From 7269c0977193a71f49d059465de4435ecec6e42b Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Thu, 25 Oct 2018 17:39:34 -0400 Subject: [PATCH] adds life-mismatch checks to pre-boot validation --- sys/zuse.hoon | 8 ++++++++ tests/sys/zuse/dawn.hoon | 18 ++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/sys/zuse.hoon b/sys/zuse.hoon index 11e32264e9..b79d29d983 100644 --- a/sys/zuse.hoon +++ b/sys/zuse.hoon @@ -8117,6 +8117,10 @@ :: ?~ net.hull [%| %parent-not-keyed] + :: life must match parent's + :: + ?. =(lyf.seed life.u.net.hull) + [%| %life-mismatch] =/ loy (com:nu:crub:crypto pass.u.net.hull) =/ hax (shaf %earl (sham who.seed lyf.seed pub:ex:cub)) :: the signature must be valid @@ -8138,6 +8142,10 @@ :: ?. =(pub:ex:cub pass.u.net.hull) [%| %key-mismatch] + :: life must match the contract + :: + ?. =(lyf.seed life.u.net.hull) + [%| %life-mismatch] :: the boot life must be greater than and discontinuous with :: the last seen life (per the sponsor) :: diff --git a/tests/sys/zuse/dawn.hoon b/tests/sys/zuse/dawn.hoon index 0baa1c2a3a..ee14cf06fb 100644 --- a/tests/sys/zuse/dawn.hoon +++ b/tests/sys/zuse/dawn.hoon @@ -168,6 +168,12 @@ !> [%| %key-mismatch] !> (veri:dawn sed hul ~) :: +++ test-veri-life-mismatch + =/ sed [~zod 2 sec ~] + %+ expect-eq + !> [%| %life-mismatch] + !> (veri:dawn sed hul ~) +:: ++ test-veri-already-booted =/ sed [~zod 1 sec ~] ;: weld @@ -213,6 +219,18 @@ !> [%| %parent-not-keyed] !> (veri:dawn sed =>(hul .(net ~)) ~) :: +++ test-veri-earl-life-mismatch + =/ cub (pit:nu:crub:crypto 24 %foo) + =/ who ~simtel-mithet-dozzod-dozzod + =/ sed + =/ sig + %- sign:as:(nol:nu:crub:crypto sec) + (shaf %earl (sham who 1 pub:ex:cub)) + [who 2 sec:ex:cub `sig] + %+ expect-eq + !> [%| %life-mismatch] + !> (veri:dawn sed hul ~) +:: ++ test-veri-earl-invalid-sig =/ cub (pit:nu:crub:crypto 24 %foo) =/ who ~simtel-mithet-dozzod-dozzod