Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit).
This commit is contained in:
parent
236fdb450c
commit
15c07c58b6
5 changed files with 213 additions and 137 deletions
|
@ -23,7 +23,6 @@
|
|||
#include "Utils.hpp"
|
||||
#include "Buffer.hpp"
|
||||
#include "Address.hpp"
|
||||
#include "C25519.hpp"
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
|
@ -444,49 +443,14 @@ public:
|
|||
return found;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sign this Dictionary, replacing any previous signature
|
||||
*
|
||||
* @param sigKey Key to use for signature in dictionary
|
||||
* @param kp Key pair to sign with
|
||||
*/
|
||||
inline void wrapWithSignature(const char *sigKey,const C25519::Pair &kp)
|
||||
{
|
||||
this->erase(sigKey);
|
||||
C25519::Signature sig(C25519::sign(kp,this->data(),this->sizeBytes()));
|
||||
this->add(sigKey,reinterpret_cast<const char *>(sig.data),ZT_C25519_SIGNATURE_LEN);
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify signature (and erase signature key)
|
||||
*
|
||||
* This erases this Dictionary's signature key (if present) and verifies
|
||||
* the signature. The key is erased to render the Dictionary into the
|
||||
* original unsigned form it was signed in for verification purposes.
|
||||
*
|
||||
* @param sigKey Key to use for signature in dictionary
|
||||
* @param pk Public key to check against
|
||||
* @return True if signature was present and valid
|
||||
*/
|
||||
inline bool unwrapAndVerify(const char *sigKey,const C25519::Public &pk)
|
||||
{
|
||||
char sig[ZT_C25519_SIGNATURE_LEN+1];
|
||||
if (this->get(sigKey,sig,sizeof(sig)) != ZT_C25519_SIGNATURE_LEN)
|
||||
return false;
|
||||
this->erase(sigKey);
|
||||
return C25519::verify(pk,this->data(),this->sizeBytes(),sig);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Dictionary data as a 0-terminated C-string
|
||||
*/
|
||||
inline const char *data() const { return _d; }
|
||||
|
||||
/**
|
||||
* @return Value of C template parameter
|
||||
*/
|
||||
inline unsigned int capacity() const { return C; }
|
||||
|
||||
inline const char *data() const { return _d; }
|
||||
inline char *unsafeData() { return _d; }
|
||||
|
||||
private:
|
||||
char _d[C];
|
||||
};
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue