Archives
/
i2pd
mirror of https://github.com/PurpleI2P/i2pd
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

#622. Force SU3 verification by reseed.verify

Browse Source
pull/668/head
orignal 8 years ago
parent f0d098d0ef
commit fe8a0c1a6b
3 changed files with 56 additions and 42 deletions
Show Stats Download Patch File Download Diff File

1
Config.cpp
Unescape Escape View File

@ -150,6 +150,7 @@ namespace config {
options_description reseed("Reseed options"); options_description reseed("Reseed options");
reseed.add_options() reseed.add_options()
("reseed.verify", value<bool>()->default_value(false), "Verify .su3 signature")
("reseed.file", value<std::string>()->default_value(""), "Path to .su3 file") ("reseed.file", value<std::string>()->default_value(""), "Path to .su3 file")
#ifdef MESHNET #ifdef MESHNET
("reseed.urls", value<std::string>()->default_value("https://reseed.i2p.rocks:8443/"), "Reseed URLs, separated by comma") ("reseed.urls", value<std::string>()->default_value("https://reseed.i2p.rocks:8443/"), "Reseed URLs, separated by comma")

12
Reseed.cpp
Unescape Escape View File

@ -131,6 +131,9 @@ namespace data
s.read (signerID, signerIDLength); // signerID s.read (signerID, signerIDLength); // signerID
signerID[signerIDLength] = 0; signerID[signerIDLength] = 0;
bool verify; i2p::config::GetOption("reseed.verify", verify);
if (verify)
{
//try to verify signature //try to verify signature
auto it = m_SigningKeys.find (signerID); auto it = m_SigningKeys.find (signerID);
if (it != m_SigningKeys.end ()) if (it != m_SigningKeys.end ())
@ -162,6 +165,8 @@ namespace data
// we can't use RSA_verify due wrong padding in SU3 // we can't use RSA_verify due wrong padding in SU3
if (memcmp (enSigBuf + (signatureLength - 64), digest, 64)) if (memcmp (enSigBuf + (signatureLength - 64), digest, 64))
LogPrint (eLogWarning, "Reseed: SU3 signature verification failed"); LogPrint (eLogWarning, "Reseed: SU3 signature verification failed");
else
verify = false; // verified
delete[] enSigBuf; delete[] enSigBuf;
BN_free (s); BN_free (n); BN_free (s); BN_free (n);
BN_CTX_free (bnctx); BN_CTX_free (bnctx);
@ -176,6 +181,13 @@ namespace data
} }
else else
LogPrint (eLogWarning, "Reseed: Certificate for ", signerID, " not loaded"); LogPrint (eLogWarning, "Reseed: Certificate for ", signerID, " not loaded");
}
if (verify) // not verified
{
LogPrint (eLogError, "Reseed: SU3 verification failed");
return 0;
}
// handle content // handle content
int numFiles = 0; int numFiles = 0;

5
docs/configuration.md
Unescape Escape View File

@ -72,8 +72,9 @@ All options below still possible in cmdline, but better write it in config file:
* --upnp.name= - Name i2pd appears in UPnP forwardings list. I2Pd by default * --upnp.name= - Name i2pd appears in UPnP forwardings list. I2Pd by default
* --precomputation.elgamal= - Use ElGamal precomputated tables. false for x64 and true for other platforms by default * --precomputation.elgamal= - Use ElGamal precomputated tables. false for x64 and true for other platforms by default
* --reseed.file - Full path to SU3 file to reseed from * --reseed.verify= - Request SU3 signature verification
* --reseed.urls - Reseed URLs, separated by comma * --reseed.file= - Full path to SU3 file to reseed from
* --reseed.urls= - Reseed URLs, separated by comma
* --limits.transittunnels= - Override maximum number of transit tunnels. 2500 by default * --limits.transittunnels= - Override maximum number of transit tunnels. 2500 by default

Write Preview
Loading…
Cancel
Save