personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-02-15 09:14:23 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Ensure pubkey coherency when rehydrating a handshake cert (#1566)

Browse Source 
* Ensure pubkey coherency when rehydrating a handshake cert
* Include a check during handshakes after cert verification that the noise pubkey matches the cert pubkey.
This commit is contained in:
brad-defined
2026-01-09 09:52:03 -05:00
committed by GitHub
parent 3ec527e42c
commit 2f71d6b22d
7 changed files with 142 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cert/cert.go
View File

@@ -119,6 +119,7 @@ func (cc *CachedCertificate) String() string {
// Recombine will attempt to unmarshal a certificate received in a handshake.
// Handshakes save space by placing the peers public key in a different part of the packet, we have to
// reassemble the actual certificate structure with that in mind.
// Implementations MUST assert the public key is not in the raw certificate bytes if the passed in public key is not empty.
func Recombine(v Version, rawCertBytes, publicKey []byte, curve Curve) (Certificate, error) {
if publicKey == nil {
return nil, ErrNoPeerStaticKey