echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

LS2: Select first supported encryption key from leaseset

Browse Source 
OCMOSJ: Fail if unsupported crypto or bad ls type
This commit is contained in:
zzz
2019-01-27 15:59:34 +00:00
parent 0889a751db
commit 3cd12ecefc
2 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
core/java/src/net/i2p/data/LeaseSet2.java
View File

@ -66,6 +66,24 @@ public class LeaseSet2 extends LeaseSet {
return _options.getProperty(opt); return _options.getProperty(opt);
} }
/**
* If more than one key, return the first supported one.
* If none supported, return the first one.
*
* @since 0.9.39 overridden
*/
@Override
public PublicKey getEncryptionKey() {
if (_encryptionKeys != null) {
for (PublicKey pk : _encryptionKeys) {
EncType type = pk.getType();
if (type != null && type.isAvailable())
return pk;
}
}
return _encryptionKey;
}
/** /**
* Add an encryption key. * Add an encryption key.
*/ */

20
router/java/src/net/i2p/router/message/OutboundClientMessageOneShotJob.java
View File

@ -8,6 +8,7 @@ import java.util.List;
import java.util.Set; import java.util.Set;
import net.i2p.client.SendMessageOptions; import net.i2p.client.SendMessageOptions;
import net.i2p.crypto.EncType;
import net.i2p.crypto.SessionKeyManager; import net.i2p.crypto.SessionKeyManager;
import net.i2p.crypto.TagSetHandle; import net.i2p.crypto.TagSetHandle;
import net.i2p.data.Certificate; import net.i2p.data.Certificate;
@ -311,7 +312,7 @@ public class OutboundClientMessageOneShotJob extends JobImpl {
getContext().netDb().lookupLeaseSet(key, success, failed, LS_LOOKUP_TIMEOUT, _from.calculateHash()); getContext().netDb().lookupLeaseSet(key, success, failed, LS_LOOKUP_TIMEOUT, _from.calculateHash());
} }
} }
/** /**
* @param force to force including a reply lease set * @param force to force including a reply lease set
* @return lease set or null if we should not send the lease set * @return lease set or null if we should not send the lease set
@ -374,6 +375,9 @@ public class OutboundClientMessageOneShotJob extends JobImpl {
/** /**
* Choose a lease from his leaseset to send the message to. Sets _lease. * Choose a lease from his leaseset to send the message to. Sets _lease.
* Sets _wantACK if it's new or changed. * Sets _wantACK if it's new or changed.
* Does several checks to see if we can actually send to this leaseset,
* and returns nonzero failure code if unable to.
*
* @return 0 on success, or a MessageStatusMessage failure code * @return 0 on success, or a MessageStatusMessage failure code
*/ */
private int getNextLease() { private int getNextLease() {
@ -387,10 +391,20 @@ public class OutboundClientMessageOneShotJob extends JobImpl {
return MessageStatusMessage.STATUS_SEND_FAILURE_NO_LEASESET; return MessageStatusMessage.STATUS_SEND_FAILURE_NO_LEASESET;
} }
} }
if (_leaseSet.getType() == DatabaseEntry.KEY_TYPE_META_LS2) {
// can't send to a meta LS int lsType = _leaseSet.getType();
// Can't send to a meta LS.
// TODO Encrypted LS2 must have been previously decrypted.
if (lsType != DatabaseEntry.KEY_TYPE_LEASESET &&
lsType != DatabaseEntry.KEY_TYPE_LS2) {
return MessageStatusMessage.STATUS_SEND_FAILURE_BAD_LEASESET; return MessageStatusMessage.STATUS_SEND_FAILURE_BAD_LEASESET;
} }
PublicKey pk = _leaseSet.getEncryptionKey();
if (pk == null)
return MessageStatusMessage.STATUS_SEND_FAILURE_BAD_LEASESET;
EncType encType = pk.getType();
if (encType == null || !encType.isAvailable())
return MessageStatusMessage.STATUS_SEND_FAILURE_UNSUPPORTED_ENCRYPTION;
// Use the same lease if it's still good // Use the same lease if it's still good
// Even if _leaseSet changed, _leaseSet.getEncryptionKey() didn't... // Even if _leaseSet changed, _leaseSet.getEncryptionKey() didn't...