From 0c34bd440b648f2f0db9bde28cc93b3a69affab6 Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 13 Nov 2017 11:25:42 -0500 Subject: [PATCH] reject routers with RSA signatures --- libi2pd/RouterInfo.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libi2pd/RouterInfo.cpp b/libi2pd/RouterInfo.cpp index f0ad1b88..7417b5ae 100644 --- a/libi2pd/RouterInfo.cpp +++ b/libi2pd/RouterInfo.cpp @@ -132,6 +132,14 @@ namespace data } if (verifySignature) { + // reject RSA signatures + auto sigType = m_RouterIdentity->GetSigningKeyType (); + if (sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048) + { + LogPrint (eLogError, "RouterInfo: RSA signature type ", sigType, " is not allowed"); + m_IsUnreachable = true; + return; + } // verify signature int l = m_BufferLen - m_RouterIdentity->GetSignatureLen (); if (l < 0 || !m_RouterIdentity->Verify ((uint8_t *)m_Buffer, l, (uint8_t *)m_Buffer + l))