Don't allow providing original key shares once we've moved on to verification
This commit is contained in:
parent
4464c3a65f
commit
0b4ead52a0
|
@ -327,6 +327,10 @@ func (c *Core) BarrierRekeyUpdate(ctx context.Context, key []byte, nonce string)
|
|||
return nil, logical.CodedError(http.StatusBadRequest, "no barrier rekey in progress")
|
||||
}
|
||||
|
||||
if len(c.barrierRekeyConfig.VerificationKey) > 0 {
|
||||
return nil, logical.CodedError(http.StatusBadRequest, fmt.Sprintf("rekey operation already finished; verification must be performed; nonce for the verification operation is %q", c.barrierRekeyConfig.VerificationNonce))
|
||||
}
|
||||
|
||||
if nonce != c.barrierRekeyConfig.Nonce {
|
||||
return nil, logical.CodedError(http.StatusBadRequest, fmt.Sprintf("incorrect nonce supplied; nonce for this rekey operation is %q", c.barrierRekeyConfig.Nonce))
|
||||
}
|
||||
|
@ -554,6 +558,10 @@ func (c *Core) RecoveryRekeyUpdate(ctx context.Context, key []byte, nonce string
|
|||
return nil, logical.CodedError(http.StatusBadRequest, "no recovery rekey in progress")
|
||||
}
|
||||
|
||||
if len(c.recoveryRekeyConfig.VerificationKey) > 0 {
|
||||
return nil, logical.CodedError(http.StatusBadRequest, fmt.Sprintf("rekey operation already finished; verification must be performed; nonce for the verification operation is %q", c.recoveryRekeyConfig.VerificationNonce))
|
||||
}
|
||||
|
||||
if nonce != c.recoveryRekeyConfig.Nonce {
|
||||
return nil, logical.CodedError(http.StatusBadRequest, fmt.Sprintf("incorrect nonce supplied; nonce for this rekey operation is %q", c.recoveryRekeyConfig.Nonce))
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue