tka: validate key after UpdateKey before applying state

Signed-off-by: Tom DNetto <tom@tailscale.com>
pull/5506/head
Tom DNetto 2 years ago committed by Tom
parent e945d87d76
commit 7ca17b6bdb

@ -29,8 +29,6 @@ type State struct {
// DisablementSecrets are KDF-derived values which can be used
// to turn off the TKA in the event of a consensus-breaking bug.
// An AUM of type DisableNL should contain a secret when results
// in one of these values when run through the disablement KDF.
//
// TODO(tom): This is an alpha feature, remove this mechanism once
// we have confidence in our implementation.
@ -169,6 +167,9 @@ func (s State) applyVerifiedAUM(update AUM) (State, error) {
if update.Meta != nil {
k.Meta = update.Meta
}
if err := k.StaticValidate(); err != nil {
return State{}, fmt.Errorf("updated key fails validation: %v", err)
}
out := s.cloneForUpdate(&update)
for i := range out.Keys {
if bytes.Equal(out.Keys[i].ID(), update.KeyID) {

@ -181,6 +181,7 @@ func TestApplyUpdatesChain(t *testing.T) {
}
func TestApplyUpdateErrors(t *testing.T) {
tooLargeVotes := uint(99999)
tcs := []struct {
Name string
Updates []AUM
@ -205,6 +206,12 @@ func TestApplyUpdateErrors(t *testing.T) {
State{},
ErrNoSuchKey,
},
{
"UpdateKey now fails validation",
[]AUM{{MessageKind: AUMUpdateKey, KeyID: []byte{1}, Votes: &tooLargeVotes}},
State{Keys: []Key{{Kind: Key25519, Public: []byte{1}}}},
errors.New("updated key fails validation: excessive key weight: 99999 > 4096"),
},
{
"Bad lastAUMHash",
[]AUM{

Loading…
Cancel
Save