Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(comms)!: commit to public key and nonce in identity sig #3928

Merged
merged 5 commits into from
May 24, 2022
Merged

fix(comms)!: commit to public key and nonce in identity sig #3928

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7ed0a86
fix(comms)!: commit to public key and nonce in identity sig
sdbondi Mar 18, 2022
4d801d0
Merge branch 'development' into comms-identity-signature-security
sdbondi May 3, 2022
1314ff7
Merge branch 'development' into comms-identity-signature-security
sdbondi May 4, 2022
7d0c860
fix clippies
sdbondi May 4, 2022
6708c9b
Merge branch 'development' into comms-identity-signature-security
aviator-app[bot] May 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 26 additions & 6 deletions comms/core/src/peer_manager/identity_signature.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ use digest::Digest;
use prost::Message;
use rand::rngs::OsRng;
use serde::{Deserialize, Serialize};
use tari_crypto::keys::SecretKey;
use tari_crypto::keys::PublicKey as PublicKeyTrait;
use tari_utilities::ByteArray;

use crate::{
Expand Down Expand Up @@ -64,9 +64,17 @@ impl IdentitySignature {
addresses: I,
updated_at: DateTime<Utc>,
) -> Self {
let challenge = Self::construct_challenge(Self::LATEST_VERSION, features, addresses, updated_at);
let nonce = CommsSecretKey::random(&mut OsRng);
let signature = Signature::sign(secret_key.clone(), nonce, &challenge.finalize())
let public_key = CommsPublicKey::from_secret_key(secret_key);
let (secret_nonce, public_nonce) = CommsPublicKey::random_keypair(&mut OsRng);
let challenge = Self::construct_challenge(
&public_key,
&public_nonce,
Self::LATEST_VERSION,
features,
addresses,
updated_at,
);
let signature = Signature::sign(secret_key.clone(), secret_nonce, &challenge.finalize())
.expect("unreachable panic: challenge hash digest is the correct length");
Self {
version: Self::LATEST_VERSION,
Expand Down Expand Up @@ -110,17 +118,29 @@ impl IdentitySignature {
return false;
}

let challenge = Self::construct_challenge(self.version, features, addresses, self.updated_at);
let challenge = Self::construct_challenge(
public_key,
self.signature.get_public_nonce(),
self.version,
features,
addresses,
self.updated_at,
);
self.signature.verify_challenge(public_key, &challenge.finalize())
}

fn construct_challenge<'a, I: IntoIterator<Item = &'a Multiaddr>>(
public_key: &CommsPublicKey,
public_nonce: &CommsPublicKey,
version: u8,
features: PeerFeatures,
addresses: I,
updated_at: DateTime<Utc>,
) -> Challenge {
// e = H(P||R||m)
let challenge = Challenge::new()
.chain(public_key.as_bytes())
.chain(public_nonce.as_bytes())
.chain(version.to_le_bytes())
.chain(u64::try_from(updated_at.timestamp()).unwrap().to_le_bytes())
.chain(features.bits().to_le_bytes());
Expand Down Expand Up @@ -177,7 +197,7 @@ impl From<&IdentitySignature> for proto::identity::IdentitySignature {
mod test {
use std::str::FromStr;

use tari_crypto::keys::PublicKey;
use tari_crypto::keys::{PublicKey, SecretKey};

use super::*;
use crate::peer_manager::{NodeId, PeerFlags};
Expand Down