Merge pull request #5792 from oasisprotocol/peternose/trivial/churp-r…

…pc-verify-committee keymanager/src/churp: Respond to requests only if node is in committee
oasisprotocol · Jul 25, 2024 · ae62d53 · ae62d53
2 parents 190a5db + 381407e
commit ae62d53
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/.changelog/5792.trivial.md b/.changelog/5792.trivial.md
diff --git a/keymanager/src/churp/handler.rs b/keymanager/src/churp/handler.rs
@@ -1182,9 +1182,11 @@ impl<S: Suite> Instance<S> {
 impl<S: Suite> Handler for Instance<S> {
     fn verification_matrix(&self, req: &QueryRequest) -> Result<Vec<u8>> {
         let status = self.verify_last_handoff(req.epoch)?;
-        let shareholder = match status.suite_id {
-            SuiteId::NistP384Sha3_384 => self.get_shareholder(req.epoch)?,
-        };
+        if !status.committee.contains(&self.node_id) {
+            return Err(Error::NotInCommittee.into());
+        }
+
+        let shareholder = self.get_shareholder(status.handoff)?;
         let vm = shareholder
             .verifiable_share()
             .verification_matrix()
@@ -1199,6 +1201,9 @@ impl<S: Suite> Handler for Instance<S> {
         req: &QueryRequest,
     ) -> Result<Vec<u8>> {
         let status = self.verify_next_handoff(req.epoch)?;
+        if !status.committee.contains(&self.node_id) {
+            return Err(Error::NotInCommittee.into());
+        }
 
         let kind = Self::handoff_kind(&status);
         if !matches!(kind, HandoffKind::CommitteeChanged) {
@@ -1227,6 +1232,9 @@ impl<S: Suite> Handler for Instance<S> {
         req: &QueryRequest,
     ) -> Result<Vec<u8>> {
         let status = self.verify_next_handoff(req.epoch)?;
+        if !status.applications.contains_key(&self.node_id) {
+            return Err(Error::NotInCommittee.into());
+        }
 
         let kind = Self::handoff_kind(&status);
         if !matches!(kind, HandoffKind::CommitteeChanged) {
@@ -1256,6 +1264,9 @@ impl<S: Suite> Handler for Instance<S> {
         req: &QueryRequest,
     ) -> Result<EncodedVerifiableSecretShare> {
         let status = self.verify_next_handoff(req.epoch)?;
+        if !status.applications.contains_key(&self.node_id) {
+            return Err(Error::NotInCommittee.into());
+        }
 
         let node_id = req.node_id.as_ref().ok_or(Error::NotAuthenticated)?;
         if !status.applications.contains_key(node_id) {
@@ -1309,6 +1320,9 @@ impl<S: Suite> Handler for Instance<S> {
         if status.handoff != req.epoch {
             return Err(Error::HandoffMismatch.into());
         }
+        if !status.committee.contains(&self.node_id) {
+            return Err(Error::NotInCommittee.into());
+        }
 
         // Note that querying past key shares can fail at this point
         // if the policy has changed.