RouterInfo: refactor signature creation and verification #917
Conversation
src/core/router/info.cc
Outdated
| m_BufferLen, | ||
| reinterpret_cast<std::uint8_t*>(m_Buffer.get()) + m_BufferLen); | ||
|
|
||
| m_BufferLen += private_keys.GetPublic().GetSignatureLen(); |
There was a problem hiding this comment.
But now you haven't updated m_BufferLen, assuming we'll continue to use this member. (I'd love to have time to resolve the buffer TODO).
There was a problem hiding this comment.
`m_BufferLen` doesn't need to be updated here anymore, because the `router_info` stream includes the signature after `CreateRouterInfo` returns.
So, when it's set on [line 722](https://github.com/monero-project/kovri/pull/917/files/27f03bbdfd4b48e7714abbef348c952102fd646d#diff-b93e1f4bbdfedbfa93b91f9693a4f1ecR722), it's already the correct length.
I'll spend time working on the buffer TODO.
Hopefully, I'll have something ready by the end of this week.
src/core/router/info.cc
Outdated
| bool success = false; | ||
| try | ||
| { | ||
| std::size_t len = m_BufferLen - m_RouterIdentity.GetSignatureLen(); |
src/core/router/info.cc
Outdated
| std::size_t len = m_BufferLen - m_RouterIdentity.GetSignatureLen(); | ||
| if (len < Size::MinUnsignedBuffer) | ||
| throw std::length_error("RouterInfo: invalid RouterInfo size"); | ||
| success = |
There was a problem hiding this comment.
The bool'ing isn't necessary, the function should return void. We'll either throw or not depending on outcome of verifier's bool.
There was a problem hiding this comment.
Ok, wasn't sure if I should carry on the pattern. Will change with your recommendation.
src/core/router/info.h
Outdated
| /// @brief Verify RI signature | ||
| /// @return Success of signature verification | ||
| /// @throws std::length_error if unsigned buffer length is below minimum | ||
| bool Verify(); |
There was a problem hiding this comment.
This should also be implemented outside of the test.
There was a problem hiding this comment.
Are you referring to throwing the length exception? If so, I can add that into the buffer refactor. If not, what do you mean?
There was a problem hiding this comment.
Actually use this function Verify() outside of the test.
There was a problem hiding this comment.
Oh, understood. Maybe at the end of construction (after buffer refactor)? Will look for other places that make sense too.
|
Referencing #627. |
Sign, and append the signature, during RouterInfo creation. Referencing monero-project#627 + monero-project#917
Verify that a router has a valid signature. Referencing monero-project#627 + monero-project#917
|
Added your recommended changes, and some tests for invalid signatures. Was unsure about adding Please let me know if you would like me to make further changes. |
coneiric
changed the title
|
I added the WIP tag, and would like to rebase this on top of #926. The buffer impl there is much cleaner, and rebasing this PR is simpler than the reverse. |
Sign, and append the signature, during RouterInfo creation. Referencing monero-project#627 + monero-project#917
Verify that a router has a valid signature. Referencing monero-project#627 + monero-project#917
|
This PR is now rebased on the buffer utility changes, and will pass build checks after rebasing on a merged #935. |
coneiric
changed the title
Sign, and append the signature, during RouterInfo creation. Referencing monero-project#627 + monero-project#917
Verify that a router has a valid signature. Referencing monero-project#627 + monero-project#917
Changes rebased and pushed. Hopefully, there aren't too many corrections you need to make? Either way, thanks for your help. |
Referencing monero-project#917
Unclear contract (and auto* may as well be uint8_t*). Referencing monero-project#917
Buffer is always at least zero initialized. Referencing monero-project#917
Sanely, we would want to throw here but doing so will stop the router instead of allowing the RI to become updated. Referencing monero-project#917
Nope. It's something I should've done in the first place many PRs ago (PR'ing to your fork). coneiric#2 awaits your merge. |
Sanely, we would want to throw here but doing so will stop the router instead of allowing the RI to become updated. Referencing monero-project#917
RouterInfo: don't throw on invalid RI size
237e1f5 RouterInfo: don't throw on invalid RI size (anonimal) 18b3526 RouterInfo: don't throw when RI fails sig verify (anonimal) ed041ea RouterInfo: remove unnecessary null buffer check (anonimal) e89e992 RouterInfo: Verify: remove auto for data pointer (anonimal) 580a5b8 Tests: cleanup RI test comments (anonimal) e850f57 Tests: RouterInfo signature unit-tests (oneiric) fcee141 RouterInfo: verify signed router (oneiric) 0739336 RouterInfo: sign during router creation (oneiric)
By submitting this pull-request, I confirm the following:
Moves
RouterInfosigning into creation, before converting to a buffer. Adds signature verification and unit-test.