Skip to content

GitLab

Unverified Commit ec3177f9 authored by Marten Seemann's avatar Marten Seemann Committed by GitHub
Browse files
Options

Merge pull request #26 from libp2p/cert-prefix 

use a prefix when signing the public key
parents 663747aa 8b173f7d
Show whitespace changes
Inline Side-by-side
Showing with 3 additions and 2 deletions
crypto.go
View file @ ec3177f9
...@@ -21,6 +21,7 @@ import ( ...@@ -21,6 +21,7 @@ import (
) )
const certValidityPeriod = 100 * 365 * 24 * time.Hour // ~100 years const certValidityPeriod = 100 * 365 * 24 * time.Hour // ~100 years
const certificatePrefix = "libp2p-tls-handshake:"
var extensionID = getPrefixedExtensionID([]int{1, 1}) var extensionID = getPrefixedExtensionID([]int{1, 1})
...@@ -139,7 +140,7 @@ func getRemotePubKey(chain []*x509.Certificate) (ic.PubKey, error) { ...@@ -139,7 +140,7 @@ func getRemotePubKey(chain []*x509.Certificate) (ic.PubKey, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
valid, err := pubKey.Verify(certKeyPub, sk.Signature) valid, err := pubKey.Verify(append([]byte(certificatePrefix), certKeyPub...), sk.Signature)
if err != nil { if err != nil {
return nil, fmt.Errorf("signature verification failed: %s", err) return nil, fmt.Errorf("signature verification failed: %s", err)
} }
...@@ -163,7 +164,7 @@ func keyToCertificate(sk ic.PrivKey) (*tls.Certificate, error) { ...@@ -163,7 +164,7 @@ func keyToCertificate(sk ic.PrivKey) (*tls.Certificate, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
signature, err := sk.Sign(certKeyPub) signature, err := sk.Sign(append([]byte(certificatePrefix), certKeyPub...))
if err != nil { if err != nil {
return nil, err return nil, err
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment