Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proto.Marshal() is not a stable form of serialization #51

Closed
melzhan opened this issue Sep 26, 2023 · 1 comment
Closed

proto.Marshal() is not a stable form of serialization #51

melzhan opened this issue Sep 26, 2023 · 1 comment

Comments

@melzhan
Copy link
Contributor

melzhan commented Sep 26, 2023

Proto serialization is not stable in client.go. See [the note in the Marshal() documentation] (http://google3/third_party/golang/protobuf/v2/proto/encode.go;l=74;rcl=563382740).

There's no guarantee that the Marshal() result here will match byte-for-byte what was used to produce the signature.
The recommended approach is described at go/protobuf-crypto#authenticating (i.e. store the signed serialized data and verify the signature before deserializing).
@gmacf gmacf linked a pull request Oct 4, 2023 that will close this issue
Store serialized signed response instead of SignedResponse message. #66
Closed
@gmacf
Copy link
Contributor

gmacf commented Oct 24, 2023

Fixed in #78

@gmacf gmacf closed this as completed Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Store serialized signed response instead of SignedResponse message. gmacf/bootz
2 participants
@gmacf @melzhan