From 47c64c2eef09dd8865a12f1d9e70c6131424c68c Mon Sep 17 00:00:00 2001 From: zzz Date: Thu, 23 May 2019 13:22:29 +0000 Subject: [PATCH] i2ptunnel: Rework server encryption key UI in prep for blinded keys Remove generate button, automatically generate when required Refactor auto configuration --- .../net/i2p/i2ptunnel/ui/TunnelConfig.java | 173 +++++++++++------- .../src/net/i2p/i2ptunnel/web/IndexBean.java | 7 +- apps/i2ptunnel/jsp/editServer.jsi | 30 +-- 3 files changed, 127 insertions(+), 83 deletions(-) diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/TunnelConfig.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/TunnelConfig.java index 8bd79d7295..f3ecb2fffa 100644 --- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/TunnelConfig.java +++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/TunnelConfig.java @@ -655,72 +655,7 @@ public class TunnelConfig { if (_otherOptions.containsKey(p)) config.setProperty(OPT + p, _otherOptions.get(p)); } - - switch (_encryptMode) { - case 0: // none - default: - config.remove(OPT + "i2cp.leaseSetSecret"); - if ("5".equals(config.get(OPT + "i2cp.leaseSetType"))) - config.remove(OPT + "i2cp.leaseSetType"); - break; - - case 1: // LS1 - config.remove(OPT + "i2cp.leaseSetType"); - config.remove(OPT + "i2cp.leaseSetSecret"); - config.remove(OPT + "i2cp.leaseSetAuthType"); - break; - - case 2: // blinded - config.put(OPT + "i2cp.leaseSetType", "5"); - config.remove(OPT + "i2cp.leaseSetSecret"); - config.remove(OPT + "i2cp.leaseSetAuthType"); - break; - - case 3: // blinded + secret - config.put(OPT + "i2cp.leaseSetType", "5"); - config.remove(OPT + "i2cp.leaseSetAuthType"); - break; - - case 4: // blinded, shared key (implicit PSK) - config.put(OPT + "i2cp.leaseSetType", "5"); - config.remove(OPT + "i2cp.leaseSetSecret"); - config.put(OPT + "i2cp.leaseSetAuthType", "2"); - break; - - case 5: // blinded, secret, shared key (implicit PSK) - config.put(OPT + "i2cp.leaseSetType", "5"); - config.put(OPT + "i2cp.leaseSetAuthType", "2"); - break; - - case 6: // blinded, per-client PSK - config.put(OPT + "i2cp.leaseSetType", "5"); - config.remove(OPT + "i2cp.leaseSetSecret"); - config.put(OPT + "i2cp.leaseSetAuthType", "2"); - break; - - case 7: // blinded, secret, per-client PSK - config.put(OPT + "i2cp.leaseSetType", "5"); - config.put(OPT + "i2cp.leaseSetAuthType", "2"); - break; - - case 8: // blinded, per-client DH - config.put(OPT + "i2cp.leaseSetType", "5"); - config.remove(OPT + "i2cp.leaseSetSecret"); - config.put(OPT + "i2cp.leaseSetAuthType", "1"); - break; - - case 9: // blinded, secret, per-client DH - config.put(OPT + "i2cp.leaseSetType", "5"); - config.put(OPT + "i2cp.leaseSetAuthType", "1"); - break; - - case 10: // none (LS2) - config.put(OPT + "i2cp.leaseSetType", "3"); - config.remove(OPT + "i2cp.leaseSetSecret"); - config.remove(OPT + "i2cp.leaseSetAuthType"); - break; - - } + processEncryptMode(config); } // override bundle setting set above @@ -845,6 +780,112 @@ public class TunnelConfig { return config; } + + /** + * Servers only. + * @since 0.9.41 pulled out from getConfig() above + */ + private void processEncryptMode(Properties config) { + switch (_encryptMode) { + case 0: // none + default: + config.remove(OPT + "i2cp.leaseSetSecret"); + config.remove(OPT + "i2cp.leaseSetType"); + config.remove(OPT + "i2cp.leaseSetKey"); + config.remove(OPT + "i2cp.leaseSetPrivKey"); + break; + + case 10: // none (LS2) + config.put(OPT + "i2cp.leaseSetType", "3"); + config.remove(OPT + "i2cp.leaseSetSecret"); + config.remove(OPT + "i2cp.leaseSetAuthType"); + config.remove(OPT + "i2cp.leaseSetKey"); + config.remove(OPT + "i2cp.leaseSetPrivKey"); + break; + + case 1: // encrypted LS1 + addLeaseSetPrivKey(config, false); + config.remove(OPT + "i2cp.leaseSetSecret"); + config.remove(OPT + "i2cp.leaseSetAuthType"); + break; + + case 2: // blinded + config.put(OPT + "i2cp.leaseSetType", "5"); + config.remove(OPT + "i2cp.leaseSetSecret"); + config.remove(OPT + "i2cp.leaseSetAuthType"); + config.remove(OPT + "i2cp.leaseSetKey"); + config.remove(OPT + "i2cp.leaseSetPrivKey"); + break; + + case 3: // blinded + secret + config.put(OPT + "i2cp.leaseSetType", "5"); + config.remove(OPT + "i2cp.leaseSetAuthType"); + config.remove(OPT + "i2cp.leaseSetKey"); + config.remove(OPT + "i2cp.leaseSetPrivKey"); + break; + + case 4: // blinded, shared key (implicit PSK) + addLeaseSetPrivKey(config, true); + config.remove(OPT + "i2cp.leaseSetSecret"); + config.put(OPT + "i2cp.leaseSetAuthType", "2"); + break; + + case 5: // blinded, secret, shared key (implicit PSK) + addLeaseSetPrivKey(config, true); + config.put(OPT + "i2cp.leaseSetAuthType", "2"); + break; + + case 6: // blinded, per-client PSK + addLeaseSetPrivKey(config, true); + config.remove(OPT + "i2cp.leaseSetSecret"); + config.put(OPT + "i2cp.leaseSetAuthType", "2"); + break; + + case 7: // blinded, secret, per-client PSK + addLeaseSetPrivKey(config, true); + config.put(OPT + "i2cp.leaseSetAuthType", "2"); + break; + + case 8: // blinded, per-client DH + addLeaseSetPrivKey(config, true); + config.remove(OPT + "i2cp.leaseSetSecret"); + config.put(OPT + "i2cp.leaseSetAuthType", "1"); + break; + + case 9: // blinded, secret, per-client DH + addLeaseSetPrivKey(config, true); + config.put(OPT + "i2cp.leaseSetAuthType", "1"); + break; + + } + } + + /** + * Servers only. + * Also sets/clears i2cp.leaseSetType + * @since 0.9.41 + */ + private void addLeaseSetPrivKey(Properties config, boolean isBlinded) { + // LS1 is AES, blinded is X25519, both are 32 random bytes. + // we always store in i2cp.leaseSetKey where the UI can find it. + // if blinded, we also store in i2cp.leaseSetPrivKey + String opt = OPT + "i2cp.leaseSetKey"; + String bopt = OPT + "i2cp.leaseSetPrivKey"; + String b64 = config.getProperty(opt); + if (b64 == null) { + byte[] data = new byte[32]; + _context.random().nextBytes(data); + b64 = Base64.encode(data); + config.setProperty(opt, b64); + } + if (isBlinded) { + config.setProperty(bopt, b64); + config.put(OPT + "i2cp.leaseSetType", "5"); + } else { + config.remove(bopt); + config.remove(OPT + "i2cp.leaseSetType"); + } + } private static final String _noShowOpts[] = { "inbound.length", "outbound.length", "inbound.lengthVariance", "outbound.lengthVariance", diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java index 249b727a40..0425e6e34d 100644 --- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java +++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java @@ -20,6 +20,7 @@ import net.i2p.I2PException; import net.i2p.app.ClientAppManager; import net.i2p.app.Outproxy; import net.i2p.crypto.Blinding; +import net.i2p.data.Base64; import net.i2p.data.Certificate; import net.i2p.data.DataHelper; import net.i2p.data.Destination; @@ -1285,11 +1286,11 @@ public class IndexBean { } byte[] data = new byte[SessionKey.KEYSIZE_BYTES]; _context.random().nextBytes(data); - SessionKey sk = new SessionKey(data); - setEncryptKey(sk.toBase64()); + String b64 = Base64.encode(data); + setEncryptKey(b64); setEncrypt(""); saveChanges(); - return "New Leaseset Encryption Key: " + sk.toBase64(); + return "New Leaseset Encryption Key: " + b64; } /** diff --git a/apps/i2ptunnel/jsp/editServer.jsi b/apps/i2ptunnel/jsp/editServer.jsi index 0312a74a91..b353d9c3bd 100644 --- a/apps/i2ptunnel/jsp/editServer.jsi +++ b/apps/i2ptunnel/jsp/editServer.jsi @@ -487,26 +487,28 @@ <%=intl._t("Encryption Key")%> - <%=intl._t("Generate New Key")%> (<%=intl._t("Tunnel must be stopped first")%>) - - - - - - - - <% if (allowBlinding && editBean.isAdvanced()) { %> - - <%=intl._t("Optional lookup password")%>: - " value="<%=editBean.getBlindedPassword(curTunnel)%>" class="freetext password" /> - - <% } // allowBlinding +%> + + + + + +<% + if (allowBlinding && editBean.isAdvanced()) { +%> + " value="<%=editBean.getBlindedPassword(curTunnel)%>" class="freetext password" /> +<% + } // allowBlinding +%> + + +<% } // !isOffline %>