echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I2CP, i2ptunnel: Check for expired offline signature client-side

Browse Source 
Better error message on the router side
This commit is contained in:
zzz
2020-06-06 18:44:49 +00:00
parent ac76d544b9
commit f1a277c4d7
3 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelServer.java
View File

@ -43,6 +43,7 @@ import net.i2p.client.streaming.IncomingConnectionFilter;
import net.i2p.client.streaming.StatefulConnectionFilter; import net.i2p.client.streaming.StatefulConnectionFilter;
import net.i2p.crypto.SigType; import net.i2p.crypto.SigType;
import net.i2p.data.Base64; import net.i2p.data.Base64;
import net.i2p.data.DataHelper;
import net.i2p.data.Hash; import net.i2p.data.Hash;
import net.i2p.util.EventDispatcher; import net.i2p.util.EventDispatcher;
import net.i2p.util.I2PAppThread; import net.i2p.util.I2PAppThread;
@ -302,9 +303,15 @@ public class I2PTunnelServer extends I2PTunnelTask implements Runnable {
*/ */
private void connectManager() { private void connectManager() {
int retries = 0; int retries = 0;
while (sockMgr.getSession().isClosed()) { I2PSession session = sockMgr.getSession();
if (session.isOffline()) {
long exp = session.getOfflineExpiration();
if (exp < getTunnel().getContext().clock().now())
throw new IllegalArgumentException("Offline signature expired " + DataHelper.formatTime(exp));
}
while (session.isClosed()) {
try { try {
sockMgr.getSession().connect(); session.connect();
// Now connect the subsessions, if any // Now connect the subsessions, if any
List<I2PSession> subs = sockMgr.getSubsessions(); List<I2PSession> subs = sockMgr.getSubsessions();
if (!subs.isEmpty()) { if (!subs.isEmpty()) {

6
core/java/src/net/i2p/client/impl/I2CPMessageProducer.java
View File

@ -23,6 +23,7 @@ import net.i2p.client.I2PSessionException;
import net.i2p.client.SendMessageOptions; import net.i2p.client.SendMessageOptions;
import net.i2p.data.DatabaseEntry; import net.i2p.data.DatabaseEntry;
import net.i2p.data.DataFormatException; import net.i2p.data.DataFormatException;
import net.i2p.data.DataHelper;
import net.i2p.data.Destination; import net.i2p.data.Destination;
import net.i2p.data.LeaseSet; import net.i2p.data.LeaseSet;
import net.i2p.data.Payload; import net.i2p.data.Payload;
@ -148,7 +149,10 @@ class I2CPMessageProducer {
} }
cfg.setOptions(p); cfg.setOptions(p);
if (isOffline) { if (isOffline) {
cfg.setOfflineSignature(session.getOfflineExpiration(), long exp = session.getOfflineExpiration();
if (exp < _context.clock().now())
throw new I2PSessionException("Offline signature expired " + DataHelper.formatTime(exp));
cfg.setOfflineSignature(exp,
session.getTransientSigningPublicKey(), session.getTransientSigningPublicKey(),
session.getOfflineSignature()); session.getOfflineSignature());
} }

6
router/java/src/net/i2p/router/client/ClientMessageEventListener.java
View File

@ -250,8 +250,12 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
msg += DataHelper.formatDuration(0 - skew) + " in the future"; msg += DataHelper.formatDuration(0 - skew) + " in the future";
_log.error(msg); _log.error(msg);
_runner.disconnectClient(msg); _runner.disconnectClient(msg);
} else if (in.getOfflineSignature() != null && in.getOfflineExpiration() < _context.clock().now()) {
String msg = "Offline signature expired " + DataHelper.formatTime(in.getOfflineExpiration());
_log.error(msg);
_runner.disconnectClient(msg);
} else { } else {
_log.error("Signature verification failed on a create session message"); _log.error("Signature verification failed on a create session message:\n" + in);
_runner.disconnectClient("Invalid signature on CreateSessionMessage"); _runner.disconnectClient("Invalid signature on CreateSessionMessage");
} }
return; return;