dandri/i2pd
1
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2026-05-14 20:35:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

handle incoming packets with ML-DSA signature

Browse Source
This commit is contained in:
orignal
2025-04-21 21:25:51 -04:00
parent 9bd2b8df76
commit 724d8bde4e
4 changed files with 40 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libi2pd/Streaming.cpp
+31 -18
View File
@@ -450,29 +450,42 @@ namespace stream
if (flags & PACKET_FLAG_SIGNATURE_INCLUDED)
{
uint8_t signature[256];
bool verified = false;
auto signatureLen = m_TransientVerifier ? m_TransientVerifier->GetSignatureLen () : m_RemoteIdentity->GetSignatureLen ();
if(signatureLen <= sizeof(signature))
{
memcpy (signature, optionData, signatureLen);
memset (const_cast<uint8_t *>(optionData), 0, signatureLen);
bool verified = m_TransientVerifier ?
m_TransientVerifier->Verify (packet->GetBuffer (), packet->GetLength (), signature) :
m_RemoteIdentity->Verify (packet->GetBuffer (), packet->GetLength (), signature);
if (!verified)
{
LogPrint (eLogError, "Streaming: Signature verification failed, sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);
Close ();
flags |= PACKET_FLAG_CLOSE;
}
memcpy (const_cast<uint8_t *>(optionData), signature, signatureLen);
optionData += signatureLen;
}
else
if (signatureLen > packet->GetLength ())
{
LogPrint (eLogError, "Streaming: Signature too big, ", signatureLen, " bytes");
return false;
}
if(signatureLen <= 256)
{
// standard
uint8_t signature[256];
memcpy (signature, optionData, signatureLen);
memset (const_cast<uint8_t *>(optionData), 0, signatureLen);
verified = m_TransientVerifier ?
m_TransientVerifier->Verify (packet->GetBuffer (), packet->GetLength (), signature) :
m_RemoteIdentity->Verify (packet->GetBuffer (), packet->GetLength (), signature);
if (verified)
memcpy (const_cast<uint8_t *>(optionData), signature, signatureLen);
}
else
{
// post quantum
std::vector<uint8_t> signature(signatureLen);
memcpy (signature.data (), optionData, signatureLen);
memset (const_cast<uint8_t *>(optionData), 0, signatureLen);
verified = m_TransientVerifier ?
m_TransientVerifier->Verify (packet->GetBuffer (), packet->GetLength (), signature.data ()) :
m_RemoteIdentity->Verify (packet->GetBuffer (), packet->GetLength (), signature.data ());
}
if (verified)
optionData += signatureLen;
else
{
LogPrint (eLogError, "Streaming: Signature verification failed, sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);
return false;
}
}
if (immediateAckRequested)
SendQuickAck ();