aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2019-04-28 13:58:41 +0200
committerChristian Grothoff <christian@grothoff.org>2019-04-28 13:58:52 +0200
commitb41480962266720fd2a068cb41284d2d29cc54fd (patch)
tree151154d899a3d1564b1d7e96dcd6b17aec3421c3
parent6e8aa86be330bc06ecd9ea7cfbd2dc3a8f6ebb55 (diff)
downloadgnunet-b41480962266720fd2a068cb41284d2d29cc54fd.tar.gz
gnunet-b41480962266720fd2a068cb41284d2d29cc54fd.zip
implement hop-by-hop signature verification
-rw-r--r--src/transport/gnunet-service-tng.c26
1 files changed, 22 insertions, 4 deletions
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c
index b15a62cc4..c2922dd7e 100644
--- a/src/transport/gnunet-service-tng.c
+++ b/src/transport/gnunet-service-tng.c
@@ -24,7 +24,6 @@
24 * 24 *
25 * TODO: 25 * TODO:
26 * Implement next: 26 * Implement next:
27 * - dv hop-by-hop signature verification (at least at initiator)
28 * - change transport-core API to provide proper flow control in both 27 * - change transport-core API to provide proper flow control in both
29 * directions, allow multiple messages per peer simultaneously (tag 28 * directions, allow multiple messages per peer simultaneously (tag
30 * confirmations with unique message ID), and replace quota-out with 29 * confirmations with unique message ID), and replace quota-out with
@@ -6421,9 +6420,28 @@ handle_dv_learn (void *cls, const struct TransportDVLearnMessage *dvl)
6421 n); 6420 n);
6422 } 6421 }
6423 } 6422 }
6424 // FIXME: asynchronously (!) verify hop-by-hop signatures! 6423 /* OPTIMIZE-FIXME: asynchronously (!) verify signatures!,
6425 // => if signature verification load too high, implement random drop 6424 If signature verification load too high, implement random drop strategy */
6426 // strategy!? 6425 for (unsigned int i = 0; i < nhops; i++)
6426 {
6427 struct DvHopPS dhp = {.purpose.purpose =
6428 htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP),
6429 .purpose.size = htonl (sizeof (dhp)),
6430 .pred = (0 == i) ? dvl->initiator : hops[i - 1].hop,
6431 .succ = (nhops - 1 == i) ? GST_my_identity
6432 : hops[i + 1].hop,
6433 .challenge = dvl->challenge};
6434
6435 if (GNUNET_OK !=
6436 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP,
6437 &dhp.purpose,
6438 &hops[i].hop_sig,
6439 &hops[i].hop.public_key))
6440 {
6441 GNUNET_break_op (0);
6442 return;
6443 }
6444 }
6427 6445
6428 do_fwd = GNUNET_YES; 6446 do_fwd = GNUNET_YES;
6429 if (0 == GNUNET_memcmp (&GST_my_identity, &dvl->initiator)) 6447 if (0 == GNUNET_memcmp (&GST_my_identity, &dvl->initiator))