mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2025-06-21 21:38:20 +02:00
check for compatibility of LeaseSet encryption keys with local destination's encryption type
Some checks are pending
Build Debian packages / bookworm (push) Waiting to run
Build Debian packages / bullseye (push) Waiting to run
Build Debian packages / buster (push) Waiting to run
Build on FreeBSD / with UPnP (push) Waiting to run
Build on OSX / With USE_UPNP=no (push) Waiting to run
Build on OSX / With USE_UPNP=yes (push) Waiting to run
Build on Windows / clang-x86_64 (push) Waiting to run
Build on Windows / i686 (push) Waiting to run
Build on Windows / ucrt-x86_64 (push) Waiting to run
Build on Windows / x86_64 (push) Waiting to run
Build on Windows / CMake clang-x86_64 (push) Waiting to run
Build on Windows / CMake i686 (push) Waiting to run
Build on Windows / CMake ucrt-x86_64 (push) Waiting to run
Build on Windows / CMake x86_64 (push) Waiting to run
Build on Windows / XP (push) Waiting to run
Build on Ubuntu / Make with USE_UPNP=no (push) Waiting to run
Build on Ubuntu / Make with USE_UPNP=yes (push) Waiting to run
Build on Ubuntu / CMake with -DWITH_UPNP=OFF (push) Waiting to run
Build on Ubuntu / CMake with -DWITH_UPNP=ON (push) Waiting to run
Build containers / Building container for linux/arm/v7 (push) Waiting to run
Build containers / Building container for linux/386 (push) Waiting to run
Build containers / Building container for linux/amd64 (push) Waiting to run
Build containers / Building container for linux/arm64 (push) Waiting to run
Build containers / Pushing merged manifest (push) Blocked by required conditions
Some checks are pending
Build Debian packages / bookworm (push) Waiting to run
Build Debian packages / bullseye (push) Waiting to run
Build Debian packages / buster (push) Waiting to run
Build on FreeBSD / with UPnP (push) Waiting to run
Build on OSX / With USE_UPNP=no (push) Waiting to run
Build on OSX / With USE_UPNP=yes (push) Waiting to run
Build on Windows / clang-x86_64 (push) Waiting to run
Build on Windows / i686 (push) Waiting to run
Build on Windows / ucrt-x86_64 (push) Waiting to run
Build on Windows / x86_64 (push) Waiting to run
Build on Windows / CMake clang-x86_64 (push) Waiting to run
Build on Windows / CMake i686 (push) Waiting to run
Build on Windows / CMake ucrt-x86_64 (push) Waiting to run
Build on Windows / CMake x86_64 (push) Waiting to run
Build on Windows / XP (push) Waiting to run
Build on Ubuntu / Make with USE_UPNP=no (push) Waiting to run
Build on Ubuntu / Make with USE_UPNP=yes (push) Waiting to run
Build on Ubuntu / CMake with -DWITH_UPNP=OFF (push) Waiting to run
Build on Ubuntu / CMake with -DWITH_UPNP=ON (push) Waiting to run
Build containers / Building container for linux/arm/v7 (push) Waiting to run
Build containers / Building container for linux/386 (push) Waiting to run
Build containers / Building container for linux/amd64 (push) Waiting to run
Build containers / Building container for linux/arm64 (push) Waiting to run
Build containers / Pushing merged manifest (push) Blocked by required conditions
This commit is contained in:
orignal
parent
9c393f50da
commit
ba0352e9a0
5 changed files with 43 additions and 33 deletions
|
|
@ -661,7 +661,7 @@ namespace http {
|
|||
else
|
||||
{
|
||||
ls.reset (new i2p::data::LeaseSet2 (storeType));
|
||||
ls->Update (leaseSet->GetBuffer(), leaseSet->GetBufferLen(), false);
|
||||
ls->Update (leaseSet->GetBuffer(), leaseSet->GetBufferLen(), nullptr, false);
|
||||
}
|
||||
if (!ls) return;
|
||||
s << "<div class=\"leaseset listitem";
|
||||
|
|
|
|||
|
|
@ -450,7 +450,7 @@ namespace client
|
|||
leaseSet = it->second;
|
||||
if (leaseSet->IsNewer (buf + offset, len - offset))
|
||||
{
|
||||
leaseSet->Update (buf + offset, len - offset);
|
||||
leaseSet->Update (buf + offset, len - offset, shared_from_this(), true);
|
||||
if (leaseSet->IsValid () && leaseSet->GetIdentHash () == key && !leaseSet->IsExpired ())
|
||||
LogPrint (eLogDebug, "Destination: Remote LeaseSet updated");
|
||||
else
|
||||
|
|
@ -471,7 +471,8 @@ namespace client
|
|||
else
|
||||
{
|
||||
leaseSet = std::make_shared<i2p::data::LeaseSet2> (buf[DATABASE_STORE_TYPE_OFFSET],
|
||||
buf + offset, len - offset, true, from ? from->GetRemoteStaticKeyType () : GetPreferredCryptoType () ); // LeaseSet2
|
||||
buf + offset, len - offset, true, shared_from_this (),
|
||||
from ? from->GetRemoteStaticKeyType () : GetPreferredCryptoType () ); // LeaseSet2
|
||||
if (from)
|
||||
{
|
||||
uint8_t pub[32];
|
||||
|
|
@ -511,8 +512,8 @@ namespace client
|
|||
if (request->requestedBlindedKey)
|
||||
{
|
||||
auto ls2 = std::make_shared<i2p::data::LeaseSet2> (buf + offset, len - offset,
|
||||
request->requestedBlindedKey, m_LeaseSetPrivKey ? ((const uint8_t *)*m_LeaseSetPrivKey) : nullptr,
|
||||
GetPreferredCryptoType ());
|
||||
request->requestedBlindedKey, shared_from_this (),
|
||||
m_LeaseSetPrivKey ? ((const uint8_t *)*m_LeaseSetPrivKey) : nullptr, GetPreferredCryptoType ());
|
||||
if (ls2->IsValid () && !ls2->IsExpired ())
|
||||
{
|
||||
leaseSet = ls2;
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ namespace data
|
|||
ReadFromBuffer ();
|
||||
}
|
||||
|
||||
void LeaseSet::Update (const uint8_t * buf, size_t len, bool verifySignature)
|
||||
void LeaseSet::Update (const uint8_t * buf, size_t len, std::shared_ptr<LocalDestination> dest, bool verifySignature)
|
||||
{
|
||||
SetBuffer (buf, len);
|
||||
ReadFromBuffer (false, verifySignature);
|
||||
|
|
@ -281,28 +281,29 @@ namespace data
|
|||
LogPrint (eLogError, "LeaseSet2: Actual buffer size ", int(len) , " exceeds full buffer size ", int(m_BufferLen));
|
||||
}
|
||||
|
||||
LeaseSet2::LeaseSet2 (uint8_t storeType, const uint8_t * buf, size_t len, bool storeLeases, CryptoKeyType preferredCrypto):
|
||||
LeaseSet2::LeaseSet2 (uint8_t storeType, const uint8_t * buf, size_t len,
|
||||
bool storeLeases, std::shared_ptr<LocalDestination> dest, CryptoKeyType preferredCrypto):
|
||||
LeaseSet (storeLeases), m_StoreType (storeType), m_EncryptionType (preferredCrypto)
|
||||
{
|
||||
SetBuffer (buf, len);
|
||||
if (storeType == NETDB_STORE_TYPE_ENCRYPTED_LEASESET2)
|
||||
ReadFromBufferEncrypted (buf, len, nullptr, nullptr);
|
||||
ReadFromBufferEncrypted (buf, len, nullptr, dest, nullptr);
|
||||
else
|
||||
ReadFromBuffer (buf, len);
|
||||
ReadFromBuffer (buf, len, dest);
|
||||
}
|
||||
|
||||
LeaseSet2::LeaseSet2 (const uint8_t * buf, size_t len, std::shared_ptr<const BlindedPublicKey> key,
|
||||
const uint8_t * secret, CryptoKeyType preferredCrypto):
|
||||
std::shared_ptr<LocalDestination> dest, const uint8_t * secret, CryptoKeyType preferredCrypto):
|
||||
LeaseSet (true), m_StoreType (NETDB_STORE_TYPE_ENCRYPTED_LEASESET2), m_EncryptionType (preferredCrypto)
|
||||
{
|
||||
ReadFromBufferEncrypted (buf, len, key, secret);
|
||||
ReadFromBufferEncrypted (buf, len, key, dest, secret);
|
||||
}
|
||||
|
||||
void LeaseSet2::Update (const uint8_t * buf, size_t len, bool verifySignature)
|
||||
void LeaseSet2::Update (const uint8_t * buf, size_t len, std::shared_ptr<LocalDestination> dest, bool verifySignature)
|
||||
{
|
||||
SetBuffer (buf, len);
|
||||
if (GetStoreType () != NETDB_STORE_TYPE_ENCRYPTED_LEASESET2)
|
||||
ReadFromBuffer (buf, len, false, verifySignature);
|
||||
ReadFromBuffer (buf, len, dest, false, verifySignature);
|
||||
// TODO: implement encrypted
|
||||
}
|
||||
|
||||
|
|
@ -312,7 +313,8 @@ namespace data
|
|||
return ExtractPublishedTimestamp (buf, len, expiration) > m_PublishedTimestamp;
|
||||
}
|
||||
|
||||
void LeaseSet2::ReadFromBuffer (const uint8_t * buf, size_t len, bool readIdentity, bool verifySignature)
|
||||
void LeaseSet2::ReadFromBuffer (const uint8_t * buf, size_t len, std::shared_ptr<LocalDestination> dest,
|
||||
bool readIdentity, bool verifySignature)
|
||||
{
|
||||
// standard LS2 header
|
||||
std::shared_ptr<const IdentityEx> identity;
|
||||
|
|
@ -350,7 +352,7 @@ namespace data
|
|||
switch (m_StoreType)
|
||||
{
|
||||
case NETDB_STORE_TYPE_STANDARD_LEASESET2:
|
||||
s = ReadStandardLS2TypeSpecificPart (buf + offset, len - offset);
|
||||
s = ReadStandardLS2TypeSpecificPart (buf + offset, len - offset, dest);
|
||||
break;
|
||||
case NETDB_STORE_TYPE_META_LEASESET2:
|
||||
s = ReadMetaLS2TypeSpecificPart (buf + offset, len - offset);
|
||||
|
|
@ -392,7 +394,8 @@ namespace data
|
|||
return verified;
|
||||
}
|
||||
|
||||
size_t LeaseSet2::ReadStandardLS2TypeSpecificPart (const uint8_t * buf, size_t len)
|
||||
size_t LeaseSet2::ReadStandardLS2TypeSpecificPart (const uint8_t * buf, size_t len,
|
||||
std::shared_ptr<LocalDestination> dest)
|
||||
{
|
||||
size_t offset = 0;
|
||||
// properties
|
||||
|
|
@ -417,7 +420,8 @@ namespace data
|
|||
if (keyType <= i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD) // skip PQ keys if not supported
|
||||
#endif
|
||||
{
|
||||
if (keyType <= preferredKeyType && (!m_Encryptor || keyType > m_EncryptionType))
|
||||
if ((keyType == preferredKeyType || !m_Encryptor || keyType > m_EncryptionType) &&
|
||||
(!dest || dest->SupportsEncryptionType (keyType)))
|
||||
{
|
||||
auto encryptor = i2p::data::IdentityEx::CreateEncryptor (keyType, buf + offset);
|
||||
if (encryptor)
|
||||
|
|
@ -498,7 +502,8 @@ namespace data
|
|||
return offset;
|
||||
}
|
||||
|
||||
void LeaseSet2::ReadFromBufferEncrypted (const uint8_t * buf, size_t len, std::shared_ptr<const BlindedPublicKey> key, const uint8_t * secret)
|
||||
void LeaseSet2::ReadFromBufferEncrypted (const uint8_t * buf, size_t len,
|
||||
std::shared_ptr<const BlindedPublicKey> key, std::shared_ptr<LocalDestination> dest, const uint8_t * secret)
|
||||
{
|
||||
size_t offset = 0;
|
||||
// blinded key
|
||||
|
|
@ -601,7 +606,7 @@ namespace data
|
|||
m_StoreType = innerPlainText[0];
|
||||
SetBuffer (innerPlainText.data () + 1, lenInnerPlaintext - 1);
|
||||
// parse and verify Layer 2
|
||||
ReadFromBuffer (innerPlainText.data () + 1, lenInnerPlaintext - 1);
|
||||
ReadFromBuffer (innerPlainText.data () + 1, lenInnerPlaintext - 1, dest);
|
||||
}
|
||||
else
|
||||
LogPrint (eLogError, "LeaseSet2: Unexpected LeaseSet type ", (int)innerPlainText[0], " inside encrypted LeaseSet");
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ namespace data
|
|||
|
||||
LeaseSet (const uint8_t * buf, size_t len, bool storeLeases = true);
|
||||
virtual ~LeaseSet () { delete[] m_EncryptionKey; delete[] m_Buffer; };
|
||||
virtual void Update (const uint8_t * buf, size_t len, bool verifySignature = true);
|
||||
virtual void Update (const uint8_t * buf, size_t len, std::shared_ptr<LocalDestination> dest, bool verifySignature);
|
||||
virtual bool IsNewer (const uint8_t * buf, size_t len) const;
|
||||
void PopulateLeases (); // from buffer
|
||||
|
||||
|
|
@ -155,15 +155,17 @@ namespace data
|
|||
public:
|
||||
|
||||
LeaseSet2 (uint8_t storeType): LeaseSet (true), m_StoreType (storeType) {}; // for update
|
||||
LeaseSet2 (uint8_t storeType, const uint8_t * buf, size_t len, bool storeLeases = true, CryptoKeyType preferredCrypto = CRYPTO_KEY_TYPE_ECIES_X25519_AEAD);
|
||||
LeaseSet2 (const uint8_t * buf, size_t len, std::shared_ptr<const BlindedPublicKey> key, const uint8_t * secret = nullptr, CryptoKeyType preferredCrypto = CRYPTO_KEY_TYPE_ECIES_X25519_AEAD); // store type 5, called from local netdb only
|
||||
uint8_t GetStoreType () const { return m_StoreType; };
|
||||
uint32_t GetPublishedTimestamp () const { return m_PublishedTimestamp; };
|
||||
LeaseSet2 (uint8_t storeType, const uint8_t * buf, size_t len, bool storeLeases = true,
|
||||
std::shared_ptr<LocalDestination> dest = nullptr, CryptoKeyType preferredCrypto = CRYPTO_KEY_TYPE_ECIES_X25519_AEAD);
|
||||
LeaseSet2 (const uint8_t * buf, size_t len, std::shared_ptr<const BlindedPublicKey> key,
|
||||
std::shared_ptr<LocalDestination> dest = nullptr, const uint8_t * secret = nullptr, CryptoKeyType preferredCrypto = CRYPTO_KEY_TYPE_ECIES_X25519_AEAD); // store type 5, called from local netdb only
|
||||
uint8_t GetStoreType () const override { return m_StoreType; };
|
||||
uint32_t GetPublishedTimestamp () const override { return m_PublishedTimestamp; };
|
||||
bool IsPublic () const { return m_IsPublic; };
|
||||
bool IsPublishedEncrypted () const { return m_IsPublishedEncrypted; };
|
||||
std::shared_ptr<const i2p::crypto::Verifier> GetTransientVerifier () const { return m_TransientVerifier; };
|
||||
void Update (const uint8_t * buf, size_t len, bool verifySignature);
|
||||
bool IsNewer (const uint8_t * buf, size_t len) const;
|
||||
bool IsPublishedEncrypted () const override { return m_IsPublishedEncrypted; };
|
||||
std::shared_ptr<const i2p::crypto::Verifier> GetTransientVerifier () const override { return m_TransientVerifier; };
|
||||
void Update (const uint8_t * buf, size_t len, std::shared_ptr<LocalDestination> dest, bool verifySignature) override;
|
||||
bool IsNewer (const uint8_t * buf, size_t len) const override;
|
||||
|
||||
// implements RoutingDestination
|
||||
void Encrypt (const uint8_t * data, uint8_t * encrypted) const;
|
||||
|
|
@ -171,15 +173,17 @@ namespace data
|
|||
|
||||
private:
|
||||
|
||||
void ReadFromBuffer (const uint8_t * buf, size_t len, bool readIdentity = true, bool verifySignature = true);
|
||||
void ReadFromBufferEncrypted (const uint8_t * buf, size_t len, std::shared_ptr<const BlindedPublicKey> key, const uint8_t * secret);
|
||||
size_t ReadStandardLS2TypeSpecificPart (const uint8_t * buf, size_t len);
|
||||
void ReadFromBuffer (const uint8_t * buf, size_t len, std::shared_ptr<LocalDestination> dest,
|
||||
bool readIdentity = true, bool verifySignature = true);
|
||||
void ReadFromBufferEncrypted (const uint8_t * buf, size_t len, std::shared_ptr<const BlindedPublicKey> key,
|
||||
std::shared_ptr<LocalDestination> dest, const uint8_t * secret);
|
||||
size_t ReadStandardLS2TypeSpecificPart (const uint8_t * buf, size_t len, std::shared_ptr<LocalDestination> dest);
|
||||
size_t ReadMetaLS2TypeSpecificPart (const uint8_t * buf, size_t len);
|
||||
|
||||
template<typename Verifier>
|
||||
bool VerifySignature (Verifier& verifier, const uint8_t * buf, size_t len, size_t signatureOffset);
|
||||
|
||||
uint64_t ExtractExpirationTimestamp (const uint8_t * buf, size_t len) const;
|
||||
uint64_t ExtractExpirationTimestamp (const uint8_t * buf, size_t len) const override;
|
||||
uint64_t ExtractPublishedTimestamp (const uint8_t * buf, size_t len, uint64_t& expiration) const;
|
||||
size_t ExtractClientAuthData (const uint8_t * buf, size_t len, const uint8_t * secret, const uint8_t * subcredential, uint8_t * authCookie) const; // subcredential is subcredential + timestamp, return length of autData without flag
|
||||
|
||||
|
|
|
|||
|
|
@ -361,7 +361,7 @@ namespace data
|
|||
{
|
||||
if(it->second->GetExpirationTime() < expires)
|
||||
{
|
||||
it->second->Update (buf, len, false); // signature is verified already
|
||||
it->second->Update (buf, len, nullptr, false); // signature is verified already
|
||||
if (CheckLogLevel (eLogInfo))
|
||||
LogPrint (eLogInfo, "NetDb: LeaseSet updated: ", ident.ToBase32());
|
||||
updated = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue