1
0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-23 05:06:31 +00:00

don't accept streams from RSA detinations

This commit is contained in:
orignal 2017-11-28 11:33:51 -05:00
parent ab6bc52a0f
commit 272090fc8f
4 changed files with 16 additions and 3 deletions

View File

@ -324,6 +324,12 @@ namespace data
return SIGNING_KEY_TYPE_DSA_SHA1;
}
bool IdentityEx::IsRSA () const
{
auto sigType = GetSigningKeyType ();
return sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048;
}
CryptoKeyType IdentityEx::GetCryptoKeyType () const
{
if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4)

View File

@ -103,6 +103,7 @@ namespace data
size_t GetSignatureLen () const;
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
SigningKeyType GetSigningKeyType () const;
bool IsRSA () const; // signing key type
CryptoKeyType GetCryptoKeyType () const;
void DropVerifier () const; // to save memory

View File

@ -133,10 +133,9 @@ namespace data
if (verifySignature)
{
// reject RSA signatures
auto sigType = m_RouterIdentity->GetSigningKeyType ();
if (sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048)
if (m_RouterIdentity->IsRSA ())
{
LogPrint (eLogError, "RouterInfo: RSA signature type ", sigType, " is not allowed");
LogPrint (eLogError, "RouterInfo: RSA signature type is not allowed");
m_IsUnreachable = true;
return;
}

View File

@ -230,6 +230,13 @@ namespace stream
if (flags & PACKET_FLAG_FROM_INCLUDED)
{
m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, packet->GetOptionSize ());
if (m_RemoteIdentity->IsRSA ())
{
LogPrint (eLogInfo, "Streaming: Incoming stream from RSA destination ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), " Discarded");
m_LocalDestination.DeletePacket (packet);
Terminate ();
return;
}
optionData += m_RemoteIdentity->GetFullLen ();
if (!m_RemoteLeaseSet)
LogPrint (eLogDebug, "Streaming: Incoming stream from ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), ", sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);