PurpleI2P
/
i2pd
mirror of https://github.com/PurpleI2P/i2pd.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

#622. Force SU3 verification by reseed.verify

pull/668/head
orignal 8 years ago
parent
f0d098d0ef
commit
fe8a0c1a6b
3 changed files with 56 additions and 42 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      Config.cpp
  2. 12
      Reseed.cpp
  3. 5
      docs/configuration.md

1
Config.cpp
Unescape View File

@ -150,6 +150,7 @@ namespace config {
options_description reseed("Reseed options"); options_description reseed("Reseed options");
reseed.add_options() reseed.add_options()
("reseed.verify", value<bool>()->default_value(false), "Verify .su3 signature")
("reseed.file", value<std::string>()->default_value(""), "Path to .su3 file") ("reseed.file", value<std::string>()->default_value(""), "Path to .su3 file")
#ifdef MESHNET #ifdef MESHNET
("reseed.urls", value<std::string>()->default_value("https://reseed.i2p.rocks:8443/"), "Reseed URLs, separated by comma") ("reseed.urls", value<std::string>()->default_value("https://reseed.i2p.rocks:8443/"), "Reseed URLs, separated by comma")

12
Reseed.cpp
Unescape View File

@ -131,6 +131,9 @@ namespace data
s.read (signerID, signerIDLength); // signerID s.read (signerID, signerIDLength); // signerID
signerID[signerIDLength] = 0; signerID[signerIDLength] = 0;
bool verify; i2p::config::GetOption("reseed.verify", verify);
if (verify)
{
//try to verify signature //try to verify signature
auto it = m_SigningKeys.find (signerID); auto it = m_SigningKeys.find (signerID);
if (it != m_SigningKeys.end ()) if (it != m_SigningKeys.end ())
@ -162,6 +165,8 @@ namespace data
// we can't use RSA_verify due wrong padding in SU3 // we can't use RSA_verify due wrong padding in SU3
if (memcmp (enSigBuf + (signatureLength - 64), digest, 64)) if (memcmp (enSigBuf + (signatureLength - 64), digest, 64))
LogPrint (eLogWarning, "Reseed: SU3 signature verification failed"); LogPrint (eLogWarning, "Reseed: SU3 signature verification failed");
else
verify = false; // verified
delete[] enSigBuf; delete[] enSigBuf;
BN_free (s); BN_free (n); BN_free (s); BN_free (n);
BN_CTX_free (bnctx); BN_CTX_free (bnctx);
@ -176,6 +181,13 @@ namespace data
} }
else else
LogPrint (eLogWarning, "Reseed: Certificate for ", signerID, " not loaded"); LogPrint (eLogWarning, "Reseed: Certificate for ", signerID, " not loaded");
}
if (verify) // not verified
{
LogPrint (eLogError, "Reseed: SU3 verification failed");
return 0;
}
// handle content // handle content
int numFiles = 0; int numFiles = 0;

5
docs/configuration.md
Unescape View File

@ -72,8 +72,9 @@ All options below still possible in cmdline, but better write it in config file:
* --upnp.name= - Name i2pd appears in UPnP forwardings list. I2Pd by default * --upnp.name= - Name i2pd appears in UPnP forwardings list. I2Pd by default
* --precomputation.elgamal= - Use ElGamal precomputated tables. false for x64 and true for other platforms by default * --precomputation.elgamal= - Use ElGamal precomputated tables. false for x64 and true for other platforms by default
* --reseed.file - Full path to SU3 file to reseed from * --reseed.verify= - Request SU3 signature verification
* --reseed.urls - Reseed URLs, separated by comma * --reseed.file= - Full path to SU3 file to reseed from
* --reseed.urls= - Reseed URLs, separated by comma
* --limits.transittunnels= - Override maximum number of transit tunnels. 2500 by default * --limits.transittunnels= - Override maximum number of transit tunnels. 2500 by default

Write Preview
Loading…
Cancel
Save