Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sidechain Magic number should be used in NeoFS requests #82

Closed
realloc opened this issue Oct 23, 2020 · 2 comments · Fixed by #175 or #186
Closed

Sidechain Magic number should be used in NeoFS requests #82

realloc opened this issue Oct 23, 2020 · 2 comments · Fixed by #175 or #186
Assignees
@cthulhu-rider

Comments

@realloc
Copy link

realloc commented Oct 23, 2020

To prevent theoretical replay attack, we need to have Sidechain Magic in NeoFS requests.
@alexvanin
Copy link
Contributor

Would be nice to think about it after #127 and nspcc-dev/neofs-dev-env#6

cthulhu-rider pushed a commit to cthulhu-rider/neofs-api that referenced this issue Sep 27, 2021
[nspcc-dev#82] session: Add sidechain magic to RequestMetaHeader
3d33abb 
Add `sidechain_magic` numeric field to `session.RequestMetaHeader`
message.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This was referenced Sep 27, 2021
Merged
Closed
@cthulhu-rider cthulhu-rider self-assigned this Sep 28, 2021
cthulhu-rider pushed a commit to cthulhu-rider/neofs-api that referenced this issue Sep 28, 2021
[nspcc-dev#82] session: Add sidechain magic to RequestMetaHeader
c11c2db 
Add `sidechain_magic` numeric field to `session.RequestMetaHeader`
message.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
@alexvanin
Copy link
Contributor

This issue was rollbacked because it would break backward compatibility without status codes. Now it should work fine.

Besides that implement, status code for invalid message so the client can process that and downgrade request version number.

cthulhu-rider pushed a commit to cthulhu-rider/neofs-api that referenced this issue Jan 10, 2022
[nspcc-dev#82] session: Add sidechain magic to RequestMetaHeader
6000fd3 
To prevent theoretical cross-network replay attack, we need to have
sidechain magic in NeoFS requests.

Add `sidechain_magic` numeric field to `session.RequestMetaHeader`
message.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
cthulhu-rider pushed a commit to cthulhu-rider/neofs-api that referenced this issue Jan 10, 2022
[nspcc-dev#82] session: Add sidechain magic to RequestMetaHeader
e14da32 
To prevent theoretical cross-network replay attack, we need to have
sidechain magic in NeoFS requests.

Add `sidechain_magic` numeric field to `session.RequestMetaHeader`
message.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
cthulhu-rider pushed a commit to cthulhu-rider/neofs-api that referenced this issue Jan 10, 2022
[nspcc-dev#82] status: Add status code for wrong sidechain magic
bcbf1a1 
After the recent update of NeoFS V2 protocol all requests must carry
correct sidechain magic.

Add `WRONG_SIDECHAIN_MAGIC` code to `CommonFail` section.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
cthulhu-rider pushed a commit to cthulhu-rider/neofs-api that referenced this issue Jan 10, 2022
[nspcc-dev#82] session: Add sidechain magic to RequestMetaHeader
9185bd9 
To prevent theoretical cross-network replay attack, we need to have
sidechain magic in NeoFS requests.

Add `sidechain_magic` numeric field to `session.RequestMetaHeader`
message.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
cthulhu-rider pushed a commit to cthulhu-rider/neofs-api that referenced this issue Jan 10, 2022
[nspcc-dev#82] status: Add status code for wrong sidechain magic
2376cc1 
After the recent update of NeoFS V2 protocol all requests must carry
correct sidechain magic.

Add `WRONG_SIDECHAIN_MAGIC` code to `CommonFail` section.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
@cthulhu-rider cthulhu-rider mentioned this issue Jan 10, 2022
Merged
cthulhu-rider pushed a commit to cthulhu-rider/neofs-api that referenced this issue Jan 10, 2022
[nspcc-dev#82] session: Add network magic to RequestMetaHeader
c5cca6e 
To prevent theoretical cross-network replay attack, we need to have
network magic in NeoFS requests.

Add `magic_number` numeric field to `session.RequestMetaHeader`
message.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
cthulhu-rider pushed a commit to cthulhu-rider/neofs-api that referenced this issue Jan 10, 2022
[nspcc-dev#82] status: Add status code for wrong network magic
f940131 
After the recent update of NeoFS V2 protocol all requests must carry
correct network magic.

Add `WRONG_MAGIC_NUMBER` code to `CommonFail` section.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
cthulhu-rider pushed a commit that referenced this issue Jan 10, 2022
@cthulhu-rider
[#82] session: Add network magic to RequestMetaHeader
b1fca68 
To prevent theoretical cross-network replay attack, we need to have
network magic in NeoFS requests.

Add `magic_number` numeric field to `session.RequestMetaHeader`
message.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
cthulhu-rider pushed a commit that referenced this issue Jan 10, 2022
@cthulhu-rider
[#82] status: Add status code for wrong network magic
d9d71cc 
After the recent update of NeoFS V2 protocol all requests must carry
correct network magic.

Add `WRONG_MAGIC_NUMBER` code to `CommonFail` section.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
@alexvanin alexvanin mentioned this issue Jan 19, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cthulhu-rider cthulhu-rider

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@realloc @alexvanin @cthulhu-rider