fix: challenge nonce must be 32 bytes per YAW/2 §5.1
All checks were successful
Build / Build & release (push) Successful in 13m46s
All checks were successful
Build / Build & release (push) Successful in 13m46s
The anchor was sending a 16-byte nonce. The spec (yaw2.0-protocol.md §5.1 and yaw2-implementation.md §7.1) requires 32 bytes. Any spec-conformant peer would fail join signature verification against this anchor, breaking interop. Signature verification was already using the raw nonce bytes (not hex), so only the allocation size needed changing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -155,8 +155,8 @@ func (a *anchor) handleWS(w http.ResponseWriter, r *http.Request) {
|
|||||||
ctx, cancel := context.WithCancel(r.Context())
|
ctx, cancel := context.WithCancel(r.Context())
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
// Send a challenge nonce immediately.
|
// Send a challenge nonce immediately. §5.1 requires 32 bytes.
|
||||||
nonce := make([]byte, 16)
|
nonce := make([]byte, 32)
|
||||||
rand.Read(nonce)
|
rand.Read(nonce)
|
||||||
nonceHex := hex.EncodeToString(nonce)
|
nonceHex := hex.EncodeToString(nonce)
|
||||||
if err := wsjson.Write(ctx, conn, proto.AnchorMessage{
|
if err := wsjson.Write(ctx, conn, proto.AnchorMessage{
|
||||||
|
|||||||
Reference in New Issue
Block a user