cwtch.im
/
tapir
5
3
Fork 2
Code Issues 2 Pull Requests Releases 43 Wiki Activity
Browse Source

Merge pull request 'Precautionary Panic' (#18) from upgrade-connectivity into master
the build was successful
Details

metrics
Dan Ballard 2 years ago
parent
1de3a9a83a 0150af69f0
commit
960c61abf5
2 changed files with 40 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      applications/transcript_app.go
  2. 22
      applications/transcript_app_test.go

18
applications/transcript_app.go
View File

@ -3,6 +3,7 @@ package applications
import (
"cwtch.im/tapir"
"cwtch.im/tapir/primitives/core"
"git.openprivacy.ca/openprivacy/log"
)
// TranscriptApp defines a Tapir Meta-App which provides a global cryptographic transcript
@ -18,6 +19,9 @@ func (TranscriptApp) NewInstance() tapir.Application {
// Init initializes the cryptographic transcript
func (ta *TranscriptApp) Init(connection tapir.Connection) {
if ta.transcript != nil {
ta.panic()
}
ta.transcript = core.NewTranscript("tapir-transcript")
}
@ -28,5 +32,19 @@ func (ta *TranscriptApp) Transcript() *core.Transcript {
// PropagateTranscript overrides the default transcript and propagates a transcript from a previous session
func (ta *TranscriptApp) PropagateTranscript(transcript *core.Transcript) {
if ta.transcript != nil {
ta.panic()
}
ta.transcript = transcript
}
func (ta *TranscriptApp) panic() {
// Note: if this is ever happens it is a critical application bug
// This will prevent a misuse of application chains that cause an earlier
// transcript to be overwritten. Since we expect the security of many higher level applications
// to be reliant on the randomness provided by the transcript we want to be actively hostile to any potential
// misuse.
log.Errorf("apps should not attempt to intitalize or overwrite a transcript once one has been initialized - this is a CRITICAL bug and so we have safely crashed")
// We could silently fail to do anything here, but that is likely more dangerous in the long run...
panic("apps should not attempt to intitalize or overwrite a transcript a transcript once one has been initialized - this is a CRITICAL bug and so we have safely crashed")
}

22
applications/transcript_app_test.go
View File

@ -0,0 +1,22 @@
package applications
import "testing"
func TestTranscriptApp(t *testing.T) {
ta := new(TranscriptApp)
ta.Init(MockConnection{})
ta.Transcript().NewProtocol("test")
ta.transcript.CommitToTranscript("test-commit")
t.Logf(ta.Transcript().OutputTranscriptToAudit())
// Now we test panic'ing....
defer func() {
if r := recover(); r == nil {
t.Errorf("The code did not panic - it definitely should have")
}
}()
// Attempt to reinitialized the transcript, apps should *never* do this and we want to be hostile to that
// behaviour
ta.Init(MockConnection{})
}
Write Preview
Loading…
Cancel
Save