fluencelabs/tendermint
1
0
Fork 0
mirror of https://github.com/fluencelabs/tendermint synced 2025-06-29 04:31:44 +00:00
Code Issues Projects Releases Wiki Activity

config: toggle authenticated encryption

Browse Source
This commit is contained in:
Ethan Buchman
2016-03-10 19:07:01 -05:00
parent 1bc871162d
commit 389e4b8b69
2 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config.go
View File

@ -14,6 +14,8 @@ func init() {
initConfigureable(recvRateKey, 512000) // 500KB/s initConfigureable(recvRateKey, 512000) // 500KB/s
initConfigureable(maxPayloadSizeKey, 1024) initConfigureable(maxPayloadSizeKey, 1024)
initConfigureable(authEncKey, true)
cfg.OnConfig(func(newConfig cfg.Config) { cfg.OnConfig(func(newConfig cfg.Config) {
config = newConfig config = newConfig

13
switch.go
View File

@ -75,6 +75,7 @@ const (
dialTimeoutKey = "p2p_dial_timeout_seconds" dialTimeoutKey = "p2p_dial_timeout_seconds"
handshakeTimeoutKey = "p2p_handshake_timeout_seconds" handshakeTimeoutKey = "p2p_handshake_timeout_seconds"
maxNumPeersKey = "p2p_max_num_peers" maxNumPeersKey = "p2p_max_num_peers"
authEncKey = "p2p_authenticated_encryption"
) )
func NewSwitch() *Switch { func NewSwitch() *Switch {
@ -198,22 +199,28 @@ func (sw *Switch) AddPeerWithConnection(conn net.Conn, outbound bool) (*Peer, er
conn.SetDeadline(time.Now().Add(time.Duration(config.GetInt(handshakeTimeoutKey)) * time.Second)) conn.SetDeadline(time.Now().Add(time.Duration(config.GetInt(handshakeTimeoutKey)) * time.Second))
// First, encrypt the connection. // First, encrypt the connection.
sconn, err := MakeSecretConnection(conn, sw.nodePrivKey) var sconn net.Conn = conn
if config.GetBool(authEncKey) {
var err error
sconn, err = MakeSecretConnection(conn, sw.nodePrivKey)
if err != nil { if err != nil {
conn.Close() conn.Close()
return nil, err return nil, err
} }
}
// Then, perform node handshake // Then, perform node handshake
peerNodeInfo, err := peerHandshake(sconn, sw.nodeInfo) peerNodeInfo, err := peerHandshake(sconn, sw.nodeInfo)
if err != nil { if err != nil {
sconn.Close() sconn.Close()
return nil, err return nil, err
} }
if config.GetBool("p2p_authenticated_encryption") {
// Check that the professed PubKey matches the sconn's. // Check that the professed PubKey matches the sconn's.
if !peerNodeInfo.PubKey.Equals(sconn.RemotePubKey()) { if !peerNodeInfo.PubKey.Equals(sconn.(*SecretConnection).RemotePubKey()) {
sconn.Close() sconn.Close()
return nil, fmt.Errorf("Ignoring connection with unmatching pubkey: %v vs %v", return nil, fmt.Errorf("Ignoring connection with unmatching pubkey: %v vs %v",
peerNodeInfo.PubKey, sconn.RemotePubKey()) peerNodeInfo.PubKey, sconn.(*SecretConnection).RemotePubKey())
}
} }
// Avoid self // Avoid self
if peerNodeInfo.PubKey.Equals(sw.nodeInfo.PubKey) { if peerNodeInfo.PubKey.Equals(sw.nodeInfo.PubKey) {