zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

NTCP2: Adjust padding defaults and size calculation

Browse Source 
Rekey static after 30 days downtime
This commit is contained in:
zzz
2018-07-01 13:42:59 +00:00
parent eff0cac30b
commit a895bcc91e
2 changed files with 23 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
router/java/src/net/i2p/router/transport/ntcp/NTCPConnection.java
View File

@@ -197,8 +197,8 @@ public class NTCPConnection implements Closeable {
static final int REASON_SIGFAIL = 15;
static final int REASON_S_MISMATCH = 16;
static final int REASON_BANNED = 17;
static final int PADDING_MIN_DEFAULT_INT = 1;
static final int PADDING_MAX_DEFAULT_INT = 2;
static final int PADDING_MIN_DEFAULT_INT = 0;
static final int PADDING_MAX_DEFAULT_INT = 1;
private static final float PADDING_MIN_DEFAULT = PADDING_MIN_DEFAULT_INT / 16.0f;
private static final float PADDING_MAX_DEFAULT = PADDING_MAX_DEFAULT_INT / 16.0f;
static final int DUMMY_DEFAULT = 0;
@@ -207,7 +207,8 @@ public class NTCPConnection implements Closeable {
PADDING_MIN_DEFAULT, PADDING_MAX_DEFAULT,
DUMMY_DEFAULT, DUMMY_DEFAULT,
DELAY_DEFAULT, DELAY_DEFAULT);
private static final int MIN_PADDING_RANGE = 64;
private static final int MIN_PADDING_RANGE = 16;
private static final int MAX_PADDING_RANGE = 128;
private NTCP2Options _paddingConfig;
private int _version;
private CipherState _sender;
@@ -902,13 +903,16 @@ public class NTCPConnection implements Closeable {
// reduce min to enforce minimum range if possible
min = Math.max(0, min - (MIN_PADDING_RANGE - range));
range = max - min;
} else if (range > MAX_PADDING_RANGE) {
// Don't send too much, no matter what the config says
range = MAX_PADDING_RANGE;
}
int padlen = min;
if (range > 0)
padlen += _context.random().nextInt(1 + range);
if (_log.shouldWarn())
_log.warn("Padding params:" +
" size: " + size +
" data size: " + size +
" avail: " + availForPad +
" minSend: " + minSend +
" maxSend: " + maxSend +

18
router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java
View File

@@ -51,6 +51,7 @@ import net.i2p.router.transport.crypto.X25519PublicKey;
import net.i2p.router.transport.crypto.X25519PrivateKey;
import net.i2p.router.util.DecayingHashSet;
import net.i2p.router.util.DecayingBloomFilter;
import net.i2p.router.util.EventLog;
import net.i2p.util.Addresses;
import net.i2p.util.ConcurrentHashSet;
import net.i2p.util.Log;
@@ -132,6 +133,7 @@ public class NTCPTransport extends TransportImpl {
public static final String PROP_NTCP2_IV = "i2np.ntcp2.iv";
private static final int NTCP2_IV_LEN = OutboundNTCP2State.IV_SIZE;
private static final int NTCP2_KEY_LEN = OutboundNTCP2State.KEY_SIZE;
private static final long MIN_DOWNTIME_TO_REKEY = 30*24*60*60*1000L;
private final boolean _enableNTCP2;
private final byte[] _ntcp2StaticPubkey;
private final byte[] _ntcp2StaticPrivkey;
@@ -238,9 +240,19 @@ public class NTCPTransport extends TransportImpl {
byte[] priv = null;
byte[] iv = null;
String b64IV = null;
String s = ctx.getProperty(PROP_NTCP2_SP);
if (s != null) {
priv = Base64.decode(s);
String s = null;
// try to determine if we've been down for 30 days or more
// no stopping, no crashes, and only one start (this one)
EventLog el = _context.router().eventLog();
long since = _context.clock().now() - MIN_DOWNTIME_TO_REKEY;
boolean shouldRekey = el.getEvents(EventLog.STOPPED, since).isEmpty() &&
el.getEvents(EventLog.CRASHED, since).isEmpty() &&
el.getEvents(EventLog.STARTED, since).size() <= 1;
if (!shouldRekey) {
s = ctx.getProperty(PROP_NTCP2_SP);
if (s != null) {
priv = Base64.decode(s);
}
}
if (priv == null || priv.length != NTCP2_KEY_LEN) {
KeyPair keys = xdh.getKeys();