Skip to content

Commit c2db808

Browse files
ignoramousignoramous
committed
backend/pipkey: export PipMsg
1 parent 82fdb28 commit c2db808

1 file changed

Lines changed: 27 additions & 11 deletions

File tree

intra/backend/ipn_pipkeygen.go

Lines changed: 27 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -66,17 +66,33 @@ type PipKeyProvider interface {
6666
// PipToken is a 32 byte random token for bespoke auth.
6767
type PipToken Gostr
6868

69-
type PipMsg string
69+
type PipMsg Gostr
70+
71+
func pipmsgof(s string) *PipMsg {
72+
if len(s) < minmsgsize {
73+
log.E("pipkey: msgof: invalid msg size; min %d; got %d", minmsgsize, len(s))
74+
return nil
75+
}
76+
// TODO: s must be hex encoded 32 byte string
77+
return &PipMsg{S: s}
78+
}
79+
80+
func (p *PipMsg) v() string {
81+
if p == nil {
82+
return ""
83+
}
84+
return p.S
85+
}
7086

7187
// Opaque returns a 32 byte hex derived from the PipMsg.
72-
func (p PipMsg) Opaque() *Gostr {
73-
oq := hmac256([]byte(pipkeyOpaqueCtx), []byte(p))
88+
func (p *PipMsg) Opaque() *Gostr {
89+
oq := hmac256([]byte(pipkeyOpaqueCtx), hex2byte(p.S))
7490
return StrOf(byte2hex(oq))
7591
}
7692

7793
type PipKey struct {
7894
// hex encoded 32 byte msg (random)
79-
Msg PipMsg
95+
Msg *PipMsg
8096
// hex encoded 256 byte sig (unblinded signature)
8197
Sig string
8298
// hex encoded 32 byte sha256(sig) (msg signature hash)
@@ -93,7 +109,7 @@ type PipKeyState struct {
93109
// hex encoded 48 byte salt (random)
94110
Salt string
95111
// hex encoded 32 byte (client) msg (usually, random)
96-
Msg PipMsg
112+
Msg *PipMsg
97113
}
98114

99115
func newPipKeyState(id, blindMsg, r, salt, msg string) *PipKeyState {
@@ -102,7 +118,7 @@ func newPipKeyState(id, blindMsg, r, salt, msg string) *PipKeyState {
102118
BlindMsg: blindMsg,
103119
R: r,
104120
Salt: salt,
105-
Msg: PipMsg(msg),
121+
Msg: pipmsgof(msg),
106122
}
107123
}
108124

@@ -120,15 +136,15 @@ func NewPipKeyStateFrom(v *Gostr) (*PipKeyState, error) {
120136
if len(parts) == 1 {
121137
// if there's only one part, it's the message
122138
return &PipKeyState{
123-
Msg: PipMsg(parts[0]),
139+
Msg: pipmsgof(parts[0]),
124140
}, nil
125141
} else if len(parts) == 5 {
126142
return &PipKeyState{
127143
Bid: parts[0],
128144
BlindMsg: parts[1],
129145
R: parts[2],
130146
Salt: parts[3],
131-
Msg: PipMsg(parts[4]),
147+
Msg: pipmsgof(parts[4]),
132148
}, nil
133149

134150
}
@@ -151,15 +167,15 @@ func (p *PipKeyState) v() string {
151167
}
152168

153169
if len(p.BlindMsg) != blindsize {
154-
return string(p.Msg) // may be empty, but that's ok
170+
return p.Msg.v()
155171
}
156172

157173
return strings.Join([]string{
158174
p.Bid,
159175
p.BlindMsg,
160176
p.R,
161177
p.Salt,
162-
string(p.Msg),
178+
p.Msg.v(),
163179
},
164180
delim,
165181
)
@@ -394,7 +410,7 @@ func (k *pkgen) finalize(blindSig string) (*PipKey, error) {
394410
hashedsigbytes := sha256sum(sigbytes)
395411

396412
return &PipKey{
397-
Msg: PipMsg(byte2hex(k.msg)),
413+
Msg: pipmsgof(byte2hex(k.msg)),
398414
Sig: byte2hex(sigbytes),
399415
SigHash: byte2hex(hashedsigbytes),
400416
}, nil

0 commit comments

Comments
 (0)