Skip to content

Commit 7a20cc9

Browse files
yacovmyacovm
committed
[FAB-1898] Abort on signature creation failure
The gossip layer uses the local MSP to sign messages. This may fail, and if the local MSP fails to sign a message, this is irrecoverable, and we should abort and the peer needs to be fixed. Change-Id: I055c5b329b47f6fc0767b652fd257681c8275264 Signed-off-by: Yacov Manevich <[email protected]>
1 parent bb41bbc commit 7a20cc9

File tree

2 files changed

+9
-5
lines changed

2 files changed

+9
-5
lines changed

gossip/comm/comm_impl.go

+6-3
Original file line numberDiff line numberDiff line change
@@ -405,7 +405,7 @@ func (c *commImpl) authenticateRemotePeer(stream stream) (common.PKIidType, erro
405405
}
406406
}
407407

408-
cMsg = createConnectionMsg(c.PKIID, c.selfCertHash, c.peerIdentity, signer)
408+
cMsg = c.createConnectionMsg(c.PKIID, c.selfCertHash, c.peerIdentity, signer)
409409

410410
c.logger.Debug("Sending", cMsg, "to", remoteAddress)
411411
stream.Send(cMsg)
@@ -528,7 +528,7 @@ func readWithTimeout(stream interface{}, timeout time.Duration) *proto.GossipMes
528528
}
529529
}
530530

531-
func createConnectionMsg(pkiID common.PKIidType, hash []byte, cert api.PeerIdentityType, signer proto.Signer) *proto.GossipMessage {
531+
func (c *commImpl) createConnectionMsg(pkiID common.PKIidType, hash []byte, cert api.PeerIdentityType, signer proto.Signer) *proto.GossipMessage {
532532
m := &proto.GossipMessage{
533533
Tag: proto.GossipMessage_EMPTY,
534534
Nonce: 0,
@@ -540,7 +540,10 @@ func createConnectionMsg(pkiID common.PKIidType, hash []byte, cert api.PeerIdent
540540
},
541541
},
542542
}
543-
m.Sign(signer)
543+
if err := m.Sign(signer); err != nil {
544+
c.logger.Panicf("Gossip failed to sign a message using the peer identity.\n Halting execution.\nActual error: %v", err)
545+
}
546+
544547
return m
545548
}
546549

gossip/comm/comm_test.go

+3-2
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,7 @@ func newCommInstance(port int, sec api.MessageCryptoService) (Comm, error) {
9595
}
9696

9797
func handshaker(endpoint string, comm Comm, t *testing.T, sigMutator func([]byte) []byte, pkiIDmutator func([]byte) []byte) <-chan ReceivedMessage {
98+
c := &commImpl{}
9899
err := generateCertificates("key.pem", "cert.pem")
99100
defer os.Remove("cert.pem")
100101
defer os.Remove("key.pem")
@@ -122,7 +123,7 @@ func handshaker(endpoint string, comm Comm, t *testing.T, sigMutator func([]byte
122123
pkiID = common.PKIidType(pkiIDmutator([]byte(endpoint)))
123124
}
124125
assert.NoError(t, err, "%v", err)
125-
msg := createConnectionMsg(pkiID, clientCertHash, []byte(endpoint), func(msg []byte) ([]byte, error) {
126+
msg := c.createConnectionMsg(pkiID, clientCertHash, []byte(endpoint), func(msg []byte) ([]byte, error) {
126127
return msg, nil
127128
})
128129

@@ -135,7 +136,7 @@ func handshaker(endpoint string, comm Comm, t *testing.T, sigMutator func([]byte
135136
assert.NoError(t, err, "%v", err)
136137
if sigMutator == nil {
137138
hash := extractCertificateHashFromContext(stream.Context())
138-
expectedMsg := createConnectionMsg(common.PKIidType("localhost:9611"), hash, []byte("localhost:9611"), func(msg []byte) ([]byte, error) {
139+
expectedMsg := c.createConnectionMsg(common.PKIidType("localhost:9611"), hash, []byte("localhost:9611"), func(msg []byte) ([]byte, error) {
139140
return msg, nil
140141
})
141142
assert.Equal(t, expectedMsg.Signature, msg.Signature)

0 commit comments

Comments
 (0)