Fix creation of Encrypted LS2

Blinded flag bit goes on the inner LS, not the outer
Fix corruption of inner signature
Broken in 0.9.42

core/java/src/net/i2p/data/EncryptedLeaseSet.java

@@ -411,10 +411,6 @@ public class EncryptedLeaseSet extends LeaseSet2 {
         if (_signature == null)
             throw new IllegalStateException("not signed");
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        // inner LS is always unpublished
-        int saveFlags = _flags;
-        setUnpublished();
-        setBlindedWhenPublished();
         try {
             // Inner layer - type - data covered by sig
             baos.write(KEY_TYPE_LS2);
@@ -425,8 +421,6 @@ public class EncryptedLeaseSet extends LeaseSet2 {
             throw new IllegalStateException("Error encrypting LS2", dfe);
         } catch (IOException ioe) {
             throw new IllegalStateException("Error encrypting LS2", ioe);
-        } finally {
-            _flags = saveFlags;
         }
 
         // layer 2 (inner) encryption
@@ -847,14 +841,16 @@ public class EncryptedLeaseSet extends LeaseSet2 {
         // inner LS is always unpublished
         int saveFlags = _flags;
         setUnpublished();
+        setBlindedWhenPublished();
         super.sign(key);
-        _flags = saveFlags;
         if (_log.shouldDebug()) {
+            _log.debug("Created inner: " + super.toString());
             _log.debug("Sign inner with key: " + key.getType() + ' ' + key.toBase64());
             _log.debug("Corresponding pubkey: " + key.toPublic());
             _log.debug("Inner sig: " + _signature.getType() + ' ' + _signature.toBase64());
         }
         encrypt(authType, clientKeys);
+        _flags = saveFlags;
         SigningPrivateKey bkey = Blinding.blind(key, _alpha);
         int len = size();
         ByteArrayOutputStream out = new ByteArrayOutputStream(1 + len);

core/java/src/net/i2p/data/LeaseSet2.java

@@ -88,7 +88,12 @@ public class LeaseSet2 extends LeaseSet {
         return (_flags & FLAG_UNPUBLISHED) != 0;
     }
 
+    /**
+     *  @throws IllegalStateException if already signed
+     */
     public void setUnpublished() {
+        if (_signature != null && (_flags & FLAG_UNPUBLISHED) == 0)
+            throw new IllegalStateException();
         _flags |= FLAG_UNPUBLISHED;
     }
 
@@ -102,9 +107,12 @@ public class LeaseSet2 extends LeaseSet {
 
     /**
      *  Set if the unencrypted LS, when published, will be blinded/encrypted
+     *  @throws IllegalStateException if already signed
      *  @since 0.9.42
      */
     public void setBlindedWhenPublished() {
+        if (_signature != null && (_flags & FLAG_BLINDED) == 0)
+            throw new IllegalStateException();
         _flags |= FLAG_BLINDED;
     }
     
@@ -251,8 +259,11 @@ public class LeaseSet2 extends LeaseSet {
      *  @param transientSPK the key that will sign the leaseset
      *  @param offlineSig the signature by the spk in the destination
      *  @return success, false if verify failed or expired
+     *  @throws IllegalStateException if already signed
      */
     public boolean setOfflineSignature(long expires, SigningPublicKey transientSPK, Signature offlineSig) {
+        if (_signature != null)
+            throw new IllegalStateException();
         _flags |= FLAG_OFFLINE_KEYS;
         _transientExpires = expires;
         _transientSigningPublicKey = transientSPK;
@@ -691,6 +702,7 @@ public class LeaseSet2 extends LeaseSet {
             }
         }
         buf.append("\n\tUnpublished? ").append(isUnpublished());
+        buf.append("\n\tBlinded? ").append(isBlindedWhenPublished());
         buf.append("\n\tSignature: ").append(_signature);
         buf.append("\n\tPublished: ").append(new java.util.Date(_published));
         buf.append("\n\tExpires: ").append(new java.util.Date(_expires));

history.txt

@@ -1,4 +1,9 @@
+2020-06-06 zzz
+ * Data: Fix creation of Encrypted LS2
+ * I2CP: Fix issues with persisted leaseset private keys
+
 2020-06-03 zzz
+ * i2psnark: Enable dual-keys
  * Router: Implement ratchet-layer acks (proposal 144)
 
 2020-06-01 zzz

router/java/src/net/i2p/router/RouterVersion.java

@@ -18,7 +18,7 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Monotone";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 4;
+    public final static long BUILD = 5;
 
     /** for example "-test" */
     public final static String EXTRA = "";