echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NetDb: Don't try to garlic encrypt netdb messages with a ECIES key

Browse Source
This commit is contained in:
zzz
2019-10-23 13:21:22 +00:00
parent d84fc4f0c8
commit 5d8871c17c
2 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
View File

@ -4,6 +4,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
import net.i2p.crypto.EncType;
import net.i2p.data.Certificate;
import net.i2p.data.DatabaseEntry;
import net.i2p.data.Destination;
@ -16,6 +17,7 @@ import net.i2p.data.i2np.DatabaseSearchReplyMessage;
import net.i2p.data.i2np.DatabaseStoreMessage;
import net.i2p.data.i2np.I2NPMessage;
import net.i2p.router.JobImpl;
import net.i2p.router.LeaseSetKeys;
import net.i2p.router.MessageSelector;
import net.i2p.router.ProfileManager;
import net.i2p.router.ReplyJob;
@ -54,7 +56,7 @@ class FloodfillVerifyStoreJob extends JobImpl {
/**
* Delay a few seconds, then start the verify
* @param client generally the same as key, unless encrypted LS2
* @param client generally the same as key, unless encrypted LS2; non-null
* @param published getDate() for RI or LS1, getPublished() for LS2
* @param sentTo who to give the credit or blame to, can be null
*/
@ -150,6 +152,9 @@ class FloodfillVerifyStoreJob extends JobImpl {
if (isInboundExploratory) {
sess = MessageWrapper.generateSession(getContext());
} else {
LeaseSetKeys lsk = getContext().keyManager().getKeys(_client);
if (lsk == null || lsk.isSupported(EncType.ELGAMAL_2048)) {
// garlic encrypt
sess = MessageWrapper.generateSession(getContext(), _client);
if (sess == null) {
if (_log.shouldLog(Log.WARN))
@ -157,6 +162,14 @@ class FloodfillVerifyStoreJob extends JobImpl {
_facade.verifyFinished(_key);
return;
}
} else {
// We don't yet have any way to request/get a ECIES-tagged reply,
// skip it for now.
if (_log.shouldWarn())
_log.warn("Skipping store verify for ECIES client " + _client.toBase32());
_facade.verifyFinished(_key);
return;
}
}
if (_log.shouldLog(Log.INFO))
_log.info(getJobId() + ": Requesting encrypted reply from " + _target + ' ' + sess.key + ' ' + sess.tag);

12
router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
View File

@ -12,6 +12,7 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import net.i2p.crypto.EncType;
import net.i2p.crypto.SigType;
import net.i2p.data.Certificate;
import net.i2p.data.DatabaseEntry;
@ -25,6 +26,7 @@ import net.i2p.data.i2np.I2NPMessage;
import net.i2p.kademlia.KBucketSet;
import net.i2p.router.Job;
import net.i2p.router.JobImpl;
import net.i2p.router.LeaseSetKeys;
import net.i2p.router.OutNetMessage;
import net.i2p.router.ReplyJob;
import net.i2p.router.RouterContext;
@ -482,7 +484,8 @@ abstract class StoreJob extends JobImpl {
TunnelInfo outTunnel = getContext().tunnelManager().selectOutboundTunnel(client, to);
if (outTunnel != null) {
I2NPMessage sent;
LeaseSetKeys lsk = getContext().keyManager().getKeys(client);
if (lsk == null || lsk.isSupported(EncType.ELGAMAL_2048)) {
// garlic encrypt
MessageWrapper.WrappedMessage wm = MessageWrapper.wrap(getContext(), msg, client, peer);
if (wm == null) {
@ -493,7 +496,12 @@ abstract class StoreJob extends JobImpl {
}
sent = wm.getMessage();
_state.addPending(to, wm);
} else {
// We don't yet have any way to request/get a ECIES-tagged reply,
// so send it unencrypted.
sent = msg;
_state.addPending(to);
}
SendSuccessJob onReply = new SendSuccessJob(getContext(), peer, outTunnel, sent.getMessageSize());
FailedJob onFail = new FailedJob(getContext(), peer, getContext().clock().now());
StoreMessageSelector selector = new StoreMessageSelector(getContext(), getJobId(), peer, token, expiration);