zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

NTCP2: On inbound MSB check fail,

Browse Source 
ban IP and do probing resistance, as on AEAD fail
This commit is contained in:
zzz
2025-05-03 10:14:52 -04:00
parent abbda43e84
commit 0bd60989de
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
router/java/src/net/i2p/router/transport/ntcp/InboundEstablishState.java
View File

@ -304,7 +304,17 @@ class InboundEstablishState extends EstablishBase implements NTCP2Payload.Payloa
}
// fast MSB check for key < 2^255
if ((_X[KEY_SIZE - 1] & 0x80) != 0) {
fail("Bad PK msg 1");
// same probing resistance strategy as below
_padlen1 = _context.random().nextInt(PADDING1_FAIL_MAX) - src.remaining();
if (_padlen1 > 0) {
if (_log.shouldWarn())
_log.warn("Bad PK msg 1, X = " + Base64.encode(_X, 0, KEY_SIZE) + " with " + src.remaining() +
" more bytes, waiting for " + _padlen1 + " more bytes");
changeState(State.IB_NTCP2_READ_RANDOM);
} else {
fail("Bad PK msg 1, X = " + Base64.encode(_X, 0, KEY_SIZE) + " remaining = " + src.remaining());
}
_transport.getPumper().blockIP(_con.getRemoteIP());
return;
}