Ensure pubkey coherency when rehydrating a handshake cert (#1566)

* Ensure pubkey coherency when rehydrating a handshake cert * Include a check during handshakes after cert verification that the noise pubkey matches the cert pubkey.
2026-02-14 08:44:24 +01:00 · 2026-01-09 09:52:03 -05:00
parent 3ec527e42c
commit 2f71d6b22d
7 changed files with 142 additions and 5 deletions
--- a/cert/cert_v1.go
+++ b/cert/cert_v1.go
@@ -426,7 +426,7 @@ func unmarshalCertificateV1(b []byte, publicKey []byte) (*certificateV1, error)
 			unsafeNetworks: make([]netip.Prefix, len(rc.Details.Subnets)/2),
 			notBefore:      time.Unix(rc.Details.NotBefore, 0),
 			notAfter:       time.Unix(rc.Details.NotAfter, 0),
-			publicKey:      make([]byte, len(rc.Details.PublicKey)),
+			publicKey:      nil,
 			isCA:           rc.Details.IsCA,
 			curve:          rc.Details.Curve,
 		},
@@ -437,12 +437,19 @@ func unmarshalCertificateV1(b []byte, publicKey []byte) (*certificateV1, error)
 	copy(nc.details.groups, rc.Details.Groups)
 	nc.details.issuer = hex.EncodeToString(rc.Details.Issuer)

+	// If a public key is passed in as an argument, the certificate pubkey must be empty
+	// and the passed-in pubkey copied into the cert.
 	if len(publicKey) > 0 {
-		nc.details.publicKey = publicKey
+		if len(rc.Details.PublicKey) != 0 {
+			return nil, ErrCertPubkeyPresent
+		}
+		nc.details.publicKey = make([]byte, len(publicKey))
+		copy(nc.details.publicKey, publicKey)
+	} else {
+		nc.details.publicKey = make([]byte, len(rc.Details.PublicKey))
+		copy(nc.details.publicKey, rc.Details.PublicKey)
 	}

-	copy(nc.details.publicKey, rc.Details.PublicKey)
-
 	var ip netip.Addr
 	for i, rawIp := range rc.Details.Ips {
 		if i%2 == 0 {