Skip to content

Commit

Permalink
Replace math/rand with crypto/rand for generating challenge (Layr…
Browse files Browse the repository at this point in the history 
…-Labs#829)
  • Loading branch information
@ian-shim
ian-shim committed Oct 25, 2024
1 parent 27f55f0 commit 88a2ca8
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions disperser/apiserver/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@ package apiserver

import (
"context"
"crypto/rand"
"encoding/binary"
"errors"
"fmt"
"math/rand"
"net"
"slices"
"strings"
Expand Down Expand Up @@ -146,7 +147,14 @@ func (s *DispersalServer) DisperseBlobAuthenticated(stream pb.Disperser_Disperse
authenticatedAddress := crypto.PubkeyToAddress(*pubKey).String()

// Send back challenge to client
challenge := rand.Uint32()
challengeBytes := make([]byte, 32)
_, err = rand.Read(challengeBytes)
if err != nil {
s.metrics.HandleInvalidArgRpcRequest("DisperseBlobAuthenticated")
s.metrics.HandleInvalidArgRequest("DisperseBlobAuthenticated")
return api.NewInvalidArgError(fmt.Sprintf("failed to generate challenge: %v", err))
}
challenge := binary.LittleEndian.Uint32(challengeBytes)
err = stream.Send(&pb.AuthenticatedReply{Payload: &pb.AuthenticatedReply_BlobAuthHeader{
BlobAuthHeader: &pb.BlobAuthHeader{
ChallengeParameter: challenge,
Expand Down

0 comments on commit 88a2ca8

Please sign in to comment.