Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add authentication to wire commmunication (handshake) #381

Open
DragonDev1906 opened this issue Jan 4, 2023 · 2 comments
Open

Add authentication to wire commmunication (handshake) #381

DragonDev1906 opened this issue Jan 4, 2023 · 2 comments

Comments

@DragonDev1906
Copy link
Contributor

Location

  • wire.proto
  • wire/net/exchange_addr.go

Problem

Sender not authenticated

While each message currently contains a sender and recipient wire address in its Envelope, those are not yet authenticated, there is no signature in wire.proto. This means anyone can send a message coming from SENDER, without needing the private key, thus allowing to spoof any wire identity.

No TLS

As far as I can tell we're currently using TCP without TLS for the communication. This means that, even when there is a signature in the handshake message (AuthResponseMsg), an Adversary could eavesdrop the communication channel and use the AuthResponseMsg in his own session, thus stealing the wire identity. He could not send updates to the existing channel since he doesn't have the private key for the channel identity, but he could propose new channels (at least they (probably) won't be funded), but it still locks up some resources (time, computation, storage and ETH) for some time while waiting for the channel to be funded.

Proposal (all three are likely needed)

  • Add a signature using the wire identity to AuthResponseMsg and check this signature (AuthResponseMsg message can be completely removed if every envelope contains this signature)
  • Communicate over TLS to prevent eavesdropping (alternatively we could add the signature to every single message, which would still allow an Adversary to read or reorder messages (=> honest-but-curious middle-man proxy, if wanted)
  • One of the following
    • Recommended:: Add signature of sender (wire identity) to all envelopes (instead of just to AuthResponseMsg)
    • Correctly implement the authentication: All Envelopes except AuthResponseMsg MUST NOT be valid if there was no AuthResponseMsg for this sender on this session. - Important: This does not protect against a malicious middle-man proxy that terminates TLS.
    • Don't allow multiple wire identities over the same TCP/TLS session. (probably the case at the moment)
@matthiasgeihs
Copy link
Contributor

It should be possible to implement a wire adapter that provides authentication. AFAIR, there is an implementation that utilizes libp2p to achieve encryption and authentication. @tinnendo should be able to point you to it.

@RmbRT
Copy link
Contributor

RmbRT commented Jan 5, 2023

You can send arbitrary Envelopes over any connection and afaik, there is no check that would bind a single connection to a single sender. Neither the wire/net.Bus nor the wire/net.ioConn check for the Sender field of the envelopes, and all received envelopes get multiplexed over a central wire.Publisher.

@NhoxxKienn NhoxxKienn mentioned this issue Feb 16, 2024
Closed
@NhoxxKienn NhoxxKienn mentioned this issue Feb 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DragonDev1906 @RmbRT @matthiasgeihs