don't accept streams from RSA detinations

7 years ago · 272090fc8f
parent ab6bc52a0f
commit 272090fc8f
4 changed files with 16 additions and 3 deletions
--- a/libi2pd/Identity.cpp
+++ b/libi2pd/Identity.cpp
@ -324,6 +324,12 @@ namespace data
 		return SIGNING_KEY_TYPE_DSA_SHA1;
 	}

+	bool IdentityEx::IsRSA () const
+	{
+		auto sigType = GetSigningKeyType ();
+		return sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048;
+	}
+
 	CryptoKeyType IdentityEx::GetCryptoKeyType () const
 	{
 		if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 4)
--- a/libi2pd/Identity.h
+++ b/libi2pd/Identity.h
@ -103,6 +103,7 @@ namespace data
 			size_t GetSignatureLen () const;
 			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
 			SigningKeyType GetSigningKeyType () const;
+			bool IsRSA () const; // signing key type
 			CryptoKeyType GetCryptoKeyType () const;
 			void DropVerifier () const; // to save memory

--- a/libi2pd/RouterInfo.cpp
+++ b/libi2pd/RouterInfo.cpp
@ -133,10 +133,9 @@ namespace data
 		if (verifySignature)
 		{	
 			// reject RSA signatures
-			auto sigType = m_RouterIdentity->GetSigningKeyType ();
-			if (sigType <= SIGNING_KEY_TYPE_RSA_SHA512_4096 && sigType >= SIGNING_KEY_TYPE_RSA_SHA256_2048)
+			if (m_RouterIdentity->IsRSA ())
 			{
-				LogPrint (eLogError, "RouterInfo: RSA signature type ", sigType, " is not allowed");
+				LogPrint (eLogError, "RouterInfo: RSA signature type is not allowed");
 				m_IsUnreachable = true;
 				return;
 			}
--- a/libi2pd/Streaming.cpp
+++ b/libi2pd/Streaming.cpp
@ -230,6 +230,13 @@ namespace stream
 		if (flags & PACKET_FLAG_FROM_INCLUDED)
 		{
 			m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, packet->GetOptionSize ());
+			if (m_RemoteIdentity->IsRSA ())
+			{
+				LogPrint (eLogInfo, "Streaming: Incoming stream from RSA destination ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), "  Discarded");
+				m_LocalDestination.DeletePacket (packet);
+				Terminate ();
+				return;
+			}
 			optionData += m_RemoteIdentity->GetFullLen ();
 			if (!m_RemoteLeaseSet)
 				LogPrint (eLogDebug, "Streaming: Incoming stream from ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), ", sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);