echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Router: No longer check the clove ID in the Bloom filter, just check the expiration.

Browse Source 
The Clove ID is just another random number, and the message ID in the clove
will be checked in the Bloom filter; that is sufficient.
Checking the clove ID as well just doubles the number of entries in the Bloom filter,
doubling the number of false positives over what is expected.
For ECIES-Ratchet, the clove ID is set to the message ID after decryption, as there
is no longer a separate field for the clove ID in the transmission format.
This commit is contained in:
zzz
2019-11-05 16:43:12 +00:00
parent 656dd42276
commit bc40978297
4 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
router/java/src/net/i2p/router/message/GarlicMessageBuilder.java
View File

@ -407,9 +407,10 @@ public class GarlicMessageBuilder {
}
/**
* Build the unencrypted GarlicMessage specified by the config.
* It contains the number of cloves, followed by each clove,
* followed by a certificate, ID, and expiration date.
* Build the unencrypted CloveSet specified by the config.
* Unlike for Elgamal, the cloves do not contain a unique
* ID and expiration, and the CloveSet does not contain
* a unique certificate, ID, or expiration date.
*
* @throws IllegalArgumentException on error
* @since 0.9.44
@ -440,8 +441,8 @@ public class GarlicMessageBuilder {
private static GarlicClove buildECIESClove(RouterContext ctx, PayloadGarlicConfig config) {
GarlicClove clove = new GarlicClove(ctx);
clove.setData(config.getPayload());
clove.setCertificate(config.getCertificate());
clove.setCloveId(config.getId());
clove.setCertificate(Certificate.NULL_CERT);
clove.setCloveId(0);
clove.setExpiration(new Date(config.getExpiration()));
clove.setInstructions(config.getDeliveryInstructions());
return clove;

13
router/java/src/net/i2p/router/message/GarlicMessageReceiver.java
View File

@ -120,8 +120,17 @@ public class GarlicMessageReceiver {
}
private boolean isValid(GarlicClove clove) {
String invalidReason = _context.messageValidator().validateMessage(clove.getCloveId(),
clove.getExpiration().getTime());
// As of 0.9.44, no longer check the clove ID in the Bloom filter, just check the expiration.
// The Clove ID is just another random number, and the message ID in the clove
// will be checked in the Bloom filter; that is sufficient.
// Checking the clove ID as well just doubles the number of entries in the Bloom filter,
// doubling the number of false positives over what is expected.
// For ECIES-Ratchet, the clove ID is set to the message ID after decryption, as there
// is no longer a separate field for the clove ID in the transmission format.
//String invalidReason = _context.messageValidator().validateMessage(clove.getCloveId(),
// clove.getExpiration().getTime());
String invalidReason = _context.messageValidator().validateMessage(clove.getExpiration().getTime());
boolean rv = invalidReason == null;
if (!rv) {
String howLongAgo = DataHelper.formatDuration(_context.clock().now()-clove.getExpiration().getTime());

8
router/java/src/net/i2p/router/message/OutboundClientMessageJobHelper.java
View File

@ -153,6 +153,8 @@ class OutboundClientMessageJobHelper {
Log log = ctx.logManager().getLog(OutboundClientMessageJobHelper.class);
if (replyToken >= 0 && log.shouldLog(Log.DEBUG))
log.debug("Reply token: " + replyToken);
// need random CloveSet ID as it's checked in receiver MessageValidator pre-0.9.44
// See GarlicMessageReceiver
GarlicConfig config = new GarlicConfig(Certificate.NULL_CERT,
ctx.random().nextLong(I2NPMessage.MAX_ID_VALUE),
expiration, DeliveryInstructions.LOCAL);
@ -233,6 +235,8 @@ class OutboundClientMessageJobHelper {
} else {
msg = dsm;
}
// need random CloveSet ID as it's checked in receiver GMR.isValid() MessageValidator pre-0.9.44
// See GarlicMessageReceiver
PayloadGarlicConfig ackClove = new PayloadGarlicConfig(Certificate.NULL_CERT,
ctx.random().nextLong(I2NPMessage.MAX_ID_VALUE),
expiration, ackInstructions, msg);
@ -295,6 +299,8 @@ class OutboundClientMessageJobHelper {
DataMessage msg = new DataMessage(ctx);
msg.setData(data.getEncryptedData());
// need random CloveSet ID as it's checked in receiver GMR.isValid() MessageValidator pre-0.9.44
// See GarlicMessageReceiver
PayloadGarlicConfig clove = new PayloadGarlicConfig(Certificate.NULL_CERT,
ctx.random().nextLong(I2NPMessage.MAX_ID_VALUE),
expiration, instructions, msg);
@ -313,6 +319,8 @@ class OutboundClientMessageJobHelper {
DatabaseStoreMessage msg = new DatabaseStoreMessage(ctx);
msg.setEntry(replyLeaseSet);
msg.setMessageExpiration(expiration);
// need random CloveSet ID as it's checked in receiver GMR.isValid() MessageValidator pre-0.9.44
// See GarlicMessageReceiver
PayloadGarlicConfig clove = new PayloadGarlicConfig(Certificate.NULL_CERT,
ctx.random().nextLong(I2NPMessage.MAX_ID_VALUE),
expiration, DeliveryInstructions.LOCAL, msg);

2
router/java/src/net/i2p/router/message/OutboundClientMessageOneShotJob.java
View File

@ -941,6 +941,8 @@ public class OutboundClientMessageOneShotJob extends JobImpl {
msg.setData(d);
long expires = OVERALL_TIMEOUT_MS_DEFAULT + getContext().clock().now();
msg.setMessageExpiration(expires);
// need random CloveSet ID as it's checked in receiver GMR.isValid() MessageValidator pre-0.9.44
// See GarlicMessageReceiver
PayloadGarlicConfig clove = new PayloadGarlicConfig(Certificate.NULL_CERT,
getContext().random().nextLong(I2NPMessage.MAX_ID_VALUE),
expires,