echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SSU: Fix bug preventing inbound connection from non-DSA router (ticket #1408)

Browse Source 
Transports: If we are non-DSA, check for compatibility before connecting out
This commit is contained in:
zzz
2014-11-08 18:01:13 +00:00
parent cb87f9f307
commit 4691fc69d5
5 changed files with 56 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
router/java/src/net/i2p/router/RouterVersion.java
View File

@ -18,7 +18,7 @@ public class RouterVersion {
/** deprecated */
public final static String ID = "Monotone";
public final static String VERSION = CoreVersion.VERSION;
public final static long BUILD = 2;
public final static long BUILD = 3;
/** for example "-test" */
public final static String EXTRA = "";

24
router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java
View File

@ -23,6 +23,7 @@ import java.util.TreeSet;
import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import net.i2p.crypto.SigType;
import net.i2p.data.DataHelper;
import net.i2p.data.Hash;
import net.i2p.data.router.RouterAddress;
@ -47,6 +48,7 @@ import net.i2p.util.ConcurrentHashSet;
import net.i2p.util.Log;
import net.i2p.util.OrderedProperties;
import net.i2p.util.SystemVersion;
import net.i2p.util.VersionComparator;
/**
* The NIO TCP transport
@ -101,6 +103,12 @@ public class NTCPTransport extends TransportImpl {
//private static final String THINSP = " / ";
private static final String THINSP = " / ";
/**
* RI sigtypes supported in 0.9.16
*/
private static final String MIN_SIGTYPE_VERSION = "0.9.16";
public NTCPTransport(RouterContext ctx, DHSessionKeyBuilder.Factory dh) {
super(ctx);
_dhFactory = dh;
@ -356,11 +364,25 @@ public class NTCPTransport extends TransportImpl {
}
// Check for supported sig type
if (toAddress.getIdentity().getSigningPublicKey().getType() == null) {
SigType type = toAddress.getIdentity().getSigType();
if (type == null || !type.isAvailable()) {
markUnreachable(peer);
return null;
}
// Can we connect to them if we are not DSA?
RouterInfo us = _context.router().getRouterInfo();
if (us != null) {
RouterIdentity id = us.getIdentity();
if (id.getSigType() != SigType.DSA_SHA1) {
String v = toAddress.getOption("router.version");
if (v != null && VersionComparator.comp(v, MIN_SIGTYPE_VERSION) < 0) {
markUnreachable(peer);
return null;
}
}
}
if (!allowConnection()) {
if (_log.shouldLog(Log.WARN))
_log.warn("no bid when trying to send to " + peer + ", max connection limit reached");

2
router/java/src/net/i2p/router/transport/udp/InboundEstablishState.java
View File

@ -448,7 +448,7 @@ class InboundEstablishState {
DataHelper.toLong(signed, off, 4, _sentRelayTag);
off += 4;
DataHelper.toLong(signed, off, 4, _receivedSignedOnTime);
Signature sig = new Signature(_receivedSignature);
Signature sig = new Signature(_receivedUnconfirmedIdentity.getSigType(), _receivedSignature);
boolean ok = _context.dsa().verifySignature(sig, signed, _receivedUnconfirmedIdentity.getSigningPublicKey());
if (ok) {
// todo partial spoof detection - get peer.calculateHash(),

25
router/java/src/net/i2p/router/transport/udp/UDPTransport.java
View File

@ -22,6 +22,7 @@ import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import net.i2p.crypto.SigType;
import net.i2p.data.DatabaseEntry;
import net.i2p.data.DataHelper;
import net.i2p.data.Hash;
@ -51,6 +52,7 @@ import net.i2p.util.Log;
import net.i2p.util.OrderedProperties;
import net.i2p.util.SimpleTimer;
import net.i2p.util.SimpleTimer2;
import net.i2p.util.VersionComparator;
/**
* The SSU transport
@ -198,6 +200,13 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
//private static final String THINSP = "&thinsp;/&thinsp;";
private static final String THINSP = " / ";
/**
* RI sigtypes supported in 0.9.16, but due to a bug in InboundEstablishState
* fixed in 0.9.17, we cannot connect out to routers before that version.
*/
private static final String MIN_SIGTYPE_VERSION = "0.9.17";
public UDPTransport(RouterContext ctx, DHSessionKeyBuilder.Factory dh) {
super(ctx);
_dhFactory = dh;
@ -1558,11 +1567,25 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
}
// Check for supported sig type
if (toAddress.getIdentity().getSigningPublicKey().getType() == null) {
SigType type = toAddress.getIdentity().getSigType();
if (type == null || !type.isAvailable()) {
markUnreachable(to);
return null;
}
// Can we connect to them if we are not DSA?
RouterInfo us = _context.router().getRouterInfo();
if (us != null) {
RouterIdentity id = us.getIdentity();
if (id.getSigType() != SigType.DSA_SHA1) {
String v = toAddress.getOption("router.version");
if (v != null && VersionComparator.comp(v, MIN_SIGTYPE_VERSION) < 0) {
markUnreachable(to);
return null;
}
}
}
if (!allowConnection())
return _cachedBid[TRANSIENT_FAIL_BID];