ops/terraform-provider-tor
3
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix incorrect RSA identity key fingerprint generation

Browse source 
The fingerprint calculation was using PKIX encoding instead of the
required PKCS1 DER encoding for RSA public keys. This affected both
the relay identity resource and obfs4 node ID derivation.

- Use x509.MarshalPKCS1PublicKey instead of x509.MarshalPKIXPublicKey
- Add test case with known fingerprint vector to prevent regression
- Update both generateFingerprints and deriveNodeIdFromRsaKey functions

fixes #2
This commit is contained in:
Abel Luck 2025-09-10 13:01:01 +02:00
parent 005634ff1c
commit 83df31ec80
5 changed files with 45 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

6
internal/provider/tor_obfs4_state_resource.go
View file

@ -406,11 +406,7 @@ func (r *TorObfs4StateResource) deriveNodeIdFromRsaKey(rsaPrivateKeyPem string)
return nil, fmt.Errorf("failed to parse RSA private key: %w", err)
}
// Extract the public key and encode it
publicKeyBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey)
if err != nil {
return nil, fmt.Errorf("failed to marshal public key: %w", err)
}
publicKeyBytes := x509.MarshalPKCS1PublicKey(&privateKey.PublicKey)
// Generate SHA1 hash of public key (this is the relay fingerprint/node ID)
hash := sha1.Sum(publicKeyBytes)