From d5feba707684585dd161d2f6ac3abb605d3a2869 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Krist=C3=B3f=20T=C3=B3th?= <kristof.toth@avatao.com>
Date: Mon, 16 Jul 2018 14:31:52 +0200
Subject: [PATCH] Implement HMAC signatures of fsm_update broadcast messages

---
 lib/tfw/components/fsm_managing_event_handler.py | 7 ++++++-
 lib/tfw/event_handler_base.py                    | 6 ++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/tfw/components/fsm_managing_event_handler.py b/lib/tfw/components/fsm_managing_event_handler.py
index 0401a16..4e2c97f 100644
--- a/lib/tfw/components/fsm_managing_event_handler.py
+++ b/lib/tfw/components/fsm_managing_event_handler.py
@@ -2,6 +2,7 @@
 # All Rights Reserved. See LICENSE file for details.
 
 from tfw import EventHandlerBase
+from tfw.crypto import KeyManager, sign_message
 from tfw.config.logs import logging
 
 LOG = logging.getLogger(__name__)
@@ -12,6 +13,7 @@ class FSMManagingEventHandler(EventHandlerBase):
         super().__init__(key)
         self.fsm = fsm_type()
         self._fsm_updater = FSMUpdater(self.fsm)
+        self.auth_key = KeyManager().auth_key
 
         self.command_handlers = {
             'trigger': self.handle_trigger,
@@ -22,7 +24,10 @@ class FSMManagingEventHandler(EventHandlerBase):
         try:
             data = message['data']
             message['data'] = self.command_handlers[data['command']](data)
-            self.server_connector.broadcast(self._fsm_updater.generate_fsm_update())
+            fsm_update_message = self._fsm_updater.generate_fsm_update()
+            sign_message(self.auth_key, message)
+            sign_message(self.auth_key, fsm_update_message)
+            self.server_connector.broadcast(fsm_update_message)
             return message
         except KeyError:
             LOG.error('IGNORING MESSAGE: Invalid message received: %s', message)
diff --git a/lib/tfw/event_handler_base.py b/lib/tfw/event_handler_base.py
index 880e406..fb99748 100644
--- a/lib/tfw/event_handler_base.py
+++ b/lib/tfw/event_handler_base.py
@@ -4,7 +4,7 @@
 from abc import ABC, abstractmethod
 
 from tfw.networking.event_handlers import ServerConnector
-from tfw.crypto import message_checksum
+from tfw.crypto import message_checksum, KeyManager, verify_message
 from tfw.config.logs import logging
 
 LOG = logging.getLogger(__name__)
@@ -116,10 +116,12 @@ class FSMAwareEventHandler(EventHandlerBase, ABC):
         super().__init__(key)
         self.subscribe('fsm_update')
         self.fsm_state = None
+        self._auth_key = KeyManager().auth_key
 
     def dispatch_handling(self, message):
         if message['key'] == 'fsm_update':
-            self._handle_fsm_update(message)
+            if verify_message(self._auth_key, message):
+                self._handle_fsm_update(message)
             return None
         return super().dispatch_handling(message)