ACL Payload validation fix

2023-04-18 11:37:46 +05:00 · 2023-04-18 11:37:46 +05:00 · a2e6fccac6
commit a2e6fccac6
parent 4773eb1d06
2 changed files with 13 additions and 9 deletions
--- a/commonspace/spacestorage/spacestorage.go
+++ b/commonspace/spacestorage/spacestorage.go
@ -88,7 +88,6 @@ func ValidateSpaceStorageCreatePayload(payload SpaceStorageCreatePayload) (err e
 		err = ErrIncorrectSpaceHeader
 		return
 	}
-
 	return
 }

@ -148,7 +147,7 @@ func validateCreateSpaceAclPayload(rawWithId *aclrecordproto.RawAclRecordWithId)
 	if err != nil {
 		return
 	}
-	payloadIdentity, err := crypto.UnmarshalEd25519PublicKey(aclRoot.Identity)
+	payloadIdentity, err := crypto.UnmarshalEd25519PublicKeyProto(aclRoot.Identity)
 	if err != nil {
 		return
 	}
@ -161,8 +160,11 @@ func validateCreateSpaceAclPayload(rawWithId *aclrecordproto.RawAclRecordWithId)
 	if err != nil {
 		return
 	}
-
-	res, err = masterKey.Verify(aclRoot.Identity, aclRoot.IdentitySignature)
+	rawIdentity, err := payloadIdentity.Raw()
+	if err != nil {
+		return
+	}
+	res, err = masterKey.Verify(rawIdentity, aclRoot.IdentitySignature)
 	if err != nil || !res {
 		err = ErrIncorrectSpaceHeader
 		return
--- a/commonspace/spacestorage/spacestorage_test.go
+++ b/commonspace/spacestorage/spacestorage_test.go
@ -215,12 +215,13 @@ func TestFailedAclPayloadSpace_IncorrectSignature(t *testing.T) {
 	require.NoError(t, err)
 	rawIdentity, err := accountKeys.SignKey.GetPublic().Raw()
 	require.NoError(t, err)
+	identity, err := accountKeys.SignKey.GetPublic().Marshall()
 	identitySignature, err := masterKey.Sign(rawIdentity)
 	require.NoError(t, err)
 	rawMasterKey, err := masterKey.GetPublic().Raw()
 	require.NoError(t, err)
 	aclRoot := aclrecordproto.AclRoot{
-		Identity:          rawIdentity,
+		Identity:          identity,
 		MasterKey:         rawMasterKey,
 		SpaceId:           "SpaceId",
 		EncryptedReadKey:  readKey,
@ -264,7 +265,7 @@ func TestFailedAclPayloadSpace_IncorrectIdentitySignature(t *testing.T) {
 		return
 	}
 	masterPubKey := masterKey.GetPublic()
-	rawIdentity, err := accountKeys.SignKey.GetPublic().Raw()
+	identity, err := accountKeys.SignKey.GetPublic().Marshall()
 	if err != nil {
 		return
 	}
@ -273,12 +274,12 @@ func TestFailedAclPayloadSpace_IncorrectIdentitySignature(t *testing.T) {
 		return
 	}
 	aclRoot := aclrecordproto.AclRoot{
-		Identity:          rawIdentity,
+		Identity:          identity,
 		MasterKey:         rawMasterKey,
 		SpaceId:           spaceId,
 		EncryptedReadKey:  readKey,
 		Timestamp:         time.Now().Unix(),
-		IdentitySignature: rawIdentity,
+		IdentitySignature: identity,
 	}
 	marshalled, err := aclRoot.Marshal()
 	if err != nil {
@ -550,6 +551,7 @@ func rawAclWithId(accountKeys *accountdata.AccountKeys, spaceId string) (aclHead
 		return
 	}
 	masterKey, _, err := crypto.GenerateRandomEd25519KeyPair()
+	identity, err := accountKeys.SignKey.GetPublic().Marshall()
 	if err != nil {
 		return
 	}
@ -567,7 +569,7 @@ func rawAclWithId(accountKeys *accountdata.AccountKeys, spaceId string) (aclHead
 		return
 	}
 	aclRoot := aclrecordproto.AclRoot{
-		Identity:          rawIdentity,
+		Identity:          identity,
 		MasterKey:         rawMasterKey,
 		SpaceId:           spaceId,
 		EncryptedReadKey:  readKey,