Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: sign and verify hashed messages (sig fix stage 3) #1530

Merged
merged 2 commits into from
May 13, 2022
Merged

server: sign and verify hashed messages (sig fix stage 3) #1530

merged 2 commits into from
May 13, 2022

Conversation

chappjc
Copy link
Member

@chappjc chappjc commented Mar 17, 2022
edited
Loading

This is stage 3 of the signature message truncation fix plan outlined in #1526.

In these commits, server:

  1. Begins signing the hashed messages
  2. Stops recognizing the buggy signatures.

All clients must be running with the stage 2 fix in v0.4.3 before this change can be deployed.

In the next and final stage, the client drops support for truncated message signatures from the server running at this point.

@chappjc chappjc mentioned this pull request Mar 17, 2022
Merged
chappjc added 2 commits April 21, 2022 11:40
@chappjc
server/auth: sign msg hash
397bb2a 
This updates the server's AuthManager for the correct signature
creation and verification:
 - When verifying client signatures, only accept properly hashed
   messages.
 - When creating signatures, sign the hashed messages.

This requires the updated client that recognized both signature
types, as is the case since v0.4.2.
@chappjc
server/asset: drop support for truncated message sigs
0817990
@chappjc
Copy link
Member Author

chappjc commented Apr 21, 2022

With stage 1 of the fix in v0.4.2 and evidently deployed, and stage 2 merged onto release-v0.4 for an upcoming v0.4.3, this stage of the fix can get on 0.5 assuming there's gonna be time before 0.5 is released.

@chappjc chappjc marked this pull request as ready for review April 21, 2022 17:14
@chappjc chappjc added this to the 0.5 milestone Apr 23, 2022
@chappjc chappjc merged commit efd7c12 into decred:master May 13, 2022
@chappjc chappjc deleted the sig-fix-stage-3 branch May 13, 2022 00:22
@xaur xaur mentioned this pull request Oct 17, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@buck54321 buck54321 buck54321 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.5
Development

Successfully merging this pull request may close these issues.
2 participants
@chappjc @buck54321