diff options
| author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-07-20 13:27:25 +0200 |
|---|---|---|
| committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-07-20 13:27:25 +0200 |
| commit | ee5c19e9edf7e4e0959becc99e97606d9e6de041 (patch) | |
| tree | dc05c1626c2e9a165da7078739fe0773f540b0b9 | |
| parent | bec18e5abf34fbaef97aec8372934a27bdc15e7f (diff) | |
| download | taler-mailbox-ee5c19e9edf7e4e0959becc99e97606d9e6de041.tar.gz taler-mailbox-ee5c19e9edf7e4e0959becc99e97606d9e6de041.tar.bz2 taler-mailbox-ee5c19e9edf7e4e0959becc99e97606d9e6de041.zip | |
| -rw-r--r-- | pkg/rest/mailbox.go | 44 |
1 files changed, 24 insertions, 20 deletions
diff --git a/pkg/rest/mailbox.go b/pkg/rest/mailbox.go index 1299389..afab7db 100644 --- a/pkg/rest/mailbox.go +++ b/pkg/rest/mailbox.go @@ -266,6 +266,29 @@ func (m *Mailbox) deleteMessagesResponse(w http.ResponseWriter, r *http.Request) w.WriteHeader(http.StatusBadRequest) return } + checksum, err := gnunetutil.DecodeStringToBinary(msg.Checksum, 64) + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + return + } + pk := ed25519.PublicKey(pkey) + sig, err := gnunetutil.DecodeStringToBinary(msg.WalletSig, 64) + if nil != err { + w.WriteHeader(http.StatusForbidden) + return + } + var signed_msg bytes.Buffer + size := make([]byte, 4) + binary.BigEndian.PutUint32(size, 64+4+4) + purp := make([]byte, 4) + binary.BigEndian.PutUint32(purp, 23) // FIXME purpose + signed_msg.Write(size) + signed_msg.Write(purp) + signed_msg.Write(checksum) + if !ed25519.Verify(pk, signed_msg.Bytes(), sig) { + w.WriteHeader(http.StatusForbidden) + return + } h := sha512.New() h.Write(pkey) h_mailbox := gnunetutil.EncodeBinaryToString(h.Sum(nil)) @@ -293,29 +316,10 @@ func (m *Mailbox) deleteMessagesResponse(w http.ResponseWriter, r *http.Request) h_all.Write(eph) h_all.Write(body) } - h_all_s := gnunetutil.EncodeBinaryToString(h_all.Sum(nil)) - if h_all_s != msg.Checksum { + if 0 != bytes.Compare(h_all.Sum(nil), checksum) { w.WriteHeader(http.StatusNotFound) return } - pk := ed25519.PublicKey(pkey) - sig, err := gnunetutil.DecodeStringToBinary(msg.WalletSig, 64) - if nil != err { - w.WriteHeader(http.StatusForbidden) - return - } - var signed_msg bytes.Buffer - size := make([]byte, 4) - binary.BigEndian.PutUint32(size, 64+4+4) - purp := make([]byte, 4) - binary.BigEndian.PutUint32(purp, 23) // FIXME purpose - signed_msg.Write(size) - signed_msg.Write(purp) - signed_msg.Write(h_all.Sum(nil)) - if !ed25519.Verify(pk, signed_msg.Bytes(), sig) { - w.WriteHeader(http.StatusForbidden) - return - } m.Db.Delete(&entries) w.WriteHeader(http.StatusNoContent) } |