Skip to content

Commit

Permalink
Merge pull request #26 from libp2p/cert-prefix
Browse files Browse the repository at this point in the history 
use a prefix when signing the public key
  • Loading branch information
@marten-seemann
marten-seemann committed Apr 7, 2019
2 parents 5f29402 + 2b073e1 commit d8bd9ab
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions p2p/security/tls/crypto.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
)

const certValidityPeriod = 100 * 365 * 24 * time.Hour // ~100 years
const certificatePrefix = "libp2p-tls-handshake:"

var extensionID = getPrefixedExtensionID([]int{1, 1})

Expand Down Expand Up @@ -139,7 +140,7 @@ func getRemotePubKey(chain []*x509.Certificate) (ic.PubKey, error) {
if err != nil {
return nil, err
}
valid, err := pubKey.Verify(certKeyPub, sk.Signature)
valid, err := pubKey.Verify(append([]byte(certificatePrefix), certKeyPub...), sk.Signature)
if err != nil {
return nil, fmt.Errorf("signature verification failed: %s", err)
}
Expand All @@ -163,7 +164,7 @@ func keyToCertificate(sk ic.PrivKey) (*tls.Certificate, error) {
if err != nil {
return nil, err
}
signature, err := sk.Sign(certKeyPub)
signature, err := sk.Sign(append([]byte(certificatePrefix), certKeyPub...))
if err != nil {
return nil, err
}
Expand Down

0 comments on commit d8bd9ab

Please sign in to comment.