// verifySettings reads a signed HostSettings object from conn, validates the
// signature, and checks for discrepancies between the known settings and the
// received settings. If there is a discrepancy, the hostDB is notified. The
// received settings are returned.
func verifySettings(conn net.Conn, host modules.HostDBEntry) (modules.HostDBEntry, error) {
// convert host key (types.SiaPublicKey) to a crypto.PublicKey
if host.PublicKey.Algorithm != types.SignatureEd25519 || len(host.PublicKey.Key) != crypto.PublicKeySize {
build.Critical("hostdb did not filter out host with wrong signature algorithm:", host.PublicKey.Algorithm)
return modules.HostDBEntry{}, errors.New("host used unsupported signature algorithm")
}
var pk crypto.PublicKey
copy(pk[:], host.PublicKey.Key)
// read signed host settings
var recvSettings modules.HostExternalSettings
if err := crypto.ReadSignedObject(conn, &recvSettings, modules.NegotiateMaxHostExternalSettingsLen, pk); err != nil {
return modules.HostDBEntry{}, errors.New("couldn't read host's settings: " + err.Error())
}
// TODO: check recvSettings against host.HostExternalSettings. If there is
// a discrepancy, write the error to conn.
if recvSettings.NetAddress != host.NetAddress {
// for now, just overwrite the NetAddress, since we know that
// host.NetAddress works (it was the one we dialed to get conn)
recvSettings.NetAddress = host.NetAddress
}
host.HostExternalSettings = recvSettings
return host, nil
}
