From 7ca17b6bdb66b9bae812dd2f5a8ccf978cdd395e Mon Sep 17 00:00:00 2001 From: Tom DNetto Date: Tue, 30 Aug 2022 11:30:09 -0700 Subject: [PATCH] tka: validate key after UpdateKey before applying state Signed-off-by: Tom DNetto --- tka/state.go | 5 +++-- tka/state_test.go | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tka/state.go b/tka/state.go index d25dc0d00..6bf55f2fb 100644 --- a/tka/state.go +++ b/tka/state.go @@ -29,8 +29,6 @@ type State struct { // DisablementSecrets are KDF-derived values which can be used // to turn off the TKA in the event of a consensus-breaking bug. - // An AUM of type DisableNL should contain a secret when results - // in one of these values when run through the disablement KDF. // // TODO(tom): This is an alpha feature, remove this mechanism once // we have confidence in our implementation. @@ -169,6 +167,9 @@ func (s State) applyVerifiedAUM(update AUM) (State, error) { if update.Meta != nil { k.Meta = update.Meta } + if err := k.StaticValidate(); err != nil { + return State{}, fmt.Errorf("updated key fails validation: %v", err) + } out := s.cloneForUpdate(&update) for i := range out.Keys { if bytes.Equal(out.Keys[i].ID(), update.KeyID) { diff --git a/tka/state_test.go b/tka/state_test.go index 85c9f9f7d..1ccddf38f 100644 --- a/tka/state_test.go +++ b/tka/state_test.go @@ -181,6 +181,7 @@ func TestApplyUpdatesChain(t *testing.T) { } func TestApplyUpdateErrors(t *testing.T) { + tooLargeVotes := uint(99999) tcs := []struct { Name string Updates []AUM @@ -205,6 +206,12 @@ func TestApplyUpdateErrors(t *testing.T) { State{}, ErrNoSuchKey, }, + { + "UpdateKey now fails validation", + []AUM{{MessageKind: AUMUpdateKey, KeyID: []byte{1}, Votes: &tooLargeVotes}}, + State{Keys: []Key{{Kind: Key25519, Public: []byte{1}}}}, + errors.New("updated key fails validation: excessive key weight: 99999 > 4096"), + }, { "Bad lastAUMHash", []AUM{