Skip to content
Snippets Groups Projects
Commit 2a897bc0 authored by Josh Brooks's avatar Josh Brooks
Browse files

Revert authorize package changes

parent fe152887
No related branches found
No related tags found
2 merge requests!121Revert "Propagate moving of rsa/cyclic/hash packages",!93Remove old RSA from xx.NewId
Show whitespace changes
Inline Side-by-side
authorize/authorize.go
+ 4
5
View file @ 2a897bc0
...@@ -13,7 +13,6 @@ package authorize ...@@ -13,7 +13,6 @@ package authorize
import ( import (
"encoding/binary" "encoding/binary"
"github.com/pkg/errors" "github.com/pkg/errors"
"gitlab.com/elixxir/crypto/rsa"
oldRsa "gitlab.com/xx_network/crypto/signature/rsa" oldRsa "gitlab.com/xx_network/crypto/signature/rsa"
"gitlab.com/xx_network/crypto/xx" "gitlab.com/xx_network/crypto/xx"
"gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/id"
...@@ -38,7 +37,7 @@ func Sign(rand io.Reader, now time.Time, privKey *oldRsa.PrivateKey) ([]byte, er ...@@ -38,7 +37,7 @@ func Sign(rand io.Reader, now time.Time, privKey *oldRsa.PrivateKey) ([]byte, er
// Second it will check that the public key and salt make the passed in node ID // Second it will check that the public key and salt make the passed in node ID
// Finally it will verify the signature on the signedTS using the public key // Finally it will verify the signature on the signedTS using the public key
func Verify(now time.Time, signedTS time.Time, func Verify(now time.Time, signedTS time.Time,
pubkey rsa.PublicKey, nid *id.ID, salt []byte, pubKey *oldRsa.PublicKey, nid *id.ID, salt []byte,
delta time.Duration, signature []byte) error { delta time.Duration, signature []byte) error {
// Check that the signed timestamp is within the delta passed in // Check that the signed timestamp is within the delta passed in
...@@ -49,7 +48,7 @@ func Verify(now time.Time, signedTS time.Time, ...@@ -49,7 +48,7 @@ func Verify(now time.Time, signedTS time.Time,
// Check that node ID passed in matches the // Check that node ID passed in matches the
// passed in public key and salt // passed in public key and salt
generatedId, err := xx.NewID(pubkey, salt, id.Node) generatedId, err := xx.NewID(pubKey, salt, id.Node)
if err != nil { if err != nil {
return errors.Errorf("Issue generating ID for authorization check: %v", err) return errors.Errorf("Issue generating ID for authorization check: %v", err)
} }
...@@ -60,11 +59,11 @@ func Verify(now time.Time, signedTS time.Time, ...@@ -60,11 +59,11 @@ func Verify(now time.Time, signedTS time.Time,
} }
// Construct the hash // Construct the hash
options := rsa.NewDefaultPSSOptions() options := oldRsa.NewDefaultOptions()
hashedData := digest(options.Hash.New(), signedTS) hashedData := digest(options.Hash.New(), signedTS)
// Verify the signature passed in // Verify the signature passed in
return pubkey.VerifyPSS(options.Hash, hashedData, signature, options) return oldRsa.Verify(pubKey, options.Hash, hashedData, signature, options)
} }
......
authorize/authorize_test.go
+ 15
14
View file @ 2a897bc0
...@@ -12,6 +12,7 @@ import ( ...@@ -12,6 +12,7 @@ import (
"crypto/rand" "crypto/rand"
"fmt" "fmt"
"gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/crypto/rsa"
oldrsa "gitlab.com/xx_network/crypto/signature/rsa"
"gitlab.com/xx_network/crypto/xx" "gitlab.com/xx_network/crypto/xx"
"gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/id"
"strconv" "strconv"
...@@ -33,14 +34,14 @@ func TestSignVerify_Consistency(t *testing.T) { ...@@ -33,14 +34,14 @@ func TestSignVerify_Consistency(t *testing.T) {
// use insecure seeded rng to reproduce key // use insecure seeded rng to reproduce key
notRand := &CountingReader{count: uint8(0)} notRand := &CountingReader{count: uint8(0)}
serverPrivKey, err := rsa.GetScheme().Generate(notRand, 1024) serverPrivKey, err := oldrsa.GenerateKey(notRand, 1024)
if err != nil { if err != nil {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
"Could not generate key: %v", err.Error()) "Could not generate key: %v", err.Error())
} }
serverPrivKey.GetGoRSA().Precompute() serverPrivKey.Precompute()
publicKey := serverPrivKey.Public() publicKey := serverPrivKey.GetPublic()
if bytes.Compare(publicKey.GetN().Bytes(), expected_N) != 0 { if bytes.Compare(publicKey.GetN().Bytes(), expected_N) != 0 {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
"Bad N value in pre-canned private key."+ "Bad N value in pre-canned private key."+
...@@ -90,14 +91,14 @@ func TestSignVerify_Consistency(t *testing.T) { ...@@ -90,14 +91,14 @@ func TestSignVerify_Consistency(t *testing.T) {
testSalt := make([]byte, 32) testSalt := make([]byte, 32)
copy(testSalt, "salt") copy(testSalt, "salt")
testId, err := xx.NewID(serverPrivKey.Public(), testSalt, id.Node) testId, err := xx.NewID(serverPrivKey.GetPublic(), testSalt, id.Node)
if err != nil { if err != nil {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
"Could not generate a test signature: %v", err) "Could not generate a test signature: %v", err)
} }
// Test the verification // Test the verification
err = Verify(testNow, testTime, serverPrivKey.Public(), testId, err = Verify(testNow, testTime, serverPrivKey.GetPublic(), testId,
testSalt, delta, sig) testSalt, delta, sig)
if err != nil { if err != nil {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
...@@ -145,7 +146,7 @@ func TestSignVerify(t *testing.T) { ...@@ -145,7 +146,7 @@ func TestSignVerify(t *testing.T) {
testSalt := make([]byte, 32) testSalt := make([]byte, 32)
copy(testSalt, "salt") copy(testSalt, "salt")
serverPrivKey, err := rsa.GetScheme().Generate(rand.Reader, 1024) serverPrivKey, err := oldrsa.GenerateKey(rand.Reader, 1024)
if err != nil { if err != nil {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
"Could not generate key: %v", err.Error()) "Could not generate key: %v", err.Error())
...@@ -157,14 +158,14 @@ func TestSignVerify(t *testing.T) { ...@@ -157,14 +158,14 @@ func TestSignVerify(t *testing.T) {
"Could not sign data: %v", err.Error()) "Could not sign data: %v", err.Error())
} }
testId, err := xx.NewID(serverPrivKey.Public(), testSalt, id.Node) testId, err := xx.NewID(serverPrivKey.GetPublic(), testSalt, id.Node)
if err != nil { if err != nil {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
"Could not generate a test signature: %v", err) "Could not generate a test signature: %v", err)
} }
// Test the verification // Test the verification
err = Verify(testNow, testTime, serverPrivKey.Public(), testId, err = Verify(testNow, testTime, serverPrivKey.GetPublic(), testId,
testSalt, delta, sig) testSalt, delta, sig)
if err != nil { if err != nil {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
...@@ -176,7 +177,7 @@ func TestSignVerify(t *testing.T) { ...@@ -176,7 +177,7 @@ func TestSignVerify(t *testing.T) {
// Error path for verify // Error path for verify
func TestVerify_Error(t *testing.T) { func TestVerify_Error(t *testing.T) {
// Set up test // Set up test
serverPrivKey, err := rsa.GetScheme().Generate(rand.Reader, 1024) serverPrivKey, err := oldrsa.GenerateKey(rand.Reader, 1024)
if err != nil { if err != nil {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
"Could not generate key: %v", err.Error()) "Could not generate key: %v", err.Error())
...@@ -202,7 +203,7 @@ func TestVerify_Error(t *testing.T) { ...@@ -202,7 +203,7 @@ func TestVerify_Error(t *testing.T) {
testSalt := make([]byte, 32) testSalt := make([]byte, 32)
copy(testSalt, "salt") copy(testSalt, "salt")
testId, err := xx.NewID(serverPrivKey.Public(), testSalt, id.Node) testId, err := xx.NewID(serverPrivKey.GetPublic(), testSalt, id.Node)
if err != nil { if err != nil {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
"Could not generate a test signature: %v", err) "Could not generate a test signature: %v", err)
...@@ -212,7 +213,7 @@ func TestVerify_Error(t *testing.T) { ...@@ -212,7 +213,7 @@ func TestVerify_Error(t *testing.T) {
delta := 24 * time.Hour * 2 delta := 24 * time.Hour * 2
testNow := signedTime.Add(delta * 3) testNow := signedTime.Add(delta * 3)
// Test the verification // Test the verification
err = Verify(testNow, signedTime, serverPrivKey.Public(), testId, err = Verify(testNow, signedTime, serverPrivKey.GetPublic(), testId,
testSalt, delta, sig) testSalt, delta, sig)
if err == nil { if err == nil {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
...@@ -222,7 +223,7 @@ func TestVerify_Error(t *testing.T) { ...@@ -222,7 +223,7 @@ func TestVerify_Error(t *testing.T) {
// Check when signed timestamp is out of bounds (above the upper bound) // Check when signed timestamp is out of bounds (above the upper bound)
testNow = signedTime.Add(-delta * 3) testNow = signedTime.Add(-delta * 3)
// Test the verification // Test the verification
err = Verify(testNow, signedTime, serverPrivKey.Public(), testId, err = Verify(testNow, signedTime, serverPrivKey.GetPublic(), testId,
testSalt, delta, sig) testSalt, delta, sig)
if err == nil { if err == nil {
t.Fatalf("SignVerify error: "+ t.Fatalf("SignVerify error: "+
...@@ -236,7 +237,7 @@ func TestVerify_Error(t *testing.T) { ...@@ -236,7 +237,7 @@ func TestVerify_Error(t *testing.T) {
badSalt := make([]byte, 32) badSalt := make([]byte, 32)
copy(badSalt, "error") copy(badSalt, "error")
err = Verify(testNow, signedTime, serverPrivKey.Public(), testId, err = Verify(testNow, signedTime, serverPrivKey.GetPublic(), testId,
badSalt, delta, sig) badSalt, delta, sig)
if err == nil { if err == nil {
t.Fatalf("SignVerify error: " + t.Fatalf("SignVerify error: " +
...@@ -245,7 +246,7 @@ func TestVerify_Error(t *testing.T) { ...@@ -245,7 +246,7 @@ func TestVerify_Error(t *testing.T) {
// Trigger failed signature check // Trigger failed signature check
badSig := []byte("signature") badSig := []byte("signature")
err = Verify(testNow, signedTime, serverPrivKey.Public(), testId, err = Verify(testNow, signedTime, serverPrivKey.GetPublic(), testId,
testSalt, delta, badSig) testSalt, delta, badSig)
if err == nil { if err == nil {
t.Fatalf("SignVerify error: " + t.Fatalf("SignVerify error: " +
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment