p2p: validate recovered ephemeral pubkey against checksum in decodeAuthMsg

This commit is contained in:
Ethan Buchman 2015-07-14 02:21:02 +00:00
parent 796c18db93
commit 37efd08b42

View File

@ -267,6 +267,10 @@ func initiatorEncHandshake(conn io.ReadWriter, prv *ecdsa.PrivateKey, remoteID d
} }
func newInitiatorHandshake(remoteID discover.NodeID) (*encHandshake, error) { func newInitiatorHandshake(remoteID discover.NodeID) (*encHandshake, error) {
rpub, err := remoteID.Pubkey()
if err != nil {
return nil, fmt.Errorf("bad remoteID: %v", err)
}
// generate random initiator nonce // generate random initiator nonce
n := make([]byte, shaLen) n := make([]byte, shaLen)
if _, err := rand.Read(n); err != nil { if _, err := rand.Read(n); err != nil {
@ -277,10 +281,6 @@ func newInitiatorHandshake(remoteID discover.NodeID) (*encHandshake, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
rpub, err := remoteID.Pubkey()
if err != nil {
return nil, fmt.Errorf("bad remoteID: %v", err)
}
h := &encHandshake{ h := &encHandshake{
initiator: true, initiator: true,
remoteID: remoteID, remoteID: remoteID,
@ -417,6 +417,14 @@ func decodeAuthMsg(prv *ecdsa.PrivateKey, token []byte, auth []byte) (*encHandsh
if err != nil { if err != nil {
return nil, err return nil, err
} }
// validate the sha3 of recovered pubkey
remoteRandomPubMAC := msg[sigLen : sigLen+shaLen]
shaRemoteRandomPub := crypto.Sha3(remoteRandomPub[1:])
if !bytes.Equal(remoteRandomPubMAC, shaRemoteRandomPub) {
return nil, fmt.Errorf("sha3 of recovered ephemeral pubkey does not match checksum in auth message")
}
h.remoteRandomPub, _ = importPublicKey(remoteRandomPub) h.remoteRandomPub, _ = importPublicKey(remoteRandomPub)
return h, nil return h, nil
} }