diff options
author | Christian Grothoff <christian@grothoff.org> | 2019-04-28 13:58:41 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2019-04-28 13:58:52 +0200 |
commit | b41480962266720fd2a068cb41284d2d29cc54fd (patch) | |
tree | 151154d899a3d1564b1d7e96dcd6b17aec3421c3 | |
parent | 6e8aa86be330bc06ecd9ea7cfbd2dc3a8f6ebb55 (diff) | |
download | gnunet-b41480962266720fd2a068cb41284d2d29cc54fd.tar.gz gnunet-b41480962266720fd2a068cb41284d2d29cc54fd.zip |
implement hop-by-hop signature verification
-rw-r--r-- | src/transport/gnunet-service-tng.c | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c index b15a62cc4..c2922dd7e 100644 --- a/src/transport/gnunet-service-tng.c +++ b/src/transport/gnunet-service-tng.c | |||
@@ -24,7 +24,6 @@ | |||
24 | * | 24 | * |
25 | * TODO: | 25 | * TODO: |
26 | * Implement next: | 26 | * Implement next: |
27 | * - dv hop-by-hop signature verification (at least at initiator) | ||
28 | * - change transport-core API to provide proper flow control in both | 27 | * - change transport-core API to provide proper flow control in both |
29 | * directions, allow multiple messages per peer simultaneously (tag | 28 | * directions, allow multiple messages per peer simultaneously (tag |
30 | * confirmations with unique message ID), and replace quota-out with | 29 | * confirmations with unique message ID), and replace quota-out with |
@@ -6421,9 +6420,28 @@ handle_dv_learn (void *cls, const struct TransportDVLearnMessage *dvl) | |||
6421 | n); | 6420 | n); |
6422 | } | 6421 | } |
6423 | } | 6422 | } |
6424 | // FIXME: asynchronously (!) verify hop-by-hop signatures! | 6423 | /* OPTIMIZE-FIXME: asynchronously (!) verify signatures!, |
6425 | // => if signature verification load too high, implement random drop | 6424 | If signature verification load too high, implement random drop strategy */ |
6426 | // strategy!? | 6425 | for (unsigned int i = 0; i < nhops; i++) |
6426 | { | ||
6427 | struct DvHopPS dhp = {.purpose.purpose = | ||
6428 | htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP), | ||
6429 | .purpose.size = htonl (sizeof (dhp)), | ||
6430 | .pred = (0 == i) ? dvl->initiator : hops[i - 1].hop, | ||
6431 | .succ = (nhops - 1 == i) ? GST_my_identity | ||
6432 | : hops[i + 1].hop, | ||
6433 | .challenge = dvl->challenge}; | ||
6434 | |||
6435 | if (GNUNET_OK != | ||
6436 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP, | ||
6437 | &dhp.purpose, | ||
6438 | &hops[i].hop_sig, | ||
6439 | &hops[i].hop.public_key)) | ||
6440 | { | ||
6441 | GNUNET_break_op (0); | ||
6442 | return; | ||
6443 | } | ||
6444 | } | ||
6427 | 6445 | ||
6428 | do_fwd = GNUNET_YES; | 6446 | do_fwd = GNUNET_YES; |
6429 | if (0 == GNUNET_memcmp (&GST_my_identity, &dvl->initiator)) | 6447 | if (0 == GNUNET_memcmp (&GST_my_identity, &dvl->initiator)) |