From 272090fc8f1727354fb87983acdd9793ce90d58a Mon Sep 17 00:00:00 2001 From: orignal Date: Tue, 28 Nov 2017 11:33:51 -0500 Subject: [PATCH] don't accept streams from RSA detinations --- libi2pd/Identity.cpp | 6 ++++++ libi2pd/Identity.h | 1 + libi2pd/RouterInfo.cpp | 5 ++--- libi2pd/Streaming.cpp | 7 +++++++ 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/libi2pd/Identity.cpp b/libi2pd/Identity.cpp index ed03b7eb..23f32bc8 100644 --- a/libi2pd/Identity.cpp +++ b/libi2pd/Identity.cpp @@ -324,6 +324,12 @@ namespace data return SIGNING_KEY_TYPE_DSA_SHA1; } + bool IdentityEx::IsRSA () const + { + auto sigType = GetSigningKeyType (); + return sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048; + } + CryptoKeyType IdentityEx::GetCryptoKeyType () const { if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4) diff --git a/libi2pd/Identity.h b/libi2pd/Identity.h index 0495b490..53ab4a7c 100644 --- a/libi2pd/Identity.h +++ b/libi2pd/Identity.h @@ -103,6 +103,7 @@ namespace data size_t GetSignatureLen () const; bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const; SigningKeyType GetSigningKeyType () const; + bool IsRSA () const; // signing key type CryptoKeyType GetCryptoKeyType () const; void DropVerifier () const; // to save memory diff --git a/libi2pd/RouterInfo.cpp b/libi2pd/RouterInfo.cpp index 7417b5ae..642373f2 100644 --- a/libi2pd/RouterInfo.cpp +++ b/libi2pd/RouterInfo.cpp @@ -133,10 +133,9 @@ namespace data if (verifySignature) { // reject RSA signatures - auto sigType = m_RouterIdentity->GetSigningKeyType (); - if (sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048) + if (m_RouterIdentity->IsRSA ()) { - LogPrint (eLogError, "RouterInfo: RSA signature type ", sigType, " is not allowed"); + LogPrint (eLogError, "RouterInfo: RSA signature type is not allowed"); m_IsUnreachable = true; return; } diff --git a/libi2pd/Streaming.cpp b/libi2pd/Streaming.cpp index ef655776..b0a08a4d 100644 --- a/libi2pd/Streaming.cpp +++ b/libi2pd/Streaming.cpp @@ -230,6 +230,13 @@ namespace stream if (flags & PACKET_FLAG_FROM_INCLUDED) { m_RemoteIdentity = std::make_shared(optionData, packet->GetOptionSize ()); + if (m_RemoteIdentity->IsRSA ()) + { + LogPrint (eLogInfo, "Streaming: Incoming stream from RSA destination ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), " Discarded"); + m_LocalDestination.DeletePacket (packet); + Terminate (); + return; + } optionData += m_RemoteIdentity->GetFullLen (); if (!m_RemoteLeaseSet) LogPrint (eLogDebug, "Streaming: Incoming stream from ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), ", sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);