From 9b8460cffa3f1225dcdd7e649fdf31e9bb80c3d0 Mon Sep 17 00:00:00 2001 From: orignal Date: Fri, 22 Aug 2014 19:47:29 -0400 Subject: [PATCH] verify streaming packet signature --- Identity.cpp | 10 +++++++++- Identity.h | 1 + Streaming.cpp | 25 +++++++++++++++++-------- Streaming.h | 2 +- 4 files changed, 28 insertions(+), 10 deletions(-) diff --git a/Identity.cpp b/Identity.cpp index f9cfc40d..d4b0d719 100644 --- a/Identity.cpp +++ b/Identity.cpp @@ -107,7 +107,15 @@ namespace data return m_Verifier->GetPublicKeyLen (); return 128; } - + + size_t IdentityEx::GetSignatureLen () + { + if (!m_Verifier) + CreateVerifier (); + if (m_Verifier) + return m_Verifier->GetSignatureLen (); + return 40; + } bool IdentityEx::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) { if (!m_Verifier) diff --git a/Identity.h b/Identity.h index 631aea71..5be25e09 100644 --- a/Identity.h +++ b/Identity.h @@ -115,6 +115,7 @@ namespace data const IdentHash& GetIdentHash () const { return m_IdentHash; }; size_t GetFullLen () const { return m_ExtendedLen + DEFAULT_IDENTITY_SIZE; }; size_t GetSigningPublicKeyLen (); + size_t GetSignatureLen (); bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature); private: diff --git a/Streaming.cpp b/Streaming.cpp index 3279484a..7d168ef4 100644 --- a/Streaming.cpp +++ b/Streaming.cpp @@ -132,9 +132,7 @@ namespace stream const uint8_t * optionData = packet->GetOptionData (); if (flags & PACKET_FLAG_SYNCHRONIZE) - { LogPrint ("Synchronize"); - } if (flags & PACKET_FLAG_DELAY_REQUESTED) { @@ -143,10 +141,10 @@ namespace stream if (flags & PACKET_FLAG_FROM_INCLUDED) { - optionData += m_RemoteIdentity.FromBuffer (optionData, i2p::data::DEFAULT_IDENTITY_SIZE); - LogPrint ("From identity ", m_RemoteIdentity.Hash ().ToBase64 ()); + optionData += m_RemoteIdentity.FromBuffer (optionData, packet->GetOptionSize ()); + LogPrint ("From identity ", m_RemoteIdentity.GetIdentHash ().ToBase64 ()); if (!m_RemoteLeaseSet) - LogPrint ("Incoming stream from ", m_RemoteIdentity.Hash ().ToBase64 ()); + LogPrint ("Incoming stream from ", m_RemoteIdentity.GetIdentHash ().ToBase64 ()); } if (flags & PACKET_FLAG_MAX_PACKET_SIZE_INCLUDED) @@ -159,7 +157,18 @@ namespace stream if (flags & PACKET_FLAG_SIGNATURE_INCLUDED) { LogPrint ("Signature"); - optionData += 40; + uint8_t signature[256]; + auto signatureLen = m_RemoteIdentity.GetSignatureLen (); + memcpy (signature, optionData, signatureLen); + memset (const_cast(optionData), 0, signatureLen); + if (!m_RemoteIdentity.Verify (packet->GetBuffer (), packet->GetLength (), signature)) + { + LogPrint ("Signature verification failed"); + Close (); + flags |= PACKET_FLAG_CLOSE; + } + memcpy (const_cast(optionData), signature, signatureLen); + optionData += signatureLen; } packet->offset = packet->GetPayload () - packet->buf; @@ -473,9 +482,9 @@ namespace stream { if (!m_RemoteLeaseSet) { - m_RemoteLeaseSet = i2p::data::netdb.FindLeaseSet (m_RemoteIdentity.Hash ()); + m_RemoteLeaseSet = i2p::data::netdb.FindLeaseSet (m_RemoteIdentity.GetIdentHash ()); if (!m_RemoteLeaseSet) - LogPrint ("LeaseSet ", m_RemoteIdentity.Hash ().ToBase64 (), " not found"); + LogPrint ("LeaseSet ", m_RemoteIdentity.GetIdentHash ().ToBase64 (), " not found"); } if (m_RemoteLeaseSet) { diff --git a/Streaming.h b/Streaming.h index 2c83bd21..ac9042c5 100644 --- a/Streaming.h +++ b/Streaming.h @@ -125,7 +125,7 @@ namespace stream int32_t m_LastReceivedSequenceNumber; bool m_IsOpen, m_LeaseSetUpdated; StreamingDestination * m_LocalDestination; - i2p::data::Identity m_RemoteIdentity; + i2p::data::IdentityEx m_RemoteIdentity; const i2p::data::LeaseSet * m_RemoteLeaseSet; i2p::data::Lease m_CurrentRemoteLease; i2p::tunnel::OutboundTunnel * m_CurrentOutboundTunnel;