mirror of
https://github.com/yggdrasil-network/yggdrasil-go.git
synced 2024-11-27 12:05:23 +00:00
Use maps instead of slices
This commit is contained in:
parent
a59fd2a489
commit
2a2ad76479
@ -1,7 +1,6 @@
|
|||||||
package yggdrasil
|
package yggdrasil
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
@ -71,8 +70,8 @@ type linkInterface struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type linkOptions struct {
|
type linkOptions struct {
|
||||||
pinnedCurve25519Keys []crypto.BoxPubKey
|
pinnedCurve25519Keys map[crypto.BoxPubKey]struct{}
|
||||||
pinnedEd25519Keys []crypto.SigPubKey
|
pinnedEd25519Keys map[crypto.SigPubKey]struct{}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l *link) init(c *Core) error {
|
func (l *link) init(c *Core) error {
|
||||||
@ -102,24 +101,22 @@ func (l *link) call(uri string, sintf string) error {
|
|||||||
pathtokens := strings.Split(strings.Trim(u.Path, "/"), "/")
|
pathtokens := strings.Split(strings.Trim(u.Path, "/"), "/")
|
||||||
tcpOpts := tcpOptions{}
|
tcpOpts := tcpOptions{}
|
||||||
if pubkeys, ok := u.Query()["curve25519"]; ok && len(pubkeys) > 0 {
|
if pubkeys, ok := u.Query()["curve25519"]; ok && len(pubkeys) > 0 {
|
||||||
|
tcpOpts.pinnedCurve25519Keys = make(map[crypto.BoxPubKey]struct{})
|
||||||
for _, pubkey := range pubkeys {
|
for _, pubkey := range pubkeys {
|
||||||
if boxPub, err := hex.DecodeString(pubkey); err != nil {
|
if boxPub, err := hex.DecodeString(pubkey); err != nil {
|
||||||
var boxPubKey crypto.BoxPubKey
|
var boxPubKey crypto.BoxPubKey
|
||||||
copy(boxPubKey[:], boxPub)
|
copy(boxPubKey[:], boxPub)
|
||||||
tcpOpts.pinnedCurve25519Keys = append(
|
tcpOpts.pinnedCurve25519Keys[boxPubKey] = struct{}{}
|
||||||
tcpOpts.pinnedCurve25519Keys, boxPubKey,
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if pubkeys, ok := u.Query()["ed25519"]; ok && len(pubkeys) > 0 {
|
if pubkeys, ok := u.Query()["ed25519"]; ok && len(pubkeys) > 0 {
|
||||||
|
tcpOpts.pinnedEd25519Keys = make(map[crypto.SigPubKey]struct{})
|
||||||
for _, pubkey := range pubkeys {
|
for _, pubkey := range pubkeys {
|
||||||
if sigPub, err := hex.DecodeString(pubkey); err != nil {
|
if sigPub, err := hex.DecodeString(pubkey); err != nil {
|
||||||
var sigPubKey crypto.SigPubKey
|
var sigPubKey crypto.SigPubKey
|
||||||
copy(sigPubKey[:], sigPub)
|
copy(sigPubKey[:], sigPub)
|
||||||
tcpOpts.pinnedEd25519Keys = append(
|
tcpOpts.pinnedEd25519Keys[sigPubKey] = struct{}{}
|
||||||
tcpOpts.pinnedEd25519Keys, sigPubKey,
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -222,22 +219,14 @@ func (intf *linkInterface) handler() error {
|
|||||||
}
|
}
|
||||||
// Check if the remote side matches the keys we expected. This is a bit of a weak
|
// Check if the remote side matches the keys we expected. This is a bit of a weak
|
||||||
// check - in future versions we really should check a signature or something like that.
|
// check - in future versions we really should check a signature or something like that.
|
||||||
if pinned := intf.options.pinnedCurve25519Keys; len(pinned) > 0 {
|
if pinned := intf.options.pinnedCurve25519Keys; pinned != nil {
|
||||||
allowed := false
|
if _, allowed := pinned[meta.box]; !allowed {
|
||||||
for _, key := range pinned {
|
|
||||||
allowed = allowed || (bytes.Compare(key[:], meta.box[:]) == 0)
|
|
||||||
}
|
|
||||||
if !allowed {
|
|
||||||
intf.link.core.log.Errorf("Failed to connect to node: %q sent curve25519 key that does not match pinned keys", intf.name)
|
intf.link.core.log.Errorf("Failed to connect to node: %q sent curve25519 key that does not match pinned keys", intf.name)
|
||||||
return fmt.Errorf("failed to connect: host sent curve25519 key that does not match pinned keys")
|
return fmt.Errorf("failed to connect: host sent curve25519 key that does not match pinned keys")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if pinned := intf.options.pinnedEd25519Keys; len(pinned) > 0 {
|
if pinned := intf.options.pinnedEd25519Keys; pinned != nil {
|
||||||
allowed := false
|
if _, allowed := pinned[meta.sig]; !allowed {
|
||||||
for _, key := range pinned {
|
|
||||||
allowed = allowed || (bytes.Compare(key[:], meta.sig[:]) == 0)
|
|
||||||
}
|
|
||||||
if !allowed {
|
|
||||||
intf.link.core.log.Errorf("Failed to connect to node: %q sent ed25519 key that does not match pinned keys", intf.name)
|
intf.link.core.log.Errorf("Failed to connect to node: %q sent ed25519 key that does not match pinned keys", intf.name)
|
||||||
return fmt.Errorf("failed to connect: host sent ed25519 key that does not match pinned keys")
|
return fmt.Errorf("failed to connect: host sent ed25519 key that does not match pinned keys")
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user