Skip to content

Commit 1a6eb66

Browse files
anhthiianhthii
committed
Fix ECDH session parameter
1 parent c42c6ea commit 1a6eb66

2 files changed

Lines changed: 15 additions & 4 deletions

File tree

pkg/mpc/key_exchange_session.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ func NewECDHSession(
5353
pubSub messaging.PubSub,
5454
identityStore identity.Store,
5555
) *ecdhSession {
56+
logger.Info("Creating ECDH session", "nodeID", nodeID, "peerIDs", peerIDs, "expectedKeys", len(peerIDs))
5657
return &ecdhSession{
5758
nodeID: nodeID,
5859
peerIDs: peerIDs,
@@ -92,15 +93,20 @@ func (e *ecdhSession) ListenKeyExchange() error {
9293
sub, err := e.pubSub.Subscribe(ECDHExchangeTopic, func(natMsg *nats.Msg) {
9394
var ecdhMsg types.ECDHMessage
9495
if err := json.Unmarshal(natMsg.Data, &ecdhMsg); err != nil {
96+
logger.Error("Failed to unmarshal ECDH message", err)
9597
return
9698
}
9799

98100
if ecdhMsg.From == e.nodeID {
101+
logger.Debug("Ignoring own ECDH message", "from", ecdhMsg.From)
99102
return
100103
}
101104

105+
logger.Debug("Received ECDH message", "from", ecdhMsg.From, "to", e.nodeID)
106+
102107
//TODO: consider how to avoid replay attack
103108
if err := e.identityStore.VerifySignature(&ecdhMsg); err != nil {
109+
logger.Error("ECDH signature verification failed", err, "from", ecdhMsg.From)
104110
e.errCh <- err
105111
return
106112
}

pkg/mpc/registry.go

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,9 @@ func NewRegistry(
6666
pubSub messaging.PubSub,
6767
identityStore identity.Store,
6868
) *registry {
69-
ecdhSession := NewECDHSession(nodeID, peerNodeIDs, pubSub, identityStore)
69+
// ECDH session should only exchange keys with other peers, not self
70+
peerIDsExceptSelf := getPeerIDsExceptSelf(nodeID, peerNodeIDs)
71+
ecdhSession := NewECDHSession(nodeID, peerIDsExceptSelf, pubSub, identityStore)
7072
mpcThreshold := viper.GetInt("mpc_threshold")
7173
if mpcThreshold < 1 {
7274
logger.Fatal("mpc_threshold must be greater than 0", nil)
@@ -75,7 +77,7 @@ func NewRegistry(
7577
reg := &registry{
7678
consulKV: consulKV,
7779
nodeID: nodeID,
78-
peerNodeIDs: getPeerIDsExceptSelf(nodeID, peerNodeIDs),
80+
peerNodeIDs: peerIDsExceptSelf,
7981
readyMap: make(map[string]bool),
8082
readyCount: 1, // self
8183
healthCheck: directMessaging,
@@ -185,12 +187,15 @@ func (r *registry) Ready() error {
185187
}
186188

187189
_, err = r.healthCheck.Listen(r.composeHealthCheckTopic(r.nodeID), func(data []byte) {
188-
peerID, isEcdhReady, _ := parseHealthDataSplit(string(data))
190+
peerID, isEcdhReady, parseErr := parseHealthDataSplit(string(data))
191+
if parseErr != nil {
192+
logger.Error("Failed to parse health check data", parseErr, "data", string(data))
193+
return
194+
}
189195
logger.Debug("Health check ok", "peerID", peerID, "isEcdhReady", isEcdhReady)
190196
if !isEcdhReady {
191197
logger.Info("[ECDH exchange retriggerd] not all peers are ready", "peerID", peerID)
192198
go r.triggerECDHExchange()
193-
194199
}
195200
})
196201
if err != nil {

0 commit comments

Comments
 (0)