Merge pull request #26 from libp2p/cert-prefix

use a prefix when signing the public key

Merge pull request #26 from libp2p/cert-prefix
use a prefix when signing the public key
ec3177f9 · Marten Seemann · GitHub · 663747aa · 8b173f7d · ec3177f9
Unverified Commit ec3177f9 authored Apr 07, 2019 by Marten Seemann Committed by GitHub Apr 07, 2019
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

crypto.go crypto.go +3 -2

No files found.
--- a/crypto.go
+++ b/crypto.go
@@ -21,6 +21,7 @@ import (
 )

 const certValidityPeriod = 100 * 365 * 24 * time.Hour // ~100 years
+const certificatePrefix = "libp2p-tls-handshake:"

 var extensionID = getPrefixedExtensionID([]int{1, 1})

@@ -139,7 +140,7 @@ func getRemotePubKey(chain []*x509.Certificate) (ic.PubKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	valid, err := pubKey.Verify(certKeyPub, sk.Signature)
+	valid, err := pubKey.Verify(append([]byte(certificatePrefix), certKeyPub...), sk.Signature)
 	if err != nil {
 		return nil, fmt.Errorf("signature verification failed: %s", err)
 	}
@@ -163,7 +164,7 @@ func keyToCertificate(sk ic.PrivKey) (*tls.Certificate, error) {
 	if err != nil {
 		return nil, err
 	}
-	signature, err := sk.Sign(certKeyPub)
+	signature, err := sk.Sign(append([]byte(certificatePrefix), certKeyPub...))
 	if err != nil {
 		return nil, err
 	}