From a2e6fccac6373900fe9a60db675ef4f7960d61df Mon Sep 17 00:00:00 2001 From: Dmitry Bilienko Date: Tue, 18 Apr 2023 11:37:46 +0500 Subject: [PATCH] ACL Payload validation fix --- commonspace/spacestorage/spacestorage.go | 10 ++++++---- commonspace/spacestorage/spacestorage_test.go | 12 +++++++----- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/commonspace/spacestorage/spacestorage.go b/commonspace/spacestorage/spacestorage.go index 822e9a48..ebd4b68d 100644 --- a/commonspace/spacestorage/spacestorage.go +++ b/commonspace/spacestorage/spacestorage.go @@ -88,7 +88,6 @@ func ValidateSpaceStorageCreatePayload(payload SpaceStorageCreatePayload) (err e err = ErrIncorrectSpaceHeader return } - return } @@ -148,7 +147,7 @@ func validateCreateSpaceAclPayload(rawWithId *aclrecordproto.RawAclRecordWithId) if err != nil { return } - payloadIdentity, err := crypto.UnmarshalEd25519PublicKey(aclRoot.Identity) + payloadIdentity, err := crypto.UnmarshalEd25519PublicKeyProto(aclRoot.Identity) if err != nil { return } @@ -161,8 +160,11 @@ func validateCreateSpaceAclPayload(rawWithId *aclrecordproto.RawAclRecordWithId) if err != nil { return } - - res, err = masterKey.Verify(aclRoot.Identity, aclRoot.IdentitySignature) + rawIdentity, err := payloadIdentity.Raw() + if err != nil { + return + } + res, err = masterKey.Verify(rawIdentity, aclRoot.IdentitySignature) if err != nil || !res { err = ErrIncorrectSpaceHeader return diff --git a/commonspace/spacestorage/spacestorage_test.go b/commonspace/spacestorage/spacestorage_test.go index 1b4f9da6..8243291e 100644 --- a/commonspace/spacestorage/spacestorage_test.go +++ b/commonspace/spacestorage/spacestorage_test.go @@ -215,12 +215,13 @@ func TestFailedAclPayloadSpace_IncorrectSignature(t *testing.T) { require.NoError(t, err) rawIdentity, err := accountKeys.SignKey.GetPublic().Raw() require.NoError(t, err) + identity, err := accountKeys.SignKey.GetPublic().Marshall() identitySignature, err := masterKey.Sign(rawIdentity) require.NoError(t, err) rawMasterKey, err := masterKey.GetPublic().Raw() require.NoError(t, err) aclRoot := aclrecordproto.AclRoot{ - Identity: rawIdentity, + Identity: identity, MasterKey: rawMasterKey, SpaceId: "SpaceId", EncryptedReadKey: readKey, @@ -264,7 +265,7 @@ func TestFailedAclPayloadSpace_IncorrectIdentitySignature(t *testing.T) { return } masterPubKey := masterKey.GetPublic() - rawIdentity, err := accountKeys.SignKey.GetPublic().Raw() + identity, err := accountKeys.SignKey.GetPublic().Marshall() if err != nil { return } @@ -273,12 +274,12 @@ func TestFailedAclPayloadSpace_IncorrectIdentitySignature(t *testing.T) { return } aclRoot := aclrecordproto.AclRoot{ - Identity: rawIdentity, + Identity: identity, MasterKey: rawMasterKey, SpaceId: spaceId, EncryptedReadKey: readKey, Timestamp: time.Now().Unix(), - IdentitySignature: rawIdentity, + IdentitySignature: identity, } marshalled, err := aclRoot.Marshal() if err != nil { @@ -550,6 +551,7 @@ func rawAclWithId(accountKeys *accountdata.AccountKeys, spaceId string) (aclHead return } masterKey, _, err := crypto.GenerateRandomEd25519KeyPair() + identity, err := accountKeys.SignKey.GetPublic().Marshall() if err != nil { return } @@ -567,7 +569,7 @@ func rawAclWithId(accountKeys *accountdata.AccountKeys, spaceId string) (aclHead return } aclRoot := aclrecordproto.AclRoot{ - Identity: rawIdentity, + Identity: identity, MasterKey: rawMasterKey, SpaceId: spaceId, EncryptedReadKey: readKey,