Uni/CSI-ES-2324
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[PD1] changed the order of signature and content

Browse source
This commit is contained in:
Tiago Sousa 2024-04-22 19:30:43 +01:00
parent fb7a728aa4
commit 0c9ef6122e
Signed by: tiago
SSH key fingerprint: SHA256:odOD9vln9U7qNe1R8o3UCbE3jkQCkr5/q5mgd5hwua0
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Projs/PD1/internal/utils/cryptoUtils/cryptoUtils.go
View file

@ -160,11 +160,13 @@ func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content
// sign the message and append the signature // sign the message and append the signature
hashedContent := sha256.Sum256(content) hashedContent := sha256.Sum256(content)
// NOTE: in this case the sign then encrypt method is used
// but should it be used over the encrypt then sign method?
signature, err := rsa.SignPKCS1v15(nil, k.privKey, crypto.SHA256, hashedContent[:]) signature, err := rsa.SignPKCS1v15(nil, k.privKey, crypto.SHA256, hashedContent[:])
if err != nil { if err != nil {
log.Panicln("Could not create content signature: ", err) log.Panicln("Could not create content signature: ", err)
} }
content = pair(content, signature) content = pair(signature, content)
ciphertext := cipher.Seal(nonce, nonce, content, nil) ciphertext := cipher.Seal(nonce, nonce, content, nil)
// crypto/rand.Reader is a good source of entropy for randomizing the // crypto/rand.Reader is a good source of entropy for randomizing the
@ -196,7 +198,7 @@ func (k KeyStore) DecryptMessageContent(senderCert *x509.Certificate, cipherCont
log.Panicln("Could not decrypt ciphertext: ", err) log.Panicln("Could not decrypt ciphertext: ", err)
} }
// check signature with sender public key // check signature with sender public key
content, signature := unPair(contentAndSig) signature, content:= unPair(contentAndSig)
hashedContent := sha256.Sum256(content) hashedContent := sha256.Sum256(content)
senderKey := senderCert.PublicKey.(*rsa.PublicKey) senderKey := senderCert.PublicKey.(*rsa.PublicKey)
if err := rsa.VerifyPKCS1v15(senderKey, crypto.SHA256, hashedContent[:], signature); err != nil { if err := rsa.VerifyPKCS1v15(senderKey, crypto.SHA256, hashedContent[:], signature); err != nil {