Further simplify refresh request signing
This commit is contained in:
Tulir Asokan
parent
9b46d5d5bf
commit
5542492a32
5 changed files with 11 additions and 24 deletions
|
|
@ -202,7 +202,7 @@ type RegisterRefreshPayload struct {
|
|||
MessageAuth *AuthMessage `protobuf:"bytes,1,opt,name=messageAuth,proto3" json:"messageAuth,omitempty"`
|
||||
CurrBrowserDevice *Device `protobuf:"bytes,2,opt,name=currBrowserDevice,proto3" json:"currBrowserDevice,omitempty"`
|
||||
UnixTimestamp int64 `protobuf:"varint,3,opt,name=unixTimestamp,proto3" json:"unixTimestamp,omitempty"`
|
||||
Signature string `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"`
|
||||
Signature []byte `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"`
|
||||
EmptyRefreshArr *EmptyRefreshArr `protobuf:"bytes,13,opt,name=emptyRefreshArr,proto3" json:"emptyRefreshArr,omitempty"`
|
||||
MessageType int32 `protobuf:"varint,16,opt,name=messageType,proto3" json:"messageType,omitempty"`
|
||||
}
|
||||
|
|
@ -260,11 +260,11 @@ func (x *RegisterRefreshPayload) GetUnixTimestamp() int64 {
|
|||
return 0
|
||||
}
|
||||
|
||||
func (x *RegisterRefreshPayload) GetSignature() string {
|
||||
func (x *RegisterRefreshPayload) GetSignature() []byte {
|
||||
if x != nil {
|
||||
return x.Signature
|
||||
}
|
||||
return ""
|
||||
return nil
|
||||
}
|
||||
|
||||
func (x *RegisterRefreshPayload) GetEmptyRefreshArr() *EmptyRefreshArr {
|
||||
|
|
@ -1481,7 +1481,7 @@ var file_messages_proto_rawDesc = []byte{
|
|||
0x0a, 0x0d, 0x75, 0x6e, 0x69, 0x78, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18,
|
||||
0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x75, 0x6e, 0x69, 0x78, 0x54, 0x69, 0x6d, 0x65, 0x73,
|
||||
0x74, 0x61, 0x6d, 0x70, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72,
|
||||
0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
|
||||
0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
|
||||
0x72, 0x65, 0x12, 0x43, 0x0a, 0x0f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x65, 0x66, 0x72, 0x65,
|
||||
0x73, 0x68, 0x41, 0x72, 0x72, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6d, 0x65,
|
||||
0x73, 0x73, 0x61, 0x67, 0x65, 0x73, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x65, 0x66, 0x72,
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ message RegisterRefreshPayload {
|
|||
AuthMessage messageAuth = 1;
|
||||
Device currBrowserDevice = 2;
|
||||
int64 unixTimestamp = 3;
|
||||
string signature = 4;
|
||||
bytes signature = 4;
|
||||
EmptyRefreshArr emptyRefreshArr = 13;
|
||||
int32 messageType = 16;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -406,8 +406,6 @@ func (c *Client) refreshAuthToken() error {
|
|||
return fmt.Errorf("failed to refresh auth token: something happened")
|
||||
}
|
||||
|
||||
c.Logger.Error().Any("expiry", resp.GetTokenData().GetValidFor()).Msg("TACHYON TOKEN VALID FOR")
|
||||
|
||||
c.updateTachyonAuthToken(token)
|
||||
c.triggerEvent(events.NewAuthTokenRefreshed(token))
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -4,27 +4,16 @@ import (
|
|||
"crypto/ecdsa"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
func (t *JWK) SignRequest(requestId string, timestamp int64) (string, error) {
|
||||
signBytes := []byte(fmt.Sprintf("%s:%d", requestId, timestamp))
|
||||
func (t *JWK) SignRequest(requestID string, timestamp int64) ([]byte, error) {
|
||||
signBytes := sha256.Sum256([]byte(fmt.Sprintf("%s:%d", requestID, timestamp)))
|
||||
|
||||
privKey, privErr := t.GetPrivateKey()
|
||||
if privErr != nil {
|
||||
return "", privErr
|
||||
return nil, privErr
|
||||
}
|
||||
|
||||
signature, sigErr := t.sign(privKey, signBytes)
|
||||
if sigErr != nil {
|
||||
return "", sigErr
|
||||
}
|
||||
encodedSignature := base64.StdEncoding.EncodeToString(signature)
|
||||
return encodedSignature, nil
|
||||
}
|
||||
|
||||
func (t *JWK) sign(key *ecdsa.PrivateKey, msg []byte) ([]byte, error) {
|
||||
hash := sha256.Sum256(msg)
|
||||
return ecdsa.SignASN1(rand.Reader, key, hash[:])
|
||||
return ecdsa.SignASN1(rand.Reader, privKey, signBytes[:])
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,10 +7,10 @@ import (
|
|||
"go.mau.fi/mautrix-gmessages/libgm/pblite"
|
||||
)
|
||||
|
||||
func RegisterRefresh(sig string, requestId string, timestamp int64, browser *binary.Device, tachyonAuthToken []byte) ([]byte, error) {
|
||||
func RegisterRefresh(sig []byte, requestID string, timestamp int64, browser *binary.Device, tachyonAuthToken []byte) ([]byte, error) {
|
||||
payload := &binary.RegisterRefreshPayload{
|
||||
MessageAuth: &binary.AuthMessage{
|
||||
RequestID: requestId,
|
||||
RequestID: requestID,
|
||||
TachyonAuthToken: tachyonAuthToken,
|
||||
ConfigVersion: ConfigMessage,
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in a new issue