Browse Source

don't accept streams from RSA detinations

pull/1019/head
orignal 7 years ago
parent
commit
272090fc8f
  1. 6
      libi2pd/Identity.cpp
  2. 1
      libi2pd/Identity.h
  3. 5
      libi2pd/RouterInfo.cpp
  4. 7
      libi2pd/Streaming.cpp

6
libi2pd/Identity.cpp

@ -324,6 +324,12 @@ namespace data
return SIGNING_KEY_TYPE_DSA_SHA1; return SIGNING_KEY_TYPE_DSA_SHA1;
} }
bool IdentityEx::IsRSA () const
{
auto sigType = GetSigningKeyType ();
return sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048;
}
CryptoKeyType IdentityEx::GetCryptoKeyType () const CryptoKeyType IdentityEx::GetCryptoKeyType () const
{ {
if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4) if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4)

1
libi2pd/Identity.h

@ -103,6 +103,7 @@ namespace data
size_t GetSignatureLen () const; size_t GetSignatureLen () const;
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const; bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
SigningKeyType GetSigningKeyType () const; SigningKeyType GetSigningKeyType () const;
bool IsRSA () const; // signing key type
CryptoKeyType GetCryptoKeyType () const; CryptoKeyType GetCryptoKeyType () const;
void DropVerifier () const; // to save memory void DropVerifier () const; // to save memory

5
libi2pd/RouterInfo.cpp

@ -133,10 +133,9 @@ namespace data
if (verifySignature) if (verifySignature)
{ {
// reject RSA signatures // reject RSA signatures
auto sigType = m_RouterIdentity->GetSigningKeyType (); if (m_RouterIdentity->IsRSA ())
if (sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048)
{ {
LogPrint (eLogError, "RouterInfo: RSA signature type ", sigType, " is not allowed"); LogPrint (eLogError, "RouterInfo: RSA signature type is not allowed");
m_IsUnreachable = true; m_IsUnreachable = true;
return; return;
} }

7
libi2pd/Streaming.cpp

@ -230,6 +230,13 @@ namespace stream
if (flags & PACKET_FLAG_FROM_INCLUDED) if (flags & PACKET_FLAG_FROM_INCLUDED)
{ {
m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, packet->GetOptionSize ()); m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, packet->GetOptionSize ());
if (m_RemoteIdentity->IsRSA ())
{
LogPrint (eLogInfo, "Streaming: Incoming stream from RSA destination ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), " Discarded");
m_LocalDestination.DeletePacket (packet);
Terminate ();
return;
}
optionData += m_RemoteIdentity->GetFullLen (); optionData += m_RemoteIdentity->GetFullLen ();
if (!m_RemoteLeaseSet) if (!m_RemoteLeaseSet)
LogPrint (eLogDebug, "Streaming: Incoming stream from ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), ", sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID); LogPrint (eLogDebug, "Streaming: Incoming stream from ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), ", sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);

Loading…
Cancel
Save