From 4cb85c00a827378241512660672525247691a999 Mon Sep 17 00:00:00 2001 From: thorkill Date: Mon, 16 May 2016 23:21:02 +0200 Subject: [PATCH] First attempt to sign and verify the SLPD data --- src/net_packet.c | 18 +++++++++++++++++- src/net_setup.c | 24 ++++++++++++++++++++---- 2 files changed, 37 insertions(+), 5 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 2ceff909..8a3bf9df 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -1529,7 +1529,7 @@ static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, struct s return; } - if (mav == 0 && miv == 1) { + if (mav == 0 && miv <= 2) { logger(DEBUG_TRAFFIC, LOG_ERR, "Got SLPD packet node:%s port:%d %d.%d <%s> from %s", nodename, port, mav, miv, fng, addrstr); @@ -1539,6 +1539,22 @@ static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, struct s return; } + node_read_ecdsa_public_key(n); + + char sig[64]; + int v; + size_t nlen = strlen(pkt); + if (miv >= 2) { + if (b64decode(fng, &sig, 86) != 64) { + logger(DEBUG_ALWAYS, LOG_ERR, "b64decode() failed!"); + return; + } + if (!ecdsa_verify(n->ecdsa, pkt, nlen-86-1, sig)) { + logger(DEBUG_ALWAYS, LOG_ERR, "Signature verification for SLPD from <%s> failed!", addrstr); + return; + } + } + if (!strncmp(n->name, myself->name, strlen(myself->name))) { logger(DEBUG_SCARY_THINGS, LOG_NOTICE, "Ignore SLPD for myself: %s", nodename); return; diff --git a/src/net_setup.c b/src/net_setup.c index 4affdb94..436e77fe 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -402,11 +402,27 @@ void send_slpd_broadcast(char *iface) { return; } - snprintf(slpd_msg, MAXSIZE, "sLPD 0 1 %s %d none ", myname, atoi(myport)); - slpd_msg[MAXSIZE-1] = '\00'; - //ecdsa_sign(myself->sptps.mykey, msg, strlen(msg), sig); + snprintf(slpd_msg, MAXSIZE, "sLPD 0 2 %s %d", myname, atoi(myport)); - if (sendto(sd, slpd_msg, strlen(slpd_msg), 0, mcast_addr->ai_addr, mcast_addr->ai_addrlen) != strlen(slpd_msg) ) { + char signature[87]; + char b64sig[255]; + char pkt[MAXSIZE]; + int public_key = node_read_ecdsa_public_key(myself); + char *private_key; + + private_key = read_ecdsa_private_key(); + + slpd_msg[MAXSIZE-1] = '\00'; + ecdsa_sign(myself->connection->ecdsa, slpd_msg, strlen(slpd_msg), &signature); + if (b64encode(signature, &b64sig, 64) != 86) { + logger(DEBUG_ALWAYS, LOG_ERR, "b64encode() failed!"); + return; + } + + int l = snprintf(&pkt, strlen(slpd_msg) + strlen(b64sig) + 2, "%s %s", slpd_msg, b64sig); + pkt[l] = '\00'; + + if (sendto(sd, pkt, strlen(pkt), 0, mcast_addr->ai_addr, mcast_addr->ai_addrlen) != strlen(pkt) ) { logger(DEBUG_ALWAYS, LOG_ERR, "SLPD send() error: [%s:%d]", strerror(errno), errno); } close(sd);