uqbar-dao/nectar
1
1
Fork 0
mirror of https://github.com/uqbar-dao/nectar.git synced 2025-01-03 14:17:20 +03:00
Code Issues Packages Projects Releases Wiki Activity

resigning all caps on boot, compiling

Browse Source
This commit is contained in:
Drew Tada 2024-01-17 17:22:14 -06:00
parent 904309cd59
commit 0d52b41194
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/kernel/mod.rs
View File

@ -187,7 +187,6 @@ async fn handle_kernel_request(
};
// check cap sigs & transform valid to unsigned to be plugged into procs
let pk = signature::UnparsedPublicKey::new(&signature::ED25519, keypair.public_key());
let parent_caps: &HashMap<t::Capability, Vec<u8>> =
&process_map.get(&km.source.process).unwrap().capabilities;
let mut valid_capabilities: HashMap<t::Capability, Vec<u8>> = HashMap::new();
@ -200,7 +199,9 @@ async fn handle_kernel_request(
for cap in initial_capabilities {
match parent_caps.get(&cap) {
// NOTE: verifying sigs here would be unnecessary
Some(sig) => valid_capabilities.insert(cap, sig.to_vec()),
Some(sig) => {
valid_capabilities.insert(cap, sig.to_vec());
}
None => {
println!(
"kernel: InitializeProcess caller {} doesn't have capability\r",

16
src/state.rs
View File

@ -41,6 +41,22 @@ pub async fn load_state(
match db.get(&kernel_id) {
Ok(Some(value)) => {
process_map = bincode::deserialize::<ProcessMap>(&value).unwrap();
// if our networking key changed, we need to re-sign all local caps
process_map.iter().map(|(_id, process)| {
process.capabilities.iter().map(|(cap, sig)| {
if cap.issuer.node == our_name {
(
cap.clone(),
keypair
.sign(&rmp_serde::to_vec(&cap).unwrap())
.as_ref()
.to_vec(),
)
} else {
(cap.clone(), sig.clone())
}
})
});
}
Ok(None) => {
bootstrap(