Browse Source

Precautionary Panic

pull/18/head
Sarah Jamie Lewis 6 months ago
parent
commit
0150af69f0
2 changed files with 40 additions and 0 deletions
  1. +18
    -0
      applications/transcript_app.go
  2. +22
    -0
      applications/transcript_app_test.go

+ 18
- 0
applications/transcript_app.go View File

@@ -3,6 +3,7 @@ package applications
import (
"cwtch.im/tapir"
"cwtch.im/tapir/primitives/core"
"git.openprivacy.ca/openprivacy/log"
)

// TranscriptApp defines a Tapir Meta-App which provides a global cryptographic transcript
@@ -18,6 +19,9 @@ func (TranscriptApp) NewInstance() tapir.Application {

// Init initializes the cryptographic transcript
func (ta *TranscriptApp) Init(connection tapir.Connection) {
if ta.transcript != nil {
ta.panic()
}
ta.transcript = core.NewTranscript("tapir-transcript")
}

@@ -28,5 +32,19 @@ func (ta *TranscriptApp) Transcript() *core.Transcript {

// PropagateTranscript overrides the default transcript and propagates a transcript from a previous session
func (ta *TranscriptApp) PropagateTranscript(transcript *core.Transcript) {
if ta.transcript != nil {
ta.panic()
}
ta.transcript = transcript
}

func (ta *TranscriptApp) panic() {
// Note: if this is ever happens it is a critical application bug
// This will prevent a misuse of application chains that cause an earlier
// transcript to be overwritten. Since we expect the security of many higher level applications
// to be reliant on the randomness provided by the transcript we want to be actively hostile to any potential
// misuse.
log.Errorf("apps should not attempt to intitalize or overwrite a transcript once one has been initialized - this is a CRITICAL bug and so we have safely crashed")
// We could silently fail to do anything here, but that is likely more dangerous in the long run...
panic("apps should not attempt to intitalize or overwrite a transcript a transcript once one has been initialized - this is a CRITICAL bug and so we have safely crashed")
}

+ 22
- 0
applications/transcript_app_test.go View File

@@ -0,0 +1,22 @@
package applications

import "testing"

func TestTranscriptApp(t *testing.T) {
ta := new(TranscriptApp)
ta.Init(MockConnection{})
ta.Transcript().NewProtocol("test")
ta.transcript.CommitToTranscript("test-commit")
t.Logf(ta.Transcript().OutputTranscriptToAudit())

// Now we test panic'ing....
defer func() {
if r := recover(); r == nil {
t.Errorf("The code did not panic - it definitely should have")
}
}()

// Attempt to reinitialized the transcript, apps should *never* do this and we want to be hostile to that
// behaviour
ta.Init(MockConnection{})
}

Loading…
Cancel
Save