echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

i2ptunnel: Rework server encryption key UI in prep for blinded keys

Browse Source 
Remove generate button, automatically generate when required
Refactor auto configuration
This commit is contained in:
zzz
2019-05-23 13:22:29 +00:00
parent 7bdfd071ae
commit 47c64c2eef
3 changed files with 127 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

173
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/TunnelConfig.java
View File

@ -655,72 +655,7 @@ public class TunnelConfig {
if (_otherOptions.containsKey(p)) if (_otherOptions.containsKey(p))
config.setProperty(OPT + p, _otherOptions.get(p)); config.setProperty(OPT + p, _otherOptions.get(p));
} }
processEncryptMode(config);
switch (_encryptMode) {
case 0: // none
default:
config.remove(OPT + "i2cp.leaseSetSecret");
if ("5".equals(config.get(OPT + "i2cp.leaseSetType")))
config.remove(OPT + "i2cp.leaseSetType");
break;
case 1: // LS1
config.remove(OPT + "i2cp.leaseSetType");
config.remove(OPT + "i2cp.leaseSetSecret");
config.remove(OPT + "i2cp.leaseSetAuthType");
break;
case 2: // blinded
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetSecret");
config.remove(OPT + "i2cp.leaseSetAuthType");
break;
case 3: // blinded + secret
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetAuthType");
break;
case 4: // blinded, shared key (implicit PSK)
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetSecret");
config.put(OPT + "i2cp.leaseSetAuthType", "2");
break;
case 5: // blinded, secret, shared key (implicit PSK)
config.put(OPT + "i2cp.leaseSetType", "5");
config.put(OPT + "i2cp.leaseSetAuthType", "2");
break;
case 6: // blinded, per-client PSK
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetSecret");
config.put(OPT + "i2cp.leaseSetAuthType", "2");
break;
case 7: // blinded, secret, per-client PSK
config.put(OPT + "i2cp.leaseSetType", "5");
config.put(OPT + "i2cp.leaseSetAuthType", "2");
break;
case 8: // blinded, per-client DH
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetSecret");
config.put(OPT + "i2cp.leaseSetAuthType", "1");
break;
case 9: // blinded, secret, per-client DH
config.put(OPT + "i2cp.leaseSetType", "5");
config.put(OPT + "i2cp.leaseSetAuthType", "1");
break;
case 10: // none (LS2)
config.put(OPT + "i2cp.leaseSetType", "3");
config.remove(OPT + "i2cp.leaseSetSecret");
config.remove(OPT + "i2cp.leaseSetAuthType");
break;
}
} }
// override bundle setting set above // override bundle setting set above
@ -845,6 +780,112 @@ public class TunnelConfig {
return config; return config;
} }
/**
* Servers only.
* @since 0.9.41 pulled out from getConfig() above
*/
private void processEncryptMode(Properties config) {
switch (_encryptMode) {
case 0: // none
default:
config.remove(OPT + "i2cp.leaseSetSecret");
config.remove(OPT + "i2cp.leaseSetType");
config.remove(OPT + "i2cp.leaseSetKey");
config.remove(OPT + "i2cp.leaseSetPrivKey");
break;
case 10: // none (LS2)
config.put(OPT + "i2cp.leaseSetType", "3");
config.remove(OPT + "i2cp.leaseSetSecret");
config.remove(OPT + "i2cp.leaseSetAuthType");
config.remove(OPT + "i2cp.leaseSetKey");
config.remove(OPT + "i2cp.leaseSetPrivKey");
break;
case 1: // encrypted LS1
addLeaseSetPrivKey(config, false);
config.remove(OPT + "i2cp.leaseSetSecret");
config.remove(OPT + "i2cp.leaseSetAuthType");
break;
case 2: // blinded
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetSecret");
config.remove(OPT + "i2cp.leaseSetAuthType");
config.remove(OPT + "i2cp.leaseSetKey");
config.remove(OPT + "i2cp.leaseSetPrivKey");
break;
case 3: // blinded + secret
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetAuthType");
config.remove(OPT + "i2cp.leaseSetKey");
config.remove(OPT + "i2cp.leaseSetPrivKey");
break;
case 4: // blinded, shared key (implicit PSK)
addLeaseSetPrivKey(config, true);
config.remove(OPT + "i2cp.leaseSetSecret");
config.put(OPT + "i2cp.leaseSetAuthType", "2");
break;
case 5: // blinded, secret, shared key (implicit PSK)
addLeaseSetPrivKey(config, true);
config.put(OPT + "i2cp.leaseSetAuthType", "2");
break;
case 6: // blinded, per-client PSK
addLeaseSetPrivKey(config, true);
config.remove(OPT + "i2cp.leaseSetSecret");
config.put(OPT + "i2cp.leaseSetAuthType", "2");
break;
case 7: // blinded, secret, per-client PSK
addLeaseSetPrivKey(config, true);
config.put(OPT + "i2cp.leaseSetAuthType", "2");
break;
case 8: // blinded, per-client DH
addLeaseSetPrivKey(config, true);
config.remove(OPT + "i2cp.leaseSetSecret");
config.put(OPT + "i2cp.leaseSetAuthType", "1");
break;
case 9: // blinded, secret, per-client DH
addLeaseSetPrivKey(config, true);
config.put(OPT + "i2cp.leaseSetAuthType", "1");
break;
}
}
/**
* Servers only.
* Also sets/clears i2cp.leaseSetType
* @since 0.9.41
*/
private void addLeaseSetPrivKey(Properties config, boolean isBlinded) {
// LS1 is AES, blinded is X25519, both are 32 random bytes.
// we always store in i2cp.leaseSetKey where the UI can find it.
// if blinded, we also store in i2cp.leaseSetPrivKey
String opt = OPT + "i2cp.leaseSetKey";
String bopt = OPT + "i2cp.leaseSetPrivKey";
String b64 = config.getProperty(opt);
if (b64 == null) {
byte[] data = new byte[32];
_context.random().nextBytes(data);
b64 = Base64.encode(data);
config.setProperty(opt, b64);
}
if (isBlinded) {
config.setProperty(bopt, b64);
config.put(OPT + "i2cp.leaseSetType", "5");
} else {
config.remove(bopt);
config.remove(OPT + "i2cp.leaseSetType");
}
}
private static final String _noShowOpts[] = { private static final String _noShowOpts[] = {
"inbound.length", "outbound.length", "inbound.lengthVariance", "outbound.lengthVariance", "inbound.length", "outbound.length", "inbound.lengthVariance", "outbound.lengthVariance",

7
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java
View File

@ -20,6 +20,7 @@ import net.i2p.I2PException;
import net.i2p.app.ClientAppManager; import net.i2p.app.ClientAppManager;
import net.i2p.app.Outproxy; import net.i2p.app.Outproxy;
import net.i2p.crypto.Blinding; import net.i2p.crypto.Blinding;
import net.i2p.data.Base64;
import net.i2p.data.Certificate; import net.i2p.data.Certificate;
import net.i2p.data.DataHelper; import net.i2p.data.DataHelper;
import net.i2p.data.Destination; import net.i2p.data.Destination;
@ -1285,11 +1286,11 @@ public class IndexBean {
} }
byte[] data = new byte[SessionKey.KEYSIZE_BYTES]; byte[] data = new byte[SessionKey.KEYSIZE_BYTES];
_context.random().nextBytes(data); _context.random().nextBytes(data);
SessionKey sk = new SessionKey(data); String b64 = Base64.encode(data);
setEncryptKey(sk.toBase64()); setEncryptKey(b64);
setEncrypt(""); setEncrypt("");
saveChanges(); saveChanges();
return "New Leaseset Encryption Key: " + sk.toBase64(); return "New Leaseset Encryption Key: " + b64;
} }
/** /**

30
apps/i2ptunnel/jsp/editServer.jsi
View File

@ -487,26 +487,28 @@
<td> <td>
<b><%=intl._t("Encryption Key")%></b> <b><%=intl._t("Encryption Key")%></b>
</td><td> </td><td>
<b><%=intl._t("Generate New Key")%></b> (<%=intl._t("Tunnel must be stopped first")%>)
</td>
</tr><tr>
<td>
<textarea rows="1" style="height: 3em;" cols="44" id="leasesetKey" name="encryptKey" title="<%=intl._t("Encryption key required to access this service")%>" wrap="off" spellcheck="false"><%=editBean.getEncryptKey(curTunnel)%></textarea>
</td><td>
<button class="control" type="submit" name="action" value="Generate" title="<%=intl._t("Generate new encryption key")%>"><%=intl._t("Generate")%></button>
</td>
</tr>
<% <%
if (allowBlinding && editBean.isAdvanced()) { if (allowBlinding && editBean.isAdvanced()) {
%> %>
<tr>
<td>
<b><%=intl._t("Optional lookup password")%>:</b> <b><%=intl._t("Optional lookup password")%>:</b>
<input type="password" name="nofilter_blindedPassword" title="<%=intl._t("Set password required to access this service")%>" value="<%=editBean.getBlindedPassword(curTunnel)%>" class="freetext password" />
</td><td> </td>
</tr>
<% <%
} // allowBlinding } // allowBlinding
%>
</td>
</tr><tr>
<td>
<textarea rows="1" style="height: 3em;" cols="44" id="leasesetKey" name="encryptKey" title="<%=intl._t("Encryption key required to access this service")%>" wrap="off" readonly="readonly"><%=editBean.getEncryptKey(curTunnel)%></textarea>
</td><td>
<%
if (allowBlinding && editBean.isAdvanced()) {
%>
<input type="password" name="nofilter_blindedPassword" title="<%=intl._t("Set password required to access this service")%>" value="<%=editBean.getBlindedPassword(curTunnel)%>" class="freetext password" />
<%
} // allowBlinding
%>
</td>
</tr>
<%
} // !isOffline } // !isOffline
%> %>
<tr> <tr>