Better error logging messages on invalid signatures

freelan-developers · Jan 1, 2019 · 8eb35a9 · 8eb35a9
1 parent d0740d8
commit 8eb35a9
Showing 1 changed file with 22 additions and 18 deletions.
diff --git a/libs/fscp/src/server.cpp b/libs/fscp/src/server.cpp
@@ -1691,23 +1691,25 @@ namespace fscp
 		}
 
 		// We make sure the signatures matches.
-		bool check_ok = false;
-
 		if (!!m_presentation_store_map[sender].signature_certificate())
 		{
-			check_ok = _session_request_message.check_signature(m_presentation_store_map[sender].signature_certificate().public_key());
+			 if (!_session_request_message.check_signature(m_presentation_store_map[sender].signature_certificate().public_key()))
+			 {
+				 m_logger(log_level::trace) << "Received a SESSION_REQUEST from " << sender << " with an invalid asymmetric signature. Ignoring.";
+
+				 return;
+			 }
 		}
 		else
 		{
 			const auto psk = m_presentation_store_map[sender].pre_shared_key();
-			check_ok = _session_request_message.check_signature(buffer_cast<const uint8_t*>(psk), buffer_size(psk));
-		}
 
-		if (!check_ok)
-		{
-			m_logger(log_level::trace) << "Received a SESSION_REQUEST from " << sender << " with an invalid signature. Ignoring.";
+			if (!_session_request_message.check_signature(buffer_cast<const uint8_t*>(psk), buffer_size(psk)))
+			{
+				 m_logger(log_level::trace) << "Received a SESSION_REQUEST from " << sender << " with an invalid HMAC signature. Ignoring.";
 
-			return;
+				 return;
+			}
 		}
 
 		// The make_shared_buffer_handler() call below is necessary so that the reference to session_request_message remains valid.
@@ -1965,23 +1967,25 @@ namespace fscp
 		}
 
 		// We make sure the signatures matches.
-		bool check_ok = false;
-
 		if (!!m_presentation_store_map[sender].signature_certificate())
 		{
-			check_ok = _session_message.check_signature(m_presentation_store_map[sender].signature_certificate().public_key());
+			if (!_session_message.check_signature(m_presentation_store_map[sender].signature_certificate().public_key()))
+			{
+				m_logger(log_level::trace) << "Received a SESSION from " << sender << " with an invalid asymmetric signature. Ignoring.";
+
+				return;
+			}
 		}
 		else
 		{
 			const auto psk = m_presentation_store_map[sender].pre_shared_key();
-			check_ok = _session_message.check_signature(buffer_cast<const uint8_t*>(psk), buffer_size(psk));
-		}
 
-		if (!check_ok)
-		{
-			m_logger(log_level::trace) << "Received a SESSION from " << sender << " with an invalid signature. Ignoring.";
+			if (!_session_message.check_signature(buffer_cast<const uint8_t*>(psk), buffer_size(psk)))
+			{
+				m_logger(log_level::trace) << "Received a SESSION from " << sender << " with an invalid HMAC signature. Ignoring.";
 
-			return;
+				return;
+			}
 		}
 
 		m_session_strand.post(