-pubsub"
910
"github.com/pkg/errors"
1011
"github.com/rs/zerolog/log"
11-
"github.com/shutter-network/rolling-shutter/rolling-shutter/medley"
12+
1213
"github.com/shutter-network/shutter/shlib/puredkg"
1314
"github.com/shutter-network/shutter/shlib/shcrypto"
1415

1516
"github.com/shutter-network/rolling-shutter/rolling-shutter/keyper/database"
17+
"github.com/shutter-network/rolling-shutter/rolling-shutter/medley"
1618
"github.com/shutter-network/rolling-shutter/rolling-shutter/p2p"
1719
"github.com/shutter-network/rolling-shutter/rolling-shutter/p2pmsg"
1820
"github.com/shutter-network/rolling-shutter/rolling-shutter/shdb"
@@ -85,12 +87,15 @@ func (handler *DecryptionKeyHandler) ValidateMessage(ctx context.Context, msg p2
8587
}
8688

8789
func checkKeysErrors(ctx context.Context, decryptionKeys *p2pmsg.DecryptionKeys, pureDKGResult *puredkg.Result, queries *database.Queries) (pubsub.ValidationResult, error) {
88-
8990
for i, k := range decryptionKeys.Keys {
9091
epochSecretKey, err := k.GetEpochSecretKey()
9192
if err != nil {
9293
return pubsub.ValidationReject, err
9394
}
95+
if i > 0 && bytes.Compare(k.Identity, decryptionKeys.Keys[i-1].Identity) < 0 {
96+
return pubsub.ValidationReject, errors.Errorf("keys not ordered")
97+
}
98+
9499
eon, err := medley.Uint64ToInt64Safe(decryptionKeys.Eon)
95100
if err != nil {
96101
return pubsub.ValidationReject, errors.Wrapf(err, "overflow error while converting eon to int64 %d", decryptionKeys.Eon)
@@ -102,20 +107,17 @@ func checkKeysErrors(ctx context.Context, decryptionKeys *p2pmsg.DecryptionKeys,
102107
if err != nil && !errors.Is(err, pgx.ErrNoRows) {
103108
return pubsub.ValidationReject, errors.Wrapf(err, "failed to get decryption key for identity %x from db", k.Identity)
104109
}
105-
if bytes.Equal(k.Key, existingDecryptionKey.DecryptionKey) {
110+
if !errors.Is(err, pgx.ErrNoRows) && bytes.Equal(k.Key, existingDecryptionKey.DecryptionKey) {
106111
continue
107112
}
113+
108114
ok, err := shcrypto.VerifyEpochSecretKey(epochSecretKey, pureDKGResult.PublicKey, k.Identity)
109115
if err != nil {
110116
return pubsub.ValidationReject, errors.Wrapf(err, "error while checking epoch secret key for identity %x", k.Identity)
111117
}
112118
if !ok {
113119
return pubsub.ValidationReject, errors.Errorf("epoch secret key for identity %x is not valid", k.Identity)
114120
}
115-
116-
if i > 0 && bytes.Compare(k.Identity, decryptionKeys.Keys[i-1].Identity) < 0 {
117-
return pubsub.ValidationReject, errors.Errorf("keys not ordered")
118-
}
119121
}
120122
return pubsub.ValidationAccept, nil
121123
}

0 commit comments

Comments
 (0)