echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Router: Prep for router encryption types (Proposal 156 WIP)

Browse Source
This commit is contained in:
zzz
2020-09-02 13:09:38 +00:00
parent d13a7d2872
commit bb761aea96
5 changed files with 47 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbRenderer.java
View File

@ -934,7 +934,9 @@ class NetDbRenderer {
} }
if (full) { if (full) {
buf.append("</td></tr><tr><td><b>").append(_t("Signing Key")).append(":</b></td><td colspan=\"2\">") buf.append("</td></tr><tr><td><b>").append(_t("Signing Key")).append(":</b></td><td colspan=\"2\">")
.append(info.getIdentity().getSigningPublicKey().getType().toString()); .append(info.getIdentity().getSigningPublicKey().getType());
buf.append("</td></tr><tr><td><b>").append(_t("Encryption Key")).append(":</b></td><td colspan=\"2\">")
.append(info.getIdentity().getPublicKey().getType());
} }
buf.append("</td></tr>\n<tr>") buf.append("</td></tr>\n<tr>")
.append("<td><b>").append(_t("Addresses")).append(":</b></td><td colspan=\"2\""); .append("<td><b>").append(_t("Addresses")).append(":</b></td><td colspan=\"2\"");

6
router/java/src/net/i2p/data/router/RouterPrivateKeyFile.java
View File

@ -7,6 +7,7 @@ import java.io.FileInputStream;
import java.io.InputStream; import java.io.InputStream;
import java.io.IOException; import java.io.IOException;
import net.i2p.crypto.EncType;
import net.i2p.crypto.SigType; import net.i2p.crypto.SigType;
import net.i2p.data.DataFormatException; import net.i2p.data.DataFormatException;
import net.i2p.data.Destination; import net.i2p.data.Destination;
@ -36,7 +37,10 @@ public class RouterPrivateKeyFile extends PrivateKeyFile {
in = new BufferedInputStream(new FileInputStream(this.file)); in = new BufferedInputStream(new FileInputStream(this.file));
RouterIdentity ri = new RouterIdentity(); RouterIdentity ri = new RouterIdentity();
ri.readBytes(in); ri.readBytes(in);
privKey = new PrivateKey(); EncType etype = ri.getPublicKey().getType();
if (etype == null)
throw new DataFormatException("Unknown enc type");
privKey = new PrivateKey(etype);
privKey.readBytes(in); privKey.readBytes(in);
SigType type = ri.getSigningPublicKey().getType(); SigType type = ri.getSigningPublicKey().getType();
if (type == null) if (type == null)

6
router/java/src/net/i2p/router/networkdb/kademlia/FloodfillMonitorJob.java
View File

@ -2,6 +2,7 @@ package net.i2p.router.networkdb.kademlia;
import java.util.List; import java.util.List;
import net.i2p.crypto.EncType;
import net.i2p.crypto.SigType; import net.i2p.crypto.SigType;
import net.i2p.data.Hash; import net.i2p.data.Hash;
import net.i2p.data.router.RouterAddress; import net.i2p.data.router.RouterAddress;
@ -139,6 +140,11 @@ class FloodfillMonitorJob extends JobImpl {
RouterInfo ri = getContext().router().getRouterInfo(); RouterInfo ri = getContext().router().getRouterInfo();
if (ri == null) if (ri == null)
return false; return false;
// temp until router ratchet SKM implemented
if (ri.getIdentity().getPublicKey().getType() != EncType.ELGAMAL_2048)
return false;
char bw = ri.getBandwidthTier().charAt(0); char bw = ri.getBandwidthTier().charAt(0);
// Only if class N, O, P, X // Only if class N, O, P, X
if (bw != Router.CAPABILITY_BW128 && bw != Router.CAPABILITY_BW256 && if (bw != Router.CAPABILITY_BW128 && bw != Router.CAPABILITY_BW256 &&

23
router/java/src/net/i2p/router/startup/CreateRouterInfoJob.java
View File

@ -56,6 +56,8 @@ public class CreateRouterInfoJob extends JobImpl {
public static final String KEYS_FILENAME = "router.keys"; public static final String KEYS_FILENAME = "router.keys";
public static final String KEYS2_FILENAME = "router.keys.dat"; public static final String KEYS2_FILENAME = "router.keys.dat";
static final String PROP_ROUTER_SIGTYPE = "router.sigType"; static final String PROP_ROUTER_SIGTYPE = "router.sigType";
/** @since 0.9.48 */
static final String PROP_ROUTER_ENCTYPE = "router.encType";
private static final SigType DEFAULT_SIGTYPE = SigType.EdDSA_SHA512_Ed25519; private static final SigType DEFAULT_SIGTYPE = SigType.EdDSA_SHA512_Ed25519;
private static final EncType DEFAULT_ENCTYPE = EncType.ELGAMAL_2048; private static final EncType DEFAULT_ENCTYPE = EncType.ELGAMAL_2048;
@ -106,8 +108,7 @@ public class CreateRouterInfoJob extends JobImpl {
// not necessary, in constructor // not necessary, in constructor
//info.setPeers(new HashSet()); //info.setPeers(new HashSet());
info.setPublished(getCurrentPublishDate(ctx)); info.setPublished(getCurrentPublishDate(ctx));
// TODO EncType etype = getEncTypeConfig(ctx);
EncType etype = DEFAULT_ENCTYPE;
KeyPair keypair = ctx.keyGenerator().generatePKIKeys(etype); KeyPair keypair = ctx.keyGenerator().generatePKIKeys(etype);
PublicKey pubkey = keypair.getPublic(); PublicKey pubkey = keypair.getPublic();
PrivateKey privkey = keypair.getPrivate(); PrivateKey privkey = keypair.getPrivate();
@ -196,6 +197,24 @@ public class CreateRouterInfoJob extends JobImpl {
return cstype; return cstype;
} }
/**
* The configured EncType to expect on read-in
* @since 0.9.48
*/
public static EncType getEncTypeConfig(RouterContext ctx) {
EncType cstype = DEFAULT_ENCTYPE;
String sstype = ctx.getProperty(PROP_ROUTER_ENCTYPE);
if (sstype != null) {
EncType ntype = EncType.parseEncType(sstype);
if (ntype != null)
cstype = ntype;
}
// fallback?
if (cstype != EncType.ELGAMAL_2048 && !cstype.isAvailable())
cstype = EncType.ELGAMAL_2048;
return cstype;
}
/** /**
* We probably don't want to expose the exact time at which a router published its info. * We probably don't want to expose the exact time at which a router published its info.
* perhaps round down to the nearest minute? 10 minutes? 30 minutes? day? * perhaps round down to the nearest minute? 10 minutes? 30 minutes? day?

16
router/java/src/net/i2p/router/startup/LoadRouterInfoJob.java
View File

@ -15,6 +15,7 @@ import java.io.InputStream;
import java.io.IOException; import java.io.IOException;
import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicBoolean;
import net.i2p.crypto.EncType;
import net.i2p.crypto.KeyGenerator; import net.i2p.crypto.KeyGenerator;
import net.i2p.crypto.SigType; import net.i2p.crypto.SigType;
import net.i2p.data.Certificate; import net.i2p.data.Certificate;
@ -115,22 +116,27 @@ class LoadRouterInfoJob extends JobImpl {
PrivateKey privkey = kd.privateKey; PrivateKey privkey = kd.privateKey;
SigningPrivateKey signingPrivKey = kd.signingPrivateKey; SigningPrivateKey signingPrivKey = kd.signingPrivateKey;
SigType stype = signingPubKey.getType(); SigType stype = signingPubKey.getType();
EncType etype = pubkey.getType();
// check if the sigtype config changed // check if the sigtype or enctype config changed
SigType cstype = CreateRouterInfoJob.getSigTypeConfig(getContext()); SigType cstype = CreateRouterInfoJob.getSigTypeConfig(getContext());
boolean sigTypeChanged = stype != cstype; boolean sigTypeChanged = stype != cstype;
if (sigTypeChanged && getContext().getProperty(CreateRouterInfoJob.PROP_ROUTER_SIGTYPE) == null) { EncType cetype = CreateRouterInfoJob.getEncTypeConfig(getContext());
boolean encTypeChanged = etype != cetype;
if ((sigTypeChanged && getContext().getProperty(CreateRouterInfoJob.PROP_ROUTER_SIGTYPE) == null) ||
(encTypeChanged && getContext().getProperty(CreateRouterInfoJob.PROP_ROUTER_ENCTYPE) == null)) {
// Not explicitly configured, and default has changed // Not explicitly configured, and default has changed
// Give a 25% chance of rekeying for each restart // Give a 25% chance of rekeying for each restart
// TODO reduce to ~3 (i.e. increase probability) in future release // TODO reduce to ~3 (i.e. increase probability) in future release
if (getContext().random().nextInt(4) > 0) { if (getContext().random().nextInt(16) > 0) {
sigTypeChanged = false; sigTypeChanged = false;
encTypeChanged = false;
if (_log.shouldWarn()) if (_log.shouldWarn())
_log.warn("Deferring RI rekey from " + stype + " to " + cstype); _log.warn("Deferring RI rekey from " + stype + " to " + cstype);
} }
} }
if (sigTypeChanged || shouldRebuild(privkey)) { if (sigTypeChanged || encTypeChanged || shouldRebuild(privkey)) {
if (_us != null) { if (_us != null) {
Hash h = _us.getIdentity().getHash(); Hash h = _us.getIdentity().getHash();
_log.logAlways(Log.WARN, "Deleting old router identity " + h.toBase64()); _log.logAlways(Log.WARN, "Deleting old router identity " + h.toBase64());
@ -143,6 +149,8 @@ class LoadRouterInfoJob extends JobImpl {
} }
if (sigTypeChanged) if (sigTypeChanged)
_log.logAlways(Log.WARN, "Rebuilding RouterInfo with new signature type " + cstype); _log.logAlways(Log.WARN, "Rebuilding RouterInfo with new signature type " + cstype);
if (encTypeChanged)
_log.logAlways(Log.WARN, "Rebuilding RouterInfo with new encryption type " + cetype);
// windows... close before deleting // windows... close before deleting
if (fis1 != null) { if (fis1 != null) {
try { fis1.close(); } catch (IOException ioe) {} try { fis1.close(); } catch (IOException ioe) {}