static keys table

libi2pd/NTCP2.cpp

@@ -714,6 +714,7 @@ namespace transport
 						Terminate ();
 						return;
 					}
+					i2p::data::UpdateStaticKey (addr->s, ri.GetIdentHash ()); // good static key
 					i2p::data::netdb.PostI2NPMsg (CreateI2NPMessage (eI2NPDummyMsg, buf.data () + 3, size)); // TODO: should insert ri and not parse it twice
 					// TODO: process options
 

libi2pd/Profiling.cpp

@@ -301,5 +301,33 @@ namespace data
 			}
 		}
 	}
+
+// 	static keys
+
+	struct StaticKeyProfile
+	{
+		i2p::data::IdentHash ident;
+		boost::posix_time::ptime lastUpdateTime;
+	};		
+	//static i2p::fs::HashedStorage g_StaticKeysProfilesStorage("statickeysProfiles", "s", "statickey-", "txt");
+	static std::unordered_map<i2p::data::Tag<32>, std::shared_ptr<StaticKeyProfile> > g_StaticKeysProfiles;	
+	static std::mutex g_StaticKeysProfilesMutex;	
+
+	bool CheckStaticKey (const i2p::data::Tag<32>& staticKey, const i2p::data::IdentHash& ident)
+	{
+		std::unique_lock<std::mutex> l(g_StaticKeysProfilesMutex);
+		auto it = g_StaticKeysProfiles.find (staticKey);
+		if (it != g_StaticKeysProfiles.end ())
+			return it->second->ident == ident;
+		return true;
+	}	
+
+	void UpdateStaticKey (const i2p::data::Tag<32>& staticKey, const i2p::data::IdentHash& ident)
+	{
+		std::unique_lock<std::mutex> l(g_StaticKeysProfilesMutex);
+		auto res = g_StaticKeysProfiles.emplace (staticKey, std::make_shared<StaticKeyProfile>(StaticKeyProfile{ident, GetTime ()}));
+		if (!res.second)
+			res.first->second->lastUpdateTime = GetTime ();
+	}	
 }
 }

libi2pd/Profiling.h

@@ -85,6 +85,10 @@ namespace data
 	void DeleteObsoleteProfiles ();
 	void SaveProfiles ();
 	void PersistProfiles ();
+
+	// static keys
+	bool CheckStaticKey (const i2p::data::Tag<32>& staticKey, const i2p::data::IdentHash& ident);
+	void UpdateStaticKey (const i2p::data::Tag<32>& staticKey, const i2p::data::IdentHash& ident);
 }
 }
 

libi2pd/SSU2Session.cpp

@@ -1073,6 +1073,7 @@ namespace transport
 			return false;
 		}
 		SetRemoteIdentity (ri->GetRouterIdentity ());
+		i2p::data::UpdateStaticKey (m_Address->s, ri->GetIdentHash ()); // good static key
 		AdjustMaxPayloadSize ();
 		m_Server.AddSessionByRouterHash (shared_from_this ()); // we know remote router now
 		m_RemoteTransports = ri->GetCompatibleTransports (false);

libi2pd/Transports.cpp

@@ -507,6 +507,11 @@ namespace transport
 							peer.router->GetPublishedNTCP2V6Address () : peer.router->GetPublishedNTCP2V4Address ();
 						if (address && m_CheckReserved && i2p::util::net::IsInReservedRange(address->host))
 							address = nullptr;
+						if (address && !i2p::data::CheckStaticKey (address->s, ident))
+						{
+							LogPrint (eLogWarning, "Transports: NTCP2 address static key router mismatch ", ident.ToBase64 ());
+							address = nullptr;
+						}	
 						if (address)
 						{
 							auto s = std::make_shared<NTCP2Session> (*m_NTCP2Server, peer.router, address);
@@ -526,6 +531,11 @@ namespace transport
 							peer.router->GetSSU2V6Address () : peer.router->GetSSU2V4Address ();
 						if (address && m_CheckReserved && i2p::util::net::IsInReservedRange(address->host))
 							address = nullptr;
+						if (address && !i2p::data::CheckStaticKey (address->s, ident))
+						{
+							LogPrint (eLogWarning, "Transports: SSU2 address static key router mismatch ", ident.ToBase64 ());
+							address = nullptr;
+						}	
 						if (address && address->IsReachableSSU ())
 						{
 							if (m_SSU2Server->CreateSession (peer.router, address))
@@ -537,6 +547,11 @@ namespace transport
 					{
 						if (!m_NTCP2Server) continue;
 						auto address = peer.router->GetYggdrasilAddress ();
+						if (address && !i2p::data::CheckStaticKey (address->s, ident))
+						{
+							LogPrint (eLogWarning, "Transports: Yggdrasil address static key router mismatch ", ident.ToBase64 ());
+							address = nullptr;
+						}	
 						if (address)
 						{
 							auto s = std::make_shared<NTCP2Session> (*m_NTCP2Server, peer.router, address);