NetDB: Disable sending encrypted messages to ECIES routers for now

The #ls2 team plans to change the specification and re-enable after the 0.9.48 release
2020-11-17 16:21:10 +00:00
parent c9e6bef825
commit e811238d60
6 changed files with 27 additions and 8 deletions
--- a/history.txt
+++ b/history.txt
@ -2,8 +2,7 @@
 * Jetty:
   - Update to 9.3.29.v20201019
   - Patch to fix console not starting on Java 11.0.9.1
-
-2020-11-17 zzz
+ * NetDB: Disable sending encrypted messages to ECIES routers
 * Wrapper: Add missing binaries for armv7 and aarch64
   to installer (ticket #2308)

--- a/router/java/src/net/i2p/data/i2np/DatabaseLookupMessage.java
+++ b/router/java/src/net/i2p/data/i2np/DatabaseLookupMessage.java
@ -22,7 +22,9 @@ import net.i2p.data.PublicKey;
 import net.i2p.data.SessionKey;
 import net.i2p.data.SessionTag;
 import net.i2p.data.TunnelId;
+import net.i2p.data.router.RouterIdentity;
 import net.i2p.data.router.RouterInfo;
+import net.i2p.router.LeaseSetKeys;
 import net.i2p.router.crypto.ratchet.RatchetSessionTag;
 import net.i2p.util.VersionComparator;

@ -45,6 +47,8 @@ public class DatabaseLookupMessage extends FastI2NPMessageImpl {
    private PublicKey _ratchetPubKey;
    private Type _type;
    
+    public static final boolean USE_ECIES_FF = false;
+
    //private static volatile long _currentLookupPeriod = 0;
    //private static volatile int _currentLookupCount = 0;
    // if we try to send over 20 netDb lookups in 10 seconds, we're acting up
@ -221,7 +225,13 @@ public class DatabaseLookupMessage extends FastI2NPMessageImpl {
        if (to == null)
            return false;
        String v = to.getVersion();
-        return VersionComparator.comp(v, MIN_ENCRYPTION_VERSION) >= 0;
+        if (VersionComparator.comp(v, MIN_ENCRYPTION_VERSION) < 0)
+            return false;
+        RouterIdentity ident = to.getIdentity();
+        EncType type = ident.getPublicKey().getType();
+        if (USE_ECIES_FF)
+            return LeaseSetKeys.SET_BOTH.contains(type);
+        return type == EncType.ELGAMAL_2048;
    }
    
    /**
@ -234,7 +244,13 @@ public class DatabaseLookupMessage extends FastI2NPMessageImpl {
        if (to == null)
            return false;
        String v = to.getVersion();
-        return VersionComparator.comp(v, MIN_RATCHET_VERSION) >= 0;
+        if (VersionComparator.comp(v, MIN_RATCHET_VERSION) < 0)
+            return false;
+        RouterIdentity ident = to.getIdentity();
+        EncType type = ident.getPublicKey().getType();
+        if (USE_ECIES_FF)
+            return LeaseSetKeys.SET_BOTH.contains(type);
+        return type == EncType.ELGAMAL_2048;
    }
    
    /**
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@ -18,7 +18,7 @@ public class RouterVersion {
    /** deprecated */
    public final static String ID = "Monotone";
    public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 14;
+    public final static long BUILD = 15;

    /** for example "-test" */
    public final static String EXTRA = "-rc";
--- a/router/java/src/net/i2p/router/networkdb/kademlia/ExploreJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/ExploreJob.java
@ -143,7 +143,7 @@ class ExploreJob extends SearchJob {
        boolean encryptElG = ctx.getProperty(IterativeSearchJob.PROP_ENCRYPT_RI, IterativeSearchJob.DEFAULT_ENCRYPT_RI);
        I2NPMessage outMsg;
        if (replyTunnelId != null &&
-            ((encryptElG && type == EncType.ELGAMAL_2048) || type == EncType.ECIES_X25519)) {
+            ((encryptElG && type == EncType.ELGAMAL_2048) || (type == EncType.ECIES_X25519 && DatabaseLookupMessage.USE_ECIES_FF))) {
            EncType ourType = ctx.keyManager().getPublicKey().getType();
            boolean ratchet1 = ourType.equals(EncType.ECIES_X25519);
            boolean ratchet2 = DatabaseLookupMessage.supportsRatchetReplies(peer);
--- a/router/java/src/net/i2p/router/networkdb/kademlia/IterativeSearchJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/IterativeSearchJob.java
@ -442,7 +442,7 @@ public class IterativeSearchJob extends FloodSearchJob {
                    // request encrypted reply
                    // now covered by version check above, which is more recent
                    //if (DatabaseLookupMessage.supportsEncryptedReplies(ri)) {
-                    if (!LeaseSetKeys.SET_BOTH.contains(type)) {
+                    if (!(type == EncType.ELGAMAL_2048 || (type == EncType.ECIES_X25519 && DatabaseLookupMessage.USE_ECIES_FF))) {
                        failed(peer, false);
                        if (_log.shouldLog(Log.WARN))
                            _log.warn(getJobId() + ": Can't do encrypted lookup to " + peer + " with EncType " + type);
--- a/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
@ -23,6 +23,7 @@ import net.i2p.data.LeaseSet;
 import net.i2p.data.router.RouterIdentity;
 import net.i2p.data.router.RouterInfo;
 import net.i2p.data.TunnelId;
+import net.i2p.data.i2np.DatabaseLookupMessage;
 import net.i2p.data.i2np.DatabaseStoreMessage;
 import net.i2p.data.i2np.I2NPMessage;
 import net.i2p.data.router.RouterIdentity;
@ -649,7 +650,10 @@ abstract class StoreJob extends JobImpl {
        RouterIdentity ident = ri.getIdentity();
        if (ident.getSigningPublicKey().getType() == SigType.DSA_SHA1)
            return false;
-        return LeaseSetKeys.SET_BOTH.contains(ident.getPublicKey().getType());
+        EncType type = ident.getPublicKey().getType();
+        if (DatabaseLookupMessage.USE_ECIES_FF)
+            return LeaseSetKeys.SET_BOTH.contains(type);
+        return type == EncType.ELGAMAL_2048;
    }

    /** @since 0.9.38 */