From 5d8871c17ca2e4f8f9f52e54b4c36e64b0531dae Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Wed, 23 Oct 2019 13:21:22 +0000
Subject: [PATCH] NetDb: Don't try to garlic encrypt netdb messages with a
 ECIES key

---
 .../kademlia/FloodfillVerifyStoreJob.java     | 23 +++++++++++++++----
 .../router/networkdb/kademlia/StoreJob.java   | 12 ++++++++--
 2 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java b/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
index 4edca56063..daf20e4a6f 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
@@ -4,6 +4,7 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
+import net.i2p.crypto.EncType;
 import net.i2p.data.Certificate;
 import net.i2p.data.DatabaseEntry;
 import net.i2p.data.Destination;
@@ -16,6 +17,7 @@ import net.i2p.data.i2np.DatabaseSearchReplyMessage;
 import net.i2p.data.i2np.DatabaseStoreMessage;
 import net.i2p.data.i2np.I2NPMessage;
 import net.i2p.router.JobImpl;
+import net.i2p.router.LeaseSetKeys;
 import net.i2p.router.MessageSelector;
 import net.i2p.router.ProfileManager;
 import net.i2p.router.ReplyJob;
@@ -54,7 +56,7 @@ class FloodfillVerifyStoreJob extends JobImpl {
     
     /**
      *  Delay a few seconds, then start the verify
-     *  @param client generally the same as key, unless encrypted LS2
+     *  @param client generally the same as key, unless encrypted LS2; non-null
      *  @param published getDate() for RI or LS1, getPublished() for LS2
      *  @param sentTo who to give the credit or blame to, can be null
      */
@@ -150,10 +152,21 @@ class FloodfillVerifyStoreJob extends JobImpl {
             if (isInboundExploratory) {
                 sess = MessageWrapper.generateSession(getContext());
             } else {
-                sess = MessageWrapper.generateSession(getContext(), _client);
-                if (sess == null) {
-                     if (_log.shouldLog(Log.WARN))
-                         _log.warn("No SKM to reply to");
+                LeaseSetKeys lsk = getContext().keyManager().getKeys(_client);
+                if (lsk == null || lsk.isSupported(EncType.ELGAMAL_2048)) {
+                    // garlic encrypt
+                    sess = MessageWrapper.generateSession(getContext(), _client);
+                    if (sess == null) {
+                         if (_log.shouldLog(Log.WARN))
+                             _log.warn("No SKM to reply to");
+                        _facade.verifyFinished(_key);
+                        return;
+                    }
+                } else {
+                    // We don't yet have any way to request/get a ECIES-tagged reply,
+                    // skip it for now.
+                     if (_log.shouldWarn())
+                         _log.warn("Skipping store verify for ECIES client " + _client.toBase32());
                     _facade.verifyFinished(_key);
                     return;
                 }
diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java b/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
index 379b576814..f4d756eecb 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
@@ -12,6 +12,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
 
+import net.i2p.crypto.EncType;
 import net.i2p.crypto.SigType;
 import net.i2p.data.Certificate;
 import net.i2p.data.DatabaseEntry;
@@ -25,6 +26,7 @@ import net.i2p.data.i2np.I2NPMessage;
 import net.i2p.kademlia.KBucketSet;
 import net.i2p.router.Job;
 import net.i2p.router.JobImpl;
+import net.i2p.router.LeaseSetKeys;
 import net.i2p.router.OutNetMessage;
 import net.i2p.router.ReplyJob;
 import net.i2p.router.RouterContext;
@@ -482,7 +484,8 @@ abstract class StoreJob extends JobImpl {
         TunnelInfo outTunnel = getContext().tunnelManager().selectOutboundTunnel(client, to);
         if (outTunnel != null) {
             I2NPMessage sent;
-
+            LeaseSetKeys lsk = getContext().keyManager().getKeys(client);
+            if (lsk == null || lsk.isSupported(EncType.ELGAMAL_2048)) {
                 // garlic encrypt
                 MessageWrapper.WrappedMessage wm = MessageWrapper.wrap(getContext(), msg, client, peer);
                 if (wm == null) {
@@ -493,7 +496,12 @@ abstract class StoreJob extends JobImpl {
                 }
                 sent = wm.getMessage();
                 _state.addPending(to, wm);
-
+            } else {
+                // We don't yet have any way to request/get a ECIES-tagged reply,
+                // so send it unencrypted.
+                sent = msg;
+                _state.addPending(to);
+            }
             SendSuccessJob onReply = new SendSuccessJob(getContext(), peer, outTunnel, sent.getMessageSize());
             FailedJob onFail = new FailedJob(getContext(), peer, getContext().clock().now());
             StoreMessageSelector selector = new StoreMessageSelector(getContext(), getJobId(), peer, token, expiration);
-- 
GitLab