feat: verify all p2p messages #958
Conversation
djordon
added
the
signer communication
|
So I guess I'm mostly curious if we feel we need this? We already have Strict message validation enabled in the gossipsub config so all messages are already signed using the signer's pubkey (now that we use the signers' keys for identity) and verified at receipt/propagation. More info here: https://github.com/libp2p/specs/blob/master/pubsub%2FREADME.md |
No we don't, not strictly speaking at least. We have multiple layers of security: one or two at the networking layer, another with WSTS checks, validation of bitcoin and stacks transactions, trusted peers, and so on. But I think it's best to go with a "defense in depth" approach (other bitcoin bridges do this too). So I'm for a simple change like this for that reason. But AR also flagged missing integrity checks on our messages (in #517) so I think we should care that we sign our entire messages on top of the networking layer. And if we care about signing the entire message, we should verify them as well. |
ProtoSerializable for SignerMessage
Serialize/Deserialize implementations
djordon
force-pushed
the
517-add-integrity-protection-for-all-messages
branch
from
295735b to
98c1d84
Compare
|
I'm going to add one more test here but this is good to review now. |
be able to recover it later.
Description
Closes #995.
We now verify all network messages, not just the WSTS ones.
Changes
Testing Information
This PR adds tests that check that we can upgrade protobufs and things can be decoded and verified. Maybe we should add another test that improperly signed messages are rejected.
Checklist: