bugfix: make sure refresh data key matches bond info

jstuczyn · jstuczyn · commit 0f7224e745f2 · 2025-01-10T10:23:29.000Z
diff --git a/nym-api/src/node_describe_cache/mod.rs b/nym-api/src/node_describe_cache/mod.rs
@@ -12,6 +12,7 @@ use futures::{stream, StreamExt};
 use nym_api_requests::legacy::{LegacyGatewayBondWithId, LegacyMixNodeDetailsWithLayer};
 use nym_api_requests::models::{DescribedNodeType, NymNodeData, NymNodeDescription};
 use nym_config::defaults::DEFAULT_NYM_NODE_HTTP_PORT;
+use nym_crypto::asymmetric::ed25519;
 use nym_mixnet_contract_common::{LegacyMixLayer, NodeId, NymNodeDetails};
 use nym_node_requests::api::client::{NymNodeApiClientError, NymNodeApiClientExt};
 use nym_topology::gateway::GatewayConversionError;
@@ -58,6 +59,13 @@ pub enum NodeDescribeCacheError {
     #[error("could not verify signed host information for node {node_id}")]
     MissignedHostInformation { node_id: NodeId },
 
+    #[error("identity of node {node_id} does not match. expected {expected} but got {got}")]
+    MismatchedIdentity {
+        node_id: NodeId,
+        expected: String,
+        got: String,
+    },
+
     #[error("node {node_id} is announcing an illegal ip address")]
     IllegalIpAddress { node_id: NodeId },
 }
@@ -289,6 +297,15 @@ async fn try_get_description(
 
     let host_info = client.get_host_information().await.map_err(map_query_err)?;
 
+    // check if the identity key matches the information provided during bonding
+    if data.expected_identity != host_info.keys.ed25519_identity {
+        return Err(NodeDescribeCacheError::MismatchedIdentity {
+            node_id: data.node_id,
+            expected: data.expected_identity.to_base58_string(),
+            got: host_info.keys.ed25519_identity.to_base58_string(),
+        });
+    }
+
     if !host_info.verify_host_information() {
         return Err(NodeDescribeCacheError::MissignedHostInformation {
             node_id: data.node_id,
@@ -315,54 +332,66 @@ async fn try_get_description(
 pub(crate) struct RefreshData {
     host: String,
     node_id: NodeId,
+    expected_identity: ed25519::PublicKey,
     node_type: DescribedNodeType,
 
     port: Option<u16>,
 }
 
-impl<'a> From<&'a LegacyMixNodeDetailsWithLayer> for RefreshData {
-    fn from(node: &'a LegacyMixNodeDetailsWithLayer) -> Self {
-        RefreshData::new(
+impl<'a> TryFrom<&'a LegacyMixNodeDetailsWithLayer> for RefreshData {
+    type Error = ed25519::Ed25519RecoveryError;
+
+    fn try_from(node: &'a LegacyMixNodeDetailsWithLayer) -> Result<Self, Self::Error> {
+        Ok(RefreshData::new(
             &node.bond_information.mix_node.host,
+            node.bond_information.identity().parse()?,
             DescribedNodeType::LegacyMixnode,
             node.mix_id(),
             Some(node.bond_information.mix_node.http_api_port),
-        )
+        ))
     }
 }
 
-impl<'a> From<&'a LegacyGatewayBondWithId> for RefreshData {
-    fn from(node: &'a LegacyGatewayBondWithId) -> Self {
-        RefreshData::new(
+impl<'a> TryFrom<&'a LegacyGatewayBondWithId> for RefreshData {
+    type Error = ed25519::Ed25519RecoveryError;
+
+    fn try_from(node: &'a LegacyGatewayBondWithId) -> Result<Self, Self::Error> {
+        Ok(RefreshData::new(
             &node.bond.gateway.host,
+            node.bond.identity().parse()?,
             DescribedNodeType::LegacyGateway,
             node.node_id,
             None,
-        )
+        ))
     }
 }
 
-impl<'a> From<&'a NymNodeDetails> for RefreshData {
-    fn from(node: &'a NymNodeDetails) -> Self {
-        RefreshData::new(
+impl<'a> TryFrom<&'a NymNodeDetails> for RefreshData {
+    type Error = ed25519::Ed25519RecoveryError;
+
+    fn try_from(node: &'a NymNodeDetails) -> Result<Self, Self::Error> {
+        Ok(RefreshData::new(
             &node.bond_information.node.host,
+            node.bond_information.identity().parse()?,
             DescribedNodeType::NymNode,
             node.node_id(),
             node.bond_information.node.custom_http_port,
-        )
+        ))
     }
 }
 
 impl RefreshData {
     pub fn new(
         host: impl Into<String>,
+        expected_identity: ed25519::PublicKey,
         node_type: DescribedNodeType,
         node_id: NodeId,
         port: Option<u16>,
     ) -> Self {
         RefreshData {
             host: host.into(),
             node_id,
+            expected_identity,
             node_type,
             port,
         }
@@ -404,7 +433,9 @@ impl CacheItemProvider for NodeDescriptionProvider {
             None => error!("failed to obtain mixnodes information from the cache"),
             Some(legacy_mixnodes) => {
                 for node in &**legacy_mixnodes {
-                    nodes_to_query.push(node.into())
+                    if let Ok(data) = node.try_into() {
+                        nodes_to_query.push(data);
+                    }
                 }
             }
         }
@@ -413,7 +444,9 @@ impl CacheItemProvider for NodeDescriptionProvider {
             None => error!("failed to obtain gateways information from the cache"),
             Some(legacy_gateways) => {
                 for node in &**legacy_gateways {
-                    nodes_to_query.push(node.into())
+                    if let Ok(data) = node.try_into() {
+                        nodes_to_query.push(data);
+                    }
                 }
             }
         }
@@ -422,7 +455,9 @@ impl CacheItemProvider for NodeDescriptionProvider {
             None => error!("failed to obtain nym-nodes information from the cache"),
             Some(nym_nodes) => {
                 for node in &**nym_nodes {
-                    nodes_to_query.push(node.into())
+                    if let Ok(data) = node.try_into() {
+                        nodes_to_query.push(data);
+                    }
                 }
             }
         }
diff --git a/nym-api/src/nym_contract_cache/cache/mod.rs b/nym-api/src/nym_contract_cache/cache/mod.rs
@@ -385,7 +385,7 @@ impl NymContractCache {
             .iter()
             .find(|n| n.bond_information.identity() == encoded_identity)
         {
-            return Some(nym_node.into());
+            return nym_node.try_into().ok();
         }
 
         // 2. check legacy mixnodes
@@ -394,7 +394,7 @@ impl NymContractCache {
             .iter()
             .find(|n| n.bond_information.identity() == encoded_identity)
         {
-            return Some(mixnode.into());
+            return mixnode.try_into().ok();
         }
 
         // 3. check legacy gateways
@@ -403,7 +403,7 @@ impl NymContractCache {
             .iter()
             .find(|n| n.identity() == &encoded_identity)
         {
-            return Some(gateway.into());
+            return gateway.try_into().ok();
         }
 
         None

Original file line number	Diff line number	Diff line change
`@@ -385,7 +385,7 @@ impl NymContractCache {`
`385`	`385`	`.iter()`
`386`	`386`	`.find(\|n\| n.bond_information.identity() == encoded_identity)`
`387`	`387`	`{`
`388`		`- return Some(nym_node.into());`
	`388`	`+ return nym_node.try_into().ok();`
`389`	`389`	`}`
`390`	`390`
`391`	`391`	`// 2. check legacy mixnodes`
`@@ -394,7 +394,7 @@ impl NymContractCache {`
`394`	`394`	`.iter()`
`395`	`395`	`.find(\|n\| n.bond_information.identity() == encoded_identity)`
`396`	`396`	`{`
`397`		`- return Some(mixnode.into());`
	`397`	`+ return mixnode.try_into().ok();`
`398`	`398`	`}`
`399`	`399`
`400`	`400`	`// 3. check legacy gateways`
`@@ -403,7 +403,7 @@ impl NymContractCache {`
`403`	`403`	`.iter()`
`404`	`404`	`.find(\|n\| n.identity() == &encoded_identity)`
`405`	`405`	`{`
`406`		`- return Some(gateway.into());`
	`406`	`+ return gateway.try_into().ok();`
`407`	`407`	`}`
`408`	`408`
`409`	`409`	`None`