Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
opendht
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Locked files
Deploy
Model registry
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
savoirfairelinux
opendht
Commits
0d278786
Commit
0d278786
authored
6 years ago
by
Adrien Béraud
Browse files
Options
Downloads
Patches
Plain Diff
securedht: move crypto ops to Value
parent
cb9fe9d1
No related branches found
No related tags found
No related merge requests found
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
include/opendht/value.h
+3
-1
3 additions, 1 deletion
include/opendht/value.h
src/securedht.cpp
+13
-39
13 additions, 39 deletions
src/securedht.cpp
src/value.cpp
+35
-0
35 additions, 0 deletions
src/value.cpp
with
51 additions
and
40 deletions
include/opendht/value.h
+
3
−
1
View file @
0d278786
...
...
@@ -591,8 +591,10 @@ struct OPENDHT_PUBLIC Value
*/
Blob
cypher
{};
bool
checkSignature
();
Sp
<
Value
>
decrypt
(
const
crypto
::
PrivateKey
&
key
);
private
:
friend
class
SecureDht
;
/* Cache for crypto ops */
bool
signatureChecked
{
false
};
bool
signatureValid
{
false
};
...
...
This diff is collapsed.
Click to expand it.
src/securedht.cpp
+
13
−
39
View file @
0d278786
...
...
@@ -68,33 +68,19 @@ ValueType
SecureDht
::
secureType
(
ValueType
&&
type
)
{
type
.
storePolicy
=
[
this
,
type
](
InfoHash
id
,
Sp
<
Value
>&
v
,
const
InfoHash
&
nid
,
const
SockAddr
&
a
)
{
if
(
v
->
isSigned
())
{
if
(
!
v
->
signatureChecked
)
{
v
->
signatureChecked
=
true
;
v
->
signatureValid
=
v
->
owner
and
v
->
owner
->
checkSignature
(
v
->
getToSign
(),
v
->
signature
);
}
if
(
!
v
->
signatureValid
)
{
DHT_LOG
.
WARN
(
"Signature verification failed"
);
return
false
;
}
}
if
(
v
->
isSigned
())
return
v
->
checkSignature
();
return
type
.
storePolicy
(
id
,
v
,
nid
,
a
);
};
type
.
editPolicy
=
[
this
,
type
](
InfoHash
id
,
const
Sp
<
Value
>&
o
,
Sp
<
Value
>&
n
,
const
InfoHash
&
nid
,
const
SockAddr
&
a
)
{
if
(
!
o
->
isSigned
())
if
(
not
o
->
isSigned
())
return
type
.
editPolicy
(
id
,
o
,
n
,
nid
,
a
);
if
(
o
->
owner
!=
n
->
owner
)
{
if
(
o
->
owner
!=
n
->
owner
or
not
n
->
isSigned
()
)
{
DHT_LOG
.
WARN
(
"Edition forbidden: owner changed."
);
return
false
;
}
if
(
!
n
->
signatureChecked
)
{
n
->
signatureChecked
=
true
;
n
->
signatureValid
=
o
->
owner
and
o
->
owner
->
checkSignature
(
n
->
getToSign
(),
n
->
signature
);
}
if
(
!
n
->
signatureValid
)
{
DHT_LOG
.
WARN
(
"Edition forbidden: signature verification failed."
);
if
(
not
n
->
checkSignature
())
return
false
;
}
if
(
o
->
seq
==
n
->
seq
)
{
// If the data is exactly the same,
// it can be reannounced, possibly by someone else.
...
...
@@ -241,35 +227,23 @@ SecureDht::checkValue(const Sp<Value>& v)
#endif
return
{};
}
if
(
v
->
decrypted
)
{
return
v
->
decryptedValue
;
}
v
->
decrypted
=
true
;
try
{
Value
decrypted_val
(
decrypt
(
*
v
));
if
(
decrypted_val
.
recipient
==
getId
())
{
if
(
decrypted_val
.
owner
)
nodesPubKeys_
[
decrypted_val
.
owner
->
getId
()]
=
decrypted_val
.
owner
;
v
->
decryptedValue
=
std
::
make_shared
<
Value
>
(
std
::
move
(
decrypted_val
));
return
v
->
decryptedValue
;
}
// Ignore values belonging to other people
if
(
auto
decrypted_val
=
v
->
decrypt
(
*
key_
))
{
if
(
decrypted_val
->
owner
)
nodesPubKeys_
[
decrypted_val
->
owner
->
getId
()]
=
decrypted_val
->
owner
;
return
decrypted_val
;
}
}
catch
(
const
std
::
exception
&
e
)
{
DHT_LOG
.
WARN
(
"Could not decrypt value %s : %s"
,
v
->
toString
().
c_str
(),
e
.
what
());
}
}
// Check signed values
else
if
(
v
->
isSigned
())
{
if
(
v
->
signatureChecked
)
{
return
v
->
signatureValid
?
v
:
Sp
<
Value
>
{};
}
v
->
signatureChecked
=
true
;
if
(
v
->
owner
and
v
->
owner
->
checkSignature
(
v
->
getToSign
(),
v
->
signature
))
{
v
->
signatureValid
=
true
;
if
(
v
->
checkSignature
())
{
if
(
v
->
owner
)
nodesPubKeys_
[
v
->
owner
->
getId
()]
=
v
->
owner
;
return
v
;
}
else
}
else
DHT_LOG
.
WARN
(
"Signature verification failed for %s"
,
v
->
toString
().
c_str
());
}
// Forward normal values
...
...
This diff is collapsed.
Click to expand it.
src/value.cpp
+
35
−
0
View file @
0d278786
...
...
@@ -233,6 +233,41 @@ Value::toJson() const
return
val
;
}
bool
Value
::
checkSignature
()
{
if
(
!
signatureChecked
)
{
signatureChecked
=
true
;
if
(
isSigned
())
{
signatureValid
=
owner
and
owner
->
checkSignature
(
getToSign
(),
signature
);
}
else
{
signatureValid
=
true
;
}
}
return
signatureValid
;
}
Sp
<
Value
>
Value
::
decrypt
(
const
crypto
::
PrivateKey
&
key
)
{
if
(
not
decrypted
)
{
decrypted
=
true
;
if
(
isEncrypted
())
{
auto
decryptedBlob
=
key
.
decrypt
(
cypher
);
std
::
unique_ptr
<
Value
>
v
{
new
Value
(
id
)};
auto
msg
=
msgpack
::
unpack
((
const
char
*
)
decryptedBlob
.
data
(),
decryptedBlob
.
size
());
v
->
msgpack_unpack_body
(
msg
.
get
());
if
(
v
->
recipient
!=
key
.
getPublicKey
().
getId
())
throw
crypto
::
DecryptError
(
"Recipient mismatch"
);
// Ignore values belonging to other people
if
(
not
v
->
owner
or
not
v
->
owner
->
checkSignature
(
v
->
getToSign
(),
v
->
signature
))
throw
crypto
::
DecryptError
(
"Signature mismatch"
);
decryptedValue
=
std
::
move
(
v
);
}
}
return
decryptedValue
;
}
uint64_t
unpackId
(
const
Json
::
Value
&
json
,
const
std
::
string
&
key
)
{
uint64_t
ret
=
0
;
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment