From ec627a0f972d7d4b3e4f4feb978bdbe28ba8f318 Mon Sep 17 00:00:00 2001
From: benjamin <ben@elixxir.io>
Date: Thu, 20 Oct 2022 12:33:28 -0700
Subject: [PATCH] moved all node cert handling into the optional code and made
 it only attempt to register with a node twice

---
 cmix/nodes/registrar.go        |  4 ++--
 cmix/nodes/request.go          | 17 +----------------
 cmix/nodes/verifyNodeSig.go    | 19 +++++++++++++++++--
 cmix/nodes/verifyNodeSig_js.go |  2 +-
 4 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/cmix/nodes/registrar.go b/cmix/nodes/registrar.go
index dc61852f1..5ca5f108d 100644
--- a/cmix/nodes/registrar.go
+++ b/cmix/nodes/registrar.go
@@ -24,15 +24,15 @@ import (
 )
 
 const InputChanLen = 1000
-const maxAttempts = 5
+const maxAttempts = 2
 
 // Backoff for attempting to register with a cMix node.
 var delayTable = [5]time.Duration{
 	0,
-	5 * time.Second,
 	30 * time.Second,
 	60 * time.Second,
 	120 * time.Second,
+	240 * time.Second,
 }
 
 // registrar is an implementation of the Registrar interface.
diff --git a/cmix/nodes/request.go b/cmix/nodes/request.go
index 281b9a119..455a0e383 100644
--- a/cmix/nodes/request.go
+++ b/cmix/nodes/request.go
@@ -26,7 +26,6 @@ import (
 	"gitlab.com/xx_network/crypto/chacha"
 	"gitlab.com/xx_network/crypto/csprng"
 	"gitlab.com/xx_network/crypto/signature/rsa"
-	"gitlab.com/xx_network/crypto/tls"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
 )
@@ -170,22 +169,8 @@ func processRequestResponse(signedKeyResponse *pb.SignedKeyResponse,
 	h.Write(signedKeyResponse.KeyResponse)
 	hashedResponse := h.Sum(nil)
 
-	// Load nodes certificate
-	gatewayCert, err := tls.LoadCertificate(ngw.Gateway.TlsCertificate)
-	if err != nil {
-		return nil, nil, 0,
-			errors.Errorf("Unable to load nodes's certificate: %+v", err)
-	}
-
-	// Extract public key
-	nodePubKey, err := tls.ExtractPublicKey(gatewayCert)
-	if err != nil {
-		return nil, nil, 0,
-			errors.Errorf("Unable to load node's public key: %v", err)
-	}
-
 	// Verify the response signature
-	err = verifyNodeSignature(nodePubKey, opts.Hash, hashedResponse,
+	err := verifyNodeSignature(ngw.Gateway.TlsCertificate, opts.Hash, hashedResponse,
 		signedKeyResponse.KeyResponseSignedByGateway.Signature, opts)
 	if err != nil {
 		return nil, nil, 0,
diff --git a/cmix/nodes/verifyNodeSig.go b/cmix/nodes/verifyNodeSig.go
index 5fff37215..55ae44c55 100644
--- a/cmix/nodes/verifyNodeSig.go
+++ b/cmix/nodes/verifyNodeSig.go
@@ -11,12 +11,27 @@ package nodes
 
 import (
 	"crypto"
+	"github.com/pkg/errors"
+	"gitlab.com/xx_network/crypto/tls"
 
 	"gitlab.com/xx_network/crypto/signature/rsa"
 )
 
-func verifyNodeSignature(pub *rsa.PublicKey, hash crypto.Hash,
+func verifyNodeSignature(certContents string, hash crypto.Hash,
 	hashed []byte, sig []byte, opts *rsa.Options) error {
+
+	// Load nodes certificate
+	gatewayCert, err := tls.LoadCertificate(certContents)
+	if err != nil {
+		return errors.Errorf("Unable to load nodes's certificate: %+v", err)
+	}
+
+	// Extract public key
+	nodePubKey, err := tls.ExtractPublicKey(gatewayCert)
+	if err != nil {
+		return errors.Errorf("Unable to load node's public key: %v", err)
+	}
+
 	// Verify the response signature
-	return rsa.Verify(pub, hash, hashed, sig, opts)
+	return rsa.Verify(nodePubKey, hash, hashed, sig, opts)
 }
diff --git a/cmix/nodes/verifyNodeSig_js.go b/cmix/nodes/verifyNodeSig_js.go
index 79b35ef78..6bc339bd3 100644
--- a/cmix/nodes/verifyNodeSig_js.go
+++ b/cmix/nodes/verifyNodeSig_js.go
@@ -16,7 +16,7 @@ import (
 	"gitlab.com/xx_network/crypto/signature/rsa"
 )
 
-func verifyNodeSignature(pub *rsa.PublicKey, hash crypto.Hash,
+func verifyNodeSignature(pub string, hash crypto.Hash,
 	hashed []byte, sig []byte, opts *rsa.Options) error {
 	jww.WARN.Printf("node signature checking disabled for wasm")
 	return nil
-- 
GitLab