j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

First attempt to sign and verify the SLPD data

Browse source
This commit is contained in:
thorkill 2016-05-16 23:21:02 +02:00
parent 43ed440176
commit 4cb85c00a8
2 changed files with 37 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/net_packet.c
View file

@ -1529,7 +1529,7 @@ static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, struct s
return;
}
if (mav == 0 && miv == 1) {
if (mav == 0 && miv <= 2) {
logger(DEBUG_TRAFFIC, LOG_ERR, "Got SLPD packet node:%s port:%d %d.%d <%s> from %s", nodename, port, mav, miv, fng, addrstr);
@ -1539,6 +1539,22 @@ static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, struct s
return;
}
node_read_ecdsa_public_key(n);
char sig[64];
int v;
size_t nlen = strlen(pkt);
if (miv >= 2) {
if (b64decode(fng, &sig, 86) != 64) {
logger(DEBUG_ALWAYS, LOG_ERR, "b64decode() failed!");
return;
}
if (!ecdsa_verify(n->ecdsa, pkt, nlen-86-1, sig)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Signature verification for SLPD from <%s> failed!", addrstr);
return;
}
}
if (!strncmp(n->name, myself->name, strlen(myself->name))) {
logger(DEBUG_SCARY_THINGS, LOG_NOTICE, "Ignore SLPD for myself: %s", nodename);
return;