|
|
@ -271,19 +271,24 @@ namespace data |
|
|
|
uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds)
|
|
|
|
uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds)
|
|
|
|
SetExpirationTime ((timestamp + expires)*1000LL); // in milliseconds
|
|
|
|
SetExpirationTime ((timestamp + expires)*1000LL); // in milliseconds
|
|
|
|
uint16_t flags = bufbe16toh (buf + offset); offset += 2; // flags
|
|
|
|
uint16_t flags = bufbe16toh (buf + offset); offset += 2; // flags
|
|
|
|
std::unique_ptr<i2p::crypto::Verifier> offlineVerifier; |
|
|
|
std::unique_ptr<i2p::crypto::Verifier> transientVerifier; |
|
|
|
if (flags & 0x0001) |
|
|
|
if (flags & 0x0001) |
|
|
|
{ |
|
|
|
{ |
|
|
|
// offline key
|
|
|
|
// transient key
|
|
|
|
if (offset + 6 >= len) return; |
|
|
|
if (offset + 6 >= len) return; |
|
|
|
const uint8_t * signedData = buf + offset; |
|
|
|
const uint8_t * signedData = buf + offset; |
|
|
|
offset += 4; // expires timestamp
|
|
|
|
uint32_t expiresTimestamp = bufbe32toh (buf + offset); offset += 4; // expires timestamp
|
|
|
|
|
|
|
|
if (expiresTimestamp < i2p::util::GetSecondsSinceEpoch ()) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
LogPrint (eLogWarning, "LeaseSet2: transient key expired"); |
|
|
|
|
|
|
|
return; |
|
|
|
|
|
|
|
} |
|
|
|
uint16_t keyType = bufbe16toh (buf + offset); offset += 2; |
|
|
|
uint16_t keyType = bufbe16toh (buf + offset); offset += 2; |
|
|
|
offlineVerifier.reset (i2p::data::IdentityEx::CreateVerifier (keyType)); |
|
|
|
transientVerifier.reset (i2p::data::IdentityEx::CreateVerifier (keyType)); |
|
|
|
if (!offlineVerifier) return; |
|
|
|
if (!transientVerifier) return; |
|
|
|
auto keyLen = offlineVerifier->GetPublicKeyLen (); |
|
|
|
auto keyLen = transientVerifier->GetPublicKeyLen (); |
|
|
|
if (offset + keyLen >= len) return; |
|
|
|
if (offset + keyLen >= len) return; |
|
|
|
offlineVerifier->SetPublicKey (buf + offset); offset += keyLen; |
|
|
|
transientVerifier->SetPublicKey (buf + offset); offset += keyLen; |
|
|
|
if (offset + identity->GetSignatureLen () >= len) return; |
|
|
|
if (offset + identity->GetSignatureLen () >= len) return; |
|
|
|
if (!identity->Verify (signedData, keyLen + 6, buf + offset)) return; |
|
|
|
if (!identity->Verify (signedData, keyLen + 6, buf + offset)) return; |
|
|
|
offset += identity->GetSignatureLen (); |
|
|
|
offset += identity->GetSignatureLen (); |
|
|
@ -304,7 +309,7 @@ namespace data |
|
|
|
if (!s) return; |
|
|
|
if (!s) return; |
|
|
|
offset += s; |
|
|
|
offset += s; |
|
|
|
// verify signature
|
|
|
|
// verify signature
|
|
|
|
bool verified = offlineVerifier ? VerifySignature (offlineVerifier, buf, len, offset) : |
|
|
|
bool verified = transientVerifier ? VerifySignature (transientVerifier, buf, len, offset) : |
|
|
|
VerifySignature (identity, buf, len, offset); |
|
|
|
VerifySignature (identity, buf, len, offset); |
|
|
|
SetIsValid (verified); |
|
|
|
SetIsValid (verified); |
|
|
|
} |
|
|
|
} |
|
|
@ -414,19 +419,24 @@ namespace data |
|
|
|
uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds)
|
|
|
|
uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds)
|
|
|
|
SetExpirationTime ((timestamp + expires)*1000LL); // in milliseconds
|
|
|
|
SetExpirationTime ((timestamp + expires)*1000LL); // in milliseconds
|
|
|
|
uint16_t flags = bufbe16toh (buf + offset); offset += 2; // flags
|
|
|
|
uint16_t flags = bufbe16toh (buf + offset); offset += 2; // flags
|
|
|
|
std::unique_ptr<i2p::crypto::Verifier> offlineVerifier; |
|
|
|
std::unique_ptr<i2p::crypto::Verifier> transientVerifier; |
|
|
|
if (flags & 0x0001) |
|
|
|
if (flags & 0x0001) |
|
|
|
{ |
|
|
|
{ |
|
|
|
// offline key
|
|
|
|
// transient key
|
|
|
|
if (offset + 6 >= len) return; |
|
|
|
if (offset + 6 >= len) return; |
|
|
|
const uint8_t * signedData = buf + offset; |
|
|
|
const uint8_t * signedData = buf + offset; |
|
|
|
offset += 4; // expires timestamp
|
|
|
|
uint32_t expiresTimestamp = bufbe32toh (buf + offset); offset += 4; // expires timestamp
|
|
|
|
|
|
|
|
if (expiresTimestamp < i2p::util::GetSecondsSinceEpoch ()) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
LogPrint (eLogWarning, "LeaseSet2: transient key expired"); |
|
|
|
|
|
|
|
return; |
|
|
|
|
|
|
|
} |
|
|
|
uint16_t keyType = bufbe16toh (buf + offset); offset += 2; |
|
|
|
uint16_t keyType = bufbe16toh (buf + offset); offset += 2; |
|
|
|
offlineVerifier.reset (i2p::data::IdentityEx::CreateVerifier (keyType)); |
|
|
|
transientVerifier.reset (i2p::data::IdentityEx::CreateVerifier (keyType)); |
|
|
|
if (!offlineVerifier) return; |
|
|
|
if (!transientVerifier) return; |
|
|
|
auto keyLen = offlineVerifier->GetPublicKeyLen (); |
|
|
|
auto keyLen = transientVerifier->GetPublicKeyLen (); |
|
|
|
if (offset + keyLen >= len) return; |
|
|
|
if (offset + keyLen >= len) return; |
|
|
|
offlineVerifier->SetPublicKey (buf + offset); offset += keyLen; |
|
|
|
transientVerifier->SetPublicKey (buf + offset); offset += keyLen; |
|
|
|
if (offset + blindedVerifier->GetSignatureLen () >= len) return; |
|
|
|
if (offset + blindedVerifier->GetSignatureLen () >= len) return; |
|
|
|
if (!blindedVerifier->Verify (signedData, keyLen + 6, buf + offset)) return; |
|
|
|
if (!blindedVerifier->Verify (signedData, keyLen + 6, buf + offset)) return; |
|
|
|
offset += blindedVerifier->GetSignatureLen (); |
|
|
|
offset += blindedVerifier->GetSignatureLen (); |
|
|
@ -435,7 +445,7 @@ namespace data |
|
|
|
if (offset + 2 > len) return; |
|
|
|
if (offset + 2 > len) return; |
|
|
|
uint16_t lenOuterCiphertext = bufbe16toh (buf + offset); offset += 2 + lenOuterCiphertext; |
|
|
|
uint16_t lenOuterCiphertext = bufbe16toh (buf + offset); offset += 2 + lenOuterCiphertext; |
|
|
|
// verify signature
|
|
|
|
// verify signature
|
|
|
|
bool verified = offlineVerifier ? VerifySignature (offlineVerifier, buf, len, offset) : |
|
|
|
bool verified = transientVerifier ? VerifySignature (transientVerifier, buf, len, offset) : |
|
|
|
VerifySignature (blindedVerifier, buf, len, offset); |
|
|
|
VerifySignature (blindedVerifier, buf, len, offset); |
|
|
|
SetIsValid (verified); |
|
|
|
SetIsValid (verified); |
|
|
|
} |
|
|
|
} |
|
|
|