Precautionary Panic #18
|
@ -3,6 +3,7 @@ package applications
|
|||
import (
|
||||
"cwtch.im/tapir"
|
||||
"cwtch.im/tapir/primitives/core"
|
||||
"git.openprivacy.ca/openprivacy/log"
|
||||
)
|
||||
|
||||
// TranscriptApp defines a Tapir Meta-App which provides a global cryptographic transcript
|
||||
|
@ -18,6 +19,9 @@ func (TranscriptApp) NewInstance() tapir.Application {
|
|||
|
||||
// Init initializes the cryptographic transcript
|
||||
func (ta *TranscriptApp) Init(connection tapir.Connection) {
|
||||
if ta.transcript != nil {
|
||||
ta.panic()
|
||||
}
|
||||
ta.transcript = core.NewTranscript("tapir-transcript")
|
||||
}
|
||||
|
||||
|
@ -28,5 +32,19 @@ func (ta *TranscriptApp) Transcript() *core.Transcript {
|
|||
|
||||
// PropagateTranscript overrides the default transcript and propagates a transcript from a previous session
|
||||
func (ta *TranscriptApp) PropagateTranscript(transcript *core.Transcript) {
|
||||
if ta.transcript != nil {
|
||||
ta.panic()
|
||||
}
|
||||
ta.transcript = transcript
|
||||
}
|
||||
|
||||
func (ta *TranscriptApp) panic() {
|
||||
// Note: if this is ever happens it is a critical application bug
|
||||
// This will prevent a misuse of application chains that cause an earlier
|
||||
// transcript to be overwritten. Since we expect the security of many higher level applications
|
||||
// to be reliant on the randomness provided by the transcript we want to be actively hostile to any potential
|
||||
// misuse.
|
||||
log.Errorf("apps should not attempt to intitalize or overwrite a transcript once one has been initialized - this is a CRITICAL bug and so we have safely crashed")
|
||||
// We could silently fail to do anything here, but that is likely more dangerous in the long run...
|
||||
panic("apps should not attempt to intitalize or overwrite a transcript a transcript once one has been initialized - this is a CRITICAL bug and so we have safely crashed")
|
||||
}
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
package applications
|
||||
|
||||
import "testing"
|
||||
|
||||
func TestTranscriptApp(t *testing.T) {
|
||||
ta := new(TranscriptApp)
|
||||
ta.Init(MockConnection{})
|
||||
ta.Transcript().NewProtocol("test")
|
||||
ta.transcript.CommitToTranscript("test-commit")
|
||||
t.Logf(ta.Transcript().OutputTranscriptToAudit())
|
||||
|
||||
// Now we test panic'ing....
|
||||
defer func() {
|
||||
if r := recover(); r == nil {
|
||||
t.Errorf("The code did not panic - it definitely should have")
|
||||
}
|
||||
}()
|
||||
|
||||
// Attempt to reinitialized the transcript, apps should *never* do this and we want to be hostile to that
|
||||
// behaviour
|
||||
ta.Init(MockConnection{})
|
||||
}
|
Loading…
Reference in New Issue