PurpleI2P
/
i2pd
mirror of https://github.com/PurpleI2P/i2pd.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

don't accept streams from RSA detinations

pull/1019/head
orignal 7 years ago
parent
ab6bc52a0f
commit
272090fc8f
4 changed files with 16 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      libi2pd/Identity.cpp
  2. 1
      libi2pd/Identity.h
  3. 5
      libi2pd/RouterInfo.cpp
  4. 7
      libi2pd/Streaming.cpp

6
libi2pd/Identity.cpp
Unescape View File

@ -324,6 +324,12 @@ namespace data @@ -324,6 +324,12 @@ namespace data
return SIGNING_KEY_TYPE_DSA_SHA1;
}
bool IdentityEx::IsRSA () const
{
auto sigType = GetSigningKeyType ();
return sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048;
}
CryptoKeyType IdentityEx::GetCryptoKeyType () const
{
if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4)

1
libi2pd/Identity.h
Unescape View File

@ -103,6 +103,7 @@ namespace data @@ -103,6 +103,7 @@ namespace data
size_t GetSignatureLen () const;
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
SigningKeyType GetSigningKeyType () const;
bool IsRSA () const; // signing key type
CryptoKeyType GetCryptoKeyType () const;
void DropVerifier () const; // to save memory

5
libi2pd/RouterInfo.cpp
Unescape View File

@ -133,10 +133,9 @@ namespace data @@ -133,10 +133,9 @@ namespace data
if (verifySignature)
{
// reject RSA signatures
auto sigType = m_RouterIdentity->GetSigningKeyType ();
if (sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048)
if (m_RouterIdentity->IsRSA ())
{
LogPrint (eLogError, "RouterInfo: RSA signature type ", sigType, " is not allowed");
LogPrint (eLogError, "RouterInfo: RSA signature type is not allowed");
m_IsUnreachable = true;
return;
}

7
libi2pd/Streaming.cpp
Unescape View File

@ -230,6 +230,13 @@ namespace stream @@ -230,6 +230,13 @@ namespace stream
if (flags & PACKET_FLAG_FROM_INCLUDED)
{
m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, packet->GetOptionSize ());
if (m_RemoteIdentity->IsRSA ())
{
LogPrint (eLogInfo, "Streaming: Incoming stream from RSA destination ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), " Discarded");
m_LocalDestination.DeletePacket (packet);
Terminate ();
return;
}
optionData += m_RemoteIdentity->GetFullLen ();
if (!m_RemoteLeaseSet)
LogPrint (eLogDebug, "Streaming: Incoming stream from ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), ", sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);

Write Preview
Loading…
Cancel
Save