Prop 157 updates

- Fix registration of reply key/tag with SKM - Allow OTBRM down client tunnel - Disable tunnel hop throttles for allowLocal - Various cleanups

Prop 157 updates
426fbcbf · zzz · a7d9ca92 · 426fbcbf · 426fbcbf · 426fbcbf
Unverified Commit 426fbcbf authored 3 years ago by zzz
--- a/router/java/src/net/i2p/router/tunnel/InboundMessageDistributor.java
+++ b/router/java/src/net/i2p/router/tunnel/InboundMessageDistributor.java
@@ -318,7 +318,8 @@ class InboundMessageDistributor implements GarlicMessageReceiver.CloveReceiver {
                        _context.statManager().addRateData("tunnel.handleLoadClove", 1);
                        data = null;
                        //_context.inNetMessagePool().add(data, null, null);
-                } else if (_client != null && type != DeliveryStatusMessage.MESSAGE_TYPE) {
+                } else if (_client != null && type != DeliveryStatusMessage.MESSAGE_TYPE &&
+                           type != OutboundTunnelBuildReplyMessage.MESSAGE_TYPE) {
                            // drop it, since the data we receive shouldn't include other stuff, 
                            // as that might open an attack vector
                            _context.statManager().addRateData("tunnel.dropDangerousClientTunnelMessage", 1, 

--- a/router/java/src/net/i2p/router/tunnel/TunnelCreatorConfig.java
+++ b/router/java/src/net/i2p/router/tunnel/TunnelCreatorConfig.java
@@ -421,6 +421,9 @@ public abstract class TunnelCreatorConfig implements TunnelInfo {
                 buf.append("\nHop ").append(i);
             buf.append(": ").append(_config[i]);
        }
+        if (_garlicReplyKeys != null) {
+            buf.append("\nGarlic reply key: ").append(_garlicReplyKeys.key).append(" tag: ").append(_garlicReplyKeys.rtag);
+        }
        return buf.toString();
    }
 }
--- a/router/java/src/net/i2p/router/tunnel/pool/BuildHandler.java
+++ b/router/java/src/net/i2p/router/tunnel/pool/BuildHandler.java
@@ -13,7 +13,6 @@ import net.i2p.data.EmptyProperties;
 import net.i2p.data.Hash;
 import net.i2p.data.router.RouterIdentity;
 import net.i2p.data.router.RouterInfo;
-import net.i2p.data.SessionKey;
 import net.i2p.data.TunnelId;
 import net.i2p.data.i2np.BuildRequestRecord;
 import net.i2p.data.i2np.BuildResponseRecord;
@@ -32,9 +31,7 @@ import net.i2p.router.Job;
 import net.i2p.router.JobImpl;
 import net.i2p.router.OutNetMessage;
 import net.i2p.router.RouterContext;
-import net.i2p.router.crypto.ratchet.RatchetSessionTag;
 import net.i2p.router.networkdb.kademlia.MessageWrapper;
-import net.i2p.router.networkdb.kademlia.MessageWrapper.OneTimeSession;
 import net.i2p.router.peermanager.TunnelHistory;
 import net.i2p.router.tunnel.HopConfig;
 import net.i2p.router.tunnel.TunnelDispatcher;
@@ -161,9 +158,10 @@ class BuildHandler implements Runnable {
        
        _processor = new BuildMessageProcessor(ctx);
        // used for previous hop, for all requests
-        _requestThrottler = new RequestThrottler(ctx);
+        boolean testMode = ctx.getBooleanProperty("i2np.allowLocal");
+        _requestThrottler = testMode ? null : new RequestThrottler(ctx);
        // used for previous and next hops, for successful builds only
-        _throttler = new ParticipatingThrottler(ctx);
+        _throttler = testMode ? null : new ParticipatingThrottler(ctx);
        _buildReplyHandler = new BuildReplyHandler(ctx);
        _buildMessageHandlerJob = new TunnelBuildMessageHandlerJob(ctx);
        _buildReplyMessageHandlerJob = new TunnelBuildReplyMessageHandlerJob(ctx);
@@ -854,7 +852,7 @@ class BuildHandler implements Runnable {
        // Check participating throttle counters for previous and next hops
        // This is at the end as it compares to a percentage of created tunnels.
        // We may need another counter above for requests.
-        if (response == 0 && !isInGW) {
+        if (response == 0 && !isInGW && _throttler != null) {
            if (from != null && _throttler.shouldThrottle(from)) {
                if (_log.shouldLog(Log.WARN))
                    _log.warn("Rejecting tunnel (hop throttle), previous hop: " + from + ": " + req);
@@ -864,7 +862,7 @@ class BuildHandler implements Runnable {
            }
        }
        if (response == 0 && (!isOutEnd) &&
-            _throttler.shouldThrottle(nextPeer)) {
+            _throttler != null && _throttler.shouldThrottle(nextPeer)) {
            if (_log.shouldLog(Log.WARN))
                _log.warn("Rejecting tunnel (hop throttle), next hop: " + req);
            _context.statManager().addRateData("tunnel.rejectHopThrottle", 1);
@@ -1020,10 +1018,7 @@ class BuildHandler implements Runnable {
            I2NPMessage outMessage;
            if (state.msg.getType() == ShortTunnelBuildMessage.MESSAGE_TYPE) {
                // garlic encrypt
-                OneTimeSession ots = req.readGarlicKeys();
-                SessionKey sk = ots.key;
-                RatchetSessionTag st = ots.rtag;
-                outMessage = MessageWrapper.wrap(_context, replyMsg, sk, st);
+                outMessage = MessageWrapper.wrap(_context, replyMsg, req.readGarlicKeys());
                if (outMessage == null) {
                    if (_log.shouldWarn())
                        _log.warn("OTBRM encrypt fail");
@@ -1102,7 +1097,7 @@ class BuildHandler implements Runnable {
                            accept = false;
                        }
                    }
-                    if (accept) {
+                    if (accept && _requestThrottler != null) {
                        // early request throttle check, before queueing and decryption
                        Hash fh = fromHash;
                        if (fh == null && from != null)

--- a/router/java/src/net/i2p/router/tunnel/pool/BuildRequestor.java
+++ b/router/java/src/net/i2p/router/tunnel/pool/BuildRequestor.java
@@ -146,19 +146,15 @@ abstract class BuildRequestor {
        Hash farEnd = cfg.getFarEnd();
        TunnelManagerFacade mgr = ctx.tunnelManager();
        boolean isInbound = settings.isInbound();
+        // OB only, short record only
+        SessionKeyManager replySKM = null;
        if (settings.isExploratory() || !usePairedTunnels(ctx)) {
            if (isInbound) {
                pairedTunnel = mgr.selectOutboundExploratoryTunnel(farEnd);
            } else {
                pairedTunnel = mgr.selectInboundExploratoryTunnel(farEnd);
                if (pairedTunnel != null) {
-                    OneTimeSession ots = cfg.getGarlicReplyKeys();
-                    if (ots != null) {
-                        SessionKeyManager skm = ctx.sessionKeyManager();
-                        RatchetSKM rskm = (RatchetSKM) skm;
-                        rskm.tagsReceived(ots.key, ots.rtag, 2 * BUILD_MSG_TIMEOUT);
-                        cfg.setGarlicReplyKeys(null);
-                    }
+                    replySKM = ctx.sessionKeyManager();
                }
            }
        } else {
@@ -169,26 +165,10 @@ abstract class BuildRequestor {
            } else {
                pairedTunnel = mgr.selectInboundTunnel(from, farEnd);
                if (pairedTunnel != null) {
-                    OneTimeSession ots = cfg.getGarlicReplyKeys();
-                    if (ots != null) {
-                        SessionKeyManager skm = ctx.clientManager().getClientSessionKeyManager(from);
-                        if (skm != null) {
-                            if (skm instanceof RatchetSKM) {
-                                RatchetSKM rskm = (RatchetSKM) skm;
-                                rskm.tagsReceived(ots.key, ots.rtag, 2 * BUILD_MSG_TIMEOUT);
-                                cfg.setGarlicReplyKeys(null);
-                            } else if (skm instanceof MuxedSKM) {
-                                MuxedSKM mskm = (MuxedSKM) skm;
-                                mskm.tagsReceived(ots.key, ots.rtag, 2 * BUILD_MSG_TIMEOUT);
-                                cfg.setGarlicReplyKeys(null);
-                            } else {
-                                // ElG-only won't work, fall back to expl.
-                                pairedTunnel = null;
-                            }
-                        } else {
-                            // no client SKM, fall back to expl.
-                            pairedTunnel = null;
-                        }
+                    replySKM = ctx.clientManager().getClientSessionKeyManager(from);
+                    if (replySKM == null && cfg.getGarlicReplyKeys() != null) {
+                        // no client SKM, fall back to expl.
+                        pairedTunnel = null;
                    }
                }
            }
@@ -218,13 +198,7 @@ abstract class BuildRequestor {
                        pairedTunnel = null;
                    }
                    if (pairedTunnel != null) {
-                        OneTimeSession ots = cfg.getGarlicReplyKeys();
-                        if (ots != null) {
-                            SessionKeyManager skm = ctx.sessionKeyManager();
-                            RatchetSKM rskm = (RatchetSKM) skm;
-                            rskm.tagsReceived(ots.key, ots.rtag, 2 * BUILD_MSG_TIMEOUT);
-                            cfg.setGarlicReplyKeys(null);
-                        }
+                        replySKM = ctx.sessionKeyManager();
                    }
                }
                if (pairedTunnel != null && log.shouldLog(Log.INFO))
@@ -305,6 +279,21 @@ abstract class BuildRequestor {
            }
            OutNetMessage outMsg = new OutNetMessage(ctx, msg, ctx.clock().now() + FIRST_HOP_TIMEOUT, PRIORITY, peer);
            outMsg.setOnFailedSendJob(new TunnelBuildFirstHopFailJob(ctx, cfg, exec));
+            OneTimeSession ots = cfg.getGarlicReplyKeys();
+            if (ots != null && replySKM != null) {
+                if (replySKM instanceof RatchetSKM) {
+                    RatchetSKM rskm = (RatchetSKM) replySKM;
+                    rskm.tagsReceived(ots.key, ots.rtag, 2 * BUILD_MSG_TIMEOUT);
+                } else if (replySKM instanceof MuxedSKM) {
+                    MuxedSKM mskm = (MuxedSKM) replySKM;
+                    mskm.tagsReceived(ots.key, ots.rtag, 2 * BUILD_MSG_TIMEOUT);
+                } else {
+                    // non-EC client, shouldn't happen, checked at top of createTunnelBuildMessage() below
+                    if (log.shouldWarn())
+                        log.warn("Unsupported SKM for garlic reply to: " + cfg);
+                }
+                cfg.setGarlicReplyKeys(null);
+            }
            try {
                ctx.outNetMessagePool().add(outMsg);
            } catch (RuntimeException re) {
@@ -345,8 +334,8 @@ abstract class BuildRequestor {
        Hash replyRouter;
        boolean useVariable = SEND_VARIABLE && cfg.getLength() <= MEDIUM_RECORDS;
        boolean useShortTBM = SEND_SHORT && ctx.keyManager().getPublicKey().getType() == EncType.ECIES_X25519;
-        if (useShortTBM && !pool.getSettings().isExploratory()) {
-            // pool must be EC also
+        if (useShortTBM && !cfg.isInbound() && !pool.getSettings().isExploratory()) {
+            // client must be EC also to get garlic OTBRM reply
            LeaseSetKeys lsk = ctx.keyManager().getKeys(pool.getSettings().getDestination());
            if (lsk != null) {
                if (!lsk.isSupported(EncType.ECIES_X25519))