Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit).

This commit is contained in:
Adam Ierymenko 2016-09-27 11:33:48 -07:00
parent 236fdb450c
commit 15c07c58b6
5 changed files with 213 additions and 137 deletions

View file

@ -23,7 +23,6 @@
#include "Utils.hpp"
#include "Buffer.hpp"
#include "Address.hpp"
#include "C25519.hpp"
#include <stdint.h>
@ -444,49 +443,14 @@ public:
return found;
}
/**
* Sign this Dictionary, replacing any previous signature
*
* @param sigKey Key to use for signature in dictionary
* @param kp Key pair to sign with
*/
inline void wrapWithSignature(const char *sigKey,const C25519::Pair &kp)
{
this->erase(sigKey);
C25519::Signature sig(C25519::sign(kp,this->data(),this->sizeBytes()));
this->add(sigKey,reinterpret_cast<const char *>(sig.data),ZT_C25519_SIGNATURE_LEN);
}
/**
* Verify signature (and erase signature key)
*
* This erases this Dictionary's signature key (if present) and verifies
* the signature. The key is erased to render the Dictionary into the
* original unsigned form it was signed in for verification purposes.
*
* @param sigKey Key to use for signature in dictionary
* @param pk Public key to check against
* @return True if signature was present and valid
*/
inline bool unwrapAndVerify(const char *sigKey,const C25519::Public &pk)
{
char sig[ZT_C25519_SIGNATURE_LEN+1];
if (this->get(sigKey,sig,sizeof(sig)) != ZT_C25519_SIGNATURE_LEN)
return false;
this->erase(sigKey);
return C25519::verify(pk,this->data(),this->sizeBytes(),sig);
}
/**
* @return Dictionary data as a 0-terminated C-string
*/
inline const char *data() const { return _d; }
/**
* @return Value of C template parameter
*/
inline unsigned int capacity() const { return C; }
inline const char *data() const { return _d; }
inline char *unsafeData() { return _d; }
private:
char _d[C];
};