moved all node cert handling into the optional code and made it only attempt...

moved all node cert handling into the optional code and made it only attempt to register with a node twice

moved all node cert handling into the optional code and made it only attempt...
ec627a0f · benjamin · a260340f · ec627a0f · ec627a0f · ec627a0f
Commit ec627a0f authored 2 years ago by benjamin
--- a/cmix/nodes/registrar.go
+++ b/cmix/nodes/registrar.go
@@ -24,15 +24,15 @@ import (
 )
 const InputChanLen = 1000
-const maxAttempts = 5
+const maxAttempts = 2
 // Backoff for attempting to register with a cMix node.
 var delayTable = [5]time.Duration{
 	0,
-	5 * time.Second,
 	30 * time.Second,
 	60 * time.Second,
 	120 * time.Second,
+	240 * time.Second,
 }
 // registrar is an implementation of the Registrar interface.

--- a/cmix/nodes/request.go
+++ b/cmix/nodes/request.go
@@ -26,7 +26,6 @@ import (
 	"gitlab.com/xx_network/crypto/chacha"
 	"gitlab.com/xx_network/crypto/csprng"
 	"gitlab.com/xx_network/crypto/signature/rsa"
-	"gitlab.com/xx_network/crypto/tls"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
 )
@@ -170,22 +169,8 @@ func processRequestResponse(signedKeyResponse *pb.SignedKeyResponse,
 	h.Write(signedKeyResponse.KeyResponse)
 	hashedResponse := h.Sum(nil)
-	// Load nodes certificate
-	gatewayCert, err := tls.LoadCertificate(ngw.Gateway.TlsCertificate)
-	if err != nil {
-		return nil, nil, 0,
-			errors.Errorf("Unable to load nodes's certificate: %+v", err)
-	}
-	// Extract public key
-	nodePubKey, err := tls.ExtractPublicKey(gatewayCert)
-	if err != nil {
-		return nil, nil, 0,
-			errors.Errorf("Unable to load node's public key: %v", err)
-	}
 	// Verify the response signature
-	err = verifyNodeSignature(nodePubKey, opts.Hash, hashedResponse,
+	err := verifyNodeSignature(ngw.Gateway.TlsCertificate, opts.Hash, hashedResponse,
 		signedKeyResponse.KeyResponseSignedByGateway.Signature, opts)
 	if err != nil {
 		return nil, nil, 0,

--- a/cmix/nodes/verifyNodeSig.go
+++ b/cmix/nodes/verifyNodeSig.go
@@ -11,12 +11,27 @@ package nodes
 import (
 	"crypto"
+	"github.com/pkg/errors"
+	"gitlab.com/xx_network/crypto/tls"
 	"gitlab.com/xx_network/crypto/signature/rsa"
 )
-func verifyNodeSignature(pub *rsa.PublicKey, hash crypto.Hash,
+func verifyNodeSignature(certContents string, hash crypto.Hash,
 	hashed []byte, sig []byte, opts *rsa.Options) error {
+	// Load nodes certificate
+	gatewayCert, err := tls.LoadCertificate(certContents)
+	if err != nil {
+		return errors.Errorf("Unable to load nodes's certificate: %+v", err)
+	}
+	// Extract public key
+	nodePubKey, err := tls.ExtractPublicKey(gatewayCert)
+	if err != nil {
+		return errors.Errorf("Unable to load node's public key: %v", err)
+	}
 	// Verify the response signature
-	return rsa.Verify(pub, hash, hashed, sig, opts)
+	return rsa.Verify(nodePubKey, hash, hashed, sig, opts)
 }
--- a/cmix/nodes/verifyNodeSig_js.go
+++ b/cmix/nodes/verifyNodeSig_js.go
@@ -16,7 +16,7 @@ import (
 	"gitlab.com/xx_network/crypto/signature/rsa"
 )
-func verifyNodeSignature(pub *rsa.PublicKey, hash crypto.Hash,
+func verifyNodeSignature(pub string, hash crypto.Hash,
 	hashed []byte, sig []byte, opts *rsa.Options) error {
 	jww.WARN.Printf("node signature checking disabled for wasm")
 	return nil