ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-02-06 11:10:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Do packet MAC check before locallyValidate(), and add timing measurement in selftest.

Browse Source
This commit is contained in:
Adam Ierymenko 2016-11-18 11:09:19 -08:00
parent 1fcbb1fbed
commit ab4021dd0e
2 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
node/IncomingPacket.cpp
View File

@ -275,7 +275,7 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
// Continue at // VALID // Continue at // VALID
} }
} // else continue at // VALID } // else if alreadyAuthenticated then continue at // VALID
} else { } else {
// We don't already have an identity with this address -- validate and learn it // We don't already have an identity with this address -- validate and learn it
@ -285,18 +285,19 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
return true; return true;
} }
// Check packet integrity and MAC
SharedPtr<Peer> newPeer(new Peer(RR,RR->identity,id));
if (!dearmor(newPeer->key())) {
TRACE("rejected HELLO from %s(%s): packet failed authentication",id.address().toString().c_str(),_path->address().toString().c_str());
return true;
}
// Check that identity's address is valid as per the derivation function // Check that identity's address is valid as per the derivation function
if (!id.locallyValidate()) { if (!id.locallyValidate()) {
TRACE("dropped HELLO from %s(%s): identity invalid",id.address().toString().c_str(),_path->address().toString().c_str()); TRACE("dropped HELLO from %s(%s): identity invalid",id.address().toString().c_str(),_path->address().toString().c_str());
return true; return true;
} }
// Check packet integrity and authentication
SharedPtr<Peer> newPeer(new Peer(RR,RR->identity,id));
if (!dearmor(newPeer->key())) {
TRACE("rejected HELLO from %s(%s): packet failed authentication",id.address().toString().c_str(),_path->address().toString().c_str());
return true;
}
peer = RR->topology->addPeer(newPeer); peer = RR->topology->addPeer(newPeer);
// Continue at // VALID // Continue at // VALID

12
selftest.cpp
View File

@ -376,11 +376,15 @@ static int testIdentity()
std::cout << "FAIL (1)" << std::endl; std::cout << "FAIL (1)" << std::endl;
return -1; return -1;
} }
if (!id.locallyValidate()) { const uint64_t vst = OSUtils::now();
std::cout << "FAIL (2)" << std::endl; for(int k=0;k<10;++k) {
return -1; if (!id.locallyValidate()) {
std::cout << "FAIL (2)" << std::endl;
return -1;
}
} }
std::cout << "PASS" << std::endl; const uint64_t vet = OSUtils::now();
std::cout << "PASS (" << ((double)(vet - vst) / 10.0) << "ms per validation)" << std::endl;
std::cout << "[identity] Validate known-bad identity... "; std::cout.flush(); std::cout << "[identity] Validate known-bad identity... "; std::cout.flush();
if (!id.fromString(KNOWN_BAD_IDENTITY)) { if (!id.fromString(KNOWN_BAD_IDENTITY)) {