_key: note places where we should use eventual-send

This will be necessary to avoid reentrancy hazards, in case the application code makes other wormhole API calls from the callbacks for get_unverified_key(), get_verifier(), or get_message().
2018-02-14 00:45:02 -08:00 · 2018-02-14 00:45:02 -08:00 · 6061ec7869
commit 6061ec7869
parent 593b359166
1 changed files with 5 additions and 0 deletions
--- a/src/wormhole/_key.py
+++ b/src/wormhole/_key.py
@ -165,12 +165,17 @@ class _SortedKey(object):
        assert isinstance(msg2, type(b""))
        with self._timing.add("pake2", waiting="crypto"):
            key = self._sp.finish(msg2)
+        # TODO: make B.got_key() an eventual send, since it will fire the
+        # user/application-layer get_unverified_key() Deferred, and if that
+        # calls back into other wormhole APIs, bad things will happen
        self._B.got_key(key)
        phase = "version"
        data_key = derive_phase_key(key, self._side, phase)
        plaintext = dict_to_bytes(self._versions)
        encrypted = encrypt_data(data_key, plaintext)
        self._M.add_message(phase, encrypted)
+        # TODO: R.got_key() needs to be eventual-send too, as it can trigger
+        # app-level got_verifier() and got_message() Deferreds.
        self._R.got_key(key)

    S0_know_nothing.upon(got_code, enter=S1_know_code, outputs=[build_pake])