echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NetDb: Don't try to garlic encrypt netdb messages with a ECIES key

Browse Source
This commit is contained in:
zzz
2019-10-23 13:21:22 +00:00
parent d84fc4f0c8
commit 5d8871c17c
2 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
View File

@ -4,6 +4,7 @@ import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import net.i2p.crypto.EncType;
import net.i2p.data.Certificate; import net.i2p.data.Certificate;
import net.i2p.data.DatabaseEntry; import net.i2p.data.DatabaseEntry;
import net.i2p.data.Destination; import net.i2p.data.Destination;
@ -16,6 +17,7 @@ import net.i2p.data.i2np.DatabaseSearchReplyMessage;
import net.i2p.data.i2np.DatabaseStoreMessage; import net.i2p.data.i2np.DatabaseStoreMessage;
import net.i2p.data.i2np.I2NPMessage; import net.i2p.data.i2np.I2NPMessage;
import net.i2p.router.JobImpl; import net.i2p.router.JobImpl;
import net.i2p.router.LeaseSetKeys;
import net.i2p.router.MessageSelector; import net.i2p.router.MessageSelector;
import net.i2p.router.ProfileManager; import net.i2p.router.ProfileManager;
import net.i2p.router.ReplyJob; import net.i2p.router.ReplyJob;
@ -54,7 +56,7 @@ class FloodfillVerifyStoreJob extends JobImpl {
/** /**
* Delay a few seconds, then start the verify * Delay a few seconds, then start the verify
* @param client generally the same as key, unless encrypted LS2 * @param client generally the same as key, unless encrypted LS2; non-null
* @param published getDate() for RI or LS1, getPublished() for LS2 * @param published getDate() for RI or LS1, getPublished() for LS2
* @param sentTo who to give the credit or blame to, can be null * @param sentTo who to give the credit or blame to, can be null
*/ */
@ -150,10 +152,21 @@ class FloodfillVerifyStoreJob extends JobImpl {
if (isInboundExploratory) { if (isInboundExploratory) {
sess = MessageWrapper.generateSession(getContext()); sess = MessageWrapper.generateSession(getContext());
} else { } else {
sess = MessageWrapper.generateSession(getContext(), _client); LeaseSetKeys lsk = getContext().keyManager().getKeys(_client);
if (sess == null) { if (lsk == null || lsk.isSupported(EncType.ELGAMAL_2048)) {
if (_log.shouldLog(Log.WARN)) // garlic encrypt
_log.warn("No SKM to reply to"); sess = MessageWrapper.generateSession(getContext(), _client);
if (sess == null) {
if (_log.shouldLog(Log.WARN))
_log.warn("No SKM to reply to");
_facade.verifyFinished(_key);
return;
}
} else {
// We don't yet have any way to request/get a ECIES-tagged reply,
// skip it for now.
if (_log.shouldWarn())
_log.warn("Skipping store verify for ECIES client " + _client.toBase32());
_facade.verifyFinished(_key); _facade.verifyFinished(_key);
return; return;
} }

12
router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
View File

@ -12,6 +12,7 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import net.i2p.crypto.EncType;
import net.i2p.crypto.SigType; import net.i2p.crypto.SigType;
import net.i2p.data.Certificate; import net.i2p.data.Certificate;
import net.i2p.data.DatabaseEntry; import net.i2p.data.DatabaseEntry;
@ -25,6 +26,7 @@ import net.i2p.data.i2np.I2NPMessage;
import net.i2p.kademlia.KBucketSet; import net.i2p.kademlia.KBucketSet;
import net.i2p.router.Job; import net.i2p.router.Job;
import net.i2p.router.JobImpl; import net.i2p.router.JobImpl;
import net.i2p.router.LeaseSetKeys;
import net.i2p.router.OutNetMessage; import net.i2p.router.OutNetMessage;
import net.i2p.router.ReplyJob; import net.i2p.router.ReplyJob;
import net.i2p.router.RouterContext; import net.i2p.router.RouterContext;
@ -482,7 +484,8 @@ abstract class StoreJob extends JobImpl {
TunnelInfo outTunnel = getContext().tunnelManager().selectOutboundTunnel(client, to); TunnelInfo outTunnel = getContext().tunnelManager().selectOutboundTunnel(client, to);
if (outTunnel != null) { if (outTunnel != null) {
I2NPMessage sent; I2NPMessage sent;
LeaseSetKeys lsk = getContext().keyManager().getKeys(client);
if (lsk == null || lsk.isSupported(EncType.ELGAMAL_2048)) {
// garlic encrypt // garlic encrypt
MessageWrapper.WrappedMessage wm = MessageWrapper.wrap(getContext(), msg, client, peer); MessageWrapper.WrappedMessage wm = MessageWrapper.wrap(getContext(), msg, client, peer);
if (wm == null) { if (wm == null) {
@ -493,7 +496,12 @@ abstract class StoreJob extends JobImpl {
} }
sent = wm.getMessage(); sent = wm.getMessage();
_state.addPending(to, wm); _state.addPending(to, wm);
} else {
// We don't yet have any way to request/get a ECIES-tagged reply,
// so send it unencrypted.
sent = msg;
_state.addPending(to);
}
SendSuccessJob onReply = new SendSuccessJob(getContext(), peer, outTunnel, sent.getMessageSize()); SendSuccessJob onReply = new SendSuccessJob(getContext(), peer, outTunnel, sent.getMessageSize());
FailedJob onFail = new FailedJob(getContext(), peer, getContext().clock().now()); FailedJob onFail = new FailedJob(getContext(), peer, getContext().clock().now());
StoreMessageSelector selector = new StoreMessageSelector(getContext(), getJobId(), peer, token, expiration); StoreMessageSelector selector = new StoreMessageSelector(getContext(), getJobId(), peer, token, expiration);