tordam

A library for peer discovery inside the Tor network
git clone https://git.parazyd.org/tordam
Log | Files | Refs | README | LICENSE
commit 029cad1cb16284f681742b451ffacbfbbae63cd0
parent 758bc307b2fc755904e4d91d3c5255c9891daaf3
Author: parazyd <parazyd@dyne.org>
Date:   Mon, 11 Dec 2017 17:28:13 +0100

Improvements to 2/2 handshake handling.

This commits also replaces the secret saved in redis with a new random
string, hopefully to prevent its reuse.

Diffstat:

Mcmd/dam-dir/main.go | 35++++++++++++++++++++++-------------


1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/cmd/dam-dir/main.go b/cmd/dam-dir/main.go
@@ -196,21 +196,29 @@ func handlePost(rw http.ResponseWriter, request *http.Request) {
 			correct = false
 		}
 
-		msg := []byte(req["message"])
-		sig := []byte(req["signature"])
-		pub, err := lib.ParsePubkeyRsa([]byte(n.Pubkey))
-		lib.CheckError(err)
-		val, err := lib.VerifyMsgRsa(msg, sig, pub)
-		lib.CheckError(err)
-		if val {
-			log.Println("Signature valid!")
-			correct = true
-		} else {
-			log.Println("Signature invalid!")
-			correct = false
+		if correct {
+			msg := []byte(req["message"])
+			sig := []byte(req["signature"])
+			pub, err := lib.ParsePubkeyRsa([]byte(n.Pubkey))
+			lib.CheckError(err)
+			val, err := lib.VerifyMsgRsa(msg, sig, pub)
+			lib.CheckError(err)
+			if val {
+				log.Println("Signature valid!")
+				correct = true
+			} else {
+				log.Println("Signature invalid!")
+				correct = false
+			}
 		}
 
 		if correct {
+			// Replace the secret in redis to prevent reuse.
+			randString, err := lib.GenRandomASCII(64)
+			lib.CheckError(err)
+			encoded := base64.StdEncoding.EncodeToString([]byte(randString))
+			_, err = RedisCli.HSet(n.Address, "secret", encoded).Result()
+			lib.CheckError(err)
 			log.Printf("Welcoming %s to the network\n", n.Address)
 			ret := map[string]string{"secret": "Welcome to the DAM network!"}
 			if err := postback(rw, ret, 200); err != nil {
@@ -218,9 +226,10 @@ func handlePost(rw http.ResponseWriter, request *http.Request) {
 			}
 			return
 		} else {
-			// Delete it from redis.
+			// Delete it all from redis.
 			_, err := RedisCli.Del(n.Address).Result()
 			lib.CheckError(err)
+			log.Printf("Verifying %s failed.\n", n.Address)
 			ret := map[string]string{"secret": "Verification failed. Bye."}
 			if err := postback(rw, ret, 400); err != nil {
 				lib.CheckError(err)