forked from I2P_Developers/i2p.i2p
I2CP: Encrypted LS2 handling fixes, log tweaks (WIP)
Add number of privkeys field to CreateLeaseSet2 message Check all privkeys, not just the first, on router side
This commit is contained in:
@ -268,8 +268,9 @@ class RequestLeaseSetMessageHandler extends HandlerImpl {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
leaseSet.setEncryptionKey(li.getPublicKey());
|
leaseSet.setEncryptionKey(li.getPublicKey());
|
||||||
|
// revocation key
|
||||||
|
leaseSet.setSigningKey(li.getSigningPublicKey());
|
||||||
}
|
}
|
||||||
leaseSet.setSigningKey(li.getSigningPublicKey());
|
|
||||||
// SubSession options aren't updated via the gui, so use the primary options
|
// SubSession options aren't updated via the gui, so use the primary options
|
||||||
Properties opts;
|
Properties opts;
|
||||||
if (session instanceof SubSession)
|
if (session instanceof SubSession)
|
||||||
|
|||||||
@ -5,6 +5,7 @@ import java.io.ByteArrayOutputStream;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import net.i2p.I2PAppContext;
|
import net.i2p.I2PAppContext;
|
||||||
import net.i2p.crypto.Blinding;
|
import net.i2p.crypto.Blinding;
|
||||||
@ -68,7 +69,6 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public int getLeaseCount() {
|
public int getLeaseCount() {
|
||||||
// TODO attempt decryption
|
|
||||||
return _decryptedLS2 != null ? _decryptedLS2.getLeaseCount() : 0;
|
return _decryptedLS2 != null ? _decryptedLS2.getLeaseCount() : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -77,10 +77,19 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public Lease getLease(int index) {
|
public Lease getLease(int index) {
|
||||||
// TODO attempt decryption
|
|
||||||
return _decryptedLS2 != null ? _decryptedLS2.getLease(index) : null;
|
return _decryptedLS2 != null ? _decryptedLS2.getLease(index) : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return null if not decrypted.
|
||||||
|
* @since 0.9.39
|
||||||
|
*/
|
||||||
|
public List<PublicKey> getEncryptionKeys() {
|
||||||
|
if (_decryptedLS2 != null)
|
||||||
|
return _decryptedLS2.getEncryptionKeys();
|
||||||
|
return super.getEncryptionKeys();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Overridden to set the blinded key
|
* Overridden to set the blinded key
|
||||||
*
|
*
|
||||||
@ -105,7 +114,9 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
if (_signingKey == null)
|
if (_signingKey == null)
|
||||||
_signingKey = bpk;
|
_signingKey = bpk;
|
||||||
else if (!_signingKey.equals(bpk))
|
else if (!_signingKey.equals(bpk))
|
||||||
throw new IllegalArgumentException("blinded pubkey mismatch");
|
throw new IllegalArgumentException("blinded pubkey mismatch:" +
|
||||||
|
"\nas received: " + _signingKey +
|
||||||
|
"\nas calculated: " + bpk);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -121,7 +132,13 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
_alpha = Blinding.generateAlpha(ctx, _destination, null);
|
_alpha = Blinding.generateAlpha(ctx, _destination, null);
|
||||||
else
|
else
|
||||||
_alpha = Blinding.generateAlpha(ctx, _destination, null, _published);
|
_alpha = Blinding.generateAlpha(ctx, _destination, null, _published);
|
||||||
return Blinding.blind(spk, _alpha);
|
SigningPublicKey rv = Blinding.blind(spk, _alpha);
|
||||||
|
if (_log.shouldDebug())
|
||||||
|
_log.debug("Blind:" +
|
||||||
|
"\norig: " + spk +
|
||||||
|
"\nalpha: " + _alpha +
|
||||||
|
"\nblinded: " + rv);
|
||||||
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -348,6 +365,10 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
plaintext = ciphertext;
|
plaintext = ciphertext;
|
||||||
ciphertext = new byte[SALT_LEN + plaintext.length];
|
ciphertext = new byte[SALT_LEN + plaintext.length];
|
||||||
System.arraycopy(salt, 0, ciphertext, 0, SALT_LEN);
|
System.arraycopy(salt, 0, ciphertext, 0, SALT_LEN);
|
||||||
|
if (_log.shouldDebug()) {
|
||||||
|
_log.debug("Encrypt: chacha20 key:\n" + net.i2p.util.HexDump.dump(key));
|
||||||
|
_log.debug("Encrypt: chacha20 IV:\n" + net.i2p.util.HexDump.dump(iv));
|
||||||
|
}
|
||||||
ChaCha20.encrypt(key, iv, plaintext, 0, ciphertext, SALT_LEN, plaintext.length);
|
ChaCha20.encrypt(key, iv, plaintext, 0, ciphertext, SALT_LEN, plaintext.length);
|
||||||
if (_log.shouldDebug())
|
if (_log.shouldDebug())
|
||||||
_log.debug("Encrypt: outer ciphertext:\n" + net.i2p.util.HexDump.dump(ciphertext));
|
_log.debug("Encrypt: outer ciphertext:\n" + net.i2p.util.HexDump.dump(ciphertext));
|
||||||
@ -377,6 +398,10 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
byte[] plaintext = new byte[ciphertext.length - SALT_LEN];
|
byte[] plaintext = new byte[ciphertext.length - SALT_LEN];
|
||||||
// first 32 bytes of ciphertext are the salt
|
// first 32 bytes of ciphertext are the salt
|
||||||
hkdf.calculate(ciphertext, input, ELS2L1K, key, iv, 0);
|
hkdf.calculate(ciphertext, input, ELS2L1K, key, iv, 0);
|
||||||
|
if (_log.shouldDebug()) {
|
||||||
|
_log.debug("Decrypt: chacha20 key:\n" + net.i2p.util.HexDump.dump(key));
|
||||||
|
_log.debug("Decrypt: chacha20 IV:\n" + net.i2p.util.HexDump.dump(iv));
|
||||||
|
}
|
||||||
ChaCha20.decrypt(key, iv, ciphertext, SALT_LEN, plaintext, 0, plaintext.length);
|
ChaCha20.decrypt(key, iv, ciphertext, SALT_LEN, plaintext, 0, plaintext.length);
|
||||||
if (_log.shouldDebug()) {
|
if (_log.shouldDebug()) {
|
||||||
_log.debug("Decrypt: outer ciphertext:\n" + net.i2p.util.HexDump.dump(ciphertext));
|
_log.debug("Decrypt: outer ciphertext:\n" + net.i2p.util.HexDump.dump(ciphertext));
|
||||||
@ -477,8 +502,8 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
_flags = saveFlags;
|
_flags = saveFlags;
|
||||||
if (_log.shouldDebug()) {
|
if (_log.shouldDebug()) {
|
||||||
_log.debug("Sign inner with key: " + key.getType() + ' ' + key.toBase64());
|
_log.debug("Sign inner with key: " + key.getType() + ' ' + key.toBase64());
|
||||||
_log.debug("Corresponding pubkey: " + key.toPublic().toBase64());
|
_log.debug("Corresponding pubkey: " + key.toPublic());
|
||||||
_log.debug("Sign inner: " + _signature.getType() + ' ' + _signature.toBase64());
|
_log.debug("Inner sig: " + _signature.getType() + ' ' + _signature.toBase64());
|
||||||
}
|
}
|
||||||
encrypt(null);
|
encrypt(null);
|
||||||
SigningPrivateKey bkey = Blinding.blind(key, _alpha);
|
SigningPrivateKey bkey = Blinding.blind(key, _alpha);
|
||||||
@ -498,8 +523,8 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
throw new DataFormatException("Signature failed with " + key.getType() + " key");
|
throw new DataFormatException("Signature failed with " + key.getType() + " key");
|
||||||
if (_log.shouldDebug()) {
|
if (_log.shouldDebug()) {
|
||||||
_log.debug("Sign outer with key: " + bkey.getType() + ' ' + bkey.toBase64());
|
_log.debug("Sign outer with key: " + bkey.getType() + ' ' + bkey.toBase64());
|
||||||
_log.debug("Corresponding pubkey: " + bkey.toPublic().toBase64());
|
_log.debug("Corresponding pubkey: " + bkey.toPublic());
|
||||||
_log.debug("Sign outer: " + _signature.getType() + ' ' + _signature.toBase64());
|
_log.debug("Outer sig: " + _signature.getType() + ' ' + _signature.toBase64());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -514,7 +539,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
public boolean verifySignature() {
|
public boolean verifySignature() {
|
||||||
if (_log.shouldDebug()) {
|
if (_log.shouldDebug()) {
|
||||||
_log.debug("Sig verify outer with key: " + _signingKey.getType() + ' ' + _signingKey.toBase64());
|
_log.debug("Sig verify outer with key: " + _signingKey.getType() + ' ' + _signingKey.toBase64());
|
||||||
_log.debug("Sig verify outer: " + _signature.getType() + ' ' + _signature.toBase64());
|
_log.debug("Outer sig: " + _signature.getType() + ' ' + _signature.toBase64());
|
||||||
}
|
}
|
||||||
if (!super.verifySignature()) {
|
if (!super.verifySignature()) {
|
||||||
_log.warn("ELS2 outer sig verify fail");
|
_log.warn("ELS2 outer sig verify fail");
|
||||||
@ -537,7 +562,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
|
|||||||
if (_log.shouldDebug()) {
|
if (_log.shouldDebug()) {
|
||||||
_log.debug("Decrypted inner LS2:\n" + _decryptedLS2);
|
_log.debug("Decrypted inner LS2:\n" + _decryptedLS2);
|
||||||
_log.debug("Sig verify inner with key: " + _decryptedLS2.getDestination().getSigningPublicKey().getType() + ' ' + _decryptedLS2.getDestination().getSigningPublicKey().toBase64());
|
_log.debug("Sig verify inner with key: " + _decryptedLS2.getDestination().getSigningPublicKey().getType() + ' ' + _decryptedLS2.getDestination().getSigningPublicKey().toBase64());
|
||||||
_log.debug("Sig verify inner: " + _decryptedLS2.getSignature().getType() + ' ' + _decryptedLS2.getSignature().toBase64());
|
_log.debug("Inner sig: " + _decryptedLS2.getSignature().getType() + ' ' + _decryptedLS2.getSignature().toBase64());
|
||||||
}
|
}
|
||||||
boolean rv = _decryptedLS2.verifySignature();
|
boolean rv = _decryptedLS2.verifySignature();
|
||||||
if (!rv)
|
if (!rv)
|
||||||
|
|||||||
@ -16,6 +16,7 @@ import net.i2p.crypto.EncType;
|
|||||||
import net.i2p.crypto.SigAlgo;
|
import net.i2p.crypto.SigAlgo;
|
||||||
import net.i2p.crypto.SigType;
|
import net.i2p.crypto.SigType;
|
||||||
import net.i2p.util.Clock;
|
import net.i2p.util.Clock;
|
||||||
|
import net.i2p.util.Log;
|
||||||
import net.i2p.util.OrderedProperties;
|
import net.i2p.util.OrderedProperties;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -256,6 +257,19 @@ public class LeaseSet2 extends LeaseSet {
|
|||||||
return KEY_TYPE_LS2;
|
return KEY_TYPE_LS2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The revocation key. Overridden to do nothing,
|
||||||
|
* as we're using the _signingKey field for the blinded key in Enc LS2.
|
||||||
|
*
|
||||||
|
* @since 0.9.39
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void setSigningKey(SigningPublicKey key) {
|
||||||
|
Log log = I2PAppContext.getGlobalContext().logManager().getLog(LeaseSet2.class);
|
||||||
|
if (log.shouldWarn())
|
||||||
|
log.warn("Don't set revocation key in ls2", new Exception("I did it"));
|
||||||
|
}
|
||||||
|
|
||||||
/** without sig! */
|
/** without sig! */
|
||||||
@Override
|
@Override
|
||||||
protected byte[] getBytes() {
|
protected byte[] getBytes() {
|
||||||
|
|||||||
@ -115,18 +115,32 @@ public class CreateLeaseSet2Message extends CreateLeaseSetMessage {
|
|||||||
type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) {
|
type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) {
|
||||||
LeaseSet2 ls2 = (LeaseSet2) _leaseSet;
|
LeaseSet2 ls2 = (LeaseSet2) _leaseSet;
|
||||||
// get one PrivateKey for each PublicKey
|
// get one PrivateKey for each PublicKey
|
||||||
// TODO decrypt an encrypted LS so we can get the keys
|
|
||||||
List<PublicKey> pks = ls2.getEncryptionKeys();
|
List<PublicKey> pks = ls2.getEncryptionKeys();
|
||||||
if (pks == null)
|
int numkeys = in.read();
|
||||||
throw new I2CPMessageException("TODO decrypt");
|
// pks is null for encrypted LS2
|
||||||
for (PublicKey pk : pks) {
|
if (pks != null && numkeys != pks.size())
|
||||||
EncType etype = pk.getType();
|
throw new I2CPMessageException("Wrong number of privkeys");
|
||||||
if (etype == null)
|
for (int i = 0; i < numkeys; i++) {
|
||||||
throw new I2CPMessageException("Unsupported encryption type");
|
|
||||||
int encType = (int) DataHelper.readLong(in, 2);
|
int encType = (int) DataHelper.readLong(in, 2);
|
||||||
int encLen = (int) DataHelper.readLong(in, 2);
|
int encLen = (int) DataHelper.readLong(in, 2);
|
||||||
if (encType != etype.getCode() || encLen != etype.getPrivkeyLen())
|
EncType etype;
|
||||||
throw new I2CPMessageException("Enc type mismatch");
|
if (pks != null) {
|
||||||
|
// standard LS2
|
||||||
|
etype = pks.get(i).getType();
|
||||||
|
if (etype == null)
|
||||||
|
throw new I2CPMessageException("Unsupported encryption type: " + encType);
|
||||||
|
if (encType != etype.getCode())
|
||||||
|
throw new I2CPMessageException("Enc type mismatch");
|
||||||
|
if (encLen != etype.getPrivkeyLen())
|
||||||
|
throw new I2CPMessageException("Enc type bad length");
|
||||||
|
} else {
|
||||||
|
// encrypted LS2
|
||||||
|
etype = EncType.getByCode(encType);
|
||||||
|
if (etype == null)
|
||||||
|
throw new I2CPMessageException("Unsupported encryption type: " + encType);
|
||||||
|
if (encLen != etype.getPrivkeyLen())
|
||||||
|
throw new I2CPMessageException("Enc type bad length");
|
||||||
|
}
|
||||||
PrivateKey priv = new PrivateKey(etype);
|
PrivateKey priv = new PrivateKey(etype);
|
||||||
priv.readBytes(in);
|
priv.readBytes(in);
|
||||||
addPrivateKey(priv);
|
addPrivateKey(priv);
|
||||||
@ -164,7 +178,9 @@ public class CreateLeaseSet2Message extends CreateLeaseSetMessage {
|
|||||||
os.write(_leaseSet.getType());
|
os.write(_leaseSet.getType());
|
||||||
_leaseSet.writeBytes(os);
|
_leaseSet.writeBytes(os);
|
||||||
if (type != DatabaseEntry.KEY_TYPE_META_LS2) {
|
if (type != DatabaseEntry.KEY_TYPE_META_LS2) {
|
||||||
for (PrivateKey pk : getPrivateKeys()) {
|
List<PrivateKey> pks = getPrivateKeys();
|
||||||
|
os.write(pks.size());
|
||||||
|
for (PrivateKey pk : pks) {
|
||||||
EncType etype = pk.getType();
|
EncType etype = pk.getType();
|
||||||
DataHelper.writeLong(os, 2, etype.getCode());
|
DataHelper.writeLong(os, 2, etype.getCode());
|
||||||
DataHelper.writeLong(os, 2, pk.length());
|
DataHelper.writeLong(os, 2, pk.length());
|
||||||
@ -187,7 +203,9 @@ public class CreateLeaseSet2Message extends CreateLeaseSetMessage {
|
|||||||
StringBuilder buf = new StringBuilder();
|
StringBuilder buf = new StringBuilder();
|
||||||
buf.append("[CreateLeaseSet2Message: ");
|
buf.append("[CreateLeaseSet2Message: ");
|
||||||
buf.append("\n\tLeaseSet: ").append(_leaseSet);
|
buf.append("\n\tLeaseSet: ").append(_leaseSet);
|
||||||
if (_leaseSet.getType() != DatabaseEntry.KEY_TYPE_META_LS2) {
|
int type = _leaseSet.getType();
|
||||||
|
if (type != DatabaseEntry.KEY_TYPE_META_LS2 &&
|
||||||
|
type != DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) {
|
||||||
for (PrivateKey pk : getPrivateKeys()) {
|
for (PrivateKey pk : getPrivateKeys()) {
|
||||||
buf.append("\n\tPrivateKey: ").append(pk);
|
buf.append("\n\tPrivateKey: ").append(pk);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -19,7 +19,9 @@ import net.i2p.data.DataHelper;
|
|||||||
import net.i2p.data.Destination;
|
import net.i2p.data.Destination;
|
||||||
import net.i2p.data.Hash;
|
import net.i2p.data.Hash;
|
||||||
import net.i2p.data.LeaseSet;
|
import net.i2p.data.LeaseSet;
|
||||||
|
import net.i2p.data.LeaseSet2;
|
||||||
import net.i2p.data.Payload;
|
import net.i2p.data.Payload;
|
||||||
|
import net.i2p.data.PrivateKey;
|
||||||
import net.i2p.data.PublicKey;
|
import net.i2p.data.PublicKey;
|
||||||
import net.i2p.data.i2cp.BandwidthLimitsMessage;
|
import net.i2p.data.i2cp.BandwidthLimitsMessage;
|
||||||
import net.i2p.data.i2cp.CreateLeaseSetMessage;
|
import net.i2p.data.i2cp.CreateLeaseSetMessage;
|
||||||
@ -290,7 +292,14 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
String lsType = props.getProperty("i2cp.leaseSetType");
|
String lsType = props.getProperty("i2cp.leaseSetType");
|
||||||
if ("7".equals(lsType)) {
|
if ("5".equals(lsType)) {
|
||||||
|
SigType stype = dest.getSigningPublicKey().getType();
|
||||||
|
if (stype != SigType.EdDSA_SHA512_Ed25519 &&
|
||||||
|
stype != SigType.RedDSA_SHA512_Ed25519) {
|
||||||
|
_runner.disconnectClient("Invalid sig type for encrypted LS");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else if ("7".equals(lsType)) {
|
||||||
// Prevent tunnel builds for Meta LS
|
// Prevent tunnel builds for Meta LS
|
||||||
// more TODO
|
// more TODO
|
||||||
props.setProperty("inbound.length", "0");
|
props.setProperty("inbound.length", "0");
|
||||||
@ -512,7 +521,9 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
int type = ls.getType();
|
int type = ls.getType();
|
||||||
if (type != DatabaseEntry.KEY_TYPE_META_LS2 && message.getPrivateKey() == null) {
|
if (type != DatabaseEntry.KEY_TYPE_META_LS2 &&
|
||||||
|
type != DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2 &&
|
||||||
|
message.getPrivateKey() == null) {
|
||||||
if (_log.shouldLog(Log.ERROR))
|
if (_log.shouldLog(Log.ERROR))
|
||||||
_log.error("Null private keys: " + message);
|
_log.error("Null private keys: " + message);
|
||||||
_runner.disconnectClient("Invalid CreateLeaseSetMessage - null private keys");
|
_runner.disconnectClient("Invalid CreateLeaseSetMessage - null private keys");
|
||||||
@ -536,12 +547,31 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
Destination dest = cfg.getDestination();
|
Destination dest = cfg.getDestination();
|
||||||
Destination ndest = ls.getDestination();
|
if (type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) {
|
||||||
if (!dest.equals(ndest)) {
|
// so we can decrypt it
|
||||||
if (_log.shouldLog(Log.ERROR))
|
try {
|
||||||
_log.error("Different destination in LS");
|
ls.setDestination(dest);
|
||||||
_runner.disconnectClient("Different destination in LS");
|
} catch (RuntimeException re) {
|
||||||
return;
|
if (_log.shouldError())
|
||||||
|
_log.error("Error decrypting leaseset from client", re);
|
||||||
|
_runner.disconnectClient(re.toString());
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// we have to do this before checking encryption keys below
|
||||||
|
if (!ls.verifySignature()) {
|
||||||
|
if (_log.shouldError())
|
||||||
|
_log.error("Error decrypting leaseset from client");
|
||||||
|
_runner.disconnectClient("Error decrypting leaseset from client");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Destination ndest = ls.getDestination();
|
||||||
|
if (!dest.equals(ndest)) {
|
||||||
|
if (_log.shouldLog(Log.ERROR))
|
||||||
|
_log.error("Different destination in LS");
|
||||||
|
_runner.disconnectClient("Different destination in LS");
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (type != DatabaseEntry.KEY_TYPE_META_LS2) {
|
if (type != DatabaseEntry.KEY_TYPE_META_LS2) {
|
||||||
LeaseSetKeys keys = _context.keyManager().getKeys(dest);
|
LeaseSetKeys keys = _context.keyManager().getKeys(dest);
|
||||||
@ -550,20 +580,47 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
|
|||||||
// Verify and register crypto keys if new or if changed
|
// Verify and register crypto keys if new or if changed
|
||||||
// Private crypto key should never change, and if it does,
|
// Private crypto key should never change, and if it does,
|
||||||
// one of the checks below will fail
|
// one of the checks below will fail
|
||||||
PublicKey pk;
|
if (type == DatabaseEntry.KEY_TYPE_LEASESET) {
|
||||||
try {
|
// LS1
|
||||||
pk = message.getPrivateKey().toPublic();
|
PublicKey pk;
|
||||||
} catch (IllegalArgumentException iae) {
|
try {
|
||||||
if (_log.shouldLog(Log.ERROR))
|
pk = message.getPrivateKey().toPublic();
|
||||||
_log.error("Bad private key in LS");
|
} catch (IllegalArgumentException iae) {
|
||||||
_runner.disconnectClient("Bad private key in LS");
|
if (_log.shouldLog(Log.ERROR))
|
||||||
return;
|
_log.error("Bad private key in LS");
|
||||||
}
|
_runner.disconnectClient("Bad private key in LS");
|
||||||
if (!pk.equals(ls.getEncryptionKey())) {
|
return;
|
||||||
if (_log.shouldLog(Log.ERROR))
|
}
|
||||||
_log.error("Private/public crypto key mismatch in LS");
|
if (!pk.equals(ls.getEncryptionKey())) {
|
||||||
_runner.disconnectClient("Private/public crypto key mismatch in LS");
|
if (_log.shouldLog(Log.ERROR))
|
||||||
return;
|
_log.error("Private/public crypto key mismatch in LS");
|
||||||
|
_runner.disconnectClient("Private/public crypto key mismatch in LS");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// LS2
|
||||||
|
LeaseSet2 ls2 = (LeaseSet2) ls;
|
||||||
|
CreateLeaseSet2Message msg2 = (CreateLeaseSet2Message) message;
|
||||||
|
List<PublicKey> eks = ls2.getEncryptionKeys();
|
||||||
|
List<PrivateKey> pks = msg2.getPrivateKeys();
|
||||||
|
for (int i = 0; i < eks.size(); i++) {
|
||||||
|
PublicKey ek = eks.get(i);
|
||||||
|
PublicKey pk;
|
||||||
|
try {
|
||||||
|
pk = pks.get(i).toPublic();
|
||||||
|
} catch (IllegalArgumentException iae) {
|
||||||
|
if (_log.shouldLog(Log.ERROR))
|
||||||
|
_log.error("Bad private key in LS: " + i);
|
||||||
|
_runner.disconnectClient("Bad private key in LS: " + i);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (!pk.equals(ek)) {
|
||||||
|
if (_log.shouldLog(Log.ERROR))
|
||||||
|
_log.error("Private/public crypto key mismatch in LS for key: " + i);
|
||||||
|
_runner.disconnectClient("Private/public crypto key mismatch in LS for key: " + i);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// just register new SPK, don't verify, unused
|
// just register new SPK, don't verify, unused
|
||||||
_context.keyManager().registerKeys(dest, message.getSigningPrivateKey(), message.getPrivateKey());
|
_context.keyManager().registerKeys(dest, message.getSigningPrivateKey(), message.getPrivateKey());
|
||||||
|
|||||||
Reference in New Issue
Block a user