diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/transport/gnunet-service-transport_validation.c | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index a8996b1cc..f7a12085a 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c | |||
@@ -1149,6 +1149,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender, | |||
1149 | struct GNUNET_HELLO_Message *hello; | 1149 | struct GNUNET_HELLO_Message *hello; |
1150 | struct GNUNET_HELLO_Address address; | 1150 | struct GNUNET_HELLO_Address address; |
1151 | int sig_res; | 1151 | int sig_res; |
1152 | int do_verify; | ||
1152 | 1153 | ||
1153 | if (ntohs (hdr->size) < sizeof (struct TransportPongMessage)) | 1154 | if (ntohs (hdr->size) < sizeof (struct TransportPongMessage)) |
1154 | { | 1155 | { |
@@ -1204,28 +1205,38 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender, | |||
1204 | } | 1205 | } |
1205 | 1206 | ||
1206 | sig_res = GNUNET_SYSERR; | 1207 | sig_res = GNUNET_SYSERR; |
1208 | do_verify = GNUNET_YES; | ||
1207 | if (0 != GNUNET_TIME_absolute_get_remaining(ve->pong_sig_valid_until).rel_value) | 1209 | if (0 != GNUNET_TIME_absolute_get_remaining(ve->pong_sig_valid_until).rel_value) |
1208 | { | 1210 | { |
1209 | if (0 == memcmp (&ve->pong_sig_cache, &pong->signature, sizeof (struct GNUNET_CRYPTO_EccSignature))) | 1211 | if (0 == memcmp (&ve->pong_sig_cache, &pong->signature, sizeof (struct GNUNET_CRYPTO_EccSignature))) |
1212 | { | ||
1210 | sig_res = GNUNET_OK; | 1213 | sig_res = GNUNET_OK; |
1214 | do_verify = GNUNET_NO; | ||
1215 | } | ||
1211 | else | 1216 | else |
1217 | { | ||
1212 | sig_res = GNUNET_SYSERR; | 1218 | sig_res = GNUNET_SYSERR; |
1219 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1220 | "Failed to check with cached signature: different signature on address %s:%s from peer `%s'\n", | ||
1221 | tname, GST_plugins_a2s (ve->address), | ||
1222 | GNUNET_i2s (sender)); | ||
1223 | } | ||
1213 | } | 1224 | } |
1214 | else | 1225 | |
1226 | if (GNUNET_YES == do_verify) | ||
1215 | { | 1227 | { |
1216 | sig_res = GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, | 1228 | sig_res = GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, |
1217 | &pong->purpose, &pong->signature, | 1229 | &pong->purpose, &pong->signature, |
1218 | &ve->public_key); | 1230 | &ve->public_key); |
1231 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1232 | "Failed to verify: invalid signature on address %s:%s from peer `%s'\n", | ||
1233 | tname, GST_plugins_a2s (ve->address), | ||
1234 | GNUNET_i2s (sender)); | ||
1219 | } | 1235 | } |
1220 | 1236 | ||
1221 | if (sig_res == GNUNET_SYSERR) | 1237 | if (sig_res == GNUNET_SYSERR) |
1222 | { | ||
1223 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1224 | "Invalid signature on address %s:%s from peer `%s'\n", | ||
1225 | tname, GST_plugins_a2s (ve->address), | ||
1226 | GNUNET_i2s (sender)); | ||
1227 | return; | 1238 | return; |
1228 | } | 1239 | |
1229 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1240 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1230 | "Address validated for peer `%s' with plugin `%s': `%s'\n", | 1241 | "Address validated for peer `%s' with plugin `%s': `%s'\n", |
1231 | GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address)); | 1242 | GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address)); |