From 7c535159bc442b2ad539c4eb22eda00b018cc47d Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Sun, 30 Apr 2023 20:05:35 -0400
Subject: [PATCH] static keys table

---
 libi2pd/NTCP2.cpp       |  1 +
 libi2pd/Profiling.cpp   | 28 ++++++++++++++++++++++++++++
 libi2pd/Profiling.h     |  4 ++++
 libi2pd/SSU2Session.cpp |  1 +
 libi2pd/Transports.cpp  | 15 +++++++++++++++
 5 files changed, 49 insertions(+)

diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp
index 91bc9b3d..aceef0f5 100644
--- a/libi2pd/NTCP2.cpp
+++ b/libi2pd/NTCP2.cpp
@@ -714,6 +714,7 @@ namespace transport
 						Terminate ();
 						return;
 					}
+					i2p::data::UpdateStaticKey (addr->s, ri.GetIdentHash ()); // good static key
 					i2p::data::netdb.PostI2NPMsg (CreateI2NPMessage (eI2NPDummyMsg, buf.data () + 3, size)); // TODO: should insert ri and not parse it twice
 					// TODO: process options
 
diff --git a/libi2pd/Profiling.cpp b/libi2pd/Profiling.cpp
index 311d1c86..3144bd9c 100644
--- a/libi2pd/Profiling.cpp
+++ b/libi2pd/Profiling.cpp
@@ -301,5 +301,33 @@ namespace data
 			}
 		}
 	}
+		
+// 	static keys
+
+	struct StaticKeyProfile
+	{
+		i2p::data::IdentHash ident;
+		boost::posix_time::ptime lastUpdateTime;
+	};		
+	//static i2p::fs::HashedStorage g_StaticKeysProfilesStorage("statickeysProfiles", "s", "statickey-", "txt");
+	static std::unordered_map<i2p::data::Tag<32>, std::shared_ptr<StaticKeyProfile> > g_StaticKeysProfiles;	
+	static std::mutex g_StaticKeysProfilesMutex;	
+
+	bool CheckStaticKey (const i2p::data::Tag<32>& staticKey, const i2p::data::IdentHash& ident)
+	{
+		std::unique_lock<std::mutex> l(g_StaticKeysProfilesMutex);
+		auto it = g_StaticKeysProfiles.find (staticKey);
+		if (it != g_StaticKeysProfiles.end ())
+			return it->second->ident == ident;
+		return true;
+	}	
+
+	void UpdateStaticKey (const i2p::data::Tag<32>& staticKey, const i2p::data::IdentHash& ident)
+	{
+		std::unique_lock<std::mutex> l(g_StaticKeysProfilesMutex);
+		auto res = g_StaticKeysProfiles.emplace (staticKey, std::make_shared<StaticKeyProfile>(StaticKeyProfile{ident, GetTime ()}));
+		if (!res.second)
+			res.first->second->lastUpdateTime = GetTime ();
+	}	
 }
 }
diff --git a/libi2pd/Profiling.h b/libi2pd/Profiling.h
index 752d6190..2f60f961 100644
--- a/libi2pd/Profiling.h
+++ b/libi2pd/Profiling.h
@@ -85,6 +85,10 @@ namespace data
 	void DeleteObsoleteProfiles ();
 	void SaveProfiles ();
 	void PersistProfiles ();
+
+	// static keys
+	bool CheckStaticKey (const i2p::data::Tag<32>& staticKey, const i2p::data::IdentHash& ident);
+	void UpdateStaticKey (const i2p::data::Tag<32>& staticKey, const i2p::data::IdentHash& ident);
 }
 }
 
diff --git a/libi2pd/SSU2Session.cpp b/libi2pd/SSU2Session.cpp
index 47d59ea4..46319bd9 100644
--- a/libi2pd/SSU2Session.cpp
+++ b/libi2pd/SSU2Session.cpp
@@ -1073,6 +1073,7 @@ namespace transport
 			return false;
 		}
 		SetRemoteIdentity (ri->GetRouterIdentity ());
+		i2p::data::UpdateStaticKey (m_Address->s, ri->GetIdentHash ()); // good static key
 		AdjustMaxPayloadSize ();
 		m_Server.AddSessionByRouterHash (shared_from_this ()); // we know remote router now
 		m_RemoteTransports = ri->GetCompatibleTransports (false);
diff --git a/libi2pd/Transports.cpp b/libi2pd/Transports.cpp
index c6e9f372..5693719c 100644
--- a/libi2pd/Transports.cpp
+++ b/libi2pd/Transports.cpp
@@ -507,6 +507,11 @@ namespace transport
 							peer.router->GetPublishedNTCP2V6Address () : peer.router->GetPublishedNTCP2V4Address ();
 						if (address && m_CheckReserved && i2p::util::net::IsInReservedRange(address->host))
 							address = nullptr;
+						if (address && !i2p::data::CheckStaticKey (address->s, ident))
+						{
+							LogPrint (eLogWarning, "Transports: NTCP2 address static key router mismatch ", ident.ToBase64 ());
+							address = nullptr;
+						}	
 						if (address)
 						{
 							auto s = std::make_shared<NTCP2Session> (*m_NTCP2Server, peer.router, address);
@@ -526,6 +531,11 @@ namespace transport
 							peer.router->GetSSU2V6Address () : peer.router->GetSSU2V4Address ();
 						if (address && m_CheckReserved && i2p::util::net::IsInReservedRange(address->host))
 							address = nullptr;
+						if (address && !i2p::data::CheckStaticKey (address->s, ident))
+						{
+							LogPrint (eLogWarning, "Transports: SSU2 address static key router mismatch ", ident.ToBase64 ());
+							address = nullptr;
+						}	
 						if (address && address->IsReachableSSU ())
 						{
 							if (m_SSU2Server->CreateSession (peer.router, address))
@@ -537,6 +547,11 @@ namespace transport
 					{
 						if (!m_NTCP2Server) continue;
 						auto address = peer.router->GetYggdrasilAddress ();
+						if (address && !i2p::data::CheckStaticKey (address->s, ident))
+						{
+							LogPrint (eLogWarning, "Transports: Yggdrasil address static key router mismatch ", ident.ToBase64 ());
+							address = nullptr;
+						}	
 						if (address)
 						{
 							auto s = std::make_shared<NTCP2Session> (*m_NTCP2Server, peer.router, address);