ProjectSegfault/go-away
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

context: add ip prefix on keyed cookie

Browse Source
This commit is contained in:
WeebDataHoarder
2025-04-27 17:37:34 +02:00
parent 62ece572d9
commit 06c363e55a
2 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/challenge/data.go
View File

@@ -91,9 +91,11 @@ func CreateRequestData(r *http.Request, state StateInterface) (*http.Request, *R
sum := sha256.New() sum := sha256.New()
sum.Write([]byte(r.Host)) sum.Write([]byte(r.Host))
sum.Write([]byte{0}) sum.Write([]byte{0})
sum.Write(data.NetworkPrefix().AsSlice())
sum.Write([]byte{0})
sum.Write(state.PublicKey()) sum.Write(state.PublicKey())
sum.Write([]byte{0}) sum.Write([]byte{0})
data.CookiePrefix = utils.CookiePrefix + hex.EncodeToString(sum.Sum(nil)[:4]) + "-" data.CookiePrefix = utils.CookiePrefix + hex.EncodeToString(sum.Sum(nil)[:6]) + "-"
r = r.WithContext(context.WithValue(r.Context(), requestDataContextKey{}, &data)) r = r.WithContext(context.WithValue(r.Context(), requestDataContextKey{}, &data))
r = utils.SetRemoteAddress(r, data.RemoteAddress) r = utils.SetRemoteAddress(r, data.RemoteAddress)
@@ -129,6 +131,19 @@ func (d *RequestData) Parent() cel.Activation {
return nil return nil
} }
func (d *RequestData) NetworkPrefix() netip.Addr {
address := d.RemoteAddress.Addr().Unmap()
if address.Is4() {
// Take a /24 for IPv4
prefix, _ := address.Prefix(24)
return prefix.Addr()
} else {
// Take a /64 for IPv6
prefix, _ := address.Prefix(64)
return prefix.Addr()
}
}
func (d *RequestData) SetOpt(n, v string) { func (d *RequestData) SetOpt(n, v string) {
d.opts[n] = v d.opts[n] = v
} }

14
lib/challenge/key.go
View File

@@ -42,22 +42,12 @@ func KeyFromString(s string) (Key, error) {
func GetChallengeKeyForRequest(state StateInterface, reg *Registration, until time.Time, r *http.Request) Key { func GetChallengeKeyForRequest(state StateInterface, reg *Registration, until time.Time, r *http.Request) Key {
data := RequestDataFromContext(r.Context()) data := RequestDataFromContext(r.Context())
address := data.RemoteAddress.Addr().Unmap()
var keyAddr [16]byte
if address.Is4() {
// Take a /24 for IPv4
prefix, _ := address.Prefix(24)
keyAddr = prefix.Addr().As16()
} else {
// Take a /64 for IPv6
prefix, _ := address.Prefix(64)
keyAddr = prefix.Addr().As16()
}
hasher := sha256.New() hasher := sha256.New()
hasher.Write([]byte("challenge\x00")) hasher.Write([]byte("challenge\x00"))
hasher.Write([]byte(reg.Name)) hasher.Write([]byte(reg.Name))
hasher.Write([]byte{0}) hasher.Write([]byte{0})
keyAddr := data.NetworkPrefix().As16()
hasher.Write(keyAddr[:]) hasher.Write(keyAddr[:])
hasher.Write([]byte{0}) hasher.Write([]byte{0})
@@ -83,7 +73,7 @@ func GetChallengeKeyForRequest(state StateInterface, reg *Registration, until ti
sum[0] = 0 sum[0] = 0
if address.Is4() { if data.RemoteAddress.Addr().Unmap().Is4() {
// Is IPv4, mark // Is IPv4, mark
sum.Set(KeyFlagIsIPv4) sum.Set(KeyFlagIsIPv4)
} }