echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Data: Update Encrypted LS2 blinding and encryption to match current proposal 123

Browse Source 
Hide b32 in console for encrypted LS2
This commit is contained in:
zzz
2019-03-05 15:43:23 +00:00
parent bfafdd34be
commit 10bae6a07b
5 changed files with 61 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
core/java/src/net/i2p/crypto/Blinding.java
View File

@ -27,6 +27,7 @@ public final class Blinding {
private static final SigType TYPE = SigType.EdDSA_SHA512_Ed25519;
private static final SigType TYPER = SigType.RedDSA_SHA512_Ed25519;
private static final String INFO = "i2pblinding1";
private static final byte[] INFO_ALPHA = DataHelper.getASCII("I2PGenerateAlpha");
// following copied from RouterKeyGenerator
private static final String FORMAT = "yyyyMMdd";
@ -112,16 +113,16 @@ public final class Blinding {
* Generate alpha for current time.
* Only for SigType EdDSA_SHA512_Ed25519.
*
* @param dest spk must be SigType EdDSA_SHA512_Ed25519
* @param destspk must be SigType EdDSA_SHA512_Ed25519
* @param secret may be null or zero-length
* @return SigType RedDSA_SHA512_Ed25519
* @throws UnsupportedOperationException unless supported SigTypes
* @throws IllegalArgumentException on bad inputs
* @since 0.9.39
*/
public static SigningPrivateKey generateAlpha(I2PAppContext ctx, Destination dest, String secret) {
public static SigningPrivateKey generateAlpha(I2PAppContext ctx, SigningPublicKey destspk, String secret) {
long now = ctx.clock().now();
return generateAlpha(ctx, dest, secret, now);
return generateAlpha(ctx, destspk, secret, now);
}
/**
@ -136,7 +137,7 @@ public final class Blinding {
* @throws IllegalArgumentException on bad inputs
* @since 0.9.39
*/
public static SigningPrivateKey generateAlpha(I2PAppContext ctx, Destination dest,
public static SigningPrivateKey generateAlpha(I2PAppContext ctx, SigningPublicKey destspk,
String secret, long now) {
String modVal;
synchronized(_fmt) {
@ -155,7 +156,15 @@ public final class Blinding {
}
HKDF hkdf = new HKDF(ctx);
byte[] out = new byte[64];
hkdf.calculate(dest.getHash().getData(), data, INFO, out, out, 32);
int stoff = INFO_ALPHA.length + destspk.length();
byte[] in = new byte[stoff + 4];
// SHA256("I2PGenerateAlpha" || spk || sigtypein || sigtypeout)
System.arraycopy(INFO_ALPHA, 0, in, 0, INFO_ALPHA.length);
System.arraycopy(destspk.getData(), 0, in, INFO_ALPHA.length, destspk.length());
DataHelper.toLong(in, stoff, 2, destspk.getType().getCode());
DataHelper.toLong(in, stoff + 2, 2, TYPER.getCode());
Hash salt = ctx.sha().calculateHash(in);
hkdf.calculate(salt.getData(), data, INFO, out, out, 32);
byte[] b = EdDSABlinding.reduce(out);
return new SigningPrivateKey(TYPER, b);
}

13
core/java/src/net/i2p/data/EncryptedLeaseSet.java
View File

@ -129,9 +129,9 @@ public class EncryptedLeaseSet extends LeaseSet2 {
SigningPublicKey spk = _destination.getSigningPublicKey();
I2PAppContext ctx = I2PAppContext.getGlobalContext();
if (_published <= 0)
_alpha = Blinding.generateAlpha(ctx, _destination, null);
_alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), null);
else
_alpha = Blinding.generateAlpha(ctx, _destination, null, _published);
_alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), null, _published);
SigningPublicKey rv = Blinding.blind(spk, _alpha);
if (_log.shouldDebug())
_log.debug("Blind:" +
@ -464,7 +464,14 @@ public class EncryptedLeaseSet extends LeaseSet2 {
private byte[] getSubcredential(I2PAppContext ctx) {
if (_destination == null)
throw new IllegalStateException("no known destination to decrypt with");
byte[] credential = hash(ctx, CREDENTIAL, _destination.toByteArray());
SigningPublicKey destspk = _destination.getSigningPublicKey();
int spklen = destspk.length();
byte[] in = new byte[spklen + 4];
// SHA256("credential" || spk || sigtypein || sigtypeout)
System.arraycopy(destspk.getData(), 0, in, 0, spklen);
DataHelper.toLong(in, spklen, 2, destspk.getType().getCode());
DataHelper.toLong(in, spklen + 2, 2, SigType.RedDSA_SHA512_Ed25519.getCode());
byte[] credential = hash(ctx, CREDENTIAL, in);
byte[] spk = _signingKey.getData();
byte[] tmp = new byte[credential.length + spk.length];
System.arraycopy(credential, 0, tmp, 0, credential.length);