5
0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-11-23 03:11:35 +00:00

Fix #413 by always generating public keys from private ones instead of trusting public keys supplied by config

This commit is contained in:
Neil Alexander 2019-07-16 09:49:28 +01:00
parent a5152f1d44
commit 145a43e5f0
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944
2 changed files with 37 additions and 9 deletions

View File

@ -15,6 +15,7 @@ import (
"crypto/sha512" "crypto/sha512"
"encoding/hex" "encoding/hex"
"golang.org/x/crypto/curve25519"
"golang.org/x/crypto/ed25519" "golang.org/x/crypto/ed25519"
"golang.org/x/crypto/nacl/box" "golang.org/x/crypto/nacl/box"
@ -124,6 +125,15 @@ func Verify(pub *SigPubKey, msg []byte, sig *SigBytes) bool {
return ed25519.Verify(pub[:], msg, sig[:]) return ed25519.Verify(pub[:], msg, sig[:])
} }
func (p SigPrivKey) Public() SigPubKey {
priv := make(ed25519.PrivateKey, ed25519.PrivateKeySize)
copy(priv[:], p[:])
pub := priv.Public().(ed25519.PublicKey)
var sigPub SigPubKey
copy(sigPub[:], pub[:])
return sigPub
}
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
// NaCl-like crypto "box" (curve25519+xsalsa20+poly1305) // NaCl-like crypto "box" (curve25519+xsalsa20+poly1305)
@ -204,6 +214,14 @@ func (n *BoxNonce) Increment() {
} }
} }
func (p BoxPrivKey) Public() BoxPubKey {
var boxPub [BoxPubKeyLen]byte
var boxPriv [BoxPrivKeyLen]byte
copy(boxPriv[:BoxPrivKeyLen], p[:BoxPrivKeyLen])
curve25519.ScalarBaseMult(&boxPub, &boxPriv)
return boxPub
}
// Used to subtract one nonce from another, staying in the range +- 64. // Used to subtract one nonce from another, staying in the range +- 64.
// This is used by the nonce progression machinery to advance the bitmask of recently received packets (indexed by nonce), or to check the appropriate bit of the bitmask. // This is used by the nonce progression machinery to advance the bitmask of recently received packets (indexed by nonce), or to check the appropriate bit of the bitmask.
// It's basically part of the machinery that prevents replays and duplicate packets. // It's basically part of the machinery that prevents replays and duplicate packets.

View File

@ -2,6 +2,7 @@ package yggdrasil
import ( import (
"encoding/hex" "encoding/hex"
"errors"
"io/ioutil" "io/ioutil"
"time" "time"
@ -46,28 +47,37 @@ func (c *Core) init() error {
current, _ := c.config.Get() current, _ := c.config.Get()
boxPubHex, err := hex.DecodeString(current.EncryptionPublicKey)
if err != nil {
return err
}
boxPrivHex, err := hex.DecodeString(current.EncryptionPrivateKey) boxPrivHex, err := hex.DecodeString(current.EncryptionPrivateKey)
if err != nil { if err != nil {
return err return err
} }
sigPubHex, err := hex.DecodeString(current.SigningPublicKey) if len(boxPrivHex) < crypto.BoxPrivKeyLen {
if err != nil { return errors.New("EncryptionPrivateKey is incorrect length")
return err
} }
sigPrivHex, err := hex.DecodeString(current.SigningPrivateKey) sigPrivHex, err := hex.DecodeString(current.SigningPrivateKey)
if err != nil { if err != nil {
return err return err
} }
if len(sigPrivHex) < crypto.SigPrivKeyLen {
return errors.New("SigningPrivateKey is incorrect length")
}
copy(c.boxPub[:], boxPubHex)
copy(c.boxPriv[:], boxPrivHex) copy(c.boxPriv[:], boxPrivHex)
copy(c.sigPub[:], sigPubHex)
copy(c.sigPriv[:], sigPrivHex) copy(c.sigPriv[:], sigPrivHex)
boxPub, sigPub := c.boxPriv.Public(), c.sigPriv.Public()
copy(c.boxPub[:], boxPub[:])
copy(c.sigPub[:], sigPub[:])
if bp := hex.EncodeToString(c.boxPub[:]); current.EncryptionPublicKey != bp {
c.log.Warnln("EncryptionPublicKey in config is incorrect, should be", bp)
}
if sp := hex.EncodeToString(c.sigPub[:]); current.SigningPublicKey != sp {
c.log.Warnln("SigningPublicKey in config is incorrect, should be", sp)
}
c.searches.init(c) c.searches.init(c)
c.dht.init(c) c.dht.init(c)
c.sessions.init(c) c.sessions.init(c)