zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

SSU: Fix bug preventing inbound connection from non-DSA router (ticket #1408)

Browse Source 
Transports: If we are non-DSA, check for compatibility before connecting out
This commit is contained in:
zzz
2014-11-08 18:01:13 +00:00
parent cb87f9f307
commit 4691fc69d5
5 changed files with 56 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
history.txt
View File

@@ -1,3 +1,10 @@
2014-11-08 zzz
* EdDSA: Bump minimum router version to 0.9.17
* i2psnark: Add support for specifying data dir in add form (ticket #1028)
* ProfileOrganizer: More efficient slice calculation
* SSU: Fix bug preventing inbound connection from non-DSA router (ticket #1408)
* Transports: If non-DSA, check for compatibility before connecting out
2014-11-06 zzz 2014-11-06 zzz
Prop from i2p.i2p.zzz.test2: Prop from i2p.i2p.zzz.test2:
* Blockfile: * Blockfile:

2
router/java/src/net/i2p/router/RouterVersion.java
View File

@@ -18,7 +18,7 @@ public class RouterVersion {
/** deprecated */ /** deprecated */
public final static String ID = "Monotone"; public final static String ID = "Monotone";
public final static String VERSION = CoreVersion.VERSION; public final static String VERSION = CoreVersion.VERSION;
public final static long BUILD = 2; public final static long BUILD = 3;
/** for example "-test" */ /** for example "-test" */
public final static String EXTRA = ""; public final static String EXTRA = "";

24
router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java
View File

@@ -23,6 +23,7 @@ import java.util.TreeSet;
import java.util.Vector; import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import net.i2p.crypto.SigType;
import net.i2p.data.DataHelper; import net.i2p.data.DataHelper;
import net.i2p.data.Hash; import net.i2p.data.Hash;
import net.i2p.data.router.RouterAddress; import net.i2p.data.router.RouterAddress;
@@ -47,6 +48,7 @@ import net.i2p.util.ConcurrentHashSet;
import net.i2p.util.Log; import net.i2p.util.Log;
import net.i2p.util.OrderedProperties; import net.i2p.util.OrderedProperties;
import net.i2p.util.SystemVersion; import net.i2p.util.SystemVersion;
import net.i2p.util.VersionComparator;
/** /**
* The NIO TCP transport * The NIO TCP transport
@@ -101,6 +103,12 @@ public class NTCPTransport extends TransportImpl {
//private static final String THINSP = " / "; //private static final String THINSP = " / ";
private static final String THINSP = " / "; private static final String THINSP = " / ";
/**
* RI sigtypes supported in 0.9.16
*/
private static final String MIN_SIGTYPE_VERSION = "0.9.16";
public NTCPTransport(RouterContext ctx, DHSessionKeyBuilder.Factory dh) { public NTCPTransport(RouterContext ctx, DHSessionKeyBuilder.Factory dh) {
super(ctx); super(ctx);
_dhFactory = dh; _dhFactory = dh;
@@ -356,11 +364,25 @@ public class NTCPTransport extends TransportImpl {
} }
// Check for supported sig type // Check for supported sig type
if (toAddress.getIdentity().getSigningPublicKey().getType() == null) { SigType type = toAddress.getIdentity().getSigType();
if (type == null || !type.isAvailable()) {
markUnreachable(peer); markUnreachable(peer);
return null; return null;
} }
// Can we connect to them if we are not DSA?
RouterInfo us = _context.router().getRouterInfo();
if (us != null) {
RouterIdentity id = us.getIdentity();
if (id.getSigType() != SigType.DSA_SHA1) {
String v = toAddress.getOption("router.version");
if (v != null && VersionComparator.comp(v, MIN_SIGTYPE_VERSION) < 0) {
markUnreachable(peer);
return null;
}
}
}
if (!allowConnection()) { if (!allowConnection()) {
if (_log.shouldLog(Log.WARN)) if (_log.shouldLog(Log.WARN))
_log.warn("no bid when trying to send to " + peer + ", max connection limit reached"); _log.warn("no bid when trying to send to " + peer + ", max connection limit reached");

2
router/java/src/net/i2p/router/transport/udp/InboundEstablishState.java
View File

@@ -448,7 +448,7 @@ class InboundEstablishState {
DataHelper.toLong(signed, off, 4, _sentRelayTag); DataHelper.toLong(signed, off, 4, _sentRelayTag);
off += 4; off += 4;
DataHelper.toLong(signed, off, 4, _receivedSignedOnTime); DataHelper.toLong(signed, off, 4, _receivedSignedOnTime);
Signature sig = new Signature(_receivedSignature); Signature sig = new Signature(_receivedUnconfirmedIdentity.getSigType(), _receivedSignature);
boolean ok = _context.dsa().verifySignature(sig, signed, _receivedUnconfirmedIdentity.getSigningPublicKey()); boolean ok = _context.dsa().verifySignature(sig, signed, _receivedUnconfirmedIdentity.getSigningPublicKey());
if (ok) { if (ok) {
// todo partial spoof detection - get peer.calculateHash(), // todo partial spoof detection - get peer.calculateHash(),

25
router/java/src/net/i2p/router/transport/udp/UDPTransport.java
View File

@@ -22,6 +22,7 @@ import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList; import java.util.concurrent.CopyOnWriteArrayList;
import net.i2p.crypto.SigType;
import net.i2p.data.DatabaseEntry; import net.i2p.data.DatabaseEntry;
import net.i2p.data.DataHelper; import net.i2p.data.DataHelper;
import net.i2p.data.Hash; import net.i2p.data.Hash;
@@ -51,6 +52,7 @@ import net.i2p.util.Log;
import net.i2p.util.OrderedProperties; import net.i2p.util.OrderedProperties;
import net.i2p.util.SimpleTimer; import net.i2p.util.SimpleTimer;
import net.i2p.util.SimpleTimer2; import net.i2p.util.SimpleTimer2;
import net.i2p.util.VersionComparator;
/** /**
* The SSU transport * The SSU transport
@@ -198,6 +200,13 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
//private static final String THINSP = "&thinsp;/&thinsp;"; //private static final String THINSP = "&thinsp;/&thinsp;";
private static final String THINSP = " / "; private static final String THINSP = " / ";
/**
* RI sigtypes supported in 0.9.16, but due to a bug in InboundEstablishState
* fixed in 0.9.17, we cannot connect out to routers before that version.
*/
private static final String MIN_SIGTYPE_VERSION = "0.9.17";
public UDPTransport(RouterContext ctx, DHSessionKeyBuilder.Factory dh) { public UDPTransport(RouterContext ctx, DHSessionKeyBuilder.Factory dh) {
super(ctx); super(ctx);
_dhFactory = dh; _dhFactory = dh;
@@ -1558,11 +1567,25 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
} }
// Check for supported sig type // Check for supported sig type
if (toAddress.getIdentity().getSigningPublicKey().getType() == null) { SigType type = toAddress.getIdentity().getSigType();
if (type == null || !type.isAvailable()) {
markUnreachable(to); markUnreachable(to);
return null; return null;
} }
// Can we connect to them if we are not DSA?
RouterInfo us = _context.router().getRouterInfo();
if (us != null) {
RouterIdentity id = us.getIdentity();
if (id.getSigType() != SigType.DSA_SHA1) {
String v = toAddress.getOption("router.version");
if (v != null && VersionComparator.comp(v, MIN_SIGTYPE_VERSION) < 0) {
markUnreachable(to);
return null;
}
}
}
if (!allowConnection()) if (!allowConnection())
return _cachedBid[TRANSIENT_FAIL_BID]; return _cachedBid[TRANSIENT_FAIL_BID];