tordam

A library for peer discovery inside the Tor network
git clone https://git.parazyd.org/tordam
Log | Files | Refs | README | LICENSE

commit 029cad1cb16284f681742b451ffacbfbbae63cd0
parent 758bc307b2fc755904e4d91d3c5255c9891daaf3
Author: parazyd <parazyd@dyne.org>
Date:   Mon, 11 Dec 2017 17:28:13 +0100

Improvements to 2/2 handshake handling.

This commits also replaces the secret saved in redis with a new random
string, hopefully to prevent its reuse.

Diffstat:
Mcmd/dam-dir/main.go | 35++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/cmd/dam-dir/main.go b/cmd/dam-dir/main.go @@ -196,21 +196,29 @@ func handlePost(rw http.ResponseWriter, request *http.Request) { correct = false } - msg := []byte(req["message"]) - sig := []byte(req["signature"]) - pub, err := lib.ParsePubkeyRsa([]byte(n.Pubkey)) - lib.CheckError(err) - val, err := lib.VerifyMsgRsa(msg, sig, pub) - lib.CheckError(err) - if val { - log.Println("Signature valid!") - correct = true - } else { - log.Println("Signature invalid!") - correct = false + if correct { + msg := []byte(req["message"]) + sig := []byte(req["signature"]) + pub, err := lib.ParsePubkeyRsa([]byte(n.Pubkey)) + lib.CheckError(err) + val, err := lib.VerifyMsgRsa(msg, sig, pub) + lib.CheckError(err) + if val { + log.Println("Signature valid!") + correct = true + } else { + log.Println("Signature invalid!") + correct = false + } } if correct { + // Replace the secret in redis to prevent reuse. + randString, err := lib.GenRandomASCII(64) + lib.CheckError(err) + encoded := base64.StdEncoding.EncodeToString([]byte(randString)) + _, err = RedisCli.HSet(n.Address, "secret", encoded).Result() + lib.CheckError(err) log.Printf("Welcoming %s to the network\n", n.Address) ret := map[string]string{"secret": "Welcome to the DAM network!"} if err := postback(rw, ret, 200); err != nil { @@ -218,9 +226,10 @@ func handlePost(rw http.ResponseWriter, request *http.Request) { } return } else { - // Delete it from redis. + // Delete it all from redis. _, err := RedisCli.Del(n.Address).Result() lib.CheckError(err) + log.Printf("Verifying %s failed.\n", n.Address) ret := map[string]string{"secret": "Verification failed. Bye."} if err := postback(rw, ret, 400); err != nil { lib.CheckError(err)