Include a copy of the nonce value separately from the GPG signature, so

it isn't necessary for the client to parse it. Subversion-branch: /master Subversion-revision: 2517
2025-02-16 08:31:00 +00:00 · 2012-08-04 02:02:13 +00:00 · 2012-08-04 02:02:13 +00:00 · 9cea863e5d
commit 9cea863e5d
parent 6d2987c286
3 changed files with 16 additions and 8 deletions
--- a/7
+++ b/7
@ -316,9 +316,12 @@ class MasterServer:
            return

        # Generate start message and send it back.
-        signature = self.signer.sign_start_message()
+        # The nonce also gets sent in a separate field, so the client
+        # doesn't have to parse the signature to get it out.
+        nonce, signature = self.signer.sign_start_message()
+        packet = nonce + signature
        self.send_message(addr, NET_MASTER_PACKET_TYPE_SIGN_START_RESPONSE,
-                          signature)
+                          packet)

    def sign_end_message(self, data, addr):
        """ Generate a signed end message and return to the client. """
--- a/chocolate-master-test.py
+++ b/chocolate-master-test.py
@ -184,7 +184,10 @@ def sign_start(addr_str):

    response = get_response(sock, addr,
                            NET_MASTER_PACKET_TYPE_SIGN_START_RESPONSE)
-    print response
+    nonce = response[0:16]
+    signature = response[16:]
+    print "Binary nonce: %s" % ("".join(map(lambda x: "%02x" % ord(x), nonce)))
+    print signature

 def sign_end(addr_str):
    """ Request a signed end message from the server. """
--- a/secure_demo.py
+++ b/secure_demo.py
@ -53,9 +53,8 @@ class SecureSigner(object):
        self.key = self.context.get_key(key)
        self.context.signers = [ self.key ]

-    def _generate_start_message(self):
+    def _generate_start_message(self, nonce):
        """Generate the plaintext used for a start message."""
-        nonce = os.urandom(NONCE_SIZE)
        return "\n".join([
            "Start-Time: %s" % now_string(),
            "Nonce: %s" % bin_to_hex(nonce),
@ -69,8 +68,9 @@ class SecureSigner(object):

    def sign_start_message(self):
        """Generate a new signed start message with a random nonce value."""
-        message = self._generate_start_message()
-        return self._sign_plaintext_message(message)
+        nonce = os.urandom(NONCE_SIZE)
+        message = self._generate_start_message(nonce)
+        return (nonce, self._sign_plaintext_message(message))

    def _verify_signature(self, result):
        """Check the results of a verify operation."""
@ -133,7 +133,9 @@ if __name__ == "__main__":

    signer = SecureSigner(sys.argv[2])
    if sys.argv[1] == "start":
-        print signer.sign_start_message()
+        nonce, start_message = signer.sign_start_message()
+        print "Nonce: %s" % bin_to_hex(nonce)
+        print start_message
    elif sys.argv[1] == "end":
        start_message = sys.stdin.read()
        fake_checksum = "3vism1idm4ibmaJ3nF1f"