Change nonce prefix key from string to byteslice

letsencrypt · Nov 8, 2024 · 9d3a34f · 9d3a34f
1 parent 6c67032
commit 9d3a34f
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 18 deletions.
diff --git a/cmd/boulder-wfe2/main.go b/cmd/boulder-wfe2/main.go
@@ -304,14 +304,14 @@ func main() {
 		cmd.Fail("'getNonceService' must be configured")
 	}
 
-	var noncePrefixKey string
+	var noncePrefixKey []byte
 	if c.WFE.NonceHMACKey.KeyFile != "" {
-		keyByte, err := c.WFE.NonceHMACKey.Load()
+		noncePrefixKey, err = c.WFE.NonceHMACKey.Load()
 		cmd.FailOnError(err, "Failed to load nonceHMACKey file")
-		noncePrefixKey = string(keyByte)
 	} else if c.WFE.NoncePrefixKey.PasswordFile != "" {
-		noncePrefixKey, err = c.WFE.NoncePrefixKey.Pass()
+		keyString, err := c.WFE.NoncePrefixKey.Pass()
 		cmd.FailOnError(err, "Failed to load noncePrefixKey file")
+		noncePrefixKey = []byte(keyString)
 	} else {
 		cmd.Fail("NonceHMACKey KeyFile or NoncePrefixKey PasswordFile must be set")
 	}

diff --git a/cmd/nonce-service/main.go b/cmd/nonce-service/main.go
@@ -44,7 +44,7 @@ type Config struct {
 	}
 }
 
-func derivePrefix(key string, grpcAddr string) (string, error) {
+func derivePrefix(key []byte, grpcAddr string) (string, error) {
 	host, port, err := net.SplitHostPort(grpcAddr)
 	if err != nil {
 		return "", fmt.Errorf("parsing gRPC listen address: %w", err)
@@ -86,14 +86,14 @@ func main() {
 		c.NonceService.DebugAddr = *debugAddr
 	}
 
-	var key string
+	var key []byte
 	if c.NonceService.NonceHMACKey.KeyFile != "" {
-		keyByte, err := c.NonceService.NonceHMACKey.Load()
+		key, err = c.NonceService.NonceHMACKey.Load()
 		cmd.FailOnError(err, "Failed to load 'nonceHMACKey' file.")
-		key = string(keyByte)
 	} else if c.NonceService.NoncePrefixKey.PasswordFile != "" {
-		key, err = c.NonceService.NoncePrefixKey.Pass()
+		keyString, err := c.NonceService.NoncePrefixKey.Pass()
 		cmd.FailOnError(err, "Failed to load 'noncePrefixKey' file.")
+		key = []byte(keyString)
 	} else {
 		cmd.Fail("NonceHMACKey KeyFile or NoncePrefixKey PasswordFile must be set")
 	}

diff --git a/nonce/nonce.go b/nonce/nonce.go
@@ -55,8 +55,8 @@ type HMACKeyCtxKey struct{}
 // DerivePrefix derives a nonce prefix from the provided listening address and
 // key. The prefix is derived by take the first 8 characters of the base64url
 // encoded HMAC-SHA256 hash of the listening address using the provided key.
-func DerivePrefix(grpcAddr, key string) string {
-	h := hmac.New(sha256.New, []byte(key))
+func DerivePrefix(grpcAddr string, key []byte) string {
+	h := hmac.New(sha256.New, key)
 	h.Write([]byte(grpcAddr))
 	return base64.RawURLEncoding.EncodeToString(h.Sum(nil))[:PrefixLen]
 }

diff --git a/test/integration/nonce_test.go b/test/integration/nonce_test.go
@@ -42,13 +42,12 @@ func TestNonceBalancer_NoBackendMatchingPrefix(t *testing.T) {
 	tlsConfig, err := c.NotWFE.TLS.Load(metrics.NoopRegisterer)
 	test.AssertNotError(t, err, "Could not load TLS config")
 
-	var rncKey string
-	rncKeyByte, err := c.NotWFE.NonceHMACKey.Load()
+	var rncKey []byte
+	rncKey, err = c.NotWFE.NonceHMACKey.Load()
 	if err != nil {
-		rncKey, err = c.NotWFE.NoncePrefixKey.Pass()
+		rncKeyString, err := c.NotWFE.NoncePrefixKey.Pass()
 		test.AssertNotError(t, err, "Failed to load nonceHMACKey or noncePrefixKey")
-	} else {
-		rncKey = string(rncKeyByte)
+		rncKey = []byte(rncKeyString)
 	}
 
 	clk := clock.New()

diff --git a/wfe2/wfe.go b/wfe2/wfe.go
@@ -109,7 +109,7 @@ type WebFrontEndImpl struct {
 	rnc nonce.Redeemer
 	// rncKey is the HMAC key used to derive the prefix of nonce backends used
 	// for nonce redemption.
-	rncKey        string
+	rncKey        []byte
 	accountGetter AccountGetter
 	log           blog.Logger
 	clk           clock.Clock
@@ -194,7 +194,7 @@ func NewWebFrontEndImpl(
 	sac sapb.StorageAuthorityReadOnlyClient,
 	gnc nonce.Getter,
 	rnc nonce.Redeemer,
-	rncKey string,
+	rncKey []byte,
 	accountGetter AccountGetter,
 	limiter *ratelimits.Limiter,
 	txnBuilder *ratelimits.TransactionBuilder,