Commit 8b173f7d authored by Marten Seemann's avatar Marten Seemann

use a prefix when signing the public key

parent 663747aa
...@@ -21,6 +21,7 @@ import ( ...@@ -21,6 +21,7 @@ import (
) )
const certValidityPeriod = 100 * 365 * 24 * time.Hour // ~100 years const certValidityPeriod = 100 * 365 * 24 * time.Hour // ~100 years
const certificatePrefix = "libp2p-tls-handshake:"
var extensionID = getPrefixedExtensionID([]int{1, 1}) var extensionID = getPrefixedExtensionID([]int{1, 1})
...@@ -139,7 +140,7 @@ func getRemotePubKey(chain []*x509.Certificate) (ic.PubKey, error) { ...@@ -139,7 +140,7 @@ func getRemotePubKey(chain []*x509.Certificate) (ic.PubKey, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
valid, err := pubKey.Verify(certKeyPub, sk.Signature) valid, err := pubKey.Verify(append([]byte(certificatePrefix), certKeyPub...), sk.Signature)
if err != nil { if err != nil {
return nil, fmt.Errorf("signature verification failed: %s", err) return nil, fmt.Errorf("signature verification failed: %s", err)
} }
...@@ -163,7 +164,7 @@ func keyToCertificate(sk ic.PrivKey) (*tls.Certificate, error) { ...@@ -163,7 +164,7 @@ func keyToCertificate(sk ic.PrivKey) (*tls.Certificate, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
signature, err := sk.Sign(certKeyPub) signature, err := sk.Sign(append([]byte(certificatePrefix), certKeyPub...))
if err != nil { if err != nil {
return nil, err return nil, err
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment