2005-04-08 smeghead

* Security improvements to TrustedUpdate: signing and verification of the
      version string along with the data payload for signed update files
      (consequently the positions of the DSA signature and version string fields
      have been swapped in the spec for the update file's header); router will
      no longer perform a trusted update if the signed update's version is lower
      than or equal to the currently running router's version.
    * Added two new CLI commands to TrustedUpdate: showversion, verifyupdate.
    * Extended TrustedUpdate public API for use by third party applications.

apps/routerconsole/java/src/net/i2p/router/web/NewsFetcher.java

@@ -7,6 +7,7 @@ import java.util.List;
 import java.util.StringTokenizer;
 
 import net.i2p.I2PAppContext;
+import net.i2p.crypto.TrustedUpdate;
 import net.i2p.data.DataHelper;
 import net.i2p.router.RouterContext;
 import net.i2p.router.RouterVersion;
@@ -136,7 +137,7 @@ public class NewsFetcher implements Runnable, EepGet.StatusListener {
                         String ver = buf.substring(index+VERSION_PREFIX.length(), end);
                         if (_log.shouldLog(Log.DEBUG))
                             _log.debug("Found version: [" + ver + "]");
-                        if (needsUpdate(ver)) {
+                        if (TrustedUpdate.needsUpdate(RouterVersion.VERSION, ver)) {
                             if (_log.shouldLog(Log.DEBUG))
                                 _log.debug("Our version is out of date, update!");
                             break;
@@ -191,54 +192,6 @@ public class NewsFetcher implements Runnable, EepGet.StatusListener {
         }
     }
     
-    private boolean needsUpdate(String version) {
-        StringTokenizer newTok = new StringTokenizer(sanitize(version), ".");
-        StringTokenizer ourTok = new StringTokenizer(sanitize(RouterVersion.VERSION), ".");
-        
-        while (newTok.hasMoreTokens() && ourTok.hasMoreTokens()) {
-            String newVer = newTok.nextToken();
-            String oldVer = ourTok.nextToken();
-            switch (compare(newVer, oldVer)) {
-                case -1: // newVer is smaller
-                    return false;
-                case 0: // eq
-                    break;
-                case 1: // newVer is larger
-                    return true;
-            }
-        }
-        if (newTok.hasMoreTokens() && !ourTok.hasMoreTokens())
-            return true;
-        return false;
-    }
-    
-    private static final String VALID = "0123456789.";
-    private static final String sanitize(String str) {
-        StringBuffer buf = new StringBuffer(str);
-        for (int i = 0; i < buf.length(); i++) {
-            if (VALID.indexOf(buf.charAt(i)) == -1) {
-                buf.deleteCharAt(i);
-                i--;
-            }
-        }
-        return buf.toString();
-    }
-    
-    private static final int compare(String lhs, String rhs) {
-        try {
-            int left = Integer.parseInt(lhs);
-            int right = Integer.parseInt(rhs);
-            if (left < right) 
-                return -1;
-            else if (left == right)
-                return 0;
-            else
-                return 1;
-        } catch (NumberFormatException nfe) {
-            return 0;
-        }
-    }
-    
     public void attemptFailed(String url, long bytesTransferred, long bytesRemaining, int currentAttempt, int numRetries, Exception cause) {
         // ignore
     }

apps/routerconsole/java/src/net/i2p/router/web/UpdateHandler.java

@@ -2,19 +2,25 @@ package net.i2p.router.web;
 
 import java.io.File;
 import java.text.DecimalFormat;
+
 import net.i2p.crypto.TrustedUpdate;
 import net.i2p.router.Router;
 import net.i2p.router.RouterContext;
-import net.i2p.util.I2PThread;
+import net.i2p.router.RouterVersion;
 import net.i2p.util.EepGet;
+import net.i2p.util.I2PThread;
 import net.i2p.util.Log;
 
 /**
- * Handle the request to update the router by firing off an EepGet call and
- * displaying its status to anyone who asks.  After the download completes,
- * it is verified with the TrustedUpdate, and if it is authentic, the router
- * is restarted.
- *
+ * <p>Handles the request to update the router by firing off an
+ * {@link net.i2p.util.EepGet} call to download the latest signed update file
+ * and displaying the status to anyone who asks.
+ * </p>
+ * <p>After the download completes the signed update file is verified with
+ * {@link net.i2p.crypto.TrustedUpdate}, and if it's authentic the payload
+ * of the signed update file is unpacked and the router is restarted to complete
+ * the update process.
+ * </p>
  */
 public class UpdateHandler {
     private static UpdateRunner _updateRunner;
@@ -140,7 +146,7 @@ public class UpdateHandler {
         public void transferComplete(long alreadyTransferred, long bytesTransferred, long bytesRemaining, String url, String outputFile) {
             _status = "<b>Update downloaded</b><br />";
             TrustedUpdate up = new TrustedUpdate(_context);
-            boolean ok = up.migrateVerified(SIGNED_UPDATE_FILE, "i2pupdate.zip");
+            boolean ok = up.migrateVerified(RouterVersion.VERSION, SIGNED_UPDATE_FILE, "i2pupdate.zip");
             File f = new File(SIGNED_UPDATE_FILE);
             f.delete();
             if (ok) {