Skip to content
Snippets Groups Projects
Commit 20540e35 authored by Jonah Husson's avatar Jonah Husson
Browse files

Fix hashCertRequestInfo to use unix timestamp when hashing

parent a16f1b94
No related branches found
No related tags found
2 merge requests!79Project/https support,!65Updates for Channel Support
Show whitespace changes
Inline Side-by-side
authorize/certRequest.go
+ 4
5
View file @ 20540e35
...@@ -8,6 +8,7 @@ ...@@ -8,6 +8,7 @@
package authorize package authorize
import ( import (
"encoding/binary"
"gitlab.com/elixxir/crypto/hash" "gitlab.com/elixxir/crypto/hash"
"gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/crypto/signature/rsa"
"io" "io"
...@@ -43,10 +44,8 @@ func VerifyCertRequest(gwPub *rsa.PublicKey, sig []byte, ...@@ -43,10 +44,8 @@ func VerifyCertRequest(gwPub *rsa.PublicKey, sig []byte,
func hashCertRequestInfo(acmeToken string, timestamp time.Time) ([]byte, error) { func hashCertRequestInfo(acmeToken string, timestamp time.Time) ([]byte, error) {
h := hashType.New() h := hashType.New()
h.Write([]byte(acmeToken)) h.Write([]byte(acmeToken))
nowBytes, err := timestamp.MarshalBinary() tsBytes := make([]byte, 8)
if err != nil { binary.BigEndian.PutUint64(tsBytes, uint64(timestamp.UnixNano()))
return nil, err h.Write(tsBytes)
}
h.Write(nowBytes)
return h.Sum(nil), nil return h.Sum(nil), nil
} }
authorize/certRequest_test.go
+ 1
1
View file @ 20540e35
...@@ -47,7 +47,7 @@ func TestSignVerify_CertRequest_Consistency(t *testing.T) { ...@@ -47,7 +47,7 @@ func TestSignVerify_CertRequest_Consistency(t *testing.T) {
} }
testDelta := 24 * time.Hour testDelta := 24 * time.Hour
testNow := timestamp.Add(testDelta / 2) testNow := timestamp.Add(testDelta / 2)
expectedSig := []byte{89, 26, 164, 145, 177, 46, 37, 168, 171, 201, 60, 55, 95, 70, 1, 62, 99, 103, 130, 108, 125, 26, 201, 245, 10, 136, 78, 77, 16, 78, 228, 149, 109, 92, 48, 252, 41, 36, 188, 184, 100, 118, 249, 84, 215, 138, 249, 170, 252, 113, 198, 64, 191, 195, 85, 87, 125, 204, 171, 111, 51, 248, 224, 216, 222, 104, 98, 230, 42, 145, 124, 21, 36, 63, 217, 38, 84, 84, 97, 57, 39, 36, 138, 2, 80, 149, 194, 73, 15, 10, 171, 54, 223, 215, 167, 119, 250, 106, 86, 220, 125, 116, 43, 152, 89, 21, 251, 62, 35, 168, 216, 197, 57, 52, 161, 244, 177, 160, 184, 24, 88, 5, 42, 101, 16, 67, 136, 62} expectedSig := []byte{90, 93, 43, 229, 9, 238, 206, 159, 151, 106, 94, 134, 24, 13, 254, 30, 218, 171, 122, 232, 62, 136, 217, 225, 177, 42, 194, 11, 230, 177, 3, 115, 187, 182, 115, 25, 151, 138, 11, 205, 247, 86, 4, 180, 23, 59, 212, 72, 100, 10, 71, 233, 73, 142, 215, 144, 52, 146, 238, 40, 45, 211, 165, 28, 98, 143, 72, 16, 68, 65, 105, 228, 150, 45, 194, 10, 90, 172, 171, 1, 224, 255, 176, 254, 202, 81, 23, 169, 123, 145, 169, 241, 113, 84, 144, 55, 108, 70, 254, 13, 122, 67, 2, 192, 25, 165, 236, 188, 221, 192, 179, 181, 191, 15, 109, 58, 211, 123, 190, 232, 223, 245, 250, 201, 131, 22, 216, 186}
sig, err := SignCertRequest(rng, pk, token, timestamp) sig, err := SignCertRequest(rng, pk, token, timestamp)
if err != nil { if err != nil {
t.Fatalf("Failed to sign acme token: %+v", err) t.Fatalf("Failed to sign acme token: %+v", err)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment