echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Blinding:

Browse Source 
- Fix bugs with lookup password
- Log tweaks
This commit is contained in:
zzz
2019-05-29 19:08:33 +00:00
parent 098bde2a32
commit 040e092153
10 changed files with 64 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/i2ptunnel/jsp/editServer.jsi
View File

@ -523,7 +523,7 @@
java.util.List<String> clientAuths = editBean.getClientAuths(curTunnel, dhClient); java.util.List<String> clientAuths = editBean.getClientAuths(curTunnel, dhClient);
if (!clientAuths.isEmpty()) { if (!clientAuths.isEmpty()) {
%> %>
<tr><td><b><%=intl._t("Revoke?")%>&nbsp;&nbsp;&nbsp;&nbsp;<%=intl._t("Client Name")%></b></td><td><b><%=intl._t("Client Key")%></b></td></tr> <tr><td><b><%=intl._t("Revoke")%>&nbsp;&nbsp;&nbsp;&nbsp;<%=intl._t("Client Name")%></b></td><td><b><%=intl._t("Client Key")%></b></td></tr>
<% <%
int i = 0; int i = 0;
for (String clientAuth : clientAuths) { for (String clientAuth : clientAuths) {
@ -552,7 +552,7 @@
} // for } // for
} // isEmpty } // isEmpty
%> %>
<tr><td><b><%=intl._t("Add?")%>&nbsp;&nbsp;&nbsp;&nbsp;<%=intl._t("Client Name")%></b></td><td> <tr><td><b><%=intl._t("Add")%>&nbsp;&nbsp;&nbsp;&nbsp;<%=intl._t("Client Name")%></b></td><td>
<% <%
if (dhClient) { if (dhClient) {
%> %>

4
apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java
View File

@ -153,8 +153,8 @@ public class ConfigKeyringHandler extends FormHandler {
bdout = new BlindData(_context, spk, blindType, _secret, atype, pk); bdout = new BlindData(_context, spk, blindType, _secret, atype, pk);
} }
if (bdold != null) { if (bdold != null) {
// debug if (_log.shouldDebug())
addFormNotice("already cached: " + bdold); _log.debug("already cached: " + bdold);
} }
try { try {
_context.netDb().setBlindData(bdout); _context.netDb().setBlindData(bdout);

17
core/java/src/net/i2p/client/impl/RequestLeaseSetMessageHandler.java
View File

@ -130,13 +130,7 @@ class RequestLeaseSetMessageHandler extends HandlerImpl {
if (_ls2Type == DatabaseEntry.KEY_TYPE_LS2) { if (_ls2Type == DatabaseEntry.KEY_TYPE_LS2) {
leaseSet = new LeaseSet2(); leaseSet = new LeaseSet2();
} else if (_ls2Type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) { } else if (_ls2Type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) {
EncryptedLeaseSet encls2 = new EncryptedLeaseSet(); leaseSet = new EncryptedLeaseSet();
String secret = session.getOptions().getProperty(PROP_SECRET);
if (secret != null) {
secret = DataHelper.getUTF8(Base64.decode(secret));
encls2.setSecret(secret);
}
leaseSet = encls2;
} else if (_ls2Type == DatabaseEntry.KEY_TYPE_META_LS2) { } else if (_ls2Type == DatabaseEntry.KEY_TYPE_META_LS2) {
leaseSet = new MetaLeaseSet(); leaseSet = new MetaLeaseSet();
} else { } else {
@ -174,6 +168,15 @@ class RequestLeaseSetMessageHandler extends HandlerImpl {
* @since 0.9.7 * @since 0.9.7
*/ */
protected synchronized void signLeaseSet(LeaseSet leaseSet, boolean isLS2, I2PSessionImpl session) { protected synchronized void signLeaseSet(LeaseSet leaseSet, boolean isLS2, I2PSessionImpl session) {
// must be before setDestination()
if (isLS2 && _ls2Type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) {
String secret = session.getOptions().getProperty(PROP_SECRET);
if (secret != null) {
EncryptedLeaseSet encls2 = (EncryptedLeaseSet) leaseSet;
secret = DataHelper.getUTF8(Base64.decode(secret));
encls2.setSecret(secret);
}
}
Destination dest = session.getMyDestination(); Destination dest = session.getMyDestination();
// also, if this session is connected to multiple routers, include other leases here // also, if this session is connected to multiple routers, include other leases here
leaseSet.setDestination(dest); leaseSet.setDestination(dest);

2
core/java/src/net/i2p/client/impl/RequestVariableLeaseSetMessageHandler.java
View File

@ -58,7 +58,7 @@ class RequestVariableLeaseSetMessageHandler extends RequestLeaseSetMessageHandle
} else { } else {
leaseSet = new LeaseSet(); leaseSet = new LeaseSet();
} }
// Full Meta and Encrypted support TODO // Full Meta support TODO
for (int i = 0; i < msg.getEndpoints(); i++) { for (int i = 0; i < msg.getEndpoints(); i++) {
Lease lease; Lease lease;
if (isLS2) { if (isLS2) {

2
core/java/src/net/i2p/crypto/Blinding.java
View File

@ -327,7 +327,7 @@ public final class Blinding {
SigningPrivateKey priv = (SigningPrivateKey) keys[1]; SigningPrivateKey priv = (SigningPrivateKey) keys[1];
I2PAppContext ctx = I2PAppContext.getGlobalContext(); I2PAppContext ctx = I2PAppContext.getGlobalContext();
//String b32 = encode(pub, null); //String b32 = encode(pub, null);
String b32 = encode(pub, "foobarbaz"); String b32 = encode(pub, true, false);
System.out.println("pub b32 is " + b32); System.out.println("pub b32 is " + b32);
BlindData bd = decode(ctx, b32); BlindData bd = decode(ctx, b32);
if (bd.getBlindedPubKey().equals(pub)) if (bd.getBlindedPubKey().equals(pub))

26
core/java/src/net/i2p/data/EncryptedLeaseSet.java
View File

@ -42,6 +42,8 @@ public class EncryptedLeaseSet extends LeaseSet2 {
private String _secret; private String _secret;
private PrivateKey _clientPrivateKey; private PrivateKey _clientPrivateKey;
private final Log _log; private final Log _log;
// debug
private int _authType, _numKeys;
private static final int MIN_ENCRYPTED_SIZE = 8 + 16; private static final int MIN_ENCRYPTED_SIZE = 8 + 16;
private static final int MAX_ENCRYPTED_SIZE = 4096; private static final int MAX_ENCRYPTED_SIZE = 4096;
@ -74,11 +76,17 @@ public class EncryptedLeaseSet extends LeaseSet2 {
/** /**
* Must be set before sign or verify. * Must be set before sign or verify.
* Must be called before setDestination() or setSigningKey(), or alpha will be wrong.
* *
* @param secret null or "" for none (default) * @param secret null or "" for none (default)
* @since 0.9.39 * @since 0.9.39
*/ */
public void setSecret(String secret) { public void setSecret(String secret) {
if (_signingKey != null && !DataHelper.eq(secret, _secret)) {
if (_log.shouldWarn())
_log.warn("setSecret() after setSigningKey()" +
" was: " + _secret + " now: " + secret);
}
_secret = secret; _secret = secret;
} }
@ -128,7 +136,8 @@ public class EncryptedLeaseSet extends LeaseSet2 {
} }
/** /**
* Overridden to set the blinded key * Overridden to set the blinded key.
* setSecret() MUST be called before this for non-null secret, or alpha will be wrong.
* *
* @param dest non-null, must be EdDSA_SHA512_Ed25519 or RedDSA_SHA512_Ed25519 * @param dest non-null, must be EdDSA_SHA512_Ed25519 or RedDSA_SHA512_Ed25519
* @throws IllegalStateException if already signed * @throws IllegalStateException if already signed
@ -147,7 +156,8 @@ public class EncryptedLeaseSet extends LeaseSet2 {
} }
/** /**
* Overridden to set the blinded key * Overridden to set the blinded key.
* setSecret() MUST be called before this for non-null secret, or alpha will be wrong.
* *
* @param spk unblinded key non-null, must be EdDSA_SHA512_Ed25519 or RedDSA_SHA512_Ed25519 * @param spk unblinded key non-null, must be EdDSA_SHA512_Ed25519 or RedDSA_SHA512_Ed25519
* @throws IllegalStateException if already signed * @throws IllegalStateException if already signed
@ -156,7 +166,6 @@ public class EncryptedLeaseSet extends LeaseSet2 {
*/ */
@Override @Override
public void setSigningKey(SigningPublicKey spk) { public void setSigningKey(SigningPublicKey spk) {
// TODO already-set checks
SigType type = spk.getType(); SigType type = spk.getType();
if (type != SigType.EdDSA_SHA512_Ed25519 && if (type != SigType.EdDSA_SHA512_Ed25519 &&
type != SigType.RedDSA_SHA512_Ed25519) type != SigType.RedDSA_SHA512_Ed25519)
@ -192,6 +201,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
if (_log.shouldDebug()) if (_log.shouldDebug())
_log.debug("Blind:" + _log.debug("Blind:" +
"\norig: " + spk + "\norig: " + spk +
"\nsecret: " + _secret +
"\nalpha: " + _alpha + "\nalpha: " + _alpha +
"\nblinded: " + rv); "\nblinded: " + rv);
return rv; return rv;
@ -415,12 +425,14 @@ public class EncryptedLeaseSet extends LeaseSet2 {
// use first 12 bytes only // use first 12 bytes only
byte[] iv = new byte[32]; byte[] iv = new byte[32];
int authLen; int authLen;
_authType = authType; // debug
if (authType == BlindData.AUTH_NONE) { if (authType == BlindData.AUTH_NONE) {
authLen = 1; authLen = 1;
} else if (authType == BlindData.AUTH_DH || } else if (authType == BlindData.AUTH_DH ||
authType == BlindData.AUTH_PSK) { authType == BlindData.AUTH_PSK) {
if (clientKeys == null || clientKeys.isEmpty()) if (clientKeys == null || clientKeys.isEmpty())
throw new IllegalArgumentException("No client keys provided"); throw new IllegalArgumentException("No client keys provided");
_numKeys = clientKeys.size(); // debug
authLen = 1 + SALT_LEN + 2 + (clientKeys.size() * CLIENT_LEN); authLen = 1 + SALT_LEN + 2 + (clientKeys.size() * CLIENT_LEN);
} else { } else {
throw new IllegalArgumentException("Bad auth type " + authType); throw new IllegalArgumentException("Bad auth type " + authType);
@ -609,6 +621,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
} }
int authType = plaintext[0] & 0x0f; int authType = plaintext[0] & 0x0f;
_authType = authType; // debug
int authLen; int authLen;
if (authType == BlindData.AUTH_NONE) { if (authType == BlindData.AUTH_NONE) {
authLen = 1; authLen = 1;
@ -622,6 +635,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
byte[] seed = new byte[32]; byte[] seed = new byte[32];
System.arraycopy(plaintext, 1, seed, 0, 32); System.arraycopy(plaintext, 1, seed, 0, 32);
int count = (int) DataHelper.fromLong(plaintext, 33, 2); int count = (int) DataHelper.fromLong(plaintext, 33, 2);
_numKeys = count; // debug
if (count == 0) if (count == 0)
throw new DataFormatException("No client entries"); throw new DataFormatException("No client entries");
authLen = 1 + SALT_LEN + 2 + (count * CLIENT_LEN); authLen = 1 + SALT_LEN + 2 + (count * CLIENT_LEN);
@ -948,7 +962,13 @@ public class EncryptedLeaseSet extends LeaseSet2 {
buf.append("\n\tSignature: ").append(_signature); buf.append("\n\tSignature: ").append(_signature);
buf.append("\n\tPublished: ").append(new java.util.Date(_published)); buf.append("\n\tPublished: ").append(new java.util.Date(_published));
buf.append("\n\tExpires: ").append(new java.util.Date(_expires)); buf.append("\n\tExpires: ").append(new java.util.Date(_expires));
buf.append("\n\tAuth Type: ").append(_authType);
buf.append("\n\tClient Keys: ").append(_numKeys);
if (_decryptedLS2 != null) { if (_decryptedLS2 != null) {
if (_secret != null)
buf.append("\n\tSecret: ").append(_secret);
if (_clientPrivateKey != null)
buf.append("\n\tClient Private Key: ").append(_clientPrivateKey.toBase64());
buf.append("\n\tDecrypted LS:\n").append(_decryptedLS2); buf.append("\n\tDecrypted LS:\n").append(_decryptedLS2);
} else if (_destination != null) { } else if (_destination != null) {
buf.append("\n\tDestination: ").append(_destination); buf.append("\n\tDestination: ").append(_destination);

13
history.txt
View File

@ -1,3 +1,16 @@
2019-05-29 zzz
* I2CP: Fix bugs with lookup password
* Util: Store save time in config files
2019-05-28 zzz
* Console: Form handling on /configkeyring for LS2
2019-05-27 zzz
* Console: Start rework of /configkeyring for LS2
2019-05-26 zzz
* I2CP: Add per-client auth to generated leaseset
2019-05-24 zzz 2019-05-24 zzz
* i2ptunnel: * i2ptunnel:
- Per-client auth config - Per-client auth config

2
router/java/src/net/i2p/router/RouterVersion.java
View File

@ -18,7 +18,7 @@ public class RouterVersion {
/** deprecated */ /** deprecated */
public final static String ID = "Monotone"; public final static String ID = "Monotone";
public final static String VERSION = CoreVersion.VERSION; public final static String VERSION = CoreVersion.VERSION;
public final static long BUILD = 6; public final static long BUILD = 7;
/** for example "-test" */ /** for example "-test" */
public final static String EXTRA = ""; public final static String EXTRA = "";

13
router/java/src/net/i2p/router/client/ClientMessageEventListener.java
View File

@ -551,6 +551,13 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
Destination dest = cfg.getDestination(); Destination dest = cfg.getDestination();
if (type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) { if (type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) {
// so we can decrypt it // so we can decrypt it
// secret must be set before destination
String secret = cfg.getOptions().getProperty("i2cp.leaseSetSecret");
if (secret != null) {
EncryptedLeaseSet encls = (EncryptedLeaseSet) ls;
secret = DataHelper.getUTF8(Base64.decode(secret));
encls.setSecret(secret);
}
try { try {
ls.setDestination(dest); ls.setDestination(dest);
} catch (RuntimeException re) { } catch (RuntimeException re) {
@ -652,12 +659,6 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
_runner.disconnectClient("Duplicate hash of encrypted LS2"); _runner.disconnectClient("Duplicate hash of encrypted LS2");
return; return;
} }
String secret = cfg.getOptions().getProperty("i2cp.leaseSetSecret");
if (secret != null) {
EncryptedLeaseSet encls = (EncryptedLeaseSet) ls;
secret = DataHelper.getUTF8(Base64.decode(secret));
encls.setSecret(secret);
}
} }
if (_log.shouldDebug()) if (_log.shouldDebug())
_log.debug("Publishing: " + ls); _log.debug("Publishing: " + ls);

8
router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java
View File

@ -946,16 +946,16 @@ public abstract class KademliaNetworkDatabaseFacade extends NetworkDatabaseFacad
if (_log.shouldWarn()) if (_log.shouldWarn())
_log.warn("Found blind data for encls: " + bd); _log.warn("Found blind data for encls: " + bd);
encls = (EncryptedLeaseSet) leaseSet; encls = (EncryptedLeaseSet) leaseSet;
// secret must be set before destination
String secret = bd.getSecret();
if (secret != null)
encls.setSecret(secret);
Destination dest = bd.getDestination(); Destination dest = bd.getDestination();
if (dest != null) { if (dest != null) {
encls.setDestination(dest); encls.setDestination(dest);
} else { } else {
encls.setSigningKey(bd.getUnblindedPubKey()); encls.setSigningKey(bd.getUnblindedPubKey());
} }
// secret
String secret = bd.getSecret();
if (secret != null)
encls.setSecret(secret);
// per-client auth // per-client auth
if (bd.getAuthType() != BlindData.AUTH_NONE) if (bd.getAuthType() != BlindData.AUTH_NONE)
encls.setClientPrivateKey(bd.getAuthPrivKey()); encls.setClientPrivateKey(bd.getAuthPrivKey());