Skip to content

Commit

Permalink
Bugfix: "Malformed Public Key" Error
Browse files Browse the repository at this point in the history
This commit fixed the notoriously annoying "Malformed Public Key"
problem. The issue was that sometimes the byte representation of
the points (x,y in big.Int) generated would be one less byte than
expected. This is simply because (* big.Int) Write uses the least
amount of bytes needed for the int.

I instead changed the marshalling/unmarshalling to do exactly
what stdlib crypto/tls does: use `ellipctic.Marshal` which marshals
according to the ANSI X9.62 standard.

http://golang.org/pkg/crypto/elliptic/#Marshal
http://golang.org/src/pkg/crypto/tls/key_agreement.go#L214

```Go
// crypto/tls
ka.privateKey, x, y, err = elliptic.GenerateKey(ka.curve, config.rand())
ecdhePublic := elliptic.Marshal(ka.curve, x, y)

// ipfs/crypto
priv, x, y, err := elliptic.GenerateKey(curve, rand.Reader)
pubKey := elliptic.Marshal(curve, x, y)
```

((Warning: we're using `rand.Reader` directly, which we shouldn't
do, as it can be seeded. We should use a configured source, as
crypto/tls. Flagged in #143))

This makes me think we should re-use a lot of their datastructures
and functions directly (e.g. ecdheKeyAgreement)

Fixed: #135

cc @Bren2010 @whyrusleeping
  • Loading branch information
jbenet committed Oct 5, 2014
1 parent d7d3af3 commit 5136c78
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 19 deletions.
23 changes: 6 additions & 17 deletions crypto/key.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import (
"crypto/sha256"
"crypto/sha512"
"hash"
"math/big"

"github.com/jbenet/go-ipfs/Godeps/_workspace/src/code.google.com/p/goprotobuf/proto"

Expand Down Expand Up @@ -97,26 +96,16 @@ func GenerateEKeyPair(curveName string) ([]byte, GenSharedKey, error) {
return nil, nil, err
}

var pubKey bytes.Buffer
pubKey.Write(x.Bytes())
pubKey.Write(y.Bytes())
pubKey := elliptic.Marshal(curve, x, y)
u.PErr("GenerateEKeyPair %d\n", len(pubKey))

done := func(theirPub []byte) ([]byte, error) {
// Verify and unpack node's public key.
curveSize := curve.Params().BitSize

if len(theirPub) != (curveSize / 4) {
u.PErr("Malformed public key: %v", theirPub)
return nil, fmt.Errorf("Malformed public key: %v != %v", len(theirPub), (curveSize / 4))
x, y := elliptic.Unmarshal(curve, theirPub)
if x == nil {
return nil, fmt.Errorf("Malformed public key: %d %v", len(theirPub), theirPub)
}

bound := (curveSize / 8)
x := big.NewInt(0)
y := big.NewInt(0)

x.SetBytes(theirPub[0:bound])
y.SetBytes(theirPub[bound : bound*2])

if !curve.IsOnCurve(x, y) {
return nil, errors.New("Invalid public key.")
}
Expand All @@ -127,7 +116,7 @@ func GenerateEKeyPair(curveName string) ([]byte, GenSharedKey, error) {
return secret.Bytes(), nil
}

return pubKey.Bytes(), done, nil
return pubKey, done, nil
}

// Generates a set of keys for each party by stretching the shared key.
Expand Down
4 changes: 2 additions & 2 deletions crypto/spipe/handshake.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ func (s *SecurePipe) handshake() error {
}

// u.POut("Selected %s %s %s\n", exchange, cipherType, hashType)
epubkey, done, err := ci.GenerateEKeyPair(exchange) // Generate EphemeralPubKey
epubkey, genSharedKey, err := ci.GenerateEKeyPair(exchange) // Generate EphemeralPubKey

var handshake bytes.Buffer // Gather corpus to sign.
handshake.Write(encoded)
Expand Down Expand Up @@ -173,7 +173,7 @@ func (s *SecurePipe) handshake() error {
return errors.New("Bad signature!")
}

secret, err := done(exchangeResp.GetEpubkey())
secret, err := genSharedKey(exchangeResp.GetEpubkey())
if err != nil {
return err
}
Expand Down

1 comment on commit 5136c78

@whyrusleeping
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So happy about this.

Please sign in to comment.