dark/zerotiertspu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More refactor

Browse source
This commit is contained in:
Adam Ierymenko 2019-08-14 15:00:18 -07:00
parent e6b4006c70
commit 4da8036222
No known key found for this signature in database
GPG key ID: 1657198823E52A61
6 changed files with 40 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

37
node/Credential.cpp
View file

@ -85,4 +85,41 @@ Credential::VerifyResult Credential::_verify(const RuntimeEnvironment *const RR,
return (id.verify(buf,ptr * sizeof(uint64_t),credential._signature,credential._signatureLength) ? Credential::VERIFY_OK : Credential::VERIFY_BAD_SIGNATURE);
}
Credential::VerifyResult Credential::_verify(const RuntimeEnvironment *RR,void *tPtr,const Capability &credential) const
{
try {
// There must be at least one entry, and sanity check for bad chain max length
if ((credential._maxCustodyChainLength < 1)||(credential._maxCustodyChainLength > ZT_MAX_CAPABILITY_CUSTODY_CHAIN_LENGTH))
return Credential::VERIFY_BAD_SIGNATURE;
// Validate all entries in chain of custody
Buffer<(sizeof(Capability) * 2)> tmp;
credential.serialize(tmp,true);
for(unsigned int c=0;c<credential._maxCustodyChainLength;++c) {
if (c == 0) {
if ((!credential._custody[c].to)||(!credential._custody[c].from)||(credential._custody[c].from != Network::controllerFor(credential._nwid)))
return Credential::VERIFY_BAD_SIGNATURE; // the first entry must be present and from the network's controller
} else {
if (!credential._custody[c].to)
return Credential::VERIFY_OK; // all previous entries were valid, so we are valid
else if ((!credential._custody[c].from)||(credential._custody[c].from != credential._custody[c-1].to))
return Credential::VERIFY_BAD_SIGNATURE; // otherwise if we have another entry it must be from the previous holder in the chain
}
const Identity id(RR->topology->getIdentity(tPtr,credential._custody[c].from));
if (id) {
if (!id.verify(tmp.data(),tmp.size(),credential._custody[c].signature,credential._custody[c].signatureLength))
return Credential::VERIFY_BAD_SIGNATURE;
} else {
RR->sw->requestWhois(tPtr,RR->node->now(),credential._custody[c].from);
return Credential::VERIFY_NEED_IDENTITY;
}
}
// We reached max custody chain length and everything was valid
return Credential::VERIFY_OK;
} catch ( ... ) {}
return Credential::VERIFY_BAD_SIGNATURE;
}
} // namespace ZeroTier