[FAB-1898] Abort on signature creation failure

The gossip layer uses the local MSP to sign messages. This may fail, and if the local MSP fails to sign a message, this is irrecoverable, and we should abort and the peer needs to be fixed. Change-Id: I055c5b329b47f6fc0767b652fd257681c8275264 Signed-off-by: Yacov Manevich <yacovm@il.ibm.com>
hyperledger · Feb 6, 2017 · 7a20cc9 · 7a20cc9
1 parent bb41bbc
commit 7a20cc9
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 5 deletions.
diff --git a/gossip/comm/comm_impl.go b/gossip/comm/comm_impl.go
@@ -405,7 +405,7 @@ func (c *commImpl) authenticateRemotePeer(stream stream) (common.PKIidType, erro
 		}
 	}
 
-	cMsg = createConnectionMsg(c.PKIID, c.selfCertHash, c.peerIdentity, signer)
+	cMsg = c.createConnectionMsg(c.PKIID, c.selfCertHash, c.peerIdentity, signer)
 
 	c.logger.Debug("Sending", cMsg, "to", remoteAddress)
 	stream.Send(cMsg)
@@ -528,7 +528,7 @@ func readWithTimeout(stream interface{}, timeout time.Duration) *proto.GossipMes
 	}
 }
 
-func createConnectionMsg(pkiID common.PKIidType, hash []byte, cert api.PeerIdentityType, signer proto.Signer) *proto.GossipMessage {
+func (c *commImpl) createConnectionMsg(pkiID common.PKIidType, hash []byte, cert api.PeerIdentityType, signer proto.Signer) *proto.GossipMessage {
 	m := &proto.GossipMessage{
 		Tag:   proto.GossipMessage_EMPTY,
 		Nonce: 0,
@@ -540,7 +540,10 @@ func createConnectionMsg(pkiID common.PKIidType, hash []byte, cert api.PeerIdent
 			},
 		},
 	}
-	m.Sign(signer)
+	if err := m.Sign(signer); err != nil {
+		c.logger.Panicf("Gossip failed to sign a message using the peer identity.\n Halting execution.\nActual error: %v", err)
+	}
+
 	return m
 }
 

diff --git a/gossip/comm/comm_test.go b/gossip/comm/comm_test.go
@@ -95,6 +95,7 @@ func newCommInstance(port int, sec api.MessageCryptoService) (Comm, error) {
 }
 
 func handshaker(endpoint string, comm Comm, t *testing.T, sigMutator func([]byte) []byte, pkiIDmutator func([]byte) []byte) <-chan ReceivedMessage {
+	c := &commImpl{}
 	err := generateCertificates("key.pem", "cert.pem")
 	defer os.Remove("cert.pem")
 	defer os.Remove("key.pem")
@@ -122,7 +123,7 @@ func handshaker(endpoint string, comm Comm, t *testing.T, sigMutator func([]byte
 		pkiID = common.PKIidType(pkiIDmutator([]byte(endpoint)))
 	}
 	assert.NoError(t, err, "%v", err)
-	msg := createConnectionMsg(pkiID, clientCertHash, []byte(endpoint), func(msg []byte) ([]byte, error) {
+	msg := c.createConnectionMsg(pkiID, clientCertHash, []byte(endpoint), func(msg []byte) ([]byte, error) {
 		return msg, nil
 	})
 
@@ -135,7 +136,7 @@ func handshaker(endpoint string, comm Comm, t *testing.T, sigMutator func([]byte
 	assert.NoError(t, err, "%v", err)
 	if sigMutator == nil {
 		hash := extractCertificateHashFromContext(stream.Context())
-		expectedMsg := createConnectionMsg(common.PKIidType("localhost:9611"), hash, []byte("localhost:9611"), func(msg []byte) ([]byte, error) {
+		expectedMsg := c.createConnectionMsg(common.PKIidType("localhost:9611"), hash, []byte("localhost:9611"), func(msg []byte) ([]byte, error) {
 			return msg, nil
 		})
 		assert.Equal(t, expectedMsg.Signature, msg.Signature)