mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2025-01-23 13:24:20 +00:00
don't accept streams from RSA detinations
This commit is contained in:
parent
ab6bc52a0f
commit
272090fc8f
@ -324,6 +324,12 @@ namespace data
|
|||||||
return SIGNING_KEY_TYPE_DSA_SHA1;
|
return SIGNING_KEY_TYPE_DSA_SHA1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool IdentityEx::IsRSA () const
|
||||||
|
{
|
||||||
|
auto sigType = GetSigningKeyType ();
|
||||||
|
return sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048;
|
||||||
|
}
|
||||||
|
|
||||||
CryptoKeyType IdentityEx::GetCryptoKeyType () const
|
CryptoKeyType IdentityEx::GetCryptoKeyType () const
|
||||||
{
|
{
|
||||||
if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4)
|
if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4)
|
||||||
|
@ -103,6 +103,7 @@ namespace data
|
|||||||
size_t GetSignatureLen () const;
|
size_t GetSignatureLen () const;
|
||||||
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
|
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
|
||||||
SigningKeyType GetSigningKeyType () const;
|
SigningKeyType GetSigningKeyType () const;
|
||||||
|
bool IsRSA () const; // signing key type
|
||||||
CryptoKeyType GetCryptoKeyType () const;
|
CryptoKeyType GetCryptoKeyType () const;
|
||||||
void DropVerifier () const; // to save memory
|
void DropVerifier () const; // to save memory
|
||||||
|
|
||||||
|
@ -133,10 +133,9 @@ namespace data
|
|||||||
if (verifySignature)
|
if (verifySignature)
|
||||||
{
|
{
|
||||||
// reject RSA signatures
|
// reject RSA signatures
|
||||||
auto sigType = m_RouterIdentity->GetSigningKeyType ();
|
if (m_RouterIdentity->IsRSA ())
|
||||||
if (sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048)
|
|
||||||
{
|
{
|
||||||
LogPrint (eLogError, "RouterInfo: RSA signature type ", sigType, " is not allowed");
|
LogPrint (eLogError, "RouterInfo: RSA signature type is not allowed");
|
||||||
m_IsUnreachable = true;
|
m_IsUnreachable = true;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -230,6 +230,13 @@ namespace stream
|
|||||||
if (flags & PACKET_FLAG_FROM_INCLUDED)
|
if (flags & PACKET_FLAG_FROM_INCLUDED)
|
||||||
{
|
{
|
||||||
m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, packet->GetOptionSize ());
|
m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, packet->GetOptionSize ());
|
||||||
|
if (m_RemoteIdentity->IsRSA ())
|
||||||
|
{
|
||||||
|
LogPrint (eLogInfo, "Streaming: Incoming stream from RSA destination ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), " Discarded");
|
||||||
|
m_LocalDestination.DeletePacket (packet);
|
||||||
|
Terminate ();
|
||||||
|
return;
|
||||||
|
}
|
||||||
optionData += m_RemoteIdentity->GetFullLen ();
|
optionData += m_RemoteIdentity->GetFullLen ();
|
||||||
if (!m_RemoteLeaseSet)
|
if (!m_RemoteLeaseSet)
|
||||||
LogPrint (eLogDebug, "Streaming: Incoming stream from ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), ", sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);
|
LogPrint (eLogDebug, "Streaming: Incoming stream from ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), ", sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user