From 62a3da2fa64f053f4cab9c53a4015c2947d9984e Mon Sep 17 00:00:00 2001 From: zzz Date: Sun, 30 Aug 2009 16:04:28 +0000 Subject: [PATCH 1/4] javadoc updates for SKM changes --- core/java/src/net/i2p/I2PAppContext.java | 10 +++++++--- core/java/src/net/i2p/crypto/ElGamalAESEngine.java | 8 ++++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/core/java/src/net/i2p/I2PAppContext.java b/core/java/src/net/i2p/I2PAppContext.java index 025378d8c..86c1dc907 100644 --- a/core/java/src/net/i2p/I2PAppContext.java +++ b/core/java/src/net/i2p/I2PAppContext.java @@ -388,9 +388,13 @@ public class I2PAppContext { * The session key manager which coordinates the sessionKey / sessionTag * data. This component allows transparent operation of the * ElGamal/AES+SessionTag algorithm, and contains all of the session tags - * for one particular application. If you want to seperate multiple apps - * to have their own sessionTags and sessionKeys, they should use different - * I2PAppContexts, and hence, different sessionKeyManagers. + * for one particular application. + * + * This is deprecated for client use, it should be used only by the router + * as its own key manager. Not that clients are doing end-to-end crypto anyway. + * + * For client crypto within the router, + * use RouterContext.clientManager.getClientSessionKeyManager(dest) * */ public SessionKeyManager sessionKeyManager() { diff --git a/core/java/src/net/i2p/crypto/ElGamalAESEngine.java b/core/java/src/net/i2p/crypto/ElGamalAESEngine.java index 3e191faaa..98e9e62cc 100644 --- a/core/java/src/net/i2p/crypto/ElGamalAESEngine.java +++ b/core/java/src/net/i2p/crypto/ElGamalAESEngine.java @@ -59,14 +59,18 @@ public class ElGamalAESEngine { } /** - * Decrypt the message using the given private key using tags from the given key manager. + * Decrypt the message using the given private key using tags from the default key manager. + * + * @deprecated specify the key manager! */ public byte[] decrypt(byte data[], PrivateKey targetPrivateKey) throws DataFormatException { return decrypt(data, targetPrivateKey, _context.sessionKeyManager()); } /** - * Decrypt the message using the given private key. This works according to the + * Decrypt the message using the given private key + * and using tags from the specified key manager. + * This works according to the * ElGamal+AES algorithm in the data structure spec. * */ From e6e6c004978a14e9dc69c221a0e1647172e2fa95 Mon Sep 17 00:00:00 2001 From: zzz Date: Sun, 30 Aug 2009 16:04:50 +0000 Subject: [PATCH 2/4] tostring updates for debugging --- core/java/src/net/i2p/data/SessionKey.java | 5 ++++- core/java/src/net/i2p/data/SessionTag.java | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/core/java/src/net/i2p/data/SessionKey.java b/core/java/src/net/i2p/data/SessionKey.java index b89bee505..d4696ca00 100644 --- a/core/java/src/net/i2p/data/SessionKey.java +++ b/core/java/src/net/i2p/data/SessionKey.java @@ -83,6 +83,8 @@ public class SessionKey extends DataStructureImpl { @Override public String toString() { + return "SessionKey " + toBase64(); + /**** if (true) return super.toString(); StringBuilder buf = new StringBuilder(64); buf.append("[SessionKey: "); @@ -97,5 +99,6 @@ public class SessionKey extends DataStructureImpl { } buf.append("]"); return buf.toString(); + ****/ } -} \ No newline at end of file +} diff --git a/core/java/src/net/i2p/data/SessionTag.java b/core/java/src/net/i2p/data/SessionTag.java index 54826e7e3..d50b392b4 100644 --- a/core/java/src/net/i2p/data/SessionTag.java +++ b/core/java/src/net/i2p/data/SessionTag.java @@ -58,4 +58,8 @@ public class SessionTag extends ByteArray { out.write(getData()); } -} \ No newline at end of file + @Override + public String toString() { + return "SessionTag " + toBase64(); + } +} From c714c1a0c9632876a47cc31b7e4599776b0687b4 Mon Sep 17 00:00:00 2001 From: zzz Date: Sun, 30 Aug 2009 16:05:12 +0000 Subject: [PATCH 3/4] instantiate per-client SKM --- .../net/i2p/router/client/ClientConnectionRunner.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/router/java/src/net/i2p/router/client/ClientConnectionRunner.java b/router/java/src/net/i2p/router/client/ClientConnectionRunner.java index 90c7fe23b..e5aa1b5ab 100644 --- a/router/java/src/net/i2p/router/client/ClientConnectionRunner.java +++ b/router/java/src/net/i2p/router/client/ClientConnectionRunner.java @@ -18,6 +18,7 @@ import java.util.Map; import java.util.Set; import net.i2p.crypto.SessionKeyManager; +import net.i2p.crypto.TransientSessionKeyManager; import net.i2p.data.Destination; import net.i2p.data.Hash; import net.i2p.data.LeaseSet; @@ -188,11 +189,11 @@ public class ClientConnectionRunner { if (_log.shouldLog(Log.DEBUG)) _log.debug("SessionEstablished called for destination " + _destHashCache.toBase64()); _config = config; - // per-dest unimplemented - //if (_sessionKeyManager == null) - // _sessionKeyManager = new TransientSessionKeyManager(_context); - //else - // _log.error("SessionEstablished called for twice for destination " + _destHashCache.toBase64().substring(0,4)); + // per-destination session key manager to prevent rather easy correlation + if (_sessionKeyManager == null) + _sessionKeyManager = new TransientSessionKeyManager(_context); + else + _log.error("SessionEstablished called for twice for destination " + _destHashCache.toBase64().substring(0,4)); _manager.destinationEstablished(this); } From 5ca2f306b81268877cb902e46fe7261b703000b7 Mon Sep 17 00:00:00 2001 From: zzz Date: Sun, 30 Aug 2009 16:05:33 +0000 Subject: [PATCH 4/4] consume sessiontag after failed tunnel test --- .../src/net/i2p/router/tunnel/pool/TestJob.java | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/router/java/src/net/i2p/router/tunnel/pool/TestJob.java b/router/java/src/net/i2p/router/tunnel/pool/TestJob.java index c0633ef9f..2396222df 100644 --- a/router/java/src/net/i2p/router/tunnel/pool/TestJob.java +++ b/router/java/src/net/i2p/router/tunnel/pool/TestJob.java @@ -28,6 +28,8 @@ class TestJob extends JobImpl { private TunnelInfo _outTunnel; private TunnelInfo _replyTunnel; private PooledTunnelCreatorConfig _otherTunnel; + /** save this so we can tell the SKM to kill it if the test fails */ + private SessionTag _encryptTag; /** base to randomize the test delay on */ private static final int TEST_DELAY = 30*1000; @@ -125,12 +127,12 @@ class TestJob extends JobImpl { payload.setExpiration(m.getMessageExpiration()); SessionKey encryptKey = getContext().keyGenerator().generateSessionKey(); - SessionTag encryptTag = new SessionTag(true); + _encryptTag = new SessionTag(true); SessionKey sentKey = new SessionKey(); Set sentTags = null; GarlicMessage msg = GarlicMessageBuilder.buildMessage(getContext(), payload, sentKey, sentTags, getContext().keyManager().getPublicKey(), - encryptKey, encryptTag); + encryptKey, _encryptTag); if (msg == null) { // overloaded / unknown peers / etc @@ -138,7 +140,8 @@ class TestJob extends JobImpl { return; } Set encryptTags = new HashSet(1); - encryptTags.add(encryptTag); + encryptTags.add(_encryptTag); + // Register the single tag with the SKM getContext().sessionKeyManager().tagsReceived(encryptKey, encryptTags); if (_log.shouldLog(Log.DEBUG)) @@ -304,8 +307,11 @@ class TestJob extends JobImpl { public void runJob() { if (_log.shouldLog(Log.WARN)) _log.warn("Timeout: found? " + _found, getAddedBy()); - if (!_found) + if (!_found) { + // don't clog up the SKM with old one-tag tagsets + getContext().sessionKeyManager().consumeTag(_encryptTag); testFailed(getContext().clock().now() - _started); + } } @Override