Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptobox review: signature scope #916

Open
oberstet opened this issue Oct 3, 2017 · 0 comments
Open

Cryptobox review: signature scope #916

oberstet opened this issue Oct 3, 2017 · 0 comments
Labels
needs-discussion wamp

Comments

@oberstet
Copy link
Contributor

oberstet commented Oct 3, 2017
edited

WAMP-cryptobox works by computing a signature over and encrypting a bytes serialization of the following:

payload = {
    u'uri': uri,
    u'args': args,
    u'kwargs': kwargs
}

However, the URI is the only WAMP metadata that is included and checked under the signature.

The design question is: is that signature scope (uri/args/kwargs) enough?

Are there other things besides uri/args/kwargs a receiving client would expect to be untampered under end-to-end encryption (by being part of the stuff that goes into signature)?

Essentially, everything not under the scope of the signature must be treated "untrusted" by the receiving peer. Any intermediary WAMP router between the sending and the receiving peer might have tampered with stuff not under the signature.

Implementation wise the main thing to check is: is the URI contained within the bytes under the signature (still) the same as the URI in the WAMP message envelope? If not, someone tampered with the URI, and this should be treated as "fatal".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-discussion wamp
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@oberstet