echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I2CP: Add support for blinding secret

Browse Source
This commit is contained in:
zzz
2019-03-09 16:40:15 +00:00
parent d6a53cc3a6
commit 5d389c8855
3 changed files with 33 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/java/src/net/i2p/client/impl/RequestLeaseSetMessageHandler.java
View File

@ -65,6 +65,7 @@ class RequestLeaseSetMessageHandler extends HandlerImpl {
// LS 2 // LS 2
public static final String PROP_LS_TYPE = "i2cp.leaseSetType"; public static final String PROP_LS_TYPE = "i2cp.leaseSetType";
private static final String PROP_LS_ENCTYPE = "i2cp.leaseSetEncType"; private static final String PROP_LS_ENCTYPE = "i2cp.leaseSetEncType";
private static final String PROP_SECRET = "i2cp.leaseSetSecret";
public RequestLeaseSetMessageHandler(I2PAppContext context) { public RequestLeaseSetMessageHandler(I2PAppContext context) {
this(context, RequestLeaseSetMessage.MESSAGE_TYPE); this(context, RequestLeaseSetMessage.MESSAGE_TYPE);
@ -123,7 +124,11 @@ class RequestLeaseSetMessageHandler extends HandlerImpl {
if (_ls2Type == DatabaseEntry.KEY_TYPE_LS2) { if (_ls2Type == DatabaseEntry.KEY_TYPE_LS2) {
leaseSet = new LeaseSet2(); leaseSet = new LeaseSet2();
} else if (_ls2Type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) { } else if (_ls2Type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) {
leaseSet = new EncryptedLeaseSet(); EncryptedLeaseSet encls2 = new EncryptedLeaseSet();
String secret = session.getOptions().getProperty(PROP_SECRET);
if (secret != null)
encls2.setSecret(secret);
leaseSet = encls2;
} else if (_ls2Type == DatabaseEntry.KEY_TYPE_META_LS2) { } else if (_ls2Type == DatabaseEntry.KEY_TYPE_META_LS2) {
leaseSet = new MetaLeaseSet(); leaseSet = new MetaLeaseSet();
} else { } else {
@ -136,7 +141,7 @@ class RequestLeaseSetMessageHandler extends HandlerImpl {
} else { } else {
leaseSet = new LeaseSet(); leaseSet = new LeaseSet();
} }
// Full Meta and Encrypted support TODO // Full Meta support TODO
for (int i = 0; i < msg.getEndpoints(); i++) { for (int i = 0; i < msg.getEndpoints(); i++) {
Lease lease; Lease lease;
if (_ls2Type == DatabaseEntry.KEY_TYPE_META_LS2) { if (_ls2Type == DatabaseEntry.KEY_TYPE_META_LS2) {

27
core/java/src/net/i2p/data/EncryptedLeaseSet.java
View File

@ -22,6 +22,8 @@ import net.i2p.util.Log;
* *
* PRELIMINARY - Subject to change - see proposal 123 * PRELIMINARY - Subject to change - see proposal 123
* *
* Per-client auth TODO
*
* @since 0.9.38 * @since 0.9.38
*/ */
public class EncryptedLeaseSet extends LeaseSet2 { public class EncryptedLeaseSet extends LeaseSet2 {
@ -31,6 +33,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
private LeaseSet2 _decryptedLS2; private LeaseSet2 _decryptedLS2;
private Hash __calculatedHash; private Hash __calculatedHash;
private SigningPrivateKey _alpha; private SigningPrivateKey _alpha;
private String _secret;
private final Log _log; private final Log _log;
private static final int MIN_ENCRYPTED_SIZE = 8 + 16; private static final int MIN_ENCRYPTED_SIZE = 8 + 16;
@ -56,6 +59,16 @@ public class EncryptedLeaseSet extends LeaseSet2 {
return _decryptedLS2; return _decryptedLS2;
} }
/**
* Must be set before sign or verify.
*
* @param secret null or "" for none (default)
* @since 0.9.39
*/
public void setSecret(String secret) {
_secret = secret;
}
///// overrides below here ///// overrides below here
@Override @Override
@ -84,6 +97,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
* @return null if not decrypted. * @return null if not decrypted.
* @since 0.9.39 * @since 0.9.39
*/ */
@Override
public List<PublicKey> getEncryptionKeys() { public List<PublicKey> getEncryptionKeys() {
if (_decryptedLS2 != null) if (_decryptedLS2 != null)
return _decryptedLS2.getEncryptionKeys(); return _decryptedLS2.getEncryptionKeys();
@ -129,9 +143,9 @@ public class EncryptedLeaseSet extends LeaseSet2 {
SigningPublicKey spk = _destination.getSigningPublicKey(); SigningPublicKey spk = _destination.getSigningPublicKey();
I2PAppContext ctx = I2PAppContext.getGlobalContext(); I2PAppContext ctx = I2PAppContext.getGlobalContext();
if (_published <= 0) if (_published <= 0)
_alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), null); _alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), _secret);
else else
_alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), null, _published); _alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), _secret, _published);
SigningPublicKey rv = Blinding.blind(spk, _alpha); SigningPublicKey rv = Blinding.blind(spk, _alpha);
if (_log.shouldDebug()) if (_log.shouldDebug())
_log.debug("Blind:" + _log.debug("Blind:" +
@ -680,6 +694,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
net.i2p.crypto.KeyPair encKeys2 = net.i2p.crypto.KeyGenerator.getInstance().generatePKIKeys(net.i2p.crypto.EncType.ECIES_X25519); net.i2p.crypto.KeyPair encKeys2 = net.i2p.crypto.KeyGenerator.getInstance().generatePKIKeys(net.i2p.crypto.EncType.ECIES_X25519);
pubKey = encKeys2.getPublic(); pubKey = encKeys2.getPublic();
ls2.addEncryptionKey(pubKey); ls2.addEncryptionKey(pubKey);
ls2.setSecret("foobar");
SigningPrivateKey spk = pkf.getSigningPrivKey(); SigningPrivateKey spk = pkf.getSigningPrivKey();
if (offline) { if (offline) {
now += 365*24*60*60*1000L; now += 365*24*60*60*1000L;
@ -692,7 +707,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
} else { } else {
ls2.sign(spk); ls2.sign(spk);
} }
System.out.println("Created: " + ls2); System.out.println("\nCreated: " + ls2);
if (!ls2.verifySignature()) { if (!ls2.verifySignature()) {
System.out.println("Verify FAILED"); System.out.println("Verify FAILED");
return; return;
@ -703,11 +718,11 @@ public class EncryptedLeaseSet extends LeaseSet2 {
ls2.writeBytes(out2); ls2.writeBytes(out2);
out2.close(); out2.close();
java.io.ByteArrayInputStream in = new java.io.ByteArrayInputStream(out.toByteArray()); java.io.ByteArrayInputStream in = new java.io.ByteArrayInputStream(out.toByteArray());
System.out.println("Size calculated: " + (ls2.size() + ls2.getSignature().length())); System.out.println("\nSize calculated: " + (ls2.size() + ls2.getSignature().length()));
System.out.println("Size to read in: " + in.available()); System.out.println("\nSize to read in: " + in.available());
EncryptedLeaseSet ls3 = new EncryptedLeaseSet(); EncryptedLeaseSet ls3 = new EncryptedLeaseSet();
ls3.readBytes(in); ls3.readBytes(in);
System.out.println("Read back: " + ls3); System.out.println("\nRead back: " + ls3);
// required to decrypt // required to decrypt
ls3.setDestination(pkf.getDestination()); ls3.setDestination(pkf.getDestination());
if (!ls3.verifySignature()) if (!ls3.verifySignature())

5
router/java/src/net/i2p/router/client/ClientMessageEventListener.java
View File

@ -642,6 +642,11 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
_runner.disconnectClient("Duplicate hash of encrypted LS2"); _runner.disconnectClient("Duplicate hash of encrypted LS2");
return; return;
} }
String secret = cfg.getOptions().getProperty("i2cp.leaseSetSecret");
if (secret != null) {
EncryptedLeaseSet encls = (EncryptedLeaseSet) ls;
encls.setSecret(secret);
}
} }
if (_log.shouldDebug()) if (_log.shouldDebug())
_log.debug("Publishing: " + ls); _log.debug("Publishing: " + ls);