diff --git a/history.txt b/history.txt index 8cef34339..5cc5230c7 100644 --- a/history.txt +++ b/history.txt @@ -1,3 +1,10 @@ +2014-11-08 zzz + * EdDSA: Bump minimum router version to 0.9.17 + * i2psnark: Add support for specifying data dir in add form (ticket #1028) + * ProfileOrganizer: More efficient slice calculation + * SSU: Fix bug preventing inbound connection from non-DSA router (ticket #1408) + * Transports: If non-DSA, check for compatibility before connecting out + 2014-11-06 zzz Prop from i2p.i2p.zzz.test2: * Blockfile: diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java index 282c18b42..0725033fa 100644 --- a/router/java/src/net/i2p/router/RouterVersion.java +++ b/router/java/src/net/i2p/router/RouterVersion.java @@ -18,7 +18,7 @@ public class RouterVersion { /** deprecated */ public final static String ID = "Monotone"; public final static String VERSION = CoreVersion.VERSION; - public final static long BUILD = 2; + public final static long BUILD = 3; /** for example "-test" */ public final static String EXTRA = ""; diff --git a/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java b/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java index b58392777..1a7ec1ed4 100644 --- a/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java +++ b/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java @@ -23,6 +23,7 @@ import java.util.TreeSet; import java.util.Vector; import java.util.concurrent.ConcurrentHashMap; +import net.i2p.crypto.SigType; import net.i2p.data.DataHelper; import net.i2p.data.Hash; import net.i2p.data.router.RouterAddress; @@ -47,6 +48,7 @@ import net.i2p.util.ConcurrentHashSet; import net.i2p.util.Log; import net.i2p.util.OrderedProperties; import net.i2p.util.SystemVersion; +import net.i2p.util.VersionComparator; /** * The NIO TCP transport @@ -101,6 +103,12 @@ public class NTCPTransport extends TransportImpl { //private static final String THINSP = " / "; private static final String THINSP = " / "; + /** + * RI sigtypes supported in 0.9.16 + */ + private static final String MIN_SIGTYPE_VERSION = "0.9.16"; + + public NTCPTransport(RouterContext ctx, DHSessionKeyBuilder.Factory dh) { super(ctx); _dhFactory = dh; @@ -356,11 +364,25 @@ public class NTCPTransport extends TransportImpl { } // Check for supported sig type - if (toAddress.getIdentity().getSigningPublicKey().getType() == null) { + SigType type = toAddress.getIdentity().getSigType(); + if (type == null || !type.isAvailable()) { markUnreachable(peer); return null; } + // Can we connect to them if we are not DSA? + RouterInfo us = _context.router().getRouterInfo(); + if (us != null) { + RouterIdentity id = us.getIdentity(); + if (id.getSigType() != SigType.DSA_SHA1) { + String v = toAddress.getOption("router.version"); + if (v != null && VersionComparator.comp(v, MIN_SIGTYPE_VERSION) < 0) { + markUnreachable(peer); + return null; + } + } + } + if (!allowConnection()) { if (_log.shouldLog(Log.WARN)) _log.warn("no bid when trying to send to " + peer + ", max connection limit reached"); diff --git a/router/java/src/net/i2p/router/transport/udp/InboundEstablishState.java b/router/java/src/net/i2p/router/transport/udp/InboundEstablishState.java index 6d1f17755..590aa29ed 100644 --- a/router/java/src/net/i2p/router/transport/udp/InboundEstablishState.java +++ b/router/java/src/net/i2p/router/transport/udp/InboundEstablishState.java @@ -448,7 +448,7 @@ class InboundEstablishState { DataHelper.toLong(signed, off, 4, _sentRelayTag); off += 4; DataHelper.toLong(signed, off, 4, _receivedSignedOnTime); - Signature sig = new Signature(_receivedSignature); + Signature sig = new Signature(_receivedUnconfirmedIdentity.getSigType(), _receivedSignature); boolean ok = _context.dsa().verifySignature(sig, signed, _receivedUnconfirmedIdentity.getSigningPublicKey()); if (ok) { // todo partial spoof detection - get peer.calculateHash(), diff --git a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java index c8d9a1944..80a383c9d 100644 --- a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java +++ b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java @@ -22,6 +22,7 @@ import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.CopyOnWriteArrayList; +import net.i2p.crypto.SigType; import net.i2p.data.DatabaseEntry; import net.i2p.data.DataHelper; import net.i2p.data.Hash; @@ -51,6 +52,7 @@ import net.i2p.util.Log; import net.i2p.util.OrderedProperties; import net.i2p.util.SimpleTimer; import net.i2p.util.SimpleTimer2; +import net.i2p.util.VersionComparator; /** * The SSU transport @@ -198,6 +200,13 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority //private static final String THINSP = " / "; private static final String THINSP = " / "; + /** + * RI sigtypes supported in 0.9.16, but due to a bug in InboundEstablishState + * fixed in 0.9.17, we cannot connect out to routers before that version. + */ + private static final String MIN_SIGTYPE_VERSION = "0.9.17"; + + public UDPTransport(RouterContext ctx, DHSessionKeyBuilder.Factory dh) { super(ctx); _dhFactory = dh; @@ -1558,11 +1567,25 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority } // Check for supported sig type - if (toAddress.getIdentity().getSigningPublicKey().getType() == null) { + SigType type = toAddress.getIdentity().getSigType(); + if (type == null || !type.isAvailable()) { markUnreachable(to); return null; } + // Can we connect to them if we are not DSA? + RouterInfo us = _context.router().getRouterInfo(); + if (us != null) { + RouterIdentity id = us.getIdentity(); + if (id.getSigType() != SigType.DSA_SHA1) { + String v = toAddress.getOption("router.version"); + if (v != null && VersionComparator.comp(v, MIN_SIGTYPE_VERSION) < 0) { + markUnreachable(to); + return null; + } + } + } + if (!allowConnection()) return _cachedBid[TRANSIENT_FAIL_BID];