forked from cerc-io/plugeth
p2p: validate recovered ephemeral pubkey against checksum in decodeAuthMsg
This commit is contained in:
parent
796c18db93
commit
37efd08b42
16
p2p/rlpx.go
16
p2p/rlpx.go
@ -267,6 +267,10 @@ func initiatorEncHandshake(conn io.ReadWriter, prv *ecdsa.PrivateKey, remoteID d
|
|||||||
}
|
}
|
||||||
|
|
||||||
func newInitiatorHandshake(remoteID discover.NodeID) (*encHandshake, error) {
|
func newInitiatorHandshake(remoteID discover.NodeID) (*encHandshake, error) {
|
||||||
|
rpub, err := remoteID.Pubkey()
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("bad remoteID: %v", err)
|
||||||
|
}
|
||||||
// generate random initiator nonce
|
// generate random initiator nonce
|
||||||
n := make([]byte, shaLen)
|
n := make([]byte, shaLen)
|
||||||
if _, err := rand.Read(n); err != nil {
|
if _, err := rand.Read(n); err != nil {
|
||||||
@ -277,10 +281,6 @@ func newInitiatorHandshake(remoteID discover.NodeID) (*encHandshake, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
rpub, err := remoteID.Pubkey()
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("bad remoteID: %v", err)
|
|
||||||
}
|
|
||||||
h := &encHandshake{
|
h := &encHandshake{
|
||||||
initiator: true,
|
initiator: true,
|
||||||
remoteID: remoteID,
|
remoteID: remoteID,
|
||||||
@ -417,6 +417,14 @@ func decodeAuthMsg(prv *ecdsa.PrivateKey, token []byte, auth []byte) (*encHandsh
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// validate the sha3 of recovered pubkey
|
||||||
|
remoteRandomPubMAC := msg[sigLen : sigLen+shaLen]
|
||||||
|
shaRemoteRandomPub := crypto.Sha3(remoteRandomPub[1:])
|
||||||
|
if !bytes.Equal(remoteRandomPubMAC, shaRemoteRandomPub) {
|
||||||
|
return nil, fmt.Errorf("sha3 of recovered ephemeral pubkey does not match checksum in auth message")
|
||||||
|
}
|
||||||
|
|
||||||
h.remoteRandomPub, _ = importPublicKey(remoteRandomPub)
|
h.remoteRandomPub, _ = importPublicKey(remoteRandomPub)
|
||||||
return h, nil
|
return h, nil
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user