Further simplify refresh request signing

This commit is contained in:
Tulir Asokan 2023-07-09 18:39:05 +03:00
parent 9b46d5d5bf
commit 5542492a32
5 changed files with 11 additions and 24 deletions

View file

@ -202,7 +202,7 @@ type RegisterRefreshPayload struct {
MessageAuth *AuthMessage `protobuf:"bytes,1,opt,name=messageAuth,proto3" json:"messageAuth,omitempty"` MessageAuth *AuthMessage `protobuf:"bytes,1,opt,name=messageAuth,proto3" json:"messageAuth,omitempty"`
CurrBrowserDevice *Device `protobuf:"bytes,2,opt,name=currBrowserDevice,proto3" json:"currBrowserDevice,omitempty"` CurrBrowserDevice *Device `protobuf:"bytes,2,opt,name=currBrowserDevice,proto3" json:"currBrowserDevice,omitempty"`
UnixTimestamp int64 `protobuf:"varint,3,opt,name=unixTimestamp,proto3" json:"unixTimestamp,omitempty"` UnixTimestamp int64 `protobuf:"varint,3,opt,name=unixTimestamp,proto3" json:"unixTimestamp,omitempty"`
Signature string `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"` Signature []byte `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"`
EmptyRefreshArr *EmptyRefreshArr `protobuf:"bytes,13,opt,name=emptyRefreshArr,proto3" json:"emptyRefreshArr,omitempty"` EmptyRefreshArr *EmptyRefreshArr `protobuf:"bytes,13,opt,name=emptyRefreshArr,proto3" json:"emptyRefreshArr,omitempty"`
MessageType int32 `protobuf:"varint,16,opt,name=messageType,proto3" json:"messageType,omitempty"` MessageType int32 `protobuf:"varint,16,opt,name=messageType,proto3" json:"messageType,omitempty"`
} }
@ -260,11 +260,11 @@ func (x *RegisterRefreshPayload) GetUnixTimestamp() int64 {
return 0 return 0
} }
func (x *RegisterRefreshPayload) GetSignature() string { func (x *RegisterRefreshPayload) GetSignature() []byte {
if x != nil { if x != nil {
return x.Signature return x.Signature
} }
return "" return nil
} }
func (x *RegisterRefreshPayload) GetEmptyRefreshArr() *EmptyRefreshArr { func (x *RegisterRefreshPayload) GetEmptyRefreshArr() *EmptyRefreshArr {
@ -1481,7 +1481,7 @@ var file_messages_proto_rawDesc = []byte{
0x0a, 0x0d, 0x75, 0x6e, 0x69, 0x78, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x0a, 0x0d, 0x75, 0x6e, 0x69, 0x78, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18,
0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x75, 0x6e, 0x69, 0x78, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x75, 0x6e, 0x69, 0x78, 0x54, 0x69, 0x6d, 0x65, 0x73,
0x74, 0x61, 0x6d, 0x70, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72,
0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
0x72, 0x65, 0x12, 0x43, 0x0a, 0x0f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x65, 0x66, 0x72, 0x65, 0x72, 0x65, 0x12, 0x43, 0x0a, 0x0f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x65, 0x66, 0x72, 0x65,
0x73, 0x68, 0x41, 0x72, 0x72, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x41, 0x72, 0x72, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6d, 0x65,
0x73, 0x73, 0x61, 0x67, 0x65, 0x73, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x65, 0x66, 0x72, 0x73, 0x73, 0x61, 0x67, 0x65, 0x73, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x65, 0x66, 0x72,

View file

@ -7,7 +7,7 @@ message RegisterRefreshPayload {
AuthMessage messageAuth = 1; AuthMessage messageAuth = 1;
Device currBrowserDevice = 2; Device currBrowserDevice = 2;
int64 unixTimestamp = 3; int64 unixTimestamp = 3;
string signature = 4; bytes signature = 4;
EmptyRefreshArr emptyRefreshArr = 13; EmptyRefreshArr emptyRefreshArr = 13;
int32 messageType = 16; int32 messageType = 16;
} }

View file

@ -406,8 +406,6 @@ func (c *Client) refreshAuthToken() error {
return fmt.Errorf("failed to refresh auth token: something happened") return fmt.Errorf("failed to refresh auth token: something happened")
} }
c.Logger.Error().Any("expiry", resp.GetTokenData().GetValidFor()).Msg("TACHYON TOKEN VALID FOR")
c.updateTachyonAuthToken(token) c.updateTachyonAuthToken(token)
c.triggerEvent(events.NewAuthTokenRefreshed(token)) c.triggerEvent(events.NewAuthTokenRefreshed(token))
return nil return nil

View file

@ -4,27 +4,16 @@ import (
"crypto/ecdsa" "crypto/ecdsa"
"crypto/rand" "crypto/rand"
"crypto/sha256" "crypto/sha256"
"encoding/base64"
"fmt" "fmt"
) )
func (t *JWK) SignRequest(requestId string, timestamp int64) (string, error) { func (t *JWK) SignRequest(requestID string, timestamp int64) ([]byte, error) {
signBytes := []byte(fmt.Sprintf("%s:%d", requestId, timestamp)) signBytes := sha256.Sum256([]byte(fmt.Sprintf("%s:%d", requestID, timestamp)))
privKey, privErr := t.GetPrivateKey() privKey, privErr := t.GetPrivateKey()
if privErr != nil { if privErr != nil {
return "", privErr return nil, privErr
} }
signature, sigErr := t.sign(privKey, signBytes) return ecdsa.SignASN1(rand.Reader, privKey, signBytes[:])
if sigErr != nil {
return "", sigErr
}
encodedSignature := base64.StdEncoding.EncodeToString(signature)
return encodedSignature, nil
}
func (t *JWK) sign(key *ecdsa.PrivateKey, msg []byte) ([]byte, error) {
hash := sha256.Sum256(msg)
return ecdsa.SignASN1(rand.Reader, key, hash[:])
} }

View file

@ -7,10 +7,10 @@ import (
"go.mau.fi/mautrix-gmessages/libgm/pblite" "go.mau.fi/mautrix-gmessages/libgm/pblite"
) )
func RegisterRefresh(sig string, requestId string, timestamp int64, browser *binary.Device, tachyonAuthToken []byte) ([]byte, error) { func RegisterRefresh(sig []byte, requestID string, timestamp int64, browser *binary.Device, tachyonAuthToken []byte) ([]byte, error) {
payload := &binary.RegisterRefreshPayload{ payload := &binary.RegisterRefreshPayload{
MessageAuth: &binary.AuthMessage{ MessageAuth: &binary.AuthMessage{
RequestID: requestId, RequestID: requestID,
TachyonAuthToken: tachyonAuthToken, TachyonAuthToken: tachyonAuthToken,
ConfigVersion: ConfigMessage, ConfigVersion: ConfigMessage,
}, },