PurpleI2P/i2pd
1
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-22 08:14:15 +00:00
Code Issues Releases Activity

check LS2 transient key expires time

Browse Source
This commit is contained in:
orignal 2019-01-15 18:56:26 -05:00
parent b89cf73ae2
commit 468a32a819
1 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
libi2pd/LeaseSet.cpp
View File

@ -271,19 +271,24 @@ namespace data
uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds) uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds)
SetExpirationTime ((timestamp + expires)*1000LL); // in milliseconds SetExpirationTime ((timestamp + expires)*1000LL); // in milliseconds
uint16_t flags = bufbe16toh (buf + offset); offset += 2; // flags uint16_t flags = bufbe16toh (buf + offset); offset += 2; // flags
std::unique_ptr<i2p::crypto::Verifier> offlineVerifier; std::unique_ptr<i2p::crypto::Verifier> transientVerifier;
if (flags & 0x0001) if (flags & 0x0001)
{ {
// offline key // transient key
if (offset + 6 >= len) return; if (offset + 6 >= len) return;
const uint8_t * signedData = buf + offset; const uint8_t * signedData = buf + offset;
offset += 4; // expires timestamp uint32_t expiresTimestamp = bufbe32toh (buf + offset); offset += 4; // expires timestamp
if (expiresTimestamp < i2p::util::GetSecondsSinceEpoch ())
{
LogPrint (eLogWarning, "LeaseSet2: transient key expired");
return;
}
uint16_t keyType = bufbe16toh (buf + offset); offset += 2; uint16_t keyType = bufbe16toh (buf + offset); offset += 2;
offlineVerifier.reset (i2p::data::IdentityEx::CreateVerifier (keyType)); transientVerifier.reset (i2p::data::IdentityEx::CreateVerifier (keyType));
if (!offlineVerifier) return; if (!transientVerifier) return;
auto keyLen = offlineVerifier->GetPublicKeyLen (); auto keyLen = transientVerifier->GetPublicKeyLen ();
if (offset + keyLen >= len) return; if (offset + keyLen >= len) return;
offlineVerifier->SetPublicKey (buf + offset); offset += keyLen; transientVerifier->SetPublicKey (buf + offset); offset += keyLen;
if (offset + identity->GetSignatureLen () >= len) return; if (offset + identity->GetSignatureLen () >= len) return;
if (!identity->Verify (signedData, keyLen + 6, buf + offset)) return; if (!identity->Verify (signedData, keyLen + 6, buf + offset)) return;
offset += identity->GetSignatureLen (); offset += identity->GetSignatureLen ();
@ -304,7 +309,7 @@ namespace data
if (!s) return; if (!s) return;
offset += s; offset += s;
// verify signature // verify signature
bool verified = offlineVerifier ? VerifySignature (offlineVerifier, buf, len, offset) : bool verified = transientVerifier ? VerifySignature (transientVerifier, buf, len, offset) :
VerifySignature (identity, buf, len, offset); VerifySignature (identity, buf, len, offset);
SetIsValid (verified); SetIsValid (verified);
} }
@ -414,19 +419,24 @@ namespace data
uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds) uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds)
SetExpirationTime ((timestamp + expires)*1000LL); // in milliseconds SetExpirationTime ((timestamp + expires)*1000LL); // in milliseconds
uint16_t flags = bufbe16toh (buf + offset); offset += 2; // flags uint16_t flags = bufbe16toh (buf + offset); offset += 2; // flags
std::unique_ptr<i2p::crypto::Verifier> offlineVerifier; std::unique_ptr<i2p::crypto::Verifier> transientVerifier;
if (flags & 0x0001) if (flags & 0x0001)
{ {
// offline key // transient key
if (offset + 6 >= len) return; if (offset + 6 >= len) return;
const uint8_t * signedData = buf + offset; const uint8_t * signedData = buf + offset;
offset += 4; // expires timestamp uint32_t expiresTimestamp = bufbe32toh (buf + offset); offset += 4; // expires timestamp
if (expiresTimestamp < i2p::util::GetSecondsSinceEpoch ())
{
LogPrint (eLogWarning, "LeaseSet2: transient key expired");
return;
}
uint16_t keyType = bufbe16toh (buf + offset); offset += 2; uint16_t keyType = bufbe16toh (buf + offset); offset += 2;
offlineVerifier.reset (i2p::data::IdentityEx::CreateVerifier (keyType)); transientVerifier.reset (i2p::data::IdentityEx::CreateVerifier (keyType));
if (!offlineVerifier) return; if (!transientVerifier) return;
auto keyLen = offlineVerifier->GetPublicKeyLen (); auto keyLen = transientVerifier->GetPublicKeyLen ();
if (offset + keyLen >= len) return; if (offset + keyLen >= len) return;
offlineVerifier->SetPublicKey (buf + offset); offset += keyLen; transientVerifier->SetPublicKey (buf + offset); offset += keyLen;
if (offset + blindedVerifier->GetSignatureLen () >= len) return; if (offset + blindedVerifier->GetSignatureLen () >= len) return;
if (!blindedVerifier->Verify (signedData, keyLen + 6, buf + offset)) return; if (!blindedVerifier->Verify (signedData, keyLen + 6, buf + offset)) return;
offset += blindedVerifier->GetSignatureLen (); offset += blindedVerifier->GetSignatureLen ();
@ -435,7 +445,7 @@ namespace data
if (offset + 2 > len) return; if (offset + 2 > len) return;
uint16_t lenOuterCiphertext = bufbe16toh (buf + offset); offset += 2 + lenOuterCiphertext; uint16_t lenOuterCiphertext = bufbe16toh (buf + offset); offset += 2 + lenOuterCiphertext;
// verify signature // verify signature
bool verified = offlineVerifier ? VerifySignature (offlineVerifier, buf, len, offset) : bool verified = transientVerifier ? VerifySignature (transientVerifier, buf, len, offset) :
VerifySignature (blindedVerifier, buf, len, offset); VerifySignature (blindedVerifier, buf, len, offset);
SetIsValid (verified); SetIsValid (verified);
} }