Use maps instead of slices

This commit is contained in:
Neil Alexander 2020-05-09 12:38:20 +01:00
parent a59fd2a489
commit 2a2ad76479
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944

View File

@ -1,7 +1,6 @@
package yggdrasil package yggdrasil
import ( import (
"bytes"
"encoding/hex" "encoding/hex"
"errors" "errors"
"fmt" "fmt"
@ -71,8 +70,8 @@ type linkInterface struct {
} }
type linkOptions struct { type linkOptions struct {
pinnedCurve25519Keys []crypto.BoxPubKey pinnedCurve25519Keys map[crypto.BoxPubKey]struct{}
pinnedEd25519Keys []crypto.SigPubKey pinnedEd25519Keys map[crypto.SigPubKey]struct{}
} }
func (l *link) init(c *Core) error { func (l *link) init(c *Core) error {
@ -102,24 +101,22 @@ func (l *link) call(uri string, sintf string) error {
pathtokens := strings.Split(strings.Trim(u.Path, "/"), "/") pathtokens := strings.Split(strings.Trim(u.Path, "/"), "/")
tcpOpts := tcpOptions{} tcpOpts := tcpOptions{}
if pubkeys, ok := u.Query()["curve25519"]; ok && len(pubkeys) > 0 { if pubkeys, ok := u.Query()["curve25519"]; ok && len(pubkeys) > 0 {
tcpOpts.pinnedCurve25519Keys = make(map[crypto.BoxPubKey]struct{})
for _, pubkey := range pubkeys { for _, pubkey := range pubkeys {
if boxPub, err := hex.DecodeString(pubkey); err != nil { if boxPub, err := hex.DecodeString(pubkey); err != nil {
var boxPubKey crypto.BoxPubKey var boxPubKey crypto.BoxPubKey
copy(boxPubKey[:], boxPub) copy(boxPubKey[:], boxPub)
tcpOpts.pinnedCurve25519Keys = append( tcpOpts.pinnedCurve25519Keys[boxPubKey] = struct{}{}
tcpOpts.pinnedCurve25519Keys, boxPubKey,
)
} }
} }
} }
if pubkeys, ok := u.Query()["ed25519"]; ok && len(pubkeys) > 0 { if pubkeys, ok := u.Query()["ed25519"]; ok && len(pubkeys) > 0 {
tcpOpts.pinnedEd25519Keys = make(map[crypto.SigPubKey]struct{})
for _, pubkey := range pubkeys { for _, pubkey := range pubkeys {
if sigPub, err := hex.DecodeString(pubkey); err != nil { if sigPub, err := hex.DecodeString(pubkey); err != nil {
var sigPubKey crypto.SigPubKey var sigPubKey crypto.SigPubKey
copy(sigPubKey[:], sigPub) copy(sigPubKey[:], sigPub)
tcpOpts.pinnedEd25519Keys = append( tcpOpts.pinnedEd25519Keys[sigPubKey] = struct{}{}
tcpOpts.pinnedEd25519Keys, sigPubKey,
)
} }
} }
} }
@ -222,22 +219,14 @@ func (intf *linkInterface) handler() error {
} }
// Check if the remote side matches the keys we expected. This is a bit of a weak // Check if the remote side matches the keys we expected. This is a bit of a weak
// check - in future versions we really should check a signature or something like that. // check - in future versions we really should check a signature or something like that.
if pinned := intf.options.pinnedCurve25519Keys; len(pinned) > 0 { if pinned := intf.options.pinnedCurve25519Keys; pinned != nil {
allowed := false if _, allowed := pinned[meta.box]; !allowed {
for _, key := range pinned {
allowed = allowed || (bytes.Compare(key[:], meta.box[:]) == 0)
}
if !allowed {
intf.link.core.log.Errorf("Failed to connect to node: %q sent curve25519 key that does not match pinned keys", intf.name) intf.link.core.log.Errorf("Failed to connect to node: %q sent curve25519 key that does not match pinned keys", intf.name)
return fmt.Errorf("failed to connect: host sent curve25519 key that does not match pinned keys") return fmt.Errorf("failed to connect: host sent curve25519 key that does not match pinned keys")
} }
} }
if pinned := intf.options.pinnedEd25519Keys; len(pinned) > 0 { if pinned := intf.options.pinnedEd25519Keys; pinned != nil {
allowed := false if _, allowed := pinned[meta.sig]; !allowed {
for _, key := range pinned {
allowed = allowed || (bytes.Compare(key[:], meta.sig[:]) == 0)
}
if !allowed {
intf.link.core.log.Errorf("Failed to connect to node: %q sent ed25519 key that does not match pinned keys", intf.name) intf.link.core.log.Errorf("Failed to connect to node: %q sent ed25519 key that does not match pinned keys", intf.name)
return fmt.Errorf("failed to connect: host sent ed25519 key that does not match pinned keys") return fmt.Errorf("failed to connect: host sent ed25519 key that does not match pinned keys")
} }